diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
index a0d181216789..ce659f72c1bf 100644
--- a/.generator/schemas/v2/openapi.yaml
+++ b/.generator/schemas/v2/openapi.yaml
@@ -155,6 +155,14 @@ components:
       required: false
       schema:
         $ref: '#/components/schemas/ApplicationKeysSort'
+    ApplicationSecurityPolicyIDParam:
+      description: The ID of the policy.
+      example: recommended
+      in: path
+      name: policy_id
+      required: true
+      schema:
+        type: string
     ApplicationSecurityWafCustomRuleIDParam:
       description: The ID of the custom rule.
       example: 3b5-v82-ns6
@@ -3159,6 +3167,292 @@ components:
       type: string
       x-enum-varnames:
       - APPLICATION_KEYS
+    ApplicationSecurityPolicyAttributes:
+      description: A WAF policy.
+      properties:
+        description:
+          description: Description of the WAF policy.
+          example: Policy applied to internal web applications.
+          type: string
+        isDefault:
+          description: Make this policy the default policy. The default policy is
+            applied to every services not specifically added to another policy.
+          example: false
+          type: boolean
+        name:
+          description: The Name of the WAF policy.
+          example: Internal Network Policy
+          type: string
+        protectionPresets:
+          description: Presets enabled on this policy.
+          items:
+            example: attack-tools
+            type: string
+          type: array
+        rules:
+          description: Rule overrides applied by the policy.
+          items:
+            $ref: '#/components/schemas/ApplicationSecurityPolicyRuleOverride'
+          type: array
+        scope:
+          description: The scope of the WAF policy.
+          items:
+            $ref: '#/components/schemas/ApplicationSecurityPolicyScope'
+          type: array
+        version:
+          default: 0
+          description: Version of the WAF ruleset maintained by Datadog used by this
+            policy. 0 is the default value.
+          example: 0
+          format: int64
+          type: integer
+      required:
+      - name
+      - description
+      type: object
+    ApplicationSecurityPolicyCreateAttributes:
+      description: Create a new WAF policy.
+      properties:
+        basedOn:
+          description: When creating a new policy, clone the policy indicated by this
+            identifier.
+          example: recommended
+          type: string
+        description:
+          description: Description of the WAF policy.
+          example: Policy applied to internal web applications.
+          type: string
+        isDefault:
+          description: Make this policy the default policy. The default policy is
+            applied to every services not specifically added to another policy.
+          example: false
+          type: boolean
+        name:
+          description: The Name of the WAF policy.
+          example: Internal Network Policy
+          type: string
+        protectionPresets:
+          description: Presets enabled on this policy.
+          items:
+            example: attack-tools
+            type: string
+          type: array
+        rules:
+          description: Rule overrides applied by the policy.
+          items:
+            $ref: '#/components/schemas/ApplicationSecurityPolicyRuleOverride'
+          type: array
+        scope:
+          description: The scope of the WAF policy.
+          items:
+            $ref: '#/components/schemas/ApplicationSecurityPolicyScope'
+          type: array
+        version:
+          default: 0
+          description: Version of the WAF ruleset maintained by Datadog used by this
+            policy. 0 is the default value.
+          example: 0
+          format: int64
+          type: integer
+      required:
+      - name
+      - description
+      - basedOn
+      type: object
+    ApplicationSecurityPolicyCreateData:
+      description: Object for a single WAF policy.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/ApplicationSecurityPolicyCreateAttributes'
+        type:
+          $ref: '#/components/schemas/ApplicationSecurityPolicyType'
+      required:
+      - attributes
+      - type
+      type: object
+    ApplicationSecurityPolicyCreateRequest:
+      description: Request object that includes the policy to create.
+      properties:
+        data:
+          $ref: '#/components/schemas/ApplicationSecurityPolicyCreateData'
+      required:
+      - data
+      type: object
+    ApplicationSecurityPolicyData:
+      description: Object for a single WAF policy.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/ApplicationSecurityPolicyAttributes'
+        id:
+          description: The ID of the policy.
+          example: 2857c47d-1e3a-4300-8b2f-dc24089c084b
+          readOnly: true
+          type: string
+        metadata:
+          $ref: '#/components/schemas/ApplicationSecurityPolicyMetadata'
+        type:
+          $ref: '#/components/schemas/ApplicationSecurityPolicyType'
+      type: object
+    ApplicationSecurityPolicyListResponse:
+      description: Response object that includes a list of WAF policies.
+      properties:
+        data:
+          description: The WAF policy data.
+          items:
+            $ref: '#/components/schemas/ApplicationSecurityPolicyData'
+          type: array
+      type: object
+    ApplicationSecurityPolicyMetadata:
+      description: Metadata associated with the WAF policy.
+      properties:
+        added_at:
+          description: The date and time the WAF policy was created.
+          example: '2021-01-01T00:00:00Z'
+          format: date-time
+          type: string
+        added_by:
+          description: The handle of the user who created the WAF policy.
+          example: john.doe@datadoghq.com
+          type: string
+        added_by_name:
+          description: The name of the user who created the WAF policy.
+          example: John Doe
+          type: string
+        modified_at:
+          description: The date and time the WAF policy was last updated.
+          example: '2021-01-01T00:00:00Z'
+          format: date-time
+          type: string
+        modified_by:
+          description: The handle of the user who last updated the WAF policy.
+          example: john.doe@datadoghq.com
+          type: string
+        modified_by_name:
+          description: The name of the user who last updated the WAF policy.
+          example: John Doe
+          type: string
+      readOnly: true
+      type: object
+    ApplicationSecurityPolicyResponse:
+      description: Response object that includes a single WAF policy.
+      properties:
+        data:
+          $ref: '#/components/schemas/ApplicationSecurityPolicyData'
+      type: object
+    ApplicationSecurityPolicyRuleOverride:
+      description: Override WAF rule parameters for services in a policy.
+      properties:
+        blocking:
+          description: When blocking is enabled, the rule will block the traffic matched
+            by this rule.
+          example: false
+          type: boolean
+        enabled:
+          description: When false, this rule will not match any traffic.
+          example: true
+          type: boolean
+        id:
+          description: Override the parameters for this WAF rule identifier.
+          example: rasp-001-002
+          type: string
+      required:
+      - id
+      - enabled
+      - blocking
+      type: object
+    ApplicationSecurityPolicyScope:
+      description: The scope of the WAF policy.
+      properties:
+        env:
+          description: The environment scope for the WAF policy.
+          example: prod
+          type: string
+        service:
+          description: The service scope for the WAF policy.
+          example: billing-service
+          type: string
+      required:
+      - service
+      - env
+      type: object
+    ApplicationSecurityPolicyType:
+      default: policy
+      description: The type of the resource. The value should always be `policy`.
+      enum:
+      - policy
+      example: policy
+      type: string
+      x-enum-varnames:
+      - POLICY
+    ApplicationSecurityPolicyUpdateAttributes:
+      description: Update a WAF policy.
+      properties:
+        description:
+          description: Description of the WAF policy.
+          example: Policy applied to internal web applications.
+          type: string
+        isDefault:
+          description: Make this policy the default policy. The default policy is
+            applied to every services not specifically added to another policy.
+          example: false
+          type: boolean
+        name:
+          description: The Name of the WAF policy.
+          example: Internal Network Policy
+          type: string
+        protectionPresets:
+          description: Presets enabled on this policy.
+          example:
+          - attack-tools
+          items:
+            example: attack-tools
+            type: string
+          type: array
+        rules:
+          description: Rule overrides applied by the policy.
+          items:
+            $ref: '#/components/schemas/ApplicationSecurityPolicyRuleOverride'
+          type: array
+        scope:
+          description: The scope of the WAF policy.
+          items:
+            $ref: '#/components/schemas/ApplicationSecurityPolicyScope'
+          type: array
+        version:
+          default: 0
+          description: Version of the WAF ruleset maintained by Datadog used by this
+            policy. 0 is the default value.
+          example: 0
+          format: int64
+          type: integer
+      required:
+      - name
+      - description
+      - version
+      - isDefault
+      - rules
+      - protectionPresets
+      - scope
+      type: object
+    ApplicationSecurityPolicyUpdateData:
+      description: Object for a single WAF policy.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/ApplicationSecurityPolicyUpdateAttributes'
+        type:
+          $ref: '#/components/schemas/ApplicationSecurityPolicyType'
+      required:
+      - attributes
+      - type
+      type: object
+    ApplicationSecurityPolicyUpdateRequest:
+      description: Request object that includes the policy to update.
+      properties:
+        data:
+          $ref: '#/components/schemas/ApplicationSecurityPolicyUpdateData'
+      required:
+      - data
+      type: object
     ApplicationSecurityWafCustomRuleAction:
       description: The definition of `ApplicationSecurityWafCustomRuleAction` object.
       properties:
@@ -67009,6 +67303,130 @@ paths:
         permissions:
         - appsec_protect_write
       x-terraform-resource: appsec_waf_exclusion_filter
+  /api/v2/remote_config/products/asm/waf/policies:
+    get:
+      description: Retrieve a list of WAF policies.
+      operationId: ListApplicationSecurityWAFPolicies
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApplicationSecurityPolicyListResponse'
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: List all WAF policies
+      tags:
+      - Application Security
+    post:
+      description: Create a new WAF policy.
+      operationId: CreateApplicationSecurityWafPolicy
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ApplicationSecurityPolicyCreateRequest'
+        description: The new WAF policy.
+        required: true
+      responses:
+        '201':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApplicationSecurityPolicyResponse'
+          description: Created
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '409':
+          $ref: '#/components/responses/ConcurrentModificationResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Create a WAF Policy
+      tags:
+      - Application Security
+      x-codegen-request-body-name: body
+  /api/v2/remote_config/products/asm/waf/policies/{policy_id}:
+    delete:
+      description: Delete a specific WAF policy.
+      operationId: DeleteApplicationSecurityWafPolicy
+      parameters:
+      - $ref: '#/components/parameters/ApplicationSecurityPolicyIDParam'
+      responses:
+        '204':
+          description: No Content
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '409':
+          $ref: '#/components/responses/ConcurrentModificationResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Delete a WAF Policy
+      tags:
+      - Application Security
+      x-terraform-resource: appsec_waf_policy
+    get:
+      description: Retrieve a WAF policy by ID.
+      operationId: GetApplicationSecurityWafPolicy
+      parameters:
+      - $ref: '#/components/parameters/ApplicationSecurityPolicyIDParam'
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApplicationSecurityPolicyResponse'
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Get a WAF Policy
+      tags:
+      - Application Security
+      x-terraform-resource: appsec_waf_policy
+    put:
+      description: 'Update a specific WAF policy.
+
+        Returns the Policy object when the request is successful.'
+      operationId: UpdateApplicationSecurityWafPolicy
+      parameters:
+      - $ref: '#/components/parameters/ApplicationSecurityPolicyIDParam'
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ApplicationSecurityPolicyUpdateRequest'
+        description: New WAF Policy.
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApplicationSecurityPolicyResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '409':
+          $ref: '#/components/responses/ConcurrentModificationResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Update a WAF Policy
+      tags:
+      - Application Security
+      x-codegen-request-body-name: body
+      x-terraform-resource: appsec_waf_policy
   /api/v2/remote_config/products/cws/agent_rules:
     get:
       description: 'Get the list of Workload Protection agent rules.
diff --git a/features/v2/application_security.feature b/features/v2/application_security.feature
index f10a470ff2e0..fa4288ef7caf 100644
--- a/features/v2/application_security.feature
+++ b/features/v2/application_security.feature
@@ -13,6 +13,27 @@ Feature: Application Security
     And a valid "appKeyAuth" key in the system
     And an instance of "ApplicationSecurity" API
 
