DataDog · api-clients-generation-pipeline · Sep 3, 2025 · Sep 3, 2025
@@ -433,6 +433,13 @@ components:
       required: true
       schema:
         type: string
+    HistoricalSignalID:
+      description: The ID of the historical signal.
+      in: path
+      name: histsignal_id
+      required: true
+      schema:
+        type: string
     IncidentAttachmentFilterQueryParameter:
       description: Specifies which types of attachments are included in the response.
       explode: false
@@ -745,6 +752,58 @@ components:
       required: true
       schema:
         type: string
+    QueryFilterFrom:
+      description: The minimum timestamp for requested security signals.
+      example: '2019-01-02T09:42:36.320Z'
+      in: query
+      name: filter[from]
+      required: false
+      schema:
+        format: date-time
+        type: string
+    QueryFilterSearch:
+      description: The search query for security signals.
+      example: security:attack status:high
+      in: query
+      name: filter[query]
+      required: false
+      schema:
+        type: string
+    QueryFilterTo:
+      description: The maximum timestamp for requested security signals.
+      example: '2019-01-03T09:42:36.320Z'
+      in: query
+      name: filter[to]
+      required: false
+      schema:
+        format: date-time
+        type: string
+    QueryPageCursor:
+      description: A list of results using the cursor provided in the previous query.
+      example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==
+      in: query
+      name: page[cursor]
+      required: false
+      schema:
+        type: string
+    QueryPageLimit:
+      description: The maximum number of security signals in the response.
+      example: 25
+      in: query
+      name: page[limit]
+      required: false
+      schema:
+        default: 10
+        format: int32
+        maximum: 1000
+        type: integer
+    QuerySort:
+      description: The order of the security signals in results.
+      in: query
+      name: sort
+      required: false
+      schema:
+        $ref: '#/components/schemas/SecurityMonitoringSignalsSort'
     RelationInclude:
       description: Include relationship data.
       explode: true
@@ -65338,52 +65397,12 @@ paths:
         security signals.'
       operationId: ListSecurityMonitoringSignals
       parameters:
-      - description: The search query for security signals.
-        example: security:attack status:high
-        in: query
-        name: filter[query]
-        required: false
-        schema:
-          type: string
-      - description: The minimum timestamp for requested security signals.
-        example: '2019-01-02T09:42:36.320Z'
-        in: query
-        name: filter[from]
-        required: false
-        schema:
-          format: date-time
-          type: string
-      - description: The maximum timestamp for requested security signals.
-        example: '2019-01-03T09:42:36.320Z'
-        in: query
-        name: filter[to]
-        required: false
-        schema:
-          format: date-time
-          type: string
-      - description: The order of the security signals in results.
-        in: query
-        name: sort
-        required: false
-        schema:
-          $ref: '#/components/schemas/SecurityMonitoringSignalsSort'
-      - description: A list of results using the cursor provided in the previous query.
-        example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==
-        in: query
-        name: page[cursor]
-        required: false
-        schema:
-          type: string
-      - description: The maximum number of security signals in the response.
-        example: 25
-        in: query
-        name: page[limit]
-        required: false
-        schema:
-          default: 10
-          format: int32
-          maximum: 1000
-          type: integer
+      - $ref: '#/components/parameters/QueryFilterSearch'
+      - $ref: '#/components/parameters/QueryFilterFrom'
+      - $ref: '#/components/parameters/QueryFilterTo'
+      - $ref: '#/components/parameters/QuerySort'
+      - $ref: '#/components/parameters/QueryPageCursor'
+      - $ref: '#/components/parameters/QueryPageLimit'
       responses:
         '200':
           content:
@@ -66664,6 +66683,123 @@ paths:
         permissions:
         - incident_settings_write
       x-unstable: '**Note**: This endpoint is deprecated.'
+  /api/v2/siem-historical-detections/histsignals:
+    get:
+      description: List hist signals.
+      operationId: ListSecurityMonitoringHistsignals
+      parameters:
+      - $ref: '#/components/parameters/QueryFilterSearch'
+      - $ref: '#/components/parameters/QueryFilterFrom'
+      - $ref: '#/components/parameters/QueryFilterTo'
+      - $ref: '#/components/parameters/QuerySort'
+      - $ref: '#/components/parameters/QueryPageCursor'
+      - $ref: '#/components/parameters/QueryPageLimit'
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_signals_read
+      summary: List hist signals
+      tags:
+      - Security Monitoring
+      x-permission:
+        operator: OR
+        permissions:
+        - security_monitoring_signals_read
+      x-unstable: '**Note**: This endpoint is in beta and may be subject to changes.
+
+        Please check the documentation regularly for updates.'
+  /api/v2/siem-historical-detections/histsignals/search:
+    get:
+      description: Search hist signals.
+      operationId: SearchSecurityMonitoringHistsignals
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SecurityMonitoringSignalListRequest'
+        required: false
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_signals_read
+      summary: Search hist signals
+      tags:
+      - Security Monitoring
+      x-permission:
+        operator: OR
+        permissions:
+        - security_monitoring_signals_read
+      x-unstable: '**Note**: This endpoint is in beta and may be subject to changes.