+  @generated @skip @team:DataDog/asm-backend
+  Scenario: Create a WAF Policy returns "Bad Request" response
+    Given new "CreateApplicationSecurityWafPolicy" request
+    And body with value {"data": {"attributes": {"basedOn": "recommended", "description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": ["attack-tools"], "rules": [{"blocking": false, "enabled": true, "id": "rasp-001-002"}], "scope": [{"env": "prod", "service": "billing-service"}], "version": 0}, "type": "policy"}}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/asm-backend
+  Scenario: Create a WAF Policy returns "Concurrent Modification" response
+    Given new "CreateApplicationSecurityWafPolicy" request
+    And body with value {"data": {"attributes": {"basedOn": "recommended", "description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": ["attack-tools"], "rules": [{"blocking": false, "enabled": true, "id": "rasp-001-002"}], "scope": [{"env": "prod", "service": "billing-service"}], "version": 0}, "type": "policy"}}
+    When the request is sent
+    Then the response status is 409 Concurrent Modification
+
+  @generated @skip @team:DataDog/asm-backend
+  Scenario: Create a WAF Policy returns "Created" response
+    Given new "CreateApplicationSecurityWafPolicy" request
+    And body with value {"data": {"attributes": {"basedOn": "recommended", "description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": ["attack-tools"], "rules": [{"blocking": false, "enabled": true, "id": "rasp-001-002"}], "scope": [{"env": "prod", "service": "billing-service"}], "version": 0}, "type": "policy"}}
+    When the request is sent
+    Then the response status is 201 Created
+
   @generated @skip @team:DataDog/asm-backend
   Scenario: Create a WAF custom rule returns "Bad Request" response
     Given new "CreateApplicationSecurityWafCustomRule" request
@@ -84,6 +105,27 @@ Feature: Application Security
     When the request is sent
     Then the response status is 404 Not Found
 
+  @generated @skip @team:DataDog/asm-backend
+  Scenario: Delete a WAF Policy returns "Concurrent Modification" response
+    Given new "DeleteApplicationSecurityWafPolicy" request
+    And request contains "policy_id" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 409 Concurrent Modification
+
+  @generated @skip @team:DataDog/asm-backend
+  Scenario: Delete a WAF Policy returns "No Content" response
+    Given new "DeleteApplicationSecurityWafPolicy" request
+    And request contains "policy_id" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 204 No Content
+
+  @generated @skip @team:DataDog/asm-backend
+  Scenario: Delete a WAF Policy returns "Not Found" response
+    Given new "DeleteApplicationSecurityWafPolicy" request
+    And request contains "policy_id" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 404 Not Found
+
   @generated @skip @team:DataDog/asm-backend
   Scenario: Delete a WAF exclusion filter returns "Concurrent Modification" response
     Given new "DeleteApplicationSecurityWafExclusionFilter" request
@@ -106,6 +148,13 @@ Feature: Application Security
     When the request is sent
     Then the response status is 204 OK
 
+  @generated @skip @team:DataDog/asm-backend
+  Scenario: Get a WAF Policy returns "OK" response
+    Given new "GetApplicationSecurityWafPolicy" request
+    And request contains "policy_id" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 200 OK
+
   @generated @skip @team:DataDog/asm-backend
   Scenario: Get a WAF custom rule returns "OK" response
     Given new "GetApplicationSecurityWafCustomRule" request
@@ -140,6 +189,12 @@ Feature: Application Security
     When the request is sent
     Then the response status is 200 OK
 
+  @generated @skip @team:DataDog/asm-backend
+  Scenario: List all WAF policies returns "OK" response
+    Given new "ListApplicationSecurityWAFPolicies" request
+    When the request is sent
+    Then the response status is 200 OK
+
   @team:DataDog/asm-backend
   Scenario: Update a WAF Custom Rule returns "Bad Request" response
     Given there is a valid "custom_rule" in the system
@@ -174,6 +229,38 @@ Feature: Application Security
     When the request is sent
     Then the response status is 200 OK
 
+  @generated @skip @team:DataDog/asm-backend
+  Scenario: Update a WAF Policy returns "Bad Request" response
+    Given new "UpdateApplicationSecurityWafPolicy" request
+    And request contains "policy_id" parameter from "REPLACE.ME"
+    And body with value {"data": {"attributes": {"description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": ["attack-tools"], "rules": [{"blocking": false, "enabled": true, "id": "rasp-001-002"}], "scope": [{"env": "prod", "service": "billing-service"}], "version": 0}, "type": "policy"}}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/asm-backend
+  Scenario: Update a WAF Policy returns "Concurrent Modification" response
+    Given new "UpdateApplicationSecurityWafPolicy" request
+    And request contains "policy_id" parameter from "REPLACE.ME"
+    And body with value {"data": {"attributes": {"description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": ["attack-tools"], "rules": [{"blocking": false, "enabled": true, "id": "rasp-001-002"}], "scope": [{"env": "prod", "service": "billing-service"}], "version": 0}, "type": "policy"}}
+    When the request is sent
+    Then the response status is 409 Concurrent Modification
+
+  @generated @skip @team:DataDog/asm-backend
+  Scenario: Update a WAF Policy returns "Not Found" response
+    Given new "UpdateApplicationSecurityWafPolicy" request
+    And request contains "policy_id" parameter from "REPLACE.ME"
+    And body with value {"data": {"attributes": {"description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": ["attack-tools"], "rules": [{"blocking": false, "enabled": true, "id": "rasp-001-002"}], "scope": [{"env": "prod", "service": "billing-service"}], "version": 0}, "type": "policy"}}
+    When the request is sent
+    Then the response status is 404 Not Found
+
+  @generated @skip @team:DataDog/asm-backend
+  Scenario: Update a WAF Policy returns "OK" response
+    Given new "UpdateApplicationSecurityWafPolicy" request
+    And request contains "policy_id" parameter from "REPLACE.ME"
+    And body with value {"data": {"attributes": {"description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": ["attack-tools"], "rules": [{"blocking": false, "enabled": true, "id": "rasp-001-002"}], "scope": [{"env": "prod", "service": "billing-service"}], "version": 0}, "type": "policy"}}
+    When the request is sent
+    Then the response status is 200 OK
+
   @team:DataDog/asm-backend
   Scenario: Update a WAF exclusion filter returns "Bad Request" response
     Given there is a valid "custom_rule" in the system
diff --git a/features/v2/given.json b/features/v2/given.json
index 06f7f855c1a1..24cd82910f04 100644
--- a/features/v2/given.json
+++ b/features/v2/given.json
@@ -693,6 +693,18 @@
     "tag": "Application Security",
     "operationId": "CreateApplicationSecurityWafExclusionFilter"
   },
+  {
+    "parameters": [
+      {
+        "name": "body",
+        "value": "{\n  \"data\": {\n    \"type\": \"policy\",\n    \"attributes\": {\n      \"name\": \"Test policy\",\n      \"description\": \"This is a test policy.\",\n      \"basedOn\": \"recommended\"\n    }\n  }\n}"
+      }
+    ],
+    "step": "there is a valid \"policy\" in the system",
+    "key": "policy",
+    "tag": "Application Security",
+    "operationId": "CreateApplicationSecurityWafPolicy"
+  },
   {
     "parameters": [
       {
diff --git a/features/v2/undo.json b/features/v2/undo.json
index c4c269d3cab9..01cf520a88c7 100644
--- a/features/v2/undo.json
+++ b/features/v2/undo.json
@@ -2715,6 +2715,43 @@
       "type": "idempotent"
     }
   },
+  "ListApplicationSecurityWAFPolicies": {
+    "tag": "Application Security",
+    "undo": {
+      "type": "safe"
+    }
+  },
+  "CreateApplicationSecurityWafPolicy": {
+    "tag": "Application Security",
+    "undo": {
+      "operationId": "DeleteApplicationSecurityWafPolicy",
+      "parameters": [
+        {
+          "name": "policy_id",
+          "source": "data.id"
+        }
+      ],
+      "type": "unsafe"
+    }
+  },
+  "DeleteApplicationSecurityWafPolicy": {
+    "tag": "Application Security",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
+  "GetApplicationSecurityWafPolicy": {
+    "tag": "Application Security",
+    "undo": {
+      "type": "safe"
+    }
+  },
+  "UpdateApplicationSecurityWafPolicy": {
+    "tag": "Application Security",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
   "ListCSMThreatsAgentRules": {
     "tag": "CSM Threats",
     "undo": {
diff --git a/private/bdd_runner/src/support/scenarios_model_mapping.ts b/private/bdd_runner/src/support/scenarios_model_mapping.ts
index 0689e2fae8b9..99faa5f7a5d5 100644
--- a/private/bdd_runner/src/support/scenarios_model_mapping.ts
+++ b/private/bdd_runner/src/support/scenarios_model_mapping.ts
@@ -7318,6 +7318,41 @@ export const ScenariosModelMappings: { [key: string]: OperationMapping } = {
     },
     operationResponseType: "{}",
   },
+  "ApplicationSecurityApi.V2.ListApplicationSecurityWAFPolicies": {
+    operationResponseType: "ApplicationSecurityPolicyListResponse",
+  },
+  "ApplicationSecurityApi.V2.CreateApplicationSecurityWafPolicy": {
+    body: {
+      type: "ApplicationSecurityPolicyCreateRequest",
+      format: "",
+    },
+    operationResponseType: "ApplicationSecurityPolicyResponse",
+  },
+  "ApplicationSecurityApi.V2.GetApplicationSecurityWafPolicy": {
+    policyId: {
+      type: "string",
+      format: "",
+    },
+    operationResponseType: "ApplicationSecurityPolicyResponse",
+  },
+  "ApplicationSecurityApi.V2.UpdateApplicationSecurityWafPolicy": {
+    policyId: {
+      type: "string",
+      format: "",
+    },
+    body: {
+      type: "ApplicationSecurityPolicyUpdateRequest",
+      format: "",
+    },
+    operationResponseType: "ApplicationSecurityPolicyResponse",
+  },
+  "ApplicationSecurityApi.V2.DeleteApplicationSecurityWafPolicy": {
+    policyId: {
+      type: "string",
+      format: "",
+    },
+    operationResponseType: "{}",
+  },
   "CSMThreatsApi.V2.ListCSMThreatsAgentRules": {
     policyId: {
       type: "string",
diff --git a/services/application_security/src/v2/ApplicationSecurityApi.ts b/services/application_security/src/v2/ApplicationSecurityApi.ts
index 6a89c73441b8..f36e9b89567e 100644
--- a/services/application_security/src/v2/ApplicationSecurityApi.ts
+++ b/services/application_security/src/v2/ApplicationSecurityApi.ts
@@ -23,6 +23,10 @@ import {
 
 import { TypingInfo } from "./models/TypingInfo";
 import { APIErrorResponse } from "./models/APIErrorResponse";
+import { ApplicationSecurityPolicyCreateRequest } from "./models/ApplicationSecurityPolicyCreateRequest";
+import { ApplicationSecurityPolicyListResponse } from "./models/ApplicationSecurityPolicyListResponse";
+import { ApplicationSecurityPolicyResponse } from "./models/ApplicationSecurityPolicyResponse";
+import { ApplicationSecurityPolicyUpdateRequest } from "./models/ApplicationSecurityPolicyUpdateRequest";
 import { ApplicationSecurityWafCustomRuleCreateRequest } from "./models/ApplicationSecurityWafCustomRuleCreateRequest";
 import { ApplicationSecurityWafCustomRuleListResponse } from "./models/ApplicationSecurityWafCustomRuleListResponse";
 import { ApplicationSecurityWafCustomRuleResponse } from "./models/ApplicationSecurityWafCustomRuleResponse";
@@ -156,6 +160,56 @@ export class ApplicationSecurityApiRequestFactory extends BaseAPIRequestFactory
     return requestContext;
   }
 
+  public async createApplicationSecurityWafPolicy(
+    body: ApplicationSecurityPolicyCreateRequest,
+    _options?: Configuration,
+  ): Promise<RequestContext> {
+    const _config = _options || this.configuration;
+
+    // verify required parameter 'body' is not null or undefined
+    if (body === null || body === undefined) {
+      throw new RequiredError("body", "createApplicationSecurityWafPolicy");
+    }
+
+    // Path Params
+    const localVarPath = "/api/v2/remote_config/products/asm/waf/policies";
+
+    // Make Request Context
+    const { server, overrides } = _config.getServerAndOverrides(
+      "ApplicationSecurityApi.v2.createApplicationSecurityWafPolicy",
+      ApplicationSecurityApi.operationServers,
+    );
+    const requestContext = server.makeRequestContext(
+      localVarPath,
+      HttpMethod.POST,
+      overrides,
+    );
+    requestContext.setHeaderParam("Accept", "application/json");
+    requestContext.setHttpConfig(_config.httpConfig);
+
+    // Set User-Agent
+    if (this.userAgent) {
+      requestContext.setHeaderParam("User-Agent", this.userAgent);
+    }
+
+    // Body Params
+    const contentType = getPreferredMediaType(["application/json"]);
+    requestContext.setHeaderParam("Content-Type", contentType);
+    const serializedBody = stringify(
+      serialize(body, TypingInfo, "ApplicationSecurityPolicyCreateRequest", ""),
+      contentType,
+    );
+    requestContext.setBody(serializedBody);
+
+    // Apply auth methods
+    applySecurityAuthentication(_config, requestContext, [
+      "apiKeyAuth",
+      "appKeyAuth",
+    ]);
+
+    return requestContext;
+  }
+
   public async deleteApplicationSecurityWafCustomRule(
     customRuleId: string,
     _options?: Configuration,
@@ -252,6 +306,51 @@ export class ApplicationSecurityApiRequestFactory extends BaseAPIRequestFactory
     return requestContext;
   }
 
+  public async deleteApplicationSecurityWafPolicy(
+    policyId: string,
+    _options?: Configuration,
+  ): Promise<RequestContext> {
+    const _config = _options || this.configuration;
+
+    // verify required parameter 'policyId' is not null or undefined
+    if (policyId === null || policyId === undefined) {
+      throw new RequiredError("policyId", "deleteApplicationSecurityWafPolicy");
+    }
+
+    // Path Params
+    const localVarPath =
+      "/api/v2/remote_config/products/asm/waf/policies/{policy_id}".replace(
+        "{policy_id}",
+        encodeURIComponent(String(policyId)),
+      );
+
+    // Make Request Context
+    const { server, overrides } = _config.getServerAndOverrides(
+      "ApplicationSecurityApi.v2.deleteApplicationSecurityWafPolicy",
+      ApplicationSecurityApi.operationServers,
+    );
+    const requestContext = server.makeRequestContext(
+      localVarPath,
+      HttpMethod.DELETE,
+      overrides,
+    );
+    requestContext.setHeaderParam("Accept", "*/*");
+    requestContext.setHttpConfig(_config.httpConfig);
+
+    // Set User-Agent
+    if (this.userAgent) {
+      requestContext.setHeaderParam("User-Agent", this.userAgent);
+    }
+
+    // Apply auth methods
+    applySecurityAuthentication(_config, requestContext, [
+      "apiKeyAuth",
+      "appKeyAuth",
+    ]);
+
+    return requestContext;
+  }
+
   public async getApplicationSecurityWafCustomRule(
     customRuleId: string,
     _options?: Configuration,
@@ -348,6 +447,51 @@ export class ApplicationSecurityApiRequestFactory extends BaseAPIRequestFactory
     return requestContext;
   }
 
+  public async getApplicationSecurityWafPolicy(
+    policyId: string,
+    _options?: Configuration,
+  ): Promise<RequestContext> {
+    const _config = _options || this.configuration;
+
+    // verify required parameter 'policyId' is not null or undefined
+    if (policyId === null || policyId === undefined) {
+      throw new RequiredError("policyId", "getApplicationSecurityWafPolicy");
+    }
+
+    // Path Params
+    const localVarPath =
+      "/api/v2/remote_config/products/asm/waf/policies/{policy_id}".replace(
+        "{policy_id}",
+        encodeURIComponent(String(policyId)),
+      );
+
+    // Make Request Context
+    const { server, overrides } = _config.getServerAndOverrides(
+      "ApplicationSecurityApi.v2.getApplicationSecurityWafPolicy",
+      ApplicationSecurityApi.operationServers,
+    );
+    const requestContext = server.makeRequestContext(
+      localVarPath,
+      HttpMethod.GET,
+      overrides,
+    );
+    requestContext.setHeaderParam("Accept", "application/json");
+    requestContext.setHttpConfig(_config.httpConfig);
+
+    // Set User-Agent
+    if (this.userAgent) {
+      requestContext.setHeaderParam("User-Agent", this.userAgent);
+    }
+
+    // Apply auth methods
+    applySecurityAuthentication(_config, requestContext, [
+      "apiKeyAuth",
+      "appKeyAuth",
+    ]);
+
+    return requestContext;
+  }
+
   public async listApplicationSecurityWAFCustomRules(
     _options?: Configuration,
   ): Promise<RequestContext> {
@@ -419,6 +563,41 @@ export class ApplicationSecurityApiRequestFactory extends BaseAPIRequestFactory
     return requestContext;
   }
 
+  public async listApplicationSecurityWAFPolicies(
+    _options?: Configuration,
+  ): Promise<RequestContext> {
+    const _config = _options || this.configuration;
+
+    // Path Params
+    const localVarPath = "/api/v2/remote_config/products/asm/waf/policies";
+
+    // Make Request Context
+    const { server, overrides } = _config.getServerAndOverrides(
+      "ApplicationSecurityApi.v2.listApplicationSecurityWAFPolicies",
+      ApplicationSecurityApi.operationServers,
+    );
+    const requestContext = server.makeRequestContext(
+      localVarPath,
+      HttpMethod.GET,
+      overrides,
+    );
+    requestContext.setHeaderParam("Accept", "application/json");
+    requestContext.setHttpConfig(_config.httpConfig);
+
+    // Set User-Agent
+    if (this.userAgent) {
+      requestContext.setHeaderParam("User-Agent", this.userAgent);
+    }
+
+    // Apply auth methods
+    applySecurityAuthentication(_config, requestContext, [
+      "apiKeyAuth",
+      "appKeyAuth",
+    ]);
+
+    return requestContext;
+  }
+
   public async updateApplicationSecurityWafCustomRule(
     customRuleId: string,
     body: ApplicationSecurityWafCustomRuleUpdateRequest,
@@ -557,6 +736,66 @@ export class ApplicationSecurityApiRequestFactory extends BaseAPIRequestFactory
 
     return requestContext;
   }
+
+  public async updateApplicationSecurityWafPolicy(
+    policyId: string,
+    body: ApplicationSecurityPolicyUpdateRequest,
+    _options?: Configuration,
+  ): Promise<RequestContext> {
+    const _config = _options || this.configuration;
+
+    // verify required parameter 'policyId' is not null or undefined
+    if (policyId === null || policyId === undefined) {
+      throw new RequiredError("policyId", "updateApplicationSecurityWafPolicy");
+    }
+
+    // verify required parameter 'body' is not null or undefined
+    if (body === null || body === undefined) {
+      throw new RequiredError("body", "updateApplicationSecurityWafPolicy");
+    }
+
+    // Path Params
+    const localVarPath =
+      "/api/v2/remote_config/products/asm/waf/policies/{policy_id}".replace(
+        "{policy_id}",
+        encodeURIComponent(String(policyId)),
+      );
+
+    // Make Request Context
+    const { server, overrides } = _config.getServerAndOverrides(
+      "ApplicationSecurityApi.v2.updateApplicationSecurityWafPolicy",
+      ApplicationSecurityApi.operationServers,
+    );
+    const requestContext = server.makeRequestContext(
+      localVarPath,
+      HttpMethod.PUT,
+      overrides,
+    );
+    requestContext.setHeaderParam("Accept", "application/json");
+    requestContext.setHttpConfig(_config.httpConfig);
+
+    // Set User-Agent
+    if (this.userAgent) {
+      requestContext.setHeaderParam("User-Agent", this.userAgent);
+    }
+
+    // Body Params
+    const contentType = getPreferredMediaType(["application/json"]);
+    requestContext.setHeaderParam("Content-Type", contentType);
+    const serializedBody = stringify(
+      serialize(body, TypingInfo, "ApplicationSecurityPolicyUpdateRequest", ""),
+      contentType,
+    );
+    requestContext.setBody(serializedBody);
+
+    // Apply auth methods
+    applySecurityAuthentication(_config, requestContext, [
+      "apiKeyAuth",
+      "appKeyAuth",
+    ]);
+
+    return requestContext;
+  }
 }
 
 export class ApplicationSecurityApiResponseProcessor {
@@ -682,6 +921,67 @@ export class ApplicationSecurityApiResponseProcessor {
     );
   }
 