+
+        Please check the documentation regularly for updates.'
+  /api/v2/siem-historical-detections/histsignals/{histsignal_id}:
+    get:
+      description: Get a hist signal's details.
+      operationId: GetSecurityMonitoringHistsignal
+      parameters:
+      - $ref: '#/components/parameters/HistoricalSignalID'
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityMonitoringSignalResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_signals_read
+      summary: Get a hist signal's details
+      tags:
+      - Security Monitoring
+      x-permission:
+        operator: OR
+        permissions:
+        - security_monitoring_signals_read
+      x-unstable: '**Note**: This endpoint is in beta and may be subject to changes.
+
+        Please check the documentation regularly for updates.'
   /api/v2/siem-historical-detections/jobs:
     get:
       description: List historical jobs.
@@ -66885,6 +67021,48 @@ paths:
         - security_monitoring_rules_write
       x-unstable: '**Note**: This endpoint is in beta and may be subject to changes.
 
+        Please check the documentation regularly for updates.'
+  /api/v2/siem-historical-detections/jobs/{job_id}/histsignals:
+    get:
+      description: Get a job's hist signals.
+      operationId: GetSecurityMonitoringHistsignalsByJobId
+      parameters:
+      - $ref: '#/components/parameters/HistoricalJobID'
+      - $ref: '#/components/parameters/QueryFilterSearch'
+      - $ref: '#/components/parameters/QueryFilterFrom'
+      - $ref: '#/components/parameters/QueryFilterTo'
+      - $ref: '#/components/parameters/QuerySort'
+      - $ref: '#/components/parameters/QueryPageCursor'
+      - $ref: '#/components/parameters/QueryPageLimit'
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_signals_read
+      summary: Get a job's hist signals
+      tags:
+      - Security Monitoring
+      x-permission:
+        operator: OR
+        permissions:
+        - security_monitoring_signals_read
+      x-unstable: '**Note**: This endpoint is in beta and may be subject to changes.
+
         Please check the documentation regularly for updates.'
   /api/v2/slo/report:
     post:

@@ -0,0 +1,16 @@
+"""
+Get a hist signal's details returns "OK" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+
+configuration = Configuration()
+configuration.unstable_operations["get_security_monitoring_histsignal"] = True
+with ApiClient(configuration) as api_client:
+    api_instance = SecurityMonitoringApi(api_client)
+    response = api_instance.get_security_monitoring_histsignal(
+        histsignal_id="histsignal_id",
+    )
+
+    print(response)
@@ -0,0 +1,16 @@
+"""
+Get a job's hist signals returns "OK" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+
+configuration = Configuration()
+configuration.unstable_operations["get_security_monitoring_histsignals_by_job_id"] = True
+with ApiClient(configuration) as api_client:
+    api_instance = SecurityMonitoringApi(api_client)
+    response = api_instance.get_security_monitoring_histsignals_by_job_id(
+        job_id="job_id",
+    )
+
+    print(response)
@@ -0,0 +1,14 @@
+"""
+List hist signals returns "OK" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+
+configuration = Configuration()
+configuration.unstable_operations["list_security_monitoring_histsignals"] = True
+with ApiClient(configuration) as api_client:
+    api_instance = SecurityMonitoringApi(api_client)
+    response = api_instance.list_security_monitoring_histsignals()
+
+    print(response)
@@ -0,0 +1,37 @@
+"""
+Search hist signals returns "OK" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+from datadog_api_client.v2.model.security_monitoring_signal_list_request import SecurityMonitoringSignalListRequest
+from datadog_api_client.v2.model.security_monitoring_signal_list_request_filter import (
+    SecurityMonitoringSignalListRequestFilter,
+)
+from datadog_api_client.v2.model.security_monitoring_signal_list_request_page import (
+    SecurityMonitoringSignalListRequestPage,
+)
+from datadog_api_client.v2.model.security_monitoring_signals_sort import SecurityMonitoringSignalsSort
+from datetime import datetime
+from dateutil.tz import tzutc
+
+body = SecurityMonitoringSignalListRequest(
+    filter=SecurityMonitoringSignalListRequestFilter(
+        _from=datetime(2019, 1, 2, 9, 42, 36, 320000, tzinfo=tzutc()),
+        query="security:attack status:high",
+        to=datetime(2019, 1, 3, 9, 42, 36, 320000, tzinfo=tzutc()),
+    ),
+    page=SecurityMonitoringSignalListRequestPage(
+        cursor="eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==",
+        limit=25,
+    ),
+    sort=SecurityMonitoringSignalsSort.TIMESTAMP_ASCENDING,
+)
+
+configuration = Configuration()
+configuration.unstable_operations["search_security_monitoring_histsignals"] = True
+with ApiClient(configuration) as api_client:
+    api_instance = SecurityMonitoringApi(api_client)
+    response = api_instance.search_security_monitoring_histsignals(body=body)
+
+    print(response)