+  /**
+   * Unwraps the actual response sent by the server from the response context and deserializes the response content
+   * to the expected objects
+   *
+   * @params response Response returned by the server for a request to createApplicationSecurityWafPolicy
+   * @throws ApiException if the response code was not in [200, 299]
+   */
+  public async createApplicationSecurityWafPolicy(
+    response: ResponseContext,
+  ): Promise<ApplicationSecurityPolicyResponse> {
+    const contentType = normalizeMediaType(response.headers["content-type"]);
+    if (response.httpStatusCode === 201) {
+      const body: ApplicationSecurityPolicyResponse = deserialize(
+        parse(await response.body.text(), contentType),
+        TypingInfo,
+        "ApplicationSecurityPolicyResponse",
+      ) as ApplicationSecurityPolicyResponse;
+      return body;
+    }
+    if (
+      response.httpStatusCode === 400 ||
+      response.httpStatusCode === 403 ||
+      response.httpStatusCode === 409 ||
+      response.httpStatusCode === 429
+    ) {
+      const bodyText = parse(await response.body.text(), contentType);
+      let body: APIErrorResponse;
+      try {
+        body = deserialize(
+          bodyText,
+          TypingInfo,
+          "APIErrorResponse",
+        ) as APIErrorResponse;
+      } catch (error) {
+        logger.debug(`Got error deserializing error: ${error}`);
+        throw new ApiException<APIErrorResponse>(
+          response.httpStatusCode,
+          bodyText,
+        );
+      }
+      throw new ApiException<APIErrorResponse>(response.httpStatusCode, body);
+    }
+
+    // Work around for missing responses in specification, e.g. for petstore.yaml
+    if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) {
+      const body: ApplicationSecurityPolicyResponse = deserialize(
+        parse(await response.body.text(), contentType),
+        TypingInfo,
+        "ApplicationSecurityPolicyResponse",
+        "",
+      ) as ApplicationSecurityPolicyResponse;
+      return body;
+    }
+
+    const body = (await response.body.text()) || "";
+    throw new ApiException<string>(
+      response.httpStatusCode,
+      'Unknown API Status Code!\nBody: "' + body + '"',
+    );
+  }
+
   /**
    * Unwraps the actual response sent by the server from the response context and deserializes the response content
    * to the expected objects
@@ -736,10 +1036,60 @@ export class ApplicationSecurityApiResponseProcessor {
    * Unwraps the actual response sent by the server from the response context and deserializes the response content
    * to the expected objects
    *
-   * @params response Response returned by the server for a request to deleteApplicationSecurityWafExclusionFilter
+   * @params response Response returned by the server for a request to deleteApplicationSecurityWafExclusionFilter
+   * @throws ApiException if the response code was not in [200, 299]
+   */
+  public async deleteApplicationSecurityWafExclusionFilter(
+    response: ResponseContext,
+  ): Promise<void> {
+    const contentType = normalizeMediaType(response.headers["content-type"]);
+    if (response.httpStatusCode === 204) {
+      return;
+    }
+    if (
+      response.httpStatusCode === 403 ||
+      response.httpStatusCode === 404 ||
+      response.httpStatusCode === 409 ||
+      response.httpStatusCode === 429
+    ) {
+      const bodyText = parse(await response.body.text(), contentType);
+      let body: APIErrorResponse;
+      try {
+        body = deserialize(
+          bodyText,
+          TypingInfo,
+          "APIErrorResponse",
+        ) as APIErrorResponse;
+      } catch (error) {
+        logger.debug(`Got error deserializing error: ${error}`);
+        throw new ApiException<APIErrorResponse>(
+          response.httpStatusCode,
+          bodyText,
+        );
+      }
+      throw new ApiException<APIErrorResponse>(response.httpStatusCode, body);
+    }
+
+    // Work around for missing responses in specification, e.g. for petstore.yaml
+    if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) {
+      return;
+    }
+
+    const body = (await response.body.text()) || "";
+    throw new ApiException<string>(
+      response.httpStatusCode,
+      'Unknown API Status Code!\nBody: "' + body + '"',
+    );
+  }
+
+  /**
+   * Unwraps the actual response sent by the server from the response context and deserializes the response content
+   * to the expected objects
+   *
+   * @params response Response returned by the server for a request to deleteApplicationSecurityWafPolicy
    * @throws ApiException if the response code was not in [200, 299]
    */
-  public async deleteApplicationSecurityWafExclusionFilter(
+  public async deleteApplicationSecurityWafPolicy(
     response: ResponseContext,
   ): Promise<void> {
     const contentType = normalizeMediaType(response.headers["content-type"]);
@@ -898,6 +1248,62 @@ export class ApplicationSecurityApiResponseProcessor {
     );
   }
 
+  /**
+   * Unwraps the actual response sent by the server from the response context and deserializes the response content
+   * to the expected objects
+   *
+   * @params response Response returned by the server for a request to getApplicationSecurityWafPolicy
+   * @throws ApiException if the response code was not in [200, 299]
+   */
+  public async getApplicationSecurityWafPolicy(
+    response: ResponseContext,
+  ): Promise<ApplicationSecurityPolicyResponse> {
+    const contentType = normalizeMediaType(response.headers["content-type"]);
+    if (response.httpStatusCode === 200) {
+      const body: ApplicationSecurityPolicyResponse = deserialize(
+        parse(await response.body.text(), contentType),
+        TypingInfo,
+        "ApplicationSecurityPolicyResponse",
+      ) as ApplicationSecurityPolicyResponse;
+      return body;
+    }
+    if (response.httpStatusCode === 403 || response.httpStatusCode === 429) {
+      const bodyText = parse(await response.body.text(), contentType);
+      let body: APIErrorResponse;
+      try {
+        body = deserialize(
+          bodyText,
+          TypingInfo,
+          "APIErrorResponse",
+        ) as APIErrorResponse;
+      } catch (error) {
+        logger.debug(`Got error deserializing error: ${error}`);
+        throw new ApiException<APIErrorResponse>(
+          response.httpStatusCode,
+          bodyText,
+        );
+      }
+      throw new ApiException<APIErrorResponse>(response.httpStatusCode, body);
+    }
+
+    // Work around for missing responses in specification, e.g. for petstore.yaml
+    if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) {
+      const body: ApplicationSecurityPolicyResponse = deserialize(
+        parse(await response.body.text(), contentType),
+        TypingInfo,
+        "ApplicationSecurityPolicyResponse",
+        "",
+      ) as ApplicationSecurityPolicyResponse;
+      return body;
+    }
+
+    const body = (await response.body.text()) || "";
+    throw new ApiException<string>(
+      response.httpStatusCode,
+      'Unknown API Status Code!\nBody: "' + body + '"',
+    );
+  }
+
   /**
    * Unwraps the actual response sent by the server from the response context and deserializes the response content
    * to the expected objects
@@ -1010,6 +1416,62 @@ export class ApplicationSecurityApiResponseProcessor {
     );
   }
 
+  /**
+   * Unwraps the actual response sent by the server from the response context and deserializes the response content
+   * to the expected objects
+   *
+   * @params response Response returned by the server for a request to listApplicationSecurityWAFPolicies
+   * @throws ApiException if the response code was not in [200, 299]
+   */
+  public async listApplicationSecurityWAFPolicies(
+    response: ResponseContext,
+  ): Promise<ApplicationSecurityPolicyListResponse> {
+    const contentType = normalizeMediaType(response.headers["content-type"]);
+    if (response.httpStatusCode === 200) {
+      const body: ApplicationSecurityPolicyListResponse = deserialize(
+        parse(await response.body.text(), contentType),
+        TypingInfo,
+        "ApplicationSecurityPolicyListResponse",
+      ) as ApplicationSecurityPolicyListResponse;
+      return body;
+    }
+    if (response.httpStatusCode === 403 || response.httpStatusCode === 429) {
+      const bodyText = parse(await response.body.text(), contentType);
+      let body: APIErrorResponse;
+      try {
+        body = deserialize(
+          bodyText,
+          TypingInfo,
+          "APIErrorResponse",
+        ) as APIErrorResponse;
+      } catch (error) {
+        logger.debug(`Got error deserializing error: ${error}`);
+        throw new ApiException<APIErrorResponse>(
+          response.httpStatusCode,
+          bodyText,
+        );
+      }
+      throw new ApiException<APIErrorResponse>(response.httpStatusCode, body);
+    }
+
+    // Work around for missing responses in specification, e.g. for petstore.yaml
+    if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) {
+      const body: ApplicationSecurityPolicyListResponse = deserialize(
+        parse(await response.body.text(), contentType),
+        TypingInfo,
+        "ApplicationSecurityPolicyListResponse",
+        "",
+      ) as ApplicationSecurityPolicyListResponse;
+      return body;
+    }
+
+    const body = (await response.body.text()) || "";
+    throw new ApiException<string>(
+      response.httpStatusCode,
+      'Unknown API Status Code!\nBody: "' + body + '"',
+    );
+  }
+
   /**
    * Unwraps the actual response sent by the server from the response context and deserializes the response content
    * to the expected objects
@@ -1133,6 +1595,68 @@ export class ApplicationSecurityApiResponseProcessor {
       'Unknown API Status Code!\nBody: "' + body + '"',
     );
   }
+
+  /**
+   * Unwraps the actual response sent by the server from the response context and deserializes the response content
+   * to the expected objects
+   *
+   * @params response Response returned by the server for a request to updateApplicationSecurityWafPolicy
+   * @throws ApiException if the response code was not in [200, 299]
+   */
+  public async updateApplicationSecurityWafPolicy(
+    response: ResponseContext,
+  ): Promise<ApplicationSecurityPolicyResponse> {
+    const contentType = normalizeMediaType(response.headers["content-type"]);
+    if (response.httpStatusCode === 200) {
+      const body: ApplicationSecurityPolicyResponse = deserialize(
+        parse(await response.body.text(), contentType),
+        TypingInfo,
+        "ApplicationSecurityPolicyResponse",
+      ) as ApplicationSecurityPolicyResponse;
+      return body;
+    }
+    if (
+      response.httpStatusCode === 400 ||
+      response.httpStatusCode === 403 ||
+      response.httpStatusCode === 404 ||
+      response.httpStatusCode === 409 ||
+      response.httpStatusCode === 429
+    ) {
+      const bodyText = parse(await response.body.text(), contentType);
+      let body: APIErrorResponse;
+      try {
+        body = deserialize(
+          bodyText,
+          TypingInfo,
+          "APIErrorResponse",
+        ) as APIErrorResponse;
+      } catch (error) {
+        logger.debug(`Got error deserializing error: ${error}`);
+        throw new ApiException<APIErrorResponse>(
+          response.httpStatusCode,
+          bodyText,
+        );
+      }
+      throw new ApiException<APIErrorResponse>(response.httpStatusCode, body);
+    }
+
+    // Work around for missing responses in specification, e.g. for petstore.yaml
+    if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) {
+      const body: ApplicationSecurityPolicyResponse = deserialize(
+        parse(await response.body.text(), contentType),
+        TypingInfo,
+        "ApplicationSecurityPolicyResponse",
+        "",
+      ) as ApplicationSecurityPolicyResponse;
+      return body;
+    }
+
+    const body = (await response.body.text()) || "";
+    throw new ApiException<string>(
+      response.httpStatusCode,
+      'Unknown API Status Code!\nBody: "' + body + '"',
+    );
+  }
 }
 
 export interface ApplicationSecurityApiCreateApplicationSecurityWafCustomRuleRequest {
@@ -1151,6 +1675,14 @@ export interface ApplicationSecurityApiCreateApplicationSecurityWafExclusionFilt
   body: ApplicationSecurityWafExclusionFilterCreateRequest;
 }
 
+export interface ApplicationSecurityApiCreateApplicationSecurityWafPolicyRequest {
+  /**
+   * The new WAF policy.
+   * @type ApplicationSecurityPolicyCreateRequest
+   */
+  body: ApplicationSecurityPolicyCreateRequest;
+}
+
 export interface ApplicationSecurityApiDeleteApplicationSecurityWafCustomRuleRequest {
   /**
    * The ID of the custom rule.
@@ -1167,6 +1699,14 @@ export interface ApplicationSecurityApiDeleteApplicationSecurityWafExclusionFilt
   exclusionFilterId: string;
 }
 
+export interface ApplicationSecurityApiDeleteApplicationSecurityWafPolicyRequest {
+  /**
+   * The ID of the policy.
+   * @type string
+   */
+  policyId: string;
+}
+
 export interface ApplicationSecurityApiGetApplicationSecurityWafCustomRuleRequest {
   /**
    * The ID of the custom rule.
@@ -1183,6 +1723,14 @@ export interface ApplicationSecurityApiGetApplicationSecurityWafExclusionFilterR
   exclusionFilterId: string;
 }
 
+export interface ApplicationSecurityApiGetApplicationSecurityWafPolicyRequest {
+  /**
+   * The ID of the policy.
+   * @type string
+   */
+  policyId: string;
+}
+
 export interface ApplicationSecurityApiUpdateApplicationSecurityWafCustomRuleRequest {
   /**
    * The ID of the custom rule.
@@ -1209,6 +1757,19 @@ export interface ApplicationSecurityApiUpdateApplicationSecurityWafExclusionFilt
   body: ApplicationSecurityWafExclusionFilterUpdateRequest;
 }
 
+export interface ApplicationSecurityApiUpdateApplicationSecurityWafPolicyRequest {
+  /**
+   * The ID of the policy.
+   * @type string
+   */
+  policyId: string;
+  /**
+   * New WAF Policy.
+   * @type ApplicationSecurityPolicyUpdateRequest
+   */
+  body: ApplicationSecurityPolicyUpdateRequest;
+}
+
 export class ApplicationSecurityApi {
   private requestFactory: ApplicationSecurityApiRequestFactory;
   private responseProcessor: ApplicationSecurityApiResponseProcessor;
@@ -1280,6 +1841,30 @@ export class ApplicationSecurityApi {
     });
   }
 
+  /**
+   * Create a new WAF policy.
+   * @param param The request object
+   */
+  public createApplicationSecurityWafPolicy(
+    param: ApplicationSecurityApiCreateApplicationSecurityWafPolicyRequest,
+    options?: Configuration,
+  ): Promise<ApplicationSecurityPolicyResponse> {
+    const requestContextPromise =
+      this.requestFactory.createApplicationSecurityWafPolicy(
+        param.body,
+        options,
+      );
+    return requestContextPromise.then((requestContext) => {
+      return this.configuration.httpApi
+        .send(requestContext)
+        .then((responseContext) => {
+          return this.responseProcessor.createApplicationSecurityWafPolicy(
+            responseContext,
+          );
+        });
+    });
+  }
+
   /**
    * Delete a specific WAF custom rule.
    * @param param The request object
@@ -1328,6 +1913,30 @@ export class ApplicationSecurityApi {
     });
   }
 
+  /**
+   * Delete a specific WAF policy.
+   * @param param The request object
+   */
+  public deleteApplicationSecurityWafPolicy(
+    param: ApplicationSecurityApiDeleteApplicationSecurityWafPolicyRequest,
+    options?: Configuration,
+  ): Promise<void> {
+    const requestContextPromise =
+      this.requestFactory.deleteApplicationSecurityWafPolicy(
+        param.policyId,
+        options,
+      );
+    return requestContextPromise.then((requestContext) => {
+      return this.configuration.httpApi
+        .send(requestContext)
+        .then((responseContext) => {
+          return this.responseProcessor.deleteApplicationSecurityWafPolicy(
+            responseContext,
+          );
+        });
+    });
+  }
+
   /**
    * Retrieve a WAF custom rule by ID.
    * @param param The request object
@@ -1376,6 +1985,30 @@ export class ApplicationSecurityApi {
     });
   }
 
+  /**
+   * Retrieve a WAF policy by ID.
+   * @param param The request object
+   */
+  public getApplicationSecurityWafPolicy(
+    param: ApplicationSecurityApiGetApplicationSecurityWafPolicyRequest,
+    options?: Configuration,
+  ): Promise<ApplicationSecurityPolicyResponse> {
+    const requestContextPromise =
+      this.requestFactory.getApplicationSecurityWafPolicy(
+        param.policyId,
+        options,
+      );
+    return requestContextPromise.then((requestContext) => {
+      return this.configuration.httpApi
+        .send(requestContext)
+        .then((responseContext) => {
+          return this.responseProcessor.getApplicationSecurityWafPolicy(
+            responseContext,
+          );
+        });
+    });
+  }
+
   /**
    * Retrieve a list of WAF custom rule.
    * @param param The request object
@@ -1416,6 +2049,26 @@ export class ApplicationSecurityApi {
     });
   }
 
+  /**
+   * Retrieve a list of WAF policies.
+   * @param param The request object
+   */
+  public listApplicationSecurityWAFPolicies(
+    options?: Configuration,
+  ): Promise<ApplicationSecurityPolicyListResponse> {
+    const requestContextPromise =
+      this.requestFactory.listApplicationSecurityWAFPolicies(options);
+    return requestContextPromise.then((requestContext) => {
+      return this.configuration.httpApi
+        .send(requestContext)
+        .then((responseContext) => {
+          return this.responseProcessor.listApplicationSecurityWAFPolicies(
+            responseContext,
+          );
+        });
+    });
+  }
+
   /**
    * Update a specific WAF custom Rule.
    * Returns the Custom Rule object when the request is successful.
@@ -1467,4 +2120,30 @@ export class ApplicationSecurityApi {
         });
     });
   }
+
+  /**
+   * Update a specific WAF policy.
+   * Returns the Policy object when the request is successful.
+   * @param param The request object
+   */
+  public updateApplicationSecurityWafPolicy(
+    param: ApplicationSecurityApiUpdateApplicationSecurityWafPolicyRequest,
+    options?: Configuration,
+  ): Promise<ApplicationSecurityPolicyResponse> {
+    const requestContextPromise =
+      this.requestFactory.updateApplicationSecurityWafPolicy(
+        param.policyId,
+        param.body,
+        options,
+      );
+    return requestContextPromise.then((requestContext) => {
+      return this.configuration.httpApi
+        .send(requestContext)
+        .then((responseContext) => {
+          return this.responseProcessor.updateApplicationSecurityWafPolicy(
+            responseContext,
+          );
+        });
+    });
+  }
 }
diff --git a/services/application_security/src/v2/index.ts b/services/application_security/src/v2/index.ts
index 3da3f7a6c3ac..abf5416525e5 100644
--- a/services/application_security/src/v2/index.ts
+++ b/services/application_security/src/v2/index.ts
@@ -1,16 +1,34 @@
 export {
   ApplicationSecurityApiCreateApplicationSecurityWafCustomRuleRequest,
   ApplicationSecurityApiCreateApplicationSecurityWafExclusionFilterRequest,
+  ApplicationSecurityApiCreateApplicationSecurityWafPolicyRequest,
   ApplicationSecurityApiDeleteApplicationSecurityWafCustomRuleRequest,
   ApplicationSecurityApiDeleteApplicationSecurityWafExclusionFilterRequest,
+  ApplicationSecurityApiDeleteApplicationSecurityWafPolicyRequest,
   ApplicationSecurityApiGetApplicationSecurityWafCustomRuleRequest,
   ApplicationSecurityApiGetApplicationSecurityWafExclusionFilterRequest,
+  ApplicationSecurityApiGetApplicationSecurityWafPolicyRequest,
   ApplicationSecurityApiUpdateApplicationSecurityWafCustomRuleRequest,
   ApplicationSecurityApiUpdateApplicationSecurityWafExclusionFilterRequest,
+  ApplicationSecurityApiUpdateApplicationSecurityWafPolicyRequest,
   ApplicationSecurityApi,
 } from "./ApplicationSecurityApi";
 
 export { APIErrorResponse } from "./models/APIErrorResponse";
+export { ApplicationSecurityPolicyAttributes } from "./models/ApplicationSecurityPolicyAttributes";
+export { ApplicationSecurityPolicyCreateAttributes } from "./models/ApplicationSecurityPolicyCreateAttributes";
+export { ApplicationSecurityPolicyCreateData } from "./models/ApplicationSecurityPolicyCreateData";
+export { ApplicationSecurityPolicyCreateRequest } from "./models/ApplicationSecurityPolicyCreateRequest";
+export { ApplicationSecurityPolicyData } from "./models/ApplicationSecurityPolicyData";
+export { ApplicationSecurityPolicyListResponse } from "./models/ApplicationSecurityPolicyListResponse";
+export { ApplicationSecurityPolicyMetadata } from "./models/ApplicationSecurityPolicyMetadata";
+export { ApplicationSecurityPolicyResponse } from "./models/ApplicationSecurityPolicyResponse";
+export { ApplicationSecurityPolicyRuleOverride } from "./models/ApplicationSecurityPolicyRuleOverride";
+export { ApplicationSecurityPolicyScope } from "./models/ApplicationSecurityPolicyScope";
+export { ApplicationSecurityPolicyType } from "./models/ApplicationSecurityPolicyType";
+export { ApplicationSecurityPolicyUpdateAttributes } from "./models/ApplicationSecurityPolicyUpdateAttributes";
+export { ApplicationSecurityPolicyUpdateData } from "./models/ApplicationSecurityPolicyUpdateData";
+export { ApplicationSecurityPolicyUpdateRequest } from "./models/ApplicationSecurityPolicyUpdateRequest";
 export { ApplicationSecurityWafCustomRuleAction } from "./models/ApplicationSecurityWafCustomRuleAction";
 export { ApplicationSecurityWafCustomRuleActionAction } from "./models/ApplicationSecurityWafCustomRuleActionAction";
 export { ApplicationSecurityWafCustomRuleActionParameters } from "./models/ApplicationSecurityWafCustomRuleActionParameters";
diff --git a/services/application_security/src/v2/models/ApplicationSecurityPolicyAttributes.ts b/services/application_security/src/v2/models/ApplicationSecurityPolicyAttributes.ts
new file mode 100644
index 000000000000..648e2dd91272
--- /dev/null
+++ b/services/application_security/src/v2/models/ApplicationSecurityPolicyAttributes.ts
@@ -0,0 +1,98 @@
+import { AttributeTypeMap } from "@datadog/datadog-api-client";
+
+import { ApplicationSecurityPolicyRuleOverride } from "./ApplicationSecurityPolicyRuleOverride";
+import { ApplicationSecurityPolicyScope } from "./ApplicationSecurityPolicyScope";
+
+/**
+ * A WAF policy.
+ */
+export class ApplicationSecurityPolicyAttributes {
+  /**
+   * Description of the WAF policy.
+   */
+  "description": string;
+  /**
+   * Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.
+   */
+  "isDefault"?: boolean;
+  /**
+   * The Name of the WAF policy.
+   */
+  "name": string;
+  /**
+   * Presets enabled on this policy.
+   */
+  "protectionPresets"?: Array<string>;
+  /**
+   * Rule overrides applied by the policy.
+   */
+  "rules"?: Array<ApplicationSecurityPolicyRuleOverride>;
+  /**
+   * The scope of the WAF policy.
+   */
+  "scope"?: Array<ApplicationSecurityPolicyScope>;
+  /**
+   * Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.
+   */
+  "version"?: number;
+  /**
+   * A container for additional, undeclared properties.
+   * This is a holder for any undeclared properties as specified with
+   * the 'additionalProperties' keyword in the OAS document.
+   */
+  "additionalProperties"?: { [key: string]: any };
+  /**
+   * @ignore
+   */
+  "_unparsed"?: boolean;
+
+  /**
+   * @ignore
+   */
+  static readonly attributeTypeMap: AttributeTypeMap = {
+    description: {
+      baseName: "description",
+      type: "string",
+      required: true,
+    },
+    isDefault: {
+      baseName: "isDefault",
+      type: "boolean",
+    },
+    name: {
+      baseName: "name",
+      type: "string",
+      required: true,
+    },
+    protectionPresets: {
+      baseName: "protectionPresets",
+      type: "Array<string>",
+    },
+    rules: {
+      baseName: "rules",
+      type: "Array<ApplicationSecurityPolicyRuleOverride>",
+    },
+    scope: {
+      baseName: "scope",
+      type: "Array<ApplicationSecurityPolicyScope>",
+    },
+    version: {
+      baseName: "version",
+      type: "number",
+      format: "int64",
+    },
+    additionalProperties: {
+      baseName: "additionalProperties",
+      type: "{ [key: string]: any; }",
+    },
+  };
+
+  /**
+   * @ignore
+   */
+  static getAttributeTypeMap(): AttributeTypeMap {
+    return ApplicationSecurityPolicyAttributes.attributeTypeMap;
+  }
+
+  public constructor() {}
+}
diff --git a/services/application_security/src/v2/models/ApplicationSecurityPolicyCreateAttributes.ts b/services/application_security/src/v2/models/ApplicationSecurityPolicyCreateAttributes.ts
new file mode 100644
index 000000000000..25477865f743
--- /dev/null
+++ b/services/application_security/src/v2/models/ApplicationSecurityPolicyCreateAttributes.ts
@@ -0,0 +1,107 @@
+import { AttributeTypeMap } from "@datadog/datadog-api-client";
+
+import { ApplicationSecurityPolicyRuleOverride } from "./ApplicationSecurityPolicyRuleOverride";
+import { ApplicationSecurityPolicyScope } from "./ApplicationSecurityPolicyScope";
+
+/**
+ * Create a new WAF policy.
+ */
+export class ApplicationSecurityPolicyCreateAttributes {
+  /**
+   * When creating a new policy, clone the policy indicated by this identifier.
+   */
+  "basedOn": string;
+  /**
+   * Description of the WAF policy.
+   */
+  "description": string;
+  /**
+   * Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.
+   */
+  "isDefault"?: boolean;
+  /**
+   * The Name of the WAF policy.
+   */
+  "name": string;
+  /**
+   * Presets enabled on this policy.
+   */
+  "protectionPresets"?: Array<string>;
+  /**
+   * Rule overrides applied by the policy.
+   */
+  "rules"?: Array<ApplicationSecurityPolicyRuleOverride>;
+  /**
+   * The scope of the WAF policy.
+   */
+  "scope"?: Array<ApplicationSecurityPolicyScope>;
+  /**
+   * Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.
+   */
+  "version"?: number;
+  /**
+   * A container for additional, undeclared properties.
+   * This is a holder for any undeclared properties as specified with
+   * the 'additionalProperties' keyword in the OAS document.
+   */
+  "additionalProperties"?: { [key: string]: any };
+  /**
+   * @ignore
+   */
+  "_unparsed"?: boolean;
+
+  /**
+   * @ignore
+   */
+  static readonly attributeTypeMap: AttributeTypeMap = {
+    basedOn: {
+      baseName: "basedOn",
+      type: "string",
+      required: true,
+    },
+    description: {
+      baseName: "description",
+      type: "string",
+      required: true,
+    },
+    isDefault: {
+      baseName: "isDefault",
+      type: "boolean",
+    },
+    name: {
+      baseName: "name",
+      type: "string",
+      required: true,
+    },
+    protectionPresets: {
+      baseName: "protectionPresets",
+      type: "Array<string>",
+    },
+    rules: {
+      baseName: "rules",
+      type: "Array<ApplicationSecurityPolicyRuleOverride>",
+    },
+    scope: {
+      baseName: "scope",
+      type: "Array<ApplicationSecurityPolicyScope>",
+    },
+    version: {
+      baseName: "version",
+      type: "number",
+      format: "int64",
+    },
+    additionalProperties: {
+      baseName: "additionalProperties",
+      type: "{ [key: string]: any; }",
+    },
+  };
+
+  /**
+   * @ignore
+   */
+  static getAttributeTypeMap(): AttributeTypeMap {
+    return ApplicationSecurityPolicyCreateAttributes.attributeTypeMap;
+  }
+
+  public constructor() {}
+}
diff --git a/services/application_security/src/v2/models/ApplicationSecurityPolicyCreateData.ts b/services/application_security/src/v2/models/ApplicationSecurityPolicyCreateData.ts
new file mode 100644
index 000000000000..2e010a0d674e
--- /dev/null
+++ b/services/application_security/src/v2/models/ApplicationSecurityPolicyCreateData.ts
@@ -0,0 +1,57 @@
+import { AttributeTypeMap } from "@datadog/datadog-api-client";
+
+import { ApplicationSecurityPolicyCreateAttributes } from "./ApplicationSecurityPolicyCreateAttributes";
+import { ApplicationSecurityPolicyType } from "./ApplicationSecurityPolicyType";
+
+/**
+ * Object for a single WAF policy.
+ */
+export class ApplicationSecurityPolicyCreateData {
+  /**
+   * Create a new WAF policy.
+   */
+  "attributes": ApplicationSecurityPolicyCreateAttributes;
+  /**
+   * The type of the resource. The value should always be `policy`.
+   */
+  "type": ApplicationSecurityPolicyType;
+  /**
+   * A container for additional, undeclared properties.
+   * This is a holder for any undeclared properties as specified with
+   * the 'additionalProperties' keyword in the OAS document.
+   */
+  "additionalProperties"?: { [key: string]: any };
+  /**
+   * @ignore
+   */
+  "_unparsed"?: boolean;
+
+  /**
+   * @ignore
+   */
+  static readonly attributeTypeMap: AttributeTypeMap = {
+    attributes: {
+      baseName: "attributes",
+      type: "ApplicationSecurityPolicyCreateAttributes",
+      required: true,
+    },
+    type: {
+      baseName: "type",
+      type: "ApplicationSecurityPolicyType",
+      required: true,
+    },
+    additionalProperties: {
+      baseName: "additionalProperties",
+      type: "{ [key: string]: any; }",
+    },
+  };
+
+  /**
+   * @ignore
+   */
+  static getAttributeTypeMap(): AttributeTypeMap {
+    return ApplicationSecurityPolicyCreateData.attributeTypeMap;
+  }
+
+  public constructor() {}
+}
diff --git a/services/application_security/src/v2/models/ApplicationSecurityPolicyCreateRequest.ts b/services/application_security/src/v2/models/ApplicationSecurityPolicyCreateRequest.ts
new file mode 100644
index 000000000000..0b8b63177564
--- /dev/null
+++ b/services/application_security/src/v2/models/ApplicationSecurityPolicyCreateRequest.ts
@@ -0,0 +1,47 @@
+import { AttributeTypeMap } from "@datadog/datadog-api-client";
+
+import { ApplicationSecurityPolicyCreateData } from "./ApplicationSecurityPolicyCreateData";
+
+/**
+ * Request object that includes the policy to create.
+ */
+export class ApplicationSecurityPolicyCreateRequest {
+  /**
+   * Object for a single WAF policy.
+   */
+  "data": ApplicationSecurityPolicyCreateData;
+  /**
+   * A container for additional, undeclared properties.
+   * This is a holder for any undeclared properties as specified with
+   * the 'additionalProperties' keyword in the OAS document.
+   */
+  "additionalProperties"?: { [key: string]: any };
+  /**
+   * @ignore
+   */
+  "_unparsed"?: boolean;
+
+  /**
+   * @ignore
+   */
+  static readonly attributeTypeMap: AttributeTypeMap = {
+    data: {
+      baseName: "data",
+      type: "ApplicationSecurityPolicyCreateData",
+      required: true,
+    },
+    additionalProperties: {
+      baseName: "additionalProperties",
+      type: "{ [key: string]: any; }",
+    },
+  };
+
+  /**
+   * @ignore
+   */
+  static getAttributeTypeMap(): AttributeTypeMap {
+    return ApplicationSecurityPolicyCreateRequest.attributeTypeMap;
+  }
+
+  public constructor() {}
+}
diff --git a/services/application_security/src/v2/models/ApplicationSecurityPolicyData.ts b/services/application_security/src/v2/models/ApplicationSecurityPolicyData.ts
new file mode 100644
index 000000000000..4609007c8dd9
--- /dev/null
+++ b/services/application_security/src/v2/models/ApplicationSecurityPolicyData.ts
@@ -0,0 +1,72 @@
+import { AttributeTypeMap } from "@datadog/datadog-api-client";
+
+import { ApplicationSecurityPolicyAttributes } from "./ApplicationSecurityPolicyAttributes";
+import { ApplicationSecurityPolicyMetadata } from "./ApplicationSecurityPolicyMetadata";
+import { ApplicationSecurityPolicyType } from "./ApplicationSecurityPolicyType";
+
+/**
+ * Object for a single WAF policy.
+ */
+export class ApplicationSecurityPolicyData {
+  /**
+   * A WAF policy.
+   */
+  "attributes"?: ApplicationSecurityPolicyAttributes;
+  /**
+   * The ID of the policy.
+   */
+  "id"?: string;
+  /**
+   * Metadata associated with the WAF policy.
+   */
+  "metadata"?: ApplicationSecurityPolicyMetadata;
+  /**
+   * The type of the resource. The value should always be `policy`.
+   */
+  "type"?: ApplicationSecurityPolicyType;
+  /**
+   * A container for additional, undeclared properties.
+   * This is a holder for any undeclared properties as specified with
+   * the 'additionalProperties' keyword in the OAS document.
+   */
+  "additionalProperties"?: { [key: string]: any };
+  /**
+   * @ignore
+   */
+  "_unparsed"?: boolean;
+
+  /**
+   * @ignore
+   */
+  static readonly attributeTypeMap: AttributeTypeMap = {
+    attributes: {
+      baseName: "attributes",
+      type: "ApplicationSecurityPolicyAttributes",
+    },
+    id: {
+      baseName: "id",
+      type: "string",
+    },
+    metadata: {
+      baseName: "metadata",
+      type: "ApplicationSecurityPolicyMetadata",
+    },
+    type: {
+      baseName: "type",
+      type: "ApplicationSecurityPolicyType",
+    },
+    additionalProperties: {
+      baseName: "additionalProperties",
+      type: "{ [key: string]: any; }",
+    },
+  };
+
+  /**
+   * @ignore
+   */
+  static getAttributeTypeMap(): AttributeTypeMap {
+    return ApplicationSecurityPolicyData.attributeTypeMap;
+  }
+
+  public constructor() {}
+}
diff --git a/services/application_security/src/v2/models/ApplicationSecurityPolicyListResponse.ts b/services/application_security/src/v2/models/ApplicationSecurityPolicyListResponse.ts
new file mode 100644
index 000000000000..6cf0c1982d05
--- /dev/null
+++ b/services/application_security/src/v2/models/ApplicationSecurityPolicyListResponse.ts
@@ -0,0 +1,46 @@
+import { AttributeTypeMap } from "@datadog/datadog-api-client";
+
+import { ApplicationSecurityPolicyData } from "./ApplicationSecurityPolicyData";
+
+/**
+ * Response object that includes a list of WAF policies.
+ */
+export class ApplicationSecurityPolicyListResponse {
+  /**
+   * The WAF policy data.
+   */
+  "data"?: Array<ApplicationSecurityPolicyData>;
+  /**
+   * A container for additional, undeclared properties.
+   * This is a holder for any undeclared properties as specified with
+   * the 'additionalProperties' keyword in the OAS document.
+   */
+  "additionalProperties"?: { [key: string]: any };
+  /**
+   * @ignore
+   */
+  "_unparsed"?: boolean;
+
+  /**
+   * @ignore
+   */
+  static readonly attributeTypeMap: AttributeTypeMap = {
+    data: {
+      baseName: "data",
+      type: "Array<ApplicationSecurityPolicyData>",
+    },
+    additionalProperties: {
+      baseName: "additionalProperties",
+      type: "{ [key: string]: any; }",
+    },
+  };
+
+  /**
+   * @ignore
+   */
+  static getAttributeTypeMap(): AttributeTypeMap {
+    return ApplicationSecurityPolicyListResponse.attributeTypeMap;
+  }
+
+  public constructor() {}
+}
diff --git a/services/application_security/src/v2/models/ApplicationSecurityPolicyMetadata.ts b/services/application_security/src/v2/models/ApplicationSecurityPolicyMetadata.ts
new file mode 100644
index 000000000000..738a52713b28
--- /dev/null
+++ b/services/application_security/src/v2/models/ApplicationSecurityPolicyMetadata.ts
@@ -0,0 +1,86 @@
+import { AttributeTypeMap } from "@datadog/datadog-api-client";
+
+/**
+ * Metadata associated with the WAF policy.
+ */
+export class ApplicationSecurityPolicyMetadata {
+  /**
+   * The date and time the WAF policy was created.
+   */
+  "addedAt"?: Date;
+  /**
+   * The handle of the user who created the WAF policy.
+   */
+  "addedBy"?: string;
+  /**
+   * The name of the user who created the WAF policy.
+   */
+  "addedByName"?: string;
+  /**
+   * The date and time the WAF policy was last updated.
+   */
+  "modifiedAt"?: Date;
+  /**
+   * The handle of the user who last updated the WAF policy.
+   */
+  "modifiedBy"?: string;
+  /**
+   * The name of the user who last updated the WAF policy.
+   */
+  "modifiedByName"?: string;
+  /**
+   * A container for additional, undeclared properties.
+   * This is a holder for any undeclared properties as specified with
+   * the 'additionalProperties' keyword in the OAS document.
+   */
+  "additionalProperties"?: { [key: string]: any };
+  /**
+   * @ignore
+   */
+  "_unparsed"?: boolean;
+
+  /**
+   * @ignore
+   */
+  static readonly attributeTypeMap: AttributeTypeMap = {
+    addedAt: {
+      baseName: "added_at",
+      type: "Date",
+      format: "date-time",
+    },
+    addedBy: {
+      baseName: "added_by",
+      type: "string",
+    },
+    addedByName: {
+      baseName: "added_by_name",
+      type: "string",
+    },
+    modifiedAt: {
+      baseName: "modified_at",
+      type: "Date",
+      format: "date-time",
+    },
+    modifiedBy: {
+      baseName: "modified_by",
+      type: "string",
+    },
+    modifiedByName: {
+      baseName: "modified_by_name",
+      type: "string",
+    },
+    additionalProperties: {
+      baseName: "additionalProperties",
+      type: "{ [key: string]: any; }",
+    },
+  };
+
+  /**
+   * @ignore
+   */
+  static getAttributeTypeMap(): AttributeTypeMap {
+    return ApplicationSecurityPolicyMetadata.attributeTypeMap;
+  }
+
+  public constructor() {}
+}
diff --git a/services/application_security/src/v2/models/ApplicationSecurityPolicyResponse.ts b/services/application_security/src/v2/models/ApplicationSecurityPolicyResponse.ts
new file mode 100644
index 000000000000..773fe0734784
--- /dev/null
+++ b/services/application_security/src/v2/models/ApplicationSecurityPolicyResponse.ts
@@ -0,0 +1,46 @@
+import { AttributeTypeMap } from "@datadog/datadog-api-client";
+
+import { ApplicationSecurityPolicyData } from "./ApplicationSecurityPolicyData";
+
+/**
+ * Response object that includes a single WAF policy.
+ */
+export class ApplicationSecurityPolicyResponse {
+  /**
+   * Object for a single WAF policy.
+   */
+  "data"?: ApplicationSecurityPolicyData;
+  /**
+   * A container for additional, undeclared properties.
+   * This is a holder for any undeclared properties as specified with
+   * the 'additionalProperties' keyword in the OAS document.
+   */
+  "additionalProperties"?: { [key: string]: any };
+  /**
+   * @ignore
+   */
+  "_unparsed"?: boolean;
+
+  /**
+   * @ignore
+   */
+  static readonly attributeTypeMap: AttributeTypeMap = {
+    data: {
+      baseName: "data",
+      type: "ApplicationSecurityPolicyData",
+    },
+    additionalProperties: {
+      baseName: "additionalProperties",
+      type: "{ [key: string]: any; }",
+    },
+  };
+
+  /**
+   * @ignore
+   */
+  static getAttributeTypeMap(): AttributeTypeMap {
+    return ApplicationSecurityPolicyResponse.attributeTypeMap;
+  }
+
+  public constructor() {}
+}
diff --git a/services/application_security/src/v2/models/ApplicationSecurityPolicyRuleOverride.ts b/services/application_security/src/v2/models/ApplicationSecurityPolicyRuleOverride.ts
new file mode 100644
index 000000000000..8914a77b3bee
--- /dev/null
+++ b/services/application_security/src/v2/models/ApplicationSecurityPolicyRuleOverride.ts
@@ -0,0 +1,63 @@
+import { AttributeTypeMap } from "@datadog/datadog-api-client";
+
+/**
+ * Override WAF rule parameters for services in a policy.
+ */
+export class ApplicationSecurityPolicyRuleOverride {
+  /**
+   * When blocking is enabled, the rule will block the traffic matched by this rule.
+   */
+  "blocking": boolean;
+  /**
+   * When false, this rule will not match any traffic.
+   */
+  "enabled": boolean;
+  /**
+   * Override the parameters for this WAF rule identifier.
+   */
+  "id": string;
+  /**
+   * A container for additional, undeclared properties.
+   * This is a holder for any undeclared properties as specified with
+   * the 'additionalProperties' keyword in the OAS document.
+   */
+  "additionalProperties"?: { [key: string]: any };
+  /**
+   * @ignore
+   */
+  "_unparsed"?: boolean;
+
+  /**
+   * @ignore
+   */
+  static readonly attributeTypeMap: AttributeTypeMap = {
+    blocking: {
+      baseName: "blocking",
+      type: "boolean",
+      required: true,
+    },
+    enabled: {
+      baseName: "enabled",
+      type: "boolean",
+      required: true,
+    },
+    id: {
+      baseName: "id",
+      type: "string",
+      required: true,
+    },
+    additionalProperties: {
+      baseName: "additionalProperties",
+      type: "{ [key: string]: any; }",
+    },
+  };
+
+  /**
+   * @ignore
+   */
+  static getAttributeTypeMap(): AttributeTypeMap {
+    return ApplicationSecurityPolicyRuleOverride.attributeTypeMap;
+  }
+
+  public constructor() {}
+}
diff --git a/services/application_security/src/v2/models/ApplicationSecurityPolicyScope.ts b/services/application_security/src/v2/models/ApplicationSecurityPolicyScope.ts
new file mode 100644
index 000000000000..b131c10f9eba
--- /dev/null
+++ b/services/application_security/src/v2/models/ApplicationSecurityPolicyScope.ts
@@ -0,0 +1,54 @@
+import { AttributeTypeMap } from "@datadog/datadog-api-client";
+
+/**
+ * The scope of the WAF policy.
+ */
+export class ApplicationSecurityPolicyScope {
+  /**
+   * The environment scope for the WAF policy.
+   */
+  "env": string;
+  /**
+   * The service scope for the WAF policy.
+   */
+  "service": string;
+  /**
+   * A container for additional, undeclared properties.
+   * This is a holder for any undeclared properties as specified with
+   * the 'additionalProperties' keyword in the OAS document.
+   */
+  "additionalProperties"?: { [key: string]: any };
+  /**
+   * @ignore
+   */
+  "_unparsed"?: boolean;
+
+  /**
+   * @ignore
+   */
+  static readonly attributeTypeMap: AttributeTypeMap = {
+    env: {
+      baseName: "env",
+      type: "string",
+      required: true,
+    },
+    service: {
+      baseName: "service",
+      type: "string",
+      required: true,
+    },
+    additionalProperties: {
+      baseName: "additionalProperties",
+      type: "{ [key: string]: any; }",
+    },
+  };
+
+  /**
+   * @ignore
+   */
+  static getAttributeTypeMap(): AttributeTypeMap {
+    return ApplicationSecurityPolicyScope.attributeTypeMap;
+  }
+
+  public constructor() {}
+}
diff --git a/services/application_security/src/v2/models/ApplicationSecurityPolicyType.ts b/services/application_security/src/v2/models/ApplicationSecurityPolicyType.ts
new file mode 100644
index 000000000000..3abe9ff8b9ef
--- /dev/null
+++ b/services/application_security/src/v2/models/ApplicationSecurityPolicyType.ts
@@ -0,0 +1,7 @@
+import { UnparsedObject } from "@datadog/datadog-api-client";
+
+/**
+ * The type of the resource. The value should always be `policy`.
+ */
+export type ApplicationSecurityPolicyType = typeof POLICY | UnparsedObject;
+export const POLICY = "policy";
diff --git a/services/application_security/src/v2/models/ApplicationSecurityPolicyUpdateAttributes.ts b/services/application_security/src/v2/models/ApplicationSecurityPolicyUpdateAttributes.ts
new file mode 100644
index 000000000000..146ece1ec6d6
--- /dev/null
+++ b/services/application_security/src/v2/models/ApplicationSecurityPolicyUpdateAttributes.ts
@@ -0,0 +1,103 @@
+import { AttributeTypeMap } from "@datadog/datadog-api-client";
+
+import { ApplicationSecurityPolicyRuleOverride } from "./ApplicationSecurityPolicyRuleOverride";
+import { ApplicationSecurityPolicyScope } from "./ApplicationSecurityPolicyScope";
+
+/**
+ * Update a WAF policy.
+ */
+export class ApplicationSecurityPolicyUpdateAttributes {
+  /**
+   * Description of the WAF policy.
+   */
+  "description": string;
+  /**
+   * Make this policy the default policy. The default policy is applied to every services not specifically added to another policy.
+   */
+  "isDefault": boolean;
+  /**
+   * The Name of the WAF policy.
+   */
+  "name": string;
+  /**
+   * Presets enabled on this policy.
+   */
+  "protectionPresets": Array<string>;
+  /**
+   * Rule overrides applied by the policy.
+   */
+  "rules": Array<ApplicationSecurityPolicyRuleOverride>;
+  /**
+   * The scope of the WAF policy.
+   */
+  "scope": Array<ApplicationSecurityPolicyScope>;
+  /**
+   * Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value.
+   */
+  "version": number;
+  /**
+   * A container for additional, undeclared properties.
+   * This is a holder for any undeclared properties as specified with
+   * the 'additionalProperties' keyword in the OAS document.
+   */
+  "additionalProperties"?: { [key: string]: any };
+  /**
+   * @ignore
+   */
+  "_unparsed"?: boolean;
+
+  /**
+   * @ignore
+   */
+  static readonly attributeTypeMap: AttributeTypeMap = {
+    description: {
+      baseName: "description",
+      type: "string",
+      required: true,
+    },
+    isDefault: {
+      baseName: "isDefault",
+      type: "boolean",
+      required: true,
+    },
+    name: {
+      baseName: "name",
+      type: "string",
+      required: true,
+    },
+    protectionPresets: {
+      baseName: "protectionPresets",
+      type: "Array<string>",
+      required: true,
+    },
+    rules: {
+      baseName: "rules",
+      type: "Array<ApplicationSecurityPolicyRuleOverride>",
+      required: true,
+    },
+    scope: {
+      baseName: "scope",
+      type: "Array<ApplicationSecurityPolicyScope>",
+      required: true,
+    },
+    version: {
+      baseName: "version",
+      type: "number",
+      required: true,
+      format: "int64",
+    },
+    additionalProperties: {
+      baseName: "additionalProperties",
+      type: "{ [key: string]: any; }",
+    },
+  };
+
+  /**
+   * @ignore
+   */
+  static getAttributeTypeMap(): AttributeTypeMap {
+    return ApplicationSecurityPolicyUpdateAttributes.attributeTypeMap;
+  }
+
+  public constructor() {}
+}
diff --git a/services/application_security/src/v2/models/ApplicationSecurityPolicyUpdateData.ts b/services/application_security/src/v2/models/ApplicationSecurityPolicyUpdateData.ts
new file mode 100644
index 000000000000..5037d40ef3a4
--- /dev/null
+++ b/services/application_security/src/v2/models/ApplicationSecurityPolicyUpdateData.ts
@@ -0,0 +1,57 @@
+import { AttributeTypeMap } from "@datadog/datadog-api-client";
+
+import { ApplicationSecurityPolicyType } from "./ApplicationSecurityPolicyType";
+import { ApplicationSecurityPolicyUpdateAttributes } from "./ApplicationSecurityPolicyUpdateAttributes";
+
+/**
+ * Object for a single WAF policy.
+ */
+export class ApplicationSecurityPolicyUpdateData {
+  /**
+   * Update a WAF policy.
+   */
+  "attributes": ApplicationSecurityPolicyUpdateAttributes;
+  /**
+   * The type of the resource. The value should always be `policy`.
+   */
+  "type": ApplicationSecurityPolicyType;
+  /**
+   * A container for additional, undeclared properties.
+   * This is a holder for any undeclared properties as specified with
+   * the 'additionalProperties' keyword in the OAS document.
+   */
+  "additionalProperties"?: { [key: string]: any };
+  /**
+   * @ignore
+   */
+  "_unparsed"?: boolean;
+
+  /**
+   * @ignore
+   */
+  static readonly attributeTypeMap: AttributeTypeMap = {
+    attributes: {
+      baseName: "attributes",
+      type: "ApplicationSecurityPolicyUpdateAttributes",
+      required: true,
+    },
+    type: {
+      baseName: "type",
+      type: "ApplicationSecurityPolicyType",
+      required: true,
+    },
+    additionalProperties: {
+      baseName: "additionalProperties",
+      type: "{ [key: string]: any; }",
+    },
+  };
+
+  /**
+   * @ignore
+   */
+  static getAttributeTypeMap(): AttributeTypeMap {
+    return ApplicationSecurityPolicyUpdateData.attributeTypeMap;
+  }
+
+  public constructor() {}
+}
diff --git a/services/application_security/src/v2/models/ApplicationSecurityPolicyUpdateRequest.ts b/services/application_security/src/v2/models/ApplicationSecurityPolicyUpdateRequest.ts
new file mode 100644
index 000000000000..11657bcefe65
--- /dev/null
+++ b/services/application_security/src/v2/models/ApplicationSecurityPolicyUpdateRequest.ts
@@ -0,0 +1,47 @@
+import { AttributeTypeMap } from "@datadog/datadog-api-client";
+
+import { ApplicationSecurityPolicyUpdateData } from "./ApplicationSecurityPolicyUpdateData";
+
+/**
+ * Request object that includes the policy to update.
+ */
+export class ApplicationSecurityPolicyUpdateRequest {
+  /**
+   * Object for a single WAF policy.
+   */
+  "data": ApplicationSecurityPolicyUpdateData;
+  /**
+   * A container for additional, undeclared properties.
+   * This is a holder for any undeclared properties as specified with
+   * the 'additionalProperties' keyword in the OAS document.
+   */
+  "additionalProperties"?: { [key: string]: any };
+  /**
+   * @ignore
+   */
+  "_unparsed"?: boolean;
+
+  /**
+   * @ignore
+   */
+  static readonly attributeTypeMap: AttributeTypeMap = {
+    data: {
+      baseName: "data",
+      type: "ApplicationSecurityPolicyUpdateData",
+      required: true,
+    },
+    additionalProperties: {
+      baseName: "additionalProperties",
+      type: "{ [key: string]: any; }",
+    },
+  };
+
+  /**
+   * @ignore
+   */
+  static getAttributeTypeMap(): AttributeTypeMap {
+    return ApplicationSecurityPolicyUpdateRequest.attributeTypeMap;
+  }
+
+  public constructor() {}
+}
diff --git a/services/application_security/src/v2/models/TypingInfo.ts b/services/application_security/src/v2/models/TypingInfo.ts
index ffa6184e9902..6f80118d4b7c 100644
--- a/services/application_security/src/v2/models/TypingInfo.ts
+++ b/services/application_security/src/v2/models/TypingInfo.ts
@@ -1,6 +1,19 @@
 import { ModelTypingInfo } from "@datadog/datadog-api-client";
 
 import { APIErrorResponse } from "./APIErrorResponse";
+import { ApplicationSecurityPolicyAttributes } from "./ApplicationSecurityPolicyAttributes";
+import { ApplicationSecurityPolicyCreateAttributes } from "./ApplicationSecurityPolicyCreateAttributes";
+import { ApplicationSecurityPolicyCreateData } from "./ApplicationSecurityPolicyCreateData";
+import { ApplicationSecurityPolicyCreateRequest } from "./ApplicationSecurityPolicyCreateRequest";
+import { ApplicationSecurityPolicyData } from "./ApplicationSecurityPolicyData";
+import { ApplicationSecurityPolicyListResponse } from "./ApplicationSecurityPolicyListResponse";
+import { ApplicationSecurityPolicyMetadata } from "./ApplicationSecurityPolicyMetadata";
+import { ApplicationSecurityPolicyResponse } from "./ApplicationSecurityPolicyResponse";
+import { ApplicationSecurityPolicyRuleOverride } from "./ApplicationSecurityPolicyRuleOverride";
+import { ApplicationSecurityPolicyScope } from "./ApplicationSecurityPolicyScope";
+import { ApplicationSecurityPolicyUpdateAttributes } from "./ApplicationSecurityPolicyUpdateAttributes";
+import { ApplicationSecurityPolicyUpdateData } from "./ApplicationSecurityPolicyUpdateData";
+import { ApplicationSecurityPolicyUpdateRequest } from "./ApplicationSecurityPolicyUpdateRequest";
 import { ApplicationSecurityWafCustomRuleAction } from "./ApplicationSecurityWafCustomRuleAction";
 import { ApplicationSecurityWafCustomRuleActionParameters } from "./ApplicationSecurityWafCustomRuleActionParameters";
 import { ApplicationSecurityWafCustomRuleAttributes } from "./ApplicationSecurityWafCustomRuleAttributes";
@@ -37,6 +50,7 @@ import { ApplicationSecurityWafExclusionFiltersResponse } from "./ApplicationSec
 
 export const TypingInfo: ModelTypingInfo = {
   enumsMap: {
+    ApplicationSecurityPolicyType: ["policy"],
     ApplicationSecurityWafCustomRuleActionAction: [
       "redirect_request",
       "block_request",
@@ -89,6 +103,25 @@ export const TypingInfo: ModelTypingInfo = {
   oneOfMap: {},
   typeMap: {
     APIErrorResponse: APIErrorResponse,
+    ApplicationSecurityPolicyAttributes: ApplicationSecurityPolicyAttributes,
+    ApplicationSecurityPolicyCreateAttributes:
+      ApplicationSecurityPolicyCreateAttributes,
+    ApplicationSecurityPolicyCreateData: ApplicationSecurityPolicyCreateData,
+    ApplicationSecurityPolicyCreateRequest:
+      ApplicationSecurityPolicyCreateRequest,
+    ApplicationSecurityPolicyData: ApplicationSecurityPolicyData,
+    ApplicationSecurityPolicyListResponse:
+      ApplicationSecurityPolicyListResponse,
+    ApplicationSecurityPolicyMetadata: ApplicationSecurityPolicyMetadata,
+    ApplicationSecurityPolicyResponse: ApplicationSecurityPolicyResponse,
+    ApplicationSecurityPolicyRuleOverride:
+      ApplicationSecurityPolicyRuleOverride,
+    ApplicationSecurityPolicyScope: ApplicationSecurityPolicyScope,
+    ApplicationSecurityPolicyUpdateAttributes:
+      ApplicationSecurityPolicyUpdateAttributes,
+    ApplicationSecurityPolicyUpdateData: ApplicationSecurityPolicyUpdateData,
+    ApplicationSecurityPolicyUpdateRequest:
+      ApplicationSecurityPolicyUpdateRequest,
     ApplicationSecurityWafCustomRuleAction:
       ApplicationSecurityWafCustomRuleAction,
     ApplicationSecurityWafCustomRuleActionParameters: