diff --git a/CHANGELOG.md b/CHANGELOG.md
index bc8a1b402..1a0d11a0f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,6 @@
 ## [Unreleased]
 
+- Create `elasticstack_kibana_security_detection_rule` resource to manage Kibana Security Detection Rules. ([#1290](https://github.com/elastic/terraform-provider-elasticstack/pull/1290))
 - Create `elasticstack_kibana_maintenance_window` resource. ([#1224](https://github.com/elastic/terraform-provider-elasticstack/pull/1224))
 - Add support for `solution` field in `elasticstack_kibana_space` resource and data source ([#1102](https://github.com/elastic/terraform-provider-elasticstack/issues/1102))
 - Add `slo_id` validation to `elasticstack_kibana_slo` ([#1221](https://github.com/elastic/terraform-provider-elasticstack/pull/1221))
diff --git a/docs/resources/kibana_security_detection_rule.md b/docs/resources/kibana_security_detection_rule.md
new file mode 100644
index 000000000..b479892a9
--- /dev/null
+++ b/docs/resources/kibana_security_detection_rule.md
@@ -0,0 +1,65 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "elasticstack_kibana_security_detection_rule Resource - terraform-provider-elasticstack"
+subcategory: ""
+description: |-
+  Creates or updates a Kibana security detection rule. See https://www.elastic.co/guide/en/security/current/rules-api-create.html
+---
+
+# elasticstack_kibana_security_detection_rule (Resource)
+
+Creates or updates a Kibana security detection rule. See https://www.elastic.co/guide/en/security/current/rules-api-create.html
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `description` (String) The description of the detection rule.
+- `name` (String) The name of the detection rule.
+- `severity` (String) The severity of the rule. Valid values are: low, medium, high, critical.
+- `type` (String) The rule type. Valid values are: eql, query, machine_learning, threshold, threat_match, new_terms.
+
+### Optional
+
+- `author` (List of String) String array containing the rule's author(s).
+- `enabled` (Boolean) Determines whether the rule is enabled.
+- `exceptions_list` (List of String) List of exceptions that prevent alerts from being generated.
+- `false_positives` (List of String) String array describing common reasons why the rule may issue false-positive alerts.
+- `from` (String) Time from which data is analyzed each time the rule executes, using date math syntax.
+- `index` (List of String) A list of index patterns to search.
+- `interval` (String) How often the rule executes.
+- `kibana_connection` (Block List) Kibana connection configuration block. (see [below for nested schema](#nestedblock--kibana_connection))
+- `language` (String) The query language. Valid values are: kuery, lucene, eql.
+- `license` (String) The rule's license.
+- `max_signals` (Number) Maximum number of alerts the rule can produce during a single execution.
+- `meta` (String) Optional metadata about the rule as a JSON string.
+- `note` (String) Notes to help investigate alerts produced by the rule.
+- `query` (String) The query that the rule will use to generate alerts.
+- `references` (List of String) String array containing notes about or references to relevant information about the rule.
+- `risk` (Number) A numerical representation of the alert's severity from 1-100.
+- `rule_id` (String) The identifier for the rule. If not provided, an ID is randomly generated.
+- `rule_name_override` (String) Sets the source field for the alert's rule name.
+- `space_id` (String) An identifier for the space. If space_id is not provided, the default space is used.
+- `tags` (List of String) String array containing words and phrases to help categorize, filter, and search rules.
+- `timestamp_override` (String) Sets the time field used to query indices.
+- `to` (String) Time to which data is analyzed each time the rule executes, using date math syntax.
+- `version` (Number) The rule's version number.
+
+### Read-Only
+
+- `id` (String) Internal identifier of the resource
+
+<a id="nestedblock--kibana_connection"></a>
+### Nested Schema for `kibana_connection`
+
+Optional:
+
+- `api_key` (String, Sensitive) API Key to use for authentication to Kibana
+- `ca_certs` (List of String) A list of paths to CA certificates to validate the certificate presented by the Kibana server.
+- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number.
+- `insecure` (Boolean) Disable TLS certificate validation
+- `password` (String, Sensitive) Password to use for API authentication to Kibana.
+- `username` (String) Username to use for API authentication to Kibana.
diff --git a/generated/kbapi/kibana.gen.go b/generated/kbapi/kibana.gen.go
index 0ac695f8f..753b5145f 100644
--- a/generated/kbapi/kibana.gen.go
+++ b/generated/kbapi/kibana.gen.go
@@ -13,8 +13,10 @@ import (
 	"net/http"
 	"net/url"
 	"strings"
+	"time"
 
 	"github.com/oapi-codegen/runtime"
+	openapi_types "github.com/oapi-codegen/runtime/types"
 )
 
 const (
@@ -32,6 +34,382 @@ const (
 	N404 DataViews404ResponseStatusCode = 404
 )
 
+// Defines values for SecurityDetectionsAPIAlertSuppressionDurationUnit.
+const (
+	H SecurityDetectionsAPIAlertSuppressionDurationUnit = "h"
+	M SecurityDetectionsAPIAlertSuppressionDurationUnit = "m"
+	S SecurityDetectionsAPIAlertSuppressionDurationUnit = "s"
+)
+
+// Defines values for SecurityDetectionsAPIAlertSuppressionMissingFieldsStrategy.
+const (
+	DoNotSuppress SecurityDetectionsAPIAlertSuppressionMissingFieldsStrategy = "doNotSuppress"
+	Suppress      SecurityDetectionsAPIAlertSuppressionMissingFieldsStrategy = "suppress"
+)
+
+// Defines values for SecurityDetectionsAPIDefaultParamsCommand.
+const (
+	Isolate SecurityDetectionsAPIDefaultParamsCommand = "isolate"
+)
+
+// Defines values for SecurityDetectionsAPIEndpointResponseActionActionTypeId.
+const (
+	DotEndpoint SecurityDetectionsAPIEndpointResponseActionActionTypeId = ".endpoint"
+)
+
+// Defines values for SecurityDetectionsAPIEqlQueryLanguage.
+const (
+	SecurityDetectionsAPIEqlQueryLanguageEql SecurityDetectionsAPIEqlQueryLanguage = "eql"
+)
+
+// Defines values for SecurityDetectionsAPIEqlRequiredFieldsType.
+const (
+	SecurityDetectionsAPIEqlRequiredFieldsTypeEql SecurityDetectionsAPIEqlRequiredFieldsType = "eql"
+)
+
+// Defines values for SecurityDetectionsAPIEqlRuleType.
+const (
+	SecurityDetectionsAPIEqlRuleTypeEql SecurityDetectionsAPIEqlRuleType = "eql"
+)
+
+// Defines values for SecurityDetectionsAPIEqlRuleCreateFieldsType.
+const (
+	SecurityDetectionsAPIEqlRuleCreateFieldsTypeEql SecurityDetectionsAPIEqlRuleCreateFieldsType = "eql"
+)
+
+// Defines values for SecurityDetectionsAPIEqlRuleCreatePropsType.
+const (
+	SecurityDetectionsAPIEqlRuleCreatePropsTypeEql SecurityDetectionsAPIEqlRuleCreatePropsType = "eql"
+)
+
+// Defines values for SecurityDetectionsAPIEqlRuleResponseFieldsType.
+const (
+	SecurityDetectionsAPIEqlRuleResponseFieldsTypeEql SecurityDetectionsAPIEqlRuleResponseFieldsType = "eql"
+)
+
+// Defines values for SecurityDetectionsAPIEqlRuleUpdatePropsType.
+const (
+	Eql SecurityDetectionsAPIEqlRuleUpdatePropsType = "eql"
+)
+
+// Defines values for SecurityDetectionsAPIEsqlQueryLanguage.
+const (
+	SecurityDetectionsAPIEsqlQueryLanguageEsql SecurityDetectionsAPIEsqlQueryLanguage = "esql"
+)
+
+// Defines values for SecurityDetectionsAPIEsqlRuleType.
+const (
+	SecurityDetectionsAPIEsqlRuleTypeEsql SecurityDetectionsAPIEsqlRuleType = "esql"
+)
+
+// Defines values for SecurityDetectionsAPIEsqlRuleCreateFieldsType.
+const (
+	SecurityDetectionsAPIEsqlRuleCreateFieldsTypeEsql SecurityDetectionsAPIEsqlRuleCreateFieldsType = "esql"
+)
+
+// Defines values for SecurityDetectionsAPIEsqlRuleCreatePropsType.
+const (
+	SecurityDetectionsAPIEsqlRuleCreatePropsTypeEsql SecurityDetectionsAPIEsqlRuleCreatePropsType = "esql"
+)
+
+// Defines values for SecurityDetectionsAPIEsqlRuleRequiredFieldsType.
+const (
+	SecurityDetectionsAPIEsqlRuleRequiredFieldsTypeEsql SecurityDetectionsAPIEsqlRuleRequiredFieldsType = "esql"
+)
+
+// Defines values for SecurityDetectionsAPIEsqlRuleResponseFieldsType.
+const (
+	SecurityDetectionsAPIEsqlRuleResponseFieldsTypeEsql SecurityDetectionsAPIEsqlRuleResponseFieldsType = "esql"
+)
+
+// Defines values for SecurityDetectionsAPIEsqlRuleUpdatePropsType.
+const (
+	Esql SecurityDetectionsAPIEsqlRuleUpdatePropsType = "esql"
+)
+
+// Defines values for SecurityDetectionsAPIExceptionListType.
+const (
+	Detection                       SecurityDetectionsAPIExceptionListType = "detection"
+	Endpoint                        SecurityDetectionsAPIExceptionListType = "endpoint"
+	EndpointBlocklists              SecurityDetectionsAPIExceptionListType = "endpoint_blocklists"
+	EndpointEvents                  SecurityDetectionsAPIExceptionListType = "endpoint_events"
+	EndpointHostIsolationExceptions SecurityDetectionsAPIExceptionListType = "endpoint_host_isolation_exceptions"
+	EndpointTrustedApps             SecurityDetectionsAPIExceptionListType = "endpoint_trusted_apps"
+	EndpointTrustedDevices          SecurityDetectionsAPIExceptionListType = "endpoint_trusted_devices"
+	RuleDefault                     SecurityDetectionsAPIExceptionListType = "rule_default"
+)
+
+// Defines values for SecurityDetectionsAPIExternalRuleSourceType.
+const (
+	External SecurityDetectionsAPIExternalRuleSourceType = "external"
+)
+
+// Defines values for SecurityDetectionsAPIInternalRuleSourceType.
+const (
+	Internal SecurityDetectionsAPIInternalRuleSourceType = "internal"
+)
+
+// Defines values for SecurityDetectionsAPIKqlQueryLanguage.
+const (
+	Kuery  SecurityDetectionsAPIKqlQueryLanguage = "kuery"
+	Lucene SecurityDetectionsAPIKqlQueryLanguage = "lucene"
+)
+
+// Defines values for SecurityDetectionsAPIMachineLearningRuleType.
+const (
+	SecurityDetectionsAPIMachineLearningRuleTypeMachineLearning SecurityDetectionsAPIMachineLearningRuleType = "machine_learning"
+)
+
+// Defines values for SecurityDetectionsAPIMachineLearningRuleCreateFieldsType.
+const (
+	SecurityDetectionsAPIMachineLearningRuleCreateFieldsTypeMachineLearning SecurityDetectionsAPIMachineLearningRuleCreateFieldsType = "machine_learning"
+)
+
+// Defines values for SecurityDetectionsAPIMachineLearningRuleCreatePropsType.
+const (
+	SecurityDetectionsAPIMachineLearningRuleCreatePropsTypeMachineLearning SecurityDetectionsAPIMachineLearningRuleCreatePropsType = "machine_learning"
+)
+
+// Defines values for SecurityDetectionsAPIMachineLearningRuleRequiredFieldsType.
+const (
+	SecurityDetectionsAPIMachineLearningRuleRequiredFieldsTypeMachineLearning SecurityDetectionsAPIMachineLearningRuleRequiredFieldsType = "machine_learning"
+)
+
+// Defines values for SecurityDetectionsAPIMachineLearningRuleResponseFieldsType.
+const (
+	SecurityDetectionsAPIMachineLearningRuleResponseFieldsTypeMachineLearning SecurityDetectionsAPIMachineLearningRuleResponseFieldsType = "machine_learning"
+)
+
+// Defines values for SecurityDetectionsAPIMachineLearningRuleUpdatePropsType.
+const (
+	SecurityDetectionsAPIMachineLearningRuleUpdatePropsTypeMachineLearning SecurityDetectionsAPIMachineLearningRuleUpdatePropsType = "machine_learning"
+)
+
+// Defines values for SecurityDetectionsAPINewTermsRuleType.
+const (
+	SecurityDetectionsAPINewTermsRuleTypeNewTerms SecurityDetectionsAPINewTermsRuleType = "new_terms"
+)
+
+// Defines values for SecurityDetectionsAPINewTermsRuleCreateFieldsType.
+const (
+	SecurityDetectionsAPINewTermsRuleCreateFieldsTypeNewTerms SecurityDetectionsAPINewTermsRuleCreateFieldsType = "new_terms"
+)
+
+// Defines values for SecurityDetectionsAPINewTermsRuleCreatePropsType.
+const (
+	SecurityDetectionsAPINewTermsRuleCreatePropsTypeNewTerms SecurityDetectionsAPINewTermsRuleCreatePropsType = "new_terms"
+)
+
+// Defines values for SecurityDetectionsAPINewTermsRuleRequiredFieldsType.
+const (
+	SecurityDetectionsAPINewTermsRuleRequiredFieldsTypeNewTerms SecurityDetectionsAPINewTermsRuleRequiredFieldsType = "new_terms"
+)
+
+// Defines values for SecurityDetectionsAPINewTermsRuleResponseFieldsType.
+const (
+	SecurityDetectionsAPINewTermsRuleResponseFieldsTypeNewTerms SecurityDetectionsAPINewTermsRuleResponseFieldsType = "new_terms"
+)
+
+// Defines values for SecurityDetectionsAPINewTermsRuleUpdatePropsType.
+const (
+	SecurityDetectionsAPINewTermsRuleUpdatePropsTypeNewTerms SecurityDetectionsAPINewTermsRuleUpdatePropsType = "new_terms"
+)
+
+// Defines values for SecurityDetectionsAPIOsqueryResponseActionActionTypeId.
+const (
+	DotOsquery SecurityDetectionsAPIOsqueryResponseActionActionTypeId = ".osquery"
+)
+
+// Defines values for SecurityDetectionsAPIProcessesParamsCommand.
+const (
+	KillProcess    SecurityDetectionsAPIProcessesParamsCommand = "kill-process"
+	SuspendProcess SecurityDetectionsAPIProcessesParamsCommand = "suspend-process"
+)
+
+// Defines values for SecurityDetectionsAPIQueryRuleType.
+const (
+	SecurityDetectionsAPIQueryRuleTypeQuery SecurityDetectionsAPIQueryRuleType = "query"
+)
+
+// Defines values for SecurityDetectionsAPIQueryRuleCreateFieldsType.
+const (
+	SecurityDetectionsAPIQueryRuleCreateFieldsTypeQuery SecurityDetectionsAPIQueryRuleCreateFieldsType = "query"
+)
+
+// Defines values for SecurityDetectionsAPIQueryRuleCreatePropsType.
+const (
+	SecurityDetectionsAPIQueryRuleCreatePropsTypeQuery SecurityDetectionsAPIQueryRuleCreatePropsType = "query"
+)
+
+// Defines values for SecurityDetectionsAPIQueryRuleRequiredFieldsType.
+const (
+	SecurityDetectionsAPIQueryRuleRequiredFieldsTypeQuery SecurityDetectionsAPIQueryRuleRequiredFieldsType = "query"
+)
+
+// Defines values for SecurityDetectionsAPIQueryRuleResponseFieldsType.
+const (
+	SecurityDetectionsAPIQueryRuleResponseFieldsTypeQuery SecurityDetectionsAPIQueryRuleResponseFieldsType = "query"
+)
+
+// Defines values for SecurityDetectionsAPIQueryRuleUpdatePropsType.
+const (
+	SecurityDetectionsAPIQueryRuleUpdatePropsTypeQuery SecurityDetectionsAPIQueryRuleUpdatePropsType = "query"
+)
+
+// Defines values for SecurityDetectionsAPIRiskScoreMappingOperator.
+const (
+	SecurityDetectionsAPIRiskScoreMappingOperatorEquals SecurityDetectionsAPIRiskScoreMappingOperator = "equals"
+)
+
+// Defines values for SecurityDetectionsAPIRuleActionNotifyWhen.
+const (
+	OnActionGroupChange SecurityDetectionsAPIRuleActionNotifyWhen = "onActionGroupChange"
+	OnActiveAlert       SecurityDetectionsAPIRuleActionNotifyWhen = "onActiveAlert"
+	OnThrottleInterval  SecurityDetectionsAPIRuleActionNotifyWhen = "onThrottleInterval"
+)
+
+// Defines values for SecurityDetectionsAPIRuleActionThrottle0.
+const (
+	NoActions SecurityDetectionsAPIRuleActionThrottle0 = "no_actions"
+	Rule      SecurityDetectionsAPIRuleActionThrottle0 = "rule"
+)
+
+// Defines values for SecurityDetectionsAPIRuleExceptionListNamespaceType.
+const (
+	Agnostic SecurityDetectionsAPIRuleExceptionListNamespaceType = "agnostic"
+	Single   SecurityDetectionsAPIRuleExceptionListNamespaceType = "single"
+)
+
+// Defines values for SecurityDetectionsAPIRuleExecutionStatus.
+const (
+	Failed         SecurityDetectionsAPIRuleExecutionStatus = "failed"
+	GoingToRun     SecurityDetectionsAPIRuleExecutionStatus = "going to run"
+	PartialFailure SecurityDetectionsAPIRuleExecutionStatus = "partial failure"
+	Running        SecurityDetectionsAPIRuleExecutionStatus = "running"
+	Succeeded      SecurityDetectionsAPIRuleExecutionStatus = "succeeded"
+)
+
+// Defines values for SecurityDetectionsAPISavedObjectResolveAliasPurpose.
+const (
+	SavedObjectConversion SecurityDetectionsAPISavedObjectResolveAliasPurpose = "savedObjectConversion"
+	SavedObjectImport     SecurityDetectionsAPISavedObjectResolveAliasPurpose = "savedObjectImport"
+)
+
+// Defines values for SecurityDetectionsAPISavedObjectResolveOutcome.
+const (
+	AliasMatch SecurityDetectionsAPISavedObjectResolveOutcome = "aliasMatch"
+	Conflict   SecurityDetectionsAPISavedObjectResolveOutcome = "conflict"
+	ExactMatch SecurityDetectionsAPISavedObjectResolveOutcome = "exactMatch"
+)
+
+// Defines values for SecurityDetectionsAPISavedQueryRuleType.
+const (
+	SecurityDetectionsAPISavedQueryRuleTypeSavedQuery SecurityDetectionsAPISavedQueryRuleType = "saved_query"
+)
+
+// Defines values for SecurityDetectionsAPISavedQueryRuleCreateFieldsType.
+const (
+	SecurityDetectionsAPISavedQueryRuleCreateFieldsTypeSavedQuery SecurityDetectionsAPISavedQueryRuleCreateFieldsType = "saved_query"
+)
+
+// Defines values for SecurityDetectionsAPISavedQueryRuleCreatePropsType.
+const (
+	SecurityDetectionsAPISavedQueryRuleCreatePropsTypeSavedQuery SecurityDetectionsAPISavedQueryRuleCreatePropsType = "saved_query"
+)
+
+// Defines values for SecurityDetectionsAPISavedQueryRuleRequiredFieldsType.
+const (
+	SecurityDetectionsAPISavedQueryRuleRequiredFieldsTypeSavedQuery SecurityDetectionsAPISavedQueryRuleRequiredFieldsType = "saved_query"
+)
+
+// Defines values for SecurityDetectionsAPISavedQueryRuleResponseFieldsType.
+const (
+	SecurityDetectionsAPISavedQueryRuleResponseFieldsTypeSavedQuery SecurityDetectionsAPISavedQueryRuleResponseFieldsType = "saved_query"
+)
+
+// Defines values for SecurityDetectionsAPISavedQueryRuleUpdatePropsType.
+const (
+	SecurityDetectionsAPISavedQueryRuleUpdatePropsTypeSavedQuery SecurityDetectionsAPISavedQueryRuleUpdatePropsType = "saved_query"
+)
+
+// Defines values for SecurityDetectionsAPISeverity.
+const (
+	Critical SecurityDetectionsAPISeverity = "critical"
+	High     SecurityDetectionsAPISeverity = "high"
+	Low      SecurityDetectionsAPISeverity = "low"
+	Medium   SecurityDetectionsAPISeverity = "medium"
+)
+
+// Defines values for SecurityDetectionsAPISeverityMappingOperator.
+const (
+	SecurityDetectionsAPISeverityMappingOperatorEquals SecurityDetectionsAPISeverityMappingOperator = "equals"
+)
+
+// Defines values for SecurityDetectionsAPIThreatMappingEntryType.
+const (
+	Mapping SecurityDetectionsAPIThreatMappingEntryType = "mapping"
+)
+
+// Defines values for SecurityDetectionsAPIThreatMatchRuleType.
+const (
+	SecurityDetectionsAPIThreatMatchRuleTypeThreatMatch SecurityDetectionsAPIThreatMatchRuleType = "threat_match"
+)
+
+// Defines values for SecurityDetectionsAPIThreatMatchRuleCreateFieldsType.
+const (
+	SecurityDetectionsAPIThreatMatchRuleCreateFieldsTypeThreatMatch SecurityDetectionsAPIThreatMatchRuleCreateFieldsType = "threat_match"
+)
+
+// Defines values for SecurityDetectionsAPIThreatMatchRuleCreatePropsType.
+const (
+	SecurityDetectionsAPIThreatMatchRuleCreatePropsTypeThreatMatch SecurityDetectionsAPIThreatMatchRuleCreatePropsType = "threat_match"
+)
+
+// Defines values for SecurityDetectionsAPIThreatMatchRuleRequiredFieldsType.
+const (
+	SecurityDetectionsAPIThreatMatchRuleRequiredFieldsTypeThreatMatch SecurityDetectionsAPIThreatMatchRuleRequiredFieldsType = "threat_match"
+)
+
+// Defines values for SecurityDetectionsAPIThreatMatchRuleResponseFieldsType.
+const (
+	SecurityDetectionsAPIThreatMatchRuleResponseFieldsTypeThreatMatch SecurityDetectionsAPIThreatMatchRuleResponseFieldsType = "threat_match"
+)
+
+// Defines values for SecurityDetectionsAPIThreatMatchRuleUpdatePropsType.
+const (
+	SecurityDetectionsAPIThreatMatchRuleUpdatePropsTypeThreatMatch SecurityDetectionsAPIThreatMatchRuleUpdatePropsType = "threat_match"
+)
+
+// Defines values for SecurityDetectionsAPIThresholdRuleType.
+const (
+	SecurityDetectionsAPIThresholdRuleTypeThreshold SecurityDetectionsAPIThresholdRuleType = "threshold"
+)
+
+// Defines values for SecurityDetectionsAPIThresholdRuleCreateFieldsType.
+const (
+	SecurityDetectionsAPIThresholdRuleCreateFieldsTypeThreshold SecurityDetectionsAPIThresholdRuleCreateFieldsType = "threshold"
+)
+
+// Defines values for SecurityDetectionsAPIThresholdRuleCreatePropsType.
+const (
+	SecurityDetectionsAPIThresholdRuleCreatePropsTypeThreshold SecurityDetectionsAPIThresholdRuleCreatePropsType = "threshold"
+)
+
+// Defines values for SecurityDetectionsAPIThresholdRuleRequiredFieldsType.
+const (
+	SecurityDetectionsAPIThresholdRuleRequiredFieldsTypeThreshold SecurityDetectionsAPIThresholdRuleRequiredFieldsType = "threshold"
+)
+
+// Defines values for SecurityDetectionsAPIThresholdRuleResponseFieldsType.
+const (
+	SecurityDetectionsAPIThresholdRuleResponseFieldsTypeThreshold SecurityDetectionsAPIThresholdRuleResponseFieldsType = "threshold"
+)
+
+// Defines values for SecurityDetectionsAPIThresholdRuleUpdatePropsType.
+const (
+	SecurityDetectionsAPIThresholdRuleUpdatePropsTypeThreshold SecurityDetectionsAPIThresholdRuleUpdatePropsType = "threshold"
+)
+
 // Defines values for AgentPolicyMonitoringEnabled.
 const (
 	AgentPolicyMonitoringEnabledLogs    AgentPolicyMonitoringEnabled = "logs"
@@ -322,6 +700,7 @@ const (
 	PackageInfoInstallationInfoInstalledEsTypeIndex               PackageInfoInstallationInfoInstalledEsType = "index"
 	PackageInfoInstallationInfoInstalledEsTypeIndexTemplate       PackageInfoInstallationInfoInstalledEsType = "index_template"
 	PackageInfoInstallationInfoInstalledEsTypeIngestPipeline      PackageInfoInstallationInfoInstalledEsType = "ingest_pipeline"
+	PackageInfoInstallationInfoInstalledEsTypeKnowledgeBase       PackageInfoInstallationInfoInstalledEsType = "knowledge_base"
 	PackageInfoInstallationInfoInstalledEsTypeMlModel             PackageInfoInstallationInfoInstalledEsType = "ml_model"
 	PackageInfoInstallationInfoInstalledEsTypeTransform           PackageInfoInstallationInfoInstalledEsType = "transform"
 )
@@ -417,6 +796,7 @@ const (
 	PackageListItemInstallationInfoInstalledEsTypeIndex               PackageListItemInstallationInfoInstalledEsType = "index"
 	PackageListItemInstallationInfoInstalledEsTypeIndexTemplate       PackageListItemInstallationInfoInstalledEsType = "index_template"
 	PackageListItemInstallationInfoInstalledEsTypeIngestPipeline      PackageListItemInstallationInfoInstalledEsType = "ingest_pipeline"
+	PackageListItemInstallationInfoInstalledEsTypeKnowledgeBase       PackageListItemInstallationInfoInstalledEsType = "knowledge_base"
 	PackageListItemInstallationInfoInstalledEsTypeMlModel             PackageListItemInstallationInfoInstalledEsType = "ml_model"
 	PackageListItemInstallationInfoInstalledEsTypeTransform           PackageListItemInstallationInfoInstalledEsType = "transform"
 )
@@ -1045,3564 +1425,9881 @@ type DataViewsUpdateDataViewRequestObjectInner struct {
 	TypeMeta *DataViewsTypemeta `json:"typeMeta,omitempty"`
 }
 
-// SyntheticsGetParameterResponse defines model for Synthetics_getParameterResponse.
-type SyntheticsGetParameterResponse struct {
-	// Description The description of the parameter. It is included in the response if the user has read-only permissions to the Synthetics app.
-	Description *string `json:"description,omitempty"`
+// SecurityDetectionsAPIAlertSuppression Defines alert suppression configuration.
+type SecurityDetectionsAPIAlertSuppression struct {
+	Duration *SecurityDetectionsAPIAlertSuppressionDuration `json:"duration,omitempty"`
+	GroupBy  SecurityDetectionsAPIAlertSuppressionGroupBy   `json:"group_by"`
 
-	// Id The unique identifier of the parameter.
-	Id *string `json:"id,omitempty"`
+	// MissingFieldsStrategy Describes how alerts will be generated for documents with missing suppress by fields:
+	// doNotSuppress - per each document a separate alert will be created
+	// suppress - only alert will be created per suppress by bucket
+	MissingFieldsStrategy *SecurityDetectionsAPIAlertSuppressionMissingFieldsStrategy `json:"missing_fields_strategy,omitempty"`
+}
 
-	// Key The key of the parameter.
-	Key *string `json:"key,omitempty"`
+// SecurityDetectionsAPIAlertSuppressionDuration defines model for Security_Detections_API_AlertSuppressionDuration.
+type SecurityDetectionsAPIAlertSuppressionDuration struct {
+	// Unit Time unit
+	Unit  SecurityDetectionsAPIAlertSuppressionDurationUnit `json:"unit"`
+	Value int                                               `json:"value"`
+}
 
-	// Namespaces The namespaces associated with the parameter. It is included in the response if the user has read-only permissions to the Synthetics app.
-	Namespaces *[]string `json:"namespaces,omitempty"`
+// SecurityDetectionsAPIAlertSuppressionDurationUnit Time unit
+type SecurityDetectionsAPIAlertSuppressionDurationUnit string
 
-	// Tags An array of tags associated with the parameter. It is included in the response if the user has read-only permissions to the Synthetics app.
-	Tags *[]string `json:"tags,omitempty"`
+// SecurityDetectionsAPIAlertSuppressionGroupBy defines model for Security_Detections_API_AlertSuppressionGroupBy.
+type SecurityDetectionsAPIAlertSuppressionGroupBy = []string
 
-	// Value The value associated with the parameter. It will be included in the response if the user has write permissions.
-	Value *string `json:"value,omitempty"`
-}
+// SecurityDetectionsAPIAlertSuppressionMissingFieldsStrategy Describes how alerts will be generated for documents with missing suppress by fields:
+// doNotSuppress - per each document a separate alert will be created
+// suppress - only alert will be created per suppress by bucket
+type SecurityDetectionsAPIAlertSuppressionMissingFieldsStrategy string
 
-// SyntheticsParameterRequest defines model for Synthetics_parameterRequest.
-type SyntheticsParameterRequest struct {
-	// Description A description of the parameter.
-	Description *string `json:"description,omitempty"`
+// SecurityDetectionsAPIAlertsIndex (deprecated) Has no effect.
+type SecurityDetectionsAPIAlertsIndex = string
 
-	// Key The key of the parameter.
-	Key string `json:"key"`
+// SecurityDetectionsAPIAlertsIndexNamespace Has no effect.
+type SecurityDetectionsAPIAlertsIndexNamespace = string
 
-	// ShareAcrossSpaces Specify whether the parameter should be shared across spaces.
-	ShareAcrossSpaces *bool `json:"share_across_spaces,omitempty"`
+// SecurityDetectionsAPIAnomalyThreshold Anomaly score threshold above which the rule creates an alert. Valid values are from 0 to 100.
+type SecurityDetectionsAPIAnomalyThreshold = int
 
-	// Tags An array of tags to categorize the parameter.
-	Tags *[]string `json:"tags,omitempty"`
+// SecurityDetectionsAPIBuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+type SecurityDetectionsAPIBuildingBlockType = string
 
-	// Value The value associated with the parameter.
-	Value string `json:"value"`
+// SecurityDetectionsAPIConcurrentSearches defines model for Security_Detections_API_ConcurrentSearches.
+type SecurityDetectionsAPIConcurrentSearches = int
+
+// SecurityDetectionsAPIDataViewId defines model for Security_Detections_API_DataViewId.
+type SecurityDetectionsAPIDataViewId = string
+
+// SecurityDetectionsAPIDefaultParams defines model for Security_Detections_API_DefaultParams.
+type SecurityDetectionsAPIDefaultParams struct {
+	Command SecurityDetectionsAPIDefaultParamsCommand `json:"command"`
+	Comment *string                                   `json:"comment,omitempty"`
 }
 
-// SyntheticsPostParameterResponse defines model for Synthetics_postParameterResponse.
-type SyntheticsPostParameterResponse struct {
-	// Description A description of the parameter.
-	Description *string `json:"description,omitempty"`
+// SecurityDetectionsAPIDefaultParamsCommand defines model for SecurityDetectionsAPIDefaultParams.Command.
+type SecurityDetectionsAPIDefaultParamsCommand string
 
-	// Id The unique identifier for the parameter.
-	Id *string `json:"id,omitempty"`
+// SecurityDetectionsAPIEcsMapping Map Osquery results columns or static values to Elastic Common Schema (ECS) fields. Example: "ecs_mapping": {"process.pid": {"field": "pid"}}
+type SecurityDetectionsAPIEcsMapping map[string]struct {
+	Field *string                                `json:"field,omitempty"`
+	Value *SecurityDetectionsAPIEcsMapping_Value `json:"value,omitempty"`
+}
 
-	// Key The parameter key.
-	Key *string `json:"key,omitempty"`
+// SecurityDetectionsAPIEcsMappingValue0 defines model for .
+type SecurityDetectionsAPIEcsMappingValue0 = string
 
-	// ShareAcrossSpaces Indicates whether the parameter is shared across spaces.
-	ShareAcrossSpaces *bool `json:"share_across_spaces,omitempty"`
+// SecurityDetectionsAPIEcsMappingValue1 defines model for .
+type SecurityDetectionsAPIEcsMappingValue1 = []string
 
-	// Tags An array of tags associated with the parameter.
-	Tags *[]string `json:"tags,omitempty"`
+// SecurityDetectionsAPIEcsMapping_Value defines model for SecurityDetectionsAPIEcsMapping.Value.
+type SecurityDetectionsAPIEcsMapping_Value struct {
+	union json.RawMessage
+}
 
-	// Value The value associated with the parameter.
-	Value *string `json:"value,omitempty"`
+// SecurityDetectionsAPIEndpointResponseAction defines model for Security_Detections_API_EndpointResponseAction.
+type SecurityDetectionsAPIEndpointResponseAction struct {
+	ActionTypeId SecurityDetectionsAPIEndpointResponseActionActionTypeId `json:"action_type_id"`
+	Params       SecurityDetectionsAPIEndpointResponseAction_Params      `json:"params"`
 }
 
-// AgentPolicy defines model for agent_policy.
-type AgentPolicy struct {
-	AdvancedSettings *struct {
-		AgentDownloadTargetDirectory      interface{} `json:"agent_download_target_directory,omitempty"`
-		AgentDownloadTimeout              interface{} `json:"agent_download_timeout,omitempty"`
-		AgentLimitsGoMaxProcs             interface{} `json:"agent_limits_go_max_procs,omitempty"`
-		AgentLoggingFilesInterval         interface{} `json:"agent_logging_files_interval,omitempty"`
-		AgentLoggingFilesKeepfiles        interface{} `json:"agent_logging_files_keepfiles,omitempty"`
-		AgentLoggingFilesRotateeverybytes interface{} `json:"agent_logging_files_rotateeverybytes,omitempty"`
-		AgentLoggingLevel                 interface{} `json:"agent_logging_level,omitempty"`
-		AgentLoggingMetricsPeriod         interface{} `json:"agent_logging_metrics_period,omitempty"`
-		AgentLoggingToFiles               interface{} `json:"agent_logging_to_files,omitempty"`
-	} `json:"advanced_settings,omitempty"`
-	AgentFeatures *[]struct {
-		Enabled bool   `json:"enabled"`
-		Name    string `json:"name"`
-	} `json:"agent_features,omitempty"`
-	Agentless *struct {
-		CloudConnectors *struct {
-			Enabled   bool    `json:"enabled"`
-			TargetCsp *string `json:"target_csp,omitempty"`
-		} `json:"cloud_connectors,omitempty"`
-		Resources *struct {
-			Requests *struct {
-				Cpu    *string `json:"cpu,omitempty"`
-				Memory *string `json:"memory,omitempty"`
-			} `json:"requests,omitempty"`
-		} `json:"resources,omitempty"`
-	} `json:"agentless,omitempty"`
-	Agents            *float32 `json:"agents,omitempty"`
-	DataOutputId      *string  `json:"data_output_id,omitempty"`
-	Description       *string  `json:"description,omitempty"`
-	DownloadSourceId  *string  `json:"download_source_id,omitempty"`
-	FleetServerHostId *string  `json:"fleet_server_host_id,omitempty"`
+// SecurityDetectionsAPIEndpointResponseActionActionTypeId defines model for SecurityDetectionsAPIEndpointResponseAction.ActionTypeId.
+type SecurityDetectionsAPIEndpointResponseActionActionTypeId string
 
-	// GlobalDataTags User defined data tags that are added to all of the inputs. The values can be strings or numbers.
-	GlobalDataTags       *[]AgentPolicyGlobalDataTagsItem `json:"global_data_tags,omitempty"`
-	HasFleetServer       *bool                            `json:"has_fleet_server,omitempty"`
-	Id                   string                           `json:"id"`
-	InactivityTimeout    *float32                         `json:"inactivity_timeout,omitempty"`
-	IsDefault            *bool                            `json:"is_default,omitempty"`
-	IsDefaultFleetServer *bool                            `json:"is_default_fleet_server,omitempty"`
-	IsManaged            bool                             `json:"is_managed"`
-	IsPreconfigured      *bool                            `json:"is_preconfigured,omitempty"`
+// SecurityDetectionsAPIEndpointResponseAction_Params defines model for SecurityDetectionsAPIEndpointResponseAction.Params.
+type SecurityDetectionsAPIEndpointResponseAction_Params struct {
+	union json.RawMessage
+}
 
-	// IsProtected Indicates whether the agent policy has tamper protection enabled. Default false.
-	IsProtected bool `json:"is_protected"`
+// SecurityDetectionsAPIEqlOptionalFields defines model for Security_Detections_API_EqlOptionalFields.
+type SecurityDetectionsAPIEqlOptionalFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression      *SecurityDetectionsAPIAlertSuppression      `json:"alert_suppression,omitempty"`
+	DataViewId            *SecurityDetectionsAPIDataViewId            `json:"data_view_id,omitempty"`
+	EventCategoryOverride *SecurityDetectionsAPIEventCategoryOverride `json:"event_category_override,omitempty"`
 
-	// KeepMonitoringAlive When set to true, monitoring will be enabled but logs/metrics collection will be disabled
-	KeepMonitoringAlive   *bool `json:"keep_monitoring_alive,omitempty"`
-	MonitoringDiagnostics *struct {
-		Limit *struct {
-			Burst    *float32 `json:"burst,omitempty"`
-			Interval *string  `json:"interval,omitempty"`
-		} `json:"limit,omitempty"`
-		Uploader *struct {
-			InitDur    *string  `json:"init_dur,omitempty"`
-			MaxDur     *string  `json:"max_dur,omitempty"`
-			MaxRetries *float32 `json:"max_retries,omitempty"`
-		} `json:"uploader,omitempty"`
-	} `json:"monitoring_diagnostics,omitempty"`
-	MonitoringEnabled *[]AgentPolicyMonitoringEnabled `json:"monitoring_enabled,omitempty"`
-	MonitoringHttp    *struct {
-		Buffer *struct {
-			Enabled *bool `json:"enabled,omitempty"`
-		} `json:"buffer,omitempty"`
-		Enabled *bool    `json:"enabled,omitempty"`
-		Host    *string  `json:"host,omitempty"`
-		Port    *float32 `json:"port,omitempty"`
-	} `json:"monitoring_http,omitempty"`
-	MonitoringOutputId     *string `json:"monitoring_output_id,omitempty"`
-	MonitoringPprofEnabled *bool   `json:"monitoring_pprof_enabled,omitempty"`
-	Name                   string  `json:"name"`
-	Namespace              string  `json:"namespace"`
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
 
-	// Overrides Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
-	Overrides        *map[string]interface{}      `json:"overrides,omitempty"`
-	PackagePolicies  *AgentPolicy_PackagePolicies `json:"package_policies,omitempty"`
-	RequiredVersions *[]struct {
-		// Percentage Target percentage of agents to auto upgrade
-		Percentage float32 `json:"percentage"`
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
 
-		// Version Target version for automatic agent upgrade
-		Version string `json:"version"`
-	} `json:"required_versions,omitempty"`
-	Revision      float32           `json:"revision"`
-	SchemaVersion *string           `json:"schema_version,omitempty"`
-	SpaceIds      *[]string         `json:"space_ids,omitempty"`
-	Status        AgentPolicyStatus `json:"status"`
+	// TiebreakerField Sets a secondary field for sorting events
+	TiebreakerField *SecurityDetectionsAPITiebreakerField `json:"tiebreaker_field,omitempty"`
 
-	// SupportsAgentless Indicates whether the agent policy supports agentless integrations.
-	SupportsAgentless  *bool    `json:"supports_agentless,omitempty"`
-	UnenrollTimeout    *float32 `json:"unenroll_timeout,omitempty"`
-	UnprivilegedAgents *float32 `json:"unprivileged_agents,omitempty"`
-	UpdatedAt          string   `json:"updated_at"`
-	UpdatedBy          string   `json:"updated_by"`
-	Version            *string  `json:"version,omitempty"`
+	// TimestampField Specifies the name of the event timestamp field used for sorting a sequence of events. Not to be confused with `timestamp_override`, which specifies the more general field used for querying events within a range. Defaults to the @timestamp ECS field.
+	TimestampField *SecurityDetectionsAPITimestampField `json:"timestamp_field,omitempty"`
 }
 
-// AgentPolicyMonitoringEnabled defines model for AgentPolicy.MonitoringEnabled.
-type AgentPolicyMonitoringEnabled string
+// SecurityDetectionsAPIEqlQueryLanguage defines model for Security_Detections_API_EqlQueryLanguage.
+type SecurityDetectionsAPIEqlQueryLanguage string
 
-// AgentPolicyPackagePolicies0 defines model for .
-type AgentPolicyPackagePolicies0 = []string
+// SecurityDetectionsAPIEqlRequiredFields defines model for Security_Detections_API_EqlRequiredFields.
+type SecurityDetectionsAPIEqlRequiredFields struct {
+	Language SecurityDetectionsAPIEqlQueryLanguage `json:"language"`
 
-// AgentPolicyPackagePolicies1 This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter
-type AgentPolicyPackagePolicies1 = []struct {
-	// AdditionalDatastreamsPermissions Additional datastream permissions, that will be added to the agent policy.
-	AdditionalDatastreamsPermissions *[]string `json:"additional_datastreams_permissions,omitempty"`
-	Agents                           *float32  `json:"agents,omitempty"`
-	CreatedAt                        string    `json:"created_at"`
-	CreatedBy                        string    `json:"created_by"`
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
 
-	// Description Package policy description
-	Description   *string                                      `json:"description,omitempty"`
-	Elasticsearch *AgentPolicy_PackagePolicies_1_Elasticsearch `json:"elasticsearch,omitempty"`
-	Enabled       bool                                         `json:"enabled"`
-	Id            string                                       `json:"id"`
-	Inputs        AgentPolicy_PackagePolicies_1_Inputs         `json:"inputs"`
-	IsManaged     *bool                                        `json:"is_managed,omitempty"`
+	// Type Rule type
+	Type SecurityDetectionsAPIEqlRequiredFieldsType `json:"type"`
+}
 
-	// Name Package policy name (should be unique)
-	Name string `json:"name"`
+// SecurityDetectionsAPIEqlRequiredFieldsType Rule type
+type SecurityDetectionsAPIEqlRequiredFieldsType string
 
-	// Namespace The package policy namespace. Leave blank to inherit the agent policy's namespace.
-	Namespace *string `json:"namespace,omitempty"`
-	OutputId  *string `json:"output_id,omitempty"`
+// SecurityDetectionsAPIEqlRule defines model for Security_Detections_API_EqlRule.
+type SecurityDetectionsAPIEqlRule struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions []SecurityDetectionsAPIRuleAction `json:"actions"`
 
-	// Overrides Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
-	Overrides *struct {
-		Inputs *map[string]interface{} `json:"inputs,omitempty"`
-	} `json:"overrides,omitempty"`
-	Package *struct {
-		ExperimentalDataStreamFeatures *[]struct {
-			DataStream string `json:"data_stream"`
-			Features   struct {
-				DocValueOnlyNumeric *bool `json:"doc_value_only_numeric,omitempty"`
-				DocValueOnlyOther   *bool `json:"doc_value_only_other,omitempty"`
-				SyntheticSource     *bool `json:"synthetic_source,omitempty"`
-				Tsdb                *bool `json:"tsdb,omitempty"`
-			} `json:"features"`
-		} `json:"experimental_data_stream_features,omitempty"`
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
 
-		// Name Package name
-		Name         string  `json:"name"`
-		RequiresRoot *bool   `json:"requires_root,omitempty"`
-		Title        *string `json:"title,omitempty"`
+	// Author The rule’s author.
+	Author SecurityDetectionsAPIRuleAuthorArray `json:"author"`
 
-		// Version Package version
-		Version string `json:"version"`
-	} `json:"package,omitempty"`
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
+	CreatedAt         time.Time                               `json:"created_at"`
+	CreatedBy         string                                  `json:"created_by"`
+	DataViewId        *SecurityDetectionsAPIDataViewId        `json:"data_view_id,omitempty"`
 
-	// PolicyId Agent policy ID where that package policy will be added
-	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
-	PolicyId         *string   `json:"policy_id,omitempty"`
-	PolicyIds        *[]string `json:"policy_ids,omitempty"`
-	Revision         float32   `json:"revision"`
-	SecretReferences *[]struct {
-		Id string `json:"id"`
-	} `json:"secret_references,omitempty"`
-	SpaceIds *[]string `json:"spaceIds,omitempty"`
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
 
-	// SupportsAgentless Indicates whether the package policy belongs to an agentless agent policy.
-	SupportsAgentless *bool                               `json:"supports_agentless,omitempty"`
-	UpdatedAt         string                              `json:"updated_at"`
-	UpdatedBy         string                              `json:"updated_by"`
-	Vars              *AgentPolicy_PackagePolicies_1_Vars `json:"vars,omitempty"`
-	Version           *string                             `json:"version,omitempty"`
-}
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled               SecurityDetectionsAPIIsRuleEnabled          `json:"enabled"`
+	EventCategoryOverride *SecurityDetectionsAPIEventCategoryOverride `json:"event_category_override,omitempty"`
+	ExceptionsList        []SecurityDetectionsAPIRuleExceptionList    `json:"exceptions_list"`
 
-// AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges defines model for AgentPolicy.PackagePolicies.1.Elasticsearch.Privileges.
-type AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges struct {
-	Cluster              *[]string              `json:"cluster,omitempty"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// ExecutionSummary Summary of the last execution of a rule.
+	// > info
+	// > This field is under development and its usage or schema may change
+	ExecutionSummary *SecurityDetectionsAPIRuleExecutionSummary `json:"execution_summary,omitempty"`
 
-// AgentPolicy_PackagePolicies_1_Elasticsearch defines model for AgentPolicy.PackagePolicies.1.Elasticsearch.
-type AgentPolicy_PackagePolicies_1_Elasticsearch struct {
-	Privileges           *AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges `json:"privileges,omitempty"`
-	AdditionalProperties map[string]interface{}                                  `json:"-"`
-}
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives"`
 
-// AgentPolicyPackagePolicies1Inputs0 defines model for .
-type AgentPolicyPackagePolicies1Inputs0 = []struct {
-	CompiledInput interface{} `json:"compiled_input"`
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
 
-	// Config Package variable (see integration documentation for more information)
-	Config *map[string]struct {
-		Frozen *bool       `json:"frozen,omitempty"`
-		Type   *string     `json:"type,omitempty"`
-		Value  interface{} `json:"value"`
-	} `json:"config,omitempty"`
-	Enabled        bool    `json:"enabled"`
-	Id             *string `json:"id,omitempty"`
-	KeepEnabled    *bool   `json:"keep_enabled,omitempty"`
-	PolicyTemplate *string `json:"policy_template,omitempty"`
-	Streams        []struct {
-		CompiledStream interface{} `json:"compiled_stream"`
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From SecurityDetectionsAPIRuleIntervalFrom `json:"from"`
 
-		// Config Package variable (see integration documentation for more information)
-		Config *map[string]struct {
-			Frozen *bool       `json:"frozen,omitempty"`
-			Type   *string     `json:"type,omitempty"`
-			Value  interface{} `json:"value"`
-		} `json:"config,omitempty"`
-		DataStream struct {
-			Dataset       string `json:"dataset"`
-			Elasticsearch *struct {
-				DynamicDataset   *bool `json:"dynamic_dataset,omitempty"`
-				DynamicNamespace *bool `json:"dynamic_namespace,omitempty"`
-				Privileges       *struct {
-					Indices *[]string `json:"indices,omitempty"`
-				} `json:"privileges,omitempty"`
-			} `json:"elasticsearch,omitempty"`
-			Type string `json:"type"`
-		} `json:"data_stream"`
-		Enabled     bool                                              `json:"enabled"`
-		Id          *string                                           `json:"id,omitempty"`
-		KeepEnabled *bool                                             `json:"keep_enabled,omitempty"`
-		Release     *AgentPolicyPackagePolicies1Inputs0StreamsRelease `json:"release,omitempty"`
+	// Id A universally unique identifier
+	Id SecurityDetectionsAPIRuleObjectId `json:"id"`
 
-		// Vars Package variable (see integration documentation for more information)
-		Vars *map[string]struct {
-			Frozen *bool       `json:"frozen,omitempty"`
-			Type   *string     `json:"type,omitempty"`
-			Value  interface{} `json:"value"`
-		} `json:"vars,omitempty"`
-	} `json:"streams"`
-	Type string `json:"type"`
+	// Immutable This field determines whether the rule is a prebuilt Elastic rule. It will be replaced with the `rule_source` field.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	Immutable SecurityDetectionsAPIIsRuleImmutable `json:"immutable"`
 
-	// Vars Package variable (see integration documentation for more information)
-	Vars *map[string]struct {
-		Frozen *bool       `json:"frozen,omitempty"`
-		Type   *string     `json:"type,omitempty"`
-		Value  interface{} `json:"value"`
-	} `json:"vars,omitempty"`
-}
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
 
-// AgentPolicyPackagePolicies1Inputs0StreamsRelease defines model for AgentPolicy.PackagePolicies.1.Inputs.0.Streams.Release.
-type AgentPolicyPackagePolicies1Inputs0StreamsRelease string
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval SecurityDetectionsAPIRuleInterval `json:"interval"`
 
-// AgentPolicyPackagePolicies1Inputs1 Package policy inputs (see integration documentation to know what inputs are available)
-type AgentPolicyPackagePolicies1Inputs1 map[string]struct {
-	// Enabled enable or disable that input, (default to true)
-	Enabled *bool `json:"enabled,omitempty"`
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	Language            SecurityDetectionsAPIEqlQueryLanguage     `json:"language"`
 
-	// Streams Input streams (see integration documentation to know what streams are available)
-	Streams *map[string]struct {
-		// Enabled enable or disable that stream, (default to true)
-		Enabled *bool `json:"enabled,omitempty"`
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
 
-		// Vars Input/stream level variable (see integration documentation for more information)
-		Vars *map[string]*AgentPolicy_PackagePolicies_1_Inputs_1_Streams_Vars_AdditionalProperties `json:"vars,omitempty"`
-	} `json:"streams,omitempty"`
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals SecurityDetectionsAPIMaxSignals `json:"max_signals"`
 
-	// Vars Input/stream level variable (see integration documentation for more information)
-	Vars *map[string]*AgentPolicy_PackagePolicies_1_Inputs_1_Vars_AdditionalProperties `json:"vars,omitempty"`
-}
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
 
-// AgentPolicyPackagePolicies1Inputs1StreamsVars0 defines model for .
-type AgentPolicyPackagePolicies1Inputs1StreamsVars0 = bool
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
 
-// AgentPolicyPackagePolicies1Inputs1StreamsVars1 defines model for .
-type AgentPolicyPackagePolicies1Inputs1StreamsVars1 = string
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
 
-// AgentPolicyPackagePolicies1Inputs1StreamsVars2 defines model for .
-type AgentPolicyPackagePolicies1Inputs1StreamsVars2 = float32
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
 
-// AgentPolicyPackagePolicies1Inputs1StreamsVars3 defines model for .
-type AgentPolicyPackagePolicies1Inputs1StreamsVars3 = []string
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          SecurityDetectionsAPIRuleReferenceArray      `json:"references"`
+	RelatedIntegrations SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations"`
+	RequiredFields      SecurityDetectionsAPIRequiredFieldArray      `json:"required_fields"`
+	ResponseActions     *[]SecurityDetectionsAPIResponseAction       `json:"response_actions,omitempty"`
+
+	// Revision The rule's revision number.
+	//
+	// It represents the version of rule's object in Kibana. It is set to `0` when the rule is installed or created and then gets incremented on each update.
+	// > info
+	// > Not all updates to any rule fields will increment the revision. Only those fields that are considered static `rule parameters` can trigger revision increments. For example, an update to a rule's query or index fields will increment the rule's revision by `1`. However, changes to dynamic or technical fields like enabled or execution_summary will not cause revision increments.
+	Revision SecurityDetectionsAPIRuleRevision `json:"revision"`
+
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
+
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping"`
 
-// AgentPolicyPackagePolicies1Inputs1StreamsVars4 defines model for .
-type AgentPolicyPackagePolicies1Inputs1StreamsVars4 = []float32
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId SecurityDetectionsAPIRuleSignatureId `json:"rule_id"`
 
-// AgentPolicyPackagePolicies1Inputs1StreamsVars5 defines model for .
-type AgentPolicyPackagePolicies1Inputs1StreamsVars5 struct {
-	Id          string `json:"id"`
-	IsSecretRef bool   `json:"isSecretRef"`
-}
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
+
+	// RuleSource Discriminated union that determines whether the rule is internally sourced (created within the Kibana app) or has an external source, such as the Elastic Prebuilt rules repo.
+	RuleSource SecurityDetectionsAPIRuleSource `json:"rule_source"`
+
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup SecurityDetectionsAPISetupGuide `json:"setup"`
 
-// AgentPolicy_PackagePolicies_1_Inputs_1_Streams_Vars_AdditionalProperties defines model for AgentPolicy.PackagePolicies.1.Inputs.1.Streams.Vars.AdditionalProperties.
-type AgentPolicy_PackagePolicies_1_Inputs_1_Streams_Vars_AdditionalProperties struct {
-	union json.RawMessage
-}
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
+
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping SecurityDetectionsAPISeverityMapping `json:"severity_mapping"`
+
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags   SecurityDetectionsAPIRuleTagArray `json:"tags"`
+	Threat SecurityDetectionsAPIThreatArray  `json:"threat"`
+
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
+
+	// TiebreakerField Sets a secondary field for sorting events
+	TiebreakerField *SecurityDetectionsAPITiebreakerField `json:"tiebreaker_field,omitempty"`
 
-// AgentPolicyPackagePolicies1Inputs1Vars0 defines model for .
-type AgentPolicyPackagePolicies1Inputs1Vars0 = bool
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
+
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
+
+	// TimestampField Specifies the name of the event timestamp field used for sorting a sequence of events. Not to be confused with `timestamp_override`, which specifies the more general field used for querying events within a range. Defaults to the @timestamp ECS field.
+	TimestampField *SecurityDetectionsAPITimestampField `json:"timestamp_field,omitempty"`
+
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
+
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                SecurityDetectionsAPIRuleIntervalTo                     `json:"to"`
 
-// AgentPolicyPackagePolicies1Inputs1Vars1 defines model for .
-type AgentPolicyPackagePolicies1Inputs1Vars1 = string
+	// Type Rule type
+	Type      SecurityDetectionsAPIEqlRuleType `json:"type"`
+	UpdatedAt time.Time                        `json:"updated_at"`
+	UpdatedBy string                           `json:"updated_by"`
+
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version SecurityDetectionsAPIRuleVersion `json:"version"`
+}
+
+// SecurityDetectionsAPIEqlRuleType Rule type
+type SecurityDetectionsAPIEqlRuleType string
+
+// SecurityDetectionsAPIEqlRuleCreateFields defines model for Security_Detections_API_EqlRuleCreateFields.
+type SecurityDetectionsAPIEqlRuleCreateFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression      *SecurityDetectionsAPIAlertSuppression      `json:"alert_suppression,omitempty"`
+	DataViewId            *SecurityDetectionsAPIDataViewId            `json:"data_view_id,omitempty"`
+	EventCategoryOverride *SecurityDetectionsAPIEventCategoryOverride `json:"event_category_override,omitempty"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
 
-// AgentPolicyPackagePolicies1Inputs1Vars2 defines model for .
-type AgentPolicyPackagePolicies1Inputs1Vars2 = float32
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index    *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+	Language SecurityDetectionsAPIEqlQueryLanguage   `json:"language"`
 
-// AgentPolicyPackagePolicies1Inputs1Vars3 defines model for .
-type AgentPolicyPackagePolicies1Inputs1Vars3 = []string
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
 
-// AgentPolicyPackagePolicies1Inputs1Vars4 defines model for .
-type AgentPolicyPackagePolicies1Inputs1Vars4 = []float32
+	// TiebreakerField Sets a secondary field for sorting events
+	TiebreakerField *SecurityDetectionsAPITiebreakerField `json:"tiebreaker_field,omitempty"`
 
-// AgentPolicyPackagePolicies1Inputs1Vars5 defines model for .
-type AgentPolicyPackagePolicies1Inputs1Vars5 struct {
-	Id          string `json:"id"`
-	IsSecretRef bool   `json:"isSecretRef"`
-}
+	// TimestampField Specifies the name of the event timestamp field used for sorting a sequence of events. Not to be confused with `timestamp_override`, which specifies the more general field used for querying events within a range. Defaults to the @timestamp ECS field.
+	TimestampField *SecurityDetectionsAPITimestampField `json:"timestamp_field,omitempty"`
 
-// AgentPolicy_PackagePolicies_1_Inputs_1_Vars_AdditionalProperties defines model for AgentPolicy.PackagePolicies.1.Inputs.1.Vars.AdditionalProperties.
-type AgentPolicy_PackagePolicies_1_Inputs_1_Vars_AdditionalProperties struct {
-	union json.RawMessage
+	// Type Rule type
+	Type SecurityDetectionsAPIEqlRuleCreateFieldsType `json:"type"`
 }
 
-// AgentPolicy_PackagePolicies_1_Inputs defines model for AgentPolicy.PackagePolicies.1.Inputs.
-type AgentPolicy_PackagePolicies_1_Inputs struct {
-	union json.RawMessage
-}
+// SecurityDetectionsAPIEqlRuleCreateFieldsType Rule type
+type SecurityDetectionsAPIEqlRuleCreateFieldsType string
 
-// AgentPolicyPackagePolicies1Vars0 Package variable (see integration documentation for more information)
-type AgentPolicyPackagePolicies1Vars0 map[string]struct {
-	Frozen *bool       `json:"frozen,omitempty"`
-	Type   *string     `json:"type,omitempty"`
-	Value  interface{} `json:"value"`
-}
+// SecurityDetectionsAPIEqlRuleCreateProps defines model for Security_Detections_API_EqlRuleCreateProps.
+type SecurityDetectionsAPIEqlRuleCreateProps struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions *[]SecurityDetectionsAPIRuleAction `json:"actions,omitempty"`
 
-// AgentPolicyPackagePolicies1Vars1 Input/stream level variable (see integration documentation for more information)
-type AgentPolicyPackagePolicies1Vars1 map[string]*AgentPolicy_PackagePolicies_1_Vars_1_AdditionalProperties
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
 
-// AgentPolicyPackagePolicies1Vars10 defines model for .
-type AgentPolicyPackagePolicies1Vars10 = bool
+	// Author The rule’s author.
+	Author *SecurityDetectionsAPIRuleAuthorArray `json:"author,omitempty"`
 
-// AgentPolicyPackagePolicies1Vars11 defines model for .
-type AgentPolicyPackagePolicies1Vars11 = string
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
+	DataViewId        *SecurityDetectionsAPIDataViewId        `json:"data_view_id,omitempty"`
 
-// AgentPolicyPackagePolicies1Vars12 defines model for .
-type AgentPolicyPackagePolicies1Vars12 = float32
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
 
-// AgentPolicyPackagePolicies1Vars13 defines model for .
-type AgentPolicyPackagePolicies1Vars13 = []string
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled               *SecurityDetectionsAPIIsRuleEnabled         `json:"enabled,omitempty"`
+	EventCategoryOverride *SecurityDetectionsAPIEventCategoryOverride `json:"event_category_override,omitempty"`
+	ExceptionsList        *[]SecurityDetectionsAPIRuleExceptionList   `json:"exceptions_list,omitempty"`
 
-// AgentPolicyPackagePolicies1Vars14 defines model for .
-type AgentPolicyPackagePolicies1Vars14 = []float32
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives *SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives,omitempty"`
 
-// AgentPolicyPackagePolicies1Vars15 defines model for .
-type AgentPolicyPackagePolicies1Vars15 struct {
-	Id          string `json:"id"`
-	IsSecretRef bool   `json:"isSecretRef"`
-}
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
 
-// AgentPolicy_PackagePolicies_1_Vars_1_AdditionalProperties defines model for AgentPolicy.PackagePolicies.1.Vars.1.AdditionalProperties.
-type AgentPolicy_PackagePolicies_1_Vars_1_AdditionalProperties struct {
-	union json.RawMessage
-}
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From *SecurityDetectionsAPIRuleIntervalFrom `json:"from,omitempty"`
 
-// AgentPolicy_PackagePolicies_1_Vars defines model for AgentPolicy.PackagePolicies.1.Vars.
-type AgentPolicy_PackagePolicies_1_Vars struct {
-	union json.RawMessage
-}
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval *SecurityDetectionsAPIRuleInterval `json:"interval,omitempty"`
 
-// AgentPolicy_PackagePolicies defines model for AgentPolicy.PackagePolicies.
-type AgentPolicy_PackagePolicies struct {
-	union json.RawMessage
-}
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	Language            SecurityDetectionsAPIEqlQueryLanguage     `json:"language"`
 
-// AgentPolicyStatus defines model for AgentPolicy.Status.
-type AgentPolicyStatus string
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
 
-// AgentPolicyGlobalDataTagsItem defines model for agent_policy_global_data_tags_item.
-type AgentPolicyGlobalDataTagsItem struct {
-	Name  string                              `json:"name"`
-	Value AgentPolicyGlobalDataTagsItem_Value `json:"value"`
-}
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals *SecurityDetectionsAPIMaxSignals `json:"max_signals,omitempty"`
 
-// AgentPolicyGlobalDataTagsItemValue0 defines model for .
-type AgentPolicyGlobalDataTagsItemValue0 = string
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
+
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
 
-// AgentPolicyGlobalDataTagsItemValue1 defines model for .
-type AgentPolicyGlobalDataTagsItemValue1 = float32
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
 
-// AgentPolicyGlobalDataTagsItem_Value defines model for AgentPolicyGlobalDataTagsItem.Value.
-type AgentPolicyGlobalDataTagsItem_Value struct {
-	union json.RawMessage
-}
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
 
-// AuthType The type of authentication to use: basic, SSL, or none.
-type AuthType string
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
 
-// BedrockConfig Defines properties for connectors when type is `.bedrock`.
-type BedrockConfig struct {
-	// ApiUrl The Amazon Bedrock request URL.
-	ApiUrl string `json:"apiUrl"`
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          *SecurityDetectionsAPIRuleReferenceArray      `json:"references,omitempty"`
+	RelatedIntegrations *SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations,omitempty"`
+
+	// RequiredFields Elasticsearch fields and their types that need to be present for the rule to function.
+	// > info
+	// > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.
+	RequiredFields  *[]SecurityDetectionsAPIRequiredFieldInput `json:"required_fields,omitempty"`
+	ResponseActions *[]SecurityDetectionsAPIResponseAction     `json:"response_actions,omitempty"`
 
-	// DefaultModel The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models.
-	DefaultModel *string `json:"defaultModel,omitempty"`
-}
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
 
-// BedrockSecrets Defines secrets for connectors when type is `.bedrock`.
-type BedrockSecrets struct {
-	// AccessKey The AWS access key for authentication.
-	AccessKey string `json:"accessKey"`
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping *SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping,omitempty"`
 
-	// Secret The AWS secret for authentication.
-	Secret string `json:"secret"`
-}
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId *SecurityDetectionsAPIRuleSignatureId `json:"rule_id,omitempty"`
 
-// Ca A base64 encoded version of the certificate authority file that the connector can trust to sign and validate certificates. This option is available for all authentication types.
-type Ca = string
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
 
-// CasesWebhookConfig Defines properties for connectors when type is `.cases-webhook`.
-type CasesWebhookConfig struct {
-	// AuthType The type of authentication to use: basic, SSL, or none.
-	AuthType *AuthType `json:"authType,omitempty"`
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup *SecurityDetectionsAPISetupGuide `json:"setup,omitempty"`
 
-	// Ca A base64 encoded version of the certificate authority file that the connector can trust to sign and validate certificates. This option is available for all authentication types.
-	Ca *Ca `json:"ca,omitempty"`
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
 
-	// CertType If the `authType` is `webhook-authentication-ssl`, specifies whether the certificate authentication data is in a CRT and key file format or a PFX file format.
-	CertType *CertType `json:"certType,omitempty"`
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping *SecurityDetectionsAPISeverityMapping `json:"severity_mapping,omitempty"`
 
-	// CreateCommentJson A JSON payload sent to the create comment URL to create a case comment. You can use variables to add Kibana Cases data to the payload. The required variable is `case.comment`. Due to Mustache template variables (the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated once the Mustache variables have been placed when the REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass.
-	CreateCommentJson *string `json:"createCommentJson,omitempty"`
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags   *SecurityDetectionsAPIRuleTagArray `json:"tags,omitempty"`
+	Threat *SecurityDetectionsAPIThreatArray  `json:"threat,omitempty"`
 
-	// CreateCommentMethod The REST API HTTP request method to create a case comment in the third-party system. Valid values are `patch`, `post`, and `put`.
-	CreateCommentMethod *CasesWebhookConfigCreateCommentMethod `json:"createCommentMethod,omitempty"`
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
 
-	// CreateCommentUrl The REST API URL to create a case comment by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the `xpack.actions.allowedHosts setting`, add the hostname to the allowed hosts.
-	CreateCommentUrl *string `json:"createCommentUrl,omitempty"`
+	// TiebreakerField Sets a secondary field for sorting events
+	TiebreakerField *SecurityDetectionsAPITiebreakerField `json:"tiebreaker_field,omitempty"`
 
-	// CreateIncidentJson A JSON payload sent to the create case URL to create a case. You can use variables to add case data to the payload. Required variables are `case.title` and `case.description`. Due to Mustache template variables (which is the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review.
-	CreateIncidentJson string `json:"createIncidentJson"`
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
 
-	// CreateIncidentMethod The REST API HTTP request method to create a case in the third-party system. Valid values are `patch`, `post`, and `put`.
-	CreateIncidentMethod *CasesWebhookConfigCreateIncidentMethod `json:"createIncidentMethod,omitempty"`
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
 
-	// CreateIncidentResponseKey The JSON key in the create external case response that contains the case ID.
-	CreateIncidentResponseKey string `json:"createIncidentResponseKey"`
+	// TimestampField Specifies the name of the event timestamp field used for sorting a sequence of events. Not to be confused with `timestamp_override`, which specifies the more general field used for querying events within a range. Defaults to the @timestamp ECS field.
+	TimestampField *SecurityDetectionsAPITimestampField `json:"timestamp_field,omitempty"`
 
-	// CreateIncidentUrl The REST API URL to create a case in the third-party system. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
-	CreateIncidentUrl string `json:"createIncidentUrl"`
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
 
-	// GetIncidentResponseExternalTitleKey The JSON key in get external case response that contains the case title.
-	GetIncidentResponseExternalTitleKey string `json:"getIncidentResponseExternalTitleKey"`
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                *SecurityDetectionsAPIRuleIntervalTo                    `json:"to,omitempty"`
 
-	// GetIncidentUrl The REST API URL to get the case by ID from the third-party system. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. You can use a variable to add the external system ID to the URL. Due to Mustache template variables (the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass.
-	GetIncidentUrl string `json:"getIncidentUrl"`
+	// Type Rule type
+	Type SecurityDetectionsAPIEqlRuleCreatePropsType `json:"type"`
 
-	// HasAuth If true, a username and password for login type authentication must be provided.
-	HasAuth *HasAuth `json:"hasAuth,omitempty"`
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version *SecurityDetectionsAPIRuleVersion `json:"version,omitempty"`
+}
 
-	// Headers A set of key-value pairs sent as headers with the request URLs for the create case, update case, get case, and create comment methods.
-	Headers *string `json:"headers,omitempty"`
+// SecurityDetectionsAPIEqlRuleCreatePropsType Rule type
+type SecurityDetectionsAPIEqlRuleCreatePropsType string
 
-	// UpdateIncidentJson The JSON payload sent to the update case URL to update the case. You can use variables to add Kibana Cases data to the payload. Required variables are `case.title` and `case.description`. Due to Mustache template variables (which is the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review.
-	UpdateIncidentJson string `json:"updateIncidentJson"`
+// SecurityDetectionsAPIEqlRuleResponseFields defines model for Security_Detections_API_EqlRuleResponseFields.
+type SecurityDetectionsAPIEqlRuleResponseFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression      *SecurityDetectionsAPIAlertSuppression      `json:"alert_suppression,omitempty"`
+	DataViewId            *SecurityDetectionsAPIDataViewId            `json:"data_view_id,omitempty"`
+	EventCategoryOverride *SecurityDetectionsAPIEventCategoryOverride `json:"event_category_override,omitempty"`
 
-	// UpdateIncidentMethod The REST API HTTP request method to update the case in the third-party system. Valid values are `patch`, `post`, and `put`.
-	UpdateIncidentMethod *CasesWebhookConfigUpdateIncidentMethod `json:"updateIncidentMethod,omitempty"`
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
 
-	// UpdateIncidentUrl The REST API URL to update the case by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
-	UpdateIncidentUrl string `json:"updateIncidentUrl"`
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index    *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+	Language SecurityDetectionsAPIEqlQueryLanguage   `json:"language"`
 
-	// VerificationMode Controls the verification of certificates. Use `full` to validate that the certificate has an issue date within the `not_before` and `not_after` dates, chains to a trusted certificate authority (CA), and has a hostname or IP address that matches the names within the certificate. Use `certificate` to validate the certificate and verify that it is signed by a trusted authority; this option does not check the certificate hostname. Use `none` to skip certificate validation.
-	VerificationMode *VerificationMode `json:"verificationMode,omitempty"`
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
 
-	// ViewIncidentUrl The URL to view the case in the external system. You can use variables to add the external system ID or external system title to the URL.
-	ViewIncidentUrl string `json:"viewIncidentUrl"`
+	// TiebreakerField Sets a secondary field for sorting events
+	TiebreakerField *SecurityDetectionsAPITiebreakerField `json:"tiebreaker_field,omitempty"`
+
+	// TimestampField Specifies the name of the event timestamp field used for sorting a sequence of events. Not to be confused with `timestamp_override`, which specifies the more general field used for querying events within a range. Defaults to the @timestamp ECS field.
+	TimestampField *SecurityDetectionsAPITimestampField `json:"timestamp_field,omitempty"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIEqlRuleResponseFieldsType `json:"type"`
 }
 
-// CasesWebhookConfigCreateCommentMethod The REST API HTTP request method to create a case comment in the third-party system. Valid values are `patch`, `post`, and `put`.
-type CasesWebhookConfigCreateCommentMethod string
+// SecurityDetectionsAPIEqlRuleResponseFieldsType Rule type
+type SecurityDetectionsAPIEqlRuleResponseFieldsType string
 
-// CasesWebhookConfigCreateIncidentMethod The REST API HTTP request method to create a case in the third-party system. Valid values are `patch`, `post`, and `put`.
-type CasesWebhookConfigCreateIncidentMethod string
+// SecurityDetectionsAPIEqlRuleUpdateProps defines model for Security_Detections_API_EqlRuleUpdateProps.
+type SecurityDetectionsAPIEqlRuleUpdateProps struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions *[]SecurityDetectionsAPIRuleAction `json:"actions,omitempty"`
 
-// CasesWebhookConfigUpdateIncidentMethod The REST API HTTP request method to update the case in the third-party system. Valid values are `patch`, `post`, and `put`.
-type CasesWebhookConfigUpdateIncidentMethod string
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
 
-// CasesWebhookSecrets defines model for cases_webhook_secrets.
-type CasesWebhookSecrets struct {
-	// Crt If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT file.
-	Crt *Crt `json:"crt,omitempty"`
+	// Author The rule’s author.
+	Author *SecurityDetectionsAPIRuleAuthorArray `json:"author,omitempty"`
 
-	// Key If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the KEY file.
-	Key *Key `json:"key,omitempty"`
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
+	DataViewId        *SecurityDetectionsAPIDataViewId        `json:"data_view_id,omitempty"`
 
-	// Password The password for HTTP basic authentication. If `hasAuth` is set to `true` and and `authType` is `webhook-authentication-basic`, this property is required.
-	Password *string `json:"password,omitempty"`
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
 
-	// Pfx If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file.
-	Pfx *Pfx `json:"pfx,omitempty"`
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled               *SecurityDetectionsAPIIsRuleEnabled         `json:"enabled,omitempty"`
+	EventCategoryOverride *SecurityDetectionsAPIEventCategoryOverride `json:"event_category_override,omitempty"`
+	ExceptionsList        *[]SecurityDetectionsAPIRuleExceptionList   `json:"exceptions_list,omitempty"`
 
-	// User The username for HTTP basic authentication. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required.
-	User *string `json:"user,omitempty"`
-}
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives *SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives,omitempty"`
 
-// CertType If the `authType` is `webhook-authentication-ssl`, specifies whether the certificate authentication data is in a CRT and key file format or a PFX file format.
-type CertType string
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
 
-// ConnectorResponse defines model for connector_response.
-type ConnectorResponse struct {
-	Config *map[string]interface{} `json:"config,omitempty"`
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From *SecurityDetectionsAPIRuleIntervalFrom `json:"from,omitempty"`
 
-	// ConnectorTypeId The connector type identifier.
-	ConnectorTypeId string `json:"connector_type_id"`
+	// Id A universally unique identifier
+	Id *SecurityDetectionsAPIRuleObjectId `json:"id,omitempty"`
 
-	// Id The identifier for the connector.
-	Id string `json:"id"`
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
 
-	// IsDeprecated Indicates whether the connector is deprecated.
-	IsDeprecated bool `json:"is_deprecated"`
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval *SecurityDetectionsAPIRuleInterval `json:"interval,omitempty"`
 
-	// IsMissingSecrets Indicates whether the connector is missing secrets.
-	IsMissingSecrets *bool `json:"is_missing_secrets,omitempty"`
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	Language            SecurityDetectionsAPIEqlQueryLanguage     `json:"language"`
 
-	// IsPreconfigured Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response.
-	IsPreconfigured bool `json:"is_preconfigured"`
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
 
-	// IsSystemAction Indicates whether the connector is used for system actions.
-	IsSystemAction bool `json:"is_system_action"`
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals *SecurityDetectionsAPIMaxSignals `json:"max_signals,omitempty"`
 
-	// Name  The name of the rule.
-	Name string `json:"name"`
-}
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
 
-// CreateConnectorConfig The connector configuration details.
-type CreateConnectorConfig struct {
-	AdditionalProperties map[string]interface{} `json:"-"`
-	union                json.RawMessage
-}
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
 
-// CreateConnectorSecrets defines model for create_connector_secrets.
-type CreateConnectorSecrets struct {
-	AdditionalProperties map[string]interface{} `json:"-"`
-	union                json.RawMessage
-}
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
 
-// CreateParamResponse defines model for create_param_response.
-type CreateParamResponse struct {
-	union json.RawMessage
-}
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
 
-// CreateParamResponse0 defines model for .
-type CreateParamResponse0 = []SyntheticsPostParameterResponse
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
 
-// CrowdstrikeConfig Defines config properties for connectors when type is `.crowdstrike`.
-type CrowdstrikeConfig struct {
-	// Url The CrowdStrike tenant URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
-	Url string `json:"url"`
-}
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
 
-// CrowdstrikeSecrets Defines secrets for connectors when type is `.crowdstrike`.
-type CrowdstrikeSecrets struct {
-	// ClientId The CrowdStrike API client identifier.
-	ClientId string `json:"clientId"`
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          *SecurityDetectionsAPIRuleReferenceArray      `json:"references,omitempty"`
+	RelatedIntegrations *SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations,omitempty"`
 
-	// ClientSecret The CrowdStrike API client secret to authenticate the `clientId`.
-	ClientSecret string `json:"clientSecret"`
-}
+	// RequiredFields Elasticsearch fields and their types that need to be present for the rule to function.
+	// > info
+	// > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.
+	RequiredFields  *[]SecurityDetectionsAPIRequiredFieldInput `json:"required_fields,omitempty"`
+	ResponseActions *[]SecurityDetectionsAPIResponseAction     `json:"response_actions,omitempty"`
 
-// Crt If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT file.
-type Crt = string
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
 
-// D3securityConfig Defines properties for connectors when type is `.d3security`.
-type D3securityConfig struct {
-	// Url The D3 Security API request URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
-	Url string `json:"url"`
-}
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping *SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping,omitempty"`
 
-// D3securitySecrets Defines secrets for connectors when type is `.d3security`.
-type D3securitySecrets struct {
-	// Token The D3 Security token.
-	Token string `json:"token"`
-}
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId *SecurityDetectionsAPIRuleSignatureId `json:"rule_id,omitempty"`
 
-// DefenderConfig Defines properties for connectors when type is `.microsoft_defender_endpoint`.
-type DefenderConfig struct {
-	// ApiUrl The URL of the Microsoft Defender for Endpoint API. If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname is added to the allowed hosts.
-	ApiUrl string `json:"apiUrl"`
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
 
-	// ClientId The application (client) identifier for your app in the Azure portal.
-	ClientId *string `json:"clientId,omitempty"`
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup *SecurityDetectionsAPISetupGuide `json:"setup,omitempty"`
 
-	// OAuthScope The OAuth scopes or permission sets for the Microsoft Defender for Endpoint API.
-	OAuthScope *string `json:"oAuthScope,omitempty"`
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
 
-	// OAuthServerUrl The OAuth server URL where authentication is sent and received for the Microsoft Defender for Endpoint API.
-	OAuthServerUrl *string `json:"oAuthServerUrl,omitempty"`
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping *SecurityDetectionsAPISeverityMapping `json:"severity_mapping,omitempty"`
 
-	// TenantId The tenant identifier for your app in the Azure portal.
-	TenantId *string `json:"tenantId,omitempty"`
-}
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags   *SecurityDetectionsAPIRuleTagArray `json:"tags,omitempty"`
+	Threat *SecurityDetectionsAPIThreatArray  `json:"threat,omitempty"`
 
-// DefenderSecrets Defines secrets for connectors when type is `..microsoft_defender_endpoint`.
-type DefenderSecrets struct {
-	// ClientSecret The client secret for your app in the Azure portal.
-	ClientSecret string `json:"clientSecret"`
-}
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
 
-// EmailConfig Defines properties for connectors when type is `.email`.
-type EmailConfig struct {
-	// ClientId The client identifier, which is a part of OAuth 2.0 client credentials authentication, in GUID format. If `service` is `exchange_server`, this property is required.
-	ClientId *string `json:"clientId,omitempty"`
+	// TiebreakerField Sets a secondary field for sorting events
+	TiebreakerField *SecurityDetectionsAPITiebreakerField `json:"tiebreaker_field,omitempty"`
 
-	// From The from address for all emails sent by the connector. It must be specified in `user@host-name` format.
-	From string `json:"from"`
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
 
-	// HasAuth Specifies whether a user and password are required inside the secrets configuration.
-	HasAuth *bool `json:"hasAuth,omitempty"`
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
 
-	// Host The host name of the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined.
-	Host          *string `json:"host,omitempty"`
-	OauthTokenUrl *string `json:"oauthTokenUrl,omitempty"`
+	// TimestampField Specifies the name of the event timestamp field used for sorting a sequence of events. Not to be confused with `timestamp_override`, which specifies the more general field used for querying events within a range. Defaults to the @timestamp ECS field.
+	TimestampField *SecurityDetectionsAPITimestampField `json:"timestamp_field,omitempty"`
 
-	// Port The port to connect to on the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined.
-	Port *int `json:"port,omitempty"`
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
 
-	// Secure Specifies whether the connection to the service provider will use TLS. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored.
-	Secure *bool `json:"secure,omitempty"`
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                *SecurityDetectionsAPIRuleIntervalTo                    `json:"to,omitempty"`
 
-	// Service The name of the email service.
-	Service *EmailConfigService `json:"service,omitempty"`
+	// Type Rule type
+	Type SecurityDetectionsAPIEqlRuleUpdatePropsType `json:"type"`
 
-	// TenantId The tenant identifier, which is part of OAuth 2.0 client credentials authentication, in GUID format. If `service` is `exchange_server`, this property is required.
-	TenantId *string `json:"tenantId,omitempty"`
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version *SecurityDetectionsAPIRuleVersion `json:"version,omitempty"`
 }
 
-// EmailConfigService The name of the email service.
-type EmailConfigService string
+// SecurityDetectionsAPIEqlRuleUpdatePropsType Rule type
+type SecurityDetectionsAPIEqlRuleUpdatePropsType string
 
-// EmailSecrets Defines secrets for connectors when type is `.email`.
-type EmailSecrets struct {
-	// ClientSecret The Microsoft Exchange Client secret for OAuth 2.0 client credentials authentication. It must be URL-encoded. If `service` is `exchange_server`, this property is required.
-	ClientSecret *string `json:"clientSecret,omitempty"`
+// SecurityDetectionsAPIEsqlQueryLanguage defines model for Security_Detections_API_EsqlQueryLanguage.
+type SecurityDetectionsAPIEsqlQueryLanguage string
 
-	// Password The password for HTTP basic authentication. If `hasAuth` is set to `true`, this property is required.
-	Password *string `json:"password,omitempty"`
+// SecurityDetectionsAPIEsqlRule defines model for Security_Detections_API_EsqlRule.
+type SecurityDetectionsAPIEsqlRule struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions []SecurityDetectionsAPIRuleAction `json:"actions"`
 
-	// User The username for HTTP basic authentication. If `hasAuth` is set to `true`, this property is required.
-	User *string `json:"user,omitempty"`
-}
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
 
-// EnrollmentApiKey defines model for enrollment_api_key.
-type EnrollmentApiKey struct {
-	// Active When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.
-	Active bool `json:"active"`
+	// Author The rule’s author.
+	Author SecurityDetectionsAPIRuleAuthorArray `json:"author"`
 
-	// ApiKey The enrollment API key (token) used for enrolling Elastic Agents.
-	ApiKey string `json:"api_key"`
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
+	CreatedAt         time.Time                               `json:"created_at"`
+	CreatedBy         string                                  `json:"created_by"`
 
-	// ApiKeyId The ID of the API key in the Security API.
-	ApiKeyId  string `json:"api_key_id"`
-	CreatedAt string `json:"created_at"`
-	Hidden    *bool  `json:"hidden,omitempty"`
-	Id        string `json:"id"`
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
 
-	// Name The name of the enrollment API key.
-	Name *string `json:"name,omitempty"`
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        SecurityDetectionsAPIIsRuleEnabled       `json:"enabled"`
+	ExceptionsList []SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list"`
 
-	// PolicyId The ID of the agent policy the Elastic Agent will be enrolled in.
-	PolicyId *string `json:"policy_id,omitempty"`
-}
+	// ExecutionSummary Summary of the last execution of a rule.
+	// > info
+	// > This field is under development and its usage or schema may change
+	ExecutionSummary *SecurityDetectionsAPIRuleExecutionSummary `json:"execution_summary,omitempty"`
 
-// GeminiConfig Defines properties for connectors when type is `.gemini`.
-type GeminiConfig struct {
-	// ApiUrl The Google Gemini request URL.
-	ApiUrl string `json:"apiUrl"`
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives"`
 
-	// DefaultModel The generative artificial intelligence model for Google Gemini to use.
-	DefaultModel *string `json:"defaultModel,omitempty"`
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From SecurityDetectionsAPIRuleIntervalFrom `json:"from"`
 
-	// GcpProjectID The Google ProjectID that has Vertex AI endpoint enabled.
-	GcpProjectID string `json:"gcpProjectID"`
+	// Id A universally unique identifier
+	Id SecurityDetectionsAPIRuleObjectId `json:"id"`
 
-	// GcpRegion The GCP region where the Vertex AI endpoint enabled.
-	GcpRegion string `json:"gcpRegion"`
-}
+	// Immutable This field determines whether the rule is a prebuilt Elastic rule. It will be replaced with the `rule_source` field.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	Immutable SecurityDetectionsAPIIsRuleImmutable `json:"immutable"`
 
-// GeminiSecrets Defines secrets for connectors when type is `.gemini`.
-type GeminiSecrets struct {
-	// CredentialsJson The service account credentials JSON file. The service account should have Vertex AI user IAM role assigned to it.
-	CredentialsJson string `json:"credentialsJson"`
-}
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval SecurityDetectionsAPIRuleInterval `json:"interval"`
 
-// GenaiAzureConfig Defines properties for connectors when type is `.gen-ai` and the API provider is `Azure OpenAI`.
-type GenaiAzureConfig struct {
-	// ApiProvider The OpenAI API provider.
-	ApiProvider GenaiAzureConfigApiProvider `json:"apiProvider"`
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	Language            SecurityDetectionsAPIEsqlQueryLanguage    `json:"language"`
 
-	// ApiUrl The OpenAI API endpoint.
-	ApiUrl string `json:"apiUrl"`
-}
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
 
-// GenaiAzureConfigApiProvider The OpenAI API provider.
-type GenaiAzureConfigApiProvider string
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals SecurityDetectionsAPIMaxSignals `json:"max_signals"`
 
-// GenaiOpenaiConfig Defines properties for connectors when type is `.gen-ai` and the API provider is `OpenAI`.
-type GenaiOpenaiConfig struct {
-	// ApiProvider The OpenAI API provider.
-	ApiProvider GenaiOpenaiConfigApiProvider `json:"apiProvider"`
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
 
-	// ApiUrl The OpenAI API endpoint.
-	ApiUrl string `json:"apiUrl"`
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
 
-	// DefaultModel The default model to use for requests.
-	DefaultModel *string `json:"defaultModel,omitempty"`
-}
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
 
-// GenaiOpenaiConfigApiProvider The OpenAI API provider.
-type GenaiOpenaiConfigApiProvider string
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
 
-// GenaiOpenaiOtherConfig Defines properties for connectors when type is `.gen-ai` and the API provider is `Other` (OpenAI-compatible service), including optional PKI authentication.
-type GenaiOpenaiOtherConfig struct {
-	// ApiProvider The OpenAI API provider.
-	ApiProvider GenaiOpenaiOtherConfigApiProvider `json:"apiProvider"`
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          SecurityDetectionsAPIRuleReferenceArray      `json:"references"`
+	RelatedIntegrations SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations"`
+	RequiredFields      SecurityDetectionsAPIRequiredFieldArray      `json:"required_fields"`
+	ResponseActions     *[]SecurityDetectionsAPIResponseAction       `json:"response_actions,omitempty"`
 
-	// ApiUrl The OpenAI-compatible API endpoint.
-	ApiUrl string `json:"apiUrl"`
+	// Revision The rule's revision number.
+	//
+	// It represents the version of rule's object in Kibana. It is set to `0` when the rule is installed or created and then gets incremented on each update.
+	// > info
+	// > Not all updates to any rule fields will increment the revision. Only those fields that are considered static `rule parameters` can trigger revision increments. For example, an update to a rule's query or index fields will increment the rule's revision by `1`. However, changes to dynamic or technical fields like enabled or execution_summary will not cause revision increments.
+	Revision SecurityDetectionsAPIRuleRevision `json:"revision"`
+
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
+
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping"`
 
-	// CaData PEM-encoded CA certificate content.
-	CaData *string `json:"caData,omitempty"`
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId SecurityDetectionsAPIRuleSignatureId `json:"rule_id"`
 
-	// CertificateData PEM-encoded certificate content.
-	CertificateData *string `json:"certificateData,omitempty"`
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
 
-	// DefaultModel The default model to use for requests.
-	DefaultModel string `json:"defaultModel"`
+	// RuleSource Discriminated union that determines whether the rule is internally sourced (created within the Kibana app) or has an external source, such as the Elastic Prebuilt rules repo.
+	RuleSource SecurityDetectionsAPIRuleSource `json:"rule_source"`
 
-	// Headers Custom headers to include in requests.
-	Headers *map[string]string `json:"headers,omitempty"`
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup SecurityDetectionsAPISetupGuide `json:"setup"`
 
-	// PrivateKeyData PEM-encoded private key content.
-	PrivateKeyData *string `json:"privateKeyData,omitempty"`
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
 
-	// VerificationMode SSL verification mode for PKI authentication.
-	VerificationMode *GenaiOpenaiOtherConfigVerificationMode `json:"verificationMode,omitempty"`
-}
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping SecurityDetectionsAPISeverityMapping `json:"severity_mapping"`
 
-// GenaiOpenaiOtherConfigApiProvider The OpenAI API provider.
-type GenaiOpenaiOtherConfigApiProvider string
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags   SecurityDetectionsAPIRuleTagArray `json:"tags"`
+	Threat SecurityDetectionsAPIThreatArray  `json:"threat"`
 
-// GenaiOpenaiOtherConfigVerificationMode SSL verification mode for PKI authentication.
-type GenaiOpenaiOtherConfigVerificationMode string
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
+
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
 
-// GenaiSecrets Defines secrets for connectors when type is `.gen-ai`. Supports both API key authentication (OpenAI, Azure OpenAI, and `Other`) and PKI authentication (`Other` provider only). PKI fields must be base64-encoded PEM content.
-type GenaiSecrets struct {
-	// ApiKey The API key for authentication. For OpenAI and Azure OpenAI providers, it is required. For the `Other` provider, it is required if you do not use PKI authentication. With PKI, you can also optionally include an API key if the OpenAI-compatible service supports or requires one.
-	ApiKey *string `json:"apiKey,omitempty"`
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
 
-	// CaData Base64-encoded PEM CA certificate content for PKI authentication (Other provider only). Optional.
-	CaData *string `json:"caData,omitempty"`
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
 
-	// CertificateData Base64-encoded PEM certificate content for PKI authentication (Other provider only). Required for PKI.
-	CertificateData *string `json:"certificateData,omitempty"`
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                SecurityDetectionsAPIRuleIntervalTo                     `json:"to"`
 
-	// PrivateKeyData Base64-encoded PEM private key content for PKI authentication (Other provider only). Required for PKI.
-	PrivateKeyData *string `json:"privateKeyData,omitempty"`
-}
+	// Type Rule type
+	Type      SecurityDetectionsAPIEsqlRuleType `json:"type"`
+	UpdatedAt time.Time                         `json:"updated_at"`
+	UpdatedBy string                            `json:"updated_by"`
 
-// GetDataViewsResponseItem defines model for get_data_views_response_item.
-type GetDataViewsResponseItem struct {
-	Id         *string                 `json:"id,omitempty"`
-	Name       *string                 `json:"name,omitempty"`
-	Namespaces *[]string               `json:"namespaces,omitempty"`
-	Title      *string                 `json:"title,omitempty"`
-	TypeMeta   *map[string]interface{} `json:"typeMeta,omitempty"`
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version SecurityDetectionsAPIRuleVersion `json:"version"`
 }
 
-// HasAuth If true, a username and password for login type authentication must be provided.
-type HasAuth = bool
+// SecurityDetectionsAPIEsqlRuleType Rule type
+type SecurityDetectionsAPIEsqlRuleType string
 
-// IndexConfig Defines properties for connectors when type is `.index`.
-type IndexConfig struct {
-	// ExecutionTimeField A field that indicates when the document was indexed.
-	ExecutionTimeField *string `json:"executionTimeField,omitempty"`
+// SecurityDetectionsAPIEsqlRuleCreateFields defines model for Security_Detections_API_EsqlRuleCreateFields.
+type SecurityDetectionsAPIEsqlRuleCreateFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression `json:"alert_suppression,omitempty"`
+	Language         SecurityDetectionsAPIEsqlQueryLanguage `json:"language"`
 
-	// Index The Elasticsearch index to be written to.
-	Index string `json:"index"`
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
 
-	// Refresh The refresh policy for the write request, which affects when changes are made visible to search. Refer to the refresh setting for Elasticsearch document APIs.
-	Refresh *bool `json:"refresh,omitempty"`
+	// Type Rule type
+	Type SecurityDetectionsAPIEsqlRuleCreateFieldsType `json:"type"`
 }
 
-// JiraConfig Defines properties for connectors when type is `.jira`.
-type JiraConfig struct {
-	// ApiUrl The Jira instance URL.
-	ApiUrl string `json:"apiUrl"`
+// SecurityDetectionsAPIEsqlRuleCreateFieldsType Rule type
+type SecurityDetectionsAPIEsqlRuleCreateFieldsType string
 
-	// ProjectKey The Jira project key.
-	ProjectKey string `json:"projectKey"`
-}
+// SecurityDetectionsAPIEsqlRuleCreateProps defines model for Security_Detections_API_EsqlRuleCreateProps.
+type SecurityDetectionsAPIEsqlRuleCreateProps struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions *[]SecurityDetectionsAPIRuleAction `json:"actions,omitempty"`
 
-// JiraSecrets Defines secrets for connectors when type is `.jira`.
-type JiraSecrets struct {
-	// ApiToken The Jira API authentication token for HTTP basic authentication.
-	ApiToken string `json:"apiToken"`
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
 
-	// Email The account email for HTTP Basic authentication.
-	Email string `json:"email"`
-}
+	// Author The rule’s author.
+	Author *SecurityDetectionsAPIRuleAuthorArray `json:"author,omitempty"`
 
-// Key If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the KEY file.
-type Key = string
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
 
-// NewOutputElasticsearch defines model for new_output_elasticsearch.
-type NewOutputElasticsearch struct {
-	AllowEdit            *[]string                     `json:"allow_edit,omitempty"`
-	CaSha256             *string                       `json:"ca_sha256,omitempty"`
-	CaTrustedFingerprint *string                       `json:"ca_trusted_fingerprint,omitempty"`
-	ConfigYaml           *string                       `json:"config_yaml,omitempty"`
-	Hosts                []string                      `json:"hosts"`
-	Id                   *string                       `json:"id,omitempty"`
-	IsDefault            *bool                         `json:"is_default,omitempty"`
-	IsDefaultMonitoring  *bool                         `json:"is_default_monitoring,omitempty"`
-	IsInternal           *bool                         `json:"is_internal,omitempty"`
-	IsPreconfigured      *bool                         `json:"is_preconfigured,omitempty"`
-	Name                 string                        `json:"name"`
-	Preset               *NewOutputElasticsearchPreset `json:"preset,omitempty"`
-	ProxyId              *string                       `json:"proxy_id,omitempty"`
-	Secrets              *struct {
-		Ssl *struct {
-			Key *NewOutputElasticsearch_Secrets_Ssl_Key `json:"key,omitempty"`
-		} `json:"ssl,omitempty"`
-	} `json:"secrets,omitempty"`
-	Shipper *NewOutputShipper          `json:"shipper,omitempty"`
-	Ssl     *NewOutputSsl              `json:"ssl,omitempty"`
-	Type    NewOutputElasticsearchType `json:"type"`
-}
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
 
-// NewOutputElasticsearchPreset defines model for NewOutputElasticsearch.Preset.
-type NewOutputElasticsearchPreset string
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        *SecurityDetectionsAPIIsRuleEnabled       `json:"enabled,omitempty"`
+	ExceptionsList *[]SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list,omitempty"`
 
-// NewOutputElasticsearchSecretsSslKey0 defines model for .
-type NewOutputElasticsearchSecretsSslKey0 struct {
-	Id string `json:"id"`
-}
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives *SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives,omitempty"`
 
-// NewOutputElasticsearchSecretsSslKey1 defines model for .
-type NewOutputElasticsearchSecretsSslKey1 = string
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From *SecurityDetectionsAPIRuleIntervalFrom `json:"from,omitempty"`
 
-// NewOutputElasticsearch_Secrets_Ssl_Key defines model for NewOutputElasticsearch.Secrets.Ssl.Key.
-type NewOutputElasticsearch_Secrets_Ssl_Key struct {
-	union json.RawMessage
-}
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval *SecurityDetectionsAPIRuleInterval `json:"interval,omitempty"`
 
-// NewOutputElasticsearchType defines model for NewOutputElasticsearch.Type.
-type NewOutputElasticsearchType string
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	Language            SecurityDetectionsAPIEsqlQueryLanguage    `json:"language"`
 
-// NewOutputKafka defines model for new_output_kafka.
-type NewOutputKafka struct {
-	AllowEdit            *[]string                  `json:"allow_edit,omitempty"`
-	AuthType             NewOutputKafkaAuthType     `json:"auth_type"`
-	BrokerTimeout        *float32                   `json:"broker_timeout,omitempty"`
-	CaSha256             *string                    `json:"ca_sha256,omitempty"`
-	CaTrustedFingerprint *string                    `json:"ca_trusted_fingerprint,omitempty"`
-	ClientId             *string                    `json:"client_id,omitempty"`
-	Compression          *NewOutputKafkaCompression `json:"compression,omitempty"`
-	CompressionLevel     interface{}                `json:"compression_level"`
-	ConfigYaml           *string                    `json:"config_yaml,omitempty"`
-	ConnectionType       interface{}                `json:"connection_type"`
-	Hash                 *struct {
-		Hash   *string `json:"hash,omitempty"`
-		Random *bool   `json:"random,omitempty"`
-	} `json:"hash,omitempty"`
-	Headers *[]struct {
-		Key   string `json:"key"`
-		Value string `json:"value"`
-	} `json:"headers,omitempty"`
-	Hosts               []string                 `json:"hosts"`
-	Id                  *string                  `json:"id,omitempty"`
-	IsDefault           *bool                    `json:"is_default,omitempty"`
-	IsDefaultMonitoring *bool                    `json:"is_default_monitoring,omitempty"`
-	IsInternal          *bool                    `json:"is_internal,omitempty"`
-	IsPreconfigured     *bool                    `json:"is_preconfigured,omitempty"`
-	Key                 *string                  `json:"key,omitempty"`
-	Name                string                   `json:"name"`
-	Partition           *NewOutputKafkaPartition `json:"partition,omitempty"`
-	Password            interface{}              `json:"password"`
-	ProxyId             *string                  `json:"proxy_id,omitempty"`
-	Random              *struct {
-		GroupEvents *float32 `json:"group_events,omitempty"`
-	} `json:"random,omitempty"`
-	RequiredAcks *NewOutputKafkaRequiredAcks `json:"required_acks,omitempty"`
-	RoundRobin   *struct {
-		GroupEvents *float32 `json:"group_events,omitempty"`
-	} `json:"round_robin,omitempty"`
-	Sasl *struct {
-		Mechanism *NewOutputKafkaSaslMechanism `json:"mechanism,omitempty"`
-	} `json:"sasl,omitempty"`
-	Secrets *struct {
-		Password *NewOutputKafka_Secrets_Password `json:"password,omitempty"`
-		Ssl      *struct {
-			Key NewOutputKafka_Secrets_Ssl_Key `json:"key"`
-		} `json:"ssl,omitempty"`
-	} `json:"secrets,omitempty"`
-	Shipper  *NewOutputShipper  `json:"shipper,omitempty"`
-	Ssl      *NewOutputSsl      `json:"ssl,omitempty"`
-	Timeout  *float32           `json:"timeout,omitempty"`
-	Topic    *string            `json:"topic,omitempty"`
-	Type     NewOutputKafkaType `json:"type"`
-	Username interface{}        `json:"username"`
-	Version  *string            `json:"version,omitempty"`
-}
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
 
-// NewOutputKafkaAuthType defines model for NewOutputKafka.AuthType.
-type NewOutputKafkaAuthType string
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals *SecurityDetectionsAPIMaxSignals `json:"max_signals,omitempty"`
 
-// NewOutputKafkaCompression defines model for NewOutputKafka.Compression.
-type NewOutputKafkaCompression string
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
 
-// NewOutputKafkaPartition defines model for NewOutputKafka.Partition.
-type NewOutputKafkaPartition string
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
 
-// NewOutputKafkaRequiredAcks defines model for NewOutputKafka.RequiredAcks.
-type NewOutputKafkaRequiredAcks int
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
 
-// NewOutputKafkaSaslMechanism defines model for NewOutputKafka.Sasl.Mechanism.
-type NewOutputKafkaSaslMechanism string
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
 
-// NewOutputKafkaSecretsPassword0 defines model for .
-type NewOutputKafkaSecretsPassword0 struct {
-	Id string `json:"id"`
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          *SecurityDetectionsAPIRuleReferenceArray      `json:"references,omitempty"`
+	RelatedIntegrations *SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations,omitempty"`
+
+	// RequiredFields Elasticsearch fields and their types that need to be present for the rule to function.
+	// > info
+	// > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.
+	RequiredFields  *[]SecurityDetectionsAPIRequiredFieldInput `json:"required_fields,omitempty"`
+	ResponseActions *[]SecurityDetectionsAPIResponseAction     `json:"response_actions,omitempty"`
+
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
+
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping *SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping,omitempty"`
+
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId *SecurityDetectionsAPIRuleSignatureId `json:"rule_id,omitempty"`
+
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
+
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup *SecurityDetectionsAPISetupGuide `json:"setup,omitempty"`
+
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
+
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping *SecurityDetectionsAPISeverityMapping `json:"severity_mapping,omitempty"`
+
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags   *SecurityDetectionsAPIRuleTagArray `json:"tags,omitempty"`
+	Threat *SecurityDetectionsAPIThreatArray  `json:"threat,omitempty"`
+
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
+
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
+
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
+
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
+
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                *SecurityDetectionsAPIRuleIntervalTo                    `json:"to,omitempty"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIEsqlRuleCreatePropsType `json:"type"`
+
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version *SecurityDetectionsAPIRuleVersion `json:"version,omitempty"`
 }
 
-// NewOutputKafkaSecretsPassword1 defines model for .
-type NewOutputKafkaSecretsPassword1 = string
+// SecurityDetectionsAPIEsqlRuleCreatePropsType Rule type
+type SecurityDetectionsAPIEsqlRuleCreatePropsType string
 
-// NewOutputKafka_Secrets_Password defines model for NewOutputKafka.Secrets.Password.
-type NewOutputKafka_Secrets_Password struct {
-	union json.RawMessage
+// SecurityDetectionsAPIEsqlRuleOptionalFields defines model for Security_Detections_API_EsqlRuleOptionalFields.
+type SecurityDetectionsAPIEsqlRuleOptionalFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression `json:"alert_suppression,omitempty"`
 }
 
-// NewOutputKafkaSecretsSslKey0 defines model for .
-type NewOutputKafkaSecretsSslKey0 struct {
-	Id string `json:"id"`
+// SecurityDetectionsAPIEsqlRuleRequiredFields defines model for Security_Detections_API_EsqlRuleRequiredFields.
+type SecurityDetectionsAPIEsqlRuleRequiredFields struct {
+	Language SecurityDetectionsAPIEsqlQueryLanguage `json:"language"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIEsqlRuleRequiredFieldsType `json:"type"`
 }
 
-// NewOutputKafkaSecretsSslKey1 defines model for .
-type NewOutputKafkaSecretsSslKey1 = string
+// SecurityDetectionsAPIEsqlRuleRequiredFieldsType Rule type
+type SecurityDetectionsAPIEsqlRuleRequiredFieldsType string
 
-// NewOutputKafka_Secrets_Ssl_Key defines model for NewOutputKafka.Secrets.Ssl.Key.
-type NewOutputKafka_Secrets_Ssl_Key struct {
-	union json.RawMessage
+// SecurityDetectionsAPIEsqlRuleResponseFields defines model for Security_Detections_API_EsqlRuleResponseFields.
+type SecurityDetectionsAPIEsqlRuleResponseFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression `json:"alert_suppression,omitempty"`
+	Language         SecurityDetectionsAPIEsqlQueryLanguage `json:"language"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIEsqlRuleResponseFieldsType `json:"type"`
 }
 
-// NewOutputKafkaType defines model for NewOutputKafka.Type.
-type NewOutputKafkaType string
+// SecurityDetectionsAPIEsqlRuleResponseFieldsType Rule type
+type SecurityDetectionsAPIEsqlRuleResponseFieldsType string
 
-// NewOutputLogstash defines model for new_output_logstash.
-type NewOutputLogstash struct {
-	AllowEdit            *[]string `json:"allow_edit,omitempty"`
-	CaSha256             *string   `json:"ca_sha256,omitempty"`
-	CaTrustedFingerprint *string   `json:"ca_trusted_fingerprint,omitempty"`
-	ConfigYaml           *string   `json:"config_yaml,omitempty"`
-	Hosts                []string  `json:"hosts"`
-	Id                   *string   `json:"id,omitempty"`
-	IsDefault            *bool     `json:"is_default,omitempty"`
-	IsDefaultMonitoring  *bool     `json:"is_default_monitoring,omitempty"`
-	IsInternal           *bool     `json:"is_internal,omitempty"`
-	IsPreconfigured      *bool     `json:"is_preconfigured,omitempty"`
-	Name                 string    `json:"name"`
-	ProxyId              *string   `json:"proxy_id,omitempty"`
-	Secrets              *struct {
-		Ssl *struct {
-			Key *NewOutputLogstash_Secrets_Ssl_Key `json:"key,omitempty"`
-		} `json:"ssl,omitempty"`
-	} `json:"secrets,omitempty"`
-	Shipper *NewOutputShipper     `json:"shipper,omitempty"`
-	Ssl     *NewOutputSsl         `json:"ssl,omitempty"`
-	Type    NewOutputLogstashType `json:"type"`
-}
+// SecurityDetectionsAPIEsqlRuleUpdateProps defines model for Security_Detections_API_EsqlRuleUpdateProps.
+type SecurityDetectionsAPIEsqlRuleUpdateProps struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions *[]SecurityDetectionsAPIRuleAction `json:"actions,omitempty"`
 
-// NewOutputLogstashSecretsSslKey0 defines model for .
-type NewOutputLogstashSecretsSslKey0 struct {
-	Id string `json:"id"`
-}
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
 
-// NewOutputLogstashSecretsSslKey1 defines model for .
-type NewOutputLogstashSecretsSslKey1 = string
+	// Author The rule’s author.
+	Author *SecurityDetectionsAPIRuleAuthorArray `json:"author,omitempty"`
 
-// NewOutputLogstash_Secrets_Ssl_Key defines model for NewOutputLogstash.Secrets.Ssl.Key.
-type NewOutputLogstash_Secrets_Ssl_Key struct {
-	union json.RawMessage
-}
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
 
-// NewOutputLogstashType defines model for NewOutputLogstash.Type.
-type NewOutputLogstashType string
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
 
-// NewOutputRemoteElasticsearch defines model for new_output_remote_elasticsearch.
-type NewOutputRemoteElasticsearch struct {
-	AllowEdit            *[]string                           `json:"allow_edit,omitempty"`
-	CaSha256             *string                             `json:"ca_sha256,omitempty"`
-	CaTrustedFingerprint *string                             `json:"ca_trusted_fingerprint,omitempty"`
-	ConfigYaml           *string                             `json:"config_yaml,omitempty"`
-	Hosts                []string                            `json:"hosts"`
-	Id                   *string                             `json:"id,omitempty"`
-	IsDefault            *bool                               `json:"is_default,omitempty"`
-	IsDefaultMonitoring  *bool                               `json:"is_default_monitoring,omitempty"`
-	IsInternal           *bool                               `json:"is_internal,omitempty"`
-	IsPreconfigured      *bool                               `json:"is_preconfigured,omitempty"`
-	KibanaApiKey         *string                             `json:"kibana_api_key,omitempty"`
-	KibanaUrl            *string                             `json:"kibana_url,omitempty"`
-	Name                 string                              `json:"name"`
-	Preset               *NewOutputRemoteElasticsearchPreset `json:"preset,omitempty"`
-	ProxyId              *string                             `json:"proxy_id,omitempty"`
-	Secrets              *struct {
-		ServiceToken *NewOutputRemoteElasticsearch_Secrets_ServiceToken `json:"service_token,omitempty"`
-		Ssl          *struct {
-			Key *NewOutputRemoteElasticsearch_Secrets_Ssl_Key `json:"key,omitempty"`
-		} `json:"ssl,omitempty"`
-	} `json:"secrets,omitempty"`
-	ServiceToken                *string                          `json:"service_token,omitempty"`
-	Shipper                     *NewOutputShipper                `json:"shipper,omitempty"`
-	Ssl                         *NewOutputSsl                    `json:"ssl,omitempty"`
-	SyncIntegrations            *bool                            `json:"sync_integrations,omitempty"`
-	SyncUninstalledIntegrations *bool                            `json:"sync_uninstalled_integrations,omitempty"`
-	Type                        NewOutputRemoteElasticsearchType `json:"type"`
-}
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        *SecurityDetectionsAPIIsRuleEnabled       `json:"enabled,omitempty"`
+	ExceptionsList *[]SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list,omitempty"`
 
-// NewOutputRemoteElasticsearchPreset defines model for NewOutputRemoteElasticsearch.Preset.
-type NewOutputRemoteElasticsearchPreset string
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives *SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives,omitempty"`
 
-// NewOutputRemoteElasticsearchSecretsServiceToken0 defines model for .
-type NewOutputRemoteElasticsearchSecretsServiceToken0 struct {
-	Id string `json:"id"`
-}
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From *SecurityDetectionsAPIRuleIntervalFrom `json:"from,omitempty"`
 
-// NewOutputRemoteElasticsearchSecretsServiceToken1 defines model for .
-type NewOutputRemoteElasticsearchSecretsServiceToken1 = string
+	// Id A universally unique identifier
+	Id *SecurityDetectionsAPIRuleObjectId `json:"id,omitempty"`
 
-// NewOutputRemoteElasticsearch_Secrets_ServiceToken defines model for NewOutputRemoteElasticsearch.Secrets.ServiceToken.
-type NewOutputRemoteElasticsearch_Secrets_ServiceToken struct {
-	union json.RawMessage
-}
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval *SecurityDetectionsAPIRuleInterval `json:"interval,omitempty"`
 
-// NewOutputRemoteElasticsearchSecretsSslKey0 defines model for .
-type NewOutputRemoteElasticsearchSecretsSslKey0 struct {
-	Id string `json:"id"`
-}
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	Language            SecurityDetectionsAPIEsqlQueryLanguage    `json:"language"`
 
-// NewOutputRemoteElasticsearchSecretsSslKey1 defines model for .
-type NewOutputRemoteElasticsearchSecretsSslKey1 = string
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
 
-// NewOutputRemoteElasticsearch_Secrets_Ssl_Key defines model for NewOutputRemoteElasticsearch.Secrets.Ssl.Key.
-type NewOutputRemoteElasticsearch_Secrets_Ssl_Key struct {
-	union json.RawMessage
-}
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals *SecurityDetectionsAPIMaxSignals `json:"max_signals,omitempty"`
 
-// NewOutputRemoteElasticsearchType defines model for NewOutputRemoteElasticsearch.Type.
-type NewOutputRemoteElasticsearchType string
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
 
-// NewOutputShipper defines model for new_output_shipper.
-type NewOutputShipper struct {
-	CompressionLevel            *float32 `json:"compression_level,omitempty"`
-	DiskQueueCompressionEnabled *bool    `json:"disk_queue_compression_enabled,omitempty"`
-	DiskQueueEnabled            *bool    `json:"disk_queue_enabled,omitempty"`
-	DiskQueueEncryptionEnabled  *bool    `json:"disk_queue_encryption_enabled,omitempty"`
-	DiskQueueMaxSize            *float32 `json:"disk_queue_max_size,omitempty"`
-	DiskQueuePath               *string  `json:"disk_queue_path,omitempty"`
-	Loadbalance                 *bool    `json:"loadbalance,omitempty"`
-	MaxBatchBytes               *float32 `json:"max_batch_bytes,omitempty"`
-	MemQueueEvents              *float32 `json:"mem_queue_events,omitempty"`
-	QueueFlushTimeout           *float32 `json:"queue_flush_timeout,omitempty"`
-}
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
 
-// NewOutputSsl defines model for new_output_ssl.
-type NewOutputSsl struct {
-	Certificate            *string                       `json:"certificate,omitempty"`
-	CertificateAuthorities *[]string                     `json:"certificate_authorities,omitempty"`
-	Key                    *string                       `json:"key,omitempty"`
-	VerificationMode       *NewOutputSslVerificationMode `json:"verification_mode,omitempty"`
-}
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
 
-// NewOutputSslVerificationMode defines model for NewOutputSsl.VerificationMode.
-type NewOutputSslVerificationMode string
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
 
-// NewOutputUnion defines model for new_output_union.
-type NewOutputUnion struct {
-	union json.RawMessage
-}
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
 
-// OpsgenieConfig Defines properties for connectors when type is `.opsgenie`.
-type OpsgenieConfig struct {
-	// ApiUrl The Opsgenie URL. For example, `https://api.opsgenie.com` or `https://api.eu.opsgenie.com`. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
-	ApiUrl string `json:"apiUrl"`
-}
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
 
-// OpsgenieSecrets Defines secrets for connectors when type is `.opsgenie`.
-type OpsgenieSecrets struct {
-	// ApiKey The Opsgenie API authentication key for HTTP Basic authentication.
-	ApiKey string `json:"apiKey"`
-}
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          *SecurityDetectionsAPIRuleReferenceArray      `json:"references,omitempty"`
+	RelatedIntegrations *SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations,omitempty"`
 
-// OutputElasticsearch defines model for output_elasticsearch.
-type OutputElasticsearch struct {
-	AllowEdit            *[]string                    `json:"allow_edit,omitempty"`
-	CaSha256             *string                      `json:"ca_sha256,omitempty"`
-	CaTrustedFingerprint *string                      `json:"ca_trusted_fingerprint,omitempty"`
-	ConfigYaml           *string                      `json:"config_yaml,omitempty"`
-	Hosts                []string                     `json:"hosts"`
-	Id                   *string                      `json:"id,omitempty"`
-	IsDefault            *bool                        `json:"is_default,omitempty"`
-	IsDefaultMonitoring  *bool                        `json:"is_default_monitoring,omitempty"`
-	IsInternal           *bool                        `json:"is_internal,omitempty"`
-	IsPreconfigured      *bool                        `json:"is_preconfigured,omitempty"`
-	Name                 string                       `json:"name"`
-	Preset               *OutputElasticsearchPreset   `json:"preset,omitempty"`
-	ProxyId              *string                      `json:"proxy_id,omitempty"`
-	Secrets              *OutputElasticsearch_Secrets `json:"secrets,omitempty"`
-	Shipper              *OutputShipper               `json:"shipper,omitempty"`
-	Ssl                  *OutputSsl                   `json:"ssl,omitempty"`
-	Type                 OutputElasticsearchType      `json:"type"`
-	AdditionalProperties map[string]interface{}       `json:"-"`
-}
+	// RequiredFields Elasticsearch fields and their types that need to be present for the rule to function.
+	// > info
+	// > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.
+	RequiredFields  *[]SecurityDetectionsAPIRequiredFieldInput `json:"required_fields,omitempty"`
+	ResponseActions *[]SecurityDetectionsAPIResponseAction     `json:"response_actions,omitempty"`
 
-// OutputElasticsearchPreset defines model for OutputElasticsearch.Preset.
-type OutputElasticsearchPreset string
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
 
-// OutputElasticsearchSecretsSslKey0 defines model for .
-type OutputElasticsearchSecretsSslKey0 struct {
-	Id                   string                 `json:"id"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping *SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping,omitempty"`
 
-// OutputElasticsearchSecretsSslKey1 defines model for .
-type OutputElasticsearchSecretsSslKey1 = string
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId *SecurityDetectionsAPIRuleSignatureId `json:"rule_id,omitempty"`
 
-// OutputElasticsearch_Secrets_Ssl_Key defines model for OutputElasticsearch.Secrets.Ssl.Key.
-type OutputElasticsearch_Secrets_Ssl_Key struct {
-	union json.RawMessage
-}
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
 
-// OutputElasticsearch_Secrets_Ssl defines model for OutputElasticsearch.Secrets.Ssl.
-type OutputElasticsearch_Secrets_Ssl struct {
-	Key                  *OutputElasticsearch_Secrets_Ssl_Key `json:"key,omitempty"`
-	AdditionalProperties map[string]interface{}               `json:"-"`
-}
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup *SecurityDetectionsAPISetupGuide `json:"setup,omitempty"`
 
-// OutputElasticsearch_Secrets defines model for OutputElasticsearch.Secrets.
-type OutputElasticsearch_Secrets struct {
-	Ssl                  *OutputElasticsearch_Secrets_Ssl `json:"ssl,omitempty"`
-	AdditionalProperties map[string]interface{}           `json:"-"`
-}
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
 
-// OutputElasticsearchType defines model for OutputElasticsearch.Type.
-type OutputElasticsearchType string
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping *SecurityDetectionsAPISeverityMapping `json:"severity_mapping,omitempty"`
 
-// OutputKafka defines model for output_kafka.
-type OutputKafka struct {
-	AllowEdit            *[]string                   `json:"allow_edit,omitempty"`
-	AuthType             OutputKafkaAuthType         `json:"auth_type"`
-	BrokerTimeout        *float32                    `json:"broker_timeout,omitempty"`
-	CaSha256             *string                     `json:"ca_sha256,omitempty"`
-	CaTrustedFingerprint *string                     `json:"ca_trusted_fingerprint,omitempty"`
-	ClientId             *string                     `json:"client_id,omitempty"`
-	Compression          *OutputKafkaCompression     `json:"compression,omitempty"`
-	CompressionLevel     interface{}                 `json:"compression_level"`
-	ConfigYaml           *string                     `json:"config_yaml,omitempty"`
-	ConnectionType       interface{}                 `json:"connection_type"`
-	Hash                 *OutputKafka_Hash           `json:"hash,omitempty"`
-	Headers              *[]OutputKafka_Headers_Item `json:"headers,omitempty"`
-	Hosts                []string                    `json:"hosts"`
-	Id                   *string                     `json:"id,omitempty"`
-	IsDefault            *bool                       `json:"is_default,omitempty"`
-	IsDefaultMonitoring  *bool                       `json:"is_default_monitoring,omitempty"`
-	IsInternal           *bool                       `json:"is_internal,omitempty"`
-	IsPreconfigured      *bool                       `json:"is_preconfigured,omitempty"`
-	Key                  *string                     `json:"key,omitempty"`
-	Name                 string                      `json:"name"`
-	Partition            *OutputKafkaPartition       `json:"partition,omitempty"`
-	Password             interface{}                 `json:"password"`
-	ProxyId              *string                     `json:"proxy_id,omitempty"`
-	Random               *OutputKafka_Random         `json:"random,omitempty"`
-	RequiredAcks         *OutputKafkaRequiredAcks    `json:"required_acks,omitempty"`
-	RoundRobin           *OutputKafka_RoundRobin     `json:"round_robin,omitempty"`
-	Sasl                 *OutputKafka_Sasl           `json:"sasl,omitempty"`
-	Secrets              *OutputKafka_Secrets        `json:"secrets,omitempty"`
-	Shipper              *OutputShipper              `json:"shipper,omitempty"`
-	Ssl                  *OutputSsl                  `json:"ssl,omitempty"`
-	Timeout              *float32                    `json:"timeout,omitempty"`
-	Topic                *string                     `json:"topic,omitempty"`
-	Type                 OutputKafkaType             `json:"type"`
-	Username             interface{}                 `json:"username"`
-	Version              *string                     `json:"version,omitempty"`
-	AdditionalProperties map[string]interface{}      `json:"-"`
-}
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags   *SecurityDetectionsAPIRuleTagArray `json:"tags,omitempty"`
+	Threat *SecurityDetectionsAPIThreatArray  `json:"threat,omitempty"`
 
-// OutputKafkaAuthType defines model for OutputKafka.AuthType.
-type OutputKafkaAuthType string
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
 
-// OutputKafkaCompression defines model for OutputKafka.Compression.
-type OutputKafkaCompression string
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
 
-// OutputKafka_Hash defines model for OutputKafka.Hash.
-type OutputKafka_Hash struct {
-	Hash                 *string                `json:"hash,omitempty"`
-	Random               *bool                  `json:"random,omitempty"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
 
-// OutputKafka_Headers_Item defines model for output_kafka.headers.Item.
-type OutputKafka_Headers_Item struct {
-	Key                  string                 `json:"key"`
-	Value                string                 `json:"value"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
 
-// OutputKafkaPartition defines model for OutputKafka.Partition.
-type OutputKafkaPartition string
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                *SecurityDetectionsAPIRuleIntervalTo                    `json:"to,omitempty"`
 
-// OutputKafka_Random defines model for OutputKafka.Random.
-type OutputKafka_Random struct {
-	GroupEvents          *float32               `json:"group_events,omitempty"`
-	AdditionalProperties map[string]interface{} `json:"-"`
+	// Type Rule type
+	Type SecurityDetectionsAPIEsqlRuleUpdatePropsType `json:"type"`
+
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version *SecurityDetectionsAPIRuleVersion `json:"version,omitempty"`
 }
 
-// OutputKafkaRequiredAcks defines model for OutputKafka.RequiredAcks.
-type OutputKafkaRequiredAcks int
+// SecurityDetectionsAPIEsqlRuleUpdatePropsType Rule type
+type SecurityDetectionsAPIEsqlRuleUpdatePropsType string
 
-// OutputKafka_RoundRobin defines model for OutputKafka.RoundRobin.
-type OutputKafka_RoundRobin struct {
-	GroupEvents          *float32               `json:"group_events,omitempty"`
-	AdditionalProperties map[string]interface{} `json:"-"`
+// SecurityDetectionsAPIEventCategoryOverride defines model for Security_Detections_API_EventCategoryOverride.
+type SecurityDetectionsAPIEventCategoryOverride = string
+
+// SecurityDetectionsAPIExceptionListType The exception type
+type SecurityDetectionsAPIExceptionListType string
+
+// SecurityDetectionsAPIExternalRuleSource Type of rule source for externally sourced rules, i.e. rules that have an external source, such as the Elastic Prebuilt rules repo.
+type SecurityDetectionsAPIExternalRuleSource struct {
+	// IsCustomized Determines whether an external/prebuilt rule has been customized by the user (i.e. any of its fields have been modified and diverged from the base value).
+	IsCustomized SecurityDetectionsAPIIsExternalRuleCustomized `json:"is_customized"`
+	Type         SecurityDetectionsAPIExternalRuleSourceType   `json:"type"`
 }
 
-// OutputKafkaSaslMechanism defines model for OutputKafka.Sasl.Mechanism.
-type OutputKafkaSaslMechanism string
+// SecurityDetectionsAPIExternalRuleSourceType defines model for SecurityDetectionsAPIExternalRuleSource.Type.
+type SecurityDetectionsAPIExternalRuleSourceType string
 
-// OutputKafka_Sasl defines model for OutputKafka.Sasl.
-type OutputKafka_Sasl struct {
-	Mechanism            *OutputKafkaSaslMechanism `json:"mechanism,omitempty"`
-	AdditionalProperties map[string]interface{}    `json:"-"`
+// SecurityDetectionsAPIHistoryWindowStart Start date to use when checking if a term has been seen before. Supports relative dates – for example, now-30d will search the last 30 days of data when checking if a term is new. We do not recommend using absolute dates, which can cause issues with rule performance due to querying increasing amounts of data over time.
+type SecurityDetectionsAPIHistoryWindowStart = string
+
+// SecurityDetectionsAPIIndexPatternArray Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+// > info
+// > This field is not supported for ES|QL rules.
+type SecurityDetectionsAPIIndexPatternArray = []string
+
+// SecurityDetectionsAPIInternalRuleSource Type of rule source for internally sourced rules, i.e. created within the Kibana apps.
+type SecurityDetectionsAPIInternalRuleSource struct {
+	Type SecurityDetectionsAPIInternalRuleSourceType `json:"type"`
 }
 
-// OutputKafkaSecretsPassword0 defines model for .
-type OutputKafkaSecretsPassword0 struct {
-	Id                   string                 `json:"id"`
-	AdditionalProperties map[string]interface{} `json:"-"`
+// SecurityDetectionsAPIInternalRuleSourceType defines model for SecurityDetectionsAPIInternalRuleSource.Type.
+type SecurityDetectionsAPIInternalRuleSourceType string
+
+// SecurityDetectionsAPIInvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+type SecurityDetectionsAPIInvestigationFields struct {
+	FieldNames []SecurityDetectionsAPINonEmptyString `json:"field_names"`
 }
 
-// OutputKafkaSecretsPassword1 defines model for .
-type OutputKafkaSecretsPassword1 = string
+// SecurityDetectionsAPIInvestigationGuide Notes to help investigate alerts produced by the rule.
+type SecurityDetectionsAPIInvestigationGuide = string
 
-// OutputKafka_Secrets_Password defines model for OutputKafka.Secrets.Password.
-type OutputKafka_Secrets_Password struct {
+// SecurityDetectionsAPIIsExternalRuleCustomized Determines whether an external/prebuilt rule has been customized by the user (i.e. any of its fields have been modified and diverged from the base value).
+type SecurityDetectionsAPIIsExternalRuleCustomized = bool
+
+// SecurityDetectionsAPIIsRuleEnabled Determines whether the rule is enabled. Defaults to true.
+type SecurityDetectionsAPIIsRuleEnabled = bool
+
+// SecurityDetectionsAPIIsRuleImmutable This field determines whether the rule is a prebuilt Elastic rule. It will be replaced with the `rule_source` field.
+type SecurityDetectionsAPIIsRuleImmutable = bool
+
+// SecurityDetectionsAPIItemsPerSearch defines model for Security_Detections_API_ItemsPerSearch.
+type SecurityDetectionsAPIItemsPerSearch = int
+
+// SecurityDetectionsAPIKqlQueryLanguage defines model for Security_Detections_API_KqlQueryLanguage.
+type SecurityDetectionsAPIKqlQueryLanguage string
+
+// SecurityDetectionsAPIMachineLearningJobId Machine learning job ID(s) the rule monitors for anomaly scores.
+type SecurityDetectionsAPIMachineLearningJobId struct {
 	union json.RawMessage
 }
 
-// OutputKafkaSecretsSslKey0 defines model for .
-type OutputKafkaSecretsSslKey0 struct {
-	Id                   string                 `json:"id"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+// SecurityDetectionsAPIMachineLearningJobId0 defines model for .
+type SecurityDetectionsAPIMachineLearningJobId0 = string
 
-// OutputKafkaSecretsSslKey1 defines model for .
-type OutputKafkaSecretsSslKey1 = string
+// SecurityDetectionsAPIMachineLearningJobId1 defines model for .
+type SecurityDetectionsAPIMachineLearningJobId1 = []string
 
-// OutputKafka_Secrets_Ssl_Key defines model for OutputKafka.Secrets.Ssl.Key.
-type OutputKafka_Secrets_Ssl_Key struct {
-	union json.RawMessage
-}
+// SecurityDetectionsAPIMachineLearningRule defines model for Security_Detections_API_MachineLearningRule.
+type SecurityDetectionsAPIMachineLearningRule struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions []SecurityDetectionsAPIRuleAction `json:"actions"`
 
-// OutputKafka_Secrets_Ssl defines model for OutputKafka.Secrets.Ssl.
-type OutputKafka_Secrets_Ssl struct {
-	Key                  OutputKafka_Secrets_Ssl_Key `json:"key"`
-	AdditionalProperties map[string]interface{}      `json:"-"`
-}
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
 
-// OutputKafka_Secrets defines model for OutputKafka.Secrets.
-type OutputKafka_Secrets struct {
-	Password             *OutputKafka_Secrets_Password `json:"password,omitempty"`
-	Ssl                  *OutputKafka_Secrets_Ssl      `json:"ssl,omitempty"`
-	AdditionalProperties map[string]interface{}        `json:"-"`
-}
+	// AnomalyThreshold Anomaly score threshold above which the rule creates an alert. Valid values are from 0 to 100.
+	AnomalyThreshold SecurityDetectionsAPIAnomalyThreshold `json:"anomaly_threshold"`
 
-// OutputKafkaType defines model for OutputKafka.Type.
-type OutputKafkaType string
+	// Author The rule’s author.
+	Author SecurityDetectionsAPIRuleAuthorArray `json:"author"`
 
-// OutputLogstash defines model for output_logstash.
-type OutputLogstash struct {
-	AllowEdit            *[]string               `json:"allow_edit,omitempty"`
-	CaSha256             *string                 `json:"ca_sha256,omitempty"`
-	CaTrustedFingerprint *string                 `json:"ca_trusted_fingerprint,omitempty"`
-	ConfigYaml           *string                 `json:"config_yaml,omitempty"`
-	Hosts                []string                `json:"hosts"`
-	Id                   *string                 `json:"id,omitempty"`
-	IsDefault            *bool                   `json:"is_default,omitempty"`
-	IsDefaultMonitoring  *bool                   `json:"is_default_monitoring,omitempty"`
-	IsInternal           *bool                   `json:"is_internal,omitempty"`
-	IsPreconfigured      *bool                   `json:"is_preconfigured,omitempty"`
-	Name                 string                  `json:"name"`
-	ProxyId              *string                 `json:"proxy_id,omitempty"`
-	Secrets              *OutputLogstash_Secrets `json:"secrets,omitempty"`
-	Shipper              *OutputShipper          `json:"shipper,omitempty"`
-	Ssl                  *OutputSsl              `json:"ssl,omitempty"`
-	Type                 OutputLogstashType      `json:"type"`
-	AdditionalProperties map[string]interface{}  `json:"-"`
-}
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
+	CreatedAt         time.Time                               `json:"created_at"`
+	CreatedBy         string                                  `json:"created_by"`
 
-// OutputLogstashSecretsSslKey0 defines model for .
-type OutputLogstashSecretsSslKey0 struct {
-	Id                   string                 `json:"id"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
 
-// OutputLogstashSecretsSslKey1 defines model for .
-type OutputLogstashSecretsSslKey1 = string
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        SecurityDetectionsAPIIsRuleEnabled       `json:"enabled"`
+	ExceptionsList []SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list"`
 
-// OutputLogstash_Secrets_Ssl_Key defines model for OutputLogstash.Secrets.Ssl.Key.
-type OutputLogstash_Secrets_Ssl_Key struct {
-	union json.RawMessage
-}
+	// ExecutionSummary Summary of the last execution of a rule.
+	// > info
+	// > This field is under development and its usage or schema may change
+	ExecutionSummary *SecurityDetectionsAPIRuleExecutionSummary `json:"execution_summary,omitempty"`
 
-// OutputLogstash_Secrets_Ssl defines model for OutputLogstash.Secrets.Ssl.
-type OutputLogstash_Secrets_Ssl struct {
-	Key                  *OutputLogstash_Secrets_Ssl_Key `json:"key,omitempty"`
-	AdditionalProperties map[string]interface{}          `json:"-"`
-}
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives"`
 
-// OutputLogstash_Secrets defines model for OutputLogstash.Secrets.
-type OutputLogstash_Secrets struct {
-	Ssl                  *OutputLogstash_Secrets_Ssl `json:"ssl,omitempty"`
-	AdditionalProperties map[string]interface{}      `json:"-"`
-}
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From SecurityDetectionsAPIRuleIntervalFrom `json:"from"`
 
-// OutputLogstashType defines model for OutputLogstash.Type.
-type OutputLogstashType string
+	// Id A universally unique identifier
+	Id SecurityDetectionsAPIRuleObjectId `json:"id"`
 
-// OutputRemoteElasticsearch defines model for output_remote_elasticsearch.
-type OutputRemoteElasticsearch struct {
-	AllowEdit                   *[]string                          `json:"allow_edit,omitempty"`
-	CaSha256                    *string                            `json:"ca_sha256,omitempty"`
-	CaTrustedFingerprint        *string                            `json:"ca_trusted_fingerprint,omitempty"`
-	ConfigYaml                  *string                            `json:"config_yaml,omitempty"`
-	Hosts                       []string                           `json:"hosts"`
-	Id                          *string                            `json:"id,omitempty"`
-	IsDefault                   *bool                              `json:"is_default,omitempty"`
-	IsDefaultMonitoring         *bool                              `json:"is_default_monitoring,omitempty"`
-	IsInternal                  *bool                              `json:"is_internal,omitempty"`
-	IsPreconfigured             *bool                              `json:"is_preconfigured,omitempty"`
-	KibanaApiKey                *string                            `json:"kibana_api_key,omitempty"`
-	KibanaUrl                   *string                            `json:"kibana_url,omitempty"`
-	Name                        string                             `json:"name"`
-	Preset                      *OutputRemoteElasticsearchPreset   `json:"preset,omitempty"`
-	ProxyId                     *string                            `json:"proxy_id,omitempty"`
-	Secrets                     *OutputRemoteElasticsearch_Secrets `json:"secrets,omitempty"`
-	ServiceToken                *string                            `json:"service_token,omitempty"`
-	Shipper                     *OutputShipper                     `json:"shipper,omitempty"`
-	Ssl                         *OutputSsl                         `json:"ssl,omitempty"`
-	SyncIntegrations            *bool                              `json:"sync_integrations,omitempty"`
-	SyncUninstalledIntegrations *bool                              `json:"sync_uninstalled_integrations,omitempty"`
-	Type                        OutputRemoteElasticsearchType      `json:"type"`
-	AdditionalProperties        map[string]interface{}             `json:"-"`
-}
+	// Immutable This field determines whether the rule is a prebuilt Elastic rule. It will be replaced with the `rule_source` field.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	Immutable SecurityDetectionsAPIIsRuleImmutable `json:"immutable"`
 
-// OutputRemoteElasticsearchPreset defines model for OutputRemoteElasticsearch.Preset.
-type OutputRemoteElasticsearchPreset string
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval SecurityDetectionsAPIRuleInterval `json:"interval"`
 
-// OutputRemoteElasticsearchSecretsServiceToken0 defines model for .
-type OutputRemoteElasticsearchSecretsServiceToken0 struct {
-	Id                   string                 `json:"id"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
 
-// OutputRemoteElasticsearchSecretsServiceToken1 defines model for .
-type OutputRemoteElasticsearchSecretsServiceToken1 = string
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
 
-// OutputRemoteElasticsearch_Secrets_ServiceToken defines model for OutputRemoteElasticsearch.Secrets.ServiceToken.
-type OutputRemoteElasticsearch_Secrets_ServiceToken struct {
-	union json.RawMessage
-}
+	// MachineLearningJobId Machine learning job ID(s) the rule monitors for anomaly scores.
+	MachineLearningJobId SecurityDetectionsAPIMachineLearningJobId `json:"machine_learning_job_id"`
 
-// OutputRemoteElasticsearchSecretsSslKey0 defines model for .
-type OutputRemoteElasticsearchSecretsSslKey0 struct {
-	Id                   string                 `json:"id"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals SecurityDetectionsAPIMaxSignals `json:"max_signals"`
 
-// OutputRemoteElasticsearchSecretsSslKey1 defines model for .
-type OutputRemoteElasticsearchSecretsSslKey1 = string
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
 
-// OutputRemoteElasticsearch_Secrets_Ssl_Key defines model for OutputRemoteElasticsearch.Secrets.Ssl.Key.
-type OutputRemoteElasticsearch_Secrets_Ssl_Key struct {
-	union json.RawMessage
-}
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
 
-// OutputRemoteElasticsearch_Secrets_Ssl defines model for OutputRemoteElasticsearch.Secrets.Ssl.
-type OutputRemoteElasticsearch_Secrets_Ssl struct {
-	Key                  *OutputRemoteElasticsearch_Secrets_Ssl_Key `json:"key,omitempty"`
-	AdditionalProperties map[string]interface{}                     `json:"-"`
-}
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
 
-// OutputRemoteElasticsearch_Secrets defines model for OutputRemoteElasticsearch.Secrets.
-type OutputRemoteElasticsearch_Secrets struct {
-	ServiceToken         *OutputRemoteElasticsearch_Secrets_ServiceToken `json:"service_token,omitempty"`
-	Ssl                  *OutputRemoteElasticsearch_Secrets_Ssl          `json:"ssl,omitempty"`
-	AdditionalProperties map[string]interface{}                          `json:"-"`
-}
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
 
-// OutputRemoteElasticsearchType defines model for OutputRemoteElasticsearch.Type.
-type OutputRemoteElasticsearchType string
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
 
-// OutputShipper defines model for output_shipper.
-type OutputShipper struct {
-	CompressionLevel            *float32               `json:"compression_level,omitempty"`
-	DiskQueueCompressionEnabled *bool                  `json:"disk_queue_compression_enabled,omitempty"`
-	DiskQueueEnabled            *bool                  `json:"disk_queue_enabled,omitempty"`
-	DiskQueueEncryptionEnabled  *bool                  `json:"disk_queue_encryption_enabled,omitempty"`
-	DiskQueueMaxSize            *float32               `json:"disk_queue_max_size,omitempty"`
-	DiskQueuePath               *string                `json:"disk_queue_path,omitempty"`
-	Loadbalance                 *bool                  `json:"loadbalance,omitempty"`
-	MaxBatchBytes               *float32               `json:"max_batch_bytes,omitempty"`
-	MemQueueEvents              *float32               `json:"mem_queue_events,omitempty"`
-	QueueFlushTimeout           *float32               `json:"queue_flush_timeout,omitempty"`
-	AdditionalProperties        map[string]interface{} `json:"-"`
-}
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          SecurityDetectionsAPIRuleReferenceArray      `json:"references"`
+	RelatedIntegrations SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations"`
+	RequiredFields      SecurityDetectionsAPIRequiredFieldArray      `json:"required_fields"`
+	ResponseActions     *[]SecurityDetectionsAPIResponseAction       `json:"response_actions,omitempty"`
 
-// OutputSsl defines model for output_ssl.
-type OutputSsl struct {
-	Certificate            *string                    `json:"certificate,omitempty"`
-	CertificateAuthorities *[]string                  `json:"certificate_authorities,omitempty"`
-	Key                    *string                    `json:"key,omitempty"`
-	VerificationMode       *OutputSslVerificationMode `json:"verification_mode,omitempty"`
-	AdditionalProperties   map[string]interface{}     `json:"-"`
-}
+	// Revision The rule's revision number.
+	//
+	// It represents the version of rule's object in Kibana. It is set to `0` when the rule is installed or created and then gets incremented on each update.
+	// > info
+	// > Not all updates to any rule fields will increment the revision. Only those fields that are considered static `rule parameters` can trigger revision increments. For example, an update to a rule's query or index fields will increment the rule's revision by `1`. However, changes to dynamic or technical fields like enabled or execution_summary will not cause revision increments.
+	Revision SecurityDetectionsAPIRuleRevision `json:"revision"`
 
-// OutputSslVerificationMode defines model for OutputSsl.VerificationMode.
-type OutputSslVerificationMode string
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
 
-// OutputUnion defines model for output_union.
-type OutputUnion struct {
-	union json.RawMessage
-}
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping"`
 
-// PackageInfo defines model for package_info.
-type PackageInfo struct {
-	Agent *struct {
-		Privileges *struct {
-			Root *bool `json:"root,omitempty"`
-		} `json:"privileges,omitempty"`
-	} `json:"agent,omitempty"`
-	AssetTags *[]struct {
-		AssetIds   *[]string `json:"asset_ids,omitempty"`
-		AssetTypes *[]string `json:"asset_types,omitempty"`
-		Text       string    `json:"text"`
-	} `json:"asset_tags,omitempty"`
-	Assets               map[string]interface{}        `json:"assets"`
-	Categories           *[]string                     `json:"categories,omitempty"`
-	Conditions           *PackageInfo_Conditions       `json:"conditions,omitempty"`
-	DataStreams          *[]map[string]interface{}     `json:"data_streams,omitempty"`
-	Description          *string                       `json:"description,omitempty"`
-	Discovery            *PackageInfo_Discovery        `json:"discovery,omitempty"`
-	Download             *string                       `json:"download,omitempty"`
-	Elasticsearch        *map[string]interface{}       `json:"elasticsearch,omitempty"`
-	FormatVersion        *string                       `json:"format_version,omitempty"`
-	Icons                *[]PackageInfo_Icons_Item     `json:"icons,omitempty"`
-	InstallationInfo     *PackageInfo_InstallationInfo `json:"installationInfo,omitempty"`
-	Internal             *bool                         `json:"internal,omitempty"`
-	KeepPoliciesUpToDate *bool                         `json:"keepPoliciesUpToDate,omitempty"`
-	LatestVersion        *string                       `json:"latestVersion,omitempty"`
-	License              *string                       `json:"license,omitempty"`
-	LicensePath          *string                       `json:"licensePath,omitempty"`
-	Name                 string                        `json:"name"`
-	Notice               *string                       `json:"notice,omitempty"`
-	Owner                *PackageInfo_Owner            `json:"owner,omitempty"`
-	Path                 *string                       `json:"path,omitempty"`
-	PolicyTemplates      *[]map[string]interface{}     `json:"policy_templates,omitempty"`
-	Readme               *string                       `json:"readme,omitempty"`
-	Release              *PackageInfoRelease           `json:"release,omitempty"`
-	Screenshots          *[]struct {
-		DarkMode *bool   `json:"dark_mode,omitempty"`
-		Path     *string `json:"path,omitempty"`
-		Size     *string `json:"size,omitempty"`
-		Src      string  `json:"src"`
-		Title    *string `json:"title,omitempty"`
-		Type     *string `json:"type,omitempty"`
-	} `json:"screenshots,omitempty"`
-	SignaturePath        *string                   `json:"signature_path,omitempty"`
-	Source               *PackageInfo_Source       `json:"source,omitempty"`
-	Status               *string                   `json:"status,omitempty"`
-	Title                string                    `json:"title"`
-	Type                 *PackageInfo_Type         `json:"type,omitempty"`
-	Vars                 *[]map[string]interface{} `json:"vars,omitempty"`
-	Version              string                    `json:"version"`
-	AdditionalProperties map[string]interface{}    `json:"-"`
-}
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId SecurityDetectionsAPIRuleSignatureId `json:"rule_id"`
 
-// PackageInfo_Conditions_Elastic defines model for PackageInfo.Conditions.Elastic.
-type PackageInfo_Conditions_Elastic struct {
-	Capabilities         *[]string              `json:"capabilities,omitempty"`
-	Subscription         *string                `json:"subscription,omitempty"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
 
-// PackageInfo_Conditions_Kibana defines model for PackageInfo.Conditions.Kibana.
-type PackageInfo_Conditions_Kibana struct {
-	Version              *string                `json:"version,omitempty"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// RuleSource Discriminated union that determines whether the rule is internally sourced (created within the Kibana app) or has an external source, such as the Elastic Prebuilt rules repo.
+	RuleSource SecurityDetectionsAPIRuleSource `json:"rule_source"`
 
-// PackageInfo_Conditions defines model for PackageInfo.Conditions.
-type PackageInfo_Conditions struct {
-	Elastic              *PackageInfo_Conditions_Elastic `json:"elastic,omitempty"`
-	Kibana               *PackageInfo_Conditions_Kibana  `json:"kibana,omitempty"`
-	AdditionalProperties map[string]interface{}          `json:"-"`
-}
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup SecurityDetectionsAPISetupGuide `json:"setup"`
 
-// PackageInfo_Discovery_Fields_Item defines model for PackageInfo.Discovery.Fields.Item.
-type PackageInfo_Discovery_Fields_Item struct {
-	Name                 string                 `json:"name"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
 
-// PackageInfo_Discovery defines model for PackageInfo.Discovery.
-type PackageInfo_Discovery struct {
-	Fields               *[]PackageInfo_Discovery_Fields_Item `json:"fields,omitempty"`
-	AdditionalProperties map[string]interface{}               `json:"-"`
-}
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping SecurityDetectionsAPISeverityMapping `json:"severity_mapping"`
 
-// PackageInfo_Icons_Item defines model for package_info.icons.Item.
-type PackageInfo_Icons_Item struct {
-	DarkMode             *bool                  `json:"dark_mode,omitempty"`
-	Path                 *string                `json:"path,omitempty"`
-	Size                 *string                `json:"size,omitempty"`
-	Src                  string                 `json:"src"`
-	Title                *string                `json:"title,omitempty"`
-	Type                 *string                `json:"type,omitempty"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags   SecurityDetectionsAPIRuleTagArray `json:"tags"`
+	Threat SecurityDetectionsAPIThreatArray  `json:"threat"`
 
-// PackageInfoInstallationInfoAdditionalSpacesInstalledKibanaType0 defines model for PackageInfo.InstallationInfo.AdditionalSpacesInstalledKibana.Type.0.
-type PackageInfoInstallationInfoAdditionalSpacesInstalledKibanaType0 string
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
 
-// PackageInfoInstallationInfoAdditionalSpacesInstalledKibanaType1 defines model for .
-type PackageInfoInstallationInfoAdditionalSpacesInstalledKibanaType1 = string
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
 
-// PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Type defines model for PackageInfo.InstallationInfo.AdditionalSpacesInstalledKibana.Type.
-type PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Type struct {
-	union json.RawMessage
-}
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
 
-// PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item defines model for PackageInfo.InstallationInfo.AdditionalSpacesInstalledKibana.Item.
-type PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item struct {
-	Id                   string                                                            `json:"id"`
-	OriginId             *string                                                           `json:"originId,omitempty"`
-	Type                 PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Type `json:"type"`
-	AdditionalProperties map[string]interface{}                                            `json:"-"`
-}
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
 
-// PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features defines model for PackageInfo.InstallationInfo.ExperimentalDataStreamFeatures.Features.
-type PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features struct {
-	DocValueOnlyNumeric  *bool                  `json:"doc_value_only_numeric,omitempty"`
-	DocValueOnlyOther    *bool                  `json:"doc_value_only_other,omitempty"`
-	SyntheticSource      *bool                  `json:"synthetic_source,omitempty"`
-	Tsdb                 *bool                  `json:"tsdb,omitempty"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                SecurityDetectionsAPIRuleIntervalTo                     `json:"to"`
 
-// PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item defines model for PackageInfo.InstallationInfo.ExperimentalDataStreamFeatures.Item.
-type PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item struct {
-	DataStream           string                                                               `json:"data_stream"`
-	Features             PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features `json:"features"`
-	AdditionalProperties map[string]interface{}                                               `json:"-"`
+	// Type Rule type
+	Type      SecurityDetectionsAPIMachineLearningRuleType `json:"type"`
+	UpdatedAt time.Time                                    `json:"updated_at"`
+	UpdatedBy string                                       `json:"updated_by"`
+
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version SecurityDetectionsAPIRuleVersion `json:"version"`
 }
 
-// PackageInfoInstallationInfoInstallSource defines model for PackageInfo.InstallationInfo.InstallSource.
-type PackageInfoInstallationInfoInstallSource string
+// SecurityDetectionsAPIMachineLearningRuleType Rule type
+type SecurityDetectionsAPIMachineLearningRuleType string
 
-// PackageInfoInstallationInfoInstallStatus defines model for PackageInfo.InstallationInfo.InstallStatus.
-type PackageInfoInstallationInfoInstallStatus string
+// SecurityDetectionsAPIMachineLearningRuleCreateFields defines model for Security_Detections_API_MachineLearningRuleCreateFields.
+type SecurityDetectionsAPIMachineLearningRuleCreateFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression `json:"alert_suppression,omitempty"`
 
-// PackageInfoInstallationInfoInstalledEsType defines model for PackageInfo.InstallationInfo.InstalledEs.Type.
-type PackageInfoInstallationInfoInstalledEsType string
+	// AnomalyThreshold Anomaly score threshold above which the rule creates an alert. Valid values are from 0 to 100.
+	AnomalyThreshold SecurityDetectionsAPIAnomalyThreshold `json:"anomaly_threshold"`
 
-// PackageInfo_InstallationInfo_InstalledEs_Item defines model for PackageInfo.InstallationInfo.InstalledEs.Item.
-type PackageInfo_InstallationInfo_InstalledEs_Item struct {
-	Deferred             *bool                                      `json:"deferred,omitempty"`
-	Id                   string                                     `json:"id"`
-	Type                 PackageInfoInstallationInfoInstalledEsType `json:"type"`
-	Version              *string                                    `json:"version,omitempty"`
-	AdditionalProperties map[string]interface{}                     `json:"-"`
+	// MachineLearningJobId Machine learning job ID(s) the rule monitors for anomaly scores.
+	MachineLearningJobId SecurityDetectionsAPIMachineLearningJobId `json:"machine_learning_job_id"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIMachineLearningRuleCreateFieldsType `json:"type"`
 }
 
-// PackageInfoInstallationInfoInstalledKibanaType0 defines model for PackageInfo.InstallationInfo.InstalledKibana.Type.0.
-type PackageInfoInstallationInfoInstalledKibanaType0 string
+// SecurityDetectionsAPIMachineLearningRuleCreateFieldsType Rule type
+type SecurityDetectionsAPIMachineLearningRuleCreateFieldsType string
 
-// PackageInfoInstallationInfoInstalledKibanaType1 defines model for .
-type PackageInfoInstallationInfoInstalledKibanaType1 = string
+// SecurityDetectionsAPIMachineLearningRuleCreateProps defines model for Security_Detections_API_MachineLearningRuleCreateProps.
+type SecurityDetectionsAPIMachineLearningRuleCreateProps struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions *[]SecurityDetectionsAPIRuleAction `json:"actions,omitempty"`
 
-// PackageInfo_InstallationInfo_InstalledKibana_Type defines model for PackageInfo.InstallationInfo.InstalledKibana.Type.
-type PackageInfo_InstallationInfo_InstalledKibana_Type struct {
-	union json.RawMessage
-}
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
 
-// PackageInfo_InstallationInfo_InstalledKibana_Item defines model for PackageInfo.InstallationInfo.InstalledKibana.Item.
-type PackageInfo_InstallationInfo_InstalledKibana_Item struct {
-	Id                   string                                            `json:"id"`
-	OriginId             *string                                           `json:"originId,omitempty"`
-	Type                 PackageInfo_InstallationInfo_InstalledKibana_Type `json:"type"`
-	AdditionalProperties map[string]interface{}                            `json:"-"`
-}
+	// AnomalyThreshold Anomaly score threshold above which the rule creates an alert. Valid values are from 0 to 100.
+	AnomalyThreshold SecurityDetectionsAPIAnomalyThreshold `json:"anomaly_threshold"`
 
-// PackageInfo_InstallationInfo_LatestExecutedState defines model for PackageInfo.InstallationInfo.LatestExecutedState.
-type PackageInfo_InstallationInfo_LatestExecutedState struct {
-	Error                *string                `json:"error,omitempty"`
-	Name                 *string                `json:"name,omitempty"`
-	StartedAt            *string                `json:"started_at,omitempty"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// Author The rule’s author.
+	Author *SecurityDetectionsAPIRuleAuthorArray `json:"author,omitempty"`
 
-// PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error defines model for PackageInfo.InstallationInfo.LatestInstallFailedAttempts.Error.
-type PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error struct {
-	Message              string                 `json:"message"`
-	Name                 string                 `json:"name"`
-	Stack                *string                `json:"stack,omitempty"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
 
-// PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item defines model for PackageInfo.InstallationInfo.LatestInstallFailedAttempts.Item.
-type PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item struct {
-	CreatedAt            string                                                         `json:"created_at"`
-	Error                PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error `json:"error"`
-	TargetVersion        string                                                         `json:"target_version"`
-	AdditionalProperties map[string]interface{}                                         `json:"-"`
-}
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
 
-// PackageInfoInstallationInfoVerificationStatus defines model for PackageInfo.InstallationInfo.VerificationStatus.
-type PackageInfoInstallationInfoVerificationStatus string
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        *SecurityDetectionsAPIIsRuleEnabled       `json:"enabled,omitempty"`
+	ExceptionsList *[]SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list,omitempty"`
 
-// PackageInfo_InstallationInfo defines model for PackageInfo.InstallationInfo.
-type PackageInfo_InstallationInfo struct {
-	AdditionalSpacesInstalledKibana *map[string][]PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item `json:"additional_spaces_installed_kibana,omitempty"`
-	CreatedAt                       *string                                                                         `json:"created_at,omitempty"`
-	ExperimentalDataStreamFeatures  *[]PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item             `json:"experimental_data_stream_features,omitempty"`
-	InstallFormatSchemaVersion      *string                                                                         `json:"install_format_schema_version,omitempty"`
-	InstallSource                   PackageInfoInstallationInfoInstallSource                                        `json:"install_source"`
-	InstallStatus                   PackageInfoInstallationInfoInstallStatus                                        `json:"install_status"`
-	InstalledEs                     []PackageInfo_InstallationInfo_InstalledEs_Item                                 `json:"installed_es"`
-	InstalledKibana                 []PackageInfo_InstallationInfo_InstalledKibana_Item                             `json:"installed_kibana"`
-	InstalledKibanaSpaceId          *string                                                                         `json:"installed_kibana_space_id,omitempty"`
-	LatestExecutedState             *PackageInfo_InstallationInfo_LatestExecutedState                               `json:"latest_executed_state,omitempty"`
-	LatestInstallFailedAttempts     *[]PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item                `json:"latest_install_failed_attempts,omitempty"`
-	Name                            string                                                                          `json:"name"`
-	Namespaces                      *[]string                                                                       `json:"namespaces,omitempty"`
-	Type                            string                                                                          `json:"type"`
-	UpdatedAt                       *string                                                                         `json:"updated_at,omitempty"`
-	VerificationKeyId               *string                                                                         `json:"verification_key_id,omitempty"`
-	VerificationStatus              PackageInfoInstallationInfoVerificationStatus                                   `json:"verification_status"`
-	Version                         string                                                                          `json:"version"`
-	AdditionalProperties            map[string]interface{}                                                          `json:"-"`
-}
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives *SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives,omitempty"`
 
-// PackageInfoOwnerType defines model for PackageInfo.Owner.Type.
-type PackageInfoOwnerType string
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From *SecurityDetectionsAPIRuleIntervalFrom `json:"from,omitempty"`
 
-// PackageInfo_Owner defines model for PackageInfo.Owner.
-type PackageInfo_Owner struct {
-	Github               *string                `json:"github,omitempty"`
-	Type                 *PackageInfoOwnerType  `json:"type,omitempty"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval *SecurityDetectionsAPIRuleInterval `json:"interval,omitempty"`
 
-// PackageInfoRelease defines model for PackageInfo.Release.
-type PackageInfoRelease string
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
 
-// PackageInfo_Source defines model for PackageInfo.Source.
-type PackageInfo_Source struct {
-	License              string                 `json:"license"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
 
-// PackageInfoType0 defines model for PackageInfo.Type.0.
-type PackageInfoType0 string
+	// MachineLearningJobId Machine learning job ID(s) the rule monitors for anomaly scores.
+	MachineLearningJobId SecurityDetectionsAPIMachineLearningJobId `json:"machine_learning_job_id"`
 
-// PackageInfoType1 defines model for PackageInfo.Type.1.
-type PackageInfoType1 string
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals *SecurityDetectionsAPIMaxSignals `json:"max_signals,omitempty"`
 
-// PackageInfoType2 defines model for PackageInfo.Type.2.
-type PackageInfoType2 string
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
 
-// PackageInfoType3 defines model for .
-type PackageInfoType3 = string
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
 
-// PackageInfo_Type defines model for PackageInfo.Type.
-type PackageInfo_Type struct {
-	union json.RawMessage
-}
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
 
-// PackageListItem defines model for package_list_item.
-type PackageListItem struct {
-	Categories           *[]string                         `json:"categories,omitempty"`
-	Conditions           *PackageListItem_Conditions       `json:"conditions,omitempty"`
-	DataStreams          *[]map[string]interface{}         `json:"data_streams,omitempty"`
-	Description          *string                           `json:"description,omitempty"`
-	Discovery            *PackageListItem_Discovery        `json:"discovery,omitempty"`
-	Download             *string                           `json:"download,omitempty"`
-	FormatVersion        *string                           `json:"format_version,omitempty"`
-	Icons                *[]PackageListItem_Icons_Item     `json:"icons,omitempty"`
-	Id                   string                            `json:"id"`
-	InstallationInfo     *PackageListItem_InstallationInfo `json:"installationInfo,omitempty"`
-	Integration          *string                           `json:"integration,omitempty"`
-	Internal             *bool                             `json:"internal,omitempty"`
-	LatestVersion        *string                           `json:"latestVersion,omitempty"`
-	Name                 string                            `json:"name"`
-	Owner                *PackageListItem_Owner            `json:"owner,omitempty"`
-	Path                 *string                           `json:"path,omitempty"`
-	PolicyTemplates      *[]map[string]interface{}         `json:"policy_templates,omitempty"`
-	Readme               *string                           `json:"readme,omitempty"`
-	Release              *PackageListItemRelease           `json:"release,omitempty"`
-	SignaturePath        *string                           `json:"signature_path,omitempty"`
-	Source               *PackageListItem_Source           `json:"source,omitempty"`
-	Status               *string                           `json:"status,omitempty"`
-	Title                string                            `json:"title"`
-	Type                 *PackageListItem_Type             `json:"type,omitempty"`
-	Vars                 *[]map[string]interface{}         `json:"vars,omitempty"`
-	Version              string                            `json:"version"`
-	AdditionalProperties map[string]interface{}            `json:"-"`
-}
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
 
-// PackageListItem_Conditions_Elastic defines model for PackageListItem.Conditions.Elastic.
-type PackageListItem_Conditions_Elastic struct {
-	Capabilities         *[]string              `json:"capabilities,omitempty"`
-	Subscription         *string                `json:"subscription,omitempty"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
 
-// PackageListItem_Conditions_Kibana defines model for PackageListItem.Conditions.Kibana.
-type PackageListItem_Conditions_Kibana struct {
-	Version              *string                `json:"version,omitempty"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          *SecurityDetectionsAPIRuleReferenceArray      `json:"references,omitempty"`
+	RelatedIntegrations *SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations,omitempty"`
 
-// PackageListItem_Conditions defines model for PackageListItem.Conditions.
-type PackageListItem_Conditions struct {
-	Elastic              *PackageListItem_Conditions_Elastic `json:"elastic,omitempty"`
-	Kibana               *PackageListItem_Conditions_Kibana  `json:"kibana,omitempty"`
-	AdditionalProperties map[string]interface{}              `json:"-"`
-}
+	// RequiredFields Elasticsearch fields and their types that need to be present for the rule to function.
+	// > info
+	// > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.
+	RequiredFields  *[]SecurityDetectionsAPIRequiredFieldInput `json:"required_fields,omitempty"`
+	ResponseActions *[]SecurityDetectionsAPIResponseAction     `json:"response_actions,omitempty"`
 
-// PackageListItem_Discovery_Fields_Item defines model for PackageListItem.Discovery.Fields.Item.
-type PackageListItem_Discovery_Fields_Item struct {
-	Name                 string                 `json:"name"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
 
-// PackageListItem_Discovery defines model for PackageListItem.Discovery.
-type PackageListItem_Discovery struct {
-	Fields               *[]PackageListItem_Discovery_Fields_Item `json:"fields,omitempty"`
-	AdditionalProperties map[string]interface{}                   `json:"-"`
-}
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping *SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping,omitempty"`
 
-// PackageListItem_Icons_Item defines model for package_list_item.icons.Item.
-type PackageListItem_Icons_Item struct {
-	DarkMode             *bool                  `json:"dark_mode,omitempty"`
-	Path                 *string                `json:"path,omitempty"`
-	Size                 *string                `json:"size,omitempty"`
-	Src                  string                 `json:"src"`
-	Title                *string                `json:"title,omitempty"`
-	Type                 *string                `json:"type,omitempty"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId *SecurityDetectionsAPIRuleSignatureId `json:"rule_id,omitempty"`
 
-// PackageListItemInstallationInfoAdditionalSpacesInstalledKibanaType0 defines model for PackageListItem.InstallationInfo.AdditionalSpacesInstalledKibana.Type.0.
-type PackageListItemInstallationInfoAdditionalSpacesInstalledKibanaType0 string
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
 
-// PackageListItemInstallationInfoAdditionalSpacesInstalledKibanaType1 defines model for .
-type PackageListItemInstallationInfoAdditionalSpacesInstalledKibanaType1 = string
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup *SecurityDetectionsAPISetupGuide `json:"setup,omitempty"`
 
-// PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Type defines model for PackageListItem.InstallationInfo.AdditionalSpacesInstalledKibana.Type.
-type PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Type struct {
-	union json.RawMessage
-}
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
 
-// PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item defines model for PackageListItem.InstallationInfo.AdditionalSpacesInstalledKibana.Item.
-type PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item struct {
-	Id                   string                                                                `json:"id"`
-	OriginId             *string                                                               `json:"originId,omitempty"`
-	Type                 PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Type `json:"type"`
-	AdditionalProperties map[string]interface{}                                                `json:"-"`
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping *SecurityDetectionsAPISeverityMapping `json:"severity_mapping,omitempty"`
+
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags   *SecurityDetectionsAPIRuleTagArray `json:"tags,omitempty"`
+	Threat *SecurityDetectionsAPIThreatArray  `json:"threat,omitempty"`
+
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
+
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
+
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
+
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
+
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                *SecurityDetectionsAPIRuleIntervalTo                    `json:"to,omitempty"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIMachineLearningRuleCreatePropsType `json:"type"`
+
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version *SecurityDetectionsAPIRuleVersion `json:"version,omitempty"`
 }
 
-// PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features defines model for PackageListItem.InstallationInfo.ExperimentalDataStreamFeatures.Features.
-type PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features struct {
-	DocValueOnlyNumeric  *bool                  `json:"doc_value_only_numeric,omitempty"`
-	DocValueOnlyOther    *bool                  `json:"doc_value_only_other,omitempty"`
-	SyntheticSource      *bool                  `json:"synthetic_source,omitempty"`
-	Tsdb                 *bool                  `json:"tsdb,omitempty"`
-	AdditionalProperties map[string]interface{} `json:"-"`
+// SecurityDetectionsAPIMachineLearningRuleCreatePropsType Rule type
+type SecurityDetectionsAPIMachineLearningRuleCreatePropsType string
+
+// SecurityDetectionsAPIMachineLearningRuleOptionalFields defines model for Security_Detections_API_MachineLearningRuleOptionalFields.
+type SecurityDetectionsAPIMachineLearningRuleOptionalFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression `json:"alert_suppression,omitempty"`
 }
 
-// PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item defines model for PackageListItem.InstallationInfo.ExperimentalDataStreamFeatures.Item.
-type PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item struct {
-	DataStream           string                                                                   `json:"data_stream"`
-	Features             PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features `json:"features"`
-	AdditionalProperties map[string]interface{}                                                   `json:"-"`
+// SecurityDetectionsAPIMachineLearningRuleRequiredFields defines model for Security_Detections_API_MachineLearningRuleRequiredFields.
+type SecurityDetectionsAPIMachineLearningRuleRequiredFields struct {
+	// AnomalyThreshold Anomaly score threshold above which the rule creates an alert. Valid values are from 0 to 100.
+	AnomalyThreshold SecurityDetectionsAPIAnomalyThreshold `json:"anomaly_threshold"`
+
+	// MachineLearningJobId Machine learning job ID(s) the rule monitors for anomaly scores.
+	MachineLearningJobId SecurityDetectionsAPIMachineLearningJobId `json:"machine_learning_job_id"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIMachineLearningRuleRequiredFieldsType `json:"type"`
 }
 
-// PackageListItemInstallationInfoInstallSource defines model for PackageListItem.InstallationInfo.InstallSource.
-type PackageListItemInstallationInfoInstallSource string
+// SecurityDetectionsAPIMachineLearningRuleRequiredFieldsType Rule type
+type SecurityDetectionsAPIMachineLearningRuleRequiredFieldsType string
 
-// PackageListItemInstallationInfoInstallStatus defines model for PackageListItem.InstallationInfo.InstallStatus.
-type PackageListItemInstallationInfoInstallStatus string
+// SecurityDetectionsAPIMachineLearningRuleResponseFields defines model for Security_Detections_API_MachineLearningRuleResponseFields.
+type SecurityDetectionsAPIMachineLearningRuleResponseFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression `json:"alert_suppression,omitempty"`
 
-// PackageListItemInstallationInfoInstalledEsType defines model for PackageListItem.InstallationInfo.InstalledEs.Type.
-type PackageListItemInstallationInfoInstalledEsType string
+	// AnomalyThreshold Anomaly score threshold above which the rule creates an alert. Valid values are from 0 to 100.
+	AnomalyThreshold SecurityDetectionsAPIAnomalyThreshold `json:"anomaly_threshold"`
 
-// PackageListItem_InstallationInfo_InstalledEs_Item defines model for PackageListItem.InstallationInfo.InstalledEs.Item.
-type PackageListItem_InstallationInfo_InstalledEs_Item struct {
-	Deferred             *bool                                          `json:"deferred,omitempty"`
-	Id                   string                                         `json:"id"`
-	Type                 PackageListItemInstallationInfoInstalledEsType `json:"type"`
-	Version              *string                                        `json:"version,omitempty"`
-	AdditionalProperties map[string]interface{}                         `json:"-"`
+	// MachineLearningJobId Machine learning job ID(s) the rule monitors for anomaly scores.
+	MachineLearningJobId SecurityDetectionsAPIMachineLearningJobId `json:"machine_learning_job_id"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIMachineLearningRuleResponseFieldsType `json:"type"`
 }
 
-// PackageListItemInstallationInfoInstalledKibanaType0 defines model for PackageListItem.InstallationInfo.InstalledKibana.Type.0.
-type PackageListItemInstallationInfoInstalledKibanaType0 string
+// SecurityDetectionsAPIMachineLearningRuleResponseFieldsType Rule type
+type SecurityDetectionsAPIMachineLearningRuleResponseFieldsType string
 
-// PackageListItemInstallationInfoInstalledKibanaType1 defines model for .
-type PackageListItemInstallationInfoInstalledKibanaType1 = string
+// SecurityDetectionsAPIMachineLearningRuleUpdateProps defines model for Security_Detections_API_MachineLearningRuleUpdateProps.
+type SecurityDetectionsAPIMachineLearningRuleUpdateProps struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions *[]SecurityDetectionsAPIRuleAction `json:"actions,omitempty"`
 
-// PackageListItem_InstallationInfo_InstalledKibana_Type defines model for PackageListItem.InstallationInfo.InstalledKibana.Type.
-type PackageListItem_InstallationInfo_InstalledKibana_Type struct {
-	union json.RawMessage
-}
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
 
-// PackageListItem_InstallationInfo_InstalledKibana_Item defines model for PackageListItem.InstallationInfo.InstalledKibana.Item.
-type PackageListItem_InstallationInfo_InstalledKibana_Item struct {
-	Id                   string                                                `json:"id"`
-	OriginId             *string                                               `json:"originId,omitempty"`
-	Type                 PackageListItem_InstallationInfo_InstalledKibana_Type `json:"type"`
-	AdditionalProperties map[string]interface{}                                `json:"-"`
-}
+	// AnomalyThreshold Anomaly score threshold above which the rule creates an alert. Valid values are from 0 to 100.
+	AnomalyThreshold SecurityDetectionsAPIAnomalyThreshold `json:"anomaly_threshold"`
 
-// PackageListItem_InstallationInfo_LatestExecutedState defines model for PackageListItem.InstallationInfo.LatestExecutedState.
-type PackageListItem_InstallationInfo_LatestExecutedState struct {
-	Error                *string                `json:"error,omitempty"`
-	Name                 *string                `json:"name,omitempty"`
-	StartedAt            *string                `json:"started_at,omitempty"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// Author The rule’s author.
+	Author *SecurityDetectionsAPIRuleAuthorArray `json:"author,omitempty"`
 
-// PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error defines model for PackageListItem.InstallationInfo.LatestInstallFailedAttempts.Error.
-type PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error struct {
-	Message              string                 `json:"message"`
-	Name                 string                 `json:"name"`
-	Stack                *string                `json:"stack,omitempty"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
 
-// PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item defines model for PackageListItem.InstallationInfo.LatestInstallFailedAttempts.Item.
-type PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item struct {
-	CreatedAt            string                                                             `json:"created_at"`
-	Error                PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error `json:"error"`
-	TargetVersion        string                                                             `json:"target_version"`
-	AdditionalProperties map[string]interface{}                                             `json:"-"`
-}
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
 
-// PackageListItemInstallationInfoVerificationStatus defines model for PackageListItem.InstallationInfo.VerificationStatus.
-type PackageListItemInstallationInfoVerificationStatus string
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        *SecurityDetectionsAPIIsRuleEnabled       `json:"enabled,omitempty"`
+	ExceptionsList *[]SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list,omitempty"`
 
-// PackageListItem_InstallationInfo defines model for PackageListItem.InstallationInfo.
-type PackageListItem_InstallationInfo struct {
-	AdditionalSpacesInstalledKibana *map[string][]PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item `json:"additional_spaces_installed_kibana,omitempty"`
-	CreatedAt                       *string                                                                             `json:"created_at,omitempty"`
-	ExperimentalDataStreamFeatures  *[]PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item             `json:"experimental_data_stream_features,omitempty"`
-	InstallFormatSchemaVersion      *string                                                                             `json:"install_format_schema_version,omitempty"`
-	InstallSource                   PackageListItemInstallationInfoInstallSource                                        `json:"install_source"`
-	InstallStatus                   PackageListItemInstallationInfoInstallStatus                                        `json:"install_status"`
-	InstalledEs                     []PackageListItem_InstallationInfo_InstalledEs_Item                                 `json:"installed_es"`
-	InstalledKibana                 []PackageListItem_InstallationInfo_InstalledKibana_Item                             `json:"installed_kibana"`
-	InstalledKibanaSpaceId          *string                                                                             `json:"installed_kibana_space_id,omitempty"`
-	LatestExecutedState             *PackageListItem_InstallationInfo_LatestExecutedState                               `json:"latest_executed_state,omitempty"`
-	LatestInstallFailedAttempts     *[]PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item                `json:"latest_install_failed_attempts,omitempty"`
-	Name                            string                                                                              `json:"name"`
-	Namespaces                      *[]string                                                                           `json:"namespaces,omitempty"`
-	Type                            string                                                                              `json:"type"`
-	UpdatedAt                       *string                                                                             `json:"updated_at,omitempty"`
-	VerificationKeyId               *string                                                                             `json:"verification_key_id,omitempty"`
-	VerificationStatus              PackageListItemInstallationInfoVerificationStatus                                   `json:"verification_status"`
-	Version                         string                                                                              `json:"version"`
-	AdditionalProperties            map[string]interface{}                                                              `json:"-"`
-}
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives *SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives,omitempty"`
 
-// PackageListItemOwnerType defines model for PackageListItem.Owner.Type.
-type PackageListItemOwnerType string
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From *SecurityDetectionsAPIRuleIntervalFrom `json:"from,omitempty"`
 
-// PackageListItem_Owner defines model for PackageListItem.Owner.
-type PackageListItem_Owner struct {
-	Github               *string                   `json:"github,omitempty"`
-	Type                 *PackageListItemOwnerType `json:"type,omitempty"`
-	AdditionalProperties map[string]interface{}    `json:"-"`
-}
+	// Id A universally unique identifier
+	Id *SecurityDetectionsAPIRuleObjectId `json:"id,omitempty"`
 
-// PackageListItemRelease defines model for PackageListItem.Release.
-type PackageListItemRelease string
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval *SecurityDetectionsAPIRuleInterval `json:"interval,omitempty"`
 
-// PackageListItem_Source defines model for PackageListItem.Source.
-type PackageListItem_Source struct {
-	License              string                 `json:"license"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
 
-// PackageListItemType0 defines model for PackageListItem.Type.0.
-type PackageListItemType0 string
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
 
-// PackageListItemType1 defines model for PackageListItem.Type.1.
-type PackageListItemType1 string
+	// MachineLearningJobId Machine learning job ID(s) the rule monitors for anomaly scores.
+	MachineLearningJobId SecurityDetectionsAPIMachineLearningJobId `json:"machine_learning_job_id"`
 
-// PackageListItemType2 defines model for PackageListItem.Type.2.
-type PackageListItemType2 string
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals *SecurityDetectionsAPIMaxSignals `json:"max_signals,omitempty"`
 
-// PackageListItemType3 defines model for .
-type PackageListItemType3 = string
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
 
-// PackageListItem_Type defines model for PackageListItem.Type.
-type PackageListItem_Type struct {
-	union json.RawMessage
-}
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
 
-// PackagePolicy defines model for package_policy.
-type PackagePolicy struct {
-	// AdditionalDatastreamsPermissions Additional datastream permissions, that will be added to the agent policy.
-	AdditionalDatastreamsPermissions *[]string `json:"additional_datastreams_permissions,omitempty"`
-	Agents                           *float32  `json:"agents,omitempty"`
-	CreatedAt                        string    `json:"created_at"`
-	CreatedBy                        string    `json:"created_by"`
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
 
-	// Description Package policy description
-	Description   *string                      `json:"description,omitempty"`
-	Elasticsearch *PackagePolicy_Elasticsearch `json:"elasticsearch,omitempty"`
-	Enabled       bool                         `json:"enabled"`
-	Id            string                       `json:"id"`
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
 
-	// Inputs Package policy inputs (see integration documentation to know what inputs are available)
-	Inputs    map[string]PackagePolicyInput `json:"inputs"`
-	IsManaged *bool                         `json:"is_managed,omitempty"`
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
 
-	// Name Package policy name (should be unique)
-	Name string `json:"name"`
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          *SecurityDetectionsAPIRuleReferenceArray      `json:"references,omitempty"`
+	RelatedIntegrations *SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations,omitempty"`
 
-	// Namespace The package policy namespace. Leave blank to inherit the agent policy's namespace.
-	Namespace *string `json:"namespace,omitempty"`
-	OutputId  *string `json:"output_id,omitempty"`
+	// RequiredFields Elasticsearch fields and their types that need to be present for the rule to function.
+	// > info
+	// > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.
+	RequiredFields  *[]SecurityDetectionsAPIRequiredFieldInput `json:"required_fields,omitempty"`
+	ResponseActions *[]SecurityDetectionsAPIResponseAction     `json:"response_actions,omitempty"`
 
-	// Overrides Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
-	Overrides *struct {
-		Inputs *map[string]interface{} `json:"inputs,omitempty"`
-	} `json:"overrides,omitempty"`
-	Package *struct {
-		ExperimentalDataStreamFeatures *[]struct {
-			DataStream string `json:"data_stream"`
-			Features   struct {
-				DocValueOnlyNumeric *bool `json:"doc_value_only_numeric,omitempty"`
-				DocValueOnlyOther   *bool `json:"doc_value_only_other,omitempty"`
-				SyntheticSource     *bool `json:"synthetic_source,omitempty"`
-				Tsdb                *bool `json:"tsdb,omitempty"`
-			} `json:"features"`
-		} `json:"experimental_data_stream_features,omitempty"`
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
 
-		// Name Package name
-		Name         string  `json:"name"`
-		RequiresRoot *bool   `json:"requires_root,omitempty"`
-		Title        *string `json:"title,omitempty"`
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping *SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping,omitempty"`
 
-		// Version Package version
-		Version string `json:"version"`
-	} `json:"package,omitempty"`
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId *SecurityDetectionsAPIRuleSignatureId `json:"rule_id,omitempty"`
 
-	// PolicyId Agent policy ID where that package policy will be added
-	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
-	PolicyId         *string                   `json:"policy_id,omitempty"`
-	PolicyIds        *[]string                 `json:"policy_ids,omitempty"`
-	Revision         float32                   `json:"revision"`
-	SecretReferences *[]PackagePolicySecretRef `json:"secret_references,omitempty"`
-	SpaceIds         *[]string                 `json:"spaceIds,omitempty"`
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
 
-	// SupportsAgentless Indicates whether the package policy belongs to an agentless agent policy.
-	SupportsAgentless *bool                   `json:"supports_agentless,omitempty"`
-	UpdatedAt         string                  `json:"updated_at"`
-	UpdatedBy         string                  `json:"updated_by"`
-	Vars              *map[string]interface{} `json:"vars,omitempty"`
-	Version           *string                 `json:"version,omitempty"`
-}
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup *SecurityDetectionsAPISetupGuide `json:"setup,omitempty"`
 
-// PackagePolicy_Elasticsearch_Privileges defines model for PackagePolicy.Elasticsearch.Privileges.
-type PackagePolicy_Elasticsearch_Privileges struct {
-	Cluster              *[]string              `json:"cluster,omitempty"`
-	AdditionalProperties map[string]interface{} `json:"-"`
-}
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
 
-// PackagePolicy_Elasticsearch defines model for PackagePolicy.Elasticsearch.
-type PackagePolicy_Elasticsearch struct {
-	Privileges           *PackagePolicy_Elasticsearch_Privileges `json:"privileges,omitempty"`
-	AdditionalProperties map[string]interface{}                  `json:"-"`
-}
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping *SecurityDetectionsAPISeverityMapping `json:"severity_mapping,omitempty"`
 
-// PackagePolicyInput defines model for package_policy_input.
-type PackagePolicyInput struct {
-	// Enabled enable or disable that input, (default to true)
-	Enabled *bool `json:"enabled,omitempty"`
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags   *SecurityDetectionsAPIRuleTagArray `json:"tags,omitempty"`
+	Threat *SecurityDetectionsAPIThreatArray  `json:"threat,omitempty"`
 
-	// Streams Input streams (see integration documentation to know what streams are available)
-	Streams *map[string]PackagePolicyInputStream `json:"streams,omitempty"`
-	Vars    *map[string]interface{}              `json:"vars,omitempty"`
-}
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
 
-// PackagePolicyInputStream defines model for package_policy_input_stream.
-type PackagePolicyInputStream struct {
-	// Enabled enable or disable that stream, (default to true)
-	Enabled *bool                   `json:"enabled,omitempty"`
-	Vars    *map[string]interface{} `json:"vars,omitempty"`
-}
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
 
-// PackagePolicyRequest defines model for package_policy_request.
-type PackagePolicyRequest struct {
-	// AdditionalDatastreamsPermissions Additional datastream permissions, that will be added to the agent policy.
-	AdditionalDatastreamsPermissions *[]string `json:"additional_datastreams_permissions,omitempty"`
-	Description                      *string   `json:"description,omitempty"`
-	Force                            *bool     `json:"force,omitempty"`
-	Id                               *string   `json:"id,omitempty"`
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
 
-	// Inputs Package policy inputs (see integration documentation to know what inputs are available)
-	Inputs    *map[string]PackagePolicyRequestInput `json:"inputs,omitempty"`
-	Name      string                                `json:"name"`
-	Namespace *string                               `json:"namespace,omitempty"`
-	OutputId  *string                               `json:"output_id,omitempty"`
-	Package   PackagePolicyRequestPackage           `json:"package"`
-	PolicyId  *string                               `json:"policy_id,omitempty"`
-	PolicyIds *[]string                             `json:"policy_ids,omitempty"`
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
 
-	// SupportsAgentless Indicates whether the package policy belongs to an agentless agent policy.
-	SupportsAgentless *bool                   `json:"supports_agentless,omitempty"`
-	Vars              *map[string]interface{} `json:"vars,omitempty"`
-}
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                *SecurityDetectionsAPIRuleIntervalTo                    `json:"to,omitempty"`
 
-// PackagePolicyRequestInput defines model for package_policy_request_input.
-type PackagePolicyRequestInput struct {
-	// Enabled enable or disable that input, (default to true)
-	Enabled *bool `json:"enabled,omitempty"`
+	// Type Rule type
+	Type SecurityDetectionsAPIMachineLearningRuleUpdatePropsType `json:"type"`
 
-	// Streams Input streams (see integration documentation to know what streams are available)
-	Streams *map[string]PackagePolicyRequestInputStream `json:"streams,omitempty"`
-	Vars    *map[string]interface{}                     `json:"vars,omitempty"`
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version *SecurityDetectionsAPIRuleVersion `json:"version,omitempty"`
 }
 
-// PackagePolicyRequestInputStream defines model for package_policy_request_input_stream.
-type PackagePolicyRequestInputStream struct {
-	// Enabled enable or disable that stream, (default to true)
-	Enabled *bool                   `json:"enabled,omitempty"`
-	Vars    *map[string]interface{} `json:"vars,omitempty"`
-}
+// SecurityDetectionsAPIMachineLearningRuleUpdatePropsType Rule type
+type SecurityDetectionsAPIMachineLearningRuleUpdatePropsType string
 
-// PackagePolicyRequestPackage defines model for package_policy_request_package.
-type PackagePolicyRequestPackage struct {
-	ExperimentalDataStreamFeatures *[]struct {
-		DataStream string `json:"data_stream"`
-		Features   struct {
-			DocValueOnlyNumeric *bool `json:"doc_value_only_numeric,omitempty"`
-			DocValueOnlyOther   *bool `json:"doc_value_only_other,omitempty"`
-			SyntheticSource     *bool `json:"synthetic_source,omitempty"`
-			Tsdb                *bool `json:"tsdb,omitempty"`
-		} `json:"features"`
-	} `json:"experimental_data_stream_features,omitempty"`
+// SecurityDetectionsAPIMaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+// > info
+// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+type SecurityDetectionsAPIMaxSignals = int
 
-	// Name Package name
-	Name         string  `json:"name"`
-	RequiresRoot *bool   `json:"requires_root,omitempty"`
-	Title        *string `json:"title,omitempty"`
+// SecurityDetectionsAPINewTermsFields Fields to monitor for new values.
+type SecurityDetectionsAPINewTermsFields = []string
 
-	// Version Package version
-	Version string `json:"version"`
-}
+// SecurityDetectionsAPINewTermsRule defines model for Security_Detections_API_NewTermsRule.
+type SecurityDetectionsAPINewTermsRule struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions []SecurityDetectionsAPIRuleAction `json:"actions"`
 
-// PackagePolicySecretRef defines model for package_policy_secret_ref.
-type PackagePolicySecretRef struct {
-	Id string `json:"id"`
-}
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
 
-// PagerdutyConfig Defines properties for connectors when type is `.pagerduty`.
-type PagerdutyConfig struct {
-	// ApiUrl The PagerDuty event URL.
-	ApiUrl *string `json:"apiUrl,omitempty"`
-}
+	// Author The rule’s author.
+	Author SecurityDetectionsAPIRuleAuthorArray `json:"author"`
 
-// PagerdutySecrets Defines secrets for connectors when type is `.pagerduty`.
-type PagerdutySecrets struct {
-	// RoutingKey A 32 character PagerDuty Integration Key for an integration on a service.
-	RoutingKey string `json:"routingKey"`
-}
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
+	CreatedAt         time.Time                               `json:"created_at"`
+	CreatedBy         string                                  `json:"created_by"`
+	DataViewId        *SecurityDetectionsAPIDataViewId        `json:"data_view_id,omitempty"`
 
-// Pfx If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file.
-type Pfx = string
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
 
-// ResilientConfig Defines properties for connectors when type is `.resilient`.
-type ResilientConfig struct {
-	// ApiUrl The IBM Resilient instance URL.
-	ApiUrl string `json:"apiUrl"`
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        SecurityDetectionsAPIIsRuleEnabled       `json:"enabled"`
+	ExceptionsList []SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list"`
 
-	// OrgId The IBM Resilient organization ID.
-	OrgId string `json:"orgId"`
-}
+	// ExecutionSummary Summary of the last execution of a rule.
+	// > info
+	// > This field is under development and its usage or schema may change
+	ExecutionSummary *SecurityDetectionsAPIRuleExecutionSummary `json:"execution_summary,omitempty"`
 
-// ResilientSecrets Defines secrets for connectors when type is `.resilient`.
-type ResilientSecrets struct {
-	// ApiKeyId The authentication key ID for HTTP Basic authentication.
-	ApiKeyId string `json:"apiKeyId"`
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives"`
 
-	// ApiKeySecret The authentication key secret for HTTP Basic authentication.
-	ApiKeySecret string `json:"apiKeySecret"`
-}
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
 
-// SentineloneConfig Defines properties for connectors when type is `.sentinelone`.
-type SentineloneConfig struct {
-	// Url The SentinelOne tenant URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
-	Url string `json:"url"`
-}
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From SecurityDetectionsAPIRuleIntervalFrom `json:"from"`
 
-// SentineloneSecrets Defines secrets for connectors when type is `.sentinelone`.
-type SentineloneSecrets struct {
-	// Token The A SentinelOne API token.
-	Token string `json:"token"`
-}
+	// HistoryWindowStart Start date to use when checking if a term has been seen before. Supports relative dates – for example, now-30d will search the last 30 days of data when checking if a term is new. We do not recommend using absolute dates, which can cause issues with rule performance due to querying increasing amounts of data over time.
+	HistoryWindowStart SecurityDetectionsAPIHistoryWindowStart `json:"history_window_start"`
 
-// ServerHost defines model for server_host.
-type ServerHost struct {
-	HostUrls        []string `json:"host_urls"`
-	Id              string   `json:"id"`
-	IsDefault       *bool    `json:"is_default,omitempty"`
-	IsInternal      *bool    `json:"is_internal,omitempty"`
-	IsPreconfigured *bool    `json:"is_preconfigured,omitempty"`
-	Name            string   `json:"name"`
-	ProxyId         *string  `json:"proxy_id,omitempty"`
-	Secrets         *struct {
-		Ssl *struct {
-			EsKey *ServerHost_Secrets_Ssl_EsKey `json:"es_key,omitempty"`
-			Key   *ServerHost_Secrets_Ssl_Key   `json:"key,omitempty"`
-		} `json:"ssl,omitempty"`
-	} `json:"secrets,omitempty"`
-	Ssl *struct {
-		Certificate              *string                  `json:"certificate,omitempty"`
-		CertificateAuthorities   *[]string                `json:"certificate_authorities,omitempty"`
-		ClientAuth               *ServerHostSslClientAuth `json:"client_auth,omitempty"`
-		EsCertificate            *string                  `json:"es_certificate,omitempty"`
-		EsCertificateAuthorities *[]string                `json:"es_certificate_authorities,omitempty"`
-		EsKey                    *string                  `json:"es_key,omitempty"`
-		Key                      *string                  `json:"key,omitempty"`
-	} `json:"ssl,omitempty"`
-}
+	// Id A universally unique identifier
+	Id SecurityDetectionsAPIRuleObjectId `json:"id"`
 
-// ServerHostSecretsSslEsKey0 defines model for .
-type ServerHostSecretsSslEsKey0 struct {
-	Id string `json:"id"`
-}
+	// Immutable This field determines whether the rule is a prebuilt Elastic rule. It will be replaced with the `rule_source` field.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	Immutable SecurityDetectionsAPIIsRuleImmutable `json:"immutable"`
 
-// ServerHostSecretsSslEsKey1 defines model for .
-type ServerHostSecretsSslEsKey1 = string
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
 
-// ServerHost_Secrets_Ssl_EsKey defines model for ServerHost.Secrets.Ssl.EsKey.
-type ServerHost_Secrets_Ssl_EsKey struct {
-	union json.RawMessage
-}
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval SecurityDetectionsAPIRuleInterval `json:"interval"`
 
-// ServerHostSecretsSslKey0 defines model for .
-type ServerHostSecretsSslKey0 struct {
-	Id string `json:"id"`
-}
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	Language            SecurityDetectionsAPIKqlQueryLanguage     `json:"language"`
 
-// ServerHostSecretsSslKey1 defines model for .
-type ServerHostSecretsSslKey1 = string
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
 
-// ServerHost_Secrets_Ssl_Key defines model for ServerHost.Secrets.Ssl.Key.
-type ServerHost_Secrets_Ssl_Key struct {
-	union json.RawMessage
-}
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals SecurityDetectionsAPIMaxSignals `json:"max_signals"`
 
-// ServerHostSslClientAuth defines model for ServerHost.Ssl.ClientAuth.
-type ServerHostSslClientAuth string
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
 
-// ServicenowConfig Defines properties for connectors when type is `.servicenow`.
-type ServicenowConfig struct {
-	// ApiUrl The ServiceNow instance URL.
-	ApiUrl string `json:"apiUrl"`
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
 
-	// ClientId The client ID assigned to your OAuth application. This property is required when `isOAuth` is `true`.
-	ClientId *string `json:"clientId,omitempty"`
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
 
-	// IsOAuth The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).
-	IsOAuth *bool `json:"isOAuth,omitempty"`
+	// NewTermsFields Fields to monitor for new values.
+	NewTermsFields SecurityDetectionsAPINewTermsFields `json:"new_terms_fields"`
 
-	// JwtKeyId The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when `isOAuth` is `true`.
-	JwtKeyId *string `json:"jwtKeyId,omitempty"`
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
 
-	// UserIdentifierValue The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is `Email`, the user identifier should be the user's email address. This property is required when `isOAuth` is `true`.
-	UserIdentifierValue *string `json:"userIdentifierValue,omitempty"`
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          SecurityDetectionsAPIRuleReferenceArray      `json:"references"`
+	RelatedIntegrations SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations"`
+	RequiredFields      SecurityDetectionsAPIRequiredFieldArray      `json:"required_fields"`
+	ResponseActions     *[]SecurityDetectionsAPIResponseAction       `json:"response_actions,omitempty"`
+
+	// Revision The rule's revision number.
+	//
+	// It represents the version of rule's object in Kibana. It is set to `0` when the rule is installed or created and then gets incremented on each update.
+	// > info
+	// > Not all updates to any rule fields will increment the revision. Only those fields that are considered static `rule parameters` can trigger revision increments. For example, an update to a rule's query or index fields will increment the rule's revision by `1`. However, changes to dynamic or technical fields like enabled or execution_summary will not cause revision increments.
+	Revision SecurityDetectionsAPIRuleRevision `json:"revision"`
+
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
+
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping"`
 
-	// UsesTableApi Determines whether the connector uses the Table API or the Import Set API. This property is supported only for ServiceNow ITSM and ServiceNow SecOps connectors.  NOTE: If this property is set to `false`, the Elastic application should be installed in ServiceNow.
-	UsesTableApi *bool `json:"usesTableApi,omitempty"`
-}
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId SecurityDetectionsAPIRuleSignatureId `json:"rule_id"`
+
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
+
+	// RuleSource Discriminated union that determines whether the rule is internally sourced (created within the Kibana app) or has an external source, such as the Elastic Prebuilt rules repo.
+	RuleSource SecurityDetectionsAPIRuleSource `json:"rule_source"`
+
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup SecurityDetectionsAPISetupGuide `json:"setup"`
+
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
+
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping SecurityDetectionsAPISeverityMapping `json:"severity_mapping"`
+
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags   SecurityDetectionsAPIRuleTagArray `json:"tags"`
+	Threat SecurityDetectionsAPIThreatArray  `json:"threat"`
+
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
+
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
 
-// ServicenowItomConfig Defines properties for connectors when type is `.servicenow-itom`.
-type ServicenowItomConfig struct {
-	// ApiUrl The ServiceNow instance URL.
-	ApiUrl string `json:"apiUrl"`
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
 
-	// ClientId The client ID assigned to your OAuth application. This property is required when `isOAuth` is `true`.
-	ClientId *string `json:"clientId,omitempty"`
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
+
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                SecurityDetectionsAPIRuleIntervalTo                     `json:"to"`
+
+	// Type Rule type
+	Type      SecurityDetectionsAPINewTermsRuleType `json:"type"`
+	UpdatedAt time.Time                             `json:"updated_at"`
+	UpdatedBy string                                `json:"updated_by"`
+
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version SecurityDetectionsAPIRuleVersion `json:"version"`
+}
 
-	// IsOAuth The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).
-	IsOAuth *bool `json:"isOAuth,omitempty"`
+// SecurityDetectionsAPINewTermsRuleType Rule type
+type SecurityDetectionsAPINewTermsRuleType string
+
+// SecurityDetectionsAPINewTermsRuleCreateFields defines model for Security_Detections_API_NewTermsRuleCreateFields.
+type SecurityDetectionsAPINewTermsRuleCreateFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression `json:"alert_suppression,omitempty"`
+	DataViewId       *SecurityDetectionsAPIDataViewId       `json:"data_view_id,omitempty"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
 
-	// JwtKeyId The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when `isOAuth` is `true`.
-	JwtKeyId *string `json:"jwtKeyId,omitempty"`
+	// HistoryWindowStart Start date to use when checking if a term has been seen before. Supports relative dates – for example, now-30d will search the last 30 days of data when checking if a term is new. We do not recommend using absolute dates, which can cause issues with rule performance due to querying increasing amounts of data over time.
+	HistoryWindowStart SecurityDetectionsAPIHistoryWindowStart `json:"history_window_start"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index    *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+	Language *SecurityDetectionsAPIKqlQueryLanguage  `json:"language,omitempty"`
 
-	// UserIdentifierValue The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is `Email`, the user identifier should be the user's email address. This property is required when `isOAuth` is `true`.
-	UserIdentifierValue *string `json:"userIdentifierValue,omitempty"`
+	// NewTermsFields Fields to monitor for new values.
+	NewTermsFields SecurityDetectionsAPINewTermsFields `json:"new_terms_fields"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPINewTermsRuleCreateFieldsType `json:"type"`
 }
 
-// ServicenowSecrets Defines secrets for connectors when type is `.servicenow`, `.servicenow-sir`, or `.servicenow-itom`.
-type ServicenowSecrets struct {
-	// ClientSecret The client secret assigned to your OAuth application. This property is required when `isOAuth` is `true`.
-	ClientSecret *string `json:"clientSecret,omitempty"`
+// SecurityDetectionsAPINewTermsRuleCreateFieldsType Rule type
+type SecurityDetectionsAPINewTermsRuleCreateFieldsType string
 
-	// Password The password for HTTP basic authentication. This property is required when `isOAuth` is `false`.
-	Password *string `json:"password,omitempty"`
+// SecurityDetectionsAPINewTermsRuleCreateProps defines model for Security_Detections_API_NewTermsRuleCreateProps.
+type SecurityDetectionsAPINewTermsRuleCreateProps struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions *[]SecurityDetectionsAPIRuleAction `json:"actions,omitempty"`
 
-	// PrivateKey The RSA private key that you created for use in ServiceNow. This property is required when `isOAuth` is `true`.
-	PrivateKey *string `json:"privateKey,omitempty"`
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
 
-	// PrivateKeyPassword The password for the RSA private key. This property is required when `isOAuth` is `true` and you set a password on your private key.
-	PrivateKeyPassword *string `json:"privateKeyPassword,omitempty"`
+	// Author The rule’s author.
+	Author *SecurityDetectionsAPIRuleAuthorArray `json:"author,omitempty"`
 
-	// Username The username for HTTP basic authentication. This property is required when `isOAuth` is `false`.
-	Username *string `json:"username,omitempty"`
-}
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
+	DataViewId        *SecurityDetectionsAPIDataViewId        `json:"data_view_id,omitempty"`
 
-// SlackApiConfig Defines properties for connectors when type is `.slack_api`.
-type SlackApiConfig struct {
-	// AllowedChannels A list of valid Slack channels.
-	AllowedChannels *[]struct {
-		// Id The Slack channel ID.
-		Id string `json:"id"`
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
 
-		// Name The Slack channel name.
-		Name string `json:"name"`
-	} `json:"allowedChannels,omitempty"`
-}
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        *SecurityDetectionsAPIIsRuleEnabled       `json:"enabled,omitempty"`
+	ExceptionsList *[]SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list,omitempty"`
 
-// SlackApiSecrets Defines secrets for connectors when type is `.slack`.
-type SlackApiSecrets struct {
-	// Token Slack bot user OAuth token.
-	Token string `json:"token"`
-}
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives *SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives,omitempty"`
 
-// SwimlaneConfig Defines properties for connectors when type is `.swimlane`.
-type SwimlaneConfig struct {
-	// ApiUrl The Swimlane instance URL.
-	ApiUrl string `json:"apiUrl"`
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
 
-	// AppId The Swimlane application ID.
-	AppId string `json:"appId"`
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From *SecurityDetectionsAPIRuleIntervalFrom `json:"from,omitempty"`
 
-	// ConnectorType The type of connector. Valid values are `all`, `alerts`, and `cases`.
-	ConnectorType SwimlaneConfigConnectorType `json:"connectorType"`
+	// HistoryWindowStart Start date to use when checking if a term has been seen before. Supports relative dates – for example, now-30d will search the last 30 days of data when checking if a term is new. We do not recommend using absolute dates, which can cause issues with rule performance due to querying increasing amounts of data over time.
+	HistoryWindowStart SecurityDetectionsAPIHistoryWindowStart `json:"history_window_start"`
 
-	// Mappings The field mapping.
-	Mappings *struct {
-		// AlertIdConfig Mapping for the alert ID.
-		AlertIdConfig *struct {
-			// FieldType The type of field in Swimlane.
-			FieldType string `json:"fieldType"`
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
 
-			// Id The identifier for the field in Swimlane.
-			Id string `json:"id"`
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval *SecurityDetectionsAPIRuleInterval `json:"interval,omitempty"`
 
-			// Key The key for the field in Swimlane.
-			Key string `json:"key"`
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	Language            *SecurityDetectionsAPIKqlQueryLanguage    `json:"language,omitempty"`
 
-			// Name The name of the field in Swimlane.
-			Name string `json:"name"`
-		} `json:"alertIdConfig,omitempty"`
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
 
-		// CaseIdConfig Mapping for the case ID.
-		CaseIdConfig *struct {
-			// FieldType The type of field in Swimlane.
-			FieldType string `json:"fieldType"`
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals *SecurityDetectionsAPIMaxSignals `json:"max_signals,omitempty"`
 
-			// Id The identifier for the field in Swimlane.
-			Id string `json:"id"`
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
 
-			// Key The key for the field in Swimlane.
-			Key string `json:"key"`
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
 
-			// Name The name of the field in Swimlane.
-			Name string `json:"name"`
-		} `json:"caseIdConfig,omitempty"`
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
 
-		// CaseNameConfig Mapping for the case name.
-		CaseNameConfig *struct {
-			// FieldType The type of field in Swimlane.
-			FieldType string `json:"fieldType"`
+	// NewTermsFields Fields to monitor for new values.
+	NewTermsFields SecurityDetectionsAPINewTermsFields `json:"new_terms_fields"`
 
-			// Id The identifier for the field in Swimlane.
-			Id string `json:"id"`
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
 
-			// Key The key for the field in Swimlane.
-			Key string `json:"key"`
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
 
-			// Name The name of the field in Swimlane.
-			Name string `json:"name"`
-		} `json:"caseNameConfig,omitempty"`
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
 
-		// CommentsConfig Mapping for the case comments.
-		CommentsConfig *struct {
-			// FieldType The type of field in Swimlane.
-			FieldType string `json:"fieldType"`
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          *SecurityDetectionsAPIRuleReferenceArray      `json:"references,omitempty"`
+	RelatedIntegrations *SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations,omitempty"`
 
-			// Id The identifier for the field in Swimlane.
-			Id string `json:"id"`
+	// RequiredFields Elasticsearch fields and their types that need to be present for the rule to function.
+	// > info
+	// > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.
+	RequiredFields  *[]SecurityDetectionsAPIRequiredFieldInput `json:"required_fields,omitempty"`
+	ResponseActions *[]SecurityDetectionsAPIResponseAction     `json:"response_actions,omitempty"`
 
-			// Key The key for the field in Swimlane.
-			Key string `json:"key"`
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
 
-			// Name The name of the field in Swimlane.
-			Name string `json:"name"`
-		} `json:"commentsConfig,omitempty"`
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping *SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping,omitempty"`
 
-		// DescriptionConfig Mapping for the case description.
-		DescriptionConfig *struct {
-			// FieldType The type of field in Swimlane.
-			FieldType string `json:"fieldType"`
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId *SecurityDetectionsAPIRuleSignatureId `json:"rule_id,omitempty"`
 
-			// Id The identifier for the field in Swimlane.
-			Id string `json:"id"`
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
 
-			// Key The key for the field in Swimlane.
-			Key string `json:"key"`
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup *SecurityDetectionsAPISetupGuide `json:"setup,omitempty"`
 
-			// Name The name of the field in Swimlane.
-			Name string `json:"name"`
-		} `json:"descriptionConfig,omitempty"`
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
 
-		// RuleNameConfig Mapping for the name of the alert's rule.
-		RuleNameConfig *struct {
-			// FieldType The type of field in Swimlane.
-			FieldType string `json:"fieldType"`
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping *SecurityDetectionsAPISeverityMapping `json:"severity_mapping,omitempty"`
 
-			// Id The identifier for the field in Swimlane.
-			Id string `json:"id"`
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags   *SecurityDetectionsAPIRuleTagArray `json:"tags,omitempty"`
+	Threat *SecurityDetectionsAPIThreatArray  `json:"threat,omitempty"`
 
-			// Key The key for the field in Swimlane.
-			Key string `json:"key"`
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
 
-			// Name The name of the field in Swimlane.
-			Name string `json:"name"`
-		} `json:"ruleNameConfig,omitempty"`
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
 
-		// SeverityConfig Mapping for the severity.
-		SeverityConfig *struct {
-			// FieldType The type of field in Swimlane.
-			FieldType string `json:"fieldType"`
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
 
-			// Id The identifier for the field in Swimlane.
-			Id string `json:"id"`
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
 
-			// Key The key for the field in Swimlane.
-			Key string `json:"key"`
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                *SecurityDetectionsAPIRuleIntervalTo                    `json:"to,omitempty"`
 
-			// Name The name of the field in Swimlane.
-			Name string `json:"name"`
-		} `json:"severityConfig,omitempty"`
-	} `json:"mappings,omitempty"`
+	// Type Rule type
+	Type SecurityDetectionsAPINewTermsRuleCreatePropsType `json:"type"`
+
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version *SecurityDetectionsAPIRuleVersion `json:"version,omitempty"`
 }
 
-// SwimlaneConfigConnectorType The type of connector. Valid values are `all`, `alerts`, and `cases`.
-type SwimlaneConfigConnectorType string
+// SecurityDetectionsAPINewTermsRuleCreatePropsType Rule type
+type SecurityDetectionsAPINewTermsRuleCreatePropsType string
 
-// SwimlaneSecrets Defines secrets for connectors when type is `.swimlane`.
-type SwimlaneSecrets struct {
-	// ApiToken Swimlane API authentication token.
-	ApiToken *string `json:"apiToken,omitempty"`
+// SecurityDetectionsAPINewTermsRuleDefaultableFields defines model for Security_Detections_API_NewTermsRuleDefaultableFields.
+type SecurityDetectionsAPINewTermsRuleDefaultableFields struct {
+	Language *SecurityDetectionsAPIKqlQueryLanguage `json:"language,omitempty"`
 }
 
-// TeamsSecrets Defines secrets for connectors when type is `.teams`.
-type TeamsSecrets struct {
-	// WebhookUrl The URL of the incoming webhook. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
-	WebhookUrl string `json:"webhookUrl"`
-}
+// SecurityDetectionsAPINewTermsRuleOptionalFields defines model for Security_Detections_API_NewTermsRuleOptionalFields.
+type SecurityDetectionsAPINewTermsRuleOptionalFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression `json:"alert_suppression,omitempty"`
+	DataViewId       *SecurityDetectionsAPIDataViewId       `json:"data_view_id,omitempty"`
 
-// ThehiveConfig Defines configuration properties for connectors when type is `.thehive`.
-type ThehiveConfig struct {
-	// Organisation The organisation in TheHive that will contain the alerts or cases. By default, the connector uses the default organisation of the user account that created the API key.
-	Organisation *string `json:"organisation,omitempty"`
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
 
-	// Url The instance URL in TheHive. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
-	Url string `json:"url"`
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
 }
 
-// ThehiveSecrets Defines secrets for connectors when type is `.thehive`.
-type ThehiveSecrets struct {
-	// ApiKey The API key for authentication in TheHive.
-	ApiKey string `json:"apiKey"`
-}
+// SecurityDetectionsAPINewTermsRuleRequiredFields defines model for Security_Detections_API_NewTermsRuleRequiredFields.
+type SecurityDetectionsAPINewTermsRuleRequiredFields struct {
+	// HistoryWindowStart Start date to use when checking if a term has been seen before. Supports relative dates – for example, now-30d will search the last 30 days of data when checking if a term is new. We do not recommend using absolute dates, which can cause issues with rule performance due to querying increasing amounts of data over time.
+	HistoryWindowStart SecurityDetectionsAPIHistoryWindowStart `json:"history_window_start"`
 
-// TinesConfig Defines properties for connectors when type is `.tines`.
-type TinesConfig struct {
-	// Url The Tines tenant URL. If you are using the `xpack.actions.allowedHosts` setting, make sure this hostname is added to the allowed hosts.
-	Url string `json:"url"`
-}
+	// NewTermsFields Fields to monitor for new values.
+	NewTermsFields SecurityDetectionsAPINewTermsFields `json:"new_terms_fields"`
 
-// TinesSecrets Defines secrets for connectors when type is `.tines`.
-type TinesSecrets struct {
-	// Email The email used to sign in to Tines.
-	Email string `json:"email"`
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
 
-	// Token The Tines API token.
-	Token string `json:"token"`
+	// Type Rule type
+	Type SecurityDetectionsAPINewTermsRuleRequiredFieldsType `json:"type"`
 }
 
-// TorqConfig Defines properties for connectors when type is `.torq`.
-type TorqConfig struct {
-	// WebhookIntegrationUrl The endpoint URL of the Elastic Security integration in Torq.
-	WebhookIntegrationUrl string `json:"webhookIntegrationUrl"`
-}
+// SecurityDetectionsAPINewTermsRuleRequiredFieldsType Rule type
+type SecurityDetectionsAPINewTermsRuleRequiredFieldsType string
 
-// TorqSecrets Defines secrets for connectors when type is `.torq`.
-type TorqSecrets struct {
-	// Token The secret of the webhook authentication header.
-	Token string `json:"token"`
-}
+// SecurityDetectionsAPINewTermsRuleResponseFields defines model for Security_Detections_API_NewTermsRuleResponseFields.
+type SecurityDetectionsAPINewTermsRuleResponseFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression `json:"alert_suppression,omitempty"`
+	DataViewId       *SecurityDetectionsAPIDataViewId       `json:"data_view_id,omitempty"`
 
-// UpdateConnectorConfig The connector configuration details.
-type UpdateConnectorConfig struct {
-	AdditionalProperties map[string]interface{} `json:"-"`
-	union                json.RawMessage
-}
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
 
-// UpdateConnectorSecrets defines model for update_connector_secrets.
-type UpdateConnectorSecrets struct {
-	AdditionalProperties map[string]interface{} `json:"-"`
-	union                json.RawMessage
-}
+	// HistoryWindowStart Start date to use when checking if a term has been seen before. Supports relative dates – for example, now-30d will search the last 30 days of data when checking if a term is new. We do not recommend using absolute dates, which can cause issues with rule performance due to querying increasing amounts of data over time.
+	HistoryWindowStart SecurityDetectionsAPIHistoryWindowStart `json:"history_window_start"`
 
-// UpdateOutputElasticsearch defines model for update_output_elasticsearch.
-type UpdateOutputElasticsearch struct {
-	AllowEdit            *[]string                        `json:"allow_edit,omitempty"`
-	CaSha256             *string                          `json:"ca_sha256,omitempty"`
-	CaTrustedFingerprint *string                          `json:"ca_trusted_fingerprint,omitempty"`
-	ConfigYaml           *string                          `json:"config_yaml,omitempty"`
-	Hosts                *[]string                        `json:"hosts,omitempty"`
-	IsDefault            *bool                            `json:"is_default,omitempty"`
-	IsDefaultMonitoring  *bool                            `json:"is_default_monitoring,omitempty"`
-	IsInternal           *bool                            `json:"is_internal,omitempty"`
-	IsPreconfigured      *bool                            `json:"is_preconfigured,omitempty"`
-	Name                 *string                          `json:"name,omitempty"`
-	Preset               *UpdateOutputElasticsearchPreset `json:"preset,omitempty"`
-	ProxyId              *string                          `json:"proxy_id,omitempty"`
-	Secrets              *struct {
-		Ssl *struct {
-			Key *UpdateOutputElasticsearch_Secrets_Ssl_Key `json:"key,omitempty"`
-		} `json:"ssl,omitempty"`
-	} `json:"secrets,omitempty"`
-	Shipper *UpdateOutputShipper           `json:"shipper,omitempty"`
-	Ssl     *UpdateOutputSsl               `json:"ssl,omitempty"`
-	Type    *UpdateOutputElasticsearchType `json:"type,omitempty"`
-}
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index    *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+	Language SecurityDetectionsAPIKqlQueryLanguage   `json:"language"`
 
-// UpdateOutputElasticsearchPreset defines model for UpdateOutputElasticsearch.Preset.
-type UpdateOutputElasticsearchPreset string
+	// NewTermsFields Fields to monitor for new values.
+	NewTermsFields SecurityDetectionsAPINewTermsFields `json:"new_terms_fields"`
 
-// UpdateOutputElasticsearchSecretsSslKey0 defines model for .
-type UpdateOutputElasticsearchSecretsSslKey0 struct {
-	Id string `json:"id"`
-}
-
-// UpdateOutputElasticsearchSecretsSslKey1 defines model for .
-type UpdateOutputElasticsearchSecretsSslKey1 = string
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
 
-// UpdateOutputElasticsearch_Secrets_Ssl_Key defines model for UpdateOutputElasticsearch.Secrets.Ssl.Key.
-type UpdateOutputElasticsearch_Secrets_Ssl_Key struct {
-	union json.RawMessage
+	// Type Rule type
+	Type SecurityDetectionsAPINewTermsRuleResponseFieldsType `json:"type"`
 }
 
-// UpdateOutputElasticsearchType defines model for UpdateOutputElasticsearch.Type.
-type UpdateOutputElasticsearchType string
+// SecurityDetectionsAPINewTermsRuleResponseFieldsType Rule type
+type SecurityDetectionsAPINewTermsRuleResponseFieldsType string
 
-// UpdateOutputKafka defines model for update_output_kafka.
-type UpdateOutputKafka struct {
-	AllowEdit            *[]string                     `json:"allow_edit,omitempty"`
-	AuthType             *UpdateOutputKafkaAuthType    `json:"auth_type,omitempty"`
-	BrokerTimeout        *float32                      `json:"broker_timeout,omitempty"`
-	CaSha256             *string                       `json:"ca_sha256,omitempty"`
-	CaTrustedFingerprint *string                       `json:"ca_trusted_fingerprint,omitempty"`
-	ClientId             *string                       `json:"client_id,omitempty"`
-	Compression          *UpdateOutputKafkaCompression `json:"compression,omitempty"`
-	CompressionLevel     interface{}                   `json:"compression_level"`
-	ConfigYaml           *string                       `json:"config_yaml,omitempty"`
-	ConnectionType       interface{}                   `json:"connection_type"`
-	Hash                 *struct {
-		Hash   *string `json:"hash,omitempty"`
-		Random *bool   `json:"random,omitempty"`
-	} `json:"hash,omitempty"`
-	Headers *[]struct {
-		Key   string `json:"key"`
-		Value string `json:"value"`
-	} `json:"headers,omitempty"`
-	Hosts               *[]string                   `json:"hosts,omitempty"`
-	IsDefault           *bool                       `json:"is_default,omitempty"`
-	IsDefaultMonitoring *bool                       `json:"is_default_monitoring,omitempty"`
-	IsInternal          *bool                       `json:"is_internal,omitempty"`
-	IsPreconfigured     *bool                       `json:"is_preconfigured,omitempty"`
-	Key                 *string                     `json:"key,omitempty"`
-	Name                string                      `json:"name"`
-	Partition           *UpdateOutputKafkaPartition `json:"partition,omitempty"`
-	Password            interface{}                 `json:"password"`
-	ProxyId             *string                     `json:"proxy_id,omitempty"`
-	Random              *struct {
-		GroupEvents *float32 `json:"group_events,omitempty"`
-	} `json:"random,omitempty"`
-	RequiredAcks *UpdateOutputKafkaRequiredAcks `json:"required_acks,omitempty"`
-	RoundRobin   *struct {
-		GroupEvents *float32 `json:"group_events,omitempty"`
-	} `json:"round_robin,omitempty"`
-	Sasl *struct {
-		Mechanism *UpdateOutputKafkaSaslMechanism `json:"mechanism,omitempty"`
-	} `json:"sasl,omitempty"`
-	Secrets *struct {
-		Password *UpdateOutputKafka_Secrets_Password `json:"password,omitempty"`
-		Ssl      *struct {
-			Key UpdateOutputKafka_Secrets_Ssl_Key `json:"key"`
-		} `json:"ssl,omitempty"`
-	} `json:"secrets,omitempty"`
-	Shipper  *UpdateOutputShipper   `json:"shipper,omitempty"`
-	Ssl      *UpdateOutputSsl       `json:"ssl,omitempty"`
-	Timeout  *float32               `json:"timeout,omitempty"`
-	Topic    *string                `json:"topic,omitempty"`
-	Type     *UpdateOutputKafkaType `json:"type,omitempty"`
-	Username interface{}            `json:"username"`
-	Version  *string                `json:"version,omitempty"`
-}
+// SecurityDetectionsAPINewTermsRuleUpdateProps defines model for Security_Detections_API_NewTermsRuleUpdateProps.
+type SecurityDetectionsAPINewTermsRuleUpdateProps struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions *[]SecurityDetectionsAPIRuleAction `json:"actions,omitempty"`
 
-// UpdateOutputKafkaAuthType defines model for UpdateOutputKafka.AuthType.
-type UpdateOutputKafkaAuthType string
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
 
-// UpdateOutputKafkaCompression defines model for UpdateOutputKafka.Compression.
-type UpdateOutputKafkaCompression string
+	// Author The rule’s author.
+	Author *SecurityDetectionsAPIRuleAuthorArray `json:"author,omitempty"`
 
-// UpdateOutputKafkaPartition defines model for UpdateOutputKafka.Partition.
-type UpdateOutputKafkaPartition string
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
+	DataViewId        *SecurityDetectionsAPIDataViewId        `json:"data_view_id,omitempty"`
 
-// UpdateOutputKafkaRequiredAcks defines model for UpdateOutputKafka.RequiredAcks.
-type UpdateOutputKafkaRequiredAcks int
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
 
-// UpdateOutputKafkaSaslMechanism defines model for UpdateOutputKafka.Sasl.Mechanism.
-type UpdateOutputKafkaSaslMechanism string
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        *SecurityDetectionsAPIIsRuleEnabled       `json:"enabled,omitempty"`
+	ExceptionsList *[]SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list,omitempty"`
 
-// UpdateOutputKafkaSecretsPassword0 defines model for .
-type UpdateOutputKafkaSecretsPassword0 struct {
-	Id string `json:"id"`
-}
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives *SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives,omitempty"`
 
-// UpdateOutputKafkaSecretsPassword1 defines model for .
-type UpdateOutputKafkaSecretsPassword1 = string
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
 
-// UpdateOutputKafka_Secrets_Password defines model for UpdateOutputKafka.Secrets.Password.
-type UpdateOutputKafka_Secrets_Password struct {
-	union json.RawMessage
-}
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From *SecurityDetectionsAPIRuleIntervalFrom `json:"from,omitempty"`
 
-// UpdateOutputKafkaSecretsSslKey0 defines model for .
-type UpdateOutputKafkaSecretsSslKey0 struct {
-	Id string `json:"id"`
-}
+	// HistoryWindowStart Start date to use when checking if a term has been seen before. Supports relative dates – for example, now-30d will search the last 30 days of data when checking if a term is new. We do not recommend using absolute dates, which can cause issues with rule performance due to querying increasing amounts of data over time.
+	HistoryWindowStart SecurityDetectionsAPIHistoryWindowStart `json:"history_window_start"`
 
-// UpdateOutputKafkaSecretsSslKey1 defines model for .
-type UpdateOutputKafkaSecretsSslKey1 = string
+	// Id A universally unique identifier
+	Id *SecurityDetectionsAPIRuleObjectId `json:"id,omitempty"`
 
-// UpdateOutputKafka_Secrets_Ssl_Key defines model for UpdateOutputKafka.Secrets.Ssl.Key.
-type UpdateOutputKafka_Secrets_Ssl_Key struct {
-	union json.RawMessage
-}
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
 
-// UpdateOutputKafkaType defines model for UpdateOutputKafka.Type.
-type UpdateOutputKafkaType string
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval *SecurityDetectionsAPIRuleInterval `json:"interval,omitempty"`
 
-// UpdateOutputLogstash defines model for update_output_logstash.
-type UpdateOutputLogstash struct {
-	AllowEdit            *[]string `json:"allow_edit,omitempty"`
-	CaSha256             *string   `json:"ca_sha256,omitempty"`
-	CaTrustedFingerprint *string   `json:"ca_trusted_fingerprint,omitempty"`
-	ConfigYaml           *string   `json:"config_yaml,omitempty"`
-	Hosts                *[]string `json:"hosts,omitempty"`
-	IsDefault            *bool     `json:"is_default,omitempty"`
-	IsDefaultMonitoring  *bool     `json:"is_default_monitoring,omitempty"`
-	IsInternal           *bool     `json:"is_internal,omitempty"`
-	IsPreconfigured      *bool     `json:"is_preconfigured,omitempty"`
-	Name                 *string   `json:"name,omitempty"`
-	ProxyId              *string   `json:"proxy_id,omitempty"`
-	Secrets              *struct {
-		Ssl *struct {
-			Key *UpdateOutputLogstash_Secrets_Ssl_Key `json:"key,omitempty"`
-		} `json:"ssl,omitempty"`
-	} `json:"secrets,omitempty"`
-	Shipper *UpdateOutputShipper      `json:"shipper,omitempty"`
-	Ssl     *UpdateOutputSsl          `json:"ssl,omitempty"`
-	Type    *UpdateOutputLogstashType `json:"type,omitempty"`
-}
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	Language            *SecurityDetectionsAPIKqlQueryLanguage    `json:"language,omitempty"`
 
-// UpdateOutputLogstashSecretsSslKey0 defines model for .
-type UpdateOutputLogstashSecretsSslKey0 struct {
-	Id string `json:"id"`
-}
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
 
-// UpdateOutputLogstashSecretsSslKey1 defines model for .
-type UpdateOutputLogstashSecretsSslKey1 = string
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals *SecurityDetectionsAPIMaxSignals `json:"max_signals,omitempty"`
 
-// UpdateOutputLogstash_Secrets_Ssl_Key defines model for UpdateOutputLogstash.Secrets.Ssl.Key.
-type UpdateOutputLogstash_Secrets_Ssl_Key struct {
-	union json.RawMessage
-}
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
 
-// UpdateOutputLogstashType defines model for UpdateOutputLogstash.Type.
-type UpdateOutputLogstashType string
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
 
-// UpdateOutputRemoteElasticsearch defines model for update_output_remote_elasticsearch.
-type UpdateOutputRemoteElasticsearch struct {
-	AllowEdit            *[]string                              `json:"allow_edit,omitempty"`
-	CaSha256             *string                                `json:"ca_sha256,omitempty"`
-	CaTrustedFingerprint *string                                `json:"ca_trusted_fingerprint,omitempty"`
-	ConfigYaml           *string                                `json:"config_yaml,omitempty"`
-	Hosts                *[]string                              `json:"hosts,omitempty"`
-	IsDefault            *bool                                  `json:"is_default,omitempty"`
-	IsDefaultMonitoring  *bool                                  `json:"is_default_monitoring,omitempty"`
-	IsInternal           *bool                                  `json:"is_internal,omitempty"`
-	IsPreconfigured      *bool                                  `json:"is_preconfigured,omitempty"`
-	KibanaApiKey         *string                                `json:"kibana_api_key,omitempty"`
-	KibanaUrl            *string                                `json:"kibana_url,omitempty"`
-	Name                 *string                                `json:"name,omitempty"`
-	Preset               *UpdateOutputRemoteElasticsearchPreset `json:"preset,omitempty"`
-	ProxyId              *string                                `json:"proxy_id,omitempty"`
-	Secrets              *struct {
-		ServiceToken *UpdateOutputRemoteElasticsearch_Secrets_ServiceToken `json:"service_token,omitempty"`
-		Ssl          *struct {
-			Key *UpdateOutputRemoteElasticsearch_Secrets_Ssl_Key `json:"key,omitempty"`
-		} `json:"ssl,omitempty"`
-	} `json:"secrets,omitempty"`
-	ServiceToken                *string                              `json:"service_token,omitempty"`
-	Shipper                     *UpdateOutputShipper                 `json:"shipper,omitempty"`
-	Ssl                         *UpdateOutputSsl                     `json:"ssl,omitempty"`
-	SyncIntegrations            *bool                                `json:"sync_integrations,omitempty"`
-	SyncUninstalledIntegrations *bool                                `json:"sync_uninstalled_integrations,omitempty"`
-	Type                        *UpdateOutputRemoteElasticsearchType `json:"type,omitempty"`
-}
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
 
-// UpdateOutputRemoteElasticsearchPreset defines model for UpdateOutputRemoteElasticsearch.Preset.
-type UpdateOutputRemoteElasticsearchPreset string
+	// NewTermsFields Fields to monitor for new values.
+	NewTermsFields SecurityDetectionsAPINewTermsFields `json:"new_terms_fields"`
 
-// UpdateOutputRemoteElasticsearchSecretsServiceToken0 defines model for .
-type UpdateOutputRemoteElasticsearchSecretsServiceToken0 struct {
-	Id string `json:"id"`
-}
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
 
-// UpdateOutputRemoteElasticsearchSecretsServiceToken1 defines model for .
-type UpdateOutputRemoteElasticsearchSecretsServiceToken1 = string
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
 
-// UpdateOutputRemoteElasticsearch_Secrets_ServiceToken defines model for UpdateOutputRemoteElasticsearch.Secrets.ServiceToken.
-type UpdateOutputRemoteElasticsearch_Secrets_ServiceToken struct {
-	union json.RawMessage
-}
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
 
-// UpdateOutputRemoteElasticsearchSecretsSslKey0 defines model for .
-type UpdateOutputRemoteElasticsearchSecretsSslKey0 struct {
-	Id string `json:"id"`
-}
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          *SecurityDetectionsAPIRuleReferenceArray      `json:"references,omitempty"`
+	RelatedIntegrations *SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations,omitempty"`
 
-// UpdateOutputRemoteElasticsearchSecretsSslKey1 defines model for .
-type UpdateOutputRemoteElasticsearchSecretsSslKey1 = string
+	// RequiredFields Elasticsearch fields and their types that need to be present for the rule to function.
+	// > info
+	// > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.
+	RequiredFields  *[]SecurityDetectionsAPIRequiredFieldInput `json:"required_fields,omitempty"`
+	ResponseActions *[]SecurityDetectionsAPIResponseAction     `json:"response_actions,omitempty"`
 
-// UpdateOutputRemoteElasticsearch_Secrets_Ssl_Key defines model for UpdateOutputRemoteElasticsearch.Secrets.Ssl.Key.
-type UpdateOutputRemoteElasticsearch_Secrets_Ssl_Key struct {
-	union json.RawMessage
-}
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
 
-// UpdateOutputRemoteElasticsearchType defines model for UpdateOutputRemoteElasticsearch.Type.
-type UpdateOutputRemoteElasticsearchType string
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping *SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping,omitempty"`
 
-// UpdateOutputShipper defines model for update_output_shipper.
-type UpdateOutputShipper struct {
-	CompressionLevel            *float32 `json:"compression_level,omitempty"`
-	DiskQueueCompressionEnabled *bool    `json:"disk_queue_compression_enabled,omitempty"`
-	DiskQueueEnabled            *bool    `json:"disk_queue_enabled,omitempty"`
-	DiskQueueEncryptionEnabled  *bool    `json:"disk_queue_encryption_enabled,omitempty"`
-	DiskQueueMaxSize            *float32 `json:"disk_queue_max_size,omitempty"`
-	DiskQueuePath               *string  `json:"disk_queue_path,omitempty"`
-	Loadbalance                 *bool    `json:"loadbalance,omitempty"`
-	MaxBatchBytes               *float32 `json:"max_batch_bytes,omitempty"`
-	MemQueueEvents              *float32 `json:"mem_queue_events,omitempty"`
-	QueueFlushTimeout           *float32 `json:"queue_flush_timeout,omitempty"`
-}
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId *SecurityDetectionsAPIRuleSignatureId `json:"rule_id,omitempty"`
 
-// UpdateOutputSsl defines model for update_output_ssl.
-type UpdateOutputSsl struct {
-	Certificate            *string                          `json:"certificate,omitempty"`
-	CertificateAuthorities *[]string                        `json:"certificate_authorities,omitempty"`
-	Key                    *string                          `json:"key,omitempty"`
-	VerificationMode       *UpdateOutputSslVerificationMode `json:"verification_mode,omitempty"`
-}
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
 
-// UpdateOutputSslVerificationMode defines model for UpdateOutputSsl.VerificationMode.
-type UpdateOutputSslVerificationMode string
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup *SecurityDetectionsAPISetupGuide `json:"setup,omitempty"`
 
-// UpdateOutputUnion defines model for update_output_union.
-type UpdateOutputUnion struct {
-	union json.RawMessage
-}
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
 
-// VerificationMode Controls the verification of certificates. Use `full` to validate that the certificate has an issue date within the `not_before` and `not_after` dates, chains to a trusted certificate authority (CA), and has a hostname or IP address that matches the names within the certificate. Use `certificate` to validate the certificate and verify that it is signed by a trusted authority; this option does not check the certificate hostname. Use `none` to skip certificate validation.
-type VerificationMode string
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping *SecurityDetectionsAPISeverityMapping `json:"severity_mapping,omitempty"`
 
-// WebhookConfig Defines properties for connectors when type is `.webhook`.
-type WebhookConfig struct {
-	// AuthType The type of authentication to use: basic, SSL, or none.
-	AuthType *AuthType `json:"authType,omitempty"`
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags   *SecurityDetectionsAPIRuleTagArray `json:"tags,omitempty"`
+	Threat *SecurityDetectionsAPIThreatArray  `json:"threat,omitempty"`
 
-	// Ca A base64 encoded version of the certificate authority file that the connector can trust to sign and validate certificates. This option is available for all authentication types.
-	Ca *Ca `json:"ca,omitempty"`
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
 
-	// CertType If the `authType` is `webhook-authentication-ssl`, specifies whether the certificate authentication data is in a CRT and key file format or a PFX file format.
-	CertType *CertType `json:"certType,omitempty"`
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
 
-	// HasAuth If true, a username and password for login type authentication must be provided.
-	HasAuth *HasAuth `json:"hasAuth,omitempty"`
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
 
-	// Headers A set of key-value pairs sent as headers with the request.
-	Headers *map[string]interface{} `json:"headers,omitempty"`
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
 
-	// Method The HTTP request method, either `post` or `put`.
-	Method *WebhookConfigMethod `json:"method,omitempty"`
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                *SecurityDetectionsAPIRuleIntervalTo                    `json:"to,omitempty"`
 
-	// Url The request URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
-	Url *string `json:"url,omitempty"`
+	// Type Rule type
+	Type SecurityDetectionsAPINewTermsRuleUpdatePropsType `json:"type"`
 
-	// VerificationMode Controls the verification of certificates. Use `full` to validate that the certificate has an issue date within the `not_before` and `not_after` dates, chains to a trusted certificate authority (CA), and has a hostname or IP address that matches the names within the certificate. Use `certificate` to validate the certificate and verify that it is signed by a trusted authority; this option does not check the certificate hostname. Use `none` to skip certificate validation.
-	VerificationMode *VerificationMode `json:"verificationMode,omitempty"`
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version *SecurityDetectionsAPIRuleVersion `json:"version,omitempty"`
 }
 
-// WebhookConfigMethod The HTTP request method, either `post` or `put`.
-type WebhookConfigMethod string
+// SecurityDetectionsAPINewTermsRuleUpdatePropsType Rule type
+type SecurityDetectionsAPINewTermsRuleUpdatePropsType string
 
-// WebhookSecrets Defines secrets for connectors when type is `.webhook`.
-type WebhookSecrets struct {
-	// Crt If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT file.
-	Crt *Crt `json:"crt,omitempty"`
+// SecurityDetectionsAPINonEmptyString A string that does not contain only whitespace characters
+type SecurityDetectionsAPINonEmptyString = string
 
-	// Key If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the KEY file.
-	Key *Key `json:"key,omitempty"`
+// SecurityDetectionsAPIOsqueryParams defines model for Security_Detections_API_OsqueryParams.
+type SecurityDetectionsAPIOsqueryParams struct {
+	// EcsMapping Map Osquery results columns or static values to Elastic Common Schema (ECS) fields. Example: "ecs_mapping": {"process.pid": {"field": "pid"}}
+	EcsMapping *SecurityDetectionsAPIEcsMapping `json:"ecs_mapping,omitempty"`
 
-	// Password The password for HTTP basic authentication or the passphrase for the SSL certificate files. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required.
-	Password *string `json:"password,omitempty"`
+	// PackId To specify a query pack, use the packId field. Example: "packId": "processes_elastic"
+	PackId  *string                              `json:"pack_id,omitempty"`
+	Queries *[]SecurityDetectionsAPIOsqueryQuery `json:"queries,omitempty"`
 
-	// Pfx If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file.
-	Pfx *Pfx `json:"pfx,omitempty"`
+	// Query To run a single query, use the query field and enter a SQL query. Example: "query": "SELECT * FROM processes;"
+	Query *string `json:"query,omitempty"`
 
-	// User The username for HTTP basic authentication. If `hasAuth` is set to `true`  and `authType` is `webhook-authentication-basic`, this property is required.
-	User *string `json:"user,omitempty"`
+	// SavedQueryId To run a saved query, use the saved_query_id field and specify the saved query ID. Example: "saved_query_id": "processes_elastic"
+	SavedQueryId *string `json:"saved_query_id,omitempty"`
+
+	// Timeout A timeout period, in seconds, after which the query will stop running. Overwriting the default timeout allows you to support queries that require more time to complete. The default and minimum supported value is 60. The maximum supported value is 900. Example: "timeout": 120.
+	Timeout *float32 `json:"timeout,omitempty"`
 }
 
-// XmattersConfig Defines properties for connectors when type is `.xmatters`.
-type XmattersConfig struct {
-	// ConfigUrl The request URL for the Elastic Alerts trigger in xMatters. It is applicable only when `usesBasic` is `true`.
-	ConfigUrl *string `json:"configUrl,omitempty"`
+// SecurityDetectionsAPIOsqueryQuery defines model for Security_Detections_API_OsqueryQuery.
+type SecurityDetectionsAPIOsqueryQuery struct {
+	// EcsMapping Map Osquery results columns or static values to Elastic Common Schema (ECS) fields. Example: "ecs_mapping": {"process.pid": {"field": "pid"}}
+	EcsMapping *SecurityDetectionsAPIEcsMapping `json:"ecs_mapping,omitempty"`
 
-	// UsesBasic Specifies whether the connector uses HTTP basic authentication (`true`) or URL authentication (`false`).
-	UsesBasic *bool `json:"usesBasic,omitempty"`
-}
+	// Id Query ID
+	Id       string  `json:"id"`
+	Platform *string `json:"platform,omitempty"`
 
-// XmattersSecrets Defines secrets for connectors when type is `.xmatters`.
-type XmattersSecrets struct {
-	// Password A user name for HTTP basic authentication. It is applicable only when `usesBasic` is `true`.
-	Password *string `json:"password,omitempty"`
+	// Query Query to run
+	Query    string `json:"query"`
+	Removed  *bool  `json:"removed,omitempty"`
+	Snapshot *bool  `json:"snapshot,omitempty"`
 
-	// SecretsUrl The request URL for the Elastic Alerts trigger in xMatters with the API key included in the URL. It is applicable only when `usesBasic` is `false`.
-	SecretsUrl *string `json:"secretsUrl,omitempty"`
+	// Version Query version
+	Version *string `json:"version,omitempty"`
+}
 
-	// User A password for HTTP basic authentication. It is applicable only when `usesBasic` is `true`.
-	User *string `json:"user,omitempty"`
+// SecurityDetectionsAPIOsqueryResponseAction defines model for Security_Detections_API_OsqueryResponseAction.
+type SecurityDetectionsAPIOsqueryResponseAction struct {
+	ActionTypeId SecurityDetectionsAPIOsqueryResponseActionActionTypeId `json:"action_type_id"`
+	Params       SecurityDetectionsAPIOsqueryParams                     `json:"params"`
 }
 
-// APMUIElasticApiVersion defines model for APM_UI_elastic_api_version.
-type APMUIElasticApiVersion string
+// SecurityDetectionsAPIOsqueryResponseActionActionTypeId defines model for SecurityDetectionsAPIOsqueryResponseAction.ActionTypeId.
+type SecurityDetectionsAPIOsqueryResponseActionActionTypeId string
 
-// DataViewsViewId defines model for Data_views_view_id.
-type DataViewsViewId = string
+// SecurityDetectionsAPIProcessesParams defines model for Security_Detections_API_ProcessesParams.
+type SecurityDetectionsAPIProcessesParams struct {
+	// Command To run an endpoint response action, specify a value for the command field. Example: "command": "isolate"
+	Command SecurityDetectionsAPIProcessesParamsCommand `json:"command"`
 
-// SpaceId defines model for spaceId.
-type SpaceId = string
+	// Comment Add a note that explains or describes the action. You can find your comment in the response actions history log. Example: "comment": "Check processes"
+	Comment *string `json:"comment,omitempty"`
+	Config  struct {
+		// Field Field to use instead of process.pid
+		Field string `json:"field"`
 
-// DeleteAgentConfigurationParams defines parameters for DeleteAgentConfiguration.
-type DeleteAgentConfigurationParams struct {
-	// ElasticApiVersion The version of the API to use
-	ElasticApiVersion DeleteAgentConfigurationParamsElasticApiVersion `json:"elastic-api-version"`
+		// Overwrite Whether to overwrite field with process.pid
+		Overwrite *bool `json:"overwrite,omitempty"`
+	} `json:"config"`
 }
 
-// DeleteAgentConfigurationParamsElasticApiVersion defines parameters for DeleteAgentConfiguration.
-type DeleteAgentConfigurationParamsElasticApiVersion string
-
-// GetAgentConfigurationsParams defines parameters for GetAgentConfigurations.
-type GetAgentConfigurationsParams struct {
-	// ElasticApiVersion The version of the API to use
-	ElasticApiVersion GetAgentConfigurationsParamsElasticApiVersion `json:"elastic-api-version"`
-}
+// SecurityDetectionsAPIProcessesParamsCommand To run an endpoint response action, specify a value for the command field. Example: "command": "isolate"
+type SecurityDetectionsAPIProcessesParamsCommand string
 
-// GetAgentConfigurationsParamsElasticApiVersion defines parameters for GetAgentConfigurations.
-type GetAgentConfigurationsParamsElasticApiVersion string
+// SecurityDetectionsAPIQueryRule defines model for Security_Detections_API_QueryRule.
+type SecurityDetectionsAPIQueryRule struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions []SecurityDetectionsAPIRuleAction `json:"actions"`
 
-// CreateUpdateAgentConfigurationParams defines parameters for CreateUpdateAgentConfiguration.
-type CreateUpdateAgentConfigurationParams struct {
-	// Overwrite If the config exists ?overwrite=true is required
-	Overwrite *bool `form:"overwrite,omitempty" json:"overwrite,omitempty"`
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
 
-	// ElasticApiVersion The version of the API to use
-	ElasticApiVersion CreateUpdateAgentConfigurationParamsElasticApiVersion `json:"elastic-api-version"`
-}
+	// Author The rule’s author.
+	Author SecurityDetectionsAPIRuleAuthorArray `json:"author"`
 
-// CreateUpdateAgentConfigurationParamsElasticApiVersion defines parameters for CreateUpdateAgentConfiguration.
-type CreateUpdateAgentConfigurationParamsElasticApiVersion string
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
+	CreatedAt         time.Time                               `json:"created_at"`
+	CreatedBy         string                                  `json:"created_by"`
+	DataViewId        *SecurityDetectionsAPIDataViewId        `json:"data_view_id,omitempty"`
 
-// GetFleetAgentPoliciesParams defines parameters for GetFleetAgentPolicies.
-type GetFleetAgentPoliciesParams struct {
-	Page            *float32                              `form:"page,omitempty" json:"page,omitempty"`
-	PerPage         *float32                              `form:"perPage,omitempty" json:"perPage,omitempty"`
-	SortField       *string                               `form:"sortField,omitempty" json:"sortField,omitempty"`
-	SortOrder       *GetFleetAgentPoliciesParamsSortOrder `form:"sortOrder,omitempty" json:"sortOrder,omitempty"`
-	ShowUpgradeable *bool                                 `form:"showUpgradeable,omitempty" json:"showUpgradeable,omitempty"`
-	Kuery           *string                               `form:"kuery,omitempty" json:"kuery,omitempty"`
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
 
-	// NoAgentCount use withAgentCount instead
-	NoAgentCount *bool `form:"noAgentCount,omitempty" json:"noAgentCount,omitempty"`
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        SecurityDetectionsAPIIsRuleEnabled       `json:"enabled"`
+	ExceptionsList []SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list"`
 
-	// WithAgentCount get policies with agent count
-	WithAgentCount *bool `form:"withAgentCount,omitempty" json:"withAgentCount,omitempty"`
+	// ExecutionSummary Summary of the last execution of a rule.
+	// > info
+	// > This field is under development and its usage or schema may change
+	ExecutionSummary *SecurityDetectionsAPIRuleExecutionSummary `json:"execution_summary,omitempty"`
 
-	// Full get full policies with package policies populated
-	Full   *bool                              `form:"full,omitempty" json:"full,omitempty"`
-	Format *GetFleetAgentPoliciesParamsFormat `form:"format,omitempty" json:"format,omitempty"`
-}
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives"`
 
-// GetFleetAgentPoliciesParamsSortOrder defines parameters for GetFleetAgentPolicies.
-type GetFleetAgentPoliciesParamsSortOrder string
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
 
-// GetFleetAgentPoliciesParamsFormat defines parameters for GetFleetAgentPolicies.
-type GetFleetAgentPoliciesParamsFormat string
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From SecurityDetectionsAPIRuleIntervalFrom `json:"from"`
 
-// PostFleetAgentPoliciesJSONBody defines parameters for PostFleetAgentPolicies.
-type PostFleetAgentPoliciesJSONBody struct {
-	AdvancedSettings *struct {
-		AgentDownloadTargetDirectory      interface{} `json:"agent_download_target_directory,omitempty"`
-		AgentDownloadTimeout              interface{} `json:"agent_download_timeout,omitempty"`
-		AgentLimitsGoMaxProcs             interface{} `json:"agent_limits_go_max_procs,omitempty"`
-		AgentLoggingFilesInterval         interface{} `json:"agent_logging_files_interval,omitempty"`
-		AgentLoggingFilesKeepfiles        interface{} `json:"agent_logging_files_keepfiles,omitempty"`
-		AgentLoggingFilesRotateeverybytes interface{} `json:"agent_logging_files_rotateeverybytes,omitempty"`
-		AgentLoggingLevel                 interface{} `json:"agent_logging_level,omitempty"`
-		AgentLoggingMetricsPeriod         interface{} `json:"agent_logging_metrics_period,omitempty"`
-		AgentLoggingToFiles               interface{} `json:"agent_logging_to_files,omitempty"`
-	} `json:"advanced_settings,omitempty"`
-	AgentFeatures *[]struct {
-		Enabled bool   `json:"enabled"`
-		Name    string `json:"name"`
-	} `json:"agent_features,omitempty"`
-	Agentless *struct {
-		CloudConnectors *struct {
-			Enabled   bool    `json:"enabled"`
-			TargetCsp *string `json:"target_csp,omitempty"`
-		} `json:"cloud_connectors,omitempty"`
-		Resources *struct {
-			Requests *struct {
-				Cpu    *string `json:"cpu,omitempty"`
-				Memory *string `json:"memory,omitempty"`
-			} `json:"requests,omitempty"`
-		} `json:"resources,omitempty"`
-	} `json:"agentless,omitempty"`
-	DataOutputId      *string `json:"data_output_id,omitempty"`
-	Description       *string `json:"description,omitempty"`
-	DownloadSourceId  *string `json:"download_source_id,omitempty"`
-	FleetServerHostId *string `json:"fleet_server_host_id,omitempty"`
-	Force             *bool   `json:"force,omitempty"`
+	// Id A universally unique identifier
+	Id SecurityDetectionsAPIRuleObjectId `json:"id"`
 
-	// GlobalDataTags User defined data tags that are added to all of the inputs. The values can be strings or numbers.
-	GlobalDataTags       *[]AgentPolicyGlobalDataTagsItem `json:"global_data_tags,omitempty"`
-	HasFleetServer       *bool                            `json:"has_fleet_server,omitempty"`
-	Id                   *string                          `json:"id,omitempty"`
-	InactivityTimeout    *float32                         `json:"inactivity_timeout,omitempty"`
-	IsDefault            *bool                            `json:"is_default,omitempty"`
-	IsDefaultFleetServer *bool                            `json:"is_default_fleet_server,omitempty"`
-	IsManaged            *bool                            `json:"is_managed,omitempty"`
-	IsProtected          *bool                            `json:"is_protected,omitempty"`
+	// Immutable This field determines whether the rule is a prebuilt Elastic rule. It will be replaced with the `rule_source` field.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	Immutable SecurityDetectionsAPIIsRuleImmutable `json:"immutable"`
 
-	// KeepMonitoringAlive When set to true, monitoring will be enabled but logs/metrics collection will be disabled
-	KeepMonitoringAlive   *bool `json:"keep_monitoring_alive,omitempty"`
-	MonitoringDiagnostics *struct {
-		Limit *struct {
-			Burst    *float32 `json:"burst,omitempty"`
-			Interval *string  `json:"interval,omitempty"`
-		} `json:"limit,omitempty"`
-		Uploader *struct {
-			InitDur    *string  `json:"init_dur,omitempty"`
-			MaxDur     *string  `json:"max_dur,omitempty"`
-			MaxRetries *float32 `json:"max_retries,omitempty"`
-		} `json:"uploader,omitempty"`
-	} `json:"monitoring_diagnostics,omitempty"`
-	MonitoringEnabled *[]PostFleetAgentPoliciesJSONBodyMonitoringEnabled `json:"monitoring_enabled,omitempty"`
-	MonitoringHttp    *struct {
-		Buffer *struct {
-			Enabled *bool `json:"enabled,omitempty"`
-		} `json:"buffer,omitempty"`
-		Enabled *bool    `json:"enabled,omitempty"`
-		Host    *string  `json:"host,omitempty"`
-		Port    *float32 `json:"port,omitempty"`
-	} `json:"monitoring_http,omitempty"`
-	MonitoringOutputId     *string `json:"monitoring_output_id,omitempty"`
-	MonitoringPprofEnabled *bool   `json:"monitoring_pprof_enabled,omitempty"`
-	Name                   string  `json:"name"`
-	Namespace              string  `json:"namespace"`
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
 
-	// Overrides Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
-	Overrides        *map[string]interface{} `json:"overrides,omitempty"`
-	RequiredVersions *[]struct {
-		// Percentage Target percentage of agents to auto upgrade
-		Percentage float32 `json:"percentage"`
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval SecurityDetectionsAPIRuleInterval `json:"interval"`
 
-		// Version Target version for automatic agent upgrade
-		Version string `json:"version"`
-	} `json:"required_versions,omitempty"`
-	SpaceIds *[]string `json:"space_ids,omitempty"`
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	Language            SecurityDetectionsAPIKqlQueryLanguage     `json:"language"`
 
-	// SupportsAgentless Indicates whether the agent policy supports agentless integrations.
-	SupportsAgentless *bool    `json:"supports_agentless,omitempty"`
-	UnenrollTimeout   *float32 `json:"unenroll_timeout,omitempty"`
-}
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
 
-// PostFleetAgentPoliciesParams defines parameters for PostFleetAgentPolicies.
-type PostFleetAgentPoliciesParams struct {
-	SysMonitoring *bool `form:"sys_monitoring,omitempty" json:"sys_monitoring,omitempty"`
-}
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals SecurityDetectionsAPIMaxSignals `json:"max_signals"`
 
-// PostFleetAgentPoliciesJSONBodyMonitoringEnabled defines parameters for PostFleetAgentPolicies.
-type PostFleetAgentPoliciesJSONBodyMonitoringEnabled string
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
 
-// PostFleetAgentPoliciesDeleteJSONBody defines parameters for PostFleetAgentPoliciesDelete.
-type PostFleetAgentPoliciesDeleteJSONBody struct {
-	AgentPolicyId string `json:"agentPolicyId"`
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
 
-	// Force bypass validation checks that can prevent agent policy deletion
-	Force *bool `json:"force,omitempty"`
-}
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
 
-// GetFleetAgentPoliciesAgentpolicyidParams defines parameters for GetFleetAgentPoliciesAgentpolicyid.
-type GetFleetAgentPoliciesAgentpolicyidParams struct {
-	Format *GetFleetAgentPoliciesAgentpolicyidParamsFormat `form:"format,omitempty" json:"format,omitempty"`
-}
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
 
-// GetFleetAgentPoliciesAgentpolicyidParamsFormat defines parameters for GetFleetAgentPoliciesAgentpolicyid.
-type GetFleetAgentPoliciesAgentpolicyidParamsFormat string
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          SecurityDetectionsAPIRuleReferenceArray      `json:"references"`
+	RelatedIntegrations SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations"`
+	RequiredFields      SecurityDetectionsAPIRequiredFieldArray      `json:"required_fields"`
+	ResponseActions     *[]SecurityDetectionsAPIResponseAction       `json:"response_actions,omitempty"`
+
+	// Revision The rule's revision number.
+	//
+	// It represents the version of rule's object in Kibana. It is set to `0` when the rule is installed or created and then gets incremented on each update.
+	// > info
+	// > Not all updates to any rule fields will increment the revision. Only those fields that are considered static `rule parameters` can trigger revision increments. For example, an update to a rule's query or index fields will increment the rule's revision by `1`. However, changes to dynamic or technical fields like enabled or execution_summary will not cause revision increments.
+	Revision SecurityDetectionsAPIRuleRevision `json:"revision"`
+
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
+
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping"`
 
-// PutFleetAgentPoliciesAgentpolicyidJSONBody defines parameters for PutFleetAgentPoliciesAgentpolicyid.
-type PutFleetAgentPoliciesAgentpolicyidJSONBody struct {
-	AdvancedSettings *struct {
-		AgentDownloadTargetDirectory      interface{} `json:"agent_download_target_directory,omitempty"`
-		AgentDownloadTimeout              interface{} `json:"agent_download_timeout,omitempty"`
-		AgentLimitsGoMaxProcs             interface{} `json:"agent_limits_go_max_procs,omitempty"`
-		AgentLoggingFilesInterval         interface{} `json:"agent_logging_files_interval,omitempty"`
-		AgentLoggingFilesKeepfiles        interface{} `json:"agent_logging_files_keepfiles,omitempty"`
-		AgentLoggingFilesRotateeverybytes interface{} `json:"agent_logging_files_rotateeverybytes,omitempty"`
-		AgentLoggingLevel                 interface{} `json:"agent_logging_level,omitempty"`
-		AgentLoggingMetricsPeriod         interface{} `json:"agent_logging_metrics_period,omitempty"`
-		AgentLoggingToFiles               interface{} `json:"agent_logging_to_files,omitempty"`
-	} `json:"advanced_settings,omitempty"`
-	AgentFeatures *[]struct {
-		Enabled bool   `json:"enabled"`
-		Name    string `json:"name"`
-	} `json:"agent_features,omitempty"`
-	Agentless *struct {
-		CloudConnectors *struct {
-			Enabled   bool    `json:"enabled"`
-			TargetCsp *string `json:"target_csp,omitempty"`
-		} `json:"cloud_connectors,omitempty"`
-		Resources *struct {
-			Requests *struct {
-				Cpu    *string `json:"cpu,omitempty"`
-				Memory *string `json:"memory,omitempty"`
-			} `json:"requests,omitempty"`
-		} `json:"resources,omitempty"`
-	} `json:"agentless,omitempty"`
-	BumpRevision      *bool   `json:"bumpRevision,omitempty"`
-	DataOutputId      *string `json:"data_output_id,omitempty"`
-	Description       *string `json:"description,omitempty"`
-	DownloadSourceId  *string `json:"download_source_id,omitempty"`
-	FleetServerHostId *string `json:"fleet_server_host_id,omitempty"`
-	Force             *bool   `json:"force,omitempty"`
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId SecurityDetectionsAPIRuleSignatureId `json:"rule_id"`
+
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
+
+	// RuleSource Discriminated union that determines whether the rule is internally sourced (created within the Kibana app) or has an external source, such as the Elastic Prebuilt rules repo.
+	RuleSource SecurityDetectionsAPIRuleSource `json:"rule_source"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId *SecurityDetectionsAPISavedQueryId `json:"saved_id,omitempty"`
+
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup SecurityDetectionsAPISetupGuide `json:"setup"`
+
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
+
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping SecurityDetectionsAPISeverityMapping `json:"severity_mapping"`
+
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags   SecurityDetectionsAPIRuleTagArray `json:"tags"`
+	Threat SecurityDetectionsAPIThreatArray  `json:"threat"`
+
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
 
-	// GlobalDataTags User defined data tags that are added to all of the inputs. The values can be strings or numbers.
-	GlobalDataTags       *[]AgentPolicyGlobalDataTagsItem `json:"global_data_tags,omitempty"`
-	HasFleetServer       *bool                            `json:"has_fleet_server,omitempty"`
-	Id                   *string                          `json:"id,omitempty"`
-	InactivityTimeout    *float32                         `json:"inactivity_timeout,omitempty"`
-	IsDefault            *bool                            `json:"is_default,omitempty"`
-	IsDefaultFleetServer *bool                            `json:"is_default_fleet_server,omitempty"`
-	IsManaged            *bool                            `json:"is_managed,omitempty"`
-	IsProtected          *bool                            `json:"is_protected,omitempty"`
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
+
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
+
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
+
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                SecurityDetectionsAPIRuleIntervalTo                     `json:"to"`
+
+	// Type Rule type
+	Type      SecurityDetectionsAPIQueryRuleType `json:"type"`
+	UpdatedAt time.Time                          `json:"updated_at"`
+	UpdatedBy string                             `json:"updated_by"`
+
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version SecurityDetectionsAPIRuleVersion `json:"version"`
+}
+
+// SecurityDetectionsAPIQueryRuleType Rule type
+type SecurityDetectionsAPIQueryRuleType string
+
+// SecurityDetectionsAPIQueryRuleCreateFields defines model for Security_Detections_API_QueryRuleCreateFields.
+type SecurityDetectionsAPIQueryRuleCreateFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression `json:"alert_suppression,omitempty"`
+	DataViewId       *SecurityDetectionsAPIDataViewId       `json:"data_view_id,omitempty"`
 
-	// KeepMonitoringAlive When set to true, monitoring will be enabled but logs/metrics collection will be disabled
-	KeepMonitoringAlive   *bool `json:"keep_monitoring_alive,omitempty"`
-	MonitoringDiagnostics *struct {
-		Limit *struct {
-			Burst    *float32 `json:"burst,omitempty"`
-			Interval *string  `json:"interval,omitempty"`
-		} `json:"limit,omitempty"`
-		Uploader *struct {
-			InitDur    *string  `json:"init_dur,omitempty"`
-			MaxDur     *string  `json:"max_dur,omitempty"`
-			MaxRetries *float32 `json:"max_retries,omitempty"`
-		} `json:"uploader,omitempty"`
-	} `json:"monitoring_diagnostics,omitempty"`
-	MonitoringEnabled *[]PutFleetAgentPoliciesAgentpolicyidJSONBodyMonitoringEnabled `json:"monitoring_enabled,omitempty"`
-	MonitoringHttp    *struct {
-		Buffer *struct {
-			Enabled *bool `json:"enabled,omitempty"`
-		} `json:"buffer,omitempty"`
-		Enabled *bool    `json:"enabled,omitempty"`
-		Host    *string  `json:"host,omitempty"`
-		Port    *float32 `json:"port,omitempty"`
-	} `json:"monitoring_http,omitempty"`
-	MonitoringOutputId     *string `json:"monitoring_output_id,omitempty"`
-	MonitoringPprofEnabled *bool   `json:"monitoring_pprof_enabled,omitempty"`
-	Name                   string  `json:"name"`
-	Namespace              string  `json:"namespace"`
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index    *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+	Language *SecurityDetectionsAPIKqlQueryLanguage  `json:"language,omitempty"`
 
-	// Overrides Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
-	Overrides        *map[string]interface{} `json:"overrides,omitempty"`
-	RequiredVersions *[]struct {
-		// Percentage Target percentage of agents to auto upgrade
-		Percentage float32 `json:"percentage"`
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query *SecurityDetectionsAPIRuleQuery `json:"query,omitempty"`
 
-		// Version Target version for automatic agent upgrade
-		Version string `json:"version"`
-	} `json:"required_versions,omitempty"`
-	SpaceIds *[]string `json:"space_ids,omitempty"`
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId *SecurityDetectionsAPISavedQueryId `json:"saved_id,omitempty"`
 
-	// SupportsAgentless Indicates whether the agent policy supports agentless integrations.
-	SupportsAgentless *bool    `json:"supports_agentless,omitempty"`
-	UnenrollTimeout   *float32 `json:"unenroll_timeout,omitempty"`
+	// Type Rule type
+	Type SecurityDetectionsAPIQueryRuleCreateFieldsType `json:"type"`
 }
 
-// PutFleetAgentPoliciesAgentpolicyidParams defines parameters for PutFleetAgentPoliciesAgentpolicyid.
-type PutFleetAgentPoliciesAgentpolicyidParams struct {
-	Format *PutFleetAgentPoliciesAgentpolicyidParamsFormat `form:"format,omitempty" json:"format,omitempty"`
-}
+// SecurityDetectionsAPIQueryRuleCreateFieldsType Rule type
+type SecurityDetectionsAPIQueryRuleCreateFieldsType string
 
-// PutFleetAgentPoliciesAgentpolicyidParamsFormat defines parameters for PutFleetAgentPoliciesAgentpolicyid.
-type PutFleetAgentPoliciesAgentpolicyidParamsFormat string
+// SecurityDetectionsAPIQueryRuleCreateProps defines model for Security_Detections_API_QueryRuleCreateProps.
+type SecurityDetectionsAPIQueryRuleCreateProps struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions *[]SecurityDetectionsAPIRuleAction `json:"actions,omitempty"`
 
-// PutFleetAgentPoliciesAgentpolicyidJSONBodyMonitoringEnabled defines parameters for PutFleetAgentPoliciesAgentpolicyid.
-type PutFleetAgentPoliciesAgentpolicyidJSONBodyMonitoringEnabled string
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
 
-// GetFleetEnrollmentApiKeysParams defines parameters for GetFleetEnrollmentApiKeys.
-type GetFleetEnrollmentApiKeysParams struct {
-	Page    *float32 `form:"page,omitempty" json:"page,omitempty"`
-	PerPage *float32 `form:"perPage,omitempty" json:"perPage,omitempty"`
-	Kuery   *string  `form:"kuery,omitempty" json:"kuery,omitempty"`
-}
+	// Author The rule’s author.
+	Author *SecurityDetectionsAPIRuleAuthorArray `json:"author,omitempty"`
 
-// GetFleetEpmPackagesParams defines parameters for GetFleetEpmPackages.
-type GetFleetEpmPackagesParams struct {
-	Category                 *string `form:"category,omitempty" json:"category,omitempty"`
-	Prerelease               *bool   `form:"prerelease,omitempty" json:"prerelease,omitempty"`
-	ExcludeInstallStatus     *bool   `form:"excludeInstallStatus,omitempty" json:"excludeInstallStatus,omitempty"`
-	WithPackagePoliciesCount *bool   `form:"withPackagePoliciesCount,omitempty" json:"withPackagePoliciesCount,omitempty"`
-}
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
+	DataViewId        *SecurityDetectionsAPIDataViewId        `json:"data_view_id,omitempty"`
 
-// PostFleetEpmPackagesParams defines parameters for PostFleetEpmPackages.
-type PostFleetEpmPackagesParams struct {
-	IgnoreMappingUpdateErrors *bool `form:"ignoreMappingUpdateErrors,omitempty" json:"ignoreMappingUpdateErrors,omitempty"`
-	SkipDataStreamRollover    *bool `form:"skipDataStreamRollover,omitempty" json:"skipDataStreamRollover,omitempty"`
-}
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
 
-// DeleteFleetEpmPackagesPkgnamePkgversionParams defines parameters for DeleteFleetEpmPackagesPkgnamePkgversion.
-type DeleteFleetEpmPackagesPkgnamePkgversionParams struct {
-	Force *bool `form:"force,omitempty" json:"force,omitempty"`
-}
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        *SecurityDetectionsAPIIsRuleEnabled       `json:"enabled,omitempty"`
+	ExceptionsList *[]SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list,omitempty"`
 
-// GetFleetEpmPackagesPkgnamePkgversionParams defines parameters for GetFleetEpmPackagesPkgnamePkgversion.
-type GetFleetEpmPackagesPkgnamePkgversionParams struct {
-	IgnoreUnverified *bool `form:"ignoreUnverified,omitempty" json:"ignoreUnverified,omitempty"`
-	Prerelease       *bool `form:"prerelease,omitempty" json:"prerelease,omitempty"`
-	Full             *bool `form:"full,omitempty" json:"full,omitempty"`
-	WithMetadata     *bool `form:"withMetadata,omitempty" json:"withMetadata,omitempty"`
-}
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives *SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives,omitempty"`
 
-// PostFleetEpmPackagesPkgnamePkgversionJSONBody defines parameters for PostFleetEpmPackagesPkgnamePkgversion.
-type PostFleetEpmPackagesPkgnamePkgversionJSONBody struct {
-	Force             *bool `json:"force,omitempty"`
-	IgnoreConstraints *bool `json:"ignore_constraints,omitempty"`
-}
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
 
-// PostFleetEpmPackagesPkgnamePkgversionParams defines parameters for PostFleetEpmPackagesPkgnamePkgversion.
-type PostFleetEpmPackagesPkgnamePkgversionParams struct {
-	Prerelease                *bool `form:"prerelease,omitempty" json:"prerelease,omitempty"`
-	IgnoreMappingUpdateErrors *bool `form:"ignoreMappingUpdateErrors,omitempty" json:"ignoreMappingUpdateErrors,omitempty"`
-	SkipDataStreamRollover    *bool `form:"skipDataStreamRollover,omitempty" json:"skipDataStreamRollover,omitempty"`
-}
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From *SecurityDetectionsAPIRuleIntervalFrom `json:"from,omitempty"`
 
-// PostFleetFleetServerHostsJSONBody defines parameters for PostFleetFleetServerHosts.
-type PostFleetFleetServerHostsJSONBody struct {
-	HostUrls        []string `json:"host_urls"`
-	Id              *string  `json:"id,omitempty"`
-	IsDefault       *bool    `json:"is_default,omitempty"`
-	IsInternal      *bool    `json:"is_internal,omitempty"`
-	IsPreconfigured *bool    `json:"is_preconfigured,omitempty"`
-	Name            string   `json:"name"`
-	ProxyId         *string  `json:"proxy_id,omitempty"`
-	Secrets         *struct {
-		Ssl *struct {
-			EsKey *PostFleetFleetServerHostsJSONBody_Secrets_Ssl_EsKey `json:"es_key,omitempty"`
-			Key   *PostFleetFleetServerHostsJSONBody_Secrets_Ssl_Key   `json:"key,omitempty"`
-		} `json:"ssl,omitempty"`
-	} `json:"secrets,omitempty"`
-	Ssl *struct {
-		Certificate              *string                                         `json:"certificate,omitempty"`
-		CertificateAuthorities   *[]string                                       `json:"certificate_authorities,omitempty"`
-		ClientAuth               *PostFleetFleetServerHostsJSONBodySslClientAuth `json:"client_auth,omitempty"`
-		EsCertificate            *string                                         `json:"es_certificate,omitempty"`
-		EsCertificateAuthorities *[]string                                       `json:"es_certificate_authorities,omitempty"`
-		EsKey                    *string                                         `json:"es_key,omitempty"`
-		Key                      *string                                         `json:"key,omitempty"`
-	} `json:"ssl,omitempty"`
-}
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
 
-// PostFleetFleetServerHostsJSONBodySecretsSslEsKey0 defines parameters for PostFleetFleetServerHosts.
-type PostFleetFleetServerHostsJSONBodySecretsSslEsKey0 struct {
-	Id string `json:"id"`
-}
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval *SecurityDetectionsAPIRuleInterval `json:"interval,omitempty"`
 
-// PostFleetFleetServerHostsJSONBodySecretsSslEsKey1 defines parameters for PostFleetFleetServerHosts.
-type PostFleetFleetServerHostsJSONBodySecretsSslEsKey1 = string
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	Language            *SecurityDetectionsAPIKqlQueryLanguage    `json:"language,omitempty"`
 
-// PostFleetFleetServerHostsJSONBody_Secrets_Ssl_EsKey defines parameters for PostFleetFleetServerHosts.
-type PostFleetFleetServerHostsJSONBody_Secrets_Ssl_EsKey struct {
-	union json.RawMessage
-}
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
 
-// PostFleetFleetServerHostsJSONBodySecretsSslKey0 defines parameters for PostFleetFleetServerHosts.
-type PostFleetFleetServerHostsJSONBodySecretsSslKey0 struct {
-	Id string `json:"id"`
-}
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals *SecurityDetectionsAPIMaxSignals `json:"max_signals,omitempty"`
 
-// PostFleetFleetServerHostsJSONBodySecretsSslKey1 defines parameters for PostFleetFleetServerHosts.
-type PostFleetFleetServerHostsJSONBodySecretsSslKey1 = string
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
 
-// PostFleetFleetServerHostsJSONBody_Secrets_Ssl_Key defines parameters for PostFleetFleetServerHosts.
-type PostFleetFleetServerHostsJSONBody_Secrets_Ssl_Key struct {
-	union json.RawMessage
-}
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
 
-// PostFleetFleetServerHostsJSONBodySslClientAuth defines parameters for PostFleetFleetServerHosts.
-type PostFleetFleetServerHostsJSONBodySslClientAuth string
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
 
-// PutFleetFleetServerHostsItemidJSONBody defines parameters for PutFleetFleetServerHostsItemid.
-type PutFleetFleetServerHostsItemidJSONBody struct {
-	HostUrls   *[]string `json:"host_urls,omitempty"`
-	IsDefault  *bool     `json:"is_default,omitempty"`
-	IsInternal *bool     `json:"is_internal,omitempty"`
-	Name       *string   `json:"name,omitempty"`
-	ProxyId    *string   `json:"proxy_id,omitempty"`
-	Secrets    *struct {
-		Ssl *struct {
-			EsKey *PutFleetFleetServerHostsItemidJSONBody_Secrets_Ssl_EsKey `json:"es_key,omitempty"`
-			Key   *PutFleetFleetServerHostsItemidJSONBody_Secrets_Ssl_Key   `json:"key,omitempty"`
-		} `json:"ssl,omitempty"`
-	} `json:"secrets,omitempty"`
-	Ssl *struct {
-		Certificate              *string                                              `json:"certificate,omitempty"`
-		CertificateAuthorities   *[]string                                            `json:"certificate_authorities,omitempty"`
-		ClientAuth               *PutFleetFleetServerHostsItemidJSONBodySslClientAuth `json:"client_auth,omitempty"`
-		EsCertificate            *string                                              `json:"es_certificate,omitempty"`
-		EsCertificateAuthorities *[]string                                            `json:"es_certificate_authorities,omitempty"`
-		EsKey                    *string                                              `json:"es_key,omitempty"`
-		Key                      *string                                              `json:"key,omitempty"`
-	} `json:"ssl,omitempty"`
-}
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
 
-// PutFleetFleetServerHostsItemidJSONBodySecretsSslEsKey0 defines parameters for PutFleetFleetServerHostsItemid.
-type PutFleetFleetServerHostsItemidJSONBodySecretsSslEsKey0 struct {
-	Id string `json:"id"`
-}
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
 
-// PutFleetFleetServerHostsItemidJSONBodySecretsSslEsKey1 defines parameters for PutFleetFleetServerHostsItemid.
-type PutFleetFleetServerHostsItemidJSONBodySecretsSslEsKey1 = string
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query *SecurityDetectionsAPIRuleQuery `json:"query,omitempty"`
 
-// PutFleetFleetServerHostsItemidJSONBody_Secrets_Ssl_EsKey defines parameters for PutFleetFleetServerHostsItemid.
-type PutFleetFleetServerHostsItemidJSONBody_Secrets_Ssl_EsKey struct {
-	union json.RawMessage
-}
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          *SecurityDetectionsAPIRuleReferenceArray      `json:"references,omitempty"`
+	RelatedIntegrations *SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations,omitempty"`
 
-// PutFleetFleetServerHostsItemidJSONBodySecretsSslKey0 defines parameters for PutFleetFleetServerHostsItemid.
-type PutFleetFleetServerHostsItemidJSONBodySecretsSslKey0 struct {
-	Id string `json:"id"`
-}
+	// RequiredFields Elasticsearch fields and their types that need to be present for the rule to function.
+	// > info
+	// > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.
+	RequiredFields  *[]SecurityDetectionsAPIRequiredFieldInput `json:"required_fields,omitempty"`
+	ResponseActions *[]SecurityDetectionsAPIResponseAction     `json:"response_actions,omitempty"`
 
-// PutFleetFleetServerHostsItemidJSONBodySecretsSslKey1 defines parameters for PutFleetFleetServerHostsItemid.
-type PutFleetFleetServerHostsItemidJSONBodySecretsSslKey1 = string
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
 
-// PutFleetFleetServerHostsItemidJSONBody_Secrets_Ssl_Key defines parameters for PutFleetFleetServerHostsItemid.
-type PutFleetFleetServerHostsItemidJSONBody_Secrets_Ssl_Key struct {
-	union json.RawMessage
-}
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping *SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping,omitempty"`
 
-// PutFleetFleetServerHostsItemidJSONBodySslClientAuth defines parameters for PutFleetFleetServerHostsItemid.
-type PutFleetFleetServerHostsItemidJSONBodySslClientAuth string
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId *SecurityDetectionsAPIRuleSignatureId `json:"rule_id,omitempty"`
 
-// GetFleetPackagePoliciesParams defines parameters for GetFleetPackagePolicies.
-type GetFleetPackagePoliciesParams struct {
-	Page            *float32                                `form:"page,omitempty" json:"page,omitempty"`
-	PerPage         *float32                                `form:"perPage,omitempty" json:"perPage,omitempty"`
-	SortField       *string                                 `form:"sortField,omitempty" json:"sortField,omitempty"`
-	SortOrder       *GetFleetPackagePoliciesParamsSortOrder `form:"sortOrder,omitempty" json:"sortOrder,omitempty"`
-	ShowUpgradeable *bool                                   `form:"showUpgradeable,omitempty" json:"showUpgradeable,omitempty"`
-	Kuery           *string                                 `form:"kuery,omitempty" json:"kuery,omitempty"`
-	Format          *GetFleetPackagePoliciesParamsFormat    `form:"format,omitempty" json:"format,omitempty"`
-	WithAgentCount  *bool                                   `form:"withAgentCount,omitempty" json:"withAgentCount,omitempty"`
-}
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
 
-// GetFleetPackagePoliciesParamsSortOrder defines parameters for GetFleetPackagePolicies.
-type GetFleetPackagePoliciesParamsSortOrder string
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId *SecurityDetectionsAPISavedQueryId `json:"saved_id,omitempty"`
 
-// GetFleetPackagePoliciesParamsFormat defines parameters for GetFleetPackagePolicies.
-type GetFleetPackagePoliciesParamsFormat string
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup *SecurityDetectionsAPISetupGuide `json:"setup,omitempty"`
 
-// PostFleetPackagePoliciesParams defines parameters for PostFleetPackagePolicies.
-type PostFleetPackagePoliciesParams struct {
-	Format *PostFleetPackagePoliciesParamsFormat `form:"format,omitempty" json:"format,omitempty"`
-}
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
 
-// PostFleetPackagePoliciesParamsFormat defines parameters for PostFleetPackagePolicies.
-type PostFleetPackagePoliciesParamsFormat string
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping *SecurityDetectionsAPISeverityMapping `json:"severity_mapping,omitempty"`
 
-// DeleteFleetPackagePoliciesPackagepolicyidParams defines parameters for DeleteFleetPackagePoliciesPackagepolicyid.
-type DeleteFleetPackagePoliciesPackagepolicyidParams struct {
-	Force *bool `form:"force,omitempty" json:"force,omitempty"`
-}
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags   *SecurityDetectionsAPIRuleTagArray `json:"tags,omitempty"`
+	Threat *SecurityDetectionsAPIThreatArray  `json:"threat,omitempty"`
 
-// GetFleetPackagePoliciesPackagepolicyidParams defines parameters for GetFleetPackagePoliciesPackagepolicyid.
-type GetFleetPackagePoliciesPackagepolicyidParams struct {
-	Format *GetFleetPackagePoliciesPackagepolicyidParamsFormat `form:"format,omitempty" json:"format,omitempty"`
-}
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
 
-// GetFleetPackagePoliciesPackagepolicyidParamsFormat defines parameters for GetFleetPackagePoliciesPackagepolicyid.
-type GetFleetPackagePoliciesPackagepolicyidParamsFormat string
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
 
-// PutFleetPackagePoliciesPackagepolicyidParams defines parameters for PutFleetPackagePoliciesPackagepolicyid.
-type PutFleetPackagePoliciesPackagepolicyidParams struct {
-	Format *PutFleetPackagePoliciesPackagepolicyidParamsFormat `form:"format,omitempty" json:"format,omitempty"`
-}
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
 
-// PutFleetPackagePoliciesPackagepolicyidParamsFormat defines parameters for PutFleetPackagePoliciesPackagepolicyid.
-type PutFleetPackagePoliciesPackagepolicyidParamsFormat string
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
 
-// PostParametersJSONBody defines parameters for PostParameters.
-type PostParametersJSONBody struct {
-	union json.RawMessage
-}
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                *SecurityDetectionsAPIRuleIntervalTo                    `json:"to,omitempty"`
 
-// PostParametersJSONBody0 defines parameters for PostParameters.
-type PostParametersJSONBody0 = []SyntheticsParameterRequest
+	// Type Rule type
+	Type SecurityDetectionsAPIQueryRuleCreatePropsType `json:"type"`
 
-// PutParameterJSONBody defines parameters for PutParameter.
-type PutParameterJSONBody struct {
-	// Description The updated description of the parameter.
-	Description *string `json:"description,omitempty"`
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version *SecurityDetectionsAPIRuleVersion `json:"version,omitempty"`
+}
 
-	// Key The key of the parameter.
-	Key *string `json:"key,omitempty"`
+// SecurityDetectionsAPIQueryRuleCreatePropsType Rule type
+type SecurityDetectionsAPIQueryRuleCreatePropsType string
 
-	// Tags An array of updated tags to categorize the parameter.
-	Tags *[]string `json:"tags,omitempty"`
+// SecurityDetectionsAPIQueryRuleDefaultableFields defines model for Security_Detections_API_QueryRuleDefaultableFields.
+type SecurityDetectionsAPIQueryRuleDefaultableFields struct {
+	Language *SecurityDetectionsAPIKqlQueryLanguage `json:"language,omitempty"`
 
-	// Value The updated value associated with the parameter.
-	Value *string `json:"value,omitempty"`
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query *SecurityDetectionsAPIRuleQuery `json:"query,omitempty"`
 }
 
-// PostActionsConnectorIdJSONBody defines parameters for PostActionsConnectorId.
-type PostActionsConnectorIdJSONBody struct {
-	// Config The connector configuration details.
-	Config *CreateConnectorConfig `json:"config,omitempty"`
+// SecurityDetectionsAPIQueryRuleOptionalFields defines model for Security_Detections_API_QueryRuleOptionalFields.
+type SecurityDetectionsAPIQueryRuleOptionalFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression `json:"alert_suppression,omitempty"`
+	DataViewId       *SecurityDetectionsAPIDataViewId       `json:"data_view_id,omitempty"`
 
-	// ConnectorTypeId The type of connector.
-	ConnectorTypeId string `json:"connector_type_id"`
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
 
-	// Name The display name for the connector.
-	Name    string                  `json:"name"`
-	Secrets *CreateConnectorSecrets `json:"secrets,omitempty"`
-}
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
 
-// PutActionsConnectorIdJSONBody defines parameters for PutActionsConnectorId.
-type PutActionsConnectorIdJSONBody struct {
-	// Config The connector configuration details.
-	Config *UpdateConnectorConfig `json:"config,omitempty"`
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId *SecurityDetectionsAPISavedQueryId `json:"saved_id,omitempty"`
+}
 
-	// Name The display name for the connector.
-	Name    string                  `json:"name"`
-	Secrets *UpdateConnectorSecrets `json:"secrets,omitempty"`
+// SecurityDetectionsAPIQueryRuleRequiredFields defines model for Security_Detections_API_QueryRuleRequiredFields.
+type SecurityDetectionsAPIQueryRuleRequiredFields struct {
+	// Type Rule type
+	Type SecurityDetectionsAPIQueryRuleRequiredFieldsType `json:"type"`
 }
 
-// DeleteAgentConfigurationJSONRequestBody defines body for DeleteAgentConfiguration for application/json ContentType.
-type DeleteAgentConfigurationJSONRequestBody = APMUIDeleteServiceObject
+// SecurityDetectionsAPIQueryRuleRequiredFieldsType Rule type
+type SecurityDetectionsAPIQueryRuleRequiredFieldsType string
 
-// CreateUpdateAgentConfigurationJSONRequestBody defines body for CreateUpdateAgentConfiguration for application/json ContentType.
-type CreateUpdateAgentConfigurationJSONRequestBody = APMUIAgentConfigurationIntakeObject
+// SecurityDetectionsAPIQueryRuleResponseFields defines model for Security_Detections_API_QueryRuleResponseFields.
+type SecurityDetectionsAPIQueryRuleResponseFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression `json:"alert_suppression,omitempty"`
+	DataViewId       *SecurityDetectionsAPIDataViewId       `json:"data_view_id,omitempty"`
 
-// PostMaintenanceWindowJSONBody defines parameters for PostMaintenanceWindow.
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
 
-type PostMaintenanceWindowJSONBody struct {
-	// Enabled Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications.
-	Enabled  *bool `json:"enabled,omitempty"`
-	Schedule struct {
-		Custom struct {
-			// Duration The duration of the schedule. It allows values in `<integer><unit>` format. `<unit>` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.
-			Duration  string `json:"duration"`
-			Recurring *struct {
-				// End The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.
-				End *string `json:"end,omitempty"`
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index    *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+	Language SecurityDetectionsAPIKqlQueryLanguage   `json:"language"`
 
-				// Every The interval and frequency of a recurring schedule. It allows values in `<integer><unit>` format. `<unit>` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.
-				Every *string `json:"every,omitempty"`
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
 
-				// Occurrences The total number of recurrences of the schedule.
-				Occurrences *float32 `json:"occurrences,omitempty"`
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId *SecurityDetectionsAPISavedQueryId `json:"saved_id,omitempty"`
 
-				// OnMonth The specific months for a recurring schedule. Valid values are 1-12.
-				OnMonth *[]float32 `json:"onMonth,omitempty"`
+	// Type Rule type
+	Type SecurityDetectionsAPIQueryRuleResponseFieldsType `json:"type"`
+}
 
-				// OnMonthDay The specific days of the month for a recurring schedule. Valid values are 1-31.
-				OnMonthDay *[]float32 `json:"onMonthDay,omitempty"`
+// SecurityDetectionsAPIQueryRuleResponseFieldsType Rule type
+type SecurityDetectionsAPIQueryRuleResponseFieldsType string
 
-				// OnWeekDay The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule.
-				OnWeekDay *[]string `json:"onWeekDay,omitempty"`
-			} `json:"recurring,omitempty"`
+// SecurityDetectionsAPIQueryRuleUpdateProps defines model for Security_Detections_API_QueryRuleUpdateProps.
+type SecurityDetectionsAPIQueryRuleUpdateProps struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions *[]SecurityDetectionsAPIRuleAction `json:"actions,omitempty"`
 
-			// Start The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.
-			Start string `json:"start"`
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
 
-			// Timezone The timezone of the schedule. The default timezone is UTC.
-			Timezone *string `json:"timezone,omitempty"`
-		} `json:"custom"`
-	} `json:"schedule"`
-	Scope *struct {
-		Alerting struct {
-			Query struct {
-				// Kql A filter written in Kibana Query Language (KQL). Only alerts matching this query will be supressed by the maintenance window.
-				Kql string `json:"kql"`
-			} `json:"query"`
-		} `json:"alerting"`
-	} `json:"scope,omitempty"`
+	// Author The rule’s author.
+	Author *SecurityDetectionsAPIRuleAuthorArray `json:"author,omitempty"`
 
-	// Title The name of the maintenance window. While this name does not have to be unique, a distinctive name can help you identify a specific maintenance window.
-	Title string `json:"title"`
-}
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
+	DataViewId        *SecurityDetectionsAPIDataViewId        `json:"data_view_id,omitempty"`
 
-// PatchMaintenanceWindowIdJSONBody defines parameters for PatchMaintenanceWindowId.
-type PatchMaintenanceWindowIdJSONBody struct {
-	// Enabled Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications.
-	Enabled  *bool `json:"enabled,omitempty"`
-	Schedule *struct {
-		Custom struct {
-			// Duration The duration of the schedule. It allows values in `<integer><unit>` format. `<unit>` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.
-			Duration  string `json:"duration"`
-			Recurring *struct {
-				// End The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.
-				End *string `json:"end,omitempty"`
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
 
-				// Every The interval and frequency of a recurring schedule. It allows values in `<integer><unit>` format. `<unit>` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.
-				Every *string `json:"every,omitempty"`
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        *SecurityDetectionsAPIIsRuleEnabled       `json:"enabled,omitempty"`
+	ExceptionsList *[]SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list,omitempty"`
 
-				// Occurrences The total number of recurrences of the schedule.
-				Occurrences *float32 `json:"occurrences,omitempty"`
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives *SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives,omitempty"`
 
-				// OnMonth The specific months for a recurring schedule. Valid values are 1-12.
-				OnMonth *[]float32 `json:"onMonth,omitempty"`
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
 
-				// OnMonthDay The specific days of the month for a recurring schedule. Valid values are 1-31.
-				OnMonthDay *[]float32 `json:"onMonthDay,omitempty"`
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From *SecurityDetectionsAPIRuleIntervalFrom `json:"from,omitempty"`
 
-				// OnWeekDay The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule.
-				OnWeekDay *[]string `json:"onWeekDay,omitempty"`
-			} `json:"recurring,omitempty"`
+	// Id A universally unique identifier
+	Id *SecurityDetectionsAPIRuleObjectId `json:"id,omitempty"`
 
-			// Start The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.
-			Start string `json:"start"`
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
 
-			// Timezone The timezone of the schedule. The default timezone is UTC.
-			Timezone *string `json:"timezone,omitempty"`
-		} `json:"custom"`
-	} `json:"schedule,omitempty"`
-	Scope *struct {
-		Alerting struct {
-			Query struct {
-				// Kql A filter written in Kibana Query Language (KQL). Only alerts matching this query will be supressed by the maintenance window.
-				Kql string `json:"kql"`
-			} `json:"query"`
-		} `json:"alerting"`
-	} `json:"scope,omitempty"`
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval *SecurityDetectionsAPIRuleInterval `json:"interval,omitempty"`
 
-	// Title The name of the maintenance window. While this name does not have to be unique, a distinctive name can help you identify a specific maintenance window.
-	Title *string `json:"title,omitempty"`
-}
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	Language            *SecurityDetectionsAPIKqlQueryLanguage    `json:"language,omitempty"`
 
-// PostFleetAgentPoliciesJSONRequestBody defines body for PostFleetAgentPolicies for application/json ContentType.
-type PostFleetAgentPoliciesJSONRequestBody PostFleetAgentPoliciesJSONBody
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
 
-// PostFleetAgentPoliciesDeleteJSONRequestBody defines body for PostFleetAgentPoliciesDelete for application/json ContentType.
-type PostFleetAgentPoliciesDeleteJSONRequestBody PostFleetAgentPoliciesDeleteJSONBody
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals *SecurityDetectionsAPIMaxSignals `json:"max_signals,omitempty"`
 
-// PutFleetAgentPoliciesAgentpolicyidJSONRequestBody defines body for PutFleetAgentPoliciesAgentpolicyid for application/json ContentType.
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
+
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
+
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
+
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
+
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query *SecurityDetectionsAPIRuleQuery `json:"query,omitempty"`
+
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          *SecurityDetectionsAPIRuleReferenceArray      `json:"references,omitempty"`
+	RelatedIntegrations *SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations,omitempty"`
+
+	// RequiredFields Elasticsearch fields and their types that need to be present for the rule to function.
+	// > info
+	// > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.
+	RequiredFields  *[]SecurityDetectionsAPIRequiredFieldInput `json:"required_fields,omitempty"`
+	ResponseActions *[]SecurityDetectionsAPIResponseAction     `json:"response_actions,omitempty"`
+
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
+
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping *SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping,omitempty"`
+
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId *SecurityDetectionsAPIRuleSignatureId `json:"rule_id,omitempty"`
+
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId *SecurityDetectionsAPISavedQueryId `json:"saved_id,omitempty"`
+
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup *SecurityDetectionsAPISetupGuide `json:"setup,omitempty"`
+
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
+
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping *SecurityDetectionsAPISeverityMapping `json:"severity_mapping,omitempty"`
+
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags   *SecurityDetectionsAPIRuleTagArray `json:"tags,omitempty"`
+	Threat *SecurityDetectionsAPIThreatArray  `json:"threat,omitempty"`
+
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
+
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
+
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
+
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
+
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                *SecurityDetectionsAPIRuleIntervalTo                    `json:"to,omitempty"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIQueryRuleUpdatePropsType `json:"type"`
+
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version *SecurityDetectionsAPIRuleVersion `json:"version,omitempty"`
+}
+
+// SecurityDetectionsAPIQueryRuleUpdatePropsType Rule type
+type SecurityDetectionsAPIQueryRuleUpdatePropsType string
+
+// SecurityDetectionsAPIRelatedIntegration Related integration is a potential dependency of a rule. It's assumed that if the user installs
+// one of the related integrations of a rule, the rule might start to work properly because it will
+// have source events (generated by this integration) potentially matching the rule's query.
+//
+// NOTE: Proper work is not guaranteed, because a related integration, if installed, can be
+// configured differently or generate data that is not necessarily relevant for this rule.
+//
+// Related integration is a combination of a Fleet package and (optionally) one of the
+// package's "integrations" that this package contains. It is represented by 3 properties:
+//
+// - `package`: name of the package (required, unique id)
+// - `version`: version of the package (required, semver-compatible)
+// - `integration`: name of the integration of this package (optional, id within the package)
+//
+// There are Fleet packages like `windows` that contain only one integration; in this case,
+// `integration` should be unspecified. There are also packages like `aws` and `azure` that contain
+// several integrations; in this case, `integration` should be specified.
+type SecurityDetectionsAPIRelatedIntegration struct {
+	// Integration A string that does not contain only whitespace characters
+	Integration *SecurityDetectionsAPINonEmptyString `json:"integration,omitempty"`
+
+	// Package A string that does not contain only whitespace characters
+	Package SecurityDetectionsAPINonEmptyString `json:"package"`
+
+	// Version A string that does not contain only whitespace characters
+	Version SecurityDetectionsAPINonEmptyString `json:"version"`
+}
+
+// SecurityDetectionsAPIRelatedIntegrationArray defines model for Security_Detections_API_RelatedIntegrationArray.
+type SecurityDetectionsAPIRelatedIntegrationArray = []SecurityDetectionsAPIRelatedIntegration
+
+// SecurityDetectionsAPIRequiredField Describes an Elasticsearch field that is needed for the rule to function.
+//
+// Almost all types of Security rules check source event documents for a match to some kind of
+// query or filter. If a document has certain field with certain values, then it's a match and
+// the rule will generate an alert.
+//
+// Required field is an event field that must be present in the source indices of a given rule.
+//
+// @example
+//
+//	const standardEcsField: RequiredField = {
+//	  name: 'event.action',
+//	  type: 'keyword',
+//	  ecs: true,
+//	};
+//
+// @example
+//
+//	const nonEcsField: RequiredField = {
+//	  name: 'winlog.event_data.AttributeLDAPDisplayName',
+//	  type: 'keyword',
+//	  ecs: false,
+//	};
+type SecurityDetectionsAPIRequiredField struct {
+	// Ecs Indicates whether the field is ECS-compliant. This property is only present in responses. Its value is computed based on field’s name and type.
+	Ecs bool `json:"ecs"`
+
+	// Name Name of an Elasticsearch field
+	Name string `json:"name"`
+
+	// Type Type of the Elasticsearch field
+	Type string `json:"type"`
+}
+
+// SecurityDetectionsAPIRequiredFieldArray defines model for Security_Detections_API_RequiredFieldArray.
+type SecurityDetectionsAPIRequiredFieldArray = []SecurityDetectionsAPIRequiredField
+
+// SecurityDetectionsAPIRequiredFieldInput Input parameters to create a RequiredField. Does not include the `ecs` field, because `ecs` is calculated on the backend based on the field name and type.
+type SecurityDetectionsAPIRequiredFieldInput struct {
+	// Name Name of an Elasticsearch field
+	Name string `json:"name"`
+
+	// Type Type of the Elasticsearch field
+	Type string `json:"type"`
+}
+
+// SecurityDetectionsAPIResponseAction defines model for Security_Detections_API_ResponseAction.
+type SecurityDetectionsAPIResponseAction struct {
+	union json.RawMessage
+}
+
+// SecurityDetectionsAPIResponseFields defines model for Security_Detections_API_ResponseFields.
+type SecurityDetectionsAPIResponseFields struct {
+	CreatedAt time.Time `json:"created_at"`
+	CreatedBy string    `json:"created_by"`
+
+	// ExecutionSummary Summary of the last execution of a rule.
+	// > info
+	// > This field is under development and its usage or schema may change
+	ExecutionSummary *SecurityDetectionsAPIRuleExecutionSummary `json:"execution_summary,omitempty"`
+
+	// Id A universally unique identifier
+	Id SecurityDetectionsAPIRuleObjectId `json:"id"`
+
+	// Immutable This field determines whether the rule is a prebuilt Elastic rule. It will be replaced with the `rule_source` field.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	Immutable      SecurityDetectionsAPIIsRuleImmutable    `json:"immutable"`
+	RequiredFields SecurityDetectionsAPIRequiredFieldArray `json:"required_fields"`
+
+	// Revision The rule's revision number.
+	//
+	// It represents the version of rule's object in Kibana. It is set to `0` when the rule is installed or created and then gets incremented on each update.
+	// > info
+	// > Not all updates to any rule fields will increment the revision. Only those fields that are considered static `rule parameters` can trigger revision increments. For example, an update to a rule's query or index fields will increment the rule's revision by `1`. However, changes to dynamic or technical fields like enabled or execution_summary will not cause revision increments.
+	Revision SecurityDetectionsAPIRuleRevision `json:"revision"`
+
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId SecurityDetectionsAPIRuleSignatureId `json:"rule_id"`
+
+	// RuleSource Discriminated union that determines whether the rule is internally sourced (created within the Kibana app) or has an external source, such as the Elastic Prebuilt rules repo.
+	RuleSource SecurityDetectionsAPIRuleSource `json:"rule_source"`
+	UpdatedAt  time.Time                       `json:"updated_at"`
+	UpdatedBy  string                          `json:"updated_by"`
+}
+
+// SecurityDetectionsAPIRiskScore A numerical representation of the alert's severity from 0 to 100, where:
+// * `0` - `21` represents low severity
+// * `22` - `47` represents medium severity
+// * `48` - `73` represents high severity
+// * `74` - `100` represents critical severity
+type SecurityDetectionsAPIRiskScore = int
+
+// SecurityDetectionsAPIRiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+type SecurityDetectionsAPIRiskScoreMapping = []struct {
+	// Field Source event field used to override the default `risk_score`.
+	Field    string                                        `json:"field"`
+	Operator SecurityDetectionsAPIRiskScoreMappingOperator `json:"operator"`
+
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore *SecurityDetectionsAPIRiskScore `json:"risk_score,omitempty"`
+	Value     string                          `json:"value"`
+}
+
+// SecurityDetectionsAPIRiskScoreMappingOperator defines model for SecurityDetectionsAPIRiskScoreMapping.Operator.
+type SecurityDetectionsAPIRiskScoreMappingOperator string
+
+// SecurityDetectionsAPIRuleAction defines model for Security_Detections_API_RuleAction.
+type SecurityDetectionsAPIRuleAction struct {
+	// ActionTypeId The action type used for sending notifications, can be:
+	//
+	//   - `.slack`
+	//   - `.slack_api`
+	//   - `.email`
+	//   - `.index`
+	//   - `.pagerduty`
+	//   - `.swimlane`
+	//   - `.webhook`
+	//   - `.servicenow`
+	//   - `.servicenow-itom`
+	//   - `.servicenow-sir`
+	//   - `.jira`
+	//   - `.resilient`
+	//   - `.opsgenie`
+	//   - `.teams`
+	//   - `.torq`
+	//   - `.tines`
+	//   - `.d3security`
+	ActionTypeId string `json:"action_type_id"`
+
+	// AlertsFilter Object containing an action’s conditional filters.
+	//
+	// - `timeframe` (object, optional): Object containing the time frame for when this action can be run.
+	//     - `days` (array of integers, required): List of days of the week on which this action will be run. Days of the week are expressed as numbers between `1-7`, where `1` is Monday and `7` is Sunday. To select all days of the week, enter an empty array.
+	//     - `hours` (object, required): The hours of the day during which this action will run. Hours of the day are expressed as two strings in the format `hh:mm` in `24` hour time. A start of `00:00` and an end of `24:00` means the action can run all day.
+	//         - start (string, required): Start time in `hh:mm` format.
+	//         - end (string, required): End time in `hh:mm` format.
+	//     - `timezone` (string, required): An ISO timezone name, such as `Europe/Madrid` or `America/New_York`. Specific offsets such as `UTC` or `UTC+1` will also work, but lack built-in DST.
+	// - `query` (object, optional): Object containing a query filter which gets applied to an action and determines whether the action should run.
+	//     - `kql` (string, required): A KQL string.
+	//     - `filters` (array of objects, required): Array of filter objects, as defined in the `kbn-es-query` package.
+	AlertsFilter *SecurityDetectionsAPIRuleActionAlertsFilter `json:"alerts_filter,omitempty"`
+
+	// Frequency The action frequency defines when the action runs (for example, only on rule execution or at specific time intervals).
+	Frequency *SecurityDetectionsAPIRuleActionFrequency `json:"frequency,omitempty"`
+
+	// Group Optionally groups actions by use cases. Use `default` for alert notifications.
+	Group *SecurityDetectionsAPIRuleActionGroup `json:"group,omitempty"`
+
+	// Id The connector ID.
+	Id SecurityDetectionsAPIRuleActionId `json:"id"`
+
+	// Params Object containing the allowed connector fields, which varies according to the connector type.
+	//
+	// For Slack:
+	//
+	//   - `message` (string, required): The notification message.
+	//
+	// For email:
+	//
+	//   - `to`, `cc`, `bcc` (string): Email addresses to which the notifications are sent. At least one field must have a value.
+	//   - `subject` (string, optional): Email subject line.
+	//   - `message` (string, required): Email body text.
+	//
+	// For Webhook:
+	//
+	//   - `body` (string, required): JSON payload.
+	//
+	// For PagerDuty:
+	//
+	//   - `severity` (string, required): Severity of on the alert notification, can be: `Critical`, `Error`, `Warning` or `Info`.
+	//   - `eventAction` (string, required): Event [action type](https://v2.developer.pagerduty.com/docs/events-api-v2#event-action), which can be `trigger`, `resolve`, or `acknowledge`.
+	//   - `dedupKey` (string, optional): Groups alert notifications with the same PagerDuty alert.
+	//   - `timestamp` (DateTime, optional): ISO-8601 format [timestamp](https://v2.developer.pagerduty.com/docs/types#datetime).
+	//   - `component` (string, optional): Source machine component responsible for the event, for example `security-solution`.
+	//   - `group` (string, optional): Enables logical grouping of service components.
+	//   - `source` (string, optional): The affected system. Defaults to the Kibana saved object ID of the action.
+	//   - `summary` (string, options): Summary of the event. Defaults to `No summary provided`. Maximum length is 1024 characters.
+	//   - `class` (string, optional): Value indicating the class/type of the event.
+	Params SecurityDetectionsAPIRuleActionParams `json:"params"`
+
+	// Uuid A string that does not contain only whitespace characters
+	Uuid *SecurityDetectionsAPINonEmptyString `json:"uuid,omitempty"`
+}
+
+// SecurityDetectionsAPIRuleActionAlertsFilter Object containing an action’s conditional filters.
+//
+// - `timeframe` (object, optional): Object containing the time frame for when this action can be run.
+//   - `days` (array of integers, required): List of days of the week on which this action will be run. Days of the week are expressed as numbers between `1-7`, where `1` is Monday and `7` is Sunday. To select all days of the week, enter an empty array.
+//   - `hours` (object, required): The hours of the day during which this action will run. Hours of the day are expressed as two strings in the format `hh:mm` in `24` hour time. A start of `00:00` and an end of `24:00` means the action can run all day.
+//   - start (string, required): Start time in `hh:mm` format.
+//   - end (string, required): End time in `hh:mm` format.
+//   - `timezone` (string, required): An ISO timezone name, such as `Europe/Madrid` or `America/New_York`. Specific offsets such as `UTC` or `UTC+1` will also work, but lack built-in DST.
+//
+// - `query` (object, optional): Object containing a query filter which gets applied to an action and determines whether the action should run.
+//   - `kql` (string, required): A KQL string.
+//   - `filters` (array of objects, required): Array of filter objects, as defined in the `kbn-es-query` package.
+type SecurityDetectionsAPIRuleActionAlertsFilter map[string]interface{}
+
+// SecurityDetectionsAPIRuleActionFrequency The action frequency defines when the action runs (for example, only on rule execution or at specific time intervals).
+type SecurityDetectionsAPIRuleActionFrequency struct {
+	// NotifyWhen Defines how often rules run actions.
+	NotifyWhen SecurityDetectionsAPIRuleActionNotifyWhen `json:"notifyWhen"`
+
+	// Summary Action summary indicates whether we will send a summary notification about all the generate alerts or notification per individual alert
+	Summary bool `json:"summary"`
+
+	// Throttle Defines how often rule actions are taken.
+	Throttle SecurityDetectionsAPIRuleActionThrottle `json:"throttle"`
+}
+
+// SecurityDetectionsAPIRuleActionGroup Optionally groups actions by use cases. Use `default` for alert notifications.
+type SecurityDetectionsAPIRuleActionGroup = string
+
+// SecurityDetectionsAPIRuleActionId The connector ID.
+type SecurityDetectionsAPIRuleActionId = string
+
+// SecurityDetectionsAPIRuleActionNotifyWhen Defines how often rules run actions.
+type SecurityDetectionsAPIRuleActionNotifyWhen string
+
+// SecurityDetectionsAPIRuleActionParams Object containing the allowed connector fields, which varies according to the connector type.
+//
+// For Slack:
+//
+//   - `message` (string, required): The notification message.
+//
+// For email:
+//
+//   - `to`, `cc`, `bcc` (string): Email addresses to which the notifications are sent. At least one field must have a value.
+//   - `subject` (string, optional): Email subject line.
+//   - `message` (string, required): Email body text.
+//
+// For Webhook:
+//
+//   - `body` (string, required): JSON payload.
+//
+// For PagerDuty:
+//
+//   - `severity` (string, required): Severity of on the alert notification, can be: `Critical`, `Error`, `Warning` or `Info`.
+//   - `eventAction` (string, required): Event [action type](https://v2.developer.pagerduty.com/docs/events-api-v2#event-action), which can be `trigger`, `resolve`, or `acknowledge`.
+//   - `dedupKey` (string, optional): Groups alert notifications with the same PagerDuty alert.
+//   - `timestamp` (DateTime, optional): ISO-8601 format [timestamp](https://v2.developer.pagerduty.com/docs/types#datetime).
+//   - `component` (string, optional): Source machine component responsible for the event, for example `security-solution`.
+//   - `group` (string, optional): Enables logical grouping of service components.
+//   - `source` (string, optional): The affected system. Defaults to the Kibana saved object ID of the action.
+//   - `summary` (string, options): Summary of the event. Defaults to `No summary provided`. Maximum length is 1024 characters.
+//   - `class` (string, optional): Value indicating the class/type of the event.
+type SecurityDetectionsAPIRuleActionParams map[string]interface{}
+
+// SecurityDetectionsAPIRuleActionThrottle Defines how often rule actions are taken.
+type SecurityDetectionsAPIRuleActionThrottle struct {
+	union json.RawMessage
+}
+
+// SecurityDetectionsAPIRuleActionThrottle0 defines model for SecurityDetectionsAPIRuleActionThrottle.0.
+type SecurityDetectionsAPIRuleActionThrottle0 string
+
+// SecurityDetectionsAPIRuleActionThrottle1 Time interval in seconds, minutes, hours, or days.
+type SecurityDetectionsAPIRuleActionThrottle1 = string
+
+// SecurityDetectionsAPIRuleAuthorArray The rule’s author.
+type SecurityDetectionsAPIRuleAuthorArray = []string
+
+// SecurityDetectionsAPIRuleCreateProps defines model for Security_Detections_API_RuleCreateProps.
+type SecurityDetectionsAPIRuleCreateProps struct {
+	union json.RawMessage
+}
+
+// SecurityDetectionsAPIRuleDescription The rule’s description.
+type SecurityDetectionsAPIRuleDescription = string
+
+// SecurityDetectionsAPIRuleExceptionList Array of [exception containers](https://www.elastic.co/guide/en/security/current/exceptions-api-overview.html), which define exceptions that prevent the rule from generating alerts even when its other criteria are met.
+type SecurityDetectionsAPIRuleExceptionList struct {
+	// Id ID of the exception container
+	Id string `json:"id"`
+
+	// ListId List ID of the exception container
+	ListId string `json:"list_id"`
+
+	// NamespaceType Determines the exceptions validity in rule's Kibana space
+	NamespaceType SecurityDetectionsAPIRuleExceptionListNamespaceType `json:"namespace_type"`
+
+	// Type The exception type
+	Type SecurityDetectionsAPIExceptionListType `json:"type"`
+}
+
+// SecurityDetectionsAPIRuleExceptionListNamespaceType Determines the exceptions validity in rule's Kibana space
+type SecurityDetectionsAPIRuleExceptionListNamespaceType string
+
+// SecurityDetectionsAPIRuleExecutionMetrics defines model for Security_Detections_API_RuleExecutionMetrics.
+type SecurityDetectionsAPIRuleExecutionMetrics struct {
+	// ExecutionGapDurationS Duration in seconds of execution gap
+	ExecutionGapDurationS *int `json:"execution_gap_duration_s,omitempty"`
+
+	// FrozenIndicesQueriedCount Count of frozen indices queried during the rule execution. These indices could not be entirely excluded after applying the time range filter.
+	FrozenIndicesQueriedCount *int `json:"frozen_indices_queried_count,omitempty"`
+
+	// GapRange Range of the execution gap
+	GapRange *struct {
+		// Gte Start date of the execution gap
+		Gte string `json:"gte"`
+
+		// Lte End date of the execution gap
+		Lte string `json:"lte"`
+	} `json:"gap_range,omitempty"`
+
+	// TotalEnrichmentDurationMs Total time spent enriching documents during current rule execution cycle
+	TotalEnrichmentDurationMs *int `json:"total_enrichment_duration_ms,omitempty"`
+
+	// TotalIndexingDurationMs Total time spent indexing documents during current rule execution cycle
+	TotalIndexingDurationMs *int `json:"total_indexing_duration_ms,omitempty"`
+
+	// TotalSearchDurationMs Total time spent performing ES searches as measured by Kibana; includes network latency and time spent serializing/deserializing request/response
+	TotalSearchDurationMs *int `json:"total_search_duration_ms,omitempty"`
+}
+
+// SecurityDetectionsAPIRuleExecutionStatus Custom execution status of Security rules that is different from the status used in the Alerting Framework. We merge our custom status with the Framework's status to determine the resulting status of a rule.
+// - going to run - @deprecated Replaced by the 'running' status but left for backwards compatibility with rule execution events already written to Event Log in the prior versions of Kibana. Don't use when writing rule status changes.
+// - running - Rule execution started but not reached any intermediate or final status.
+// - partial failure - Rule can partially fail for various reasons either in the middle of an execution (in this case we update its status right away) or in the end of it. So currently this status can be both intermediate and final at the same time. A typical reason for a partial failure: not all the indices that the rule searches over actually exist.
+// - failed - Rule failed to execute due to unhandled exception or a reason defined in the business logic of its executor function.
+// - succeeded - Rule executed successfully without any issues. Note: this status is just an indication of a rule's "health". The rule might or might not generate any alerts despite of it.
+type SecurityDetectionsAPIRuleExecutionStatus string
+
+// SecurityDetectionsAPIRuleExecutionStatusOrder defines model for Security_Detections_API_RuleExecutionStatusOrder.
+type SecurityDetectionsAPIRuleExecutionStatusOrder = int
+
+// SecurityDetectionsAPIRuleExecutionSummary Summary of the last execution of a rule.
+// > info
+// > This field is under development and its usage or schema may change
+type SecurityDetectionsAPIRuleExecutionSummary struct {
+	LastExecution struct {
+		// Date Date of the last execution
+		Date    time.Time                                 `json:"date"`
+		Message string                                    `json:"message"`
+		Metrics SecurityDetectionsAPIRuleExecutionMetrics `json:"metrics"`
+
+		// Status Custom execution status of Security rules that is different from the status used in the Alerting Framework. We merge our custom status with the Framework's status to determine the resulting status of a rule.
+		// - going to run - @deprecated Replaced by the 'running' status but left for backwards compatibility with rule execution events already written to Event Log in the prior versions of Kibana. Don't use when writing rule status changes.
+		// - running - Rule execution started but not reached any intermediate or final status.
+		// - partial failure - Rule can partially fail for various reasons either in the middle of an execution (in this case we update its status right away) or in the end of it. So currently this status can be both intermediate and final at the same time. A typical reason for a partial failure: not all the indices that the rule searches over actually exist.
+		// - failed - Rule failed to execute due to unhandled exception or a reason defined in the business logic of its executor function.
+		// - succeeded - Rule executed successfully without any issues. Note: this status is just an indication of a rule's "health". The rule might or might not generate any alerts despite of it.
+		Status      SecurityDetectionsAPIRuleExecutionStatus      `json:"status"`
+		StatusOrder SecurityDetectionsAPIRuleExecutionStatusOrder `json:"status_order"`
+	} `json:"last_execution"`
+}
+
+// SecurityDetectionsAPIRuleFalsePositiveArray String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+type SecurityDetectionsAPIRuleFalsePositiveArray = []string
+
+// SecurityDetectionsAPIRuleFilterArray The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+// > info
+// > This field is not supported for ES|QL rules.
+type SecurityDetectionsAPIRuleFilterArray = []interface{}
+
+// SecurityDetectionsAPIRuleInterval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+type SecurityDetectionsAPIRuleInterval = string
+
+// SecurityDetectionsAPIRuleIntervalFrom Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+type SecurityDetectionsAPIRuleIntervalFrom = string
+
+// SecurityDetectionsAPIRuleIntervalTo defines model for Security_Detections_API_RuleIntervalTo.
+type SecurityDetectionsAPIRuleIntervalTo = string
+
+// SecurityDetectionsAPIRuleLicense The rule's license.
+type SecurityDetectionsAPIRuleLicense = string
+
+// SecurityDetectionsAPIRuleMetadata Placeholder for metadata about the rule.
+// > info
+// > This field is overwritten when you save changes to the rule’s settings.
+type SecurityDetectionsAPIRuleMetadata map[string]interface{}
+
+// SecurityDetectionsAPIRuleName A human-readable name for the rule.
+type SecurityDetectionsAPIRuleName = string
+
+// SecurityDetectionsAPIRuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+type SecurityDetectionsAPIRuleNameOverride = string
+
+// SecurityDetectionsAPIRuleObjectId A universally unique identifier
+type SecurityDetectionsAPIRuleObjectId = SecurityDetectionsAPIUUID
+
+// SecurityDetectionsAPIRuleQuery [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+//
+// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+type SecurityDetectionsAPIRuleQuery = string
+
+// SecurityDetectionsAPIRuleReferenceArray Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+type SecurityDetectionsAPIRuleReferenceArray = []string
+
+// SecurityDetectionsAPIRuleResponse defines model for Security_Detections_API_RuleResponse.
+type SecurityDetectionsAPIRuleResponse struct {
+	union json.RawMessage
+}
+
+// SecurityDetectionsAPIRuleRevision The rule's revision number.
+//
+// It represents the version of rule's object in Kibana. It is set to `0` when the rule is installed or created and then gets incremented on each update.
+// > info
+// > Not all updates to any rule fields will increment the revision. Only those fields that are considered static `rule parameters` can trigger revision increments. For example, an update to a rule's query or index fields will increment the rule's revision by `1`. However, changes to dynamic or technical fields like enabled or execution_summary will not cause revision increments.
+type SecurityDetectionsAPIRuleRevision = int
+
+// SecurityDetectionsAPIRuleSignatureId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+type SecurityDetectionsAPIRuleSignatureId = string
+
+// SecurityDetectionsAPIRuleSource Discriminated union that determines whether the rule is internally sourced (created within the Kibana app) or has an external source, such as the Elastic Prebuilt rules repo.
+type SecurityDetectionsAPIRuleSource struct {
+	union json.RawMessage
+}
+
+// SecurityDetectionsAPIRuleTagArray String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+type SecurityDetectionsAPIRuleTagArray = []string
+
+// SecurityDetectionsAPIRuleUpdateProps defines model for Security_Detections_API_RuleUpdateProps.
+type SecurityDetectionsAPIRuleUpdateProps struct {
+	union json.RawMessage
+}
+
+// SecurityDetectionsAPIRuleVersion The rule's version number.
+//
+// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+// - For custom rules it is set to `1` when the rule is created.
+// > info
+// > It is not incremented on each update. Compare this to the `revision` field.
+type SecurityDetectionsAPIRuleVersion = int
+
+// SecurityDetectionsAPISavedObjectResolveAliasPurpose defines model for Security_Detections_API_SavedObjectResolveAliasPurpose.
+type SecurityDetectionsAPISavedObjectResolveAliasPurpose string
+
+// SecurityDetectionsAPISavedObjectResolveAliasTargetId defines model for Security_Detections_API_SavedObjectResolveAliasTargetId.
+type SecurityDetectionsAPISavedObjectResolveAliasTargetId = string
+
+// SecurityDetectionsAPISavedObjectResolveOutcome defines model for Security_Detections_API_SavedObjectResolveOutcome.
+type SecurityDetectionsAPISavedObjectResolveOutcome string
+
+// SecurityDetectionsAPISavedQueryId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+type SecurityDetectionsAPISavedQueryId = string
+
+// SecurityDetectionsAPISavedQueryRule defines model for Security_Detections_API_SavedQueryRule.
+type SecurityDetectionsAPISavedQueryRule struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions []SecurityDetectionsAPIRuleAction `json:"actions"`
+
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
+
+	// Author The rule’s author.
+	Author SecurityDetectionsAPIRuleAuthorArray `json:"author"`
+
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
+	CreatedAt         time.Time                               `json:"created_at"`
+	CreatedBy         string                                  `json:"created_by"`
+	DataViewId        *SecurityDetectionsAPIDataViewId        `json:"data_view_id,omitempty"`
+
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
+
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        SecurityDetectionsAPIIsRuleEnabled       `json:"enabled"`
+	ExceptionsList []SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list"`
+
+	// ExecutionSummary Summary of the last execution of a rule.
+	// > info
+	// > This field is under development and its usage or schema may change
+	ExecutionSummary *SecurityDetectionsAPIRuleExecutionSummary `json:"execution_summary,omitempty"`
+
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From SecurityDetectionsAPIRuleIntervalFrom `json:"from"`
+
+	// Id A universally unique identifier
+	Id SecurityDetectionsAPIRuleObjectId `json:"id"`
+
+	// Immutable This field determines whether the rule is a prebuilt Elastic rule. It will be replaced with the `rule_source` field.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	Immutable SecurityDetectionsAPIIsRuleImmutable `json:"immutable"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval SecurityDetectionsAPIRuleInterval `json:"interval"`
+
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	Language            SecurityDetectionsAPIKqlQueryLanguage     `json:"language"`
+
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
+
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals SecurityDetectionsAPIMaxSignals `json:"max_signals"`
+
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
+
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
+
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
+
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
+
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query *SecurityDetectionsAPIRuleQuery `json:"query,omitempty"`
+
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          SecurityDetectionsAPIRuleReferenceArray      `json:"references"`
+	RelatedIntegrations SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations"`
+	RequiredFields      SecurityDetectionsAPIRequiredFieldArray      `json:"required_fields"`
+	ResponseActions     *[]SecurityDetectionsAPIResponseAction       `json:"response_actions,omitempty"`
+
+	// Revision The rule's revision number.
+	//
+	// It represents the version of rule's object in Kibana. It is set to `0` when the rule is installed or created and then gets incremented on each update.
+	// > info
+	// > Not all updates to any rule fields will increment the revision. Only those fields that are considered static `rule parameters` can trigger revision increments. For example, an update to a rule's query or index fields will increment the rule's revision by `1`. However, changes to dynamic or technical fields like enabled or execution_summary will not cause revision increments.
+	Revision SecurityDetectionsAPIRuleRevision `json:"revision"`
+
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
+
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping"`
+
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId SecurityDetectionsAPIRuleSignatureId `json:"rule_id"`
+
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
+
+	// RuleSource Discriminated union that determines whether the rule is internally sourced (created within the Kibana app) or has an external source, such as the Elastic Prebuilt rules repo.
+	RuleSource SecurityDetectionsAPIRuleSource `json:"rule_source"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId SecurityDetectionsAPISavedQueryId `json:"saved_id"`
+
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup SecurityDetectionsAPISetupGuide `json:"setup"`
+
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
+
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping SecurityDetectionsAPISeverityMapping `json:"severity_mapping"`
+
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags   SecurityDetectionsAPIRuleTagArray `json:"tags"`
+	Threat SecurityDetectionsAPIThreatArray  `json:"threat"`
+
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
+
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
+
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
+
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
+
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                SecurityDetectionsAPIRuleIntervalTo                     `json:"to"`
+
+	// Type Rule type
+	Type      SecurityDetectionsAPISavedQueryRuleType `json:"type"`
+	UpdatedAt time.Time                               `json:"updated_at"`
+	UpdatedBy string                                  `json:"updated_by"`
+
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version SecurityDetectionsAPIRuleVersion `json:"version"`
+}
+
+// SecurityDetectionsAPISavedQueryRuleType Rule type
+type SecurityDetectionsAPISavedQueryRuleType string
+
+// SecurityDetectionsAPISavedQueryRuleCreateFields defines model for Security_Detections_API_SavedQueryRuleCreateFields.
+type SecurityDetectionsAPISavedQueryRuleCreateFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression `json:"alert_suppression,omitempty"`
+	DataViewId       *SecurityDetectionsAPIDataViewId       `json:"data_view_id,omitempty"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index    *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+	Language *SecurityDetectionsAPIKqlQueryLanguage  `json:"language,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query *SecurityDetectionsAPIRuleQuery `json:"query,omitempty"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId SecurityDetectionsAPISavedQueryId `json:"saved_id"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPISavedQueryRuleCreateFieldsType `json:"type"`
+}
+
+// SecurityDetectionsAPISavedQueryRuleCreateFieldsType Rule type
+type SecurityDetectionsAPISavedQueryRuleCreateFieldsType string
+
+// SecurityDetectionsAPISavedQueryRuleCreateProps defines model for Security_Detections_API_SavedQueryRuleCreateProps.
+type SecurityDetectionsAPISavedQueryRuleCreateProps struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions *[]SecurityDetectionsAPIRuleAction `json:"actions,omitempty"`
+
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
+
+	// Author The rule’s author.
+	Author *SecurityDetectionsAPIRuleAuthorArray `json:"author,omitempty"`
+
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
+	DataViewId        *SecurityDetectionsAPIDataViewId        `json:"data_view_id,omitempty"`
+
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
+
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        *SecurityDetectionsAPIIsRuleEnabled       `json:"enabled,omitempty"`
+	ExceptionsList *[]SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list,omitempty"`
+
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives *SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives,omitempty"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From *SecurityDetectionsAPIRuleIntervalFrom `json:"from,omitempty"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval *SecurityDetectionsAPIRuleInterval `json:"interval,omitempty"`
+
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	Language            *SecurityDetectionsAPIKqlQueryLanguage    `json:"language,omitempty"`
+
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
+
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals *SecurityDetectionsAPIMaxSignals `json:"max_signals,omitempty"`
+
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
+
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
+
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
+
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
+
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query *SecurityDetectionsAPIRuleQuery `json:"query,omitempty"`
+
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          *SecurityDetectionsAPIRuleReferenceArray      `json:"references,omitempty"`
+	RelatedIntegrations *SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations,omitempty"`
+
+	// RequiredFields Elasticsearch fields and their types that need to be present for the rule to function.
+	// > info
+	// > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.
+	RequiredFields  *[]SecurityDetectionsAPIRequiredFieldInput `json:"required_fields,omitempty"`
+	ResponseActions *[]SecurityDetectionsAPIResponseAction     `json:"response_actions,omitempty"`
+
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
+
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping *SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping,omitempty"`
+
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId *SecurityDetectionsAPIRuleSignatureId `json:"rule_id,omitempty"`
+
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId SecurityDetectionsAPISavedQueryId `json:"saved_id"`
+
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup *SecurityDetectionsAPISetupGuide `json:"setup,omitempty"`
+
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
+
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping *SecurityDetectionsAPISeverityMapping `json:"severity_mapping,omitempty"`
+
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags   *SecurityDetectionsAPIRuleTagArray `json:"tags,omitempty"`
+	Threat *SecurityDetectionsAPIThreatArray  `json:"threat,omitempty"`
+
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
+
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
+
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
+
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
+
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                *SecurityDetectionsAPIRuleIntervalTo                    `json:"to,omitempty"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPISavedQueryRuleCreatePropsType `json:"type"`
+
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version *SecurityDetectionsAPIRuleVersion `json:"version,omitempty"`
+}
+
+// SecurityDetectionsAPISavedQueryRuleCreatePropsType Rule type
+type SecurityDetectionsAPISavedQueryRuleCreatePropsType string
+
+// SecurityDetectionsAPISavedQueryRuleDefaultableFields defines model for Security_Detections_API_SavedQueryRuleDefaultableFields.
+type SecurityDetectionsAPISavedQueryRuleDefaultableFields struct {
+	Language *SecurityDetectionsAPIKqlQueryLanguage `json:"language,omitempty"`
+}
+
+// SecurityDetectionsAPISavedQueryRuleOptionalFields defines model for Security_Detections_API_SavedQueryRuleOptionalFields.
+type SecurityDetectionsAPISavedQueryRuleOptionalFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression `json:"alert_suppression,omitempty"`
+	DataViewId       *SecurityDetectionsAPIDataViewId       `json:"data_view_id,omitempty"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query *SecurityDetectionsAPIRuleQuery `json:"query,omitempty"`
+}
+
+// SecurityDetectionsAPISavedQueryRuleRequiredFields defines model for Security_Detections_API_SavedQueryRuleRequiredFields.
+type SecurityDetectionsAPISavedQueryRuleRequiredFields struct {
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId SecurityDetectionsAPISavedQueryId `json:"saved_id"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPISavedQueryRuleRequiredFieldsType `json:"type"`
+}
+
+// SecurityDetectionsAPISavedQueryRuleRequiredFieldsType Rule type
+type SecurityDetectionsAPISavedQueryRuleRequiredFieldsType string
+
+// SecurityDetectionsAPISavedQueryRuleResponseFields defines model for Security_Detections_API_SavedQueryRuleResponseFields.
+type SecurityDetectionsAPISavedQueryRuleResponseFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression `json:"alert_suppression,omitempty"`
+	DataViewId       *SecurityDetectionsAPIDataViewId       `json:"data_view_id,omitempty"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index    *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+	Language SecurityDetectionsAPIKqlQueryLanguage   `json:"language"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query *SecurityDetectionsAPIRuleQuery `json:"query,omitempty"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId SecurityDetectionsAPISavedQueryId `json:"saved_id"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPISavedQueryRuleResponseFieldsType `json:"type"`
+}
+
+// SecurityDetectionsAPISavedQueryRuleResponseFieldsType Rule type
+type SecurityDetectionsAPISavedQueryRuleResponseFieldsType string
+
+// SecurityDetectionsAPISavedQueryRuleUpdateProps defines model for Security_Detections_API_SavedQueryRuleUpdateProps.
+type SecurityDetectionsAPISavedQueryRuleUpdateProps struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions *[]SecurityDetectionsAPIRuleAction `json:"actions,omitempty"`
+
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
+
+	// Author The rule’s author.
+	Author *SecurityDetectionsAPIRuleAuthorArray `json:"author,omitempty"`
+
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
+	DataViewId        *SecurityDetectionsAPIDataViewId        `json:"data_view_id,omitempty"`
+
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
+
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        *SecurityDetectionsAPIIsRuleEnabled       `json:"enabled,omitempty"`
+	ExceptionsList *[]SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list,omitempty"`
+
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives *SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives,omitempty"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From *SecurityDetectionsAPIRuleIntervalFrom `json:"from,omitempty"`
+
+	// Id A universally unique identifier
+	Id *SecurityDetectionsAPIRuleObjectId `json:"id,omitempty"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval *SecurityDetectionsAPIRuleInterval `json:"interval,omitempty"`
+
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	Language            *SecurityDetectionsAPIKqlQueryLanguage    `json:"language,omitempty"`
+
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
+
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals *SecurityDetectionsAPIMaxSignals `json:"max_signals,omitempty"`
+
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
+
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
+
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
+
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
+
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query *SecurityDetectionsAPIRuleQuery `json:"query,omitempty"`
+
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          *SecurityDetectionsAPIRuleReferenceArray      `json:"references,omitempty"`
+	RelatedIntegrations *SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations,omitempty"`
+
+	// RequiredFields Elasticsearch fields and their types that need to be present for the rule to function.
+	// > info
+	// > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.
+	RequiredFields  *[]SecurityDetectionsAPIRequiredFieldInput `json:"required_fields,omitempty"`
+	ResponseActions *[]SecurityDetectionsAPIResponseAction     `json:"response_actions,omitempty"`
+
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
+
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping *SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping,omitempty"`
+
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId *SecurityDetectionsAPIRuleSignatureId `json:"rule_id,omitempty"`
+
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId SecurityDetectionsAPISavedQueryId `json:"saved_id"`
+
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup *SecurityDetectionsAPISetupGuide `json:"setup,omitempty"`
+
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
+
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping *SecurityDetectionsAPISeverityMapping `json:"severity_mapping,omitempty"`
+
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags   *SecurityDetectionsAPIRuleTagArray `json:"tags,omitempty"`
+	Threat *SecurityDetectionsAPIThreatArray  `json:"threat,omitempty"`
+
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
+
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
+
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
+
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
+
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                *SecurityDetectionsAPIRuleIntervalTo                    `json:"to,omitempty"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPISavedQueryRuleUpdatePropsType `json:"type"`
+
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version *SecurityDetectionsAPIRuleVersion `json:"version,omitempty"`
+}
+
+// SecurityDetectionsAPISavedQueryRuleUpdatePropsType Rule type
+type SecurityDetectionsAPISavedQueryRuleUpdatePropsType string
+
+// SecurityDetectionsAPISetupGuide Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+type SecurityDetectionsAPISetupGuide = string
+
+// SecurityDetectionsAPISeverity Severity level of alerts produced by the rule, which must be one of the following:
+// * `low`: Alerts that are of interest but generally not considered to be security incidents
+// * `medium`: Alerts that require investigation
+// * `high`: Alerts that require immediate investigation
+// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+type SecurityDetectionsAPISeverity string
+
+// SecurityDetectionsAPISeverityMapping Overrides generated alerts' severity with values from the source event
+type SecurityDetectionsAPISeverityMapping = []struct {
+	// Field Source event field used to override the default `severity`.
+	Field    string                                       `json:"field"`
+	Operator SecurityDetectionsAPISeverityMappingOperator `json:"operator"`
+
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
+	Value    string                        `json:"value"`
+}
+
+// SecurityDetectionsAPISeverityMappingOperator defines model for SecurityDetectionsAPISeverityMapping.Operator.
+type SecurityDetectionsAPISeverityMappingOperator string
+
+// SecurityDetectionsAPIThreat > info
+// > Currently, only threats described using the MITRE ATT&CK&trade; framework are supported.
+type SecurityDetectionsAPIThreat struct {
+	// Framework Relevant attack framework
+	Framework string `json:"framework"`
+
+	// Tactic Object containing information on the attack type
+	Tactic SecurityDetectionsAPIThreatTactic `json:"tactic"`
+
+	// Technique Array containing information on the attack techniques (optional)
+	Technique *[]SecurityDetectionsAPIThreatTechnique `json:"technique,omitempty"`
+}
+
+// SecurityDetectionsAPIThreatArray defines model for Security_Detections_API_ThreatArray.
+type SecurityDetectionsAPIThreatArray = []SecurityDetectionsAPIThreat
+
+// SecurityDetectionsAPIThreatFilters defines model for Security_Detections_API_ThreatFilters.
+type SecurityDetectionsAPIThreatFilters = []interface{}
+
+// SecurityDetectionsAPIThreatIndex Elasticsearch indices used to check which field values generate alerts.
+type SecurityDetectionsAPIThreatIndex = []string
+
+// SecurityDetectionsAPIThreatIndicatorPath Defines the path to the threat indicator in the indicator documents (optional)
+type SecurityDetectionsAPIThreatIndicatorPath = string
+
+// SecurityDetectionsAPIThreatMapping Array of entries objects that define mappings between the source event fields and the values in the Elasticsearch threat index. Each entries object must contain these fields:
+//
+// - field: field from the event indices on which the rule runs
+// - type: must be mapping
+// - value: field from the Elasticsearch threat index
+//
+// You can use Boolean and and or logic to define the conditions for when matching fields and values generate alerts. Sibling entries objects are evaluated using or logic, whereas multiple entries in a single entries object use and logic. See Example of Threat Match rule which uses both `and` and `or` logic.
+type SecurityDetectionsAPIThreatMapping = []struct {
+	Entries []SecurityDetectionsAPIThreatMappingEntry `json:"entries"`
+}
+
+// SecurityDetectionsAPIThreatMappingEntry defines model for Security_Detections_API_ThreatMappingEntry.
+type SecurityDetectionsAPIThreatMappingEntry struct {
+	// Field A string that does not contain only whitespace characters
+	Field  SecurityDetectionsAPINonEmptyString         `json:"field"`
+	Negate *bool                                       `json:"negate,omitempty"`
+	Type   SecurityDetectionsAPIThreatMappingEntryType `json:"type"`
+
+	// Value A string that does not contain only whitespace characters
+	Value SecurityDetectionsAPINonEmptyString `json:"value"`
+}
+
+// SecurityDetectionsAPIThreatMappingEntryType defines model for SecurityDetectionsAPIThreatMappingEntry.Type.
+type SecurityDetectionsAPIThreatMappingEntryType string
+
+// SecurityDetectionsAPIThreatMatchRule defines model for Security_Detections_API_ThreatMatchRule.
+type SecurityDetectionsAPIThreatMatchRule struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions []SecurityDetectionsAPIRuleAction `json:"actions"`
+
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
+
+	// Author The rule’s author.
+	Author SecurityDetectionsAPIRuleAuthorArray `json:"author"`
+
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType  *SecurityDetectionsAPIBuildingBlockType  `json:"building_block_type,omitempty"`
+	ConcurrentSearches *SecurityDetectionsAPIConcurrentSearches `json:"concurrent_searches,omitempty"`
+	CreatedAt          time.Time                                `json:"created_at"`
+	CreatedBy          string                                   `json:"created_by"`
+	DataViewId         *SecurityDetectionsAPIDataViewId         `json:"data_view_id,omitempty"`
+
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
+
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        SecurityDetectionsAPIIsRuleEnabled       `json:"enabled"`
+	ExceptionsList []SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list"`
+
+	// ExecutionSummary Summary of the last execution of a rule.
+	// > info
+	// > This field is under development and its usage or schema may change
+	ExecutionSummary *SecurityDetectionsAPIRuleExecutionSummary `json:"execution_summary,omitempty"`
+
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From SecurityDetectionsAPIRuleIntervalFrom `json:"from"`
+
+	// Id A universally unique identifier
+	Id SecurityDetectionsAPIRuleObjectId `json:"id"`
+
+	// Immutable This field determines whether the rule is a prebuilt Elastic rule. It will be replaced with the `rule_source` field.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	Immutable SecurityDetectionsAPIIsRuleImmutable `json:"immutable"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval SecurityDetectionsAPIRuleInterval `json:"interval"`
+
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	ItemsPerSearch      *SecurityDetectionsAPIItemsPerSearch      `json:"items_per_search,omitempty"`
+	Language            SecurityDetectionsAPIKqlQueryLanguage     `json:"language"`
+
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
+
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals SecurityDetectionsAPIMaxSignals `json:"max_signals"`
+
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
+
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
+
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
+
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
+
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          SecurityDetectionsAPIRuleReferenceArray      `json:"references"`
+	RelatedIntegrations SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations"`
+	RequiredFields      SecurityDetectionsAPIRequiredFieldArray      `json:"required_fields"`
+	ResponseActions     *[]SecurityDetectionsAPIResponseAction       `json:"response_actions,omitempty"`
+
+	// Revision The rule's revision number.
+	//
+	// It represents the version of rule's object in Kibana. It is set to `0` when the rule is installed or created and then gets incremented on each update.
+	// > info
+	// > Not all updates to any rule fields will increment the revision. Only those fields that are considered static `rule parameters` can trigger revision increments. For example, an update to a rule's query or index fields will increment the rule's revision by `1`. However, changes to dynamic or technical fields like enabled or execution_summary will not cause revision increments.
+	Revision SecurityDetectionsAPIRuleRevision `json:"revision"`
+
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
+
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping"`
+
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId SecurityDetectionsAPIRuleSignatureId `json:"rule_id"`
+
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
+
+	// RuleSource Discriminated union that determines whether the rule is internally sourced (created within the Kibana app) or has an external source, such as the Elastic Prebuilt rules repo.
+	RuleSource SecurityDetectionsAPIRuleSource `json:"rule_source"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId *SecurityDetectionsAPISavedQueryId `json:"saved_id,omitempty"`
+
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup SecurityDetectionsAPISetupGuide `json:"setup"`
+
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
+
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping SecurityDetectionsAPISeverityMapping `json:"severity_mapping"`
+
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags          SecurityDetectionsAPIRuleTagArray   `json:"tags"`
+	Threat        SecurityDetectionsAPIThreatArray    `json:"threat"`
+	ThreatFilters *SecurityDetectionsAPIThreatFilters `json:"threat_filters,omitempty"`
+
+	// ThreatIndex Elasticsearch indices used to check which field values generate alerts.
+	ThreatIndex SecurityDetectionsAPIThreatIndex `json:"threat_index"`
+
+	// ThreatIndicatorPath Defines the path to the threat indicator in the indicator documents (optional)
+	ThreatIndicatorPath *SecurityDetectionsAPIThreatIndicatorPath `json:"threat_indicator_path,omitempty"`
+	ThreatLanguage      *SecurityDetectionsAPIKqlQueryLanguage    `json:"threat_language,omitempty"`
+
+	// ThreatMapping Array of entries objects that define mappings between the source event fields and the values in the Elasticsearch threat index. Each entries object must contain these fields:
+	//
+	// - field: field from the event indices on which the rule runs
+	// - type: must be mapping
+	// - value: field from the Elasticsearch threat index
+	//
+	// You can use Boolean and and or logic to define the conditions for when matching fields and values generate alerts. Sibling entries objects are evaluated using or logic, whereas multiple entries in a single entries object use and logic. See Example of Threat Match rule which uses both `and` and `or` logic.
+	ThreatMapping SecurityDetectionsAPIThreatMapping `json:"threat_mapping"`
+
+	// ThreatQuery Query used to determine which fields in the Elasticsearch index are used for generating alerts.
+	ThreatQuery SecurityDetectionsAPIThreatQuery `json:"threat_query"`
+
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
+
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
+
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
+
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
+
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                SecurityDetectionsAPIRuleIntervalTo                     `json:"to"`
+
+	// Type Rule type
+	Type      SecurityDetectionsAPIThreatMatchRuleType `json:"type"`
+	UpdatedAt time.Time                                `json:"updated_at"`
+	UpdatedBy string                                   `json:"updated_by"`
+
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version SecurityDetectionsAPIRuleVersion `json:"version"`
+}
+
+// SecurityDetectionsAPIThreatMatchRuleType Rule type
+type SecurityDetectionsAPIThreatMatchRuleType string
+
+// SecurityDetectionsAPIThreatMatchRuleCreateFields defines model for Security_Detections_API_ThreatMatchRuleCreateFields.
+type SecurityDetectionsAPIThreatMatchRuleCreateFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression   *SecurityDetectionsAPIAlertSuppression   `json:"alert_suppression,omitempty"`
+	ConcurrentSearches *SecurityDetectionsAPIConcurrentSearches `json:"concurrent_searches,omitempty"`
+	DataViewId         *SecurityDetectionsAPIDataViewId         `json:"data_view_id,omitempty"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index          *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+	ItemsPerSearch *SecurityDetectionsAPIItemsPerSearch    `json:"items_per_search,omitempty"`
+	Language       *SecurityDetectionsAPIKqlQueryLanguage  `json:"language,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId       *SecurityDetectionsAPISavedQueryId  `json:"saved_id,omitempty"`
+	ThreatFilters *SecurityDetectionsAPIThreatFilters `json:"threat_filters,omitempty"`
+
+	// ThreatIndex Elasticsearch indices used to check which field values generate alerts.
+	ThreatIndex SecurityDetectionsAPIThreatIndex `json:"threat_index"`
+
+	// ThreatIndicatorPath Defines the path to the threat indicator in the indicator documents (optional)
+	ThreatIndicatorPath *SecurityDetectionsAPIThreatIndicatorPath `json:"threat_indicator_path,omitempty"`
+	ThreatLanguage      *SecurityDetectionsAPIKqlQueryLanguage    `json:"threat_language,omitempty"`
+
+	// ThreatMapping Array of entries objects that define mappings between the source event fields and the values in the Elasticsearch threat index. Each entries object must contain these fields:
+	//
+	// - field: field from the event indices on which the rule runs
+	// - type: must be mapping
+	// - value: field from the Elasticsearch threat index
+	//
+	// You can use Boolean and and or logic to define the conditions for when matching fields and values generate alerts. Sibling entries objects are evaluated using or logic, whereas multiple entries in a single entries object use and logic. See Example of Threat Match rule which uses both `and` and `or` logic.
+	ThreatMapping SecurityDetectionsAPIThreatMapping `json:"threat_mapping"`
+
+	// ThreatQuery Query used to determine which fields in the Elasticsearch index are used for generating alerts.
+	ThreatQuery SecurityDetectionsAPIThreatQuery `json:"threat_query"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIThreatMatchRuleCreateFieldsType `json:"type"`
+}
+
+// SecurityDetectionsAPIThreatMatchRuleCreateFieldsType Rule type
+type SecurityDetectionsAPIThreatMatchRuleCreateFieldsType string
+
+// SecurityDetectionsAPIThreatMatchRuleCreateProps defines model for Security_Detections_API_ThreatMatchRuleCreateProps.
+type SecurityDetectionsAPIThreatMatchRuleCreateProps struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions *[]SecurityDetectionsAPIRuleAction `json:"actions,omitempty"`
+
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
+
+	// Author The rule’s author.
+	Author *SecurityDetectionsAPIRuleAuthorArray `json:"author,omitempty"`
+
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType  *SecurityDetectionsAPIBuildingBlockType  `json:"building_block_type,omitempty"`
+	ConcurrentSearches *SecurityDetectionsAPIConcurrentSearches `json:"concurrent_searches,omitempty"`
+	DataViewId         *SecurityDetectionsAPIDataViewId         `json:"data_view_id,omitempty"`
+
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
+
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        *SecurityDetectionsAPIIsRuleEnabled       `json:"enabled,omitempty"`
+	ExceptionsList *[]SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list,omitempty"`
+
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives *SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives,omitempty"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From *SecurityDetectionsAPIRuleIntervalFrom `json:"from,omitempty"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval *SecurityDetectionsAPIRuleInterval `json:"interval,omitempty"`
+
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	ItemsPerSearch      *SecurityDetectionsAPIItemsPerSearch      `json:"items_per_search,omitempty"`
+	Language            *SecurityDetectionsAPIKqlQueryLanguage    `json:"language,omitempty"`
+
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
+
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals *SecurityDetectionsAPIMaxSignals `json:"max_signals,omitempty"`
+
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
+
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
+
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
+
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
+
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          *SecurityDetectionsAPIRuleReferenceArray      `json:"references,omitempty"`
+	RelatedIntegrations *SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations,omitempty"`
+
+	// RequiredFields Elasticsearch fields and their types that need to be present for the rule to function.
+	// > info
+	// > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.
+	RequiredFields  *[]SecurityDetectionsAPIRequiredFieldInput `json:"required_fields,omitempty"`
+	ResponseActions *[]SecurityDetectionsAPIResponseAction     `json:"response_actions,omitempty"`
+
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
+
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping *SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping,omitempty"`
+
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId *SecurityDetectionsAPIRuleSignatureId `json:"rule_id,omitempty"`
+
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId *SecurityDetectionsAPISavedQueryId `json:"saved_id,omitempty"`
+
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup *SecurityDetectionsAPISetupGuide `json:"setup,omitempty"`
+
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
+
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping *SecurityDetectionsAPISeverityMapping `json:"severity_mapping,omitempty"`
+
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags          *SecurityDetectionsAPIRuleTagArray  `json:"tags,omitempty"`
+	Threat        *SecurityDetectionsAPIThreatArray   `json:"threat,omitempty"`
+	ThreatFilters *SecurityDetectionsAPIThreatFilters `json:"threat_filters,omitempty"`
+
+	// ThreatIndex Elasticsearch indices used to check which field values generate alerts.
+	ThreatIndex SecurityDetectionsAPIThreatIndex `json:"threat_index"`
+
+	// ThreatIndicatorPath Defines the path to the threat indicator in the indicator documents (optional)
+	ThreatIndicatorPath *SecurityDetectionsAPIThreatIndicatorPath `json:"threat_indicator_path,omitempty"`
+	ThreatLanguage      *SecurityDetectionsAPIKqlQueryLanguage    `json:"threat_language,omitempty"`
+
+	// ThreatMapping Array of entries objects that define mappings between the source event fields and the values in the Elasticsearch threat index. Each entries object must contain these fields:
+	//
+	// - field: field from the event indices on which the rule runs
+	// - type: must be mapping
+	// - value: field from the Elasticsearch threat index
+	//
+	// You can use Boolean and and or logic to define the conditions for when matching fields and values generate alerts. Sibling entries objects are evaluated using or logic, whereas multiple entries in a single entries object use and logic. See Example of Threat Match rule which uses both `and` and `or` logic.
+	ThreatMapping SecurityDetectionsAPIThreatMapping `json:"threat_mapping"`
+
+	// ThreatQuery Query used to determine which fields in the Elasticsearch index are used for generating alerts.
+	ThreatQuery SecurityDetectionsAPIThreatQuery `json:"threat_query"`
+
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
+
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
+
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
+
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
+
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                *SecurityDetectionsAPIRuleIntervalTo                    `json:"to,omitempty"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIThreatMatchRuleCreatePropsType `json:"type"`
+
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version *SecurityDetectionsAPIRuleVersion `json:"version,omitempty"`
+}
+
+// SecurityDetectionsAPIThreatMatchRuleCreatePropsType Rule type
+type SecurityDetectionsAPIThreatMatchRuleCreatePropsType string
+
+// SecurityDetectionsAPIThreatMatchRuleDefaultableFields defines model for Security_Detections_API_ThreatMatchRuleDefaultableFields.
+type SecurityDetectionsAPIThreatMatchRuleDefaultableFields struct {
+	Language *SecurityDetectionsAPIKqlQueryLanguage `json:"language,omitempty"`
+}
+
+// SecurityDetectionsAPIThreatMatchRuleOptionalFields defines model for Security_Detections_API_ThreatMatchRuleOptionalFields.
+type SecurityDetectionsAPIThreatMatchRuleOptionalFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression   *SecurityDetectionsAPIAlertSuppression   `json:"alert_suppression,omitempty"`
+	ConcurrentSearches *SecurityDetectionsAPIConcurrentSearches `json:"concurrent_searches,omitempty"`
+	DataViewId         *SecurityDetectionsAPIDataViewId         `json:"data_view_id,omitempty"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index          *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+	ItemsPerSearch *SecurityDetectionsAPIItemsPerSearch    `json:"items_per_search,omitempty"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId       *SecurityDetectionsAPISavedQueryId  `json:"saved_id,omitempty"`
+	ThreatFilters *SecurityDetectionsAPIThreatFilters `json:"threat_filters,omitempty"`
+
+	// ThreatIndicatorPath Defines the path to the threat indicator in the indicator documents (optional)
+	ThreatIndicatorPath *SecurityDetectionsAPIThreatIndicatorPath `json:"threat_indicator_path,omitempty"`
+	ThreatLanguage      *SecurityDetectionsAPIKqlQueryLanguage    `json:"threat_language,omitempty"`
+}
+
+// SecurityDetectionsAPIThreatMatchRuleRequiredFields defines model for Security_Detections_API_ThreatMatchRuleRequiredFields.
+type SecurityDetectionsAPIThreatMatchRuleRequiredFields struct {
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// ThreatIndex Elasticsearch indices used to check which field values generate alerts.
+	ThreatIndex SecurityDetectionsAPIThreatIndex `json:"threat_index"`
+
+	// ThreatMapping Array of entries objects that define mappings between the source event fields and the values in the Elasticsearch threat index. Each entries object must contain these fields:
+	//
+	// - field: field from the event indices on which the rule runs
+	// - type: must be mapping
+	// - value: field from the Elasticsearch threat index
+	//
+	// You can use Boolean and and or logic to define the conditions for when matching fields and values generate alerts. Sibling entries objects are evaluated using or logic, whereas multiple entries in a single entries object use and logic. See Example of Threat Match rule which uses both `and` and `or` logic.
+	ThreatMapping SecurityDetectionsAPIThreatMapping `json:"threat_mapping"`
+
+	// ThreatQuery Query used to determine which fields in the Elasticsearch index are used for generating alerts.
+	ThreatQuery SecurityDetectionsAPIThreatQuery `json:"threat_query"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIThreatMatchRuleRequiredFieldsType `json:"type"`
+}
+
+// SecurityDetectionsAPIThreatMatchRuleRequiredFieldsType Rule type
+type SecurityDetectionsAPIThreatMatchRuleRequiredFieldsType string
+
+// SecurityDetectionsAPIThreatMatchRuleResponseFields defines model for Security_Detections_API_ThreatMatchRuleResponseFields.
+type SecurityDetectionsAPIThreatMatchRuleResponseFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression   *SecurityDetectionsAPIAlertSuppression   `json:"alert_suppression,omitempty"`
+	ConcurrentSearches *SecurityDetectionsAPIConcurrentSearches `json:"concurrent_searches,omitempty"`
+	DataViewId         *SecurityDetectionsAPIDataViewId         `json:"data_view_id,omitempty"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index          *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+	ItemsPerSearch *SecurityDetectionsAPIItemsPerSearch    `json:"items_per_search,omitempty"`
+	Language       SecurityDetectionsAPIKqlQueryLanguage   `json:"language"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId       *SecurityDetectionsAPISavedQueryId  `json:"saved_id,omitempty"`
+	ThreatFilters *SecurityDetectionsAPIThreatFilters `json:"threat_filters,omitempty"`
+
+	// ThreatIndex Elasticsearch indices used to check which field values generate alerts.
+	ThreatIndex SecurityDetectionsAPIThreatIndex `json:"threat_index"`
+
+	// ThreatIndicatorPath Defines the path to the threat indicator in the indicator documents (optional)
+	ThreatIndicatorPath *SecurityDetectionsAPIThreatIndicatorPath `json:"threat_indicator_path,omitempty"`
+	ThreatLanguage      *SecurityDetectionsAPIKqlQueryLanguage    `json:"threat_language,omitempty"`
+
+	// ThreatMapping Array of entries objects that define mappings between the source event fields and the values in the Elasticsearch threat index. Each entries object must contain these fields:
+	//
+	// - field: field from the event indices on which the rule runs
+	// - type: must be mapping
+	// - value: field from the Elasticsearch threat index
+	//
+	// You can use Boolean and and or logic to define the conditions for when matching fields and values generate alerts. Sibling entries objects are evaluated using or logic, whereas multiple entries in a single entries object use and logic. See Example of Threat Match rule which uses both `and` and `or` logic.
+	ThreatMapping SecurityDetectionsAPIThreatMapping `json:"threat_mapping"`
+
+	// ThreatQuery Query used to determine which fields in the Elasticsearch index are used for generating alerts.
+	ThreatQuery SecurityDetectionsAPIThreatQuery `json:"threat_query"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIThreatMatchRuleResponseFieldsType `json:"type"`
+}
+
+// SecurityDetectionsAPIThreatMatchRuleResponseFieldsType Rule type
+type SecurityDetectionsAPIThreatMatchRuleResponseFieldsType string
+
+// SecurityDetectionsAPIThreatMatchRuleUpdateProps defines model for Security_Detections_API_ThreatMatchRuleUpdateProps.
+type SecurityDetectionsAPIThreatMatchRuleUpdateProps struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions *[]SecurityDetectionsAPIRuleAction `json:"actions,omitempty"`
+
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIAlertSuppression                `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
+
+	// Author The rule’s author.
+	Author *SecurityDetectionsAPIRuleAuthorArray `json:"author,omitempty"`
+
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType  *SecurityDetectionsAPIBuildingBlockType  `json:"building_block_type,omitempty"`
+	ConcurrentSearches *SecurityDetectionsAPIConcurrentSearches `json:"concurrent_searches,omitempty"`
+	DataViewId         *SecurityDetectionsAPIDataViewId         `json:"data_view_id,omitempty"`
+
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
+
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        *SecurityDetectionsAPIIsRuleEnabled       `json:"enabled,omitempty"`
+	ExceptionsList *[]SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list,omitempty"`
+
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives *SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives,omitempty"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From *SecurityDetectionsAPIRuleIntervalFrom `json:"from,omitempty"`
+
+	// Id A universally unique identifier
+	Id *SecurityDetectionsAPIRuleObjectId `json:"id,omitempty"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval *SecurityDetectionsAPIRuleInterval `json:"interval,omitempty"`
+
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	ItemsPerSearch      *SecurityDetectionsAPIItemsPerSearch      `json:"items_per_search,omitempty"`
+	Language            *SecurityDetectionsAPIKqlQueryLanguage    `json:"language,omitempty"`
+
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
+
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals *SecurityDetectionsAPIMaxSignals `json:"max_signals,omitempty"`
+
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
+
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
+
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
+
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
+
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          *SecurityDetectionsAPIRuleReferenceArray      `json:"references,omitempty"`
+	RelatedIntegrations *SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations,omitempty"`
+
+	// RequiredFields Elasticsearch fields and their types that need to be present for the rule to function.
+	// > info
+	// > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.
+	RequiredFields  *[]SecurityDetectionsAPIRequiredFieldInput `json:"required_fields,omitempty"`
+	ResponseActions *[]SecurityDetectionsAPIResponseAction     `json:"response_actions,omitempty"`
+
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
+
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping *SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping,omitempty"`
+
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId *SecurityDetectionsAPIRuleSignatureId `json:"rule_id,omitempty"`
+
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId *SecurityDetectionsAPISavedQueryId `json:"saved_id,omitempty"`
+
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup *SecurityDetectionsAPISetupGuide `json:"setup,omitempty"`
+
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
+
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping *SecurityDetectionsAPISeverityMapping `json:"severity_mapping,omitempty"`
+
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags          *SecurityDetectionsAPIRuleTagArray  `json:"tags,omitempty"`
+	Threat        *SecurityDetectionsAPIThreatArray   `json:"threat,omitempty"`
+	ThreatFilters *SecurityDetectionsAPIThreatFilters `json:"threat_filters,omitempty"`
+
+	// ThreatIndex Elasticsearch indices used to check which field values generate alerts.
+	ThreatIndex SecurityDetectionsAPIThreatIndex `json:"threat_index"`
+
+	// ThreatIndicatorPath Defines the path to the threat indicator in the indicator documents (optional)
+	ThreatIndicatorPath *SecurityDetectionsAPIThreatIndicatorPath `json:"threat_indicator_path,omitempty"`
+	ThreatLanguage      *SecurityDetectionsAPIKqlQueryLanguage    `json:"threat_language,omitempty"`
+
+	// ThreatMapping Array of entries objects that define mappings between the source event fields and the values in the Elasticsearch threat index. Each entries object must contain these fields:
+	//
+	// - field: field from the event indices on which the rule runs
+	// - type: must be mapping
+	// - value: field from the Elasticsearch threat index
+	//
+	// You can use Boolean and and or logic to define the conditions for when matching fields and values generate alerts. Sibling entries objects are evaluated using or logic, whereas multiple entries in a single entries object use and logic. See Example of Threat Match rule which uses both `and` and `or` logic.
+	ThreatMapping SecurityDetectionsAPIThreatMapping `json:"threat_mapping"`
+
+	// ThreatQuery Query used to determine which fields in the Elasticsearch index are used for generating alerts.
+	ThreatQuery SecurityDetectionsAPIThreatQuery `json:"threat_query"`
+
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
+
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
+
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
+
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
+
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                *SecurityDetectionsAPIRuleIntervalTo                    `json:"to,omitempty"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIThreatMatchRuleUpdatePropsType `json:"type"`
+
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version *SecurityDetectionsAPIRuleVersion `json:"version,omitempty"`
+}
+
+// SecurityDetectionsAPIThreatMatchRuleUpdatePropsType Rule type
+type SecurityDetectionsAPIThreatMatchRuleUpdatePropsType string
+
+// SecurityDetectionsAPIThreatQuery Query used to determine which fields in the Elasticsearch index are used for generating alerts.
+type SecurityDetectionsAPIThreatQuery = string
+
+// SecurityDetectionsAPIThreatSubtechnique defines model for Security_Detections_API_ThreatSubtechnique.
+type SecurityDetectionsAPIThreatSubtechnique struct {
+	// Id Subtechnique ID
+	Id string `json:"id"`
+
+	// Name Subtechnique name
+	Name string `json:"name"`
+
+	// Reference Subtechnique reference
+	Reference string `json:"reference"`
+}
+
+// SecurityDetectionsAPIThreatTactic Object containing information on the attack type
+type SecurityDetectionsAPIThreatTactic struct {
+	// Id Tactic ID
+	Id string `json:"id"`
+
+	// Name Tactic name
+	Name string `json:"name"`
+
+	// Reference Tactic reference
+	Reference string `json:"reference"`
+}
+
+// SecurityDetectionsAPIThreatTechnique defines model for Security_Detections_API_ThreatTechnique.
+type SecurityDetectionsAPIThreatTechnique struct {
+	// Id Technique ID
+	Id string `json:"id"`
+
+	// Name Technique name
+	Name string `json:"name"`
+
+	// Reference Technique reference
+	Reference string `json:"reference"`
+
+	// Subtechnique Array containing more specific information on the attack technique.
+	Subtechnique *[]SecurityDetectionsAPIThreatSubtechnique `json:"subtechnique,omitempty"`
+}
+
+// SecurityDetectionsAPIThreshold defines model for Security_Detections_API_Threshold.
+type SecurityDetectionsAPIThreshold struct {
+	// Cardinality The field on which the cardinality is applied.
+	Cardinality *SecurityDetectionsAPIThresholdCardinality `json:"cardinality,omitempty"`
+
+	// Field The field on which the threshold is applied. If you specify an empty array ([]), alerts are generated when the query returns at least the number of results specified in the value field.
+	Field SecurityDetectionsAPIThresholdField `json:"field"`
+
+	// Value The threshold value from which an alert is generated.
+	Value SecurityDetectionsAPIThresholdValue `json:"value"`
+}
+
+// SecurityDetectionsAPIThresholdAlertSuppression Defines alert suppression configuration.
+type SecurityDetectionsAPIThresholdAlertSuppression struct {
+	Duration SecurityDetectionsAPIAlertSuppressionDuration `json:"duration"`
+}
+
+// SecurityDetectionsAPIThresholdCardinality The field on which the cardinality is applied.
+type SecurityDetectionsAPIThresholdCardinality = []struct {
+	// Field The field on which to calculate and compare the cardinality.
+	Field string `json:"field"`
+
+	// Value The threshold value from which an alert is generated based on unique number of values of cardinality.field.
+	Value int `json:"value"`
+}
+
+// SecurityDetectionsAPIThresholdField The field on which the threshold is applied. If you specify an empty array ([]), alerts are generated when the query returns at least the number of results specified in the value field.
+type SecurityDetectionsAPIThresholdField struct {
+	union json.RawMessage
+}
+
+// SecurityDetectionsAPIThresholdField0 defines model for .
+type SecurityDetectionsAPIThresholdField0 = string
+
+// SecurityDetectionsAPIThresholdField1 defines model for .
+type SecurityDetectionsAPIThresholdField1 = []string
+
+// SecurityDetectionsAPIThresholdRule defines model for Security_Detections_API_ThresholdRule.
+type SecurityDetectionsAPIThresholdRule struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions []SecurityDetectionsAPIRuleAction `json:"actions"`
+
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIThresholdAlertSuppression       `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
+
+	// Author The rule’s author.
+	Author SecurityDetectionsAPIRuleAuthorArray `json:"author"`
+
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
+	CreatedAt         time.Time                               `json:"created_at"`
+	CreatedBy         string                                  `json:"created_by"`
+	DataViewId        *SecurityDetectionsAPIDataViewId        `json:"data_view_id,omitempty"`
+
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
+
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        SecurityDetectionsAPIIsRuleEnabled       `json:"enabled"`
+	ExceptionsList []SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list"`
+
+	// ExecutionSummary Summary of the last execution of a rule.
+	// > info
+	// > This field is under development and its usage or schema may change
+	ExecutionSummary *SecurityDetectionsAPIRuleExecutionSummary `json:"execution_summary,omitempty"`
+
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From SecurityDetectionsAPIRuleIntervalFrom `json:"from"`
+
+	// Id A universally unique identifier
+	Id SecurityDetectionsAPIRuleObjectId `json:"id"`
+
+	// Immutable This field determines whether the rule is a prebuilt Elastic rule. It will be replaced with the `rule_source` field.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	Immutable SecurityDetectionsAPIIsRuleImmutable `json:"immutable"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval SecurityDetectionsAPIRuleInterval `json:"interval"`
+
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	Language            SecurityDetectionsAPIKqlQueryLanguage     `json:"language"`
+
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
+
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals SecurityDetectionsAPIMaxSignals `json:"max_signals"`
+
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
+
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
+
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
+
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
+
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          SecurityDetectionsAPIRuleReferenceArray      `json:"references"`
+	RelatedIntegrations SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations"`
+	RequiredFields      SecurityDetectionsAPIRequiredFieldArray      `json:"required_fields"`
+	ResponseActions     *[]SecurityDetectionsAPIResponseAction       `json:"response_actions,omitempty"`
+
+	// Revision The rule's revision number.
+	//
+	// It represents the version of rule's object in Kibana. It is set to `0` when the rule is installed or created and then gets incremented on each update.
+	// > info
+	// > Not all updates to any rule fields will increment the revision. Only those fields that are considered static `rule parameters` can trigger revision increments. For example, an update to a rule's query or index fields will increment the rule's revision by `1`. However, changes to dynamic or technical fields like enabled or execution_summary will not cause revision increments.
+	Revision SecurityDetectionsAPIRuleRevision `json:"revision"`
+
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
+
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping"`
+
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId SecurityDetectionsAPIRuleSignatureId `json:"rule_id"`
+
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
+
+	// RuleSource Discriminated union that determines whether the rule is internally sourced (created within the Kibana app) or has an external source, such as the Elastic Prebuilt rules repo.
+	RuleSource SecurityDetectionsAPIRuleSource `json:"rule_source"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId *SecurityDetectionsAPISavedQueryId `json:"saved_id,omitempty"`
+
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup SecurityDetectionsAPISetupGuide `json:"setup"`
+
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
+
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping SecurityDetectionsAPISeverityMapping `json:"severity_mapping"`
+
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags      SecurityDetectionsAPIRuleTagArray `json:"tags"`
+	Threat    SecurityDetectionsAPIThreatArray  `json:"threat"`
+	Threshold SecurityDetectionsAPIThreshold    `json:"threshold"`
+
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
+
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
+
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
+
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
+
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                SecurityDetectionsAPIRuleIntervalTo                     `json:"to"`
+
+	// Type Rule type
+	Type      SecurityDetectionsAPIThresholdRuleType `json:"type"`
+	UpdatedAt time.Time                              `json:"updated_at"`
+	UpdatedBy string                                 `json:"updated_by"`
+
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version SecurityDetectionsAPIRuleVersion `json:"version"`
+}
+
+// SecurityDetectionsAPIThresholdRuleType Rule type
+type SecurityDetectionsAPIThresholdRuleType string
+
+// SecurityDetectionsAPIThresholdRuleCreateFields defines model for Security_Detections_API_ThresholdRuleCreateFields.
+type SecurityDetectionsAPIThresholdRuleCreateFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIThresholdAlertSuppression `json:"alert_suppression,omitempty"`
+	DataViewId       *SecurityDetectionsAPIDataViewId                `json:"data_view_id,omitempty"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index    *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+	Language *SecurityDetectionsAPIKqlQueryLanguage  `json:"language,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId   *SecurityDetectionsAPISavedQueryId `json:"saved_id,omitempty"`
+	Threshold SecurityDetectionsAPIThreshold     `json:"threshold"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIThresholdRuleCreateFieldsType `json:"type"`
+}
+
+// SecurityDetectionsAPIThresholdRuleCreateFieldsType Rule type
+type SecurityDetectionsAPIThresholdRuleCreateFieldsType string
+
+// SecurityDetectionsAPIThresholdRuleCreateProps defines model for Security_Detections_API_ThresholdRuleCreateProps.
+type SecurityDetectionsAPIThresholdRuleCreateProps struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions *[]SecurityDetectionsAPIRuleAction `json:"actions,omitempty"`
+
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIThresholdAlertSuppression       `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
+
+	// Author The rule’s author.
+	Author *SecurityDetectionsAPIRuleAuthorArray `json:"author,omitempty"`
+
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
+	DataViewId        *SecurityDetectionsAPIDataViewId        `json:"data_view_id,omitempty"`
+
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
+
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        *SecurityDetectionsAPIIsRuleEnabled       `json:"enabled,omitempty"`
+	ExceptionsList *[]SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list,omitempty"`
+
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives *SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives,omitempty"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From *SecurityDetectionsAPIRuleIntervalFrom `json:"from,omitempty"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval *SecurityDetectionsAPIRuleInterval `json:"interval,omitempty"`
+
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	Language            *SecurityDetectionsAPIKqlQueryLanguage    `json:"language,omitempty"`
+
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
+
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals *SecurityDetectionsAPIMaxSignals `json:"max_signals,omitempty"`
+
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
+
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
+
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
+
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
+
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          *SecurityDetectionsAPIRuleReferenceArray      `json:"references,omitempty"`
+	RelatedIntegrations *SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations,omitempty"`
+
+	// RequiredFields Elasticsearch fields and their types that need to be present for the rule to function.
+	// > info
+	// > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.
+	RequiredFields  *[]SecurityDetectionsAPIRequiredFieldInput `json:"required_fields,omitempty"`
+	ResponseActions *[]SecurityDetectionsAPIResponseAction     `json:"response_actions,omitempty"`
+
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
+
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping *SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping,omitempty"`
+
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId *SecurityDetectionsAPIRuleSignatureId `json:"rule_id,omitempty"`
+
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId *SecurityDetectionsAPISavedQueryId `json:"saved_id,omitempty"`
+
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup *SecurityDetectionsAPISetupGuide `json:"setup,omitempty"`
+
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
+
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping *SecurityDetectionsAPISeverityMapping `json:"severity_mapping,omitempty"`
+
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags      *SecurityDetectionsAPIRuleTagArray `json:"tags,omitempty"`
+	Threat    *SecurityDetectionsAPIThreatArray  `json:"threat,omitempty"`
+	Threshold SecurityDetectionsAPIThreshold     `json:"threshold"`
+
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
+
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
+
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
+
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
+
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                *SecurityDetectionsAPIRuleIntervalTo                    `json:"to,omitempty"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIThresholdRuleCreatePropsType `json:"type"`
+
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version *SecurityDetectionsAPIRuleVersion `json:"version,omitempty"`
+}
+
+// SecurityDetectionsAPIThresholdRuleCreatePropsType Rule type
+type SecurityDetectionsAPIThresholdRuleCreatePropsType string
+
+// SecurityDetectionsAPIThresholdRuleDefaultableFields defines model for Security_Detections_API_ThresholdRuleDefaultableFields.
+type SecurityDetectionsAPIThresholdRuleDefaultableFields struct {
+	Language *SecurityDetectionsAPIKqlQueryLanguage `json:"language,omitempty"`
+}
+
+// SecurityDetectionsAPIThresholdRuleOptionalFields defines model for Security_Detections_API_ThresholdRuleOptionalFields.
+type SecurityDetectionsAPIThresholdRuleOptionalFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIThresholdAlertSuppression `json:"alert_suppression,omitempty"`
+	DataViewId       *SecurityDetectionsAPIDataViewId                `json:"data_view_id,omitempty"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId *SecurityDetectionsAPISavedQueryId `json:"saved_id,omitempty"`
+}
+
+// SecurityDetectionsAPIThresholdRuleRequiredFields defines model for Security_Detections_API_ThresholdRuleRequiredFields.
+type SecurityDetectionsAPIThresholdRuleRequiredFields struct {
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query     SecurityDetectionsAPIRuleQuery `json:"query"`
+	Threshold SecurityDetectionsAPIThreshold `json:"threshold"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIThresholdRuleRequiredFieldsType `json:"type"`
+}
+
+// SecurityDetectionsAPIThresholdRuleRequiredFieldsType Rule type
+type SecurityDetectionsAPIThresholdRuleRequiredFieldsType string
+
+// SecurityDetectionsAPIThresholdRuleResponseFields defines model for Security_Detections_API_ThresholdRuleResponseFields.
+type SecurityDetectionsAPIThresholdRuleResponseFields struct {
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIThresholdAlertSuppression `json:"alert_suppression,omitempty"`
+	DataViewId       *SecurityDetectionsAPIDataViewId                `json:"data_view_id,omitempty"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index    *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+	Language SecurityDetectionsAPIKqlQueryLanguage   `json:"language"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId   *SecurityDetectionsAPISavedQueryId `json:"saved_id,omitempty"`
+	Threshold SecurityDetectionsAPIThreshold     `json:"threshold"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIThresholdRuleResponseFieldsType `json:"type"`
+}
+
+// SecurityDetectionsAPIThresholdRuleResponseFieldsType Rule type
+type SecurityDetectionsAPIThresholdRuleResponseFieldsType string
+
+// SecurityDetectionsAPIThresholdRuleUpdateProps defines model for Security_Detections_API_ThresholdRuleUpdateProps.
+type SecurityDetectionsAPIThresholdRuleUpdateProps struct {
+	// Actions Array defining the automated actions (notifications) taken when alerts are generated.
+	Actions *[]SecurityDetectionsAPIRuleAction `json:"actions,omitempty"`
+
+	// AlertSuppression Defines alert suppression configuration.
+	AlertSuppression *SecurityDetectionsAPIThresholdAlertSuppression       `json:"alert_suppression,omitempty"`
+	AliasPurpose     *SecurityDetectionsAPISavedObjectResolveAliasPurpose  `json:"alias_purpose,omitempty"`
+	AliasTargetId    *SecurityDetectionsAPISavedObjectResolveAliasTargetId `json:"alias_target_id,omitempty"`
+
+	// Author The rule’s author.
+	Author *SecurityDetectionsAPIRuleAuthorArray `json:"author,omitempty"`
+
+	// BuildingBlockType Determines if the rule acts as a building block. If yes, the value must be `default`.
+	// By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts.
+	// For more information, refer to [About building block rules](https://www.elastic.co/guide/en/security/current/building-block-rule.html).
+	BuildingBlockType *SecurityDetectionsAPIBuildingBlockType `json:"building_block_type,omitempty"`
+	DataViewId        *SecurityDetectionsAPIDataViewId        `json:"data_view_id,omitempty"`
+
+	// Description The rule’s description.
+	Description SecurityDetectionsAPIRuleDescription `json:"description"`
+
+	// Enabled Determines whether the rule is enabled. Defaults to true.
+	Enabled        *SecurityDetectionsAPIIsRuleEnabled       `json:"enabled,omitempty"`
+	ExceptionsList *[]SecurityDetectionsAPIRuleExceptionList `json:"exceptions_list,omitempty"`
+
+	// FalsePositives String array used to describe common reasons why the rule may issue false-positive alerts. Defaults to an empty array.
+	FalsePositives *SecurityDetectionsAPIRuleFalsePositiveArray `json:"false_positives,omitempty"`
+
+	// Filters The query and filter context array used to define the conditions for when alerts are created from events. Defaults to an empty array.
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Filters *SecurityDetectionsAPIRuleFilterArray `json:"filters,omitempty"`
+
+	// From Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
+	From *SecurityDetectionsAPIRuleIntervalFrom `json:"from,omitempty"`
+
+	// Id A universally unique identifier
+	Id *SecurityDetectionsAPIRuleObjectId `json:"id,omitempty"`
+
+	// Index Indices on which the rule functions. Defaults to the Security Solution indices defined on the Kibana Advanced Settings page (Kibana → Stack Management → Advanced Settings → `securitySolution:defaultIndex`).
+	// > info
+	// > This field is not supported for ES|QL rules.
+	Index *SecurityDetectionsAPIIndexPatternArray `json:"index,omitempty"`
+
+	// Interval Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
+	Interval *SecurityDetectionsAPIRuleInterval `json:"interval,omitempty"`
+
+	// InvestigationFields Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+	// in various features in the UI such as alert details flyout and exceptions auto-population from alert.
+	InvestigationFields *SecurityDetectionsAPIInvestigationFields `json:"investigation_fields,omitempty"`
+	Language            *SecurityDetectionsAPIKqlQueryLanguage    `json:"language,omitempty"`
+
+	// License The rule's license.
+	License *SecurityDetectionsAPIRuleLicense `json:"license,omitempty"`
+
+	// MaxSignals Maximum number of alerts the rule can create during a single run (the rule’s Max alerts per run [advanced setting](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params) value).
+	// > info
+	// > This setting can be superseded by the [Kibana configuration setting](https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings) `xpack.alerting.rules.run.alerts.max`, which determines the maximum alerts generated by any rule in the Kibana alerting framework. For example, if `xpack.alerting.rules.run.alerts.max` is set to 1000, the rule can generate no more than 1000 alerts even if `max_signals` is set higher.
+	MaxSignals *SecurityDetectionsAPIMaxSignals `json:"max_signals,omitempty"`
+
+	// Meta Placeholder for metadata about the rule.
+	// > info
+	// > This field is overwritten when you save changes to the rule’s settings.
+	Meta *SecurityDetectionsAPIRuleMetadata `json:"meta,omitempty"`
+
+	// Name A human-readable name for the rule.
+	Name SecurityDetectionsAPIRuleName `json:"name"`
+
+	// Namespace Has no effect.
+	Namespace *SecurityDetectionsAPIAlertsIndexNamespace `json:"namespace,omitempty"`
+
+	// Note Notes to help investigate alerts produced by the rule.
+	Note    *SecurityDetectionsAPIInvestigationGuide        `json:"note,omitempty"`
+	Outcome *SecurityDetectionsAPISavedObjectResolveOutcome `json:"outcome,omitempty"`
+
+	// OutputIndex (deprecated) Has no effect.
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	OutputIndex *SecurityDetectionsAPIAlertsIndex `json:"output_index,omitempty"`
+
+	// Query [Query](https://www.elastic.co/guide/en/kibana/8.17/search.html) used by the rule to create alerts.
+	//
+	// - For indicator match rules, only the query’s results are used to determine whether an alert is generated.
+	// - ES|QL rules have additional query requirements. Refer to [Create ES|QL](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule) rules for more information.
+	Query SecurityDetectionsAPIRuleQuery `json:"query"`
+
+	// References Array containing notes about or references to relevant information about the rule. Defaults to an empty array.
+	References          *SecurityDetectionsAPIRuleReferenceArray      `json:"references,omitempty"`
+	RelatedIntegrations *SecurityDetectionsAPIRelatedIntegrationArray `json:"related_integrations,omitempty"`
+
+	// RequiredFields Elasticsearch fields and their types that need to be present for the rule to function.
+	// > info
+	// > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data.
+	RequiredFields  *[]SecurityDetectionsAPIRequiredFieldInput `json:"required_fields,omitempty"`
+	ResponseActions *[]SecurityDetectionsAPIResponseAction     `json:"response_actions,omitempty"`
+
+	// RiskScore A numerical representation of the alert's severity from 0 to 100, where:
+	// * `0` - `21` represents low severity
+	// * `22` - `47` represents medium severity
+	// * `48` - `73` represents high severity
+	// * `74` - `100` represents critical severity
+	RiskScore SecurityDetectionsAPIRiskScore `json:"risk_score"`
+
+	// RiskScoreMapping Overrides generated alerts' risk_score with a value from the source event
+	RiskScoreMapping *SecurityDetectionsAPIRiskScoreMapping `json:"risk_score_mapping,omitempty"`
+
+	// RuleId A stable unique identifier for the rule object. It can be assigned during rule creation. It can be any string, but often is a UUID. It should be unique not only within a given Kibana space, but also across spaces and Elastic environments. The same prebuilt Elastic rule, when installed in two different Kibana spaces or two different Elastic environments, will have the same `rule_id`s.
+	RuleId *SecurityDetectionsAPIRuleSignatureId `json:"rule_id,omitempty"`
+
+	// RuleNameOverride Sets which field in the source event is used to populate the alert's `signal.rule.name` value (in the UI, this value is displayed on the Rules page in the Rule column). When unspecified, the rule’s `name` value is used. The source field must be a string data type.
+	RuleNameOverride *SecurityDetectionsAPIRuleNameOverride `json:"rule_name_override,omitempty"`
+
+	// SavedId Kibana [saved search](https://www.elastic.co/guide/en/kibana/current/save-open-search.html) used by the rule to create alerts.
+	SavedId *SecurityDetectionsAPISavedQueryId `json:"saved_id,omitempty"`
+
+	// Setup Populates the rule’s setup guide with instructions on rule prerequisites such as required integrations, configuration steps, and anything else needed for the rule to work correctly.
+	Setup *SecurityDetectionsAPISetupGuide `json:"setup,omitempty"`
+
+	// Severity Severity level of alerts produced by the rule, which must be one of the following:
+	// * `low`: Alerts that are of interest but generally not considered to be security incidents
+	// * `medium`: Alerts that require investigation
+	// * `high`: Alerts that require immediate investigation
+	// * `critical`: Alerts that indicate it is highly likely a security incident has occurred
+	Severity SecurityDetectionsAPISeverity `json:"severity"`
+
+	// SeverityMapping Overrides generated alerts' severity with values from the source event
+	SeverityMapping *SecurityDetectionsAPISeverityMapping `json:"severity_mapping,omitempty"`
+
+	// Tags String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
+	Tags      *SecurityDetectionsAPIRuleTagArray `json:"tags,omitempty"`
+	Threat    *SecurityDetectionsAPIThreatArray  `json:"threat,omitempty"`
+	Threshold SecurityDetectionsAPIThreshold     `json:"threshold"`
+
+	// Throttle Defines how often rule actions are taken.
+	Throttle *SecurityDetectionsAPIRuleActionThrottle `json:"throttle,omitempty"`
+
+	// TimelineId Timeline template ID
+	TimelineId *SecurityDetectionsAPITimelineTemplateId `json:"timeline_id,omitempty"`
+
+	// TimelineTitle Timeline template title
+	TimelineTitle *SecurityDetectionsAPITimelineTemplateTitle `json:"timeline_title,omitempty"`
+
+	// TimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+	TimestampOverride *SecurityDetectionsAPITimestampOverride `json:"timestamp_override,omitempty"`
+
+	// TimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+	TimestampOverrideFallbackDisabled *SecurityDetectionsAPITimestampOverrideFallbackDisabled `json:"timestamp_override_fallback_disabled,omitempty"`
+	To                                *SecurityDetectionsAPIRuleIntervalTo                    `json:"to,omitempty"`
+
+	// Type Rule type
+	Type SecurityDetectionsAPIThresholdRuleUpdatePropsType `json:"type"`
+
+	// Version The rule's version number.
+	//
+	// - For prebuilt rules it represents the version of the rule's content in the source [detection-rules](https://github.com/elastic/detection-rules) repository (and the corresponding `security_detection_engine` Fleet package that is used for distributing prebuilt rules).
+	// - For custom rules it is set to `1` when the rule is created.
+	// > info
+	// > It is not incremented on each update. Compare this to the `revision` field.
+	Version *SecurityDetectionsAPIRuleVersion `json:"version,omitempty"`
+}
+
+// SecurityDetectionsAPIThresholdRuleUpdatePropsType Rule type
+type SecurityDetectionsAPIThresholdRuleUpdatePropsType string
+
+// SecurityDetectionsAPIThresholdValue The threshold value from which an alert is generated.
+type SecurityDetectionsAPIThresholdValue = int
+
+// SecurityDetectionsAPITiebreakerField Sets a secondary field for sorting events
+type SecurityDetectionsAPITiebreakerField = string
+
+// SecurityDetectionsAPITimelineTemplateId Timeline template ID
+type SecurityDetectionsAPITimelineTemplateId = string
+
+// SecurityDetectionsAPITimelineTemplateTitle Timeline template title
+type SecurityDetectionsAPITimelineTemplateTitle = string
+
+// SecurityDetectionsAPITimestampField Specifies the name of the event timestamp field used for sorting a sequence of events. Not to be confused with `timestamp_override`, which specifies the more general field used for querying events within a range. Defaults to the @timestamp ECS field.
+type SecurityDetectionsAPITimestampField = string
+
+// SecurityDetectionsAPITimestampOverride Sets the time field used to query indices. When unspecified, rules query the `@timestamp` field. The source field must be an Elasticsearch date data type.
+type SecurityDetectionsAPITimestampOverride = string
+
+// SecurityDetectionsAPITimestampOverrideFallbackDisabled Disables the fallback to the event's @timestamp field
+type SecurityDetectionsAPITimestampOverrideFallbackDisabled = bool
+
+// SecurityDetectionsAPIUUID A universally unique identifier
+type SecurityDetectionsAPIUUID = openapi_types.UUID
+
+// SyntheticsGetParameterResponse defines model for Synthetics_getParameterResponse.
+type SyntheticsGetParameterResponse struct {
+	// Description The description of the parameter. It is included in the response if the user has read-only permissions to the Synthetics app.
+	Description *string `json:"description,omitempty"`
+
+	// Id The unique identifier of the parameter.
+	Id *string `json:"id,omitempty"`
+
+	// Key The key of the parameter.
+	Key *string `json:"key,omitempty"`
+
+	// Namespaces The namespaces associated with the parameter. It is included in the response if the user has read-only permissions to the Synthetics app.
+	Namespaces *[]string `json:"namespaces,omitempty"`
+
+	// Tags An array of tags associated with the parameter. It is included in the response if the user has read-only permissions to the Synthetics app.
+	Tags *[]string `json:"tags,omitempty"`
+
+	// Value The value associated with the parameter. It will be included in the response if the user has write permissions.
+	Value *string `json:"value,omitempty"`
+}
+
+// SyntheticsParameterRequest defines model for Synthetics_parameterRequest.
+type SyntheticsParameterRequest struct {
+	// Description A description of the parameter.
+	Description *string `json:"description,omitempty"`
+
+	// Key The key of the parameter.
+	Key string `json:"key"`
+
+	// ShareAcrossSpaces Specify whether the parameter should be shared across spaces.
+	ShareAcrossSpaces *bool `json:"share_across_spaces,omitempty"`
+
+	// Tags An array of tags to categorize the parameter.
+	Tags *[]string `json:"tags,omitempty"`
+
+	// Value The value associated with the parameter.
+	Value string `json:"value"`
+}
+
+// SyntheticsPostParameterResponse defines model for Synthetics_postParameterResponse.
+type SyntheticsPostParameterResponse struct {
+	// Description A description of the parameter.
+	Description *string `json:"description,omitempty"`
+
+	// Id The unique identifier for the parameter.
+	Id *string `json:"id,omitempty"`
+
+	// Key The parameter key.
+	Key *string `json:"key,omitempty"`
+
+	// ShareAcrossSpaces Indicates whether the parameter is shared across spaces.
+	ShareAcrossSpaces *bool `json:"share_across_spaces,omitempty"`
+
+	// Tags An array of tags associated with the parameter.
+	Tags *[]string `json:"tags,omitempty"`
+
+	// Value The value associated with the parameter.
+	Value *string `json:"value,omitempty"`
+}
+
+// AgentPolicy defines model for agent_policy.
+type AgentPolicy struct {
+	AdvancedSettings *struct {
+		AgentDownloadTargetDirectory       interface{} `json:"agent_download_target_directory,omitempty"`
+		AgentDownloadTimeout               interface{} `json:"agent_download_timeout,omitempty"`
+		AgentLimitsGoMaxProcs              interface{} `json:"agent_limits_go_max_procs,omitempty"`
+		AgentLoggingFilesInterval          interface{} `json:"agent_logging_files_interval,omitempty"`
+		AgentLoggingFilesKeepfiles         interface{} `json:"agent_logging_files_keepfiles,omitempty"`
+		AgentLoggingFilesRotateeverybytes  interface{} `json:"agent_logging_files_rotateeverybytes,omitempty"`
+		AgentLoggingLevel                  interface{} `json:"agent_logging_level,omitempty"`
+		AgentLoggingMetricsPeriod          interface{} `json:"agent_logging_metrics_period,omitempty"`
+		AgentLoggingToFiles                interface{} `json:"agent_logging_to_files,omitempty"`
+		AgentMonitoringRuntimeExperimental interface{} `json:"agent_monitoring_runtime_experimental,omitempty"`
+	} `json:"advanced_settings,omitempty"`
+	AgentFeatures *[]struct {
+		Enabled bool   `json:"enabled"`
+		Name    string `json:"name"`
+	} `json:"agent_features,omitempty"`
+	Agentless *struct {
+		CloudConnectors *struct {
+			Enabled   bool    `json:"enabled"`
+			TargetCsp *string `json:"target_csp,omitempty"`
+		} `json:"cloud_connectors,omitempty"`
+		Resources *struct {
+			Requests *struct {
+				Cpu    *string `json:"cpu,omitempty"`
+				Memory *string `json:"memory,omitempty"`
+			} `json:"requests,omitempty"`
+		} `json:"resources,omitempty"`
+	} `json:"agentless,omitempty"`
+	Agents            *float32 `json:"agents,omitempty"`
+	DataOutputId      *string  `json:"data_output_id,omitempty"`
+	Description       *string  `json:"description,omitempty"`
+	DownloadSourceId  *string  `json:"download_source_id,omitempty"`
+	FleetServerHostId *string  `json:"fleet_server_host_id,omitempty"`
+
+	// GlobalDataTags User defined data tags that are added to all of the inputs. The values can be strings or numbers.
+	GlobalDataTags       *[]AgentPolicyGlobalDataTagsItem `json:"global_data_tags,omitempty"`
+	HasFleetServer       *bool                            `json:"has_fleet_server,omitempty"`
+	Id                   string                           `json:"id"`
+	InactivityTimeout    *float32                         `json:"inactivity_timeout,omitempty"`
+	IsDefault            *bool                            `json:"is_default,omitempty"`
+	IsDefaultFleetServer *bool                            `json:"is_default_fleet_server,omitempty"`
+	IsManaged            bool                             `json:"is_managed"`
+	IsPreconfigured      *bool                            `json:"is_preconfigured,omitempty"`
+
+	// IsProtected Indicates whether the agent policy has tamper protection enabled. Default false.
+	IsProtected bool `json:"is_protected"`
+
+	// KeepMonitoringAlive When set to true, monitoring will be enabled but logs/metrics collection will be disabled
+	KeepMonitoringAlive   *bool `json:"keep_monitoring_alive,omitempty"`
+	MonitoringDiagnostics *struct {
+		Limit *struct {
+			Burst    *float32 `json:"burst,omitempty"`
+			Interval *string  `json:"interval,omitempty"`
+		} `json:"limit,omitempty"`
+		Uploader *struct {
+			InitDur    *string  `json:"init_dur,omitempty"`
+			MaxDur     *string  `json:"max_dur,omitempty"`
+			MaxRetries *float32 `json:"max_retries,omitempty"`
+		} `json:"uploader,omitempty"`
+	} `json:"monitoring_diagnostics,omitempty"`
+	MonitoringEnabled *[]AgentPolicyMonitoringEnabled `json:"monitoring_enabled,omitempty"`
+	MonitoringHttp    *struct {
+		Buffer *struct {
+			Enabled *bool `json:"enabled,omitempty"`
+		} `json:"buffer,omitempty"`
+		Enabled *bool    `json:"enabled,omitempty"`
+		Host    *string  `json:"host,omitempty"`
+		Port    *float32 `json:"port,omitempty"`
+	} `json:"monitoring_http,omitempty"`
+	MonitoringOutputId     *string `json:"monitoring_output_id,omitempty"`
+	MonitoringPprofEnabled *bool   `json:"monitoring_pprof_enabled,omitempty"`
+	Name                   string  `json:"name"`
+	Namespace              string  `json:"namespace"`
+
+	// Overrides Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
+	Overrides        *map[string]interface{}      `json:"overrides,omitempty"`
+	PackagePolicies  *AgentPolicy_PackagePolicies `json:"package_policies,omitempty"`
+	RequiredVersions *[]struct {
+		// Percentage Target percentage of agents to auto upgrade
+		Percentage float32 `json:"percentage"`
+
+		// Version Target version for automatic agent upgrade
+		Version string `json:"version"`
+	} `json:"required_versions,omitempty"`
+	Revision      float32           `json:"revision"`
+	SchemaVersion *string           `json:"schema_version,omitempty"`
+	SpaceIds      *[]string         `json:"space_ids,omitempty"`
+	Status        AgentPolicyStatus `json:"status"`
+
+	// SupportsAgentless Indicates whether the agent policy supports agentless integrations.
+	SupportsAgentless  *bool    `json:"supports_agentless,omitempty"`
+	UnenrollTimeout    *float32 `json:"unenroll_timeout,omitempty"`
+	UnprivilegedAgents *float32 `json:"unprivileged_agents,omitempty"`
+	UpdatedAt          string   `json:"updated_at"`
+	UpdatedBy          string   `json:"updated_by"`
+	Version            *string  `json:"version,omitempty"`
+}
+
+// AgentPolicyMonitoringEnabled defines model for AgentPolicy.MonitoringEnabled.
+type AgentPolicyMonitoringEnabled string
+
+// AgentPolicyPackagePolicies0 defines model for .
+type AgentPolicyPackagePolicies0 = []string
+
+// AgentPolicyPackagePolicies1 This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter
+type AgentPolicyPackagePolicies1 = []struct {
+	// AdditionalDatastreamsPermissions Additional datastream permissions, that will be added to the agent policy.
+	AdditionalDatastreamsPermissions *[]string `json:"additional_datastreams_permissions,omitempty"`
+	Agents                           *float32  `json:"agents,omitempty"`
+	CreatedAt                        string    `json:"created_at"`
+	CreatedBy                        string    `json:"created_by"`
+
+	// Description Package policy description
+	Description   *string                                      `json:"description,omitempty"`
+	Elasticsearch *AgentPolicy_PackagePolicies_1_Elasticsearch `json:"elasticsearch,omitempty"`
+	Enabled       bool                                         `json:"enabled"`
+	Id            string                                       `json:"id"`
+	Inputs        AgentPolicy_PackagePolicies_1_Inputs         `json:"inputs"`
+	IsManaged     *bool                                        `json:"is_managed,omitempty"`
+
+	// Name Package policy name (should be unique)
+	Name string `json:"name"`
+
+	// Namespace The package policy namespace. Leave blank to inherit the agent policy's namespace.
+	Namespace *string `json:"namespace,omitempty"`
+	OutputId  *string `json:"output_id,omitempty"`
+
+	// Overrides Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
+	Overrides *struct {
+		Inputs *map[string]interface{} `json:"inputs,omitempty"`
+	} `json:"overrides,omitempty"`
+	Package *struct {
+		ExperimentalDataStreamFeatures *[]struct {
+			DataStream string `json:"data_stream"`
+			Features   struct {
+				DocValueOnlyNumeric *bool `json:"doc_value_only_numeric,omitempty"`
+				DocValueOnlyOther   *bool `json:"doc_value_only_other,omitempty"`
+				SyntheticSource     *bool `json:"synthetic_source,omitempty"`
+				Tsdb                *bool `json:"tsdb,omitempty"`
+			} `json:"features"`
+		} `json:"experimental_data_stream_features,omitempty"`
+
+		// Name Package name
+		Name         string  `json:"name"`
+		RequiresRoot *bool   `json:"requires_root,omitempty"`
+		Title        *string `json:"title,omitempty"`
+
+		// Version Package version
+		Version string `json:"version"`
+	} `json:"package,omitempty"`
+
+	// PolicyId Agent policy ID where that package policy will be added
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	PolicyId         *string   `json:"policy_id,omitempty"`
+	PolicyIds        *[]string `json:"policy_ids,omitempty"`
+	Revision         float32   `json:"revision"`
+	SecretReferences *[]struct {
+		Id string `json:"id"`
+	} `json:"secret_references,omitempty"`
+	SpaceIds *[]string `json:"spaceIds,omitempty"`
+
+	// SupportsAgentless Indicates whether the package policy belongs to an agentless agent policy.
+	SupportsAgentless *bool                               `json:"supports_agentless,omitempty"`
+	UpdatedAt         string                              `json:"updated_at"`
+	UpdatedBy         string                              `json:"updated_by"`
+	Vars              *AgentPolicy_PackagePolicies_1_Vars `json:"vars,omitempty"`
+	Version           *string                             `json:"version,omitempty"`
+}
+
+// AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges defines model for AgentPolicy.PackagePolicies.1.Elasticsearch.Privileges.
+type AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges struct {
+	Cluster              *[]string              `json:"cluster,omitempty"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// AgentPolicy_PackagePolicies_1_Elasticsearch defines model for AgentPolicy.PackagePolicies.1.Elasticsearch.
+type AgentPolicy_PackagePolicies_1_Elasticsearch struct {
+	Privileges           *AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges `json:"privileges,omitempty"`
+	AdditionalProperties map[string]interface{}                                  `json:"-"`
+}
+
+// AgentPolicyPackagePolicies1Inputs0 defines model for .
+type AgentPolicyPackagePolicies1Inputs0 = []struct {
+	CompiledInput interface{} `json:"compiled_input"`
+
+	// Config Package variable (see integration documentation for more information)
+	Config *map[string]struct {
+		Frozen *bool       `json:"frozen,omitempty"`
+		Type   *string     `json:"type,omitempty"`
+		Value  interface{} `json:"value"`
+	} `json:"config,omitempty"`
+	Enabled        bool    `json:"enabled"`
+	Id             *string `json:"id,omitempty"`
+	KeepEnabled    *bool   `json:"keep_enabled,omitempty"`
+	PolicyTemplate *string `json:"policy_template,omitempty"`
+	Streams        []struct {
+		CompiledStream interface{} `json:"compiled_stream"`
+
+		// Config Package variable (see integration documentation for more information)
+		Config *map[string]struct {
+			Frozen *bool       `json:"frozen,omitempty"`
+			Type   *string     `json:"type,omitempty"`
+			Value  interface{} `json:"value"`
+		} `json:"config,omitempty"`
+		DataStream struct {
+			Dataset       string `json:"dataset"`
+			Elasticsearch *struct {
+				DynamicDataset   *bool `json:"dynamic_dataset,omitempty"`
+				DynamicNamespace *bool `json:"dynamic_namespace,omitempty"`
+				Privileges       *struct {
+					Indices *[]string `json:"indices,omitempty"`
+				} `json:"privileges,omitempty"`
+			} `json:"elasticsearch,omitempty"`
+			Type string `json:"type"`
+		} `json:"data_stream"`
+		Enabled     bool                                              `json:"enabled"`
+		Id          *string                                           `json:"id,omitempty"`
+		KeepEnabled *bool                                             `json:"keep_enabled,omitempty"`
+		Release     *AgentPolicyPackagePolicies1Inputs0StreamsRelease `json:"release,omitempty"`
+
+		// Vars Package variable (see integration documentation for more information)
+		Vars *map[string]struct {
+			Frozen *bool       `json:"frozen,omitempty"`
+			Type   *string     `json:"type,omitempty"`
+			Value  interface{} `json:"value"`
+		} `json:"vars,omitempty"`
+	} `json:"streams"`
+	Type string `json:"type"`
+
+	// Vars Package variable (see integration documentation for more information)
+	Vars *map[string]struct {
+		Frozen *bool       `json:"frozen,omitempty"`
+		Type   *string     `json:"type,omitempty"`
+		Value  interface{} `json:"value"`
+	} `json:"vars,omitempty"`
+}
+
+// AgentPolicyPackagePolicies1Inputs0StreamsRelease defines model for AgentPolicy.PackagePolicies.1.Inputs.0.Streams.Release.
+type AgentPolicyPackagePolicies1Inputs0StreamsRelease string
+
+// AgentPolicyPackagePolicies1Inputs1 Package policy inputs (see integration documentation to know what inputs are available)
+type AgentPolicyPackagePolicies1Inputs1 map[string]struct {
+	// Enabled enable or disable that input, (default to true)
+	Enabled *bool `json:"enabled,omitempty"`
+
+	// Streams Input streams (see integration documentation to know what streams are available)
+	Streams *map[string]struct {
+		// Enabled enable or disable that stream, (default to true)
+		Enabled *bool `json:"enabled,omitempty"`
+
+		// Vars Input/stream level variable (see integration documentation for more information)
+		Vars *map[string]*AgentPolicy_PackagePolicies_1_Inputs_1_Streams_Vars_AdditionalProperties `json:"vars,omitempty"`
+	} `json:"streams,omitempty"`
+
+	// Vars Input/stream level variable (see integration documentation for more information)
+	Vars *map[string]*AgentPolicy_PackagePolicies_1_Inputs_1_Vars_AdditionalProperties `json:"vars,omitempty"`
+}
+
+// AgentPolicyPackagePolicies1Inputs1StreamsVars0 defines model for .
+type AgentPolicyPackagePolicies1Inputs1StreamsVars0 = bool
+
+// AgentPolicyPackagePolicies1Inputs1StreamsVars1 defines model for .
+type AgentPolicyPackagePolicies1Inputs1StreamsVars1 = string
+
+// AgentPolicyPackagePolicies1Inputs1StreamsVars2 defines model for .
+type AgentPolicyPackagePolicies1Inputs1StreamsVars2 = float32
+
+// AgentPolicyPackagePolicies1Inputs1StreamsVars3 defines model for .
+type AgentPolicyPackagePolicies1Inputs1StreamsVars3 = []string
+
+// AgentPolicyPackagePolicies1Inputs1StreamsVars4 defines model for .
+type AgentPolicyPackagePolicies1Inputs1StreamsVars4 = []float32
+
+// AgentPolicyPackagePolicies1Inputs1StreamsVars5 defines model for .
+type AgentPolicyPackagePolicies1Inputs1StreamsVars5 struct {
+	Id          string `json:"id"`
+	IsSecretRef bool   `json:"isSecretRef"`
+}
+
+// AgentPolicy_PackagePolicies_1_Inputs_1_Streams_Vars_AdditionalProperties defines model for AgentPolicy.PackagePolicies.1.Inputs.1.Streams.Vars.AdditionalProperties.
+type AgentPolicy_PackagePolicies_1_Inputs_1_Streams_Vars_AdditionalProperties struct {
+	union json.RawMessage
+}
+
+// AgentPolicyPackagePolicies1Inputs1Vars0 defines model for .
+type AgentPolicyPackagePolicies1Inputs1Vars0 = bool
+
+// AgentPolicyPackagePolicies1Inputs1Vars1 defines model for .
+type AgentPolicyPackagePolicies1Inputs1Vars1 = string
+
+// AgentPolicyPackagePolicies1Inputs1Vars2 defines model for .
+type AgentPolicyPackagePolicies1Inputs1Vars2 = float32
+
+// AgentPolicyPackagePolicies1Inputs1Vars3 defines model for .
+type AgentPolicyPackagePolicies1Inputs1Vars3 = []string
+
+// AgentPolicyPackagePolicies1Inputs1Vars4 defines model for .
+type AgentPolicyPackagePolicies1Inputs1Vars4 = []float32
+
+// AgentPolicyPackagePolicies1Inputs1Vars5 defines model for .
+type AgentPolicyPackagePolicies1Inputs1Vars5 struct {
+	Id          string `json:"id"`
+	IsSecretRef bool   `json:"isSecretRef"`
+}
+
+// AgentPolicy_PackagePolicies_1_Inputs_1_Vars_AdditionalProperties defines model for AgentPolicy.PackagePolicies.1.Inputs.1.Vars.AdditionalProperties.
+type AgentPolicy_PackagePolicies_1_Inputs_1_Vars_AdditionalProperties struct {
+	union json.RawMessage
+}
+
+// AgentPolicy_PackagePolicies_1_Inputs defines model for AgentPolicy.PackagePolicies.1.Inputs.
+type AgentPolicy_PackagePolicies_1_Inputs struct {
+	union json.RawMessage
+}
+
+// AgentPolicyPackagePolicies1Vars0 Package variable (see integration documentation for more information)
+type AgentPolicyPackagePolicies1Vars0 map[string]struct {
+	Frozen *bool       `json:"frozen,omitempty"`
+	Type   *string     `json:"type,omitempty"`
+	Value  interface{} `json:"value"`
+}
+
+// AgentPolicyPackagePolicies1Vars1 Input/stream level variable (see integration documentation for more information)
+type AgentPolicyPackagePolicies1Vars1 map[string]*AgentPolicy_PackagePolicies_1_Vars_1_AdditionalProperties
+
+// AgentPolicyPackagePolicies1Vars10 defines model for .
+type AgentPolicyPackagePolicies1Vars10 = bool
+
+// AgentPolicyPackagePolicies1Vars11 defines model for .
+type AgentPolicyPackagePolicies1Vars11 = string
+
+// AgentPolicyPackagePolicies1Vars12 defines model for .
+type AgentPolicyPackagePolicies1Vars12 = float32
+
+// AgentPolicyPackagePolicies1Vars13 defines model for .
+type AgentPolicyPackagePolicies1Vars13 = []string
+
+// AgentPolicyPackagePolicies1Vars14 defines model for .
+type AgentPolicyPackagePolicies1Vars14 = []float32
+
+// AgentPolicyPackagePolicies1Vars15 defines model for .
+type AgentPolicyPackagePolicies1Vars15 struct {
+	Id          string `json:"id"`
+	IsSecretRef bool   `json:"isSecretRef"`
+}
+
+// AgentPolicy_PackagePolicies_1_Vars_1_AdditionalProperties defines model for AgentPolicy.PackagePolicies.1.Vars.1.AdditionalProperties.
+type AgentPolicy_PackagePolicies_1_Vars_1_AdditionalProperties struct {
+	union json.RawMessage
+}
+
+// AgentPolicy_PackagePolicies_1_Vars defines model for AgentPolicy.PackagePolicies.1.Vars.
+type AgentPolicy_PackagePolicies_1_Vars struct {
+	union json.RawMessage
+}
+
+// AgentPolicy_PackagePolicies defines model for AgentPolicy.PackagePolicies.
+type AgentPolicy_PackagePolicies struct {
+	union json.RawMessage
+}
+
+// AgentPolicyStatus defines model for AgentPolicy.Status.
+type AgentPolicyStatus string
+
+// AgentPolicyGlobalDataTagsItem defines model for agent_policy_global_data_tags_item.
+type AgentPolicyGlobalDataTagsItem struct {
+	Name  string                              `json:"name"`
+	Value AgentPolicyGlobalDataTagsItem_Value `json:"value"`
+}
+
+// AgentPolicyGlobalDataTagsItemValue0 defines model for .
+type AgentPolicyGlobalDataTagsItemValue0 = string
+
+// AgentPolicyGlobalDataTagsItemValue1 defines model for .
+type AgentPolicyGlobalDataTagsItemValue1 = float32
+
+// AgentPolicyGlobalDataTagsItem_Value defines model for AgentPolicyGlobalDataTagsItem.Value.
+type AgentPolicyGlobalDataTagsItem_Value struct {
+	union json.RawMessage
+}
+
+// AuthType The type of authentication to use: basic, SSL, or none.
+type AuthType string
+
+// BedrockConfig Defines properties for connectors when type is `.bedrock`.
+type BedrockConfig struct {
+	// ApiUrl The Amazon Bedrock request URL.
+	ApiUrl string `json:"apiUrl"`
+
+	// DefaultModel The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models.
+	DefaultModel *string `json:"defaultModel,omitempty"`
+}
+
+// BedrockSecrets Defines secrets for connectors when type is `.bedrock`.
+type BedrockSecrets struct {
+	// AccessKey The AWS access key for authentication.
+	AccessKey string `json:"accessKey"`
+
+	// Secret The AWS secret for authentication.
+	Secret string `json:"secret"`
+}
+
+// Ca A base64 encoded version of the certificate authority file that the connector can trust to sign and validate certificates. This option is available for all authentication types.
+type Ca = string
+
+// CasesWebhookConfig Defines properties for connectors when type is `.cases-webhook`.
+type CasesWebhookConfig struct {
+	// AuthType The type of authentication to use: basic, SSL, or none.
+	AuthType *AuthType `json:"authType,omitempty"`
+
+	// Ca A base64 encoded version of the certificate authority file that the connector can trust to sign and validate certificates. This option is available for all authentication types.
+	Ca *Ca `json:"ca,omitempty"`
+
+	// CertType If the `authType` is `webhook-authentication-ssl`, specifies whether the certificate authentication data is in a CRT and key file format or a PFX file format.
+	CertType *CertType `json:"certType,omitempty"`
+
+	// CreateCommentJson A JSON payload sent to the create comment URL to create a case comment. You can use variables to add Kibana Cases data to the payload. The required variable is `case.comment`. Due to Mustache template variables (the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated once the Mustache variables have been placed when the REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass.
+	CreateCommentJson *string `json:"createCommentJson,omitempty"`
+
+	// CreateCommentMethod The REST API HTTP request method to create a case comment in the third-party system. Valid values are `patch`, `post`, and `put`.
+	CreateCommentMethod *CasesWebhookConfigCreateCommentMethod `json:"createCommentMethod,omitempty"`
+
+	// CreateCommentUrl The REST API URL to create a case comment by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the `xpack.actions.allowedHosts setting`, add the hostname to the allowed hosts.
+	CreateCommentUrl *string `json:"createCommentUrl,omitempty"`
+
+	// CreateIncidentJson A JSON payload sent to the create case URL to create a case. You can use variables to add case data to the payload. Required variables are `case.title` and `case.description`. Due to Mustache template variables (which is the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review.
+	CreateIncidentJson string `json:"createIncidentJson"`
+
+	// CreateIncidentMethod The REST API HTTP request method to create a case in the third-party system. Valid values are `patch`, `post`, and `put`.
+	CreateIncidentMethod *CasesWebhookConfigCreateIncidentMethod `json:"createIncidentMethod,omitempty"`
+
+	// CreateIncidentResponseKey The JSON key in the create external case response that contains the case ID.
+	CreateIncidentResponseKey string `json:"createIncidentResponseKey"`
+
+	// CreateIncidentUrl The REST API URL to create a case in the third-party system. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+	CreateIncidentUrl string `json:"createIncidentUrl"`
+
+	// GetIncidentResponseExternalTitleKey The JSON key in get external case response that contains the case title.
+	GetIncidentResponseExternalTitleKey string `json:"getIncidentResponseExternalTitleKey"`
+
+	// GetIncidentUrl The REST API URL to get the case by ID from the third-party system. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. You can use a variable to add the external system ID to the URL. Due to Mustache template variables (the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass.
+	GetIncidentUrl string `json:"getIncidentUrl"`
+
+	// HasAuth If true, a username and password for login type authentication must be provided.
+	HasAuth *HasAuth `json:"hasAuth,omitempty"`
+
+	// Headers A set of key-value pairs sent as headers with the request URLs for the create case, update case, get case, and create comment methods.
+	Headers *string `json:"headers,omitempty"`
+
+	// UpdateIncidentJson The JSON payload sent to the update case URL to update the case. You can use variables to add Kibana Cases data to the payload. Required variables are `case.title` and `case.description`. Due to Mustache template variables (which is the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review.
+	UpdateIncidentJson string `json:"updateIncidentJson"`
+
+	// UpdateIncidentMethod The REST API HTTP request method to update the case in the third-party system. Valid values are `patch`, `post`, and `put`.
+	UpdateIncidentMethod *CasesWebhookConfigUpdateIncidentMethod `json:"updateIncidentMethod,omitempty"`
+
+	// UpdateIncidentUrl The REST API URL to update the case by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+	UpdateIncidentUrl string `json:"updateIncidentUrl"`
+
+	// VerificationMode Controls the verification of certificates. Use `full` to validate that the certificate has an issue date within the `not_before` and `not_after` dates, chains to a trusted certificate authority (CA), and has a hostname or IP address that matches the names within the certificate. Use `certificate` to validate the certificate and verify that it is signed by a trusted authority; this option does not check the certificate hostname. Use `none` to skip certificate validation.
+	VerificationMode *VerificationMode `json:"verificationMode,omitempty"`
+
+	// ViewIncidentUrl The URL to view the case in the external system. You can use variables to add the external system ID or external system title to the URL.
+	ViewIncidentUrl string `json:"viewIncidentUrl"`
+}
+
+// CasesWebhookConfigCreateCommentMethod The REST API HTTP request method to create a case comment in the third-party system. Valid values are `patch`, `post`, and `put`.
+type CasesWebhookConfigCreateCommentMethod string
+
+// CasesWebhookConfigCreateIncidentMethod The REST API HTTP request method to create a case in the third-party system. Valid values are `patch`, `post`, and `put`.
+type CasesWebhookConfigCreateIncidentMethod string
+
+// CasesWebhookConfigUpdateIncidentMethod The REST API HTTP request method to update the case in the third-party system. Valid values are `patch`, `post`, and `put`.
+type CasesWebhookConfigUpdateIncidentMethod string
+
+// CasesWebhookSecrets defines model for cases_webhook_secrets.
+type CasesWebhookSecrets struct {
+	// Crt If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT file.
+	Crt *Crt `json:"crt,omitempty"`
+
+	// Key If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the KEY file.
+	Key *Key `json:"key,omitempty"`
+
+	// Password The password for HTTP basic authentication. If `hasAuth` is set to `true` and and `authType` is `webhook-authentication-basic`, this property is required.
+	Password *string `json:"password,omitempty"`
+
+	// Pfx If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file.
+	Pfx *Pfx `json:"pfx,omitempty"`
+
+	// User The username for HTTP basic authentication. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required.
+	User *string `json:"user,omitempty"`
+}
+
+// CertType If the `authType` is `webhook-authentication-ssl`, specifies whether the certificate authentication data is in a CRT and key file format or a PFX file format.
+type CertType string
+
+// ConnectorResponse defines model for connector_response.
+type ConnectorResponse struct {
+	Config *map[string]interface{} `json:"config,omitempty"`
+
+	// ConnectorTypeId The connector type identifier.
+	ConnectorTypeId string `json:"connector_type_id"`
+
+	// Id The identifier for the connector.
+	Id string `json:"id"`
+
+	// IsDeprecated Indicates whether the connector is deprecated.
+	IsDeprecated bool `json:"is_deprecated"`
+
+	// IsMissingSecrets Indicates whether the connector is missing secrets.
+	IsMissingSecrets *bool `json:"is_missing_secrets,omitempty"`
+
+	// IsPreconfigured Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response.
+	IsPreconfigured bool `json:"is_preconfigured"`
+
+	// IsSystemAction Indicates whether the connector is used for system actions.
+	IsSystemAction bool `json:"is_system_action"`
+
+	// Name  The name of the rule.
+	Name string `json:"name"`
+}
+
+// CreateConnectorConfig The connector configuration details.
+type CreateConnectorConfig struct {
+	AdditionalProperties map[string]interface{} `json:"-"`
+	union                json.RawMessage
+}
+
+// CreateConnectorSecrets defines model for create_connector_secrets.
+type CreateConnectorSecrets struct {
+	AdditionalProperties map[string]interface{} `json:"-"`
+	union                json.RawMessage
+}
+
+// CreateParamResponse defines model for create_param_response.
+type CreateParamResponse struct {
+	union json.RawMessage
+}
+
+// CreateParamResponse0 defines model for .
+type CreateParamResponse0 = []SyntheticsPostParameterResponse
+
+// CrowdstrikeConfig Defines config properties for connectors when type is `.crowdstrike`.
+type CrowdstrikeConfig struct {
+	// Url The CrowdStrike tenant URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+	Url string `json:"url"`
+}
+
+// CrowdstrikeSecrets Defines secrets for connectors when type is `.crowdstrike`.
+type CrowdstrikeSecrets struct {
+	// ClientId The CrowdStrike API client identifier.
+	ClientId string `json:"clientId"`
+
+	// ClientSecret The CrowdStrike API client secret to authenticate the `clientId`.
+	ClientSecret string `json:"clientSecret"`
+}
+
+// Crt If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT file.
+type Crt = string
+
+// D3securityConfig Defines properties for connectors when type is `.d3security`.
+type D3securityConfig struct {
+	// Url The D3 Security API request URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+	Url string `json:"url"`
+}
+
+// D3securitySecrets Defines secrets for connectors when type is `.d3security`.
+type D3securitySecrets struct {
+	// Token The D3 Security token.
+	Token string `json:"token"`
+}
+
+// DefenderConfig Defines properties for connectors when type is `.microsoft_defender_endpoint`.
+type DefenderConfig struct {
+	// ApiUrl The URL of the Microsoft Defender for Endpoint API. If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname is added to the allowed hosts.
+	ApiUrl string `json:"apiUrl"`
+
+	// ClientId The application (client) identifier for your app in the Azure portal.
+	ClientId *string `json:"clientId,omitempty"`
+
+	// OAuthScope The OAuth scopes or permission sets for the Microsoft Defender for Endpoint API.
+	OAuthScope *string `json:"oAuthScope,omitempty"`
+
+	// OAuthServerUrl The OAuth server URL where authentication is sent and received for the Microsoft Defender for Endpoint API.
+	OAuthServerUrl *string `json:"oAuthServerUrl,omitempty"`
+
+	// TenantId The tenant identifier for your app in the Azure portal.
+	TenantId *string `json:"tenantId,omitempty"`
+}
+
+// DefenderSecrets Defines secrets for connectors when type is `..microsoft_defender_endpoint`.
+type DefenderSecrets struct {
+	// ClientSecret The client secret for your app in the Azure portal.
+	ClientSecret string `json:"clientSecret"`
+}
+
+// EmailConfig Defines properties for connectors when type is `.email`.
+type EmailConfig struct {
+	// ClientId The client identifier, which is a part of OAuth 2.0 client credentials authentication, in GUID format. If `service` is `exchange_server`, this property is required.
+	ClientId *string `json:"clientId,omitempty"`
+
+	// From The from address for all emails sent by the connector. It must be specified in `user@host-name` format.
+	From string `json:"from"`
+
+	// HasAuth Specifies whether a user and password are required inside the secrets configuration.
+	HasAuth *bool `json:"hasAuth,omitempty"`
+
+	// Host The host name of the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined.
+	Host          *string `json:"host,omitempty"`
+	OauthTokenUrl *string `json:"oauthTokenUrl,omitempty"`
+
+	// Port The port to connect to on the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined.
+	Port *int `json:"port,omitempty"`
+
+	// Secure Specifies whether the connection to the service provider will use TLS. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored.
+	Secure *bool `json:"secure,omitempty"`
+
+	// Service The name of the email service.
+	Service *EmailConfigService `json:"service,omitempty"`
+
+	// TenantId The tenant identifier, which is part of OAuth 2.0 client credentials authentication, in GUID format. If `service` is `exchange_server`, this property is required.
+	TenantId *string `json:"tenantId,omitempty"`
+}
+
+// EmailConfigService The name of the email service.
+type EmailConfigService string
+
+// EmailSecrets Defines secrets for connectors when type is `.email`.
+type EmailSecrets struct {
+	// ClientSecret The Microsoft Exchange Client secret for OAuth 2.0 client credentials authentication. It must be URL-encoded. If `service` is `exchange_server`, this property is required.
+	ClientSecret *string `json:"clientSecret,omitempty"`
+
+	// Password The password for HTTP basic authentication. If `hasAuth` is set to `true`, this property is required.
+	Password *string `json:"password,omitempty"`
+
+	// User The username for HTTP basic authentication. If `hasAuth` is set to `true`, this property is required.
+	User *string `json:"user,omitempty"`
+}
+
+// EnrollmentApiKey defines model for enrollment_api_key.
+type EnrollmentApiKey struct {
+	// Active When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.
+	Active bool `json:"active"`
+
+	// ApiKey The enrollment API key (token) used for enrolling Elastic Agents.
+	ApiKey string `json:"api_key"`
+
+	// ApiKeyId The ID of the API key in the Security API.
+	ApiKeyId  string `json:"api_key_id"`
+	CreatedAt string `json:"created_at"`
+	Hidden    *bool  `json:"hidden,omitempty"`
+	Id        string `json:"id"`
+
+	// Name The name of the enrollment API key.
+	Name *string `json:"name,omitempty"`
+
+	// PolicyId The ID of the agent policy the Elastic Agent will be enrolled in.
+	PolicyId *string `json:"policy_id,omitempty"`
+}
+
+// GeminiConfig Defines properties for connectors when type is `.gemini`.
+type GeminiConfig struct {
+	// ApiUrl The Google Gemini request URL.
+	ApiUrl string `json:"apiUrl"`
+
+	// DefaultModel The generative artificial intelligence model for Google Gemini to use.
+	DefaultModel *string `json:"defaultModel,omitempty"`
+
+	// GcpProjectID The Google ProjectID that has Vertex AI endpoint enabled.
+	GcpProjectID string `json:"gcpProjectID"`
+
+	// GcpRegion The GCP region where the Vertex AI endpoint enabled.
+	GcpRegion string `json:"gcpRegion"`
+}
+
+// GeminiSecrets Defines secrets for connectors when type is `.gemini`.
+type GeminiSecrets struct {
+	// CredentialsJson The service account credentials JSON file. The service account should have Vertex AI user IAM role assigned to it.
+	CredentialsJson string `json:"credentialsJson"`
+}
+
+// GenaiAzureConfig Defines properties for connectors when type is `.gen-ai` and the API provider is `Azure OpenAI`.
+type GenaiAzureConfig struct {
+	// ApiProvider The OpenAI API provider.
+	ApiProvider GenaiAzureConfigApiProvider `json:"apiProvider"`
+
+	// ApiUrl The OpenAI API endpoint.
+	ApiUrl string `json:"apiUrl"`
+}
+
+// GenaiAzureConfigApiProvider The OpenAI API provider.
+type GenaiAzureConfigApiProvider string
+
+// GenaiOpenaiConfig Defines properties for connectors when type is `.gen-ai` and the API provider is `OpenAI`.
+type GenaiOpenaiConfig struct {
+	// ApiProvider The OpenAI API provider.
+	ApiProvider GenaiOpenaiConfigApiProvider `json:"apiProvider"`
+
+	// ApiUrl The OpenAI API endpoint.
+	ApiUrl string `json:"apiUrl"`
+
+	// DefaultModel The default model to use for requests.
+	DefaultModel *string `json:"defaultModel,omitempty"`
+}
+
+// GenaiOpenaiConfigApiProvider The OpenAI API provider.
+type GenaiOpenaiConfigApiProvider string
+
+// GenaiOpenaiOtherConfig Defines properties for connectors when type is `.gen-ai` and the API provider is `Other` (OpenAI-compatible service), including optional PKI authentication.
+type GenaiOpenaiOtherConfig struct {
+	// ApiProvider The OpenAI API provider.
+	ApiProvider GenaiOpenaiOtherConfigApiProvider `json:"apiProvider"`
+
+	// ApiUrl The OpenAI-compatible API endpoint.
+	ApiUrl string `json:"apiUrl"`
+
+	// CaData PEM-encoded CA certificate content.
+	CaData *string `json:"caData,omitempty"`
+
+	// CertificateData PEM-encoded certificate content.
+	CertificateData *string `json:"certificateData,omitempty"`
+
+	// DefaultModel The default model to use for requests.
+	DefaultModel string `json:"defaultModel"`
+
+	// Headers Custom headers to include in requests.
+	Headers *map[string]string `json:"headers,omitempty"`
+
+	// PrivateKeyData PEM-encoded private key content.
+	PrivateKeyData *string `json:"privateKeyData,omitempty"`
+
+	// VerificationMode SSL verification mode for PKI authentication.
+	VerificationMode *GenaiOpenaiOtherConfigVerificationMode `json:"verificationMode,omitempty"`
+}
+
+// GenaiOpenaiOtherConfigApiProvider The OpenAI API provider.
+type GenaiOpenaiOtherConfigApiProvider string
+
+// GenaiOpenaiOtherConfigVerificationMode SSL verification mode for PKI authentication.
+type GenaiOpenaiOtherConfigVerificationMode string
+
+// GenaiSecrets Defines secrets for connectors when type is `.gen-ai`. Supports both API key authentication (OpenAI, Azure OpenAI, and `Other`) and PKI authentication (`Other` provider only). PKI fields must be base64-encoded PEM content.
+type GenaiSecrets struct {
+	// ApiKey The API key for authentication. For OpenAI and Azure OpenAI providers, it is required. For the `Other` provider, it is required if you do not use PKI authentication. With PKI, you can also optionally include an API key if the OpenAI-compatible service supports or requires one.
+	ApiKey *string `json:"apiKey,omitempty"`
+
+	// CaData Base64-encoded PEM CA certificate content for PKI authentication (Other provider only). Optional.
+	CaData *string `json:"caData,omitempty"`
+
+	// CertificateData Base64-encoded PEM certificate content for PKI authentication (Other provider only). Required for PKI.
+	CertificateData *string `json:"certificateData,omitempty"`
+
+	// PrivateKeyData Base64-encoded PEM private key content for PKI authentication (Other provider only). Required for PKI.
+	PrivateKeyData *string `json:"privateKeyData,omitempty"`
+}
+
+// GetDataViewsResponseItem defines model for get_data_views_response_item.
+type GetDataViewsResponseItem struct {
+	Id         *string                 `json:"id,omitempty"`
+	Name       *string                 `json:"name,omitempty"`
+	Namespaces *[]string               `json:"namespaces,omitempty"`
+	Title      *string                 `json:"title,omitempty"`
+	TypeMeta   *map[string]interface{} `json:"typeMeta,omitempty"`
+}
+
+// HasAuth If true, a username and password for login type authentication must be provided.
+type HasAuth = bool
+
+// IndexConfig Defines properties for connectors when type is `.index`.
+type IndexConfig struct {
+	// ExecutionTimeField A field that indicates when the document was indexed.
+	ExecutionTimeField *string `json:"executionTimeField,omitempty"`
+
+	// Index The Elasticsearch index to be written to.
+	Index string `json:"index"`
+
+	// Refresh The refresh policy for the write request, which affects when changes are made visible to search. Refer to the refresh setting for Elasticsearch document APIs.
+	Refresh *bool `json:"refresh,omitempty"`
+}
+
+// JiraConfig Defines properties for connectors when type is `.jira`.
+type JiraConfig struct {
+	// ApiUrl The Jira instance URL.
+	ApiUrl string `json:"apiUrl"`
+
+	// ProjectKey The Jira project key.
+	ProjectKey string `json:"projectKey"`
+}
+
+// JiraSecrets Defines secrets for connectors when type is `.jira`.
+type JiraSecrets struct {
+	// ApiToken The Jira API authentication token for HTTP basic authentication.
+	ApiToken string `json:"apiToken"`
+
+	// Email The account email for HTTP Basic authentication.
+	Email string `json:"email"`
+}
+
+// Key If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the KEY file.
+type Key = string
+
+// NewOutputElasticsearch defines model for new_output_elasticsearch.
+type NewOutputElasticsearch struct {
+	AllowEdit            *[]string                     `json:"allow_edit,omitempty"`
+	CaSha256             *string                       `json:"ca_sha256,omitempty"`
+	CaTrustedFingerprint *string                       `json:"ca_trusted_fingerprint,omitempty"`
+	ConfigYaml           *string                       `json:"config_yaml,omitempty"`
+	Hosts                []string                      `json:"hosts"`
+	Id                   *string                       `json:"id,omitempty"`
+	IsDefault            *bool                         `json:"is_default,omitempty"`
+	IsDefaultMonitoring  *bool                         `json:"is_default_monitoring,omitempty"`
+	IsInternal           *bool                         `json:"is_internal,omitempty"`
+	IsPreconfigured      *bool                         `json:"is_preconfigured,omitempty"`
+	Name                 string                        `json:"name"`
+	Preset               *NewOutputElasticsearchPreset `json:"preset,omitempty"`
+	ProxyId              *string                       `json:"proxy_id,omitempty"`
+	Secrets              *struct {
+		Ssl *struct {
+			Key *NewOutputElasticsearch_Secrets_Ssl_Key `json:"key,omitempty"`
+		} `json:"ssl,omitempty"`
+	} `json:"secrets,omitempty"`
+	Shipper            *NewOutputShipper          `json:"shipper,omitempty"`
+	Ssl                *NewOutputSsl              `json:"ssl,omitempty"`
+	Type               NewOutputElasticsearchType `json:"type"`
+	WriteToLogsStreams *bool                      `json:"write_to_logs_streams,omitempty"`
+}
+
+// NewOutputElasticsearchPreset defines model for NewOutputElasticsearch.Preset.
+type NewOutputElasticsearchPreset string
+
+// NewOutputElasticsearchSecretsSslKey0 defines model for .
+type NewOutputElasticsearchSecretsSslKey0 struct {
+	Id string `json:"id"`
+}
+
+// NewOutputElasticsearchSecretsSslKey1 defines model for .
+type NewOutputElasticsearchSecretsSslKey1 = string
+
+// NewOutputElasticsearch_Secrets_Ssl_Key defines model for NewOutputElasticsearch.Secrets.Ssl.Key.
+type NewOutputElasticsearch_Secrets_Ssl_Key struct {
+	union json.RawMessage
+}
+
+// NewOutputElasticsearchType defines model for NewOutputElasticsearch.Type.
+type NewOutputElasticsearchType string
+
+// NewOutputKafka defines model for new_output_kafka.
+type NewOutputKafka struct {
+	AllowEdit            *[]string                  `json:"allow_edit,omitempty"`
+	AuthType             NewOutputKafkaAuthType     `json:"auth_type"`
+	BrokerTimeout        *float32                   `json:"broker_timeout,omitempty"`
+	CaSha256             *string                    `json:"ca_sha256,omitempty"`
+	CaTrustedFingerprint *string                    `json:"ca_trusted_fingerprint,omitempty"`
+	ClientId             *string                    `json:"client_id,omitempty"`
+	Compression          *NewOutputKafkaCompression `json:"compression,omitempty"`
+	CompressionLevel     interface{}                `json:"compression_level"`
+	ConfigYaml           *string                    `json:"config_yaml,omitempty"`
+	ConnectionType       interface{}                `json:"connection_type"`
+	Hash                 *struct {
+		Hash   *string `json:"hash,omitempty"`
+		Random *bool   `json:"random,omitempty"`
+	} `json:"hash,omitempty"`
+	Headers *[]struct {
+		Key   string `json:"key"`
+		Value string `json:"value"`
+	} `json:"headers,omitempty"`
+	Hosts               []string                 `json:"hosts"`
+	Id                  *string                  `json:"id,omitempty"`
+	IsDefault           *bool                    `json:"is_default,omitempty"`
+	IsDefaultMonitoring *bool                    `json:"is_default_monitoring,omitempty"`
+	IsInternal          *bool                    `json:"is_internal,omitempty"`
+	IsPreconfigured     *bool                    `json:"is_preconfigured,omitempty"`
+	Key                 *string                  `json:"key,omitempty"`
+	Name                string                   `json:"name"`
+	Partition           *NewOutputKafkaPartition `json:"partition,omitempty"`
+	Password            interface{}              `json:"password"`
+	ProxyId             *string                  `json:"proxy_id,omitempty"`
+	Random              *struct {
+		GroupEvents *float32 `json:"group_events,omitempty"`
+	} `json:"random,omitempty"`
+	RequiredAcks *NewOutputKafkaRequiredAcks `json:"required_acks,omitempty"`
+	RoundRobin   *struct {
+		GroupEvents *float32 `json:"group_events,omitempty"`
+	} `json:"round_robin,omitempty"`
+	Sasl *struct {
+		Mechanism *NewOutputKafkaSaslMechanism `json:"mechanism,omitempty"`
+	} `json:"sasl,omitempty"`
+	Secrets *struct {
+		Password *NewOutputKafka_Secrets_Password `json:"password,omitempty"`
+		Ssl      *struct {
+			Key NewOutputKafka_Secrets_Ssl_Key `json:"key"`
+		} `json:"ssl,omitempty"`
+	} `json:"secrets,omitempty"`
+	Shipper            *NewOutputShipper  `json:"shipper,omitempty"`
+	Ssl                *NewOutputSsl      `json:"ssl,omitempty"`
+	Timeout            *float32           `json:"timeout,omitempty"`
+	Topic              *string            `json:"topic,omitempty"`
+	Type               NewOutputKafkaType `json:"type"`
+	Username           interface{}        `json:"username"`
+	Version            *string            `json:"version,omitempty"`
+	WriteToLogsStreams *bool              `json:"write_to_logs_streams,omitempty"`
+}
+
+// NewOutputKafkaAuthType defines model for NewOutputKafka.AuthType.
+type NewOutputKafkaAuthType string
+
+// NewOutputKafkaCompression defines model for NewOutputKafka.Compression.
+type NewOutputKafkaCompression string
+
+// NewOutputKafkaPartition defines model for NewOutputKafka.Partition.
+type NewOutputKafkaPartition string
+
+// NewOutputKafkaRequiredAcks defines model for NewOutputKafka.RequiredAcks.
+type NewOutputKafkaRequiredAcks int
+
+// NewOutputKafkaSaslMechanism defines model for NewOutputKafka.Sasl.Mechanism.
+type NewOutputKafkaSaslMechanism string
+
+// NewOutputKafkaSecretsPassword0 defines model for .
+type NewOutputKafkaSecretsPassword0 struct {
+	Id string `json:"id"`
+}
+
+// NewOutputKafkaSecretsPassword1 defines model for .
+type NewOutputKafkaSecretsPassword1 = string
+
+// NewOutputKafka_Secrets_Password defines model for NewOutputKafka.Secrets.Password.
+type NewOutputKafka_Secrets_Password struct {
+	union json.RawMessage
+}
+
+// NewOutputKafkaSecretsSslKey0 defines model for .
+type NewOutputKafkaSecretsSslKey0 struct {
+	Id string `json:"id"`
+}
+
+// NewOutputKafkaSecretsSslKey1 defines model for .
+type NewOutputKafkaSecretsSslKey1 = string
+
+// NewOutputKafka_Secrets_Ssl_Key defines model for NewOutputKafka.Secrets.Ssl.Key.
+type NewOutputKafka_Secrets_Ssl_Key struct {
+	union json.RawMessage
+}
+
+// NewOutputKafkaType defines model for NewOutputKafka.Type.
+type NewOutputKafkaType string
+
+// NewOutputLogstash defines model for new_output_logstash.
+type NewOutputLogstash struct {
+	AllowEdit            *[]string `json:"allow_edit,omitempty"`
+	CaSha256             *string   `json:"ca_sha256,omitempty"`
+	CaTrustedFingerprint *string   `json:"ca_trusted_fingerprint,omitempty"`
+	ConfigYaml           *string   `json:"config_yaml,omitempty"`
+	Hosts                []string  `json:"hosts"`
+	Id                   *string   `json:"id,omitempty"`
+	IsDefault            *bool     `json:"is_default,omitempty"`
+	IsDefaultMonitoring  *bool     `json:"is_default_monitoring,omitempty"`
+	IsInternal           *bool     `json:"is_internal,omitempty"`
+	IsPreconfigured      *bool     `json:"is_preconfigured,omitempty"`
+	Name                 string    `json:"name"`
+	ProxyId              *string   `json:"proxy_id,omitempty"`
+	Secrets              *struct {
+		Ssl *struct {
+			Key *NewOutputLogstash_Secrets_Ssl_Key `json:"key,omitempty"`
+		} `json:"ssl,omitempty"`
+	} `json:"secrets,omitempty"`
+	Shipper            *NewOutputShipper     `json:"shipper,omitempty"`
+	Ssl                *NewOutputSsl         `json:"ssl,omitempty"`
+	Type               NewOutputLogstashType `json:"type"`
+	WriteToLogsStreams *bool                 `json:"write_to_logs_streams,omitempty"`
+}
+
+// NewOutputLogstashSecretsSslKey0 defines model for .
+type NewOutputLogstashSecretsSslKey0 struct {
+	Id string `json:"id"`
+}
+
+// NewOutputLogstashSecretsSslKey1 defines model for .
+type NewOutputLogstashSecretsSslKey1 = string
+
+// NewOutputLogstash_Secrets_Ssl_Key defines model for NewOutputLogstash.Secrets.Ssl.Key.
+type NewOutputLogstash_Secrets_Ssl_Key struct {
+	union json.RawMessage
+}
+
+// NewOutputLogstashType defines model for NewOutputLogstash.Type.
+type NewOutputLogstashType string
+
+// NewOutputRemoteElasticsearch defines model for new_output_remote_elasticsearch.
+type NewOutputRemoteElasticsearch struct {
+	AllowEdit            *[]string                           `json:"allow_edit,omitempty"`
+	CaSha256             *string                             `json:"ca_sha256,omitempty"`
+	CaTrustedFingerprint *string                             `json:"ca_trusted_fingerprint,omitempty"`
+	ConfigYaml           *string                             `json:"config_yaml,omitempty"`
+	Hosts                []string                            `json:"hosts"`
+	Id                   *string                             `json:"id,omitempty"`
+	IsDefault            *bool                               `json:"is_default,omitempty"`
+	IsDefaultMonitoring  *bool                               `json:"is_default_monitoring,omitempty"`
+	IsInternal           *bool                               `json:"is_internal,omitempty"`
+	IsPreconfigured      *bool                               `json:"is_preconfigured,omitempty"`
+	KibanaApiKey         *string                             `json:"kibana_api_key,omitempty"`
+	KibanaUrl            *string                             `json:"kibana_url,omitempty"`
+	Name                 string                              `json:"name"`
+	Preset               *NewOutputRemoteElasticsearchPreset `json:"preset,omitempty"`
+	ProxyId              *string                             `json:"proxy_id,omitempty"`
+	Secrets              *struct {
+		ServiceToken *NewOutputRemoteElasticsearch_Secrets_ServiceToken `json:"service_token,omitempty"`
+		Ssl          *struct {
+			Key *NewOutputRemoteElasticsearch_Secrets_Ssl_Key `json:"key,omitempty"`
+		} `json:"ssl,omitempty"`
+	} `json:"secrets,omitempty"`
+	ServiceToken                *string                          `json:"service_token,omitempty"`
+	Shipper                     *NewOutputShipper                `json:"shipper,omitempty"`
+	Ssl                         *NewOutputSsl                    `json:"ssl,omitempty"`
+	SyncIntegrations            *bool                            `json:"sync_integrations,omitempty"`
+	SyncUninstalledIntegrations *bool                            `json:"sync_uninstalled_integrations,omitempty"`
+	Type                        NewOutputRemoteElasticsearchType `json:"type"`
+	WriteToLogsStreams          *bool                            `json:"write_to_logs_streams,omitempty"`
+}
+
+// NewOutputRemoteElasticsearchPreset defines model for NewOutputRemoteElasticsearch.Preset.
+type NewOutputRemoteElasticsearchPreset string
+
+// NewOutputRemoteElasticsearchSecretsServiceToken0 defines model for .
+type NewOutputRemoteElasticsearchSecretsServiceToken0 struct {
+	Id string `json:"id"`
+}
+
+// NewOutputRemoteElasticsearchSecretsServiceToken1 defines model for .
+type NewOutputRemoteElasticsearchSecretsServiceToken1 = string
+
+// NewOutputRemoteElasticsearch_Secrets_ServiceToken defines model for NewOutputRemoteElasticsearch.Secrets.ServiceToken.
+type NewOutputRemoteElasticsearch_Secrets_ServiceToken struct {
+	union json.RawMessage
+}
+
+// NewOutputRemoteElasticsearchSecretsSslKey0 defines model for .
+type NewOutputRemoteElasticsearchSecretsSslKey0 struct {
+	Id string `json:"id"`
+}
+
+// NewOutputRemoteElasticsearchSecretsSslKey1 defines model for .
+type NewOutputRemoteElasticsearchSecretsSslKey1 = string
+
+// NewOutputRemoteElasticsearch_Secrets_Ssl_Key defines model for NewOutputRemoteElasticsearch.Secrets.Ssl.Key.
+type NewOutputRemoteElasticsearch_Secrets_Ssl_Key struct {
+	union json.RawMessage
+}
+
+// NewOutputRemoteElasticsearchType defines model for NewOutputRemoteElasticsearch.Type.
+type NewOutputRemoteElasticsearchType string
+
+// NewOutputShipper defines model for new_output_shipper.
+type NewOutputShipper struct {
+	CompressionLevel            *float32 `json:"compression_level,omitempty"`
+	DiskQueueCompressionEnabled *bool    `json:"disk_queue_compression_enabled,omitempty"`
+	DiskQueueEnabled            *bool    `json:"disk_queue_enabled,omitempty"`
+	DiskQueueEncryptionEnabled  *bool    `json:"disk_queue_encryption_enabled,omitempty"`
+	DiskQueueMaxSize            *float32 `json:"disk_queue_max_size,omitempty"`
+	DiskQueuePath               *string  `json:"disk_queue_path,omitempty"`
+	Loadbalance                 *bool    `json:"loadbalance,omitempty"`
+	MaxBatchBytes               *float32 `json:"max_batch_bytes,omitempty"`
+	MemQueueEvents              *float32 `json:"mem_queue_events,omitempty"`
+	QueueFlushTimeout           *float32 `json:"queue_flush_timeout,omitempty"`
+}
+
+// NewOutputSsl defines model for new_output_ssl.
+type NewOutputSsl struct {
+	Certificate            *string                       `json:"certificate,omitempty"`
+	CertificateAuthorities *[]string                     `json:"certificate_authorities,omitempty"`
+	Key                    *string                       `json:"key,omitempty"`
+	VerificationMode       *NewOutputSslVerificationMode `json:"verification_mode,omitempty"`
+}
+
+// NewOutputSslVerificationMode defines model for NewOutputSsl.VerificationMode.
+type NewOutputSslVerificationMode string
+
+// NewOutputUnion defines model for new_output_union.
+type NewOutputUnion struct {
+	union json.RawMessage
+}
+
+// OpsgenieConfig Defines properties for connectors when type is `.opsgenie`.
+type OpsgenieConfig struct {
+	// ApiUrl The Opsgenie URL. For example, `https://api.opsgenie.com` or `https://api.eu.opsgenie.com`. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+	ApiUrl string `json:"apiUrl"`
+}
+
+// OpsgenieSecrets Defines secrets for connectors when type is `.opsgenie`.
+type OpsgenieSecrets struct {
+	// ApiKey The Opsgenie API authentication key for HTTP Basic authentication.
+	ApiKey string `json:"apiKey"`
+}
+
+// OutputElasticsearch defines model for output_elasticsearch.
+type OutputElasticsearch struct {
+	AllowEdit            *[]string                    `json:"allow_edit,omitempty"`
+	CaSha256             *string                      `json:"ca_sha256,omitempty"`
+	CaTrustedFingerprint *string                      `json:"ca_trusted_fingerprint,omitempty"`
+	ConfigYaml           *string                      `json:"config_yaml,omitempty"`
+	Hosts                []string                     `json:"hosts"`
+	Id                   *string                      `json:"id,omitempty"`
+	IsDefault            *bool                        `json:"is_default,omitempty"`
+	IsDefaultMonitoring  *bool                        `json:"is_default_monitoring,omitempty"`
+	IsInternal           *bool                        `json:"is_internal,omitempty"`
+	IsPreconfigured      *bool                        `json:"is_preconfigured,omitempty"`
+	Name                 string                       `json:"name"`
+	Preset               *OutputElasticsearchPreset   `json:"preset,omitempty"`
+	ProxyId              *string                      `json:"proxy_id,omitempty"`
+	Secrets              *OutputElasticsearch_Secrets `json:"secrets,omitempty"`
+	Shipper              *OutputShipper               `json:"shipper,omitempty"`
+	Ssl                  *OutputSsl                   `json:"ssl,omitempty"`
+	Type                 OutputElasticsearchType      `json:"type"`
+	WriteToLogsStreams   *bool                        `json:"write_to_logs_streams,omitempty"`
+	AdditionalProperties map[string]interface{}       `json:"-"`
+}
+
+// OutputElasticsearchPreset defines model for OutputElasticsearch.Preset.
+type OutputElasticsearchPreset string
+
+// OutputElasticsearchSecretsSslKey0 defines model for .
+type OutputElasticsearchSecretsSslKey0 struct {
+	Id                   string                 `json:"id"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// OutputElasticsearchSecretsSslKey1 defines model for .
+type OutputElasticsearchSecretsSslKey1 = string
+
+// OutputElasticsearch_Secrets_Ssl_Key defines model for OutputElasticsearch.Secrets.Ssl.Key.
+type OutputElasticsearch_Secrets_Ssl_Key struct {
+	union json.RawMessage
+}
+
+// OutputElasticsearch_Secrets_Ssl defines model for OutputElasticsearch.Secrets.Ssl.
+type OutputElasticsearch_Secrets_Ssl struct {
+	Key                  *OutputElasticsearch_Secrets_Ssl_Key `json:"key,omitempty"`
+	AdditionalProperties map[string]interface{}               `json:"-"`
+}
+
+// OutputElasticsearch_Secrets defines model for OutputElasticsearch.Secrets.
+type OutputElasticsearch_Secrets struct {
+	Ssl                  *OutputElasticsearch_Secrets_Ssl `json:"ssl,omitempty"`
+	AdditionalProperties map[string]interface{}           `json:"-"`
+}
+
+// OutputElasticsearchType defines model for OutputElasticsearch.Type.
+type OutputElasticsearchType string
+
+// OutputKafka defines model for output_kafka.
+type OutputKafka struct {
+	AllowEdit            *[]string                   `json:"allow_edit,omitempty"`
+	AuthType             OutputKafkaAuthType         `json:"auth_type"`
+	BrokerTimeout        *float32                    `json:"broker_timeout,omitempty"`
+	CaSha256             *string                     `json:"ca_sha256,omitempty"`
+	CaTrustedFingerprint *string                     `json:"ca_trusted_fingerprint,omitempty"`
+	ClientId             *string                     `json:"client_id,omitempty"`
+	Compression          *OutputKafkaCompression     `json:"compression,omitempty"`
+	CompressionLevel     interface{}                 `json:"compression_level"`
+	ConfigYaml           *string                     `json:"config_yaml,omitempty"`
+	ConnectionType       interface{}                 `json:"connection_type"`
+	Hash                 *OutputKafka_Hash           `json:"hash,omitempty"`
+	Headers              *[]OutputKafka_Headers_Item `json:"headers,omitempty"`
+	Hosts                []string                    `json:"hosts"`
+	Id                   *string                     `json:"id,omitempty"`
+	IsDefault            *bool                       `json:"is_default,omitempty"`
+	IsDefaultMonitoring  *bool                       `json:"is_default_monitoring,omitempty"`
+	IsInternal           *bool                       `json:"is_internal,omitempty"`
+	IsPreconfigured      *bool                       `json:"is_preconfigured,omitempty"`
+	Key                  *string                     `json:"key,omitempty"`
+	Name                 string                      `json:"name"`
+	Partition            *OutputKafkaPartition       `json:"partition,omitempty"`
+	Password             interface{}                 `json:"password"`
+	ProxyId              *string                     `json:"proxy_id,omitempty"`
+	Random               *OutputKafka_Random         `json:"random,omitempty"`
+	RequiredAcks         *OutputKafkaRequiredAcks    `json:"required_acks,omitempty"`
+	RoundRobin           *OutputKafka_RoundRobin     `json:"round_robin,omitempty"`
+	Sasl                 *OutputKafka_Sasl           `json:"sasl,omitempty"`
+	Secrets              *OutputKafka_Secrets        `json:"secrets,omitempty"`
+	Shipper              *OutputShipper              `json:"shipper,omitempty"`
+	Ssl                  *OutputSsl                  `json:"ssl,omitempty"`
+	Timeout              *float32                    `json:"timeout,omitempty"`
+	Topic                *string                     `json:"topic,omitempty"`
+	Type                 OutputKafkaType             `json:"type"`
+	Username             interface{}                 `json:"username"`
+	Version              *string                     `json:"version,omitempty"`
+	WriteToLogsStreams   *bool                       `json:"write_to_logs_streams,omitempty"`
+	AdditionalProperties map[string]interface{}      `json:"-"`
+}
+
+// OutputKafkaAuthType defines model for OutputKafka.AuthType.
+type OutputKafkaAuthType string
+
+// OutputKafkaCompression defines model for OutputKafka.Compression.
+type OutputKafkaCompression string
+
+// OutputKafka_Hash defines model for OutputKafka.Hash.
+type OutputKafka_Hash struct {
+	Hash                 *string                `json:"hash,omitempty"`
+	Random               *bool                  `json:"random,omitempty"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// OutputKafka_Headers_Item defines model for output_kafka.headers.Item.
+type OutputKafka_Headers_Item struct {
+	Key                  string                 `json:"key"`
+	Value                string                 `json:"value"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// OutputKafkaPartition defines model for OutputKafka.Partition.
+type OutputKafkaPartition string
+
+// OutputKafka_Random defines model for OutputKafka.Random.
+type OutputKafka_Random struct {
+	GroupEvents          *float32               `json:"group_events,omitempty"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// OutputKafkaRequiredAcks defines model for OutputKafka.RequiredAcks.
+type OutputKafkaRequiredAcks int
+
+// OutputKafka_RoundRobin defines model for OutputKafka.RoundRobin.
+type OutputKafka_RoundRobin struct {
+	GroupEvents          *float32               `json:"group_events,omitempty"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// OutputKafkaSaslMechanism defines model for OutputKafka.Sasl.Mechanism.
+type OutputKafkaSaslMechanism string
+
+// OutputKafka_Sasl defines model for OutputKafka.Sasl.
+type OutputKafka_Sasl struct {
+	Mechanism            *OutputKafkaSaslMechanism `json:"mechanism,omitempty"`
+	AdditionalProperties map[string]interface{}    `json:"-"`
+}
+
+// OutputKafkaSecretsPassword0 defines model for .
+type OutputKafkaSecretsPassword0 struct {
+	Id                   string                 `json:"id"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// OutputKafkaSecretsPassword1 defines model for .
+type OutputKafkaSecretsPassword1 = string
+
+// OutputKafka_Secrets_Password defines model for OutputKafka.Secrets.Password.
+type OutputKafka_Secrets_Password struct {
+	union json.RawMessage
+}
+
+// OutputKafkaSecretsSslKey0 defines model for .
+type OutputKafkaSecretsSslKey0 struct {
+	Id                   string                 `json:"id"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// OutputKafkaSecretsSslKey1 defines model for .
+type OutputKafkaSecretsSslKey1 = string
+
+// OutputKafka_Secrets_Ssl_Key defines model for OutputKafka.Secrets.Ssl.Key.
+type OutputKafka_Secrets_Ssl_Key struct {
+	union json.RawMessage
+}
+
+// OutputKafka_Secrets_Ssl defines model for OutputKafka.Secrets.Ssl.
+type OutputKafka_Secrets_Ssl struct {
+	Key                  OutputKafka_Secrets_Ssl_Key `json:"key"`
+	AdditionalProperties map[string]interface{}      `json:"-"`
+}
+
+// OutputKafka_Secrets defines model for OutputKafka.Secrets.
+type OutputKafka_Secrets struct {
+	Password             *OutputKafka_Secrets_Password `json:"password,omitempty"`
+	Ssl                  *OutputKafka_Secrets_Ssl      `json:"ssl,omitempty"`
+	AdditionalProperties map[string]interface{}        `json:"-"`
+}
+
+// OutputKafkaType defines model for OutputKafka.Type.
+type OutputKafkaType string
+
+// OutputLogstash defines model for output_logstash.
+type OutputLogstash struct {
+	AllowEdit            *[]string               `json:"allow_edit,omitempty"`
+	CaSha256             *string                 `json:"ca_sha256,omitempty"`
+	CaTrustedFingerprint *string                 `json:"ca_trusted_fingerprint,omitempty"`
+	ConfigYaml           *string                 `json:"config_yaml,omitempty"`
+	Hosts                []string                `json:"hosts"`
+	Id                   *string                 `json:"id,omitempty"`
+	IsDefault            *bool                   `json:"is_default,omitempty"`
+	IsDefaultMonitoring  *bool                   `json:"is_default_monitoring,omitempty"`
+	IsInternal           *bool                   `json:"is_internal,omitempty"`
+	IsPreconfigured      *bool                   `json:"is_preconfigured,omitempty"`
+	Name                 string                  `json:"name"`
+	ProxyId              *string                 `json:"proxy_id,omitempty"`
+	Secrets              *OutputLogstash_Secrets `json:"secrets,omitempty"`
+	Shipper              *OutputShipper          `json:"shipper,omitempty"`
+	Ssl                  *OutputSsl              `json:"ssl,omitempty"`
+	Type                 OutputLogstashType      `json:"type"`
+	WriteToLogsStreams   *bool                   `json:"write_to_logs_streams,omitempty"`
+	AdditionalProperties map[string]interface{}  `json:"-"`
+}
+
+// OutputLogstashSecretsSslKey0 defines model for .
+type OutputLogstashSecretsSslKey0 struct {
+	Id                   string                 `json:"id"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// OutputLogstashSecretsSslKey1 defines model for .
+type OutputLogstashSecretsSslKey1 = string
+
+// OutputLogstash_Secrets_Ssl_Key defines model for OutputLogstash.Secrets.Ssl.Key.
+type OutputLogstash_Secrets_Ssl_Key struct {
+	union json.RawMessage
+}
+
+// OutputLogstash_Secrets_Ssl defines model for OutputLogstash.Secrets.Ssl.
+type OutputLogstash_Secrets_Ssl struct {
+	Key                  *OutputLogstash_Secrets_Ssl_Key `json:"key,omitempty"`
+	AdditionalProperties map[string]interface{}          `json:"-"`
+}
+
+// OutputLogstash_Secrets defines model for OutputLogstash.Secrets.
+type OutputLogstash_Secrets struct {
+	Ssl                  *OutputLogstash_Secrets_Ssl `json:"ssl,omitempty"`
+	AdditionalProperties map[string]interface{}      `json:"-"`
+}
+
+// OutputLogstashType defines model for OutputLogstash.Type.
+type OutputLogstashType string
+
+// OutputRemoteElasticsearch defines model for output_remote_elasticsearch.
+type OutputRemoteElasticsearch struct {
+	AllowEdit                   *[]string                          `json:"allow_edit,omitempty"`
+	CaSha256                    *string                            `json:"ca_sha256,omitempty"`
+	CaTrustedFingerprint        *string                            `json:"ca_trusted_fingerprint,omitempty"`
+	ConfigYaml                  *string                            `json:"config_yaml,omitempty"`
+	Hosts                       []string                           `json:"hosts"`
+	Id                          *string                            `json:"id,omitempty"`
+	IsDefault                   *bool                              `json:"is_default,omitempty"`
+	IsDefaultMonitoring         *bool                              `json:"is_default_monitoring,omitempty"`
+	IsInternal                  *bool                              `json:"is_internal,omitempty"`
+	IsPreconfigured             *bool                              `json:"is_preconfigured,omitempty"`
+	KibanaApiKey                *string                            `json:"kibana_api_key,omitempty"`
+	KibanaUrl                   *string                            `json:"kibana_url,omitempty"`
+	Name                        string                             `json:"name"`
+	Preset                      *OutputRemoteElasticsearchPreset   `json:"preset,omitempty"`
+	ProxyId                     *string                            `json:"proxy_id,omitempty"`
+	Secrets                     *OutputRemoteElasticsearch_Secrets `json:"secrets,omitempty"`
+	ServiceToken                *string                            `json:"service_token,omitempty"`
+	Shipper                     *OutputShipper                     `json:"shipper,omitempty"`
+	Ssl                         *OutputSsl                         `json:"ssl,omitempty"`
+	SyncIntegrations            *bool                              `json:"sync_integrations,omitempty"`
+	SyncUninstalledIntegrations *bool                              `json:"sync_uninstalled_integrations,omitempty"`
+	Type                        OutputRemoteElasticsearchType      `json:"type"`
+	WriteToLogsStreams          *bool                              `json:"write_to_logs_streams,omitempty"`
+	AdditionalProperties        map[string]interface{}             `json:"-"`
+}
+
+// OutputRemoteElasticsearchPreset defines model for OutputRemoteElasticsearch.Preset.
+type OutputRemoteElasticsearchPreset string
+
+// OutputRemoteElasticsearchSecretsServiceToken0 defines model for .
+type OutputRemoteElasticsearchSecretsServiceToken0 struct {
+	Id                   string                 `json:"id"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// OutputRemoteElasticsearchSecretsServiceToken1 defines model for .
+type OutputRemoteElasticsearchSecretsServiceToken1 = string
+
+// OutputRemoteElasticsearch_Secrets_ServiceToken defines model for OutputRemoteElasticsearch.Secrets.ServiceToken.
+type OutputRemoteElasticsearch_Secrets_ServiceToken struct {
+	union json.RawMessage
+}
+
+// OutputRemoteElasticsearchSecretsSslKey0 defines model for .
+type OutputRemoteElasticsearchSecretsSslKey0 struct {
+	Id                   string                 `json:"id"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// OutputRemoteElasticsearchSecretsSslKey1 defines model for .
+type OutputRemoteElasticsearchSecretsSslKey1 = string
+
+// OutputRemoteElasticsearch_Secrets_Ssl_Key defines model for OutputRemoteElasticsearch.Secrets.Ssl.Key.
+type OutputRemoteElasticsearch_Secrets_Ssl_Key struct {
+	union json.RawMessage
+}
+
+// OutputRemoteElasticsearch_Secrets_Ssl defines model for OutputRemoteElasticsearch.Secrets.Ssl.
+type OutputRemoteElasticsearch_Secrets_Ssl struct {
+	Key                  *OutputRemoteElasticsearch_Secrets_Ssl_Key `json:"key,omitempty"`
+	AdditionalProperties map[string]interface{}                     `json:"-"`
+}
+
+// OutputRemoteElasticsearch_Secrets defines model for OutputRemoteElasticsearch.Secrets.
+type OutputRemoteElasticsearch_Secrets struct {
+	ServiceToken         *OutputRemoteElasticsearch_Secrets_ServiceToken `json:"service_token,omitempty"`
+	Ssl                  *OutputRemoteElasticsearch_Secrets_Ssl          `json:"ssl,omitempty"`
+	AdditionalProperties map[string]interface{}                          `json:"-"`
+}
+
+// OutputRemoteElasticsearchType defines model for OutputRemoteElasticsearch.Type.
+type OutputRemoteElasticsearchType string
+
+// OutputShipper defines model for output_shipper.
+type OutputShipper struct {
+	CompressionLevel            *float32               `json:"compression_level,omitempty"`
+	DiskQueueCompressionEnabled *bool                  `json:"disk_queue_compression_enabled,omitempty"`
+	DiskQueueEnabled            *bool                  `json:"disk_queue_enabled,omitempty"`
+	DiskQueueEncryptionEnabled  *bool                  `json:"disk_queue_encryption_enabled,omitempty"`
+	DiskQueueMaxSize            *float32               `json:"disk_queue_max_size,omitempty"`
+	DiskQueuePath               *string                `json:"disk_queue_path,omitempty"`
+	Loadbalance                 *bool                  `json:"loadbalance,omitempty"`
+	MaxBatchBytes               *float32               `json:"max_batch_bytes,omitempty"`
+	MemQueueEvents              *float32               `json:"mem_queue_events,omitempty"`
+	QueueFlushTimeout           *float32               `json:"queue_flush_timeout,omitempty"`
+	AdditionalProperties        map[string]interface{} `json:"-"`
+}
+
+// OutputSsl defines model for output_ssl.
+type OutputSsl struct {
+	Certificate            *string                    `json:"certificate,omitempty"`
+	CertificateAuthorities *[]string                  `json:"certificate_authorities,omitempty"`
+	Key                    *string                    `json:"key,omitempty"`
+	VerificationMode       *OutputSslVerificationMode `json:"verification_mode,omitempty"`
+	AdditionalProperties   map[string]interface{}     `json:"-"`
+}
+
+// OutputSslVerificationMode defines model for OutputSsl.VerificationMode.
+type OutputSslVerificationMode string
+
+// OutputUnion defines model for output_union.
+type OutputUnion struct {
+	union json.RawMessage
+}
+
+// PackageInfo defines model for package_info.
+type PackageInfo struct {
+	Agent *struct {
+		Privileges *struct {
+			Root *bool `json:"root,omitempty"`
+		} `json:"privileges,omitempty"`
+	} `json:"agent,omitempty"`
+	AssetTags *[]struct {
+		AssetIds   *[]string `json:"asset_ids,omitempty"`
+		AssetTypes *[]string `json:"asset_types,omitempty"`
+		Text       string    `json:"text"`
+	} `json:"asset_tags,omitempty"`
+	Assets               map[string]interface{}        `json:"assets"`
+	Categories           *[]string                     `json:"categories,omitempty"`
+	Conditions           *PackageInfo_Conditions       `json:"conditions,omitempty"`
+	DataStreams          *[]map[string]interface{}     `json:"data_streams,omitempty"`
+	Description          *string                       `json:"description,omitempty"`
+	Discovery            *PackageInfo_Discovery        `json:"discovery,omitempty"`
+	Download             *string                       `json:"download,omitempty"`
+	Elasticsearch        *map[string]interface{}       `json:"elasticsearch,omitempty"`
+	FormatVersion        *string                       `json:"format_version,omitempty"`
+	Icons                *[]PackageInfo_Icons_Item     `json:"icons,omitempty"`
+	InstallationInfo     *PackageInfo_InstallationInfo `json:"installationInfo,omitempty"`
+	Internal             *bool                         `json:"internal,omitempty"`
+	KeepPoliciesUpToDate *bool                         `json:"keepPoliciesUpToDate,omitempty"`
+	LatestVersion        *string                       `json:"latestVersion,omitempty"`
+	License              *string                       `json:"license,omitempty"`
+	LicensePath          *string                       `json:"licensePath,omitempty"`
+	Name                 string                        `json:"name"`
+	Notice               *string                       `json:"notice,omitempty"`
+	Owner                *PackageInfo_Owner            `json:"owner,omitempty"`
+	Path                 *string                       `json:"path,omitempty"`
+	PolicyTemplates      *[]map[string]interface{}     `json:"policy_templates,omitempty"`
+	Readme               *string                       `json:"readme,omitempty"`
+	Release              *PackageInfoRelease           `json:"release,omitempty"`
+	Screenshots          *[]struct {
+		DarkMode *bool   `json:"dark_mode,omitempty"`
+		Path     *string `json:"path,omitempty"`
+		Size     *string `json:"size,omitempty"`
+		Src      string  `json:"src"`
+		Title    *string `json:"title,omitempty"`
+		Type     *string `json:"type,omitempty"`
+	} `json:"screenshots,omitempty"`
+	SignaturePath        *string                   `json:"signature_path,omitempty"`
+	Source               *PackageInfo_Source       `json:"source,omitempty"`
+	Status               *string                   `json:"status,omitempty"`
+	Title                string                    `json:"title"`
+	Type                 *PackageInfo_Type         `json:"type,omitempty"`
+	Vars                 *[]map[string]interface{} `json:"vars,omitempty"`
+	Version              string                    `json:"version"`
+	AdditionalProperties map[string]interface{}    `json:"-"`
+}
+
+// PackageInfo_Conditions_Elastic defines model for PackageInfo.Conditions.Elastic.
+type PackageInfo_Conditions_Elastic struct {
+	Capabilities         *[]string              `json:"capabilities,omitempty"`
+	Subscription         *string                `json:"subscription,omitempty"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageInfo_Conditions_Kibana defines model for PackageInfo.Conditions.Kibana.
+type PackageInfo_Conditions_Kibana struct {
+	Version              *string                `json:"version,omitempty"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageInfo_Conditions defines model for PackageInfo.Conditions.
+type PackageInfo_Conditions struct {
+	Elastic              *PackageInfo_Conditions_Elastic `json:"elastic,omitempty"`
+	Kibana               *PackageInfo_Conditions_Kibana  `json:"kibana,omitempty"`
+	AdditionalProperties map[string]interface{}          `json:"-"`
+}
+
+// PackageInfo_Discovery_Datasets_Item defines model for PackageInfo.Discovery.Datasets.Item.
+type PackageInfo_Discovery_Datasets_Item struct {
+	Name                 string                 `json:"name"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageInfo_Discovery_Fields_Item defines model for PackageInfo.Discovery.Fields.Item.
+type PackageInfo_Discovery_Fields_Item struct {
+	Name                 string                 `json:"name"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageInfo_Discovery defines model for PackageInfo.Discovery.
+type PackageInfo_Discovery struct {
+	Datasets             *[]PackageInfo_Discovery_Datasets_Item `json:"datasets,omitempty"`
+	Fields               *[]PackageInfo_Discovery_Fields_Item   `json:"fields,omitempty"`
+	AdditionalProperties map[string]interface{}                 `json:"-"`
+}
+
+// PackageInfo_Icons_Item defines model for package_info.icons.Item.
+type PackageInfo_Icons_Item struct {
+	DarkMode             *bool                  `json:"dark_mode,omitempty"`
+	Path                 *string                `json:"path,omitempty"`
+	Size                 *string                `json:"size,omitempty"`
+	Src                  string                 `json:"src"`
+	Title                *string                `json:"title,omitempty"`
+	Type                 *string                `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageInfoInstallationInfoAdditionalSpacesInstalledKibanaType0 defines model for PackageInfo.InstallationInfo.AdditionalSpacesInstalledKibana.Type.0.
+type PackageInfoInstallationInfoAdditionalSpacesInstalledKibanaType0 string
+
+// PackageInfoInstallationInfoAdditionalSpacesInstalledKibanaType1 defines model for .
+type PackageInfoInstallationInfoAdditionalSpacesInstalledKibanaType1 = string
+
+// PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Type defines model for PackageInfo.InstallationInfo.AdditionalSpacesInstalledKibana.Type.
+type PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Type struct {
+	union json.RawMessage
+}
+
+// PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item defines model for PackageInfo.InstallationInfo.AdditionalSpacesInstalledKibana.Item.
+type PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item struct {
+	Id                   string                                                            `json:"id"`
+	OriginId             *string                                                           `json:"originId,omitempty"`
+	Type                 PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Type `json:"type"`
+	AdditionalProperties map[string]interface{}                                            `json:"-"`
+}
+
+// PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features defines model for PackageInfo.InstallationInfo.ExperimentalDataStreamFeatures.Features.
+type PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features struct {
+	DocValueOnlyNumeric  *bool                  `json:"doc_value_only_numeric,omitempty"`
+	DocValueOnlyOther    *bool                  `json:"doc_value_only_other,omitempty"`
+	SyntheticSource      *bool                  `json:"synthetic_source,omitempty"`
+	Tsdb                 *bool                  `json:"tsdb,omitempty"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item defines model for PackageInfo.InstallationInfo.ExperimentalDataStreamFeatures.Item.
+type PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item struct {
+	DataStream           string                                                               `json:"data_stream"`
+	Features             PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features `json:"features"`
+	AdditionalProperties map[string]interface{}                                               `json:"-"`
+}
+
+// PackageInfoInstallationInfoInstallSource defines model for PackageInfo.InstallationInfo.InstallSource.
+type PackageInfoInstallationInfoInstallSource string
+
+// PackageInfoInstallationInfoInstallStatus defines model for PackageInfo.InstallationInfo.InstallStatus.
+type PackageInfoInstallationInfoInstallStatus string
+
+// PackageInfoInstallationInfoInstalledEsType defines model for PackageInfo.InstallationInfo.InstalledEs.Type.
+type PackageInfoInstallationInfoInstalledEsType string
+
+// PackageInfo_InstallationInfo_InstalledEs_Item defines model for PackageInfo.InstallationInfo.InstalledEs.Item.
+type PackageInfo_InstallationInfo_InstalledEs_Item struct {
+	Deferred             *bool                                      `json:"deferred,omitempty"`
+	Id                   string                                     `json:"id"`
+	Type                 PackageInfoInstallationInfoInstalledEsType `json:"type"`
+	Version              *string                                    `json:"version,omitempty"`
+	AdditionalProperties map[string]interface{}                     `json:"-"`
+}
+
+// PackageInfoInstallationInfoInstalledKibanaType0 defines model for PackageInfo.InstallationInfo.InstalledKibana.Type.0.
+type PackageInfoInstallationInfoInstalledKibanaType0 string
+
+// PackageInfoInstallationInfoInstalledKibanaType1 defines model for .
+type PackageInfoInstallationInfoInstalledKibanaType1 = string
+
+// PackageInfo_InstallationInfo_InstalledKibana_Type defines model for PackageInfo.InstallationInfo.InstalledKibana.Type.
+type PackageInfo_InstallationInfo_InstalledKibana_Type struct {
+	union json.RawMessage
+}
+
+// PackageInfo_InstallationInfo_InstalledKibana_Item defines model for PackageInfo.InstallationInfo.InstalledKibana.Item.
+type PackageInfo_InstallationInfo_InstalledKibana_Item struct {
+	Id                   string                                            `json:"id"`
+	OriginId             *string                                           `json:"originId,omitempty"`
+	Type                 PackageInfo_InstallationInfo_InstalledKibana_Type `json:"type"`
+	AdditionalProperties map[string]interface{}                            `json:"-"`
+}
+
+// PackageInfo_InstallationInfo_LatestExecutedState defines model for PackageInfo.InstallationInfo.LatestExecutedState.
+type PackageInfo_InstallationInfo_LatestExecutedState struct {
+	Error                *string                `json:"error,omitempty"`
+	Name                 *string                `json:"name,omitempty"`
+	StartedAt            *string                `json:"started_at,omitempty"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error defines model for PackageInfo.InstallationInfo.LatestInstallFailedAttempts.Error.
+type PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error struct {
+	Message              string                 `json:"message"`
+	Name                 string                 `json:"name"`
+	Stack                *string                `json:"stack,omitempty"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item defines model for PackageInfo.InstallationInfo.LatestInstallFailedAttempts.Item.
+type PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item struct {
+	CreatedAt            string                                                         `json:"created_at"`
+	Error                PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error `json:"error"`
+	TargetVersion        string                                                         `json:"target_version"`
+	AdditionalProperties map[string]interface{}                                         `json:"-"`
+}
+
+// PackageInfoInstallationInfoVerificationStatus defines model for PackageInfo.InstallationInfo.VerificationStatus.
+type PackageInfoInstallationInfoVerificationStatus string
+
+// PackageInfo_InstallationInfo defines model for PackageInfo.InstallationInfo.
+type PackageInfo_InstallationInfo struct {
+	AdditionalSpacesInstalledKibana *map[string][]PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item `json:"additional_spaces_installed_kibana,omitempty"`
+	CreatedAt                       *string                                                                         `json:"created_at,omitempty"`
+	ExperimentalDataStreamFeatures  *[]PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item             `json:"experimental_data_stream_features,omitempty"`
+	InstallFormatSchemaVersion      *string                                                                         `json:"install_format_schema_version,omitempty"`
+	InstallSource                   PackageInfoInstallationInfoInstallSource                                        `json:"install_source"`
+	InstallStatus                   PackageInfoInstallationInfoInstallStatus                                        `json:"install_status"`
+	InstalledEs                     []PackageInfo_InstallationInfo_InstalledEs_Item                                 `json:"installed_es"`
+	InstalledKibana                 []PackageInfo_InstallationInfo_InstalledKibana_Item                             `json:"installed_kibana"`
+	InstalledKibanaSpaceId          *string                                                                         `json:"installed_kibana_space_id,omitempty"`
+	LatestExecutedState             *PackageInfo_InstallationInfo_LatestExecutedState                               `json:"latest_executed_state,omitempty"`
+	LatestInstallFailedAttempts     *[]PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item                `json:"latest_install_failed_attempts,omitempty"`
+	Name                            string                                                                          `json:"name"`
+	Namespaces                      *[]string                                                                       `json:"namespaces,omitempty"`
+	PreviousVersion                 *string                                                                         `json:"previous_version,omitempty"`
+	Type                            string                                                                          `json:"type"`
+	UpdatedAt                       *string                                                                         `json:"updated_at,omitempty"`
+	VerificationKeyId               *string                                                                         `json:"verification_key_id,omitempty"`
+	VerificationStatus              PackageInfoInstallationInfoVerificationStatus                                   `json:"verification_status"`
+	Version                         string                                                                          `json:"version"`
+	AdditionalProperties            map[string]interface{}                                                          `json:"-"`
+}
+
+// PackageInfoOwnerType defines model for PackageInfo.Owner.Type.
+type PackageInfoOwnerType string
+
+// PackageInfo_Owner defines model for PackageInfo.Owner.
+type PackageInfo_Owner struct {
+	Github               *string                `json:"github,omitempty"`
+	Type                 *PackageInfoOwnerType  `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageInfoRelease defines model for PackageInfo.Release.
+type PackageInfoRelease string
+
+// PackageInfo_Source defines model for PackageInfo.Source.
+type PackageInfo_Source struct {
+	License              string                 `json:"license"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageInfoType0 defines model for PackageInfo.Type.0.
+type PackageInfoType0 string
+
+// PackageInfoType1 defines model for PackageInfo.Type.1.
+type PackageInfoType1 string
+
+// PackageInfoType2 defines model for PackageInfo.Type.2.
+type PackageInfoType2 string
+
+// PackageInfoType3 defines model for .
+type PackageInfoType3 = string
+
+// PackageInfo_Type defines model for PackageInfo.Type.
+type PackageInfo_Type struct {
+	union json.RawMessage
+}
+
+// PackageListItem defines model for package_list_item.
+type PackageListItem struct {
+	Categories           *[]string                         `json:"categories,omitempty"`
+	Conditions           *PackageListItem_Conditions       `json:"conditions,omitempty"`
+	DataStreams          *[]map[string]interface{}         `json:"data_streams,omitempty"`
+	Description          *string                           `json:"description,omitempty"`
+	Discovery            *PackageListItem_Discovery        `json:"discovery,omitempty"`
+	Download             *string                           `json:"download,omitempty"`
+	FormatVersion        *string                           `json:"format_version,omitempty"`
+	Icons                *[]PackageListItem_Icons_Item     `json:"icons,omitempty"`
+	Id                   string                            `json:"id"`
+	InstallationInfo     *PackageListItem_InstallationInfo `json:"installationInfo,omitempty"`
+	Integration          *string                           `json:"integration,omitempty"`
+	Internal             *bool                             `json:"internal,omitempty"`
+	LatestVersion        *string                           `json:"latestVersion,omitempty"`
+	Name                 string                            `json:"name"`
+	Owner                *PackageListItem_Owner            `json:"owner,omitempty"`
+	Path                 *string                           `json:"path,omitempty"`
+	PolicyTemplates      *[]map[string]interface{}         `json:"policy_templates,omitempty"`
+	Readme               *string                           `json:"readme,omitempty"`
+	Release              *PackageListItemRelease           `json:"release,omitempty"`
+	SignaturePath        *string                           `json:"signature_path,omitempty"`
+	Source               *PackageListItem_Source           `json:"source,omitempty"`
+	Status               *string                           `json:"status,omitempty"`
+	Title                string                            `json:"title"`
+	Type                 *PackageListItem_Type             `json:"type,omitempty"`
+	Vars                 *[]map[string]interface{}         `json:"vars,omitempty"`
+	Version              string                            `json:"version"`
+	AdditionalProperties map[string]interface{}            `json:"-"`
+}
+
+// PackageListItem_Conditions_Elastic defines model for PackageListItem.Conditions.Elastic.
+type PackageListItem_Conditions_Elastic struct {
+	Capabilities         *[]string              `json:"capabilities,omitempty"`
+	Subscription         *string                `json:"subscription,omitempty"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageListItem_Conditions_Kibana defines model for PackageListItem.Conditions.Kibana.
+type PackageListItem_Conditions_Kibana struct {
+	Version              *string                `json:"version,omitempty"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageListItem_Conditions defines model for PackageListItem.Conditions.
+type PackageListItem_Conditions struct {
+	Elastic              *PackageListItem_Conditions_Elastic `json:"elastic,omitempty"`
+	Kibana               *PackageListItem_Conditions_Kibana  `json:"kibana,omitempty"`
+	AdditionalProperties map[string]interface{}              `json:"-"`
+}
+
+// PackageListItem_Discovery_Datasets_Item defines model for PackageListItem.Discovery.Datasets.Item.
+type PackageListItem_Discovery_Datasets_Item struct {
+	Name                 string                 `json:"name"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageListItem_Discovery_Fields_Item defines model for PackageListItem.Discovery.Fields.Item.
+type PackageListItem_Discovery_Fields_Item struct {
+	Name                 string                 `json:"name"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageListItem_Discovery defines model for PackageListItem.Discovery.
+type PackageListItem_Discovery struct {
+	Datasets             *[]PackageListItem_Discovery_Datasets_Item `json:"datasets,omitempty"`
+	Fields               *[]PackageListItem_Discovery_Fields_Item   `json:"fields,omitempty"`
+	AdditionalProperties map[string]interface{}                     `json:"-"`
+}
+
+// PackageListItem_Icons_Item defines model for package_list_item.icons.Item.
+type PackageListItem_Icons_Item struct {
+	DarkMode             *bool                  `json:"dark_mode,omitempty"`
+	Path                 *string                `json:"path,omitempty"`
+	Size                 *string                `json:"size,omitempty"`
+	Src                  string                 `json:"src"`
+	Title                *string                `json:"title,omitempty"`
+	Type                 *string                `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageListItemInstallationInfoAdditionalSpacesInstalledKibanaType0 defines model for PackageListItem.InstallationInfo.AdditionalSpacesInstalledKibana.Type.0.
+type PackageListItemInstallationInfoAdditionalSpacesInstalledKibanaType0 string
+
+// PackageListItemInstallationInfoAdditionalSpacesInstalledKibanaType1 defines model for .
+type PackageListItemInstallationInfoAdditionalSpacesInstalledKibanaType1 = string
+
+// PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Type defines model for PackageListItem.InstallationInfo.AdditionalSpacesInstalledKibana.Type.
+type PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Type struct {
+	union json.RawMessage
+}
+
+// PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item defines model for PackageListItem.InstallationInfo.AdditionalSpacesInstalledKibana.Item.
+type PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item struct {
+	Id                   string                                                                `json:"id"`
+	OriginId             *string                                                               `json:"originId,omitempty"`
+	Type                 PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Type `json:"type"`
+	AdditionalProperties map[string]interface{}                                                `json:"-"`
+}
+
+// PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features defines model for PackageListItem.InstallationInfo.ExperimentalDataStreamFeatures.Features.
+type PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features struct {
+	DocValueOnlyNumeric  *bool                  `json:"doc_value_only_numeric,omitempty"`
+	DocValueOnlyOther    *bool                  `json:"doc_value_only_other,omitempty"`
+	SyntheticSource      *bool                  `json:"synthetic_source,omitempty"`
+	Tsdb                 *bool                  `json:"tsdb,omitempty"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item defines model for PackageListItem.InstallationInfo.ExperimentalDataStreamFeatures.Item.
+type PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item struct {
+	DataStream           string                                                                   `json:"data_stream"`
+	Features             PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features `json:"features"`
+	AdditionalProperties map[string]interface{}                                                   `json:"-"`
+}
+
+// PackageListItemInstallationInfoInstallSource defines model for PackageListItem.InstallationInfo.InstallSource.
+type PackageListItemInstallationInfoInstallSource string
+
+// PackageListItemInstallationInfoInstallStatus defines model for PackageListItem.InstallationInfo.InstallStatus.
+type PackageListItemInstallationInfoInstallStatus string
+
+// PackageListItemInstallationInfoInstalledEsType defines model for PackageListItem.InstallationInfo.InstalledEs.Type.
+type PackageListItemInstallationInfoInstalledEsType string
+
+// PackageListItem_InstallationInfo_InstalledEs_Item defines model for PackageListItem.InstallationInfo.InstalledEs.Item.
+type PackageListItem_InstallationInfo_InstalledEs_Item struct {
+	Deferred             *bool                                          `json:"deferred,omitempty"`
+	Id                   string                                         `json:"id"`
+	Type                 PackageListItemInstallationInfoInstalledEsType `json:"type"`
+	Version              *string                                        `json:"version,omitempty"`
+	AdditionalProperties map[string]interface{}                         `json:"-"`
+}
+
+// PackageListItemInstallationInfoInstalledKibanaType0 defines model for PackageListItem.InstallationInfo.InstalledKibana.Type.0.
+type PackageListItemInstallationInfoInstalledKibanaType0 string
+
+// PackageListItemInstallationInfoInstalledKibanaType1 defines model for .
+type PackageListItemInstallationInfoInstalledKibanaType1 = string
+
+// PackageListItem_InstallationInfo_InstalledKibana_Type defines model for PackageListItem.InstallationInfo.InstalledKibana.Type.
+type PackageListItem_InstallationInfo_InstalledKibana_Type struct {
+	union json.RawMessage
+}
+
+// PackageListItem_InstallationInfo_InstalledKibana_Item defines model for PackageListItem.InstallationInfo.InstalledKibana.Item.
+type PackageListItem_InstallationInfo_InstalledKibana_Item struct {
+	Id                   string                                                `json:"id"`
+	OriginId             *string                                               `json:"originId,omitempty"`
+	Type                 PackageListItem_InstallationInfo_InstalledKibana_Type `json:"type"`
+	AdditionalProperties map[string]interface{}                                `json:"-"`
+}
+
+// PackageListItem_InstallationInfo_LatestExecutedState defines model for PackageListItem.InstallationInfo.LatestExecutedState.
+type PackageListItem_InstallationInfo_LatestExecutedState struct {
+	Error                *string                `json:"error,omitempty"`
+	Name                 *string                `json:"name,omitempty"`
+	StartedAt            *string                `json:"started_at,omitempty"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error defines model for PackageListItem.InstallationInfo.LatestInstallFailedAttempts.Error.
+type PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error struct {
+	Message              string                 `json:"message"`
+	Name                 string                 `json:"name"`
+	Stack                *string                `json:"stack,omitempty"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item defines model for PackageListItem.InstallationInfo.LatestInstallFailedAttempts.Item.
+type PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item struct {
+	CreatedAt            string                                                             `json:"created_at"`
+	Error                PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error `json:"error"`
+	TargetVersion        string                                                             `json:"target_version"`
+	AdditionalProperties map[string]interface{}                                             `json:"-"`
+}
+
+// PackageListItemInstallationInfoVerificationStatus defines model for PackageListItem.InstallationInfo.VerificationStatus.
+type PackageListItemInstallationInfoVerificationStatus string
+
+// PackageListItem_InstallationInfo defines model for PackageListItem.InstallationInfo.
+type PackageListItem_InstallationInfo struct {
+	AdditionalSpacesInstalledKibana *map[string][]PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item `json:"additional_spaces_installed_kibana,omitempty"`
+	CreatedAt                       *string                                                                             `json:"created_at,omitempty"`
+	ExperimentalDataStreamFeatures  *[]PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item             `json:"experimental_data_stream_features,omitempty"`
+	InstallFormatSchemaVersion      *string                                                                             `json:"install_format_schema_version,omitempty"`
+	InstallSource                   PackageListItemInstallationInfoInstallSource                                        `json:"install_source"`
+	InstallStatus                   PackageListItemInstallationInfoInstallStatus                                        `json:"install_status"`
+	InstalledEs                     []PackageListItem_InstallationInfo_InstalledEs_Item                                 `json:"installed_es"`
+	InstalledKibana                 []PackageListItem_InstallationInfo_InstalledKibana_Item                             `json:"installed_kibana"`
+	InstalledKibanaSpaceId          *string                                                                             `json:"installed_kibana_space_id,omitempty"`
+	LatestExecutedState             *PackageListItem_InstallationInfo_LatestExecutedState                               `json:"latest_executed_state,omitempty"`
+	LatestInstallFailedAttempts     *[]PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item                `json:"latest_install_failed_attempts,omitempty"`
+	Name                            string                                                                              `json:"name"`
+	Namespaces                      *[]string                                                                           `json:"namespaces,omitempty"`
+	PreviousVersion                 *string                                                                             `json:"previous_version,omitempty"`
+	Type                            string                                                                              `json:"type"`
+	UpdatedAt                       *string                                                                             `json:"updated_at,omitempty"`
+	VerificationKeyId               *string                                                                             `json:"verification_key_id,omitempty"`
+	VerificationStatus              PackageListItemInstallationInfoVerificationStatus                                   `json:"verification_status"`
+	Version                         string                                                                              `json:"version"`
+	AdditionalProperties            map[string]interface{}                                                              `json:"-"`
+}
+
+// PackageListItemOwnerType defines model for PackageListItem.Owner.Type.
+type PackageListItemOwnerType string
+
+// PackageListItem_Owner defines model for PackageListItem.Owner.
+type PackageListItem_Owner struct {
+	Github               *string                   `json:"github,omitempty"`
+	Type                 *PackageListItemOwnerType `json:"type,omitempty"`
+	AdditionalProperties map[string]interface{}    `json:"-"`
+}
+
+// PackageListItemRelease defines model for PackageListItem.Release.
+type PackageListItemRelease string
+
+// PackageListItem_Source defines model for PackageListItem.Source.
+type PackageListItem_Source struct {
+	License              string                 `json:"license"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackageListItemType0 defines model for PackageListItem.Type.0.
+type PackageListItemType0 string
+
+// PackageListItemType1 defines model for PackageListItem.Type.1.
+type PackageListItemType1 string
+
+// PackageListItemType2 defines model for PackageListItem.Type.2.
+type PackageListItemType2 string
+
+// PackageListItemType3 defines model for .
+type PackageListItemType3 = string
+
+// PackageListItem_Type defines model for PackageListItem.Type.
+type PackageListItem_Type struct {
+	union json.RawMessage
+}
+
+// PackagePolicy defines model for package_policy.
+type PackagePolicy struct {
+	// AdditionalDatastreamsPermissions Additional datastream permissions, that will be added to the agent policy.
+	AdditionalDatastreamsPermissions *[]string `json:"additional_datastreams_permissions,omitempty"`
+	Agents                           *float32  `json:"agents,omitempty"`
+	CreatedAt                        string    `json:"created_at"`
+	CreatedBy                        string    `json:"created_by"`
+
+	// Description Package policy description
+	Description   *string                      `json:"description,omitempty"`
+	Elasticsearch *PackagePolicy_Elasticsearch `json:"elasticsearch,omitempty"`
+	Enabled       bool                         `json:"enabled"`
+	Id            string                       `json:"id"`
+
+	// Inputs Package policy inputs (see integration documentation to know what inputs are available)
+	Inputs    map[string]PackagePolicyInput `json:"inputs"`
+	IsManaged *bool                         `json:"is_managed,omitempty"`
+
+	// Name Package policy name (should be unique)
+	Name string `json:"name"`
+
+	// Namespace The package policy namespace. Leave blank to inherit the agent policy's namespace.
+	Namespace *string `json:"namespace,omitempty"`
+	OutputId  *string `json:"output_id,omitempty"`
+
+	// Overrides Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
+	Overrides *struct {
+		Inputs *map[string]interface{} `json:"inputs,omitempty"`
+	} `json:"overrides,omitempty"`
+	Package *struct {
+		ExperimentalDataStreamFeatures *[]struct {
+			DataStream string `json:"data_stream"`
+			Features   struct {
+				DocValueOnlyNumeric *bool `json:"doc_value_only_numeric,omitempty"`
+				DocValueOnlyOther   *bool `json:"doc_value_only_other,omitempty"`
+				SyntheticSource     *bool `json:"synthetic_source,omitempty"`
+				Tsdb                *bool `json:"tsdb,omitempty"`
+			} `json:"features"`
+		} `json:"experimental_data_stream_features,omitempty"`
+
+		// Name Package name
+		Name         string  `json:"name"`
+		RequiresRoot *bool   `json:"requires_root,omitempty"`
+		Title        *string `json:"title,omitempty"`
+
+		// Version Package version
+		Version string `json:"version"`
+	} `json:"package,omitempty"`
+
+	// PolicyId Agent policy ID where that package policy will be added
+	// Deprecated: this property has been marked as deprecated upstream, but no `x-deprecated-reason` was set
+	PolicyId         *string                   `json:"policy_id,omitempty"`
+	PolicyIds        *[]string                 `json:"policy_ids,omitempty"`
+	Revision         float32                   `json:"revision"`
+	SecretReferences *[]PackagePolicySecretRef `json:"secret_references,omitempty"`
+	SpaceIds         *[]string                 `json:"spaceIds,omitempty"`
+
+	// SupportsAgentless Indicates whether the package policy belongs to an agentless agent policy.
+	SupportsAgentless *bool                   `json:"supports_agentless,omitempty"`
+	UpdatedAt         string                  `json:"updated_at"`
+	UpdatedBy         string                  `json:"updated_by"`
+	Vars              *map[string]interface{} `json:"vars,omitempty"`
+	Version           *string                 `json:"version,omitempty"`
+}
+
+// PackagePolicy_Elasticsearch_Privileges defines model for PackagePolicy.Elasticsearch.Privileges.
+type PackagePolicy_Elasticsearch_Privileges struct {
+	Cluster              *[]string              `json:"cluster,omitempty"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// PackagePolicy_Elasticsearch defines model for PackagePolicy.Elasticsearch.
+type PackagePolicy_Elasticsearch struct {
+	Privileges           *PackagePolicy_Elasticsearch_Privileges `json:"privileges,omitempty"`
+	AdditionalProperties map[string]interface{}                  `json:"-"`
+}
+
+// PackagePolicyInput defines model for package_policy_input.
+type PackagePolicyInput struct {
+	// Enabled enable or disable that input, (default to true)
+	Enabled *bool `json:"enabled,omitempty"`
+
+	// Streams Input streams (see integration documentation to know what streams are available)
+	Streams *map[string]PackagePolicyInputStream `json:"streams,omitempty"`
+	Vars    *map[string]interface{}              `json:"vars,omitempty"`
+}
+
+// PackagePolicyInputStream defines model for package_policy_input_stream.
+type PackagePolicyInputStream struct {
+	// Enabled enable or disable that stream, (default to true)
+	Enabled *bool                   `json:"enabled,omitempty"`
+	Vars    *map[string]interface{} `json:"vars,omitempty"`
+}
+
+// PackagePolicyRequest defines model for package_policy_request.
+type PackagePolicyRequest struct {
+	// AdditionalDatastreamsPermissions Additional datastream permissions, that will be added to the agent policy.
+	AdditionalDatastreamsPermissions *[]string `json:"additional_datastreams_permissions,omitempty"`
+	Description                      *string   `json:"description,omitempty"`
+	Force                            *bool     `json:"force,omitempty"`
+	Id                               *string   `json:"id,omitempty"`
+
+	// Inputs Package policy inputs (see integration documentation to know what inputs are available)
+	Inputs    *map[string]PackagePolicyRequestInput `json:"inputs,omitempty"`
+	Name      string                                `json:"name"`
+	Namespace *string                               `json:"namespace,omitempty"`
+	OutputId  *string                               `json:"output_id,omitempty"`
+	Package   PackagePolicyRequestPackage           `json:"package"`
+	PolicyId  *string                               `json:"policy_id,omitempty"`
+	PolicyIds *[]string                             `json:"policy_ids,omitempty"`
+
+	// SupportsAgentless Indicates whether the package policy belongs to an agentless agent policy.
+	SupportsAgentless *bool                   `json:"supports_agentless,omitempty"`
+	Vars              *map[string]interface{} `json:"vars,omitempty"`
+}
+
+// PackagePolicyRequestInput defines model for package_policy_request_input.
+type PackagePolicyRequestInput struct {
+	// Enabled enable or disable that input, (default to true)
+	Enabled *bool `json:"enabled,omitempty"`
+
+	// Streams Input streams (see integration documentation to know what streams are available)
+	Streams *map[string]PackagePolicyRequestInputStream `json:"streams,omitempty"`
+	Vars    *map[string]interface{}                     `json:"vars,omitempty"`
+}
+
+// PackagePolicyRequestInputStream defines model for package_policy_request_input_stream.
+type PackagePolicyRequestInputStream struct {
+	// Enabled enable or disable that stream, (default to true)
+	Enabled *bool                   `json:"enabled,omitempty"`
+	Vars    *map[string]interface{} `json:"vars,omitempty"`
+}
+
+// PackagePolicyRequestPackage defines model for package_policy_request_package.
+type PackagePolicyRequestPackage struct {
+	ExperimentalDataStreamFeatures *[]struct {
+		DataStream string `json:"data_stream"`
+		Features   struct {
+			DocValueOnlyNumeric *bool `json:"doc_value_only_numeric,omitempty"`
+			DocValueOnlyOther   *bool `json:"doc_value_only_other,omitempty"`
+			SyntheticSource     *bool `json:"synthetic_source,omitempty"`
+			Tsdb                *bool `json:"tsdb,omitempty"`
+		} `json:"features"`
+	} `json:"experimental_data_stream_features,omitempty"`
+
+	// Name Package name
+	Name         string  `json:"name"`
+	RequiresRoot *bool   `json:"requires_root,omitempty"`
+	Title        *string `json:"title,omitempty"`
+
+	// Version Package version
+	Version string `json:"version"`
+}
+
+// PackagePolicySecretRef defines model for package_policy_secret_ref.
+type PackagePolicySecretRef struct {
+	Id string `json:"id"`
+}
+
+// PagerdutyConfig Defines properties for connectors when type is `.pagerduty`.
+type PagerdutyConfig struct {
+	// ApiUrl The PagerDuty event URL.
+	ApiUrl *string `json:"apiUrl,omitempty"`
+}
+
+// PagerdutySecrets Defines secrets for connectors when type is `.pagerduty`.
+type PagerdutySecrets struct {
+	// RoutingKey A 32 character PagerDuty Integration Key for an integration on a service.
+	RoutingKey string `json:"routingKey"`
+}
+
+// Pfx If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file.
+type Pfx = string
+
+// ResilientConfig Defines properties for connectors when type is `.resilient`.
+type ResilientConfig struct {
+	// ApiUrl The IBM Resilient instance URL.
+	ApiUrl string `json:"apiUrl"`
+
+	// OrgId The IBM Resilient organization ID.
+	OrgId string `json:"orgId"`
+}
+
+// ResilientSecrets Defines secrets for connectors when type is `.resilient`.
+type ResilientSecrets struct {
+	// ApiKeyId The authentication key ID for HTTP Basic authentication.
+	ApiKeyId string `json:"apiKeyId"`
+
+	// ApiKeySecret The authentication key secret for HTTP Basic authentication.
+	ApiKeySecret string `json:"apiKeySecret"`
+}
+
+// SentineloneConfig Defines properties for connectors when type is `.sentinelone`.
+type SentineloneConfig struct {
+	// Url The SentinelOne tenant URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+	Url string `json:"url"`
+}
+
+// SentineloneSecrets Defines secrets for connectors when type is `.sentinelone`.
+type SentineloneSecrets struct {
+	// Token The A SentinelOne API token.
+	Token string `json:"token"`
+}
+
+// ServerHost defines model for server_host.
+type ServerHost struct {
+	HostUrls        []string `json:"host_urls"`
+	Id              string   `json:"id"`
+	IsDefault       *bool    `json:"is_default,omitempty"`
+	IsInternal      *bool    `json:"is_internal,omitempty"`
+	IsPreconfigured *bool    `json:"is_preconfigured,omitempty"`
+	Name            string   `json:"name"`
+	ProxyId         *string  `json:"proxy_id,omitempty"`
+	Secrets         *struct {
+		Ssl *struct {
+			EsKey *ServerHost_Secrets_Ssl_EsKey `json:"es_key,omitempty"`
+			Key   *ServerHost_Secrets_Ssl_Key   `json:"key,omitempty"`
+		} `json:"ssl,omitempty"`
+	} `json:"secrets,omitempty"`
+	Ssl *struct {
+		Certificate              *string                  `json:"certificate,omitempty"`
+		CertificateAuthorities   *[]string                `json:"certificate_authorities,omitempty"`
+		ClientAuth               *ServerHostSslClientAuth `json:"client_auth,omitempty"`
+		EsCertificate            *string                  `json:"es_certificate,omitempty"`
+		EsCertificateAuthorities *[]string                `json:"es_certificate_authorities,omitempty"`
+		EsKey                    *string                  `json:"es_key,omitempty"`
+		Key                      *string                  `json:"key,omitempty"`
+	} `json:"ssl,omitempty"`
+}
+
+// ServerHostSecretsSslEsKey0 defines model for .
+type ServerHostSecretsSslEsKey0 struct {
+	Id string `json:"id"`
+}
+
+// ServerHostSecretsSslEsKey1 defines model for .
+type ServerHostSecretsSslEsKey1 = string
+
+// ServerHost_Secrets_Ssl_EsKey defines model for ServerHost.Secrets.Ssl.EsKey.
+type ServerHost_Secrets_Ssl_EsKey struct {
+	union json.RawMessage
+}
+
+// ServerHostSecretsSslKey0 defines model for .
+type ServerHostSecretsSslKey0 struct {
+	Id string `json:"id"`
+}
+
+// ServerHostSecretsSslKey1 defines model for .
+type ServerHostSecretsSslKey1 = string
+
+// ServerHost_Secrets_Ssl_Key defines model for ServerHost.Secrets.Ssl.Key.
+type ServerHost_Secrets_Ssl_Key struct {
+	union json.RawMessage
+}
+
+// ServerHostSslClientAuth defines model for ServerHost.Ssl.ClientAuth.
+type ServerHostSslClientAuth string
+
+// ServicenowConfig Defines properties for connectors when type is `.servicenow`.
+type ServicenowConfig struct {
+	// ApiUrl The ServiceNow instance URL.
+	ApiUrl string `json:"apiUrl"`
+
+	// ClientId The client ID assigned to your OAuth application. This property is required when `isOAuth` is `true`.
+	ClientId *string `json:"clientId,omitempty"`
+
+	// IsOAuth The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).
+	IsOAuth *bool `json:"isOAuth,omitempty"`
+
+	// JwtKeyId The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when `isOAuth` is `true`.
+	JwtKeyId *string `json:"jwtKeyId,omitempty"`
+
+	// UserIdentifierValue The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is `Email`, the user identifier should be the user's email address. This property is required when `isOAuth` is `true`.
+	UserIdentifierValue *string `json:"userIdentifierValue,omitempty"`
+
+	// UsesTableApi Determines whether the connector uses the Table API or the Import Set API. This property is supported only for ServiceNow ITSM and ServiceNow SecOps connectors.  NOTE: If this property is set to `false`, the Elastic application should be installed in ServiceNow.
+	UsesTableApi *bool `json:"usesTableApi,omitempty"`
+}
+
+// ServicenowItomConfig Defines properties for connectors when type is `.servicenow-itom`.
+type ServicenowItomConfig struct {
+	// ApiUrl The ServiceNow instance URL.
+	ApiUrl string `json:"apiUrl"`
+
+	// ClientId The client ID assigned to your OAuth application. This property is required when `isOAuth` is `true`.
+	ClientId *string `json:"clientId,omitempty"`
+
+	// IsOAuth The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).
+	IsOAuth *bool `json:"isOAuth,omitempty"`
+
+	// JwtKeyId The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when `isOAuth` is `true`.
+	JwtKeyId *string `json:"jwtKeyId,omitempty"`
+
+	// UserIdentifierValue The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is `Email`, the user identifier should be the user's email address. This property is required when `isOAuth` is `true`.
+	UserIdentifierValue *string `json:"userIdentifierValue,omitempty"`
+}
+
+// ServicenowSecrets Defines secrets for connectors when type is `.servicenow`, `.servicenow-sir`, or `.servicenow-itom`.
+type ServicenowSecrets struct {
+	// ClientSecret The client secret assigned to your OAuth application. This property is required when `isOAuth` is `true`.
+	ClientSecret *string `json:"clientSecret,omitempty"`
+
+	// Password The password for HTTP basic authentication. This property is required when `isOAuth` is `false`.
+	Password *string `json:"password,omitempty"`
+
+	// PrivateKey The RSA private key that you created for use in ServiceNow. This property is required when `isOAuth` is `true`.
+	PrivateKey *string `json:"privateKey,omitempty"`
+
+	// PrivateKeyPassword The password for the RSA private key. This property is required when `isOAuth` is `true` and you set a password on your private key.
+	PrivateKeyPassword *string `json:"privateKeyPassword,omitempty"`
+
+	// Username The username for HTTP basic authentication. This property is required when `isOAuth` is `false`.
+	Username *string `json:"username,omitempty"`
+}
+
+// SlackApiConfig Defines properties for connectors when type is `.slack_api`.
+type SlackApiConfig struct {
+	// AllowedChannels A list of valid Slack channels.
+	AllowedChannels *[]struct {
+		// Id The Slack channel ID.
+		Id string `json:"id"`
+
+		// Name The Slack channel name.
+		Name string `json:"name"`
+	} `json:"allowedChannels,omitempty"`
+}
+
+// SlackApiSecrets Defines secrets for connectors when type is `.slack`.
+type SlackApiSecrets struct {
+	// Token Slack bot user OAuth token.
+	Token string `json:"token"`
+}
+
+// SwimlaneConfig Defines properties for connectors when type is `.swimlane`.
+type SwimlaneConfig struct {
+	// ApiUrl The Swimlane instance URL.
+	ApiUrl string `json:"apiUrl"`
+
+	// AppId The Swimlane application ID.
+	AppId string `json:"appId"`
+
+	// ConnectorType The type of connector. Valid values are `all`, `alerts`, and `cases`.
+	ConnectorType SwimlaneConfigConnectorType `json:"connectorType"`
+
+	// Mappings The field mapping.
+	Mappings *struct {
+		// AlertIdConfig Mapping for the alert ID.
+		AlertIdConfig *struct {
+			// FieldType The type of field in Swimlane.
+			FieldType string `json:"fieldType"`
+
+			// Id The identifier for the field in Swimlane.
+			Id string `json:"id"`
+
+			// Key The key for the field in Swimlane.
+			Key string `json:"key"`
+
+			// Name The name of the field in Swimlane.
+			Name string `json:"name"`
+		} `json:"alertIdConfig,omitempty"`
+
+		// CaseIdConfig Mapping for the case ID.
+		CaseIdConfig *struct {
+			// FieldType The type of field in Swimlane.
+			FieldType string `json:"fieldType"`
+
+			// Id The identifier for the field in Swimlane.
+			Id string `json:"id"`
+
+			// Key The key for the field in Swimlane.
+			Key string `json:"key"`
+
+			// Name The name of the field in Swimlane.
+			Name string `json:"name"`
+		} `json:"caseIdConfig,omitempty"`
+
+		// CaseNameConfig Mapping for the case name.
+		CaseNameConfig *struct {
+			// FieldType The type of field in Swimlane.
+			FieldType string `json:"fieldType"`
+
+			// Id The identifier for the field in Swimlane.
+			Id string `json:"id"`
+
+			// Key The key for the field in Swimlane.
+			Key string `json:"key"`
+
+			// Name The name of the field in Swimlane.
+			Name string `json:"name"`
+		} `json:"caseNameConfig,omitempty"`
+
+		// CommentsConfig Mapping for the case comments.
+		CommentsConfig *struct {
+			// FieldType The type of field in Swimlane.
+			FieldType string `json:"fieldType"`
+
+			// Id The identifier for the field in Swimlane.
+			Id string `json:"id"`
+
+			// Key The key for the field in Swimlane.
+			Key string `json:"key"`
+
+			// Name The name of the field in Swimlane.
+			Name string `json:"name"`
+		} `json:"commentsConfig,omitempty"`
+
+		// DescriptionConfig Mapping for the case description.
+		DescriptionConfig *struct {
+			// FieldType The type of field in Swimlane.
+			FieldType string `json:"fieldType"`
+
+			// Id The identifier for the field in Swimlane.
+			Id string `json:"id"`
+
+			// Key The key for the field in Swimlane.
+			Key string `json:"key"`
+
+			// Name The name of the field in Swimlane.
+			Name string `json:"name"`
+		} `json:"descriptionConfig,omitempty"`
+
+		// RuleNameConfig Mapping for the name of the alert's rule.
+		RuleNameConfig *struct {
+			// FieldType The type of field in Swimlane.
+			FieldType string `json:"fieldType"`
+
+			// Id The identifier for the field in Swimlane.
+			Id string `json:"id"`
+
+			// Key The key for the field in Swimlane.
+			Key string `json:"key"`
+
+			// Name The name of the field in Swimlane.
+			Name string `json:"name"`
+		} `json:"ruleNameConfig,omitempty"`
+
+		// SeverityConfig Mapping for the severity.
+		SeverityConfig *struct {
+			// FieldType The type of field in Swimlane.
+			FieldType string `json:"fieldType"`
+
+			// Id The identifier for the field in Swimlane.
+			Id string `json:"id"`
+
+			// Key The key for the field in Swimlane.
+			Key string `json:"key"`
+
+			// Name The name of the field in Swimlane.
+			Name string `json:"name"`
+		} `json:"severityConfig,omitempty"`
+	} `json:"mappings,omitempty"`
+}
+
+// SwimlaneConfigConnectorType The type of connector. Valid values are `all`, `alerts`, and `cases`.
+type SwimlaneConfigConnectorType string
+
+// SwimlaneSecrets Defines secrets for connectors when type is `.swimlane`.
+type SwimlaneSecrets struct {
+	// ApiToken Swimlane API authentication token.
+	ApiToken *string `json:"apiToken,omitempty"`
+}
+
+// TeamsSecrets Defines secrets for connectors when type is `.teams`.
+type TeamsSecrets struct {
+	// WebhookUrl The URL of the incoming webhook. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+	WebhookUrl string `json:"webhookUrl"`
+}
+
+// ThehiveConfig Defines configuration properties for connectors when type is `.thehive`.
+type ThehiveConfig struct {
+	// Organisation The organisation in TheHive that will contain the alerts or cases. By default, the connector uses the default organisation of the user account that created the API key.
+	Organisation *string `json:"organisation,omitempty"`
+
+	// Url The instance URL in TheHive. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+	Url string `json:"url"`
+}
+
+// ThehiveSecrets Defines secrets for connectors when type is `.thehive`.
+type ThehiveSecrets struct {
+	// ApiKey The API key for authentication in TheHive.
+	ApiKey string `json:"apiKey"`
+}
+
+// TinesConfig Defines properties for connectors when type is `.tines`.
+type TinesConfig struct {
+	// Url The Tines tenant URL. If you are using the `xpack.actions.allowedHosts` setting, make sure this hostname is added to the allowed hosts.
+	Url string `json:"url"`
+}
+
+// TinesSecrets Defines secrets for connectors when type is `.tines`.
+type TinesSecrets struct {
+	// Email The email used to sign in to Tines.
+	Email string `json:"email"`
+
+	// Token The Tines API token.
+	Token string `json:"token"`
+}
+
+// TorqConfig Defines properties for connectors when type is `.torq`.
+type TorqConfig struct {
+	// WebhookIntegrationUrl The endpoint URL of the Elastic Security integration in Torq.
+	WebhookIntegrationUrl string `json:"webhookIntegrationUrl"`
+}
+
+// TorqSecrets Defines secrets for connectors when type is `.torq`.
+type TorqSecrets struct {
+	// Token The secret of the webhook authentication header.
+	Token string `json:"token"`
+}
+
+// UpdateConnectorConfig The connector configuration details.
+type UpdateConnectorConfig struct {
+	AdditionalProperties map[string]interface{} `json:"-"`
+	union                json.RawMessage
+}
+
+// UpdateConnectorSecrets defines model for update_connector_secrets.
+type UpdateConnectorSecrets struct {
+	AdditionalProperties map[string]interface{} `json:"-"`
+	union                json.RawMessage
+}
+
+// UpdateOutputElasticsearch defines model for update_output_elasticsearch.
+type UpdateOutputElasticsearch struct {
+	AllowEdit            *[]string                        `json:"allow_edit,omitempty"`
+	CaSha256             *string                          `json:"ca_sha256,omitempty"`
+	CaTrustedFingerprint *string                          `json:"ca_trusted_fingerprint,omitempty"`
+	ConfigYaml           *string                          `json:"config_yaml,omitempty"`
+	Hosts                *[]string                        `json:"hosts,omitempty"`
+	IsDefault            *bool                            `json:"is_default,omitempty"`
+	IsDefaultMonitoring  *bool                            `json:"is_default_monitoring,omitempty"`
+	IsInternal           *bool                            `json:"is_internal,omitempty"`
+	IsPreconfigured      *bool                            `json:"is_preconfigured,omitempty"`
+	Name                 *string                          `json:"name,omitempty"`
+	Preset               *UpdateOutputElasticsearchPreset `json:"preset,omitempty"`
+	ProxyId              *string                          `json:"proxy_id,omitempty"`
+	Secrets              *struct {
+		Ssl *struct {
+			Key *UpdateOutputElasticsearch_Secrets_Ssl_Key `json:"key,omitempty"`
+		} `json:"ssl,omitempty"`
+	} `json:"secrets,omitempty"`
+	Shipper            *UpdateOutputShipper           `json:"shipper,omitempty"`
+	Ssl                *UpdateOutputSsl               `json:"ssl,omitempty"`
+	Type               *UpdateOutputElasticsearchType `json:"type,omitempty"`
+	WriteToLogsStreams *bool                          `json:"write_to_logs_streams,omitempty"`
+}
+
+// UpdateOutputElasticsearchPreset defines model for UpdateOutputElasticsearch.Preset.
+type UpdateOutputElasticsearchPreset string
+
+// UpdateOutputElasticsearchSecretsSslKey0 defines model for .
+type UpdateOutputElasticsearchSecretsSslKey0 struct {
+	Id string `json:"id"`
+}
+
+// UpdateOutputElasticsearchSecretsSslKey1 defines model for .
+type UpdateOutputElasticsearchSecretsSslKey1 = string
+
+// UpdateOutputElasticsearch_Secrets_Ssl_Key defines model for UpdateOutputElasticsearch.Secrets.Ssl.Key.
+type UpdateOutputElasticsearch_Secrets_Ssl_Key struct {
+	union json.RawMessage
+}
+
+// UpdateOutputElasticsearchType defines model for UpdateOutputElasticsearch.Type.
+type UpdateOutputElasticsearchType string
+
+// UpdateOutputKafka defines model for update_output_kafka.
+type UpdateOutputKafka struct {
+	AllowEdit            *[]string                     `json:"allow_edit,omitempty"`
+	AuthType             *UpdateOutputKafkaAuthType    `json:"auth_type,omitempty"`
+	BrokerTimeout        *float32                      `json:"broker_timeout,omitempty"`
+	CaSha256             *string                       `json:"ca_sha256,omitempty"`
+	CaTrustedFingerprint *string                       `json:"ca_trusted_fingerprint,omitempty"`
+	ClientId             *string                       `json:"client_id,omitempty"`
+	Compression          *UpdateOutputKafkaCompression `json:"compression,omitempty"`
+	CompressionLevel     interface{}                   `json:"compression_level"`
+	ConfigYaml           *string                       `json:"config_yaml,omitempty"`
+	ConnectionType       interface{}                   `json:"connection_type"`
+	Hash                 *struct {
+		Hash   *string `json:"hash,omitempty"`
+		Random *bool   `json:"random,omitempty"`
+	} `json:"hash,omitempty"`
+	Headers *[]struct {
+		Key   string `json:"key"`
+		Value string `json:"value"`
+	} `json:"headers,omitempty"`
+	Hosts               *[]string                   `json:"hosts,omitempty"`
+	IsDefault           *bool                       `json:"is_default,omitempty"`
+	IsDefaultMonitoring *bool                       `json:"is_default_monitoring,omitempty"`
+	IsInternal          *bool                       `json:"is_internal,omitempty"`
+	IsPreconfigured     *bool                       `json:"is_preconfigured,omitempty"`
+	Key                 *string                     `json:"key,omitempty"`
+	Name                string                      `json:"name"`
+	Partition           *UpdateOutputKafkaPartition `json:"partition,omitempty"`
+	Password            interface{}                 `json:"password"`
+	ProxyId             *string                     `json:"proxy_id,omitempty"`
+	Random              *struct {
+		GroupEvents *float32 `json:"group_events,omitempty"`
+	} `json:"random,omitempty"`
+	RequiredAcks *UpdateOutputKafkaRequiredAcks `json:"required_acks,omitempty"`
+	RoundRobin   *struct {
+		GroupEvents *float32 `json:"group_events,omitempty"`
+	} `json:"round_robin,omitempty"`
+	Sasl *struct {
+		Mechanism *UpdateOutputKafkaSaslMechanism `json:"mechanism,omitempty"`
+	} `json:"sasl,omitempty"`
+	Secrets *struct {
+		Password *UpdateOutputKafka_Secrets_Password `json:"password,omitempty"`
+		Ssl      *struct {
+			Key UpdateOutputKafka_Secrets_Ssl_Key `json:"key"`
+		} `json:"ssl,omitempty"`
+	} `json:"secrets,omitempty"`
+	Shipper            *UpdateOutputShipper   `json:"shipper,omitempty"`
+	Ssl                *UpdateOutputSsl       `json:"ssl,omitempty"`
+	Timeout            *float32               `json:"timeout,omitempty"`
+	Topic              *string                `json:"topic,omitempty"`
+	Type               *UpdateOutputKafkaType `json:"type,omitempty"`
+	Username           interface{}            `json:"username"`
+	Version            *string                `json:"version,omitempty"`
+	WriteToLogsStreams *bool                  `json:"write_to_logs_streams,omitempty"`
+}
+
+// UpdateOutputKafkaAuthType defines model for UpdateOutputKafka.AuthType.
+type UpdateOutputKafkaAuthType string
+
+// UpdateOutputKafkaCompression defines model for UpdateOutputKafka.Compression.
+type UpdateOutputKafkaCompression string
+
+// UpdateOutputKafkaPartition defines model for UpdateOutputKafka.Partition.
+type UpdateOutputKafkaPartition string
+
+// UpdateOutputKafkaRequiredAcks defines model for UpdateOutputKafka.RequiredAcks.
+type UpdateOutputKafkaRequiredAcks int
+
+// UpdateOutputKafkaSaslMechanism defines model for UpdateOutputKafka.Sasl.Mechanism.
+type UpdateOutputKafkaSaslMechanism string
+
+// UpdateOutputKafkaSecretsPassword0 defines model for .
+type UpdateOutputKafkaSecretsPassword0 struct {
+	Id string `json:"id"`
+}
+
+// UpdateOutputKafkaSecretsPassword1 defines model for .
+type UpdateOutputKafkaSecretsPassword1 = string
+
+// UpdateOutputKafka_Secrets_Password defines model for UpdateOutputKafka.Secrets.Password.
+type UpdateOutputKafka_Secrets_Password struct {
+	union json.RawMessage
+}
+
+// UpdateOutputKafkaSecretsSslKey0 defines model for .
+type UpdateOutputKafkaSecretsSslKey0 struct {
+	Id string `json:"id"`
+}
+
+// UpdateOutputKafkaSecretsSslKey1 defines model for .
+type UpdateOutputKafkaSecretsSslKey1 = string
+
+// UpdateOutputKafka_Secrets_Ssl_Key defines model for UpdateOutputKafka.Secrets.Ssl.Key.
+type UpdateOutputKafka_Secrets_Ssl_Key struct {
+	union json.RawMessage
+}
+
+// UpdateOutputKafkaType defines model for UpdateOutputKafka.Type.
+type UpdateOutputKafkaType string
+
+// UpdateOutputLogstash defines model for update_output_logstash.
+type UpdateOutputLogstash struct {
+	AllowEdit            *[]string `json:"allow_edit,omitempty"`
+	CaSha256             *string   `json:"ca_sha256,omitempty"`
+	CaTrustedFingerprint *string   `json:"ca_trusted_fingerprint,omitempty"`
+	ConfigYaml           *string   `json:"config_yaml,omitempty"`
+	Hosts                *[]string `json:"hosts,omitempty"`
+	IsDefault            *bool     `json:"is_default,omitempty"`
+	IsDefaultMonitoring  *bool     `json:"is_default_monitoring,omitempty"`
+	IsInternal           *bool     `json:"is_internal,omitempty"`
+	IsPreconfigured      *bool     `json:"is_preconfigured,omitempty"`
+	Name                 *string   `json:"name,omitempty"`
+	ProxyId              *string   `json:"proxy_id,omitempty"`
+	Secrets              *struct {
+		Ssl *struct {
+			Key *UpdateOutputLogstash_Secrets_Ssl_Key `json:"key,omitempty"`
+		} `json:"ssl,omitempty"`
+	} `json:"secrets,omitempty"`
+	Shipper            *UpdateOutputShipper      `json:"shipper,omitempty"`
+	Ssl                *UpdateOutputSsl          `json:"ssl,omitempty"`
+	Type               *UpdateOutputLogstashType `json:"type,omitempty"`
+	WriteToLogsStreams *bool                     `json:"write_to_logs_streams,omitempty"`
+}
+
+// UpdateOutputLogstashSecretsSslKey0 defines model for .
+type UpdateOutputLogstashSecretsSslKey0 struct {
+	Id string `json:"id"`
+}
+
+// UpdateOutputLogstashSecretsSslKey1 defines model for .
+type UpdateOutputLogstashSecretsSslKey1 = string
+
+// UpdateOutputLogstash_Secrets_Ssl_Key defines model for UpdateOutputLogstash.Secrets.Ssl.Key.
+type UpdateOutputLogstash_Secrets_Ssl_Key struct {
+	union json.RawMessage
+}
+
+// UpdateOutputLogstashType defines model for UpdateOutputLogstash.Type.
+type UpdateOutputLogstashType string
+
+// UpdateOutputRemoteElasticsearch defines model for update_output_remote_elasticsearch.
+type UpdateOutputRemoteElasticsearch struct {
+	AllowEdit            *[]string                              `json:"allow_edit,omitempty"`
+	CaSha256             *string                                `json:"ca_sha256,omitempty"`
+	CaTrustedFingerprint *string                                `json:"ca_trusted_fingerprint,omitempty"`
+	ConfigYaml           *string                                `json:"config_yaml,omitempty"`
+	Hosts                *[]string                              `json:"hosts,omitempty"`
+	IsDefault            *bool                                  `json:"is_default,omitempty"`
+	IsDefaultMonitoring  *bool                                  `json:"is_default_monitoring,omitempty"`
+	IsInternal           *bool                                  `json:"is_internal,omitempty"`
+	IsPreconfigured      *bool                                  `json:"is_preconfigured,omitempty"`
+	KibanaApiKey         *string                                `json:"kibana_api_key,omitempty"`
+	KibanaUrl            *string                                `json:"kibana_url,omitempty"`
+	Name                 *string                                `json:"name,omitempty"`
+	Preset               *UpdateOutputRemoteElasticsearchPreset `json:"preset,omitempty"`
+	ProxyId              *string                                `json:"proxy_id,omitempty"`
+	Secrets              *struct {
+		ServiceToken *UpdateOutputRemoteElasticsearch_Secrets_ServiceToken `json:"service_token,omitempty"`
+		Ssl          *struct {
+			Key *UpdateOutputRemoteElasticsearch_Secrets_Ssl_Key `json:"key,omitempty"`
+		} `json:"ssl,omitempty"`
+	} `json:"secrets,omitempty"`
+	ServiceToken                *string                              `json:"service_token,omitempty"`
+	Shipper                     *UpdateOutputShipper                 `json:"shipper,omitempty"`
+	Ssl                         *UpdateOutputSsl                     `json:"ssl,omitempty"`
+	SyncIntegrations            *bool                                `json:"sync_integrations,omitempty"`
+	SyncUninstalledIntegrations *bool                                `json:"sync_uninstalled_integrations,omitempty"`
+	Type                        *UpdateOutputRemoteElasticsearchType `json:"type,omitempty"`
+	WriteToLogsStreams          *bool                                `json:"write_to_logs_streams,omitempty"`
+}
+
+// UpdateOutputRemoteElasticsearchPreset defines model for UpdateOutputRemoteElasticsearch.Preset.
+type UpdateOutputRemoteElasticsearchPreset string
+
+// UpdateOutputRemoteElasticsearchSecretsServiceToken0 defines model for .
+type UpdateOutputRemoteElasticsearchSecretsServiceToken0 struct {
+	Id string `json:"id"`
+}
+
+// UpdateOutputRemoteElasticsearchSecretsServiceToken1 defines model for .
+type UpdateOutputRemoteElasticsearchSecretsServiceToken1 = string
+
+// UpdateOutputRemoteElasticsearch_Secrets_ServiceToken defines model for UpdateOutputRemoteElasticsearch.Secrets.ServiceToken.
+type UpdateOutputRemoteElasticsearch_Secrets_ServiceToken struct {
+	union json.RawMessage
+}
+
+// UpdateOutputRemoteElasticsearchSecretsSslKey0 defines model for .
+type UpdateOutputRemoteElasticsearchSecretsSslKey0 struct {
+	Id string `json:"id"`
+}
+
+// UpdateOutputRemoteElasticsearchSecretsSslKey1 defines model for .
+type UpdateOutputRemoteElasticsearchSecretsSslKey1 = string
+
+// UpdateOutputRemoteElasticsearch_Secrets_Ssl_Key defines model for UpdateOutputRemoteElasticsearch.Secrets.Ssl.Key.
+type UpdateOutputRemoteElasticsearch_Secrets_Ssl_Key struct {
+	union json.RawMessage
+}
+
+// UpdateOutputRemoteElasticsearchType defines model for UpdateOutputRemoteElasticsearch.Type.
+type UpdateOutputRemoteElasticsearchType string
+
+// UpdateOutputShipper defines model for update_output_shipper.
+type UpdateOutputShipper struct {
+	CompressionLevel            *float32 `json:"compression_level,omitempty"`
+	DiskQueueCompressionEnabled *bool    `json:"disk_queue_compression_enabled,omitempty"`
+	DiskQueueEnabled            *bool    `json:"disk_queue_enabled,omitempty"`
+	DiskQueueEncryptionEnabled  *bool    `json:"disk_queue_encryption_enabled,omitempty"`
+	DiskQueueMaxSize            *float32 `json:"disk_queue_max_size,omitempty"`
+	DiskQueuePath               *string  `json:"disk_queue_path,omitempty"`
+	Loadbalance                 *bool    `json:"loadbalance,omitempty"`
+	MaxBatchBytes               *float32 `json:"max_batch_bytes,omitempty"`
+	MemQueueEvents              *float32 `json:"mem_queue_events,omitempty"`
+	QueueFlushTimeout           *float32 `json:"queue_flush_timeout,omitempty"`
+}
+
+// UpdateOutputSsl defines model for update_output_ssl.
+type UpdateOutputSsl struct {
+	Certificate            *string                          `json:"certificate,omitempty"`
+	CertificateAuthorities *[]string                        `json:"certificate_authorities,omitempty"`
+	Key                    *string                          `json:"key,omitempty"`
+	VerificationMode       *UpdateOutputSslVerificationMode `json:"verification_mode,omitempty"`
+}
+
+// UpdateOutputSslVerificationMode defines model for UpdateOutputSsl.VerificationMode.
+type UpdateOutputSslVerificationMode string
+
+// UpdateOutputUnion defines model for update_output_union.
+type UpdateOutputUnion struct {
+	union json.RawMessage
+}
+
+// VerificationMode Controls the verification of certificates. Use `full` to validate that the certificate has an issue date within the `not_before` and `not_after` dates, chains to a trusted certificate authority (CA), and has a hostname or IP address that matches the names within the certificate. Use `certificate` to validate the certificate and verify that it is signed by a trusted authority; this option does not check the certificate hostname. Use `none` to skip certificate validation.
+type VerificationMode string
+
+// WebhookConfig Defines properties for connectors when type is `.webhook`.
+type WebhookConfig struct {
+	// AuthType The type of authentication to use: basic, SSL, or none.
+	AuthType *AuthType `json:"authType,omitempty"`
+
+	// Ca A base64 encoded version of the certificate authority file that the connector can trust to sign and validate certificates. This option is available for all authentication types.
+	Ca *Ca `json:"ca,omitempty"`
+
+	// CertType If the `authType` is `webhook-authentication-ssl`, specifies whether the certificate authentication data is in a CRT and key file format or a PFX file format.
+	CertType *CertType `json:"certType,omitempty"`
+
+	// HasAuth If true, a username and password for login type authentication must be provided.
+	HasAuth *HasAuth `json:"hasAuth,omitempty"`
+
+	// Headers A set of key-value pairs sent as headers with the request.
+	Headers *map[string]interface{} `json:"headers,omitempty"`
+
+	// Method The HTTP request method, either `post` or `put`.
+	Method *WebhookConfigMethod `json:"method,omitempty"`
+
+	// Url The request URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+	Url *string `json:"url,omitempty"`
+
+	// VerificationMode Controls the verification of certificates. Use `full` to validate that the certificate has an issue date within the `not_before` and `not_after` dates, chains to a trusted certificate authority (CA), and has a hostname or IP address that matches the names within the certificate. Use `certificate` to validate the certificate and verify that it is signed by a trusted authority; this option does not check the certificate hostname. Use `none` to skip certificate validation.
+	VerificationMode *VerificationMode `json:"verificationMode,omitempty"`
+}
+
+// WebhookConfigMethod The HTTP request method, either `post` or `put`.
+type WebhookConfigMethod string
+
+// WebhookSecrets Defines secrets for connectors when type is `.webhook`.
+type WebhookSecrets struct {
+	// Crt If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT file.
+	Crt *Crt `json:"crt,omitempty"`
+
+	// Key If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the KEY file.
+	Key *Key `json:"key,omitempty"`
+
+	// Password The password for HTTP basic authentication or the passphrase for the SSL certificate files. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required.
+	Password *string `json:"password,omitempty"`
+
+	// Pfx If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file.
+	Pfx *Pfx `json:"pfx,omitempty"`
+
+	// User The username for HTTP basic authentication. If `hasAuth` is set to `true`  and `authType` is `webhook-authentication-basic`, this property is required.
+	User *string `json:"user,omitempty"`
+}
+
+// XmattersConfig Defines properties for connectors when type is `.xmatters`.
+type XmattersConfig struct {
+	// ConfigUrl The request URL for the Elastic Alerts trigger in xMatters. It is applicable only when `usesBasic` is `true`.
+	ConfigUrl *string `json:"configUrl,omitempty"`
+
+	// UsesBasic Specifies whether the connector uses HTTP basic authentication (`true`) or URL authentication (`false`).
+	UsesBasic *bool `json:"usesBasic,omitempty"`
+}
+
+// XmattersSecrets Defines secrets for connectors when type is `.xmatters`.
+type XmattersSecrets struct {
+	// Password A user name for HTTP basic authentication. It is applicable only when `usesBasic` is `true`.
+	Password *string `json:"password,omitempty"`
+
+	// SecretsUrl The request URL for the Elastic Alerts trigger in xMatters with the API key included in the URL. It is applicable only when `usesBasic` is `false`.
+	SecretsUrl *string `json:"secretsUrl,omitempty"`
+
+	// User A password for HTTP basic authentication. It is applicable only when `usesBasic` is `true`.
+	User *string `json:"user,omitempty"`
+}
+
+// APMUIElasticApiVersion defines model for APM_UI_elastic_api_version.
+type APMUIElasticApiVersion string
+
+// DataViewsViewId defines model for Data_views_view_id.
+type DataViewsViewId = string
+
+// SpaceId defines model for spaceId.
+type SpaceId = string
+
+// DeleteAgentConfigurationParams defines parameters for DeleteAgentConfiguration.
+type DeleteAgentConfigurationParams struct {
+	// ElasticApiVersion The version of the API to use
+	ElasticApiVersion DeleteAgentConfigurationParamsElasticApiVersion `json:"elastic-api-version"`
+}
+
+// DeleteAgentConfigurationParamsElasticApiVersion defines parameters for DeleteAgentConfiguration.
+type DeleteAgentConfigurationParamsElasticApiVersion string
+
+// GetAgentConfigurationsParams defines parameters for GetAgentConfigurations.
+type GetAgentConfigurationsParams struct {
+	// ElasticApiVersion The version of the API to use
+	ElasticApiVersion GetAgentConfigurationsParamsElasticApiVersion `json:"elastic-api-version"`
+}
+
+// GetAgentConfigurationsParamsElasticApiVersion defines parameters for GetAgentConfigurations.
+type GetAgentConfigurationsParamsElasticApiVersion string
+
+// CreateUpdateAgentConfigurationParams defines parameters for CreateUpdateAgentConfiguration.
+type CreateUpdateAgentConfigurationParams struct {
+	// Overwrite If the config exists ?overwrite=true is required
+	Overwrite *bool `form:"overwrite,omitempty" json:"overwrite,omitempty"`
+
+	// ElasticApiVersion The version of the API to use
+	ElasticApiVersion CreateUpdateAgentConfigurationParamsElasticApiVersion `json:"elastic-api-version"`
+}
+
+// CreateUpdateAgentConfigurationParamsElasticApiVersion defines parameters for CreateUpdateAgentConfiguration.
+type CreateUpdateAgentConfigurationParamsElasticApiVersion string
+
+// GetFleetAgentPoliciesParams defines parameters for GetFleetAgentPolicies.
+type GetFleetAgentPoliciesParams struct {
+	Page            *float32                              `form:"page,omitempty" json:"page,omitempty"`
+	PerPage         *float32                              `form:"perPage,omitempty" json:"perPage,omitempty"`
+	SortField       *string                               `form:"sortField,omitempty" json:"sortField,omitempty"`
+	SortOrder       *GetFleetAgentPoliciesParamsSortOrder `form:"sortOrder,omitempty" json:"sortOrder,omitempty"`
+	ShowUpgradeable *bool                                 `form:"showUpgradeable,omitempty" json:"showUpgradeable,omitempty"`
+	Kuery           *string                               `form:"kuery,omitempty" json:"kuery,omitempty"`
+
+	// NoAgentCount use withAgentCount instead
+	NoAgentCount *bool `form:"noAgentCount,omitempty" json:"noAgentCount,omitempty"`
+
+	// WithAgentCount get policies with agent count
+	WithAgentCount *bool `form:"withAgentCount,omitempty" json:"withAgentCount,omitempty"`
+
+	// Full get full policies with package policies populated
+	Full   *bool                              `form:"full,omitempty" json:"full,omitempty"`
+	Format *GetFleetAgentPoliciesParamsFormat `form:"format,omitempty" json:"format,omitempty"`
+}
+
+// GetFleetAgentPoliciesParamsSortOrder defines parameters for GetFleetAgentPolicies.
+type GetFleetAgentPoliciesParamsSortOrder string
+
+// GetFleetAgentPoliciesParamsFormat defines parameters for GetFleetAgentPolicies.
+type GetFleetAgentPoliciesParamsFormat string
+
+// PostFleetAgentPoliciesJSONBody defines parameters for PostFleetAgentPolicies.
+type PostFleetAgentPoliciesJSONBody struct {
+	AdvancedSettings *struct {
+		AgentDownloadTargetDirectory       interface{} `json:"agent_download_target_directory,omitempty"`
+		AgentDownloadTimeout               interface{} `json:"agent_download_timeout,omitempty"`
+		AgentLimitsGoMaxProcs              interface{} `json:"agent_limits_go_max_procs,omitempty"`
+		AgentLoggingFilesInterval          interface{} `json:"agent_logging_files_interval,omitempty"`
+		AgentLoggingFilesKeepfiles         interface{} `json:"agent_logging_files_keepfiles,omitempty"`
+		AgentLoggingFilesRotateeverybytes  interface{} `json:"agent_logging_files_rotateeverybytes,omitempty"`
+		AgentLoggingLevel                  interface{} `json:"agent_logging_level,omitempty"`
+		AgentLoggingMetricsPeriod          interface{} `json:"agent_logging_metrics_period,omitempty"`
+		AgentLoggingToFiles                interface{} `json:"agent_logging_to_files,omitempty"`
+		AgentMonitoringRuntimeExperimental interface{} `json:"agent_monitoring_runtime_experimental,omitempty"`
+	} `json:"advanced_settings,omitempty"`
+	AgentFeatures *[]struct {
+		Enabled bool   `json:"enabled"`
+		Name    string `json:"name"`
+	} `json:"agent_features,omitempty"`
+	Agentless *struct {
+		CloudConnectors *struct {
+			Enabled   bool    `json:"enabled"`
+			TargetCsp *string `json:"target_csp,omitempty"`
+		} `json:"cloud_connectors,omitempty"`
+		Resources *struct {
+			Requests *struct {
+				Cpu    *string `json:"cpu,omitempty"`
+				Memory *string `json:"memory,omitempty"`
+			} `json:"requests,omitempty"`
+		} `json:"resources,omitempty"`
+	} `json:"agentless,omitempty"`
+	DataOutputId      *string `json:"data_output_id,omitempty"`
+	Description       *string `json:"description,omitempty"`
+	DownloadSourceId  *string `json:"download_source_id,omitempty"`
+	FleetServerHostId *string `json:"fleet_server_host_id,omitempty"`
+	Force             *bool   `json:"force,omitempty"`
+
+	// GlobalDataTags User defined data tags that are added to all of the inputs. The values can be strings or numbers.
+	GlobalDataTags       *[]AgentPolicyGlobalDataTagsItem `json:"global_data_tags,omitempty"`
+	HasFleetServer       *bool                            `json:"has_fleet_server,omitempty"`
+	Id                   *string                          `json:"id,omitempty"`
+	InactivityTimeout    *float32                         `json:"inactivity_timeout,omitempty"`
+	IsDefault            *bool                            `json:"is_default,omitempty"`
+	IsDefaultFleetServer *bool                            `json:"is_default_fleet_server,omitempty"`
+	IsManaged            *bool                            `json:"is_managed,omitempty"`
+	IsProtected          *bool                            `json:"is_protected,omitempty"`
+
+	// KeepMonitoringAlive When set to true, monitoring will be enabled but logs/metrics collection will be disabled
+	KeepMonitoringAlive   *bool `json:"keep_monitoring_alive,omitempty"`
+	MonitoringDiagnostics *struct {
+		Limit *struct {
+			Burst    *float32 `json:"burst,omitempty"`
+			Interval *string  `json:"interval,omitempty"`
+		} `json:"limit,omitempty"`
+		Uploader *struct {
+			InitDur    *string  `json:"init_dur,omitempty"`
+			MaxDur     *string  `json:"max_dur,omitempty"`
+			MaxRetries *float32 `json:"max_retries,omitempty"`
+		} `json:"uploader,omitempty"`
+	} `json:"monitoring_diagnostics,omitempty"`
+	MonitoringEnabled *[]PostFleetAgentPoliciesJSONBodyMonitoringEnabled `json:"monitoring_enabled,omitempty"`
+	MonitoringHttp    *struct {
+		Buffer *struct {
+			Enabled *bool `json:"enabled,omitempty"`
+		} `json:"buffer,omitempty"`
+		Enabled *bool    `json:"enabled,omitempty"`
+		Host    *string  `json:"host,omitempty"`
+		Port    *float32 `json:"port,omitempty"`
+	} `json:"monitoring_http,omitempty"`
+	MonitoringOutputId     *string `json:"monitoring_output_id,omitempty"`
+	MonitoringPprofEnabled *bool   `json:"monitoring_pprof_enabled,omitempty"`
+	Name                   string  `json:"name"`
+	Namespace              string  `json:"namespace"`
+
+	// Overrides Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
+	Overrides        *map[string]interface{} `json:"overrides,omitempty"`
+	RequiredVersions *[]struct {
+		// Percentage Target percentage of agents to auto upgrade
+		Percentage float32 `json:"percentage"`
+
+		// Version Target version for automatic agent upgrade
+		Version string `json:"version"`
+	} `json:"required_versions,omitempty"`
+	SpaceIds *[]string `json:"space_ids,omitempty"`
+
+	// SupportsAgentless Indicates whether the agent policy supports agentless integrations.
+	SupportsAgentless *bool    `json:"supports_agentless,omitempty"`
+	UnenrollTimeout   *float32 `json:"unenroll_timeout,omitempty"`
+}
+
+// PostFleetAgentPoliciesParams defines parameters for PostFleetAgentPolicies.
+type PostFleetAgentPoliciesParams struct {
+	SysMonitoring *bool `form:"sys_monitoring,omitempty" json:"sys_monitoring,omitempty"`
+}
+
+// PostFleetAgentPoliciesJSONBodyMonitoringEnabled defines parameters for PostFleetAgentPolicies.
+type PostFleetAgentPoliciesJSONBodyMonitoringEnabled string
+
+// PostFleetAgentPoliciesDeleteJSONBody defines parameters for PostFleetAgentPoliciesDelete.
+type PostFleetAgentPoliciesDeleteJSONBody struct {
+	AgentPolicyId string `json:"agentPolicyId"`
+
+	// Force bypass validation checks that can prevent agent policy deletion
+	Force *bool `json:"force,omitempty"`
+}
+
+// GetFleetAgentPoliciesAgentpolicyidParams defines parameters for GetFleetAgentPoliciesAgentpolicyid.
+type GetFleetAgentPoliciesAgentpolicyidParams struct {
+	Format *GetFleetAgentPoliciesAgentpolicyidParamsFormat `form:"format,omitempty" json:"format,omitempty"`
+}
+
+// GetFleetAgentPoliciesAgentpolicyidParamsFormat defines parameters for GetFleetAgentPoliciesAgentpolicyid.
+type GetFleetAgentPoliciesAgentpolicyidParamsFormat string
+
+// PutFleetAgentPoliciesAgentpolicyidJSONBody defines parameters for PutFleetAgentPoliciesAgentpolicyid.
+type PutFleetAgentPoliciesAgentpolicyidJSONBody struct {
+	AdvancedSettings *struct {
+		AgentDownloadTargetDirectory       interface{} `json:"agent_download_target_directory,omitempty"`
+		AgentDownloadTimeout               interface{} `json:"agent_download_timeout,omitempty"`
+		AgentLimitsGoMaxProcs              interface{} `json:"agent_limits_go_max_procs,omitempty"`
+		AgentLoggingFilesInterval          interface{} `json:"agent_logging_files_interval,omitempty"`
+		AgentLoggingFilesKeepfiles         interface{} `json:"agent_logging_files_keepfiles,omitempty"`
+		AgentLoggingFilesRotateeverybytes  interface{} `json:"agent_logging_files_rotateeverybytes,omitempty"`
+		AgentLoggingLevel                  interface{} `json:"agent_logging_level,omitempty"`
+		AgentLoggingMetricsPeriod          interface{} `json:"agent_logging_metrics_period,omitempty"`
+		AgentLoggingToFiles                interface{} `json:"agent_logging_to_files,omitempty"`
+		AgentMonitoringRuntimeExperimental interface{} `json:"agent_monitoring_runtime_experimental,omitempty"`
+	} `json:"advanced_settings,omitempty"`
+	AgentFeatures *[]struct {
+		Enabled bool   `json:"enabled"`
+		Name    string `json:"name"`
+	} `json:"agent_features,omitempty"`
+	Agentless *struct {
+		CloudConnectors *struct {
+			Enabled   bool    `json:"enabled"`
+			TargetCsp *string `json:"target_csp,omitempty"`
+		} `json:"cloud_connectors,omitempty"`
+		Resources *struct {
+			Requests *struct {
+				Cpu    *string `json:"cpu,omitempty"`
+				Memory *string `json:"memory,omitempty"`
+			} `json:"requests,omitempty"`
+		} `json:"resources,omitempty"`
+	} `json:"agentless,omitempty"`
+	BumpRevision      *bool   `json:"bumpRevision,omitempty"`
+	DataOutputId      *string `json:"data_output_id,omitempty"`
+	Description       *string `json:"description,omitempty"`
+	DownloadSourceId  *string `json:"download_source_id,omitempty"`
+	FleetServerHostId *string `json:"fleet_server_host_id,omitempty"`
+	Force             *bool   `json:"force,omitempty"`
+
+	// GlobalDataTags User defined data tags that are added to all of the inputs. The values can be strings or numbers.
+	GlobalDataTags       *[]AgentPolicyGlobalDataTagsItem `json:"global_data_tags,omitempty"`
+	HasFleetServer       *bool                            `json:"has_fleet_server,omitempty"`
+	Id                   *string                          `json:"id,omitempty"`
+	InactivityTimeout    *float32                         `json:"inactivity_timeout,omitempty"`
+	IsDefault            *bool                            `json:"is_default,omitempty"`
+	IsDefaultFleetServer *bool                            `json:"is_default_fleet_server,omitempty"`
+	IsManaged            *bool                            `json:"is_managed,omitempty"`
+	IsProtected          *bool                            `json:"is_protected,omitempty"`
+
+	// KeepMonitoringAlive When set to true, monitoring will be enabled but logs/metrics collection will be disabled
+	KeepMonitoringAlive   *bool `json:"keep_monitoring_alive,omitempty"`
+	MonitoringDiagnostics *struct {
+		Limit *struct {
+			Burst    *float32 `json:"burst,omitempty"`
+			Interval *string  `json:"interval,omitempty"`
+		} `json:"limit,omitempty"`
+		Uploader *struct {
+			InitDur    *string  `json:"init_dur,omitempty"`
+			MaxDur     *string  `json:"max_dur,omitempty"`
+			MaxRetries *float32 `json:"max_retries,omitempty"`
+		} `json:"uploader,omitempty"`
+	} `json:"monitoring_diagnostics,omitempty"`
+	MonitoringEnabled *[]PutFleetAgentPoliciesAgentpolicyidJSONBodyMonitoringEnabled `json:"monitoring_enabled,omitempty"`
+	MonitoringHttp    *struct {
+		Buffer *struct {
+			Enabled *bool `json:"enabled,omitempty"`
+		} `json:"buffer,omitempty"`
+		Enabled *bool    `json:"enabled,omitempty"`
+		Host    *string  `json:"host,omitempty"`
+		Port    *float32 `json:"port,omitempty"`
+	} `json:"monitoring_http,omitempty"`
+	MonitoringOutputId     *string `json:"monitoring_output_id,omitempty"`
+	MonitoringPprofEnabled *bool   `json:"monitoring_pprof_enabled,omitempty"`
+	Name                   string  `json:"name"`
+	Namespace              string  `json:"namespace"`
+
+	// Overrides Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
+	Overrides        *map[string]interface{} `json:"overrides,omitempty"`
+	RequiredVersions *[]struct {
+		// Percentage Target percentage of agents to auto upgrade
+		Percentage float32 `json:"percentage"`
+
+		// Version Target version for automatic agent upgrade
+		Version string `json:"version"`
+	} `json:"required_versions,omitempty"`
+	SpaceIds *[]string `json:"space_ids,omitempty"`
+
+	// SupportsAgentless Indicates whether the agent policy supports agentless integrations.
+	SupportsAgentless *bool    `json:"supports_agentless,omitempty"`
+	UnenrollTimeout   *float32 `json:"unenroll_timeout,omitempty"`
+}
+
+// PutFleetAgentPoliciesAgentpolicyidParams defines parameters for PutFleetAgentPoliciesAgentpolicyid.
+type PutFleetAgentPoliciesAgentpolicyidParams struct {
+	Format *PutFleetAgentPoliciesAgentpolicyidParamsFormat `form:"format,omitempty" json:"format,omitempty"`
+}
+
+// PutFleetAgentPoliciesAgentpolicyidParamsFormat defines parameters for PutFleetAgentPoliciesAgentpolicyid.
+type PutFleetAgentPoliciesAgentpolicyidParamsFormat string
+
+// PutFleetAgentPoliciesAgentpolicyidJSONBodyMonitoringEnabled defines parameters for PutFleetAgentPoliciesAgentpolicyid.
+type PutFleetAgentPoliciesAgentpolicyidJSONBodyMonitoringEnabled string
+
+// GetFleetEnrollmentApiKeysParams defines parameters for GetFleetEnrollmentApiKeys.
+type GetFleetEnrollmentApiKeysParams struct {
+	Page    *float32 `form:"page,omitempty" json:"page,omitempty"`
+	PerPage *float32 `form:"perPage,omitempty" json:"perPage,omitempty"`
+	Kuery   *string  `form:"kuery,omitempty" json:"kuery,omitempty"`
+}
+
+// GetFleetEpmPackagesParams defines parameters for GetFleetEpmPackages.
+type GetFleetEpmPackagesParams struct {
+	Category                 *string `form:"category,omitempty" json:"category,omitempty"`
+	Prerelease               *bool   `form:"prerelease,omitempty" json:"prerelease,omitempty"`
+	ExcludeInstallStatus     *bool   `form:"excludeInstallStatus,omitempty" json:"excludeInstallStatus,omitempty"`
+	WithPackagePoliciesCount *bool   `form:"withPackagePoliciesCount,omitempty" json:"withPackagePoliciesCount,omitempty"`
+}
+
+// PostFleetEpmPackagesParams defines parameters for PostFleetEpmPackages.
+type PostFleetEpmPackagesParams struct {
+	IgnoreMappingUpdateErrors *bool `form:"ignoreMappingUpdateErrors,omitempty" json:"ignoreMappingUpdateErrors,omitempty"`
+	SkipDataStreamRollover    *bool `form:"skipDataStreamRollover,omitempty" json:"skipDataStreamRollover,omitempty"`
+}
+
+// DeleteFleetEpmPackagesPkgnamePkgversionParams defines parameters for DeleteFleetEpmPackagesPkgnamePkgversion.
+type DeleteFleetEpmPackagesPkgnamePkgversionParams struct {
+	Force *bool `form:"force,omitempty" json:"force,omitempty"`
+}
+
+// GetFleetEpmPackagesPkgnamePkgversionParams defines parameters for GetFleetEpmPackagesPkgnamePkgversion.
+type GetFleetEpmPackagesPkgnamePkgversionParams struct {
+	IgnoreUnverified *bool `form:"ignoreUnverified,omitempty" json:"ignoreUnverified,omitempty"`
+	Prerelease       *bool `form:"prerelease,omitempty" json:"prerelease,omitempty"`
+	Full             *bool `form:"full,omitempty" json:"full,omitempty"`
+	WithMetadata     *bool `form:"withMetadata,omitempty" json:"withMetadata,omitempty"`
+}
+
+// PostFleetEpmPackagesPkgnamePkgversionJSONBody defines parameters for PostFleetEpmPackagesPkgnamePkgversion.
+type PostFleetEpmPackagesPkgnamePkgversionJSONBody struct {
+	Force             *bool `json:"force,omitempty"`
+	IgnoreConstraints *bool `json:"ignore_constraints,omitempty"`
+}
+
+// PostFleetEpmPackagesPkgnamePkgversionParams defines parameters for PostFleetEpmPackagesPkgnamePkgversion.
+type PostFleetEpmPackagesPkgnamePkgversionParams struct {
+	Prerelease                *bool `form:"prerelease,omitempty" json:"prerelease,omitempty"`
+	IgnoreMappingUpdateErrors *bool `form:"ignoreMappingUpdateErrors,omitempty" json:"ignoreMappingUpdateErrors,omitempty"`
+	SkipDataStreamRollover    *bool `form:"skipDataStreamRollover,omitempty" json:"skipDataStreamRollover,omitempty"`
+}
+
+// PostFleetFleetServerHostsJSONBody defines parameters for PostFleetFleetServerHosts.
+type PostFleetFleetServerHostsJSONBody struct {
+	HostUrls        []string `json:"host_urls"`
+	Id              *string  `json:"id,omitempty"`
+	IsDefault       *bool    `json:"is_default,omitempty"`
+	IsInternal      *bool    `json:"is_internal,omitempty"`
+	IsPreconfigured *bool    `json:"is_preconfigured,omitempty"`
+	Name            string   `json:"name"`
+	ProxyId         *string  `json:"proxy_id,omitempty"`
+	Secrets         *struct {
+		Ssl *struct {
+			EsKey *PostFleetFleetServerHostsJSONBody_Secrets_Ssl_EsKey `json:"es_key,omitempty"`
+			Key   *PostFleetFleetServerHostsJSONBody_Secrets_Ssl_Key   `json:"key,omitempty"`
+		} `json:"ssl,omitempty"`
+	} `json:"secrets,omitempty"`
+	Ssl *struct {
+		Certificate              *string                                         `json:"certificate,omitempty"`
+		CertificateAuthorities   *[]string                                       `json:"certificate_authorities,omitempty"`
+		ClientAuth               *PostFleetFleetServerHostsJSONBodySslClientAuth `json:"client_auth,omitempty"`
+		EsCertificate            *string                                         `json:"es_certificate,omitempty"`
+		EsCertificateAuthorities *[]string                                       `json:"es_certificate_authorities,omitempty"`
+		EsKey                    *string                                         `json:"es_key,omitempty"`
+		Key                      *string                                         `json:"key,omitempty"`
+	} `json:"ssl,omitempty"`
+}
+
+// PostFleetFleetServerHostsJSONBodySecretsSslEsKey0 defines parameters for PostFleetFleetServerHosts.
+type PostFleetFleetServerHostsJSONBodySecretsSslEsKey0 struct {
+	Id string `json:"id"`
+}
+
+// PostFleetFleetServerHostsJSONBodySecretsSslEsKey1 defines parameters for PostFleetFleetServerHosts.
+type PostFleetFleetServerHostsJSONBodySecretsSslEsKey1 = string
+
+// PostFleetFleetServerHostsJSONBody_Secrets_Ssl_EsKey defines parameters for PostFleetFleetServerHosts.
+type PostFleetFleetServerHostsJSONBody_Secrets_Ssl_EsKey struct {
+	union json.RawMessage
+}
+
+// PostFleetFleetServerHostsJSONBodySecretsSslKey0 defines parameters for PostFleetFleetServerHosts.
+type PostFleetFleetServerHostsJSONBodySecretsSslKey0 struct {
+	Id string `json:"id"`
+}
+
+// PostFleetFleetServerHostsJSONBodySecretsSslKey1 defines parameters for PostFleetFleetServerHosts.
+type PostFleetFleetServerHostsJSONBodySecretsSslKey1 = string
+
+// PostFleetFleetServerHostsJSONBody_Secrets_Ssl_Key defines parameters for PostFleetFleetServerHosts.
+type PostFleetFleetServerHostsJSONBody_Secrets_Ssl_Key struct {
+	union json.RawMessage
+}
+
+// PostFleetFleetServerHostsJSONBodySslClientAuth defines parameters for PostFleetFleetServerHosts.
+type PostFleetFleetServerHostsJSONBodySslClientAuth string
+
+// PutFleetFleetServerHostsItemidJSONBody defines parameters for PutFleetFleetServerHostsItemid.
+type PutFleetFleetServerHostsItemidJSONBody struct {
+	HostUrls   *[]string `json:"host_urls,omitempty"`
+	IsDefault  *bool     `json:"is_default,omitempty"`
+	IsInternal *bool     `json:"is_internal,omitempty"`
+	Name       *string   `json:"name,omitempty"`
+	ProxyId    *string   `json:"proxy_id,omitempty"`
+	Secrets    *struct {
+		Ssl *struct {
+			EsKey *PutFleetFleetServerHostsItemidJSONBody_Secrets_Ssl_EsKey `json:"es_key,omitempty"`
+			Key   *PutFleetFleetServerHostsItemidJSONBody_Secrets_Ssl_Key   `json:"key,omitempty"`
+		} `json:"ssl,omitempty"`
+	} `json:"secrets,omitempty"`
+	Ssl *struct {
+		Certificate              *string                                              `json:"certificate,omitempty"`
+		CertificateAuthorities   *[]string                                            `json:"certificate_authorities,omitempty"`
+		ClientAuth               *PutFleetFleetServerHostsItemidJSONBodySslClientAuth `json:"client_auth,omitempty"`
+		EsCertificate            *string                                              `json:"es_certificate,omitempty"`
+		EsCertificateAuthorities *[]string                                            `json:"es_certificate_authorities,omitempty"`
+		EsKey                    *string                                              `json:"es_key,omitempty"`
+		Key                      *string                                              `json:"key,omitempty"`
+	} `json:"ssl,omitempty"`
+}
+
+// PutFleetFleetServerHostsItemidJSONBodySecretsSslEsKey0 defines parameters for PutFleetFleetServerHostsItemid.
+type PutFleetFleetServerHostsItemidJSONBodySecretsSslEsKey0 struct {
+	Id string `json:"id"`
+}
+
+// PutFleetFleetServerHostsItemidJSONBodySecretsSslEsKey1 defines parameters for PutFleetFleetServerHostsItemid.
+type PutFleetFleetServerHostsItemidJSONBodySecretsSslEsKey1 = string
+
+// PutFleetFleetServerHostsItemidJSONBody_Secrets_Ssl_EsKey defines parameters for PutFleetFleetServerHostsItemid.
+type PutFleetFleetServerHostsItemidJSONBody_Secrets_Ssl_EsKey struct {
+	union json.RawMessage
+}
+
+// PutFleetFleetServerHostsItemidJSONBodySecretsSslKey0 defines parameters for PutFleetFleetServerHostsItemid.
+type PutFleetFleetServerHostsItemidJSONBodySecretsSslKey0 struct {
+	Id string `json:"id"`
+}
+
+// PutFleetFleetServerHostsItemidJSONBodySecretsSslKey1 defines parameters for PutFleetFleetServerHostsItemid.
+type PutFleetFleetServerHostsItemidJSONBodySecretsSslKey1 = string
+
+// PutFleetFleetServerHostsItemidJSONBody_Secrets_Ssl_Key defines parameters for PutFleetFleetServerHostsItemid.
+type PutFleetFleetServerHostsItemidJSONBody_Secrets_Ssl_Key struct {
+	union json.RawMessage
+}
+
+// PutFleetFleetServerHostsItemidJSONBodySslClientAuth defines parameters for PutFleetFleetServerHostsItemid.
+type PutFleetFleetServerHostsItemidJSONBodySslClientAuth string
+
+// GetFleetPackagePoliciesParams defines parameters for GetFleetPackagePolicies.
+type GetFleetPackagePoliciesParams struct {
+	Page            *float32                                `form:"page,omitempty" json:"page,omitempty"`
+	PerPage         *float32                                `form:"perPage,omitempty" json:"perPage,omitempty"`
+	SortField       *string                                 `form:"sortField,omitempty" json:"sortField,omitempty"`
+	SortOrder       *GetFleetPackagePoliciesParamsSortOrder `form:"sortOrder,omitempty" json:"sortOrder,omitempty"`
+	ShowUpgradeable *bool                                   `form:"showUpgradeable,omitempty" json:"showUpgradeable,omitempty"`
+	Kuery           *string                                 `form:"kuery,omitempty" json:"kuery,omitempty"`
+	Format          *GetFleetPackagePoliciesParamsFormat    `form:"format,omitempty" json:"format,omitempty"`
+	WithAgentCount  *bool                                   `form:"withAgentCount,omitempty" json:"withAgentCount,omitempty"`
+}
+
+// GetFleetPackagePoliciesParamsSortOrder defines parameters for GetFleetPackagePolicies.
+type GetFleetPackagePoliciesParamsSortOrder string
+
+// GetFleetPackagePoliciesParamsFormat defines parameters for GetFleetPackagePolicies.
+type GetFleetPackagePoliciesParamsFormat string
+
+// PostFleetPackagePoliciesParams defines parameters for PostFleetPackagePolicies.
+type PostFleetPackagePoliciesParams struct {
+	Format *PostFleetPackagePoliciesParamsFormat `form:"format,omitempty" json:"format,omitempty"`
+}
+
+// PostFleetPackagePoliciesParamsFormat defines parameters for PostFleetPackagePolicies.
+type PostFleetPackagePoliciesParamsFormat string
+
+// DeleteFleetPackagePoliciesPackagepolicyidParams defines parameters for DeleteFleetPackagePoliciesPackagepolicyid.
+type DeleteFleetPackagePoliciesPackagepolicyidParams struct {
+	Force *bool `form:"force,omitempty" json:"force,omitempty"`
+}
+
+// GetFleetPackagePoliciesPackagepolicyidParams defines parameters for GetFleetPackagePoliciesPackagepolicyid.
+type GetFleetPackagePoliciesPackagepolicyidParams struct {
+	Format *GetFleetPackagePoliciesPackagepolicyidParamsFormat `form:"format,omitempty" json:"format,omitempty"`
+}
+
+// GetFleetPackagePoliciesPackagepolicyidParamsFormat defines parameters for GetFleetPackagePoliciesPackagepolicyid.
+type GetFleetPackagePoliciesPackagepolicyidParamsFormat string
+
+// PutFleetPackagePoliciesPackagepolicyidParams defines parameters for PutFleetPackagePoliciesPackagepolicyid.
+type PutFleetPackagePoliciesPackagepolicyidParams struct {
+	Format *PutFleetPackagePoliciesPackagepolicyidParamsFormat `form:"format,omitempty" json:"format,omitempty"`
+}
+
+// PutFleetPackagePoliciesPackagepolicyidParamsFormat defines parameters for PutFleetPackagePoliciesPackagepolicyid.
+type PutFleetPackagePoliciesPackagepolicyidParamsFormat string
+
+// PostParametersJSONBody defines parameters for PostParameters.
+type PostParametersJSONBody struct {
+	union json.RawMessage
+}
+
+// PostParametersJSONBody0 defines parameters for PostParameters.
+type PostParametersJSONBody0 = []SyntheticsParameterRequest
+
+// PutParameterJSONBody defines parameters for PutParameter.
+type PutParameterJSONBody struct {
+	// Description The updated description of the parameter.
+	Description *string `json:"description,omitempty"`
+
+	// Key The key of the parameter.
+	Key *string `json:"key,omitempty"`
+
+	// Tags An array of updated tags to categorize the parameter.
+	Tags *[]string `json:"tags,omitempty"`
+
+	// Value The updated value associated with the parameter.
+	Value *string `json:"value,omitempty"`
+}
+
+// PostActionsConnectorIdJSONBody defines parameters for PostActionsConnectorId.
+type PostActionsConnectorIdJSONBody struct {
+	// Config The connector configuration details.
+	Config *CreateConnectorConfig `json:"config,omitempty"`
+
+	// ConnectorTypeId The type of connector.
+	ConnectorTypeId string `json:"connector_type_id"`
+
+	// Name The display name for the connector.
+	Name    string                  `json:"name"`
+	Secrets *CreateConnectorSecrets `json:"secrets,omitempty"`
+}
+
+// PutActionsConnectorIdJSONBody defines parameters for PutActionsConnectorId.
+type PutActionsConnectorIdJSONBody struct {
+	// Config The connector configuration details.
+	Config *UpdateConnectorConfig `json:"config,omitempty"`
+
+	// Name The display name for the connector.
+	Name    string                  `json:"name"`
+	Secrets *UpdateConnectorSecrets `json:"secrets,omitempty"`
+}
+
+// DeleteRuleParams defines parameters for DeleteRule.
+type DeleteRuleParams struct {
+	// Id The rule's `id` value.
+	Id *SecurityDetectionsAPIRuleObjectId `form:"id,omitempty" json:"id,omitempty"`
+
+	// RuleId The rule's `rule_id` value.
+	RuleId *SecurityDetectionsAPIRuleSignatureId `form:"rule_id,omitempty" json:"rule_id,omitempty"`
+}
+
+// ReadRuleParams defines parameters for ReadRule.
+type ReadRuleParams struct {
+	// Id The rule's `id` value.
+	Id *SecurityDetectionsAPIRuleObjectId `form:"id,omitempty" json:"id,omitempty"`
+
+	// RuleId The rule's `rule_id` value.
+	RuleId *SecurityDetectionsAPIRuleSignatureId `form:"rule_id,omitempty" json:"rule_id,omitempty"`
+}
+
+// PostMaintenanceWindowJSONBody defines parameters for PostMaintenanceWindow.
+type PostMaintenanceWindowJSONBody struct {
+	// Enabled Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications.
+	Enabled  *bool `json:"enabled,omitempty"`
+	Schedule struct {
+		Custom struct {
+			// Duration The duration of the schedule. It allows values in `<integer><unit>` format. `<unit>` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.
+			Duration  string `json:"duration"`
+			Recurring *struct {
+				// End The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.
+				End *string `json:"end,omitempty"`
+
+				// Every The interval and frequency of a recurring schedule. It allows values in `<integer><unit>` format. `<unit>` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.
+				Every *string `json:"every,omitempty"`
+
+				// Occurrences The total number of recurrences of the schedule.
+				Occurrences *float32 `json:"occurrences,omitempty"`
+
+				// OnMonth The specific months for a recurring schedule. Valid values are 1-12.
+				OnMonth *[]float32 `json:"onMonth,omitempty"`
+
+				// OnMonthDay The specific days of the month for a recurring schedule. Valid values are 1-31.
+				OnMonthDay *[]float32 `json:"onMonthDay,omitempty"`
+
+				// OnWeekDay The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule.
+				OnWeekDay *[]string `json:"onWeekDay,omitempty"`
+			} `json:"recurring,omitempty"`
+
+			// Start The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.
+			Start string `json:"start"`
+
+			// Timezone The timezone of the schedule. The default timezone is UTC.
+			Timezone *string `json:"timezone,omitempty"`
+		} `json:"custom"`
+	} `json:"schedule"`
+	Scope *struct {
+		Alerting struct {
+			Query struct {
+				// Kql A filter written in Kibana Query Language (KQL). Only alerts matching this query will be supressed by the maintenance window.
+				Kql string `json:"kql"`
+			} `json:"query"`
+		} `json:"alerting"`
+	} `json:"scope,omitempty"`
+
+	// Title The name of the maintenance window. While this name does not have to be unique, a distinctive name can help you identify a specific maintenance window.
+	Title string `json:"title"`
+}
+
+// PatchMaintenanceWindowIdJSONBody defines parameters for PatchMaintenanceWindowId.
+type PatchMaintenanceWindowIdJSONBody struct {
+	// Enabled Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications.
+	Enabled  *bool `json:"enabled,omitempty"`
+	Schedule *struct {
+		Custom struct {
+			// Duration The duration of the schedule. It allows values in `<integer><unit>` format. `<unit>` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.
+			Duration  string `json:"duration"`
+			Recurring *struct {
+				// End The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.
+				End *string `json:"end,omitempty"`
+
+				// Every The interval and frequency of a recurring schedule. It allows values in `<integer><unit>` format. `<unit>` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.
+				Every *string `json:"every,omitempty"`
+
+				// Occurrences The total number of recurrences of the schedule.
+				Occurrences *float32 `json:"occurrences,omitempty"`
+
+				// OnMonth The specific months for a recurring schedule. Valid values are 1-12.
+				OnMonth *[]float32 `json:"onMonth,omitempty"`
+
+				// OnMonthDay The specific days of the month for a recurring schedule. Valid values are 1-31.
+				OnMonthDay *[]float32 `json:"onMonthDay,omitempty"`
+
+				// OnWeekDay The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule.
+				OnWeekDay *[]string `json:"onWeekDay,omitempty"`
+			} `json:"recurring,omitempty"`
+
+			// Start The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.
+			Start string `json:"start"`
+
+			// Timezone The timezone of the schedule. The default timezone is UTC.
+			Timezone *string `json:"timezone,omitempty"`
+		} `json:"custom"`
+	} `json:"schedule,omitempty"`
+	Scope *struct {
+		Alerting struct {
+			Query struct {
+				// Kql A filter written in Kibana Query Language (KQL). Only alerts matching this query will be supressed by the maintenance window.
+				Kql string `json:"kql"`
+			} `json:"query"`
+		} `json:"alerting"`
+	} `json:"scope,omitempty"`
+
+	// Title The name of the maintenance window. While this name does not have to be unique, a distinctive name can help you identify a specific maintenance window.
+	Title *string `json:"title,omitempty"`
+}
+
+// DeleteAgentConfigurationJSONRequestBody defines body for DeleteAgentConfiguration for application/json ContentType.
+type DeleteAgentConfigurationJSONRequestBody = APMUIDeleteServiceObject
+
+// CreateUpdateAgentConfigurationJSONRequestBody defines body for CreateUpdateAgentConfiguration for application/json ContentType.
+type CreateUpdateAgentConfigurationJSONRequestBody = APMUIAgentConfigurationIntakeObject
+
+// PostFleetAgentPoliciesJSONRequestBody defines body for PostFleetAgentPolicies for application/json ContentType.
+type PostFleetAgentPoliciesJSONRequestBody PostFleetAgentPoliciesJSONBody
+
+// PostFleetAgentPoliciesDeleteJSONRequestBody defines body for PostFleetAgentPoliciesDelete for application/json ContentType.
+type PostFleetAgentPoliciesDeleteJSONRequestBody PostFleetAgentPoliciesDeleteJSONBody
+
+// PutFleetAgentPoliciesAgentpolicyidJSONRequestBody defines body for PutFleetAgentPoliciesAgentpolicyid for application/json ContentType.
 type PutFleetAgentPoliciesAgentpolicyidJSONRequestBody PutFleetAgentPoliciesAgentpolicyidJSONBody
 
-// PostFleetEpmPackagesPkgnamePkgversionJSONRequestBody defines body for PostFleetEpmPackagesPkgnamePkgversion for application/json ContentType.
-type PostFleetEpmPackagesPkgnamePkgversionJSONRequestBody PostFleetEpmPackagesPkgnamePkgversionJSONBody
+// PostFleetEpmPackagesPkgnamePkgversionJSONRequestBody defines body for PostFleetEpmPackagesPkgnamePkgversion for application/json ContentType.
+type PostFleetEpmPackagesPkgnamePkgversionJSONRequestBody PostFleetEpmPackagesPkgnamePkgversionJSONBody
+
+// PostFleetFleetServerHostsJSONRequestBody defines body for PostFleetFleetServerHosts for application/json ContentType.
+type PostFleetFleetServerHostsJSONRequestBody PostFleetFleetServerHostsJSONBody
+
+// PutFleetFleetServerHostsItemidJSONRequestBody defines body for PutFleetFleetServerHostsItemid for application/json ContentType.
+type PutFleetFleetServerHostsItemidJSONRequestBody PutFleetFleetServerHostsItemidJSONBody
+
+// PostFleetOutputsJSONRequestBody defines body for PostFleetOutputs for application/json ContentType.
+type PostFleetOutputsJSONRequestBody = NewOutputUnion
+
+// PutFleetOutputsOutputidJSONRequestBody defines body for PutFleetOutputsOutputid for application/json ContentType.
+type PutFleetOutputsOutputidJSONRequestBody = UpdateOutputUnion
+
+// PostFleetPackagePoliciesJSONRequestBody defines body for PostFleetPackagePolicies for application/json ContentType.
+type PostFleetPackagePoliciesJSONRequestBody = PackagePolicyRequest
+
+// PutFleetPackagePoliciesPackagepolicyidJSONRequestBody defines body for PutFleetPackagePoliciesPackagepolicyid for application/json ContentType.
+type PutFleetPackagePoliciesPackagepolicyidJSONRequestBody = PackagePolicyRequest
+
+// PostParametersJSONRequestBody defines body for PostParameters for application/json ContentType.
+type PostParametersJSONRequestBody PostParametersJSONBody
+
+// PutParameterJSONRequestBody defines body for PutParameter for application/json ContentType.
+type PutParameterJSONRequestBody PutParameterJSONBody
+
+// PostActionsConnectorIdJSONRequestBody defines body for PostActionsConnectorId for application/json ContentType.
+type PostActionsConnectorIdJSONRequestBody PostActionsConnectorIdJSONBody
+
+// PutActionsConnectorIdJSONRequestBody defines body for PutActionsConnectorId for application/json ContentType.
+type PutActionsConnectorIdJSONRequestBody PutActionsConnectorIdJSONBody
+
+// CreateDataViewDefaultwJSONRequestBody defines body for CreateDataViewDefaultw for application/json ContentType.
+type CreateDataViewDefaultwJSONRequestBody = DataViewsCreateDataViewRequestObject
+
+// UpdateDataViewDefaultJSONRequestBody defines body for UpdateDataViewDefault for application/json ContentType.
+type UpdateDataViewDefaultJSONRequestBody = DataViewsUpdateDataViewRequestObject
+
+// CreateRuleJSONRequestBody defines body for CreateRule for application/json ContentType.
+type CreateRuleJSONRequestBody = SecurityDetectionsAPIRuleCreateProps
+
+// UpdateRuleJSONRequestBody defines body for UpdateRule for application/json ContentType.
+type UpdateRuleJSONRequestBody = SecurityDetectionsAPIRuleUpdateProps
+
+// PostMaintenanceWindowJSONRequestBody defines body for PostMaintenanceWindow for application/json ContentType.
+type PostMaintenanceWindowJSONRequestBody PostMaintenanceWindowJSONBody
+
+// PatchMaintenanceWindowIdJSONRequestBody defines body for PatchMaintenanceWindowId for application/json ContentType.
+type PatchMaintenanceWindowIdJSONRequestBody PatchMaintenanceWindowIdJSONBody
+
+// Getter for additional properties for AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges. Returns the specified
+// element and whether it was found
+func (a AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
+	}
+	return
+}
+
+// Setter for additional properties for AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges
+func (a *AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
+	}
+	a.AdditionalProperties[fieldName] = value
+}
+
+// Override default JSON handling for AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges to handle AdditionalProperties
+func (a *AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
+	if err != nil {
+		return err
+	}
+
+	if raw, found := object["cluster"]; found {
+		err = json.Unmarshal(raw, &a.Cluster)
+		if err != nil {
+			return fmt.Errorf("error reading 'cluster': %w", err)
+		}
+		delete(object, "cluster")
+	}
+
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
+		}
+	}
+	return nil
+}
+
+// Override default JSON handling for AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges to handle AdditionalProperties
+func (a AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
+
+	if a.Cluster != nil {
+		object["cluster"], err = json.Marshal(a.Cluster)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'cluster': %w", err)
+		}
+	}
+
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
+		}
+	}
+	return json.Marshal(object)
+}
+
+// Getter for additional properties for AgentPolicy_PackagePolicies_1_Elasticsearch. Returns the specified
+// element and whether it was found
+func (a AgentPolicy_PackagePolicies_1_Elasticsearch) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
+	}
+	return
+}
+
+// Setter for additional properties for AgentPolicy_PackagePolicies_1_Elasticsearch
+func (a *AgentPolicy_PackagePolicies_1_Elasticsearch) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
+	}
+	a.AdditionalProperties[fieldName] = value
+}
+
+// Override default JSON handling for AgentPolicy_PackagePolicies_1_Elasticsearch to handle AdditionalProperties
+func (a *AgentPolicy_PackagePolicies_1_Elasticsearch) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
+	if err != nil {
+		return err
+	}
+
+	if raw, found := object["privileges"]; found {
+		err = json.Unmarshal(raw, &a.Privileges)
+		if err != nil {
+			return fmt.Errorf("error reading 'privileges': %w", err)
+		}
+		delete(object, "privileges")
+	}
+
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
+		}
+	}
+	return nil
+}
+
+// Override default JSON handling for AgentPolicy_PackagePolicies_1_Elasticsearch to handle AdditionalProperties
+func (a AgentPolicy_PackagePolicies_1_Elasticsearch) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
+
+	if a.Privileges != nil {
+		object["privileges"], err = json.Marshal(a.Privileges)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'privileges': %w", err)
+		}
+	}
+
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
+		}
+	}
+	return json.Marshal(object)
+}
+
+// Getter for additional properties for CreateConnectorConfig. Returns the specified
+// element and whether it was found
+func (a CreateConnectorConfig) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
+	}
+	return
+}
+
+// Setter for additional properties for CreateConnectorConfig
+func (a *CreateConnectorConfig) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
+	}
+	a.AdditionalProperties[fieldName] = value
+}
+
+// Getter for additional properties for CreateConnectorSecrets. Returns the specified
+// element and whether it was found
+func (a CreateConnectorSecrets) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
+	}
+	return
+}
+
+// Setter for additional properties for CreateConnectorSecrets
+func (a *CreateConnectorSecrets) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
+	}
+	a.AdditionalProperties[fieldName] = value
+}
+
+// Getter for additional properties for OutputElasticsearch. Returns the specified
+// element and whether it was found
+func (a OutputElasticsearch) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
+	}
+	return
+}
+
+// Setter for additional properties for OutputElasticsearch
+func (a *OutputElasticsearch) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
+	}
+	a.AdditionalProperties[fieldName] = value
+}
+
+// Override default JSON handling for OutputElasticsearch to handle AdditionalProperties
+func (a *OutputElasticsearch) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
+	if err != nil {
+		return err
+	}
 
-// PostFleetFleetServerHostsJSONRequestBody defines body for PostFleetFleetServerHosts for application/json ContentType.
-type PostFleetFleetServerHostsJSONRequestBody PostFleetFleetServerHostsJSONBody
+	if raw, found := object["allow_edit"]; found {
+		err = json.Unmarshal(raw, &a.AllowEdit)
+		if err != nil {
+			return fmt.Errorf("error reading 'allow_edit': %w", err)
+		}
+		delete(object, "allow_edit")
+	}
 
-// PutFleetFleetServerHostsItemidJSONRequestBody defines body for PutFleetFleetServerHostsItemid for application/json ContentType.
-type PutFleetFleetServerHostsItemidJSONRequestBody PutFleetFleetServerHostsItemidJSONBody
+	if raw, found := object["ca_sha256"]; found {
+		err = json.Unmarshal(raw, &a.CaSha256)
+		if err != nil {
+			return fmt.Errorf("error reading 'ca_sha256': %w", err)
+		}
+		delete(object, "ca_sha256")
+	}
 
-// PostFleetOutputsJSONRequestBody defines body for PostFleetOutputs for application/json ContentType.
-type PostFleetOutputsJSONRequestBody = NewOutputUnion
+	if raw, found := object["ca_trusted_fingerprint"]; found {
+		err = json.Unmarshal(raw, &a.CaTrustedFingerprint)
+		if err != nil {
+			return fmt.Errorf("error reading 'ca_trusted_fingerprint': %w", err)
+		}
+		delete(object, "ca_trusted_fingerprint")
+	}
 
-// PutFleetOutputsOutputidJSONRequestBody defines body for PutFleetOutputsOutputid for application/json ContentType.
-type PutFleetOutputsOutputidJSONRequestBody = UpdateOutputUnion
+	if raw, found := object["config_yaml"]; found {
+		err = json.Unmarshal(raw, &a.ConfigYaml)
+		if err != nil {
+			return fmt.Errorf("error reading 'config_yaml': %w", err)
+		}
+		delete(object, "config_yaml")
+	}
 
-// PostFleetPackagePoliciesJSONRequestBody defines body for PostFleetPackagePolicies for application/json ContentType.
-type PostFleetPackagePoliciesJSONRequestBody = PackagePolicyRequest
+	if raw, found := object["hosts"]; found {
+		err = json.Unmarshal(raw, &a.Hosts)
+		if err != nil {
+			return fmt.Errorf("error reading 'hosts': %w", err)
+		}
+		delete(object, "hosts")
+	}
 
-// PutFleetPackagePoliciesPackagepolicyidJSONRequestBody defines body for PutFleetPackagePoliciesPackagepolicyid for application/json ContentType.
-type PutFleetPackagePoliciesPackagepolicyidJSONRequestBody = PackagePolicyRequest
+	if raw, found := object["id"]; found {
+		err = json.Unmarshal(raw, &a.Id)
+		if err != nil {
+			return fmt.Errorf("error reading 'id': %w", err)
+		}
+		delete(object, "id")
+	}
 
-// PostParametersJSONRequestBody defines body for PostParameters for application/json ContentType.
-type PostParametersJSONRequestBody PostParametersJSONBody
+	if raw, found := object["is_default"]; found {
+		err = json.Unmarshal(raw, &a.IsDefault)
+		if err != nil {
+			return fmt.Errorf("error reading 'is_default': %w", err)
+		}
+		delete(object, "is_default")
+	}
+
+	if raw, found := object["is_default_monitoring"]; found {
+		err = json.Unmarshal(raw, &a.IsDefaultMonitoring)
+		if err != nil {
+			return fmt.Errorf("error reading 'is_default_monitoring': %w", err)
+		}
+		delete(object, "is_default_monitoring")
+	}
+
+	if raw, found := object["is_internal"]; found {
+		err = json.Unmarshal(raw, &a.IsInternal)
+		if err != nil {
+			return fmt.Errorf("error reading 'is_internal': %w", err)
+		}
+		delete(object, "is_internal")
+	}
+
+	if raw, found := object["is_preconfigured"]; found {
+		err = json.Unmarshal(raw, &a.IsPreconfigured)
+		if err != nil {
+			return fmt.Errorf("error reading 'is_preconfigured': %w", err)
+		}
+		delete(object, "is_preconfigured")
+	}
+
+	if raw, found := object["name"]; found {
+		err = json.Unmarshal(raw, &a.Name)
+		if err != nil {
+			return fmt.Errorf("error reading 'name': %w", err)
+		}
+		delete(object, "name")
+	}
+
+	if raw, found := object["preset"]; found {
+		err = json.Unmarshal(raw, &a.Preset)
+		if err != nil {
+			return fmt.Errorf("error reading 'preset': %w", err)
+		}
+		delete(object, "preset")
+	}
+
+	if raw, found := object["proxy_id"]; found {
+		err = json.Unmarshal(raw, &a.ProxyId)
+		if err != nil {
+			return fmt.Errorf("error reading 'proxy_id': %w", err)
+		}
+		delete(object, "proxy_id")
+	}
+
+	if raw, found := object["secrets"]; found {
+		err = json.Unmarshal(raw, &a.Secrets)
+		if err != nil {
+			return fmt.Errorf("error reading 'secrets': %w", err)
+		}
+		delete(object, "secrets")
+	}
+
+	if raw, found := object["shipper"]; found {
+		err = json.Unmarshal(raw, &a.Shipper)
+		if err != nil {
+			return fmt.Errorf("error reading 'shipper': %w", err)
+		}
+		delete(object, "shipper")
+	}
+
+	if raw, found := object["ssl"]; found {
+		err = json.Unmarshal(raw, &a.Ssl)
+		if err != nil {
+			return fmt.Errorf("error reading 'ssl': %w", err)
+		}
+		delete(object, "ssl")
+	}
+
+	if raw, found := object["type"]; found {
+		err = json.Unmarshal(raw, &a.Type)
+		if err != nil {
+			return fmt.Errorf("error reading 'type': %w", err)
+		}
+		delete(object, "type")
+	}
+
+	if raw, found := object["write_to_logs_streams"]; found {
+		err = json.Unmarshal(raw, &a.WriteToLogsStreams)
+		if err != nil {
+			return fmt.Errorf("error reading 'write_to_logs_streams': %w", err)
+		}
+		delete(object, "write_to_logs_streams")
+	}
+
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
+		}
+	}
+	return nil
+}
+
+// Override default JSON handling for OutputElasticsearch to handle AdditionalProperties
+func (a OutputElasticsearch) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
+
+	if a.AllowEdit != nil {
+		object["allow_edit"], err = json.Marshal(a.AllowEdit)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'allow_edit': %w", err)
+		}
+	}
+
+	if a.CaSha256 != nil {
+		object["ca_sha256"], err = json.Marshal(a.CaSha256)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'ca_sha256': %w", err)
+		}
+	}
+
+	if a.CaTrustedFingerprint != nil {
+		object["ca_trusted_fingerprint"], err = json.Marshal(a.CaTrustedFingerprint)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'ca_trusted_fingerprint': %w", err)
+		}
+	}
+
+	if a.ConfigYaml != nil {
+		object["config_yaml"], err = json.Marshal(a.ConfigYaml)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'config_yaml': %w", err)
+		}
+	}
+
+	object["hosts"], err = json.Marshal(a.Hosts)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'hosts': %w", err)
+	}
+
+	if a.Id != nil {
+		object["id"], err = json.Marshal(a.Id)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'id': %w", err)
+		}
+	}
+
+	if a.IsDefault != nil {
+		object["is_default"], err = json.Marshal(a.IsDefault)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'is_default': %w", err)
+		}
+	}
+
+	if a.IsDefaultMonitoring != nil {
+		object["is_default_monitoring"], err = json.Marshal(a.IsDefaultMonitoring)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'is_default_monitoring': %w", err)
+		}
+	}
+
+	if a.IsInternal != nil {
+		object["is_internal"], err = json.Marshal(a.IsInternal)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'is_internal': %w", err)
+		}
+	}
+
+	if a.IsPreconfigured != nil {
+		object["is_preconfigured"], err = json.Marshal(a.IsPreconfigured)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'is_preconfigured': %w", err)
+		}
+	}
+
+	object["name"], err = json.Marshal(a.Name)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'name': %w", err)
+	}
+
+	if a.Preset != nil {
+		object["preset"], err = json.Marshal(a.Preset)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'preset': %w", err)
+		}
+	}
 
-// PutParameterJSONRequestBody defines body for PutParameter for application/json ContentType.
-type PutParameterJSONRequestBody PutParameterJSONBody
+	if a.ProxyId != nil {
+		object["proxy_id"], err = json.Marshal(a.ProxyId)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'proxy_id': %w", err)
+		}
+	}
 
-// PostActionsConnectorIdJSONRequestBody defines body for PostActionsConnectorId for application/json ContentType.
-type PostActionsConnectorIdJSONRequestBody PostActionsConnectorIdJSONBody
+	if a.Secrets != nil {
+		object["secrets"], err = json.Marshal(a.Secrets)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'secrets': %w", err)
+		}
+	}
 
-// PutActionsConnectorIdJSONRequestBody defines body for PutActionsConnectorId for application/json ContentType.
-type PutActionsConnectorIdJSONRequestBody PutActionsConnectorIdJSONBody
+	if a.Shipper != nil {
+		object["shipper"], err = json.Marshal(a.Shipper)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'shipper': %w", err)
+		}
+	}
 
-// CreateDataViewDefaultwJSONRequestBody defines body for CreateDataViewDefaultw for application/json ContentType.
-type CreateDataViewDefaultwJSONRequestBody = DataViewsCreateDataViewRequestObject
+	if a.Ssl != nil {
+		object["ssl"], err = json.Marshal(a.Ssl)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'ssl': %w", err)
+		}
+	}
 
-// UpdateDataViewDefaultJSONRequestBody defines body for UpdateDataViewDefault for application/json ContentType.
-type UpdateDataViewDefaultJSONRequestBody = DataViewsUpdateDataViewRequestObject
+	object["type"], err = json.Marshal(a.Type)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'type': %w", err)
+	}
 
-// PostMaintenanceWindowJSONRequestBody defines body for PostMaintenanceWindow for application/json ContentType.
-type PostMaintenanceWindowJSONRequestBody PostMaintenanceWindowJSONBody
+	if a.WriteToLogsStreams != nil {
+		object["write_to_logs_streams"], err = json.Marshal(a.WriteToLogsStreams)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'write_to_logs_streams': %w", err)
+		}
+	}
 
-// PatchMaintenanceWindowIdJSONRequestBody defines body for PatchMaintenanceWindowId for application/json ContentType.
-type PatchMaintenanceWindowIdJSONRequestBody PatchMaintenanceWindowIdJSONBody
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
+		}
+	}
+	return json.Marshal(object)
+}
 
-// Getter for additional properties for AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges. Returns the specified
+// Getter for additional properties for OutputElasticsearchSecretsSslKey0. Returns the specified
 // element and whether it was found
-func (a AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges) Get(fieldName string) (value interface{}, found bool) {
+func (a OutputElasticsearchSecretsSslKey0) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges
-func (a *AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges) Set(fieldName string, value interface{}) {
+// Setter for additional properties for OutputElasticsearchSecretsSslKey0
+func (a *OutputElasticsearchSecretsSslKey0) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges to handle AdditionalProperties
-func (a *AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for OutputElasticsearchSecretsSslKey0 to handle AdditionalProperties
+func (a *OutputElasticsearchSecretsSslKey0) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["cluster"]; found {
-		err = json.Unmarshal(raw, &a.Cluster)
+	if raw, found := object["id"]; found {
+		err = json.Unmarshal(raw, &a.Id)
 		if err != nil {
-			return fmt.Errorf("error reading 'cluster': %w", err)
+			return fmt.Errorf("error reading 'id': %w", err)
 		}
-		delete(object, "cluster")
+		delete(object, "id")
 	}
 
 	if len(object) != 0 {
@@ -4619,16 +11316,14 @@ func (a *AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges) UnmarshalJSON(b
 	return nil
 }
 
-// Override default JSON handling for AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges to handle AdditionalProperties
-func (a AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for OutputElasticsearchSecretsSslKey0 to handle AdditionalProperties
+func (a OutputElasticsearchSecretsSslKey0) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Cluster != nil {
-		object["cluster"], err = json.Marshal(a.Cluster)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'cluster': %w", err)
-		}
+	object["id"], err = json.Marshal(a.Id)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'id': %w", err)
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -4640,37 +11335,37 @@ func (a AgentPolicy_PackagePolicies_1_Elasticsearch_Privileges) MarshalJSON() ([
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for AgentPolicy_PackagePolicies_1_Elasticsearch. Returns the specified
+// Getter for additional properties for OutputElasticsearch_Secrets_Ssl. Returns the specified
 // element and whether it was found
-func (a AgentPolicy_PackagePolicies_1_Elasticsearch) Get(fieldName string) (value interface{}, found bool) {
+func (a OutputElasticsearch_Secrets_Ssl) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for AgentPolicy_PackagePolicies_1_Elasticsearch
-func (a *AgentPolicy_PackagePolicies_1_Elasticsearch) Set(fieldName string, value interface{}) {
+// Setter for additional properties for OutputElasticsearch_Secrets_Ssl
+func (a *OutputElasticsearch_Secrets_Ssl) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for AgentPolicy_PackagePolicies_1_Elasticsearch to handle AdditionalProperties
-func (a *AgentPolicy_PackagePolicies_1_Elasticsearch) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for OutputElasticsearch_Secrets_Ssl to handle AdditionalProperties
+func (a *OutputElasticsearch_Secrets_Ssl) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["privileges"]; found {
-		err = json.Unmarshal(raw, &a.Privileges)
+	if raw, found := object["key"]; found {
+		err = json.Unmarshal(raw, &a.Key)
 		if err != nil {
-			return fmt.Errorf("error reading 'privileges': %w", err)
+			return fmt.Errorf("error reading 'key': %w", err)
 		}
-		delete(object, "privileges")
+		delete(object, "key")
 	}
 
 	if len(object) != 0 {
@@ -4687,15 +11382,15 @@ func (a *AgentPolicy_PackagePolicies_1_Elasticsearch) UnmarshalJSON(b []byte) er
 	return nil
 }
 
-// Override default JSON handling for AgentPolicy_PackagePolicies_1_Elasticsearch to handle AdditionalProperties
-func (a AgentPolicy_PackagePolicies_1_Elasticsearch) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for OutputElasticsearch_Secrets_Ssl to handle AdditionalProperties
+func (a OutputElasticsearch_Secrets_Ssl) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Privileges != nil {
-		object["privileges"], err = json.Marshal(a.Privileges)
+	if a.Key != nil {
+		object["key"], err = json.Marshal(a.Key)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'privileges': %w", err)
+			return nil, fmt.Errorf("error marshaling 'key': %w", err)
 		}
 	}
 
@@ -4708,59 +11403,93 @@ func (a AgentPolicy_PackagePolicies_1_Elasticsearch) MarshalJSON() ([]byte, erro
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for CreateConnectorConfig. Returns the specified
+// Getter for additional properties for OutputElasticsearch_Secrets. Returns the specified
 // element and whether it was found
-func (a CreateConnectorConfig) Get(fieldName string) (value interface{}, found bool) {
+func (a OutputElasticsearch_Secrets) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for CreateConnectorConfig
-func (a *CreateConnectorConfig) Set(fieldName string, value interface{}) {
+// Setter for additional properties for OutputElasticsearch_Secrets
+func (a *OutputElasticsearch_Secrets) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Getter for additional properties for CreateConnectorSecrets. Returns the specified
-// element and whether it was found
-func (a CreateConnectorSecrets) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
+// Override default JSON handling for OutputElasticsearch_Secrets to handle AdditionalProperties
+func (a *OutputElasticsearch_Secrets) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
+	if err != nil {
+		return err
 	}
-	return
-}
 
-// Setter for additional properties for CreateConnectorSecrets
-func (a *CreateConnectorSecrets) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
+	if raw, found := object["ssl"]; found {
+		err = json.Unmarshal(raw, &a.Ssl)
+		if err != nil {
+			return fmt.Errorf("error reading 'ssl': %w", err)
+		}
+		delete(object, "ssl")
+	}
+
+	if len(object) != 0 {
 		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
+		}
 	}
-	a.AdditionalProperties[fieldName] = value
+	return nil
 }
 
-// Getter for additional properties for OutputElasticsearch. Returns the specified
+// Override default JSON handling for OutputElasticsearch_Secrets to handle AdditionalProperties
+func (a OutputElasticsearch_Secrets) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
+
+	if a.Ssl != nil {
+		object["ssl"], err = json.Marshal(a.Ssl)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'ssl': %w", err)
+		}
+	}
+
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
+		}
+	}
+	return json.Marshal(object)
+}
+
+// Getter for additional properties for OutputKafka. Returns the specified
 // element and whether it was found
-func (a OutputElasticsearch) Get(fieldName string) (value interface{}, found bool) {
+func (a OutputKafka) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for OutputElasticsearch
-func (a *OutputElasticsearch) Set(fieldName string, value interface{}) {
+// Setter for additional properties for OutputKafka
+func (a *OutputKafka) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for OutputElasticsearch to handle AdditionalProperties
-func (a *OutputElasticsearch) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for OutputKafka to handle AdditionalProperties
+func (a *OutputKafka) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
@@ -4770,33 +11499,97 @@ func (a *OutputElasticsearch) UnmarshalJSON(b []byte) error {
 	if raw, found := object["allow_edit"]; found {
 		err = json.Unmarshal(raw, &a.AllowEdit)
 		if err != nil {
-			return fmt.Errorf("error reading 'allow_edit': %w", err)
+			return fmt.Errorf("error reading 'allow_edit': %w", err)
+		}
+		delete(object, "allow_edit")
+	}
+
+	if raw, found := object["auth_type"]; found {
+		err = json.Unmarshal(raw, &a.AuthType)
+		if err != nil {
+			return fmt.Errorf("error reading 'auth_type': %w", err)
+		}
+		delete(object, "auth_type")
+	}
+
+	if raw, found := object["broker_timeout"]; found {
+		err = json.Unmarshal(raw, &a.BrokerTimeout)
+		if err != nil {
+			return fmt.Errorf("error reading 'broker_timeout': %w", err)
+		}
+		delete(object, "broker_timeout")
+	}
+
+	if raw, found := object["ca_sha256"]; found {
+		err = json.Unmarshal(raw, &a.CaSha256)
+		if err != nil {
+			return fmt.Errorf("error reading 'ca_sha256': %w", err)
+		}
+		delete(object, "ca_sha256")
+	}
+
+	if raw, found := object["ca_trusted_fingerprint"]; found {
+		err = json.Unmarshal(raw, &a.CaTrustedFingerprint)
+		if err != nil {
+			return fmt.Errorf("error reading 'ca_trusted_fingerprint': %w", err)
+		}
+		delete(object, "ca_trusted_fingerprint")
+	}
+
+	if raw, found := object["client_id"]; found {
+		err = json.Unmarshal(raw, &a.ClientId)
+		if err != nil {
+			return fmt.Errorf("error reading 'client_id': %w", err)
+		}
+		delete(object, "client_id")
+	}
+
+	if raw, found := object["compression"]; found {
+		err = json.Unmarshal(raw, &a.Compression)
+		if err != nil {
+			return fmt.Errorf("error reading 'compression': %w", err)
+		}
+		delete(object, "compression")
+	}
+
+	if raw, found := object["compression_level"]; found {
+		err = json.Unmarshal(raw, &a.CompressionLevel)
+		if err != nil {
+			return fmt.Errorf("error reading 'compression_level': %w", err)
+		}
+		delete(object, "compression_level")
+	}
+
+	if raw, found := object["config_yaml"]; found {
+		err = json.Unmarshal(raw, &a.ConfigYaml)
+		if err != nil {
+			return fmt.Errorf("error reading 'config_yaml': %w", err)
 		}
-		delete(object, "allow_edit")
+		delete(object, "config_yaml")
 	}
 
-	if raw, found := object["ca_sha256"]; found {
-		err = json.Unmarshal(raw, &a.CaSha256)
+	if raw, found := object["connection_type"]; found {
+		err = json.Unmarshal(raw, &a.ConnectionType)
 		if err != nil {
-			return fmt.Errorf("error reading 'ca_sha256': %w", err)
+			return fmt.Errorf("error reading 'connection_type': %w", err)
 		}
-		delete(object, "ca_sha256")
+		delete(object, "connection_type")
 	}
 
-	if raw, found := object["ca_trusted_fingerprint"]; found {
-		err = json.Unmarshal(raw, &a.CaTrustedFingerprint)
+	if raw, found := object["hash"]; found {
+		err = json.Unmarshal(raw, &a.Hash)
 		if err != nil {
-			return fmt.Errorf("error reading 'ca_trusted_fingerprint': %w", err)
+			return fmt.Errorf("error reading 'hash': %w", err)
 		}
-		delete(object, "ca_trusted_fingerprint")
+		delete(object, "hash")
 	}
 
-	if raw, found := object["config_yaml"]; found {
-		err = json.Unmarshal(raw, &a.ConfigYaml)
+	if raw, found := object["headers"]; found {
+		err = json.Unmarshal(raw, &a.Headers)
 		if err != nil {
-			return fmt.Errorf("error reading 'config_yaml': %w", err)
+			return fmt.Errorf("error reading 'headers': %w", err)
 		}
-		delete(object, "config_yaml")
+		delete(object, "headers")
 	}
 
 	if raw, found := object["hosts"]; found {
@@ -4847,6 +11640,14 @@ func (a *OutputElasticsearch) UnmarshalJSON(b []byte) error {
 		delete(object, "is_preconfigured")
 	}
 
+	if raw, found := object["key"]; found {
+		err = json.Unmarshal(raw, &a.Key)
+		if err != nil {
+			return fmt.Errorf("error reading 'key': %w", err)
+		}
+		delete(object, "key")
+	}
+
 	if raw, found := object["name"]; found {
 		err = json.Unmarshal(raw, &a.Name)
 		if err != nil {
@@ -4855,12 +11656,20 @@ func (a *OutputElasticsearch) UnmarshalJSON(b []byte) error {
 		delete(object, "name")
 	}
 
-	if raw, found := object["preset"]; found {
-		err = json.Unmarshal(raw, &a.Preset)
+	if raw, found := object["partition"]; found {
+		err = json.Unmarshal(raw, &a.Partition)
 		if err != nil {
-			return fmt.Errorf("error reading 'preset': %w", err)
+			return fmt.Errorf("error reading 'partition': %w", err)
 		}
-		delete(object, "preset")
+		delete(object, "partition")
+	}
+
+	if raw, found := object["password"]; found {
+		err = json.Unmarshal(raw, &a.Password)
+		if err != nil {
+			return fmt.Errorf("error reading 'password': %w", err)
+		}
+		delete(object, "password")
 	}
 
 	if raw, found := object["proxy_id"]; found {
@@ -4871,6 +11680,38 @@ func (a *OutputElasticsearch) UnmarshalJSON(b []byte) error {
 		delete(object, "proxy_id")
 	}
 
+	if raw, found := object["random"]; found {
+		err = json.Unmarshal(raw, &a.Random)
+		if err != nil {
+			return fmt.Errorf("error reading 'random': %w", err)
+		}
+		delete(object, "random")
+	}
+
+	if raw, found := object["required_acks"]; found {
+		err = json.Unmarshal(raw, &a.RequiredAcks)
+		if err != nil {
+			return fmt.Errorf("error reading 'required_acks': %w", err)
+		}
+		delete(object, "required_acks")
+	}
+
+	if raw, found := object["round_robin"]; found {
+		err = json.Unmarshal(raw, &a.RoundRobin)
+		if err != nil {
+			return fmt.Errorf("error reading 'round_robin': %w", err)
+		}
+		delete(object, "round_robin")
+	}
+
+	if raw, found := object["sasl"]; found {
+		err = json.Unmarshal(raw, &a.Sasl)
+		if err != nil {
+			return fmt.Errorf("error reading 'sasl': %w", err)
+		}
+		delete(object, "sasl")
+	}
+
 	if raw, found := object["secrets"]; found {
 		err = json.Unmarshal(raw, &a.Secrets)
 		if err != nil {
@@ -4895,6 +11736,22 @@ func (a *OutputElasticsearch) UnmarshalJSON(b []byte) error {
 		delete(object, "ssl")
 	}
 
+	if raw, found := object["timeout"]; found {
+		err = json.Unmarshal(raw, &a.Timeout)
+		if err != nil {
+			return fmt.Errorf("error reading 'timeout': %w", err)
+		}
+		delete(object, "timeout")
+	}
+
+	if raw, found := object["topic"]; found {
+		err = json.Unmarshal(raw, &a.Topic)
+		if err != nil {
+			return fmt.Errorf("error reading 'topic': %w", err)
+		}
+		delete(object, "topic")
+	}
+
 	if raw, found := object["type"]; found {
 		err = json.Unmarshal(raw, &a.Type)
 		if err != nil {
@@ -4903,6 +11760,30 @@ func (a *OutputElasticsearch) UnmarshalJSON(b []byte) error {
 		delete(object, "type")
 	}
 
+	if raw, found := object["username"]; found {
+		err = json.Unmarshal(raw, &a.Username)
+		if err != nil {
+			return fmt.Errorf("error reading 'username': %w", err)
+		}
+		delete(object, "username")
+	}
+
+	if raw, found := object["version"]; found {
+		err = json.Unmarshal(raw, &a.Version)
+		if err != nil {
+			return fmt.Errorf("error reading 'version': %w", err)
+		}
+		delete(object, "version")
+	}
+
+	if raw, found := object["write_to_logs_streams"]; found {
+		err = json.Unmarshal(raw, &a.WriteToLogsStreams)
+		if err != nil {
+			return fmt.Errorf("error reading 'write_to_logs_streams': %w", err)
+		}
+		delete(object, "write_to_logs_streams")
+	}
+
 	if len(object) != 0 {
 		a.AdditionalProperties = make(map[string]interface{})
 		for fieldName, fieldBuf := range object {
@@ -4917,8 +11798,8 @@ func (a *OutputElasticsearch) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for OutputElasticsearch to handle AdditionalProperties
-func (a OutputElasticsearch) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for OutputKafka to handle AdditionalProperties
+func (a OutputKafka) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
@@ -4929,6 +11810,18 @@ func (a OutputElasticsearch) MarshalJSON() ([]byte, error) {
 		}
 	}
 
+	object["auth_type"], err = json.Marshal(a.AuthType)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'auth_type': %w", err)
+	}
+
+	if a.BrokerTimeout != nil {
+		object["broker_timeout"], err = json.Marshal(a.BrokerTimeout)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'broker_timeout': %w", err)
+		}
+	}
+
 	if a.CaSha256 != nil {
 		object["ca_sha256"], err = json.Marshal(a.CaSha256)
 		if err != nil {
@@ -4943,6 +11836,25 @@ func (a OutputElasticsearch) MarshalJSON() ([]byte, error) {
 		}
 	}
 
+	if a.ClientId != nil {
+		object["client_id"], err = json.Marshal(a.ClientId)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'client_id': %w", err)
+		}
+	}
+
+	if a.Compression != nil {
+		object["compression"], err = json.Marshal(a.Compression)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'compression': %w", err)
+		}
+	}
+
+	object["compression_level"], err = json.Marshal(a.CompressionLevel)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'compression_level': %w", err)
+	}
+
 	if a.ConfigYaml != nil {
 		object["config_yaml"], err = json.Marshal(a.ConfigYaml)
 		if err != nil {
@@ -4950,6 +11862,25 @@ func (a OutputElasticsearch) MarshalJSON() ([]byte, error) {
 		}
 	}
 
+	object["connection_type"], err = json.Marshal(a.ConnectionType)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'connection_type': %w", err)
+	}
+
+	if a.Hash != nil {
+		object["hash"], err = json.Marshal(a.Hash)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'hash': %w", err)
+		}
+	}
+
+	if a.Headers != nil {
+		object["headers"], err = json.Marshal(a.Headers)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'headers': %w", err)
+		}
+	}
+
 	object["hosts"], err = json.Marshal(a.Hosts)
 	if err != nil {
 		return nil, fmt.Errorf("error marshaling 'hosts': %w", err)
@@ -4990,18 +11921,30 @@ func (a OutputElasticsearch) MarshalJSON() ([]byte, error) {
 		}
 	}
 
+	if a.Key != nil {
+		object["key"], err = json.Marshal(a.Key)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'key': %w", err)
+		}
+	}
+
 	object["name"], err = json.Marshal(a.Name)
 	if err != nil {
 		return nil, fmt.Errorf("error marshaling 'name': %w", err)
 	}
 
-	if a.Preset != nil {
-		object["preset"], err = json.Marshal(a.Preset)
+	if a.Partition != nil {
+		object["partition"], err = json.Marshal(a.Partition)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'preset': %w", err)
+			return nil, fmt.Errorf("error marshaling 'partition': %w", err)
 		}
 	}
 
+	object["password"], err = json.Marshal(a.Password)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'password': %w", err)
+	}
+
 	if a.ProxyId != nil {
 		object["proxy_id"], err = json.Marshal(a.ProxyId)
 		if err != nil {
@@ -5009,6 +11952,34 @@ func (a OutputElasticsearch) MarshalJSON() ([]byte, error) {
 		}
 	}
 
+	if a.Random != nil {
+		object["random"], err = json.Marshal(a.Random)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'random': %w", err)
+		}
+	}
+
+	if a.RequiredAcks != nil {
+		object["required_acks"], err = json.Marshal(a.RequiredAcks)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'required_acks': %w", err)
+		}
+	}
+
+	if a.RoundRobin != nil {
+		object["round_robin"], err = json.Marshal(a.RoundRobin)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'round_robin': %w", err)
+		}
+	}
+
+	if a.Sasl != nil {
+		object["sasl"], err = json.Marshal(a.Sasl)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'sasl': %w", err)
+		}
+	}
+
 	if a.Secrets != nil {
 		object["secrets"], err = json.Marshal(a.Secrets)
 		if err != nil {
@@ -5016,25 +11987,58 @@ func (a OutputElasticsearch) MarshalJSON() ([]byte, error) {
 		}
 	}
 
-	if a.Shipper != nil {
-		object["shipper"], err = json.Marshal(a.Shipper)
+	if a.Shipper != nil {
+		object["shipper"], err = json.Marshal(a.Shipper)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'shipper': %w", err)
+		}
+	}
+
+	if a.Ssl != nil {
+		object["ssl"], err = json.Marshal(a.Ssl)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'ssl': %w", err)
+		}
+	}
+
+	if a.Timeout != nil {
+		object["timeout"], err = json.Marshal(a.Timeout)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'timeout': %w", err)
+		}
+	}
+
+	if a.Topic != nil {
+		object["topic"], err = json.Marshal(a.Topic)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'topic': %w", err)
+		}
+	}
+
+	object["type"], err = json.Marshal(a.Type)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'type': %w", err)
+	}
+
+	object["username"], err = json.Marshal(a.Username)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'username': %w", err)
+	}
+
+	if a.Version != nil {
+		object["version"], err = json.Marshal(a.Version)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'shipper': %w", err)
+			return nil, fmt.Errorf("error marshaling 'version': %w", err)
 		}
 	}
 
-	if a.Ssl != nil {
-		object["ssl"], err = json.Marshal(a.Ssl)
+	if a.WriteToLogsStreams != nil {
+		object["write_to_logs_streams"], err = json.Marshal(a.WriteToLogsStreams)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'ssl': %w", err)
+			return nil, fmt.Errorf("error marshaling 'write_to_logs_streams': %w", err)
 		}
 	}
 
-	object["type"], err = json.Marshal(a.Type)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'type': %w", err)
-	}
-
 	for fieldName, field := range a.AdditionalProperties {
 		object[fieldName], err = json.Marshal(field)
 		if err != nil {
@@ -5044,37 +12048,45 @@ func (a OutputElasticsearch) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for OutputElasticsearchSecretsSslKey0. Returns the specified
+// Getter for additional properties for OutputKafka_Hash. Returns the specified
 // element and whether it was found
-func (a OutputElasticsearchSecretsSslKey0) Get(fieldName string) (value interface{}, found bool) {
+func (a OutputKafka_Hash) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for OutputElasticsearchSecretsSslKey0
-func (a *OutputElasticsearchSecretsSslKey0) Set(fieldName string, value interface{}) {
+// Setter for additional properties for OutputKafka_Hash
+func (a *OutputKafka_Hash) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for OutputElasticsearchSecretsSslKey0 to handle AdditionalProperties
-func (a *OutputElasticsearchSecretsSslKey0) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for OutputKafka_Hash to handle AdditionalProperties
+func (a *OutputKafka_Hash) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["id"]; found {
-		err = json.Unmarshal(raw, &a.Id)
+	if raw, found := object["hash"]; found {
+		err = json.Unmarshal(raw, &a.Hash)
 		if err != nil {
-			return fmt.Errorf("error reading 'id': %w", err)
+			return fmt.Errorf("error reading 'hash': %w", err)
 		}
-		delete(object, "id")
+		delete(object, "hash")
+	}
+
+	if raw, found := object["random"]; found {
+		err = json.Unmarshal(raw, &a.Random)
+		if err != nil {
+			return fmt.Errorf("error reading 'random': %w", err)
+		}
+		delete(object, "random")
 	}
 
 	if len(object) != 0 {
@@ -5091,14 +12103,23 @@ func (a *OutputElasticsearchSecretsSslKey0) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for OutputElasticsearchSecretsSslKey0 to handle AdditionalProperties
-func (a OutputElasticsearchSecretsSslKey0) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for OutputKafka_Hash to handle AdditionalProperties
+func (a OutputKafka_Hash) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	object["id"], err = json.Marshal(a.Id)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'id': %w", err)
+	if a.Hash != nil {
+		object["hash"], err = json.Marshal(a.Hash)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'hash': %w", err)
+		}
+	}
+
+	if a.Random != nil {
+		object["random"], err = json.Marshal(a.Random)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'random': %w", err)
+		}
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -5110,25 +12131,25 @@ func (a OutputElasticsearchSecretsSslKey0) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for OutputElasticsearch_Secrets_Ssl. Returns the specified
+// Getter for additional properties for OutputKafka_Headers_Item. Returns the specified
 // element and whether it was found
-func (a OutputElasticsearch_Secrets_Ssl) Get(fieldName string) (value interface{}, found bool) {
+func (a OutputKafka_Headers_Item) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for OutputElasticsearch_Secrets_Ssl
-func (a *OutputElasticsearch_Secrets_Ssl) Set(fieldName string, value interface{}) {
+// Setter for additional properties for OutputKafka_Headers_Item
+func (a *OutputKafka_Headers_Item) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for OutputElasticsearch_Secrets_Ssl to handle AdditionalProperties
-func (a *OutputElasticsearch_Secrets_Ssl) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for OutputKafka_Headers_Item to handle AdditionalProperties
+func (a *OutputKafka_Headers_Item) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
@@ -5143,6 +12164,14 @@ func (a *OutputElasticsearch_Secrets_Ssl) UnmarshalJSON(b []byte) error {
 		delete(object, "key")
 	}
 
+	if raw, found := object["value"]; found {
+		err = json.Unmarshal(raw, &a.Value)
+		if err != nil {
+			return fmt.Errorf("error reading 'value': %w", err)
+		}
+		delete(object, "value")
+	}
+
 	if len(object) != 0 {
 		a.AdditionalProperties = make(map[string]interface{})
 		for fieldName, fieldBuf := range object {
@@ -5157,16 +12186,19 @@ func (a *OutputElasticsearch_Secrets_Ssl) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for OutputElasticsearch_Secrets_Ssl to handle AdditionalProperties
-func (a OutputElasticsearch_Secrets_Ssl) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for OutputKafka_Headers_Item to handle AdditionalProperties
+func (a OutputKafka_Headers_Item) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Key != nil {
-		object["key"], err = json.Marshal(a.Key)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'key': %w", err)
-		}
+	object["key"], err = json.Marshal(a.Key)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'key': %w", err)
+	}
+
+	object["value"], err = json.Marshal(a.Value)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'value': %w", err)
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -5178,37 +12210,37 @@ func (a OutputElasticsearch_Secrets_Ssl) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for OutputElasticsearch_Secrets. Returns the specified
+// Getter for additional properties for OutputKafka_Random. Returns the specified
 // element and whether it was found
-func (a OutputElasticsearch_Secrets) Get(fieldName string) (value interface{}, found bool) {
+func (a OutputKafka_Random) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for OutputElasticsearch_Secrets
-func (a *OutputElasticsearch_Secrets) Set(fieldName string, value interface{}) {
+// Setter for additional properties for OutputKafka_Random
+func (a *OutputKafka_Random) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for OutputElasticsearch_Secrets to handle AdditionalProperties
-func (a *OutputElasticsearch_Secrets) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for OutputKafka_Random to handle AdditionalProperties
+func (a *OutputKafka_Random) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["ssl"]; found {
-		err = json.Unmarshal(raw, &a.Ssl)
+	if raw, found := object["group_events"]; found {
+		err = json.Unmarshal(raw, &a.GroupEvents)
 		if err != nil {
-			return fmt.Errorf("error reading 'ssl': %w", err)
+			return fmt.Errorf("error reading 'group_events': %w", err)
 		}
-		delete(object, "ssl")
+		delete(object, "group_events")
 	}
 
 	if len(object) != 0 {
@@ -5225,15 +12257,15 @@ func (a *OutputElasticsearch_Secrets) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for OutputElasticsearch_Secrets to handle AdditionalProperties
-func (a OutputElasticsearch_Secrets) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for OutputKafka_Random to handle AdditionalProperties
+func (a OutputKafka_Random) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Ssl != nil {
-		object["ssl"], err = json.Marshal(a.Ssl)
+	if a.GroupEvents != nil {
+		object["group_events"], err = json.Marshal(a.GroupEvents)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'ssl': %w", err)
+			return nil, fmt.Errorf("error marshaling 'group_events': %w", err)
 		}
 	}
 
@@ -5246,309 +12278,305 @@ func (a OutputElasticsearch_Secrets) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for OutputKafka. Returns the specified
+// Getter for additional properties for OutputKafka_RoundRobin. Returns the specified
 // element and whether it was found
-func (a OutputKafka) Get(fieldName string) (value interface{}, found bool) {
+func (a OutputKafka_RoundRobin) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for OutputKafka
-func (a *OutputKafka) Set(fieldName string, value interface{}) {
+// Setter for additional properties for OutputKafka_RoundRobin
+func (a *OutputKafka_RoundRobin) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for OutputKafka to handle AdditionalProperties
-func (a *OutputKafka) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for OutputKafka_RoundRobin to handle AdditionalProperties
+func (a *OutputKafka_RoundRobin) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["allow_edit"]; found {
-		err = json.Unmarshal(raw, &a.AllowEdit)
-		if err != nil {
-			return fmt.Errorf("error reading 'allow_edit': %w", err)
-		}
-		delete(object, "allow_edit")
-	}
-
-	if raw, found := object["auth_type"]; found {
-		err = json.Unmarshal(raw, &a.AuthType)
-		if err != nil {
-			return fmt.Errorf("error reading 'auth_type': %w", err)
-		}
-		delete(object, "auth_type")
-	}
-
-	if raw, found := object["broker_timeout"]; found {
-		err = json.Unmarshal(raw, &a.BrokerTimeout)
-		if err != nil {
-			return fmt.Errorf("error reading 'broker_timeout': %w", err)
-		}
-		delete(object, "broker_timeout")
-	}
-
-	if raw, found := object["ca_sha256"]; found {
-		err = json.Unmarshal(raw, &a.CaSha256)
+	if raw, found := object["group_events"]; found {
+		err = json.Unmarshal(raw, &a.GroupEvents)
 		if err != nil {
-			return fmt.Errorf("error reading 'ca_sha256': %w", err)
+			return fmt.Errorf("error reading 'group_events': %w", err)
 		}
-		delete(object, "ca_sha256")
+		delete(object, "group_events")
 	}
 
-	if raw, found := object["ca_trusted_fingerprint"]; found {
-		err = json.Unmarshal(raw, &a.CaTrustedFingerprint)
-		if err != nil {
-			return fmt.Errorf("error reading 'ca_trusted_fingerprint': %w", err)
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
 		}
-		delete(object, "ca_trusted_fingerprint")
 	}
+	return nil
+}
 
-	if raw, found := object["client_id"]; found {
-		err = json.Unmarshal(raw, &a.ClientId)
-		if err != nil {
-			return fmt.Errorf("error reading 'client_id': %w", err)
-		}
-		delete(object, "client_id")
-	}
+// Override default JSON handling for OutputKafka_RoundRobin to handle AdditionalProperties
+func (a OutputKafka_RoundRobin) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
 
-	if raw, found := object["compression"]; found {
-		err = json.Unmarshal(raw, &a.Compression)
+	if a.GroupEvents != nil {
+		object["group_events"], err = json.Marshal(a.GroupEvents)
 		if err != nil {
-			return fmt.Errorf("error reading 'compression': %w", err)
+			return nil, fmt.Errorf("error marshaling 'group_events': %w", err)
 		}
-		delete(object, "compression")
 	}
 
-	if raw, found := object["compression_level"]; found {
-		err = json.Unmarshal(raw, &a.CompressionLevel)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return fmt.Errorf("error reading 'compression_level': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
-		delete(object, "compression_level")
 	}
+	return json.Marshal(object)
+}
 
-	if raw, found := object["config_yaml"]; found {
-		err = json.Unmarshal(raw, &a.ConfigYaml)
-		if err != nil {
-			return fmt.Errorf("error reading 'config_yaml': %w", err)
-		}
-		delete(object, "config_yaml")
+// Getter for additional properties for OutputKafka_Sasl. Returns the specified
+// element and whether it was found
+func (a OutputKafka_Sasl) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
 	}
+	return
+}
 
-	if raw, found := object["connection_type"]; found {
-		err = json.Unmarshal(raw, &a.ConnectionType)
-		if err != nil {
-			return fmt.Errorf("error reading 'connection_type': %w", err)
-		}
-		delete(object, "connection_type")
+// Setter for additional properties for OutputKafka_Sasl
+func (a *OutputKafka_Sasl) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
 	}
+	a.AdditionalProperties[fieldName] = value
+}
 
-	if raw, found := object["hash"]; found {
-		err = json.Unmarshal(raw, &a.Hash)
-		if err != nil {
-			return fmt.Errorf("error reading 'hash': %w", err)
-		}
-		delete(object, "hash")
+// Override default JSON handling for OutputKafka_Sasl to handle AdditionalProperties
+func (a *OutputKafka_Sasl) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
+	if err != nil {
+		return err
 	}
 
-	if raw, found := object["headers"]; found {
-		err = json.Unmarshal(raw, &a.Headers)
+	if raw, found := object["mechanism"]; found {
+		err = json.Unmarshal(raw, &a.Mechanism)
 		if err != nil {
-			return fmt.Errorf("error reading 'headers': %w", err)
+			return fmt.Errorf("error reading 'mechanism': %w", err)
 		}
-		delete(object, "headers")
+		delete(object, "mechanism")
 	}
 
-	if raw, found := object["hosts"]; found {
-		err = json.Unmarshal(raw, &a.Hosts)
-		if err != nil {
-			return fmt.Errorf("error reading 'hosts': %w", err)
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
 		}
-		delete(object, "hosts")
 	}
+	return nil
+}
 
-	if raw, found := object["id"]; found {
-		err = json.Unmarshal(raw, &a.Id)
-		if err != nil {
-			return fmt.Errorf("error reading 'id': %w", err)
-		}
-		delete(object, "id")
-	}
+// Override default JSON handling for OutputKafka_Sasl to handle AdditionalProperties
+func (a OutputKafka_Sasl) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
 
-	if raw, found := object["is_default"]; found {
-		err = json.Unmarshal(raw, &a.IsDefault)
+	if a.Mechanism != nil {
+		object["mechanism"], err = json.Marshal(a.Mechanism)
 		if err != nil {
-			return fmt.Errorf("error reading 'is_default': %w", err)
+			return nil, fmt.Errorf("error marshaling 'mechanism': %w", err)
 		}
-		delete(object, "is_default")
 	}
 
-	if raw, found := object["is_default_monitoring"]; found {
-		err = json.Unmarshal(raw, &a.IsDefaultMonitoring)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return fmt.Errorf("error reading 'is_default_monitoring': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
-		delete(object, "is_default_monitoring")
 	}
+	return json.Marshal(object)
+}
 
-	if raw, found := object["is_internal"]; found {
-		err = json.Unmarshal(raw, &a.IsInternal)
-		if err != nil {
-			return fmt.Errorf("error reading 'is_internal': %w", err)
-		}
-		delete(object, "is_internal")
+// Getter for additional properties for OutputKafkaSecretsPassword0. Returns the specified
+// element and whether it was found
+func (a OutputKafkaSecretsPassword0) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
 	}
+	return
+}
 
-	if raw, found := object["is_preconfigured"]; found {
-		err = json.Unmarshal(raw, &a.IsPreconfigured)
-		if err != nil {
-			return fmt.Errorf("error reading 'is_preconfigured': %w", err)
-		}
-		delete(object, "is_preconfigured")
+// Setter for additional properties for OutputKafkaSecretsPassword0
+func (a *OutputKafkaSecretsPassword0) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
 	}
+	a.AdditionalProperties[fieldName] = value
+}
 
-	if raw, found := object["key"]; found {
-		err = json.Unmarshal(raw, &a.Key)
-		if err != nil {
-			return fmt.Errorf("error reading 'key': %w", err)
-		}
-		delete(object, "key")
+// Override default JSON handling for OutputKafkaSecretsPassword0 to handle AdditionalProperties
+func (a *OutputKafkaSecretsPassword0) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
+	if err != nil {
+		return err
 	}
 
-	if raw, found := object["name"]; found {
-		err = json.Unmarshal(raw, &a.Name)
+	if raw, found := object["id"]; found {
+		err = json.Unmarshal(raw, &a.Id)
 		if err != nil {
-			return fmt.Errorf("error reading 'name': %w", err)
+			return fmt.Errorf("error reading 'id': %w", err)
 		}
-		delete(object, "name")
+		delete(object, "id")
 	}
 
-	if raw, found := object["partition"]; found {
-		err = json.Unmarshal(raw, &a.Partition)
-		if err != nil {
-			return fmt.Errorf("error reading 'partition': %w", err)
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
 		}
-		delete(object, "partition")
 	}
+	return nil
+}
 
-	if raw, found := object["password"]; found {
-		err = json.Unmarshal(raw, &a.Password)
-		if err != nil {
-			return fmt.Errorf("error reading 'password': %w", err)
-		}
-		delete(object, "password")
-	}
+// Override default JSON handling for OutputKafkaSecretsPassword0 to handle AdditionalProperties
+func (a OutputKafkaSecretsPassword0) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
 
-	if raw, found := object["proxy_id"]; found {
-		err = json.Unmarshal(raw, &a.ProxyId)
-		if err != nil {
-			return fmt.Errorf("error reading 'proxy_id': %w", err)
-		}
-		delete(object, "proxy_id")
+	object["id"], err = json.Marshal(a.Id)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'id': %w", err)
 	}
 
-	if raw, found := object["random"]; found {
-		err = json.Unmarshal(raw, &a.Random)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return fmt.Errorf("error reading 'random': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
-		delete(object, "random")
 	}
+	return json.Marshal(object)
+}
 
-	if raw, found := object["required_acks"]; found {
-		err = json.Unmarshal(raw, &a.RequiredAcks)
-		if err != nil {
-			return fmt.Errorf("error reading 'required_acks': %w", err)
-		}
-		delete(object, "required_acks")
+// Getter for additional properties for OutputKafkaSecretsSslKey0. Returns the specified
+// element and whether it was found
+func (a OutputKafkaSecretsSslKey0) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
 	}
+	return
+}
 
-	if raw, found := object["round_robin"]; found {
-		err = json.Unmarshal(raw, &a.RoundRobin)
-		if err != nil {
-			return fmt.Errorf("error reading 'round_robin': %w", err)
-		}
-		delete(object, "round_robin")
+// Setter for additional properties for OutputKafkaSecretsSslKey0
+func (a *OutputKafkaSecretsSslKey0) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
 	}
+	a.AdditionalProperties[fieldName] = value
+}
 
-	if raw, found := object["sasl"]; found {
-		err = json.Unmarshal(raw, &a.Sasl)
-		if err != nil {
-			return fmt.Errorf("error reading 'sasl': %w", err)
-		}
-		delete(object, "sasl")
+// Override default JSON handling for OutputKafkaSecretsSslKey0 to handle AdditionalProperties
+func (a *OutputKafkaSecretsSslKey0) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
+	if err != nil {
+		return err
 	}
 
-	if raw, found := object["secrets"]; found {
-		err = json.Unmarshal(raw, &a.Secrets)
+	if raw, found := object["id"]; found {
+		err = json.Unmarshal(raw, &a.Id)
 		if err != nil {
-			return fmt.Errorf("error reading 'secrets': %w", err)
+			return fmt.Errorf("error reading 'id': %w", err)
 		}
-		delete(object, "secrets")
+		delete(object, "id")
 	}
 
-	if raw, found := object["shipper"]; found {
-		err = json.Unmarshal(raw, &a.Shipper)
-		if err != nil {
-			return fmt.Errorf("error reading 'shipper': %w", err)
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
 		}
-		delete(object, "shipper")
 	}
+	return nil
+}
 
-	if raw, found := object["ssl"]; found {
-		err = json.Unmarshal(raw, &a.Ssl)
-		if err != nil {
-			return fmt.Errorf("error reading 'ssl': %w", err)
-		}
-		delete(object, "ssl")
-	}
+// Override default JSON handling for OutputKafkaSecretsSslKey0 to handle AdditionalProperties
+func (a OutputKafkaSecretsSslKey0) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
 
-	if raw, found := object["timeout"]; found {
-		err = json.Unmarshal(raw, &a.Timeout)
-		if err != nil {
-			return fmt.Errorf("error reading 'timeout': %w", err)
-		}
-		delete(object, "timeout")
+	object["id"], err = json.Marshal(a.Id)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'id': %w", err)
 	}
 
-	if raw, found := object["topic"]; found {
-		err = json.Unmarshal(raw, &a.Topic)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return fmt.Errorf("error reading 'topic': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
-		delete(object, "topic")
 	}
+	return json.Marshal(object)
+}
 
-	if raw, found := object["type"]; found {
-		err = json.Unmarshal(raw, &a.Type)
-		if err != nil {
-			return fmt.Errorf("error reading 'type': %w", err)
-		}
-		delete(object, "type")
+// Getter for additional properties for OutputKafka_Secrets_Ssl. Returns the specified
+// element and whether it was found
+func (a OutputKafka_Secrets_Ssl) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
 	}
+	return
+}
 
-	if raw, found := object["username"]; found {
-		err = json.Unmarshal(raw, &a.Username)
-		if err != nil {
-			return fmt.Errorf("error reading 'username': %w", err)
-		}
-		delete(object, "username")
+// Setter for additional properties for OutputKafka_Secrets_Ssl
+func (a *OutputKafka_Secrets_Ssl) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
+	}
+	a.AdditionalProperties[fieldName] = value
+}
+
+// Override default JSON handling for OutputKafka_Secrets_Ssl to handle AdditionalProperties
+func (a *OutputKafka_Secrets_Ssl) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
+	if err != nil {
+		return err
 	}
 
-	if raw, found := object["version"]; found {
-		err = json.Unmarshal(raw, &a.Version)
+	if raw, found := object["key"]; found {
+		err = json.Unmarshal(raw, &a.Key)
 		if err != nil {
-			return fmt.Errorf("error reading 'version': %w", err)
+			return fmt.Errorf("error reading 'key': %w", err)
 		}
-		delete(object, "version")
+		delete(object, "key")
 	}
 
 	if len(object) != 0 {
@@ -5565,288 +12593,267 @@ func (a *OutputKafka) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for OutputKafka to handle AdditionalProperties
-func (a OutputKafka) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for OutputKafka_Secrets_Ssl to handle AdditionalProperties
+func (a OutputKafka_Secrets_Ssl) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.AllowEdit != nil {
-		object["allow_edit"], err = json.Marshal(a.AllowEdit)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'allow_edit': %w", err)
-		}
-	}
-
-	object["auth_type"], err = json.Marshal(a.AuthType)
+	object["key"], err = json.Marshal(a.Key)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'auth_type': %w", err)
-	}
-
-	if a.BrokerTimeout != nil {
-		object["broker_timeout"], err = json.Marshal(a.BrokerTimeout)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'broker_timeout': %w", err)
-		}
-	}
-
-	if a.CaSha256 != nil {
-		object["ca_sha256"], err = json.Marshal(a.CaSha256)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'ca_sha256': %w", err)
-		}
-	}
-
-	if a.CaTrustedFingerprint != nil {
-		object["ca_trusted_fingerprint"], err = json.Marshal(a.CaTrustedFingerprint)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'ca_trusted_fingerprint': %w", err)
-		}
-	}
-
-	if a.ClientId != nil {
-		object["client_id"], err = json.Marshal(a.ClientId)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'client_id': %w", err)
-		}
+		return nil, fmt.Errorf("error marshaling 'key': %w", err)
 	}
 
-	if a.Compression != nil {
-		object["compression"], err = json.Marshal(a.Compression)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'compression': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
 	}
+	return json.Marshal(object)
+}
 
-	object["compression_level"], err = json.Marshal(a.CompressionLevel)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'compression_level': %w", err)
+// Getter for additional properties for OutputKafka_Secrets. Returns the specified
+// element and whether it was found
+func (a OutputKafka_Secrets) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
 	}
+	return
+}
 
-	if a.ConfigYaml != nil {
-		object["config_yaml"], err = json.Marshal(a.ConfigYaml)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'config_yaml': %w", err)
-		}
+// Setter for additional properties for OutputKafka_Secrets
+func (a *OutputKafka_Secrets) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
 	}
+	a.AdditionalProperties[fieldName] = value
+}
 
-	object["connection_type"], err = json.Marshal(a.ConnectionType)
+// Override default JSON handling for OutputKafka_Secrets to handle AdditionalProperties
+func (a *OutputKafka_Secrets) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'connection_type': %w", err)
-	}
-
-	if a.Hash != nil {
-		object["hash"], err = json.Marshal(a.Hash)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'hash': %w", err)
-		}
+		return err
 	}
 
-	if a.Headers != nil {
-		object["headers"], err = json.Marshal(a.Headers)
+	if raw, found := object["password"]; found {
+		err = json.Unmarshal(raw, &a.Password)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'headers': %w", err)
+			return fmt.Errorf("error reading 'password': %w", err)
 		}
+		delete(object, "password")
 	}
 
-	object["hosts"], err = json.Marshal(a.Hosts)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'hosts': %w", err)
-	}
-
-	if a.Id != nil {
-		object["id"], err = json.Marshal(a.Id)
+	if raw, found := object["ssl"]; found {
+		err = json.Unmarshal(raw, &a.Ssl)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'id': %w", err)
+			return fmt.Errorf("error reading 'ssl': %w", err)
 		}
+		delete(object, "ssl")
 	}
 
-	if a.IsDefault != nil {
-		object["is_default"], err = json.Marshal(a.IsDefault)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'is_default': %w", err)
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
 		}
 	}
+	return nil
+}
 
-	if a.IsDefaultMonitoring != nil {
-		object["is_default_monitoring"], err = json.Marshal(a.IsDefaultMonitoring)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'is_default_monitoring': %w", err)
-		}
-	}
+// Override default JSON handling for OutputKafka_Secrets to handle AdditionalProperties
+func (a OutputKafka_Secrets) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
 
-	if a.IsInternal != nil {
-		object["is_internal"], err = json.Marshal(a.IsInternal)
+	if a.Password != nil {
+		object["password"], err = json.Marshal(a.Password)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'is_internal': %w", err)
+			return nil, fmt.Errorf("error marshaling 'password': %w", err)
 		}
 	}
 
-	if a.IsPreconfigured != nil {
-		object["is_preconfigured"], err = json.Marshal(a.IsPreconfigured)
+	if a.Ssl != nil {
+		object["ssl"], err = json.Marshal(a.Ssl)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'is_preconfigured': %w", err)
+			return nil, fmt.Errorf("error marshaling 'ssl': %w", err)
 		}
 	}
 
-	if a.Key != nil {
-		object["key"], err = json.Marshal(a.Key)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'key': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
 	}
+	return json.Marshal(object)
+}
 
-	object["name"], err = json.Marshal(a.Name)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'name': %w", err)
+// Getter for additional properties for OutputLogstash. Returns the specified
+// element and whether it was found
+func (a OutputLogstash) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
 	}
+	return
+}
 
-	if a.Partition != nil {
-		object["partition"], err = json.Marshal(a.Partition)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'partition': %w", err)
-		}
+// Setter for additional properties for OutputLogstash
+func (a *OutputLogstash) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
 	}
+	a.AdditionalProperties[fieldName] = value
+}
 
-	object["password"], err = json.Marshal(a.Password)
+// Override default JSON handling for OutputLogstash to handle AdditionalProperties
+func (a *OutputLogstash) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'password': %w", err)
+		return err
 	}
 
-	if a.ProxyId != nil {
-		object["proxy_id"], err = json.Marshal(a.ProxyId)
+	if raw, found := object["allow_edit"]; found {
+		err = json.Unmarshal(raw, &a.AllowEdit)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'proxy_id': %w", err)
+			return fmt.Errorf("error reading 'allow_edit': %w", err)
 		}
+		delete(object, "allow_edit")
 	}
 
-	if a.Random != nil {
-		object["random"], err = json.Marshal(a.Random)
+	if raw, found := object["ca_sha256"]; found {
+		err = json.Unmarshal(raw, &a.CaSha256)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'random': %w", err)
+			return fmt.Errorf("error reading 'ca_sha256': %w", err)
 		}
+		delete(object, "ca_sha256")
 	}
 
-	if a.RequiredAcks != nil {
-		object["required_acks"], err = json.Marshal(a.RequiredAcks)
+	if raw, found := object["ca_trusted_fingerprint"]; found {
+		err = json.Unmarshal(raw, &a.CaTrustedFingerprint)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'required_acks': %w", err)
+			return fmt.Errorf("error reading 'ca_trusted_fingerprint': %w", err)
 		}
+		delete(object, "ca_trusted_fingerprint")
 	}
 
-	if a.RoundRobin != nil {
-		object["round_robin"], err = json.Marshal(a.RoundRobin)
+	if raw, found := object["config_yaml"]; found {
+		err = json.Unmarshal(raw, &a.ConfigYaml)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'round_robin': %w", err)
+			return fmt.Errorf("error reading 'config_yaml': %w", err)
 		}
+		delete(object, "config_yaml")
 	}
 
-	if a.Sasl != nil {
-		object["sasl"], err = json.Marshal(a.Sasl)
+	if raw, found := object["hosts"]; found {
+		err = json.Unmarshal(raw, &a.Hosts)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'sasl': %w", err)
+			return fmt.Errorf("error reading 'hosts': %w", err)
 		}
+		delete(object, "hosts")
 	}
 
-	if a.Secrets != nil {
-		object["secrets"], err = json.Marshal(a.Secrets)
+	if raw, found := object["id"]; found {
+		err = json.Unmarshal(raw, &a.Id)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'secrets': %w", err)
+			return fmt.Errorf("error reading 'id': %w", err)
 		}
+		delete(object, "id")
 	}
 
-	if a.Shipper != nil {
-		object["shipper"], err = json.Marshal(a.Shipper)
+	if raw, found := object["is_default"]; found {
+		err = json.Unmarshal(raw, &a.IsDefault)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'shipper': %w", err)
+			return fmt.Errorf("error reading 'is_default': %w", err)
 		}
+		delete(object, "is_default")
 	}
 
-	if a.Ssl != nil {
-		object["ssl"], err = json.Marshal(a.Ssl)
+	if raw, found := object["is_default_monitoring"]; found {
+		err = json.Unmarshal(raw, &a.IsDefaultMonitoring)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'ssl': %w", err)
+			return fmt.Errorf("error reading 'is_default_monitoring': %w", err)
 		}
+		delete(object, "is_default_monitoring")
 	}
 
-	if a.Timeout != nil {
-		object["timeout"], err = json.Marshal(a.Timeout)
+	if raw, found := object["is_internal"]; found {
+		err = json.Unmarshal(raw, &a.IsInternal)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'timeout': %w", err)
+			return fmt.Errorf("error reading 'is_internal': %w", err)
 		}
+		delete(object, "is_internal")
 	}
 
-	if a.Topic != nil {
-		object["topic"], err = json.Marshal(a.Topic)
+	if raw, found := object["is_preconfigured"]; found {
+		err = json.Unmarshal(raw, &a.IsPreconfigured)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'topic': %w", err)
+			return fmt.Errorf("error reading 'is_preconfigured': %w", err)
 		}
+		delete(object, "is_preconfigured")
 	}
 
-	object["type"], err = json.Marshal(a.Type)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'type': %w", err)
-	}
-
-	object["username"], err = json.Marshal(a.Username)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'username': %w", err)
-	}
-
-	if a.Version != nil {
-		object["version"], err = json.Marshal(a.Version)
+	if raw, found := object["name"]; found {
+		err = json.Unmarshal(raw, &a.Name)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'version': %w", err)
+			return fmt.Errorf("error reading 'name': %w", err)
 		}
+		delete(object, "name")
 	}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
+	if raw, found := object["proxy_id"]; found {
+		err = json.Unmarshal(raw, &a.ProxyId)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
+			return fmt.Errorf("error reading 'proxy_id': %w", err)
 		}
+		delete(object, "proxy_id")
 	}
-	return json.Marshal(object)
-}
 
-// Getter for additional properties for OutputKafka_Hash. Returns the specified
-// element and whether it was found
-func (a OutputKafka_Hash) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
+	if raw, found := object["secrets"]; found {
+		err = json.Unmarshal(raw, &a.Secrets)
+		if err != nil {
+			return fmt.Errorf("error reading 'secrets': %w", err)
+		}
+		delete(object, "secrets")
 	}
-	return
-}
 
-// Setter for additional properties for OutputKafka_Hash
-func (a *OutputKafka_Hash) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
+	if raw, found := object["shipper"]; found {
+		err = json.Unmarshal(raw, &a.Shipper)
+		if err != nil {
+			return fmt.Errorf("error reading 'shipper': %w", err)
+		}
+		delete(object, "shipper")
 	}
-	a.AdditionalProperties[fieldName] = value
-}
 
-// Override default JSON handling for OutputKafka_Hash to handle AdditionalProperties
-func (a *OutputKafka_Hash) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
-	if err != nil {
-		return err
+	if raw, found := object["ssl"]; found {
+		err = json.Unmarshal(raw, &a.Ssl)
+		if err != nil {
+			return fmt.Errorf("error reading 'ssl': %w", err)
+		}
+		delete(object, "ssl")
 	}
 
-	if raw, found := object["hash"]; found {
-		err = json.Unmarshal(raw, &a.Hash)
+	if raw, found := object["type"]; found {
+		err = json.Unmarshal(raw, &a.Type)
 		if err != nil {
-			return fmt.Errorf("error reading 'hash': %w", err)
+			return fmt.Errorf("error reading 'type': %w", err)
 		}
-		delete(object, "hash")
+		delete(object, "type")
 	}
 
-	if raw, found := object["random"]; found {
-		err = json.Unmarshal(raw, &a.Random)
+	if raw, found := object["write_to_logs_streams"]; found {
+		err = json.Unmarshal(raw, &a.WriteToLogsStreams)
 		if err != nil {
-			return fmt.Errorf("error reading 'random': %w", err)
+			return fmt.Errorf("error reading 'write_to_logs_streams': %w", err)
 		}
-		delete(object, "random")
+		delete(object, "write_to_logs_streams")
 	}
 
 	if len(object) != 0 {
@@ -5863,102 +12870,122 @@ func (a *OutputKafka_Hash) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for OutputKafka_Hash to handle AdditionalProperties
-func (a OutputKafka_Hash) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for OutputLogstash to handle AdditionalProperties
+func (a OutputLogstash) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Hash != nil {
-		object["hash"], err = json.Marshal(a.Hash)
+	if a.AllowEdit != nil {
+		object["allow_edit"], err = json.Marshal(a.AllowEdit)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'hash': %w", err)
+			return nil, fmt.Errorf("error marshaling 'allow_edit': %w", err)
 		}
 	}
 
-	if a.Random != nil {
-		object["random"], err = json.Marshal(a.Random)
+	if a.CaSha256 != nil {
+		object["ca_sha256"], err = json.Marshal(a.CaSha256)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'random': %w", err)
+			return nil, fmt.Errorf("error marshaling 'ca_sha256': %w", err)
 		}
 	}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
+	if a.CaTrustedFingerprint != nil {
+		object["ca_trusted_fingerprint"], err = json.Marshal(a.CaTrustedFingerprint)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
+			return nil, fmt.Errorf("error marshaling 'ca_trusted_fingerprint': %w", err)
 		}
 	}
-	return json.Marshal(object)
-}
 
-// Getter for additional properties for OutputKafka_Headers_Item. Returns the specified
-// element and whether it was found
-func (a OutputKafka_Headers_Item) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
+	if a.ConfigYaml != nil {
+		object["config_yaml"], err = json.Marshal(a.ConfigYaml)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'config_yaml': %w", err)
+		}
 	}
-	return
-}
 
-// Setter for additional properties for OutputKafka_Headers_Item
-func (a *OutputKafka_Headers_Item) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
+	object["hosts"], err = json.Marshal(a.Hosts)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'hosts': %w", err)
 	}
-	a.AdditionalProperties[fieldName] = value
-}
 
-// Override default JSON handling for OutputKafka_Headers_Item to handle AdditionalProperties
-func (a *OutputKafka_Headers_Item) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
-	if err != nil {
-		return err
+	if a.Id != nil {
+		object["id"], err = json.Marshal(a.Id)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'id': %w", err)
+		}
 	}
 
-	if raw, found := object["key"]; found {
-		err = json.Unmarshal(raw, &a.Key)
+	if a.IsDefault != nil {
+		object["is_default"], err = json.Marshal(a.IsDefault)
 		if err != nil {
-			return fmt.Errorf("error reading 'key': %w", err)
+			return nil, fmt.Errorf("error marshaling 'is_default': %w", err)
 		}
-		delete(object, "key")
 	}
 
-	if raw, found := object["value"]; found {
-		err = json.Unmarshal(raw, &a.Value)
+	if a.IsDefaultMonitoring != nil {
+		object["is_default_monitoring"], err = json.Marshal(a.IsDefaultMonitoring)
 		if err != nil {
-			return fmt.Errorf("error reading 'value': %w", err)
+			return nil, fmt.Errorf("error marshaling 'is_default_monitoring': %w", err)
 		}
-		delete(object, "value")
 	}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
+	if a.IsInternal != nil {
+		object["is_internal"], err = json.Marshal(a.IsInternal)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'is_internal': %w", err)
 		}
 	}
-	return nil
-}
 
-// Override default JSON handling for OutputKafka_Headers_Item to handle AdditionalProperties
-func (a OutputKafka_Headers_Item) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
+	if a.IsPreconfigured != nil {
+		object["is_preconfigured"], err = json.Marshal(a.IsPreconfigured)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'is_preconfigured': %w", err)
+		}
+	}
 
-	object["key"], err = json.Marshal(a.Key)
+	object["name"], err = json.Marshal(a.Name)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'key': %w", err)
+		return nil, fmt.Errorf("error marshaling 'name': %w", err)
 	}
 
-	object["value"], err = json.Marshal(a.Value)
+	if a.ProxyId != nil {
+		object["proxy_id"], err = json.Marshal(a.ProxyId)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'proxy_id': %w", err)
+		}
+	}
+
+	if a.Secrets != nil {
+		object["secrets"], err = json.Marshal(a.Secrets)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'secrets': %w", err)
+		}
+	}
+
+	if a.Shipper != nil {
+		object["shipper"], err = json.Marshal(a.Shipper)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'shipper': %w", err)
+		}
+	}
+
+	if a.Ssl != nil {
+		object["ssl"], err = json.Marshal(a.Ssl)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'ssl': %w", err)
+		}
+	}
+
+	object["type"], err = json.Marshal(a.Type)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'value': %w", err)
+		return nil, fmt.Errorf("error marshaling 'type': %w", err)
+	}
+
+	if a.WriteToLogsStreams != nil {
+		object["write_to_logs_streams"], err = json.Marshal(a.WriteToLogsStreams)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'write_to_logs_streams': %w", err)
+		}
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -5970,37 +12997,37 @@ func (a OutputKafka_Headers_Item) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for OutputKafka_Random. Returns the specified
+// Getter for additional properties for OutputLogstashSecretsSslKey0. Returns the specified
 // element and whether it was found
-func (a OutputKafka_Random) Get(fieldName string) (value interface{}, found bool) {
+func (a OutputLogstashSecretsSslKey0) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for OutputKafka_Random
-func (a *OutputKafka_Random) Set(fieldName string, value interface{}) {
+// Setter for additional properties for OutputLogstashSecretsSslKey0
+func (a *OutputLogstashSecretsSslKey0) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for OutputKafka_Random to handle AdditionalProperties
-func (a *OutputKafka_Random) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for OutputLogstashSecretsSslKey0 to handle AdditionalProperties
+func (a *OutputLogstashSecretsSslKey0) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["group_events"]; found {
-		err = json.Unmarshal(raw, &a.GroupEvents)
+	if raw, found := object["id"]; found {
+		err = json.Unmarshal(raw, &a.Id)
 		if err != nil {
-			return fmt.Errorf("error reading 'group_events': %w", err)
+			return fmt.Errorf("error reading 'id': %w", err)
 		}
-		delete(object, "group_events")
+		delete(object, "id")
 	}
 
 	if len(object) != 0 {
@@ -6017,16 +13044,14 @@ func (a *OutputKafka_Random) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for OutputKafka_Random to handle AdditionalProperties
-func (a OutputKafka_Random) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for OutputLogstashSecretsSslKey0 to handle AdditionalProperties
+func (a OutputLogstashSecretsSslKey0) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.GroupEvents != nil {
-		object["group_events"], err = json.Marshal(a.GroupEvents)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'group_events': %w", err)
-		}
+	object["id"], err = json.Marshal(a.Id)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'id': %w", err)
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -6038,37 +13063,37 @@ func (a OutputKafka_Random) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for OutputKafka_RoundRobin. Returns the specified
+// Getter for additional properties for OutputLogstash_Secrets_Ssl. Returns the specified
 // element and whether it was found
-func (a OutputKafka_RoundRobin) Get(fieldName string) (value interface{}, found bool) {
+func (a OutputLogstash_Secrets_Ssl) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for OutputKafka_RoundRobin
-func (a *OutputKafka_RoundRobin) Set(fieldName string, value interface{}) {
+// Setter for additional properties for OutputLogstash_Secrets_Ssl
+func (a *OutputLogstash_Secrets_Ssl) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for OutputKafka_RoundRobin to handle AdditionalProperties
-func (a *OutputKafka_RoundRobin) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for OutputLogstash_Secrets_Ssl to handle AdditionalProperties
+func (a *OutputLogstash_Secrets_Ssl) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["group_events"]; found {
-		err = json.Unmarshal(raw, &a.GroupEvents)
+	if raw, found := object["key"]; found {
+		err = json.Unmarshal(raw, &a.Key)
 		if err != nil {
-			return fmt.Errorf("error reading 'group_events': %w", err)
+			return fmt.Errorf("error reading 'key': %w", err)
 		}
-		delete(object, "group_events")
+		delete(object, "key")
 	}
 
 	if len(object) != 0 {
@@ -6085,15 +13110,15 @@ func (a *OutputKafka_RoundRobin) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for OutputKafka_RoundRobin to handle AdditionalProperties
-func (a OutputKafka_RoundRobin) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for OutputLogstash_Secrets_Ssl to handle AdditionalProperties
+func (a OutputLogstash_Secrets_Ssl) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.GroupEvents != nil {
-		object["group_events"], err = json.Marshal(a.GroupEvents)
+	if a.Key != nil {
+		object["key"], err = json.Marshal(a.Key)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'group_events': %w", err)
+			return nil, fmt.Errorf("error marshaling 'key': %w", err)
 		}
 	}
 
@@ -6106,37 +13131,37 @@ func (a OutputKafka_RoundRobin) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for OutputKafka_Sasl. Returns the specified
+// Getter for additional properties for OutputLogstash_Secrets. Returns the specified
 // element and whether it was found
-func (a OutputKafka_Sasl) Get(fieldName string) (value interface{}, found bool) {
+func (a OutputLogstash_Secrets) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for OutputKafka_Sasl
-func (a *OutputKafka_Sasl) Set(fieldName string, value interface{}) {
+// Setter for additional properties for OutputLogstash_Secrets
+func (a *OutputLogstash_Secrets) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for OutputKafka_Sasl to handle AdditionalProperties
-func (a *OutputKafka_Sasl) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for OutputLogstash_Secrets to handle AdditionalProperties
+func (a *OutputLogstash_Secrets) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["mechanism"]; found {
-		err = json.Unmarshal(raw, &a.Mechanism)
+	if raw, found := object["ssl"]; found {
+		err = json.Unmarshal(raw, &a.Ssl)
 		if err != nil {
-			return fmt.Errorf("error reading 'mechanism': %w", err)
+			return fmt.Errorf("error reading 'ssl': %w", err)
 		}
-		delete(object, "mechanism")
+		delete(object, "ssl")
 	}
 
 	if len(object) != 0 {
@@ -6153,15 +13178,15 @@ func (a *OutputKafka_Sasl) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for OutputKafka_Sasl to handle AdditionalProperties
-func (a OutputKafka_Sasl) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for OutputLogstash_Secrets to handle AdditionalProperties
+func (a OutputLogstash_Secrets) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Mechanism != nil {
-		object["mechanism"], err = json.Marshal(a.Mechanism)
+	if a.Ssl != nil {
+		object["ssl"], err = json.Marshal(a.Ssl)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'mechanism': %w", err)
+			return nil, fmt.Errorf("error marshaling 'ssl': %w", err)
 		}
 	}
 
@@ -6174,31 +13199,71 @@ func (a OutputKafka_Sasl) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for OutputKafkaSecretsPassword0. Returns the specified
+// Getter for additional properties for OutputRemoteElasticsearch. Returns the specified
 // element and whether it was found
-func (a OutputKafkaSecretsPassword0) Get(fieldName string) (value interface{}, found bool) {
+func (a OutputRemoteElasticsearch) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for OutputKafkaSecretsPassword0
-func (a *OutputKafkaSecretsPassword0) Set(fieldName string, value interface{}) {
+// Setter for additional properties for OutputRemoteElasticsearch
+func (a *OutputRemoteElasticsearch) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for OutputKafkaSecretsPassword0 to handle AdditionalProperties
-func (a *OutputKafkaSecretsPassword0) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for OutputRemoteElasticsearch to handle AdditionalProperties
+func (a *OutputRemoteElasticsearch) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
+	if raw, found := object["allow_edit"]; found {
+		err = json.Unmarshal(raw, &a.AllowEdit)
+		if err != nil {
+			return fmt.Errorf("error reading 'allow_edit': %w", err)
+		}
+		delete(object, "allow_edit")
+	}
+
+	if raw, found := object["ca_sha256"]; found {
+		err = json.Unmarshal(raw, &a.CaSha256)
+		if err != nil {
+			return fmt.Errorf("error reading 'ca_sha256': %w", err)
+		}
+		delete(object, "ca_sha256")
+	}
+
+	if raw, found := object["ca_trusted_fingerprint"]; found {
+		err = json.Unmarshal(raw, &a.CaTrustedFingerprint)
+		if err != nil {
+			return fmt.Errorf("error reading 'ca_trusted_fingerprint': %w", err)
+		}
+		delete(object, "ca_trusted_fingerprint")
+	}
+
+	if raw, found := object["config_yaml"]; found {
+		err = json.Unmarshal(raw, &a.ConfigYaml)
+		if err != nil {
+			return fmt.Errorf("error reading 'config_yaml': %w", err)
+		}
+		delete(object, "config_yaml")
+	}
+
+	if raw, found := object["hosts"]; found {
+		err = json.Unmarshal(raw, &a.Hosts)
+		if err != nil {
+			return fmt.Errorf("error reading 'hosts': %w", err)
+		}
+		delete(object, "hosts")
+	}
+
 	if raw, found := object["id"]; found {
 		err = json.Unmarshal(raw, &a.Id)
 		if err != nil {
@@ -6207,70 +13272,140 @@ func (a *OutputKafkaSecretsPassword0) UnmarshalJSON(b []byte) error {
 		delete(object, "id")
 	}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
+	if raw, found := object["is_default"]; found {
+		err = json.Unmarshal(raw, &a.IsDefault)
+		if err != nil {
+			return fmt.Errorf("error reading 'is_default': %w", err)
 		}
+		delete(object, "is_default")
 	}
-	return nil
-}
 
-// Override default JSON handling for OutputKafkaSecretsPassword0 to handle AdditionalProperties
-func (a OutputKafkaSecretsPassword0) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
+	if raw, found := object["is_default_monitoring"]; found {
+		err = json.Unmarshal(raw, &a.IsDefaultMonitoring)
+		if err != nil {
+			return fmt.Errorf("error reading 'is_default_monitoring': %w", err)
+		}
+		delete(object, "is_default_monitoring")
+	}
 
-	object["id"], err = json.Marshal(a.Id)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'id': %w", err)
+	if raw, found := object["is_internal"]; found {
+		err = json.Unmarshal(raw, &a.IsInternal)
+		if err != nil {
+			return fmt.Errorf("error reading 'is_internal': %w", err)
+		}
+		delete(object, "is_internal")
 	}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
+	if raw, found := object["is_preconfigured"]; found {
+		err = json.Unmarshal(raw, &a.IsPreconfigured)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
+			return fmt.Errorf("error reading 'is_preconfigured': %w", err)
 		}
+		delete(object, "is_preconfigured")
 	}
-	return json.Marshal(object)
-}
 
-// Getter for additional properties for OutputKafkaSecretsSslKey0. Returns the specified
-// element and whether it was found
-func (a OutputKafkaSecretsSslKey0) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
+	if raw, found := object["kibana_api_key"]; found {
+		err = json.Unmarshal(raw, &a.KibanaApiKey)
+		if err != nil {
+			return fmt.Errorf("error reading 'kibana_api_key': %w", err)
+		}
+		delete(object, "kibana_api_key")
 	}
-	return
-}
 
-// Setter for additional properties for OutputKafkaSecretsSslKey0
-func (a *OutputKafkaSecretsSslKey0) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
+	if raw, found := object["kibana_url"]; found {
+		err = json.Unmarshal(raw, &a.KibanaUrl)
+		if err != nil {
+			return fmt.Errorf("error reading 'kibana_url': %w", err)
+		}
+		delete(object, "kibana_url")
 	}
-	a.AdditionalProperties[fieldName] = value
-}
 
-// Override default JSON handling for OutputKafkaSecretsSslKey0 to handle AdditionalProperties
-func (a *OutputKafkaSecretsSslKey0) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
-	if err != nil {
-		return err
+	if raw, found := object["name"]; found {
+		err = json.Unmarshal(raw, &a.Name)
+		if err != nil {
+			return fmt.Errorf("error reading 'name': %w", err)
+		}
+		delete(object, "name")
+	}
+
+	if raw, found := object["preset"]; found {
+		err = json.Unmarshal(raw, &a.Preset)
+		if err != nil {
+			return fmt.Errorf("error reading 'preset': %w", err)
+		}
+		delete(object, "preset")
+	}
+
+	if raw, found := object["proxy_id"]; found {
+		err = json.Unmarshal(raw, &a.ProxyId)
+		if err != nil {
+			return fmt.Errorf("error reading 'proxy_id': %w", err)
+		}
+		delete(object, "proxy_id")
+	}
+
+	if raw, found := object["secrets"]; found {
+		err = json.Unmarshal(raw, &a.Secrets)
+		if err != nil {
+			return fmt.Errorf("error reading 'secrets': %w", err)
+		}
+		delete(object, "secrets")
+	}
+
+	if raw, found := object["service_token"]; found {
+		err = json.Unmarshal(raw, &a.ServiceToken)
+		if err != nil {
+			return fmt.Errorf("error reading 'service_token': %w", err)
+		}
+		delete(object, "service_token")
+	}
+
+	if raw, found := object["shipper"]; found {
+		err = json.Unmarshal(raw, &a.Shipper)
+		if err != nil {
+			return fmt.Errorf("error reading 'shipper': %w", err)
+		}
+		delete(object, "shipper")
+	}
+
+	if raw, found := object["ssl"]; found {
+		err = json.Unmarshal(raw, &a.Ssl)
+		if err != nil {
+			return fmt.Errorf("error reading 'ssl': %w", err)
+		}
+		delete(object, "ssl")
+	}
+
+	if raw, found := object["sync_integrations"]; found {
+		err = json.Unmarshal(raw, &a.SyncIntegrations)
+		if err != nil {
+			return fmt.Errorf("error reading 'sync_integrations': %w", err)
+		}
+		delete(object, "sync_integrations")
+	}
+
+	if raw, found := object["sync_uninstalled_integrations"]; found {
+		err = json.Unmarshal(raw, &a.SyncUninstalledIntegrations)
+		if err != nil {
+			return fmt.Errorf("error reading 'sync_uninstalled_integrations': %w", err)
+		}
+		delete(object, "sync_uninstalled_integrations")
+	}
+
+	if raw, found := object["type"]; found {
+		err = json.Unmarshal(raw, &a.Type)
+		if err != nil {
+			return fmt.Errorf("error reading 'type': %w", err)
+		}
+		delete(object, "type")
 	}
 
-	if raw, found := object["id"]; found {
-		err = json.Unmarshal(raw, &a.Id)
+	if raw, found := object["write_to_logs_streams"]; found {
+		err = json.Unmarshal(raw, &a.WriteToLogsStreams)
 		if err != nil {
-			return fmt.Errorf("error reading 'id': %w", err)
+			return fmt.Errorf("error reading 'write_to_logs_streams': %w", err)
 		}
-		delete(object, "id")
+		delete(object, "write_to_logs_streams")
 	}
 
 	if len(object) != 0 {
@@ -6287,155 +13422,130 @@ func (a *OutputKafkaSecretsSslKey0) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for OutputKafkaSecretsSslKey0 to handle AdditionalProperties
-func (a OutputKafkaSecretsSslKey0) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for OutputRemoteElasticsearch to handle AdditionalProperties
+func (a OutputRemoteElasticsearch) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	object["id"], err = json.Marshal(a.Id)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'id': %w", err)
+	if a.AllowEdit != nil {
+		object["allow_edit"], err = json.Marshal(a.AllowEdit)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'allow_edit': %w", err)
+		}
 	}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
+	if a.CaSha256 != nil {
+		object["ca_sha256"], err = json.Marshal(a.CaSha256)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
+			return nil, fmt.Errorf("error marshaling 'ca_sha256': %w", err)
 		}
 	}
-	return json.Marshal(object)
-}
 
-// Getter for additional properties for OutputKafka_Secrets_Ssl. Returns the specified
-// element and whether it was found
-func (a OutputKafka_Secrets_Ssl) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
+	if a.CaTrustedFingerprint != nil {
+		object["ca_trusted_fingerprint"], err = json.Marshal(a.CaTrustedFingerprint)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'ca_trusted_fingerprint': %w", err)
+		}
 	}
-	return
-}
 
-// Setter for additional properties for OutputKafka_Secrets_Ssl
-func (a *OutputKafka_Secrets_Ssl) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
+	if a.ConfigYaml != nil {
+		object["config_yaml"], err = json.Marshal(a.ConfigYaml)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'config_yaml': %w", err)
+		}
 	}
-	a.AdditionalProperties[fieldName] = value
-}
 
-// Override default JSON handling for OutputKafka_Secrets_Ssl to handle AdditionalProperties
-func (a *OutputKafka_Secrets_Ssl) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
+	object["hosts"], err = json.Marshal(a.Hosts)
 	if err != nil {
-		return err
+		return nil, fmt.Errorf("error marshaling 'hosts': %w", err)
 	}
 
-	if raw, found := object["key"]; found {
-		err = json.Unmarshal(raw, &a.Key)
+	if a.Id != nil {
+		object["id"], err = json.Marshal(a.Id)
 		if err != nil {
-			return fmt.Errorf("error reading 'key': %w", err)
+			return nil, fmt.Errorf("error marshaling 'id': %w", err)
 		}
-		delete(object, "key")
 	}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
+	if a.IsDefault != nil {
+		object["is_default"], err = json.Marshal(a.IsDefault)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'is_default': %w", err)
 		}
 	}
-	return nil
-}
 
-// Override default JSON handling for OutputKafka_Secrets_Ssl to handle AdditionalProperties
-func (a OutputKafka_Secrets_Ssl) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
+	if a.IsDefaultMonitoring != nil {
+		object["is_default_monitoring"], err = json.Marshal(a.IsDefaultMonitoring)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'is_default_monitoring': %w", err)
+		}
+	}
 
-	object["key"], err = json.Marshal(a.Key)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'key': %w", err)
+	if a.IsInternal != nil {
+		object["is_internal"], err = json.Marshal(a.IsInternal)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'is_internal': %w", err)
+		}
 	}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
+	if a.IsPreconfigured != nil {
+		object["is_preconfigured"], err = json.Marshal(a.IsPreconfigured)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
+			return nil, fmt.Errorf("error marshaling 'is_preconfigured': %w", err)
 		}
 	}
-	return json.Marshal(object)
-}
 
-// Getter for additional properties for OutputKafka_Secrets. Returns the specified
-// element and whether it was found
-func (a OutputKafka_Secrets) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
+	if a.KibanaApiKey != nil {
+		object["kibana_api_key"], err = json.Marshal(a.KibanaApiKey)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'kibana_api_key': %w", err)
+		}
 	}
-	return
-}
 
-// Setter for additional properties for OutputKafka_Secrets
-func (a *OutputKafka_Secrets) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
+	if a.KibanaUrl != nil {
+		object["kibana_url"], err = json.Marshal(a.KibanaUrl)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'kibana_url': %w", err)
+		}
 	}
-	a.AdditionalProperties[fieldName] = value
-}
 
-// Override default JSON handling for OutputKafka_Secrets to handle AdditionalProperties
-func (a *OutputKafka_Secrets) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
+	object["name"], err = json.Marshal(a.Name)
 	if err != nil {
-		return err
+		return nil, fmt.Errorf("error marshaling 'name': %w", err)
 	}
 
-	if raw, found := object["password"]; found {
-		err = json.Unmarshal(raw, &a.Password)
+	if a.Preset != nil {
+		object["preset"], err = json.Marshal(a.Preset)
 		if err != nil {
-			return fmt.Errorf("error reading 'password': %w", err)
+			return nil, fmt.Errorf("error marshaling 'preset': %w", err)
 		}
-		delete(object, "password")
 	}
 
-	if raw, found := object["ssl"]; found {
-		err = json.Unmarshal(raw, &a.Ssl)
+	if a.ProxyId != nil {
+		object["proxy_id"], err = json.Marshal(a.ProxyId)
 		if err != nil {
-			return fmt.Errorf("error reading 'ssl': %w", err)
+			return nil, fmt.Errorf("error marshaling 'proxy_id': %w", err)
 		}
-		delete(object, "ssl")
 	}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
+	if a.Secrets != nil {
+		object["secrets"], err = json.Marshal(a.Secrets)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'secrets': %w", err)
 		}
 	}
-	return nil
-}
 
-// Override default JSON handling for OutputKafka_Secrets to handle AdditionalProperties
-func (a OutputKafka_Secrets) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
+	if a.ServiceToken != nil {
+		object["service_token"], err = json.Marshal(a.ServiceToken)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'service_token': %w", err)
+		}
+	}
 
-	if a.Password != nil {
-		object["password"], err = json.Marshal(a.Password)
+	if a.Shipper != nil {
+		object["shipper"], err = json.Marshal(a.Shipper)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'password': %w", err)
+			return nil, fmt.Errorf("error marshaling 'shipper': %w", err)
 		}
 	}
 
@@ -6446,6 +13556,32 @@ func (a OutputKafka_Secrets) MarshalJSON() ([]byte, error) {
 		}
 	}
 
+	if a.SyncIntegrations != nil {
+		object["sync_integrations"], err = json.Marshal(a.SyncIntegrations)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'sync_integrations': %w", err)
+		}
+	}
+
+	if a.SyncUninstalledIntegrations != nil {
+		object["sync_uninstalled_integrations"], err = json.Marshal(a.SyncUninstalledIntegrations)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'sync_uninstalled_integrations': %w", err)
+		}
+	}
+
+	object["type"], err = json.Marshal(a.Type)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'type': %w", err)
+	}
+
+	if a.WriteToLogsStreams != nil {
+		object["write_to_logs_streams"], err = json.Marshal(a.WriteToLogsStreams)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'write_to_logs_streams': %w", err)
+		}
+	}
+
 	for fieldName, field := range a.AdditionalProperties {
 		object[fieldName], err = json.Marshal(field)
 		if err != nil {
@@ -6455,71 +13591,31 @@ func (a OutputKafka_Secrets) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for OutputLogstash. Returns the specified
+// Getter for additional properties for OutputRemoteElasticsearchSecretsServiceToken0. Returns the specified
 // element and whether it was found
-func (a OutputLogstash) Get(fieldName string) (value interface{}, found bool) {
+func (a OutputRemoteElasticsearchSecretsServiceToken0) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for OutputLogstash
-func (a *OutputLogstash) Set(fieldName string, value interface{}) {
+// Setter for additional properties for OutputRemoteElasticsearchSecretsServiceToken0
+func (a *OutputRemoteElasticsearchSecretsServiceToken0) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for OutputLogstash to handle AdditionalProperties
-func (a *OutputLogstash) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for OutputRemoteElasticsearchSecretsServiceToken0 to handle AdditionalProperties
+func (a *OutputRemoteElasticsearchSecretsServiceToken0) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["allow_edit"]; found {
-		err = json.Unmarshal(raw, &a.AllowEdit)
-		if err != nil {
-			return fmt.Errorf("error reading 'allow_edit': %w", err)
-		}
-		delete(object, "allow_edit")
-	}
-
-	if raw, found := object["ca_sha256"]; found {
-		err = json.Unmarshal(raw, &a.CaSha256)
-		if err != nil {
-			return fmt.Errorf("error reading 'ca_sha256': %w", err)
-		}
-		delete(object, "ca_sha256")
-	}
-
-	if raw, found := object["ca_trusted_fingerprint"]; found {
-		err = json.Unmarshal(raw, &a.CaTrustedFingerprint)
-		if err != nil {
-			return fmt.Errorf("error reading 'ca_trusted_fingerprint': %w", err)
-		}
-		delete(object, "ca_trusted_fingerprint")
-	}
-
-	if raw, found := object["config_yaml"]; found {
-		err = json.Unmarshal(raw, &a.ConfigYaml)
-		if err != nil {
-			return fmt.Errorf("error reading 'config_yaml': %w", err)
-		}
-		delete(object, "config_yaml")
-	}
-
-	if raw, found := object["hosts"]; found {
-		err = json.Unmarshal(raw, &a.Hosts)
-		if err != nil {
-			return fmt.Errorf("error reading 'hosts': %w", err)
-		}
-		delete(object, "hosts")
-	}
-
 	if raw, found := object["id"]; found {
 		err = json.Unmarshal(raw, &a.Id)
 		if err != nil {
@@ -6528,84 +13624,70 @@ func (a *OutputLogstash) UnmarshalJSON(b []byte) error {
 		delete(object, "id")
 	}
 
-	if raw, found := object["is_default"]; found {
-		err = json.Unmarshal(raw, &a.IsDefault)
-		if err != nil {
-			return fmt.Errorf("error reading 'is_default': %w", err)
-		}
-		delete(object, "is_default")
-	}
-
-	if raw, found := object["is_default_monitoring"]; found {
-		err = json.Unmarshal(raw, &a.IsDefaultMonitoring)
-		if err != nil {
-			return fmt.Errorf("error reading 'is_default_monitoring': %w", err)
-		}
-		delete(object, "is_default_monitoring")
-	}
-
-	if raw, found := object["is_internal"]; found {
-		err = json.Unmarshal(raw, &a.IsInternal)
-		if err != nil {
-			return fmt.Errorf("error reading 'is_internal': %w", err)
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
 		}
-		delete(object, "is_internal")
 	}
+	return nil
+}
 
-	if raw, found := object["is_preconfigured"]; found {
-		err = json.Unmarshal(raw, &a.IsPreconfigured)
-		if err != nil {
-			return fmt.Errorf("error reading 'is_preconfigured': %w", err)
-		}
-		delete(object, "is_preconfigured")
-	}
+// Override default JSON handling for OutputRemoteElasticsearchSecretsServiceToken0 to handle AdditionalProperties
+func (a OutputRemoteElasticsearchSecretsServiceToken0) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
 
-	if raw, found := object["name"]; found {
-		err = json.Unmarshal(raw, &a.Name)
-		if err != nil {
-			return fmt.Errorf("error reading 'name': %w", err)
-		}
-		delete(object, "name")
+	object["id"], err = json.Marshal(a.Id)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'id': %w", err)
 	}
 
-	if raw, found := object["proxy_id"]; found {
-		err = json.Unmarshal(raw, &a.ProxyId)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return fmt.Errorf("error reading 'proxy_id': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
-		delete(object, "proxy_id")
 	}
+	return json.Marshal(object)
+}
 
-	if raw, found := object["secrets"]; found {
-		err = json.Unmarshal(raw, &a.Secrets)
-		if err != nil {
-			return fmt.Errorf("error reading 'secrets': %w", err)
-		}
-		delete(object, "secrets")
+// Getter for additional properties for OutputRemoteElasticsearchSecretsSslKey0. Returns the specified
+// element and whether it was found
+func (a OutputRemoteElasticsearchSecretsSslKey0) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
 	}
+	return
+}
 
-	if raw, found := object["shipper"]; found {
-		err = json.Unmarshal(raw, &a.Shipper)
-		if err != nil {
-			return fmt.Errorf("error reading 'shipper': %w", err)
-		}
-		delete(object, "shipper")
+// Setter for additional properties for OutputRemoteElasticsearchSecretsSslKey0
+func (a *OutputRemoteElasticsearchSecretsSslKey0) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
 	}
+	a.AdditionalProperties[fieldName] = value
+}
 
-	if raw, found := object["ssl"]; found {
-		err = json.Unmarshal(raw, &a.Ssl)
-		if err != nil {
-			return fmt.Errorf("error reading 'ssl': %w", err)
-		}
-		delete(object, "ssl")
+// Override default JSON handling for OutputRemoteElasticsearchSecretsSslKey0 to handle AdditionalProperties
+func (a *OutputRemoteElasticsearchSecretsSslKey0) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
+	if err != nil {
+		return err
 	}
 
-	if raw, found := object["type"]; found {
-		err = json.Unmarshal(raw, &a.Type)
+	if raw, found := object["id"]; found {
+		err = json.Unmarshal(raw, &a.Id)
 		if err != nil {
-			return fmt.Errorf("error reading 'type': %w", err)
+			return fmt.Errorf("error reading 'id': %w", err)
 		}
-		delete(object, "type")
+		delete(object, "id")
 	}
 
 	if len(object) != 0 {
@@ -6622,102 +13704,157 @@ func (a *OutputLogstash) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for OutputLogstash to handle AdditionalProperties
-func (a OutputLogstash) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for OutputRemoteElasticsearchSecretsSslKey0 to handle AdditionalProperties
+func (a OutputRemoteElasticsearchSecretsSslKey0) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.AllowEdit != nil {
-		object["allow_edit"], err = json.Marshal(a.AllowEdit)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'allow_edit': %w", err)
-		}
+	object["id"], err = json.Marshal(a.Id)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'id': %w", err)
 	}
 
-	if a.CaSha256 != nil {
-		object["ca_sha256"], err = json.Marshal(a.CaSha256)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'ca_sha256': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
 	}
+	return json.Marshal(object)
+}
 
-	if a.CaTrustedFingerprint != nil {
-		object["ca_trusted_fingerprint"], err = json.Marshal(a.CaTrustedFingerprint)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'ca_trusted_fingerprint': %w", err)
-		}
+// Getter for additional properties for OutputRemoteElasticsearch_Secrets_Ssl. Returns the specified
+// element and whether it was found
+func (a OutputRemoteElasticsearch_Secrets_Ssl) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
 	}
+	return
+}
 
-	if a.ConfigYaml != nil {
-		object["config_yaml"], err = json.Marshal(a.ConfigYaml)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'config_yaml': %w", err)
-		}
+// Setter for additional properties for OutputRemoteElasticsearch_Secrets_Ssl
+func (a *OutputRemoteElasticsearch_Secrets_Ssl) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
 	}
+	a.AdditionalProperties[fieldName] = value
+}
 
-	object["hosts"], err = json.Marshal(a.Hosts)
+// Override default JSON handling for OutputRemoteElasticsearch_Secrets_Ssl to handle AdditionalProperties
+func (a *OutputRemoteElasticsearch_Secrets_Ssl) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'hosts': %w", err)
+		return err
 	}
 
-	if a.Id != nil {
-		object["id"], err = json.Marshal(a.Id)
+	if raw, found := object["key"]; found {
+		err = json.Unmarshal(raw, &a.Key)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'id': %w", err)
+			return fmt.Errorf("error reading 'key': %w", err)
 		}
+		delete(object, "key")
 	}
 
-	if a.IsDefault != nil {
-		object["is_default"], err = json.Marshal(a.IsDefault)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'is_default': %w", err)
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
 		}
 	}
+	return nil
+}
 
-	if a.IsDefaultMonitoring != nil {
-		object["is_default_monitoring"], err = json.Marshal(a.IsDefaultMonitoring)
+// Override default JSON handling for OutputRemoteElasticsearch_Secrets_Ssl to handle AdditionalProperties
+func (a OutputRemoteElasticsearch_Secrets_Ssl) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
+
+	if a.Key != nil {
+		object["key"], err = json.Marshal(a.Key)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'is_default_monitoring': %w", err)
+			return nil, fmt.Errorf("error marshaling 'key': %w", err)
 		}
 	}
 
-	if a.IsInternal != nil {
-		object["is_internal"], err = json.Marshal(a.IsInternal)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'is_internal': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
 	}
+	return json.Marshal(object)
+}
 
-	if a.IsPreconfigured != nil {
-		object["is_preconfigured"], err = json.Marshal(a.IsPreconfigured)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'is_preconfigured': %w", err)
-		}
+// Getter for additional properties for OutputRemoteElasticsearch_Secrets. Returns the specified
+// element and whether it was found
+func (a OutputRemoteElasticsearch_Secrets) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
+	}
+	return
+}
+
+// Setter for additional properties for OutputRemoteElasticsearch_Secrets
+func (a *OutputRemoteElasticsearch_Secrets) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
 	}
+	a.AdditionalProperties[fieldName] = value
+}
 
-	object["name"], err = json.Marshal(a.Name)
+// Override default JSON handling for OutputRemoteElasticsearch_Secrets to handle AdditionalProperties
+func (a *OutputRemoteElasticsearch_Secrets) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'name': %w", err)
+		return err
 	}
 
-	if a.ProxyId != nil {
-		object["proxy_id"], err = json.Marshal(a.ProxyId)
+	if raw, found := object["service_token"]; found {
+		err = json.Unmarshal(raw, &a.ServiceToken)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'proxy_id': %w", err)
+			return fmt.Errorf("error reading 'service_token': %w", err)
 		}
+		delete(object, "service_token")
 	}
 
-	if a.Secrets != nil {
-		object["secrets"], err = json.Marshal(a.Secrets)
+	if raw, found := object["ssl"]; found {
+		err = json.Unmarshal(raw, &a.Ssl)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'secrets': %w", err)
+			return fmt.Errorf("error reading 'ssl': %w", err)
+		}
+		delete(object, "ssl")
+	}
+
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
 		}
 	}
+	return nil
+}
+
+// Override default JSON handling for OutputRemoteElasticsearch_Secrets to handle AdditionalProperties
+func (a OutputRemoteElasticsearch_Secrets) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
 
-	if a.Shipper != nil {
-		object["shipper"], err = json.Marshal(a.Shipper)
+	if a.ServiceToken != nil {
+		object["service_token"], err = json.Marshal(a.ServiceToken)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'shipper': %w", err)
+			return nil, fmt.Errorf("error marshaling 'service_token': %w", err)
 		}
 	}
 
@@ -6728,11 +13865,6 @@ func (a OutputLogstash) MarshalJSON() ([]byte, error) {
 		}
 	}
 
-	object["type"], err = json.Marshal(a.Type)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'type': %w", err)
-	}
-
 	for fieldName, field := range a.AdditionalProperties {
 		object[fieldName], err = json.Marshal(field)
 		if err != nil {
@@ -6742,103 +13874,109 @@ func (a OutputLogstash) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for OutputLogstashSecretsSslKey0. Returns the specified
+// Getter for additional properties for OutputShipper. Returns the specified
 // element and whether it was found
-func (a OutputLogstashSecretsSslKey0) Get(fieldName string) (value interface{}, found bool) {
+func (a OutputShipper) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for OutputLogstashSecretsSslKey0
-func (a *OutputLogstashSecretsSslKey0) Set(fieldName string, value interface{}) {
+// Setter for additional properties for OutputShipper
+func (a *OutputShipper) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for OutputLogstashSecretsSslKey0 to handle AdditionalProperties
-func (a *OutputLogstashSecretsSslKey0) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for OutputShipper to handle AdditionalProperties
+func (a *OutputShipper) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["id"]; found {
-		err = json.Unmarshal(raw, &a.Id)
+	if raw, found := object["compression_level"]; found {
+		err = json.Unmarshal(raw, &a.CompressionLevel)
 		if err != nil {
-			return fmt.Errorf("error reading 'id': %w", err)
+			return fmt.Errorf("error reading 'compression_level': %w", err)
 		}
-		delete(object, "id")
+		delete(object, "compression_level")
 	}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
+	if raw, found := object["disk_queue_compression_enabled"]; found {
+		err = json.Unmarshal(raw, &a.DiskQueueCompressionEnabled)
+		if err != nil {
+			return fmt.Errorf("error reading 'disk_queue_compression_enabled': %w", err)
 		}
+		delete(object, "disk_queue_compression_enabled")
 	}
-	return nil
-}
 
-// Override default JSON handling for OutputLogstashSecretsSslKey0 to handle AdditionalProperties
-func (a OutputLogstashSecretsSslKey0) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
+	if raw, found := object["disk_queue_enabled"]; found {
+		err = json.Unmarshal(raw, &a.DiskQueueEnabled)
+		if err != nil {
+			return fmt.Errorf("error reading 'disk_queue_enabled': %w", err)
+		}
+		delete(object, "disk_queue_enabled")
+	}
 
-	object["id"], err = json.Marshal(a.Id)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'id': %w", err)
+	if raw, found := object["disk_queue_encryption_enabled"]; found {
+		err = json.Unmarshal(raw, &a.DiskQueueEncryptionEnabled)
+		if err != nil {
+			return fmt.Errorf("error reading 'disk_queue_encryption_enabled': %w", err)
+		}
+		delete(object, "disk_queue_encryption_enabled")
 	}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
+	if raw, found := object["disk_queue_max_size"]; found {
+		err = json.Unmarshal(raw, &a.DiskQueueMaxSize)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
+			return fmt.Errorf("error reading 'disk_queue_max_size': %w", err)
 		}
+		delete(object, "disk_queue_max_size")
 	}
-	return json.Marshal(object)
-}
 
-// Getter for additional properties for OutputLogstash_Secrets_Ssl. Returns the specified
-// element and whether it was found
-func (a OutputLogstash_Secrets_Ssl) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
+	if raw, found := object["disk_queue_path"]; found {
+		err = json.Unmarshal(raw, &a.DiskQueuePath)
+		if err != nil {
+			return fmt.Errorf("error reading 'disk_queue_path': %w", err)
+		}
+		delete(object, "disk_queue_path")
 	}
-	return
-}
 
-// Setter for additional properties for OutputLogstash_Secrets_Ssl
-func (a *OutputLogstash_Secrets_Ssl) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
+	if raw, found := object["loadbalance"]; found {
+		err = json.Unmarshal(raw, &a.Loadbalance)
+		if err != nil {
+			return fmt.Errorf("error reading 'loadbalance': %w", err)
+		}
+		delete(object, "loadbalance")
 	}
-	a.AdditionalProperties[fieldName] = value
-}
 
-// Override default JSON handling for OutputLogstash_Secrets_Ssl to handle AdditionalProperties
-func (a *OutputLogstash_Secrets_Ssl) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
-	if err != nil {
-		return err
+	if raw, found := object["max_batch_bytes"]; found {
+		err = json.Unmarshal(raw, &a.MaxBatchBytes)
+		if err != nil {
+			return fmt.Errorf("error reading 'max_batch_bytes': %w", err)
+		}
+		delete(object, "max_batch_bytes")
 	}
 
-	if raw, found := object["key"]; found {
-		err = json.Unmarshal(raw, &a.Key)
+	if raw, found := object["mem_queue_events"]; found {
+		err = json.Unmarshal(raw, &a.MemQueueEvents)
 		if err != nil {
-			return fmt.Errorf("error reading 'key': %w", err)
+			return fmt.Errorf("error reading 'mem_queue_events': %w", err)
 		}
-		delete(object, "key")
+		delete(object, "mem_queue_events")
+	}
+
+	if raw, found := object["queue_flush_timeout"]; found {
+		err = json.Unmarshal(raw, &a.QueueFlushTimeout)
+		if err != nil {
+			return fmt.Errorf("error reading 'queue_flush_timeout': %w", err)
+		}
+		delete(object, "queue_flush_timeout")
 	}
 
 	if len(object) != 0 {
@@ -6855,18 +13993,63 @@ func (a *OutputLogstash_Secrets_Ssl) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for OutputLogstash_Secrets_Ssl to handle AdditionalProperties
-func (a OutputLogstash_Secrets_Ssl) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for OutputShipper to handle AdditionalProperties
+func (a OutputShipper) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Key != nil {
-		object["key"], err = json.Marshal(a.Key)
+	object["compression_level"], err = json.Marshal(a.CompressionLevel)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'compression_level': %w", err)
+	}
+
+	object["disk_queue_compression_enabled"], err = json.Marshal(a.DiskQueueCompressionEnabled)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'disk_queue_compression_enabled': %w", err)
+	}
+
+	if a.DiskQueueEnabled != nil {
+		object["disk_queue_enabled"], err = json.Marshal(a.DiskQueueEnabled)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'key': %w", err)
+			return nil, fmt.Errorf("error marshaling 'disk_queue_enabled': %w", err)
 		}
 	}
 
+	object["disk_queue_encryption_enabled"], err = json.Marshal(a.DiskQueueEncryptionEnabled)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'disk_queue_encryption_enabled': %w", err)
+	}
+
+	object["disk_queue_max_size"], err = json.Marshal(a.DiskQueueMaxSize)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'disk_queue_max_size': %w", err)
+	}
+
+	object["disk_queue_path"], err = json.Marshal(a.DiskQueuePath)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'disk_queue_path': %w", err)
+	}
+
+	object["loadbalance"], err = json.Marshal(a.Loadbalance)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'loadbalance': %w", err)
+	}
+
+	object["max_batch_bytes"], err = json.Marshal(a.MaxBatchBytes)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'max_batch_bytes': %w", err)
+	}
+
+	object["mem_queue_events"], err = json.Marshal(a.MemQueueEvents)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'mem_queue_events': %w", err)
+	}
+
+	object["queue_flush_timeout"], err = json.Marshal(a.QueueFlushTimeout)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'queue_flush_timeout': %w", err)
+	}
+
 	for fieldName, field := range a.AdditionalProperties {
 		object[fieldName], err = json.Marshal(field)
 		if err != nil {
@@ -6876,37 +14059,61 @@ func (a OutputLogstash_Secrets_Ssl) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for OutputLogstash_Secrets. Returns the specified
+// Getter for additional properties for OutputSsl. Returns the specified
 // element and whether it was found
-func (a OutputLogstash_Secrets) Get(fieldName string) (value interface{}, found bool) {
+func (a OutputSsl) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for OutputLogstash_Secrets
-func (a *OutputLogstash_Secrets) Set(fieldName string, value interface{}) {
+// Setter for additional properties for OutputSsl
+func (a *OutputSsl) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for OutputLogstash_Secrets to handle AdditionalProperties
-func (a *OutputLogstash_Secrets) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for OutputSsl to handle AdditionalProperties
+func (a *OutputSsl) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["ssl"]; found {
-		err = json.Unmarshal(raw, &a.Ssl)
+	if raw, found := object["certificate"]; found {
+		err = json.Unmarshal(raw, &a.Certificate)
 		if err != nil {
-			return fmt.Errorf("error reading 'ssl': %w", err)
+			return fmt.Errorf("error reading 'certificate': %w", err)
 		}
-		delete(object, "ssl")
+		delete(object, "certificate")
+	}
+
+	if raw, found := object["certificate_authorities"]; found {
+		err = json.Unmarshal(raw, &a.CertificateAuthorities)
+		if err != nil {
+			return fmt.Errorf("error reading 'certificate_authorities': %w", err)
+		}
+		delete(object, "certificate_authorities")
+	}
+
+	if raw, found := object["key"]; found {
+		err = json.Unmarshal(raw, &a.Key)
+		if err != nil {
+			return fmt.Errorf("error reading 'key': %w", err)
+		}
+		delete(object, "key")
+	}
+
+	if raw, found := object["verification_mode"]; found {
+		err = json.Unmarshal(raw, &a.VerificationMode)
+		if err != nil {
+			return fmt.Errorf("error reading 'verification_mode': %w", err)
+		}
+		delete(object, "verification_mode")
 	}
 
 	if len(object) != 0 {
@@ -6920,18 +14127,39 @@ func (a *OutputLogstash_Secrets) UnmarshalJSON(b []byte) error {
 			a.AdditionalProperties[fieldName] = fieldVal
 		}
 	}
-	return nil
-}
-
-// Override default JSON handling for OutputLogstash_Secrets to handle AdditionalProperties
-func (a OutputLogstash_Secrets) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
+	return nil
+}
+
+// Override default JSON handling for OutputSsl to handle AdditionalProperties
+func (a OutputSsl) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
+
+	if a.Certificate != nil {
+		object["certificate"], err = json.Marshal(a.Certificate)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'certificate': %w", err)
+		}
+	}
+
+	if a.CertificateAuthorities != nil {
+		object["certificate_authorities"], err = json.Marshal(a.CertificateAuthorities)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'certificate_authorities': %w", err)
+		}
+	}
+
+	if a.Key != nil {
+		object["key"], err = json.Marshal(a.Key)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'key': %w", err)
+		}
+	}
 
-	if a.Ssl != nil {
-		object["ssl"], err = json.Marshal(a.Ssl)
+	if a.VerificationMode != nil {
+		object["verification_mode"], err = json.Marshal(a.VerificationMode)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'ssl': %w", err)
+			return nil, fmt.Errorf("error marshaling 'verification_mode': %w", err)
 		}
 	}
 
@@ -6944,125 +14172,173 @@ func (a OutputLogstash_Secrets) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for OutputRemoteElasticsearch. Returns the specified
+// Getter for additional properties for PackageInfo. Returns the specified
 // element and whether it was found
-func (a OutputRemoteElasticsearch) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageInfo) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for OutputRemoteElasticsearch
-func (a *OutputRemoteElasticsearch) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageInfo
+func (a *PackageInfo) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for OutputRemoteElasticsearch to handle AdditionalProperties
-func (a *OutputRemoteElasticsearch) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageInfo to handle AdditionalProperties
+func (a *PackageInfo) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["allow_edit"]; found {
-		err = json.Unmarshal(raw, &a.AllowEdit)
+	if raw, found := object["agent"]; found {
+		err = json.Unmarshal(raw, &a.Agent)
 		if err != nil {
-			return fmt.Errorf("error reading 'allow_edit': %w", err)
+			return fmt.Errorf("error reading 'agent': %w", err)
 		}
-		delete(object, "allow_edit")
+		delete(object, "agent")
 	}
 
-	if raw, found := object["ca_sha256"]; found {
-		err = json.Unmarshal(raw, &a.CaSha256)
+	if raw, found := object["asset_tags"]; found {
+		err = json.Unmarshal(raw, &a.AssetTags)
 		if err != nil {
-			return fmt.Errorf("error reading 'ca_sha256': %w", err)
+			return fmt.Errorf("error reading 'asset_tags': %w", err)
 		}
-		delete(object, "ca_sha256")
+		delete(object, "asset_tags")
 	}
 
-	if raw, found := object["ca_trusted_fingerprint"]; found {
-		err = json.Unmarshal(raw, &a.CaTrustedFingerprint)
+	if raw, found := object["assets"]; found {
+		err = json.Unmarshal(raw, &a.Assets)
 		if err != nil {
-			return fmt.Errorf("error reading 'ca_trusted_fingerprint': %w", err)
+			return fmt.Errorf("error reading 'assets': %w", err)
 		}
-		delete(object, "ca_trusted_fingerprint")
+		delete(object, "assets")
 	}
 
-	if raw, found := object["config_yaml"]; found {
-		err = json.Unmarshal(raw, &a.ConfigYaml)
+	if raw, found := object["categories"]; found {
+		err = json.Unmarshal(raw, &a.Categories)
 		if err != nil {
-			return fmt.Errorf("error reading 'config_yaml': %w", err)
+			return fmt.Errorf("error reading 'categories': %w", err)
 		}
-		delete(object, "config_yaml")
+		delete(object, "categories")
 	}
 
-	if raw, found := object["hosts"]; found {
-		err = json.Unmarshal(raw, &a.Hosts)
+	if raw, found := object["conditions"]; found {
+		err = json.Unmarshal(raw, &a.Conditions)
 		if err != nil {
-			return fmt.Errorf("error reading 'hosts': %w", err)
+			return fmt.Errorf("error reading 'conditions': %w", err)
 		}
-		delete(object, "hosts")
+		delete(object, "conditions")
 	}
 
-	if raw, found := object["id"]; found {
-		err = json.Unmarshal(raw, &a.Id)
+	if raw, found := object["data_streams"]; found {
+		err = json.Unmarshal(raw, &a.DataStreams)
 		if err != nil {
-			return fmt.Errorf("error reading 'id': %w", err)
+			return fmt.Errorf("error reading 'data_streams': %w", err)
 		}
-		delete(object, "id")
+		delete(object, "data_streams")
 	}
 
-	if raw, found := object["is_default"]; found {
-		err = json.Unmarshal(raw, &a.IsDefault)
+	if raw, found := object["description"]; found {
+		err = json.Unmarshal(raw, &a.Description)
 		if err != nil {
-			return fmt.Errorf("error reading 'is_default': %w", err)
+			return fmt.Errorf("error reading 'description': %w", err)
 		}
-		delete(object, "is_default")
+		delete(object, "description")
 	}
 
-	if raw, found := object["is_default_monitoring"]; found {
-		err = json.Unmarshal(raw, &a.IsDefaultMonitoring)
+	if raw, found := object["discovery"]; found {
+		err = json.Unmarshal(raw, &a.Discovery)
 		if err != nil {
-			return fmt.Errorf("error reading 'is_default_monitoring': %w", err)
+			return fmt.Errorf("error reading 'discovery': %w", err)
 		}
-		delete(object, "is_default_monitoring")
+		delete(object, "discovery")
 	}
 
-	if raw, found := object["is_internal"]; found {
-		err = json.Unmarshal(raw, &a.IsInternal)
+	if raw, found := object["download"]; found {
+		err = json.Unmarshal(raw, &a.Download)
 		if err != nil {
-			return fmt.Errorf("error reading 'is_internal': %w", err)
+			return fmt.Errorf("error reading 'download': %w", err)
 		}
-		delete(object, "is_internal")
+		delete(object, "download")
 	}
 
-	if raw, found := object["is_preconfigured"]; found {
-		err = json.Unmarshal(raw, &a.IsPreconfigured)
+	if raw, found := object["elasticsearch"]; found {
+		err = json.Unmarshal(raw, &a.Elasticsearch)
 		if err != nil {
-			return fmt.Errorf("error reading 'is_preconfigured': %w", err)
+			return fmt.Errorf("error reading 'elasticsearch': %w", err)
 		}
-		delete(object, "is_preconfigured")
+		delete(object, "elasticsearch")
 	}
 
-	if raw, found := object["kibana_api_key"]; found {
-		err = json.Unmarshal(raw, &a.KibanaApiKey)
+	if raw, found := object["format_version"]; found {
+		err = json.Unmarshal(raw, &a.FormatVersion)
 		if err != nil {
-			return fmt.Errorf("error reading 'kibana_api_key': %w", err)
+			return fmt.Errorf("error reading 'format_version': %w", err)
 		}
-		delete(object, "kibana_api_key")
+		delete(object, "format_version")
 	}
 
-	if raw, found := object["kibana_url"]; found {
-		err = json.Unmarshal(raw, &a.KibanaUrl)
+	if raw, found := object["icons"]; found {
+		err = json.Unmarshal(raw, &a.Icons)
 		if err != nil {
-			return fmt.Errorf("error reading 'kibana_url': %w", err)
+			return fmt.Errorf("error reading 'icons': %w", err)
 		}
-		delete(object, "kibana_url")
+		delete(object, "icons")
+	}
+
+	if raw, found := object["installationInfo"]; found {
+		err = json.Unmarshal(raw, &a.InstallationInfo)
+		if err != nil {
+			return fmt.Errorf("error reading 'installationInfo': %w", err)
+		}
+		delete(object, "installationInfo")
+	}
+
+	if raw, found := object["internal"]; found {
+		err = json.Unmarshal(raw, &a.Internal)
+		if err != nil {
+			return fmt.Errorf("error reading 'internal': %w", err)
+		}
+		delete(object, "internal")
+	}
+
+	if raw, found := object["keepPoliciesUpToDate"]; found {
+		err = json.Unmarshal(raw, &a.KeepPoliciesUpToDate)
+		if err != nil {
+			return fmt.Errorf("error reading 'keepPoliciesUpToDate': %w", err)
+		}
+		delete(object, "keepPoliciesUpToDate")
+	}
+
+	if raw, found := object["latestVersion"]; found {
+		err = json.Unmarshal(raw, &a.LatestVersion)
+		if err != nil {
+			return fmt.Errorf("error reading 'latestVersion': %w", err)
+		}
+		delete(object, "latestVersion")
+	}
+
+	if raw, found := object["license"]; found {
+		err = json.Unmarshal(raw, &a.License)
+		if err != nil {
+			return fmt.Errorf("error reading 'license': %w", err)
+		}
+		delete(object, "license")
+	}
+
+	if raw, found := object["licensePath"]; found {
+		err = json.Unmarshal(raw, &a.LicensePath)
+		if err != nil {
+			return fmt.Errorf("error reading 'licensePath': %w", err)
+		}
+		delete(object, "licensePath")
 	}
 
 	if raw, found := object["name"]; found {
@@ -7073,68 +14349,92 @@ func (a *OutputRemoteElasticsearch) UnmarshalJSON(b []byte) error {
 		delete(object, "name")
 	}
 
-	if raw, found := object["preset"]; found {
-		err = json.Unmarshal(raw, &a.Preset)
+	if raw, found := object["notice"]; found {
+		err = json.Unmarshal(raw, &a.Notice)
 		if err != nil {
-			return fmt.Errorf("error reading 'preset': %w", err)
+			return fmt.Errorf("error reading 'notice': %w", err)
 		}
-		delete(object, "preset")
+		delete(object, "notice")
 	}
 
-	if raw, found := object["proxy_id"]; found {
-		err = json.Unmarshal(raw, &a.ProxyId)
+	if raw, found := object["owner"]; found {
+		err = json.Unmarshal(raw, &a.Owner)
 		if err != nil {
-			return fmt.Errorf("error reading 'proxy_id': %w", err)
+			return fmt.Errorf("error reading 'owner': %w", err)
 		}
-		delete(object, "proxy_id")
+		delete(object, "owner")
 	}
 
-	if raw, found := object["secrets"]; found {
-		err = json.Unmarshal(raw, &a.Secrets)
+	if raw, found := object["path"]; found {
+		err = json.Unmarshal(raw, &a.Path)
 		if err != nil {
-			return fmt.Errorf("error reading 'secrets': %w", err)
+			return fmt.Errorf("error reading 'path': %w", err)
 		}
-		delete(object, "secrets")
+		delete(object, "path")
 	}
 
-	if raw, found := object["service_token"]; found {
-		err = json.Unmarshal(raw, &a.ServiceToken)
+	if raw, found := object["policy_templates"]; found {
+		err = json.Unmarshal(raw, &a.PolicyTemplates)
 		if err != nil {
-			return fmt.Errorf("error reading 'service_token': %w", err)
+			return fmt.Errorf("error reading 'policy_templates': %w", err)
 		}
-		delete(object, "service_token")
+		delete(object, "policy_templates")
 	}
 
-	if raw, found := object["shipper"]; found {
-		err = json.Unmarshal(raw, &a.Shipper)
+	if raw, found := object["readme"]; found {
+		err = json.Unmarshal(raw, &a.Readme)
 		if err != nil {
-			return fmt.Errorf("error reading 'shipper': %w", err)
+			return fmt.Errorf("error reading 'readme': %w", err)
 		}
-		delete(object, "shipper")
+		delete(object, "readme")
 	}
 
-	if raw, found := object["ssl"]; found {
-		err = json.Unmarshal(raw, &a.Ssl)
+	if raw, found := object["release"]; found {
+		err = json.Unmarshal(raw, &a.Release)
 		if err != nil {
-			return fmt.Errorf("error reading 'ssl': %w", err)
+			return fmt.Errorf("error reading 'release': %w", err)
 		}
-		delete(object, "ssl")
+		delete(object, "release")
 	}
 
-	if raw, found := object["sync_integrations"]; found {
-		err = json.Unmarshal(raw, &a.SyncIntegrations)
+	if raw, found := object["screenshots"]; found {
+		err = json.Unmarshal(raw, &a.Screenshots)
 		if err != nil {
-			return fmt.Errorf("error reading 'sync_integrations': %w", err)
+			return fmt.Errorf("error reading 'screenshots': %w", err)
 		}
-		delete(object, "sync_integrations")
+		delete(object, "screenshots")
 	}
 
-	if raw, found := object["sync_uninstalled_integrations"]; found {
-		err = json.Unmarshal(raw, &a.SyncUninstalledIntegrations)
+	if raw, found := object["signature_path"]; found {
+		err = json.Unmarshal(raw, &a.SignaturePath)
 		if err != nil {
-			return fmt.Errorf("error reading 'sync_uninstalled_integrations': %w", err)
+			return fmt.Errorf("error reading 'signature_path': %w", err)
+		}
+		delete(object, "signature_path")
+	}
+
+	if raw, found := object["source"]; found {
+		err = json.Unmarshal(raw, &a.Source)
+		if err != nil {
+			return fmt.Errorf("error reading 'source': %w", err)
+		}
+		delete(object, "source")
+	}
+
+	if raw, found := object["status"]; found {
+		err = json.Unmarshal(raw, &a.Status)
+		if err != nil {
+			return fmt.Errorf("error reading 'status': %w", err)
+		}
+		delete(object, "status")
+	}
+
+	if raw, found := object["title"]; found {
+		err = json.Unmarshal(raw, &a.Title)
+		if err != nil {
+			return fmt.Errorf("error reading 'title': %w", err)
 		}
-		delete(object, "sync_uninstalled_integrations")
+		delete(object, "title")
 	}
 
 	if raw, found := object["type"]; found {
@@ -7145,6 +14445,22 @@ func (a *OutputRemoteElasticsearch) UnmarshalJSON(b []byte) error {
 		delete(object, "type")
 	}
 
+	if raw, found := object["vars"]; found {
+		err = json.Unmarshal(raw, &a.Vars)
+		if err != nil {
+			return fmt.Errorf("error reading 'vars': %w", err)
+		}
+		delete(object, "vars")
+	}
+
+	if raw, found := object["version"]; found {
+		err = json.Unmarshal(raw, &a.Version)
+		if err != nil {
+			return fmt.Errorf("error reading 'version': %w", err)
+		}
+		delete(object, "version")
+	}
+
 	if len(object) != 0 {
 		a.AdditionalProperties = make(map[string]interface{})
 		for fieldName, fieldBuf := range object {
@@ -7159,223 +14475,232 @@ func (a *OutputRemoteElasticsearch) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for OutputRemoteElasticsearch to handle AdditionalProperties
-func (a OutputRemoteElasticsearch) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageInfo to handle AdditionalProperties
+func (a PackageInfo) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.AllowEdit != nil {
-		object["allow_edit"], err = json.Marshal(a.AllowEdit)
+	if a.Agent != nil {
+		object["agent"], err = json.Marshal(a.Agent)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'allow_edit': %w", err)
+			return nil, fmt.Errorf("error marshaling 'agent': %w", err)
 		}
 	}
 
-	if a.CaSha256 != nil {
-		object["ca_sha256"], err = json.Marshal(a.CaSha256)
+	if a.AssetTags != nil {
+		object["asset_tags"], err = json.Marshal(a.AssetTags)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'ca_sha256': %w", err)
+			return nil, fmt.Errorf("error marshaling 'asset_tags': %w", err)
 		}
 	}
 
-	if a.CaTrustedFingerprint != nil {
-		object["ca_trusted_fingerprint"], err = json.Marshal(a.CaTrustedFingerprint)
+	object["assets"], err = json.Marshal(a.Assets)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'assets': %w", err)
+	}
+
+	if a.Categories != nil {
+		object["categories"], err = json.Marshal(a.Categories)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'ca_trusted_fingerprint': %w", err)
+			return nil, fmt.Errorf("error marshaling 'categories': %w", err)
 		}
 	}
 
-	if a.ConfigYaml != nil {
-		object["config_yaml"], err = json.Marshal(a.ConfigYaml)
+	if a.Conditions != nil {
+		object["conditions"], err = json.Marshal(a.Conditions)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'config_yaml': %w", err)
+			return nil, fmt.Errorf("error marshaling 'conditions': %w", err)
 		}
 	}
 
-	object["hosts"], err = json.Marshal(a.Hosts)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'hosts': %w", err)
+	if a.DataStreams != nil {
+		object["data_streams"], err = json.Marshal(a.DataStreams)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'data_streams': %w", err)
+		}
 	}
 
-	if a.Id != nil {
-		object["id"], err = json.Marshal(a.Id)
+	if a.Description != nil {
+		object["description"], err = json.Marshal(a.Description)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'id': %w", err)
+			return nil, fmt.Errorf("error marshaling 'description': %w", err)
 		}
 	}
 
-	if a.IsDefault != nil {
-		object["is_default"], err = json.Marshal(a.IsDefault)
+	if a.Discovery != nil {
+		object["discovery"], err = json.Marshal(a.Discovery)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'is_default': %w", err)
+			return nil, fmt.Errorf("error marshaling 'discovery': %w", err)
 		}
 	}
 
-	if a.IsDefaultMonitoring != nil {
-		object["is_default_monitoring"], err = json.Marshal(a.IsDefaultMonitoring)
+	if a.Download != nil {
+		object["download"], err = json.Marshal(a.Download)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'is_default_monitoring': %w", err)
+			return nil, fmt.Errorf("error marshaling 'download': %w", err)
 		}
 	}
 
-	if a.IsInternal != nil {
-		object["is_internal"], err = json.Marshal(a.IsInternal)
+	if a.Elasticsearch != nil {
+		object["elasticsearch"], err = json.Marshal(a.Elasticsearch)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'is_internal': %w", err)
+			return nil, fmt.Errorf("error marshaling 'elasticsearch': %w", err)
 		}
 	}
 
-	if a.IsPreconfigured != nil {
-		object["is_preconfigured"], err = json.Marshal(a.IsPreconfigured)
+	if a.FormatVersion != nil {
+		object["format_version"], err = json.Marshal(a.FormatVersion)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'is_preconfigured': %w", err)
+			return nil, fmt.Errorf("error marshaling 'format_version': %w", err)
 		}
 	}
 
-	if a.KibanaApiKey != nil {
-		object["kibana_api_key"], err = json.Marshal(a.KibanaApiKey)
+	if a.Icons != nil {
+		object["icons"], err = json.Marshal(a.Icons)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'kibana_api_key': %w", err)
+			return nil, fmt.Errorf("error marshaling 'icons': %w", err)
 		}
 	}
 
-	if a.KibanaUrl != nil {
-		object["kibana_url"], err = json.Marshal(a.KibanaUrl)
+	if a.InstallationInfo != nil {
+		object["installationInfo"], err = json.Marshal(a.InstallationInfo)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'kibana_url': %w", err)
+			return nil, fmt.Errorf("error marshaling 'installationInfo': %w", err)
 		}
 	}
 
-	object["name"], err = json.Marshal(a.Name)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'name': %w", err)
+	if a.Internal != nil {
+		object["internal"], err = json.Marshal(a.Internal)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'internal': %w", err)
+		}
 	}
 
-	if a.Preset != nil {
-		object["preset"], err = json.Marshal(a.Preset)
+	if a.KeepPoliciesUpToDate != nil {
+		object["keepPoliciesUpToDate"], err = json.Marshal(a.KeepPoliciesUpToDate)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'preset': %w", err)
+			return nil, fmt.Errorf("error marshaling 'keepPoliciesUpToDate': %w", err)
 		}
 	}
 
-	if a.ProxyId != nil {
-		object["proxy_id"], err = json.Marshal(a.ProxyId)
+	if a.LatestVersion != nil {
+		object["latestVersion"], err = json.Marshal(a.LatestVersion)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'proxy_id': %w", err)
+			return nil, fmt.Errorf("error marshaling 'latestVersion': %w", err)
 		}
 	}
 
-	if a.Secrets != nil {
-		object["secrets"], err = json.Marshal(a.Secrets)
+	if a.License != nil {
+		object["license"], err = json.Marshal(a.License)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'secrets': %w", err)
+			return nil, fmt.Errorf("error marshaling 'license': %w", err)
 		}
 	}
 
-	if a.ServiceToken != nil {
-		object["service_token"], err = json.Marshal(a.ServiceToken)
+	if a.LicensePath != nil {
+		object["licensePath"], err = json.Marshal(a.LicensePath)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'service_token': %w", err)
+			return nil, fmt.Errorf("error marshaling 'licensePath': %w", err)
 		}
 	}
 
-	if a.Shipper != nil {
-		object["shipper"], err = json.Marshal(a.Shipper)
+	object["name"], err = json.Marshal(a.Name)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'name': %w", err)
+	}
+
+	if a.Notice != nil {
+		object["notice"], err = json.Marshal(a.Notice)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'shipper': %w", err)
+			return nil, fmt.Errorf("error marshaling 'notice': %w", err)
 		}
 	}
 
-	if a.Ssl != nil {
-		object["ssl"], err = json.Marshal(a.Ssl)
+	if a.Owner != nil {
+		object["owner"], err = json.Marshal(a.Owner)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'ssl': %w", err)
+			return nil, fmt.Errorf("error marshaling 'owner': %w", err)
 		}
 	}
 
-	if a.SyncIntegrations != nil {
-		object["sync_integrations"], err = json.Marshal(a.SyncIntegrations)
+	if a.Path != nil {
+		object["path"], err = json.Marshal(a.Path)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'sync_integrations': %w", err)
+			return nil, fmt.Errorf("error marshaling 'path': %w", err)
 		}
 	}
 
-	if a.SyncUninstalledIntegrations != nil {
-		object["sync_uninstalled_integrations"], err = json.Marshal(a.SyncUninstalledIntegrations)
+	if a.PolicyTemplates != nil {
+		object["policy_templates"], err = json.Marshal(a.PolicyTemplates)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'sync_uninstalled_integrations': %w", err)
+			return nil, fmt.Errorf("error marshaling 'policy_templates': %w", err)
 		}
 	}
 
-	object["type"], err = json.Marshal(a.Type)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'type': %w", err)
+	if a.Readme != nil {
+		object["readme"], err = json.Marshal(a.Readme)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'readme': %w", err)
+		}
 	}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
+	if a.Release != nil {
+		object["release"], err = json.Marshal(a.Release)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
+			return nil, fmt.Errorf("error marshaling 'release': %w", err)
 		}
 	}
-	return json.Marshal(object)
-}
 
-// Getter for additional properties for OutputRemoteElasticsearchSecretsServiceToken0. Returns the specified
-// element and whether it was found
-func (a OutputRemoteElasticsearchSecretsServiceToken0) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
+	if a.Screenshots != nil {
+		object["screenshots"], err = json.Marshal(a.Screenshots)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'screenshots': %w", err)
+		}
 	}
-	return
-}
 
-// Setter for additional properties for OutputRemoteElasticsearchSecretsServiceToken0
-func (a *OutputRemoteElasticsearchSecretsServiceToken0) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
+	if a.SignaturePath != nil {
+		object["signature_path"], err = json.Marshal(a.SignaturePath)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'signature_path': %w", err)
+		}
 	}
-	a.AdditionalProperties[fieldName] = value
-}
 
-// Override default JSON handling for OutputRemoteElasticsearchSecretsServiceToken0 to handle AdditionalProperties
-func (a *OutputRemoteElasticsearchSecretsServiceToken0) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
-	if err != nil {
-		return err
+	if a.Source != nil {
+		object["source"], err = json.Marshal(a.Source)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'source': %w", err)
+		}
 	}
 
-	if raw, found := object["id"]; found {
-		err = json.Unmarshal(raw, &a.Id)
+	if a.Status != nil {
+		object["status"], err = json.Marshal(a.Status)
 		if err != nil {
-			return fmt.Errorf("error reading 'id': %w", err)
+			return nil, fmt.Errorf("error marshaling 'status': %w", err)
 		}
-		delete(object, "id")
 	}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
+	object["title"], err = json.Marshal(a.Title)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'title': %w", err)
+	}
+
+	if a.Type != nil {
+		object["type"], err = json.Marshal(a.Type)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'type': %w", err)
 		}
 	}
-	return nil
-}
 
-// Override default JSON handling for OutputRemoteElasticsearchSecretsServiceToken0 to handle AdditionalProperties
-func (a OutputRemoteElasticsearchSecretsServiceToken0) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
+	if a.Vars != nil {
+		object["vars"], err = json.Marshal(a.Vars)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'vars': %w", err)
+		}
+	}
 
-	object["id"], err = json.Marshal(a.Id)
+	object["version"], err = json.Marshal(a.Version)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'id': %w", err)
+		return nil, fmt.Errorf("error marshaling 'version': %w", err)
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -7387,37 +14712,45 @@ func (a OutputRemoteElasticsearchSecretsServiceToken0) MarshalJSON() ([]byte, er
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for OutputRemoteElasticsearchSecretsSslKey0. Returns the specified
+// Getter for additional properties for PackageInfo_Conditions_Elastic. Returns the specified
 // element and whether it was found
-func (a OutputRemoteElasticsearchSecretsSslKey0) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageInfo_Conditions_Elastic) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for OutputRemoteElasticsearchSecretsSslKey0
-func (a *OutputRemoteElasticsearchSecretsSslKey0) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageInfo_Conditions_Elastic
+func (a *PackageInfo_Conditions_Elastic) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for OutputRemoteElasticsearchSecretsSslKey0 to handle AdditionalProperties
-func (a *OutputRemoteElasticsearchSecretsSslKey0) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageInfo_Conditions_Elastic to handle AdditionalProperties
+func (a *PackageInfo_Conditions_Elastic) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["id"]; found {
-		err = json.Unmarshal(raw, &a.Id)
+	if raw, found := object["capabilities"]; found {
+		err = json.Unmarshal(raw, &a.Capabilities)
 		if err != nil {
-			return fmt.Errorf("error reading 'id': %w", err)
+			return fmt.Errorf("error reading 'capabilities': %w", err)
 		}
-		delete(object, "id")
+		delete(object, "capabilities")
+	}
+
+	if raw, found := object["subscription"]; found {
+		err = json.Unmarshal(raw, &a.Subscription)
+		if err != nil {
+			return fmt.Errorf("error reading 'subscription': %w", err)
+		}
+		delete(object, "subscription")
 	}
 
 	if len(object) != 0 {
@@ -7434,14 +14767,23 @@ func (a *OutputRemoteElasticsearchSecretsSslKey0) UnmarshalJSON(b []byte) error
 	return nil
 }
 
-// Override default JSON handling for OutputRemoteElasticsearchSecretsSslKey0 to handle AdditionalProperties
-func (a OutputRemoteElasticsearchSecretsSslKey0) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageInfo_Conditions_Elastic to handle AdditionalProperties
+func (a PackageInfo_Conditions_Elastic) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	object["id"], err = json.Marshal(a.Id)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'id': %w", err)
+	if a.Capabilities != nil {
+		object["capabilities"], err = json.Marshal(a.Capabilities)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'capabilities': %w", err)
+		}
+	}
+
+	if a.Subscription != nil {
+		object["subscription"], err = json.Marshal(a.Subscription)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'subscription': %w", err)
+		}
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -7453,37 +14795,37 @@ func (a OutputRemoteElasticsearchSecretsSslKey0) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for OutputRemoteElasticsearch_Secrets_Ssl. Returns the specified
+// Getter for additional properties for PackageInfo_Conditions_Kibana. Returns the specified
 // element and whether it was found
-func (a OutputRemoteElasticsearch_Secrets_Ssl) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageInfo_Conditions_Kibana) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for OutputRemoteElasticsearch_Secrets_Ssl
-func (a *OutputRemoteElasticsearch_Secrets_Ssl) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageInfo_Conditions_Kibana
+func (a *PackageInfo_Conditions_Kibana) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for OutputRemoteElasticsearch_Secrets_Ssl to handle AdditionalProperties
-func (a *OutputRemoteElasticsearch_Secrets_Ssl) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageInfo_Conditions_Kibana to handle AdditionalProperties
+func (a *PackageInfo_Conditions_Kibana) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["key"]; found {
-		err = json.Unmarshal(raw, &a.Key)
+	if raw, found := object["version"]; found {
+		err = json.Unmarshal(raw, &a.Version)
 		if err != nil {
-			return fmt.Errorf("error reading 'key': %w", err)
+			return fmt.Errorf("error reading 'version': %w", err)
 		}
-		delete(object, "key")
+		delete(object, "version")
 	}
 
 	if len(object) != 0 {
@@ -7500,15 +14842,15 @@ func (a *OutputRemoteElasticsearch_Secrets_Ssl) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for OutputRemoteElasticsearch_Secrets_Ssl to handle AdditionalProperties
-func (a OutputRemoteElasticsearch_Secrets_Ssl) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageInfo_Conditions_Kibana to handle AdditionalProperties
+func (a PackageInfo_Conditions_Kibana) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Key != nil {
-		object["key"], err = json.Marshal(a.Key)
+	if a.Version != nil {
+		object["version"], err = json.Marshal(a.Version)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'key': %w", err)
+			return nil, fmt.Errorf("error marshaling 'version': %w", err)
 		}
 	}
 
@@ -7521,45 +14863,45 @@ func (a OutputRemoteElasticsearch_Secrets_Ssl) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for OutputRemoteElasticsearch_Secrets. Returns the specified
+// Getter for additional properties for PackageInfo_Conditions. Returns the specified
 // element and whether it was found
-func (a OutputRemoteElasticsearch_Secrets) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageInfo_Conditions) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for OutputRemoteElasticsearch_Secrets
-func (a *OutputRemoteElasticsearch_Secrets) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageInfo_Conditions
+func (a *PackageInfo_Conditions) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for OutputRemoteElasticsearch_Secrets to handle AdditionalProperties
-func (a *OutputRemoteElasticsearch_Secrets) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageInfo_Conditions to handle AdditionalProperties
+func (a *PackageInfo_Conditions) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["service_token"]; found {
-		err = json.Unmarshal(raw, &a.ServiceToken)
+	if raw, found := object["elastic"]; found {
+		err = json.Unmarshal(raw, &a.Elastic)
 		if err != nil {
-			return fmt.Errorf("error reading 'service_token': %w", err)
+			return fmt.Errorf("error reading 'elastic': %w", err)
 		}
-		delete(object, "service_token")
+		delete(object, "elastic")
 	}
 
-	if raw, found := object["ssl"]; found {
-		err = json.Unmarshal(raw, &a.Ssl)
+	if raw, found := object["kibana"]; found {
+		err = json.Unmarshal(raw, &a.Kibana)
 		if err != nil {
-			return fmt.Errorf("error reading 'ssl': %w", err)
+			return fmt.Errorf("error reading 'kibana': %w", err)
 		}
-		delete(object, "ssl")
+		delete(object, "kibana")
 	}
 
 	if len(object) != 0 {
@@ -7576,22 +14918,22 @@ func (a *OutputRemoteElasticsearch_Secrets) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for OutputRemoteElasticsearch_Secrets to handle AdditionalProperties
-func (a OutputRemoteElasticsearch_Secrets) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageInfo_Conditions to handle AdditionalProperties
+func (a PackageInfo_Conditions) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.ServiceToken != nil {
-		object["service_token"], err = json.Marshal(a.ServiceToken)
+	if a.Elastic != nil {
+		object["elastic"], err = json.Marshal(a.Elastic)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'service_token': %w", err)
+			return nil, fmt.Errorf("error marshaling 'elastic': %w", err)
 		}
 	}
 
-	if a.Ssl != nil {
-		object["ssl"], err = json.Marshal(a.Ssl)
+	if a.Kibana != nil {
+		object["kibana"], err = json.Marshal(a.Kibana)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'ssl': %w", err)
+			return nil, fmt.Errorf("error marshaling 'kibana': %w", err)
 		}
 	}
 
@@ -7604,109 +14946,37 @@ func (a OutputRemoteElasticsearch_Secrets) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for OutputShipper. Returns the specified
+// Getter for additional properties for PackageInfo_Discovery_Datasets_Item. Returns the specified
 // element and whether it was found
-func (a OutputShipper) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageInfo_Discovery_Datasets_Item) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for OutputShipper
-func (a *OutputShipper) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageInfo_Discovery_Datasets_Item
+func (a *PackageInfo_Discovery_Datasets_Item) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for OutputShipper to handle AdditionalProperties
-func (a *OutputShipper) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageInfo_Discovery_Datasets_Item to handle AdditionalProperties
+func (a *PackageInfo_Discovery_Datasets_Item) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["compression_level"]; found {
-		err = json.Unmarshal(raw, &a.CompressionLevel)
-		if err != nil {
-			return fmt.Errorf("error reading 'compression_level': %w", err)
-		}
-		delete(object, "compression_level")
-	}
-
-	if raw, found := object["disk_queue_compression_enabled"]; found {
-		err = json.Unmarshal(raw, &a.DiskQueueCompressionEnabled)
-		if err != nil {
-			return fmt.Errorf("error reading 'disk_queue_compression_enabled': %w", err)
-		}
-		delete(object, "disk_queue_compression_enabled")
-	}
-
-	if raw, found := object["disk_queue_enabled"]; found {
-		err = json.Unmarshal(raw, &a.DiskQueueEnabled)
-		if err != nil {
-			return fmt.Errorf("error reading 'disk_queue_enabled': %w", err)
-		}
-		delete(object, "disk_queue_enabled")
-	}
-
-	if raw, found := object["disk_queue_encryption_enabled"]; found {
-		err = json.Unmarshal(raw, &a.DiskQueueEncryptionEnabled)
-		if err != nil {
-			return fmt.Errorf("error reading 'disk_queue_encryption_enabled': %w", err)
-		}
-		delete(object, "disk_queue_encryption_enabled")
-	}
-
-	if raw, found := object["disk_queue_max_size"]; found {
-		err = json.Unmarshal(raw, &a.DiskQueueMaxSize)
-		if err != nil {
-			return fmt.Errorf("error reading 'disk_queue_max_size': %w", err)
-		}
-		delete(object, "disk_queue_max_size")
-	}
-
-	if raw, found := object["disk_queue_path"]; found {
-		err = json.Unmarshal(raw, &a.DiskQueuePath)
-		if err != nil {
-			return fmt.Errorf("error reading 'disk_queue_path': %w", err)
-		}
-		delete(object, "disk_queue_path")
-	}
-
-	if raw, found := object["loadbalance"]; found {
-		err = json.Unmarshal(raw, &a.Loadbalance)
-		if err != nil {
-			return fmt.Errorf("error reading 'loadbalance': %w", err)
-		}
-		delete(object, "loadbalance")
-	}
-
-	if raw, found := object["max_batch_bytes"]; found {
-		err = json.Unmarshal(raw, &a.MaxBatchBytes)
-		if err != nil {
-			return fmt.Errorf("error reading 'max_batch_bytes': %w", err)
-		}
-		delete(object, "max_batch_bytes")
-	}
-
-	if raw, found := object["mem_queue_events"]; found {
-		err = json.Unmarshal(raw, &a.MemQueueEvents)
-		if err != nil {
-			return fmt.Errorf("error reading 'mem_queue_events': %w", err)
-		}
-		delete(object, "mem_queue_events")
-	}
-
-	if raw, found := object["queue_flush_timeout"]; found {
-		err = json.Unmarshal(raw, &a.QueueFlushTimeout)
+	if raw, found := object["name"]; found {
+		err = json.Unmarshal(raw, &a.Name)
 		if err != nil {
-			return fmt.Errorf("error reading 'queue_flush_timeout': %w", err)
+			return fmt.Errorf("error reading 'name': %w", err)
 		}
-		delete(object, "queue_flush_timeout")
+		delete(object, "name")
 	}
 
 	if len(object) != 0 {
@@ -7723,61 +14993,14 @@ func (a *OutputShipper) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for OutputShipper to handle AdditionalProperties
-func (a OutputShipper) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
-
-	object["compression_level"], err = json.Marshal(a.CompressionLevel)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'compression_level': %w", err)
-	}
-
-	object["disk_queue_compression_enabled"], err = json.Marshal(a.DiskQueueCompressionEnabled)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'disk_queue_compression_enabled': %w", err)
-	}
-
-	if a.DiskQueueEnabled != nil {
-		object["disk_queue_enabled"], err = json.Marshal(a.DiskQueueEnabled)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'disk_queue_enabled': %w", err)
-		}
-	}
-
-	object["disk_queue_encryption_enabled"], err = json.Marshal(a.DiskQueueEncryptionEnabled)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'disk_queue_encryption_enabled': %w", err)
-	}
-
-	object["disk_queue_max_size"], err = json.Marshal(a.DiskQueueMaxSize)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'disk_queue_max_size': %w", err)
-	}
-
-	object["disk_queue_path"], err = json.Marshal(a.DiskQueuePath)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'disk_queue_path': %w", err)
-	}
-
-	object["loadbalance"], err = json.Marshal(a.Loadbalance)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'loadbalance': %w", err)
-	}
-
-	object["max_batch_bytes"], err = json.Marshal(a.MaxBatchBytes)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'max_batch_bytes': %w", err)
-	}
-
-	object["mem_queue_events"], err = json.Marshal(a.MemQueueEvents)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'mem_queue_events': %w", err)
-	}
-
-	object["queue_flush_timeout"], err = json.Marshal(a.QueueFlushTimeout)
+// Override default JSON handling for PackageInfo_Discovery_Datasets_Item to handle AdditionalProperties
+func (a PackageInfo_Discovery_Datasets_Item) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
+
+	object["name"], err = json.Marshal(a.Name)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'queue_flush_timeout': %w", err)
+		return nil, fmt.Errorf("error marshaling 'name': %w", err)
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -7789,61 +15012,37 @@ func (a OutputShipper) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for OutputSsl. Returns the specified
+// Getter for additional properties for PackageInfo_Discovery_Fields_Item. Returns the specified
 // element and whether it was found
-func (a OutputSsl) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageInfo_Discovery_Fields_Item) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for OutputSsl
-func (a *OutputSsl) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageInfo_Discovery_Fields_Item
+func (a *PackageInfo_Discovery_Fields_Item) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for OutputSsl to handle AdditionalProperties
-func (a *OutputSsl) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageInfo_Discovery_Fields_Item to handle AdditionalProperties
+func (a *PackageInfo_Discovery_Fields_Item) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["certificate"]; found {
-		err = json.Unmarshal(raw, &a.Certificate)
-		if err != nil {
-			return fmt.Errorf("error reading 'certificate': %w", err)
-		}
-		delete(object, "certificate")
-	}
-
-	if raw, found := object["certificate_authorities"]; found {
-		err = json.Unmarshal(raw, &a.CertificateAuthorities)
-		if err != nil {
-			return fmt.Errorf("error reading 'certificate_authorities': %w", err)
-		}
-		delete(object, "certificate_authorities")
-	}
-
-	if raw, found := object["key"]; found {
-		err = json.Unmarshal(raw, &a.Key)
-		if err != nil {
-			return fmt.Errorf("error reading 'key': %w", err)
-		}
-		delete(object, "key")
-	}
-
-	if raw, found := object["verification_mode"]; found {
-		err = json.Unmarshal(raw, &a.VerificationMode)
+	if raw, found := object["name"]; found {
+		err = json.Unmarshal(raw, &a.Name)
 		if err != nil {
-			return fmt.Errorf("error reading 'verification_mode': %w", err)
+			return fmt.Errorf("error reading 'name': %w", err)
 		}
-		delete(object, "verification_mode")
+		delete(object, "name")
 	}
 
 	if len(object) != 0 {
@@ -7860,37 +15059,14 @@ func (a *OutputSsl) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for OutputSsl to handle AdditionalProperties
-func (a OutputSsl) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageInfo_Discovery_Fields_Item to handle AdditionalProperties
+func (a PackageInfo_Discovery_Fields_Item) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Certificate != nil {
-		object["certificate"], err = json.Marshal(a.Certificate)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'certificate': %w", err)
-		}
-	}
-
-	if a.CertificateAuthorities != nil {
-		object["certificate_authorities"], err = json.Marshal(a.CertificateAuthorities)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'certificate_authorities': %w", err)
-		}
-	}
-
-	if a.Key != nil {
-		object["key"], err = json.Marshal(a.Key)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'key': %w", err)
-		}
-	}
-
-	if a.VerificationMode != nil {
-		object["verification_mode"], err = json.Marshal(a.VerificationMode)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'verification_mode': %w", err)
-		}
+	object["name"], err = json.Marshal(a.Name)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'name': %w", err)
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -7902,269 +15078,269 @@ func (a OutputSsl) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageInfo. Returns the specified
+// Getter for additional properties for PackageInfo_Discovery. Returns the specified
 // element and whether it was found
-func (a PackageInfo) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageInfo_Discovery) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageInfo
-func (a *PackageInfo) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageInfo_Discovery
+func (a *PackageInfo_Discovery) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageInfo to handle AdditionalProperties
-func (a *PackageInfo) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageInfo_Discovery to handle AdditionalProperties
+func (a *PackageInfo_Discovery) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["agent"]; found {
-		err = json.Unmarshal(raw, &a.Agent)
-		if err != nil {
-			return fmt.Errorf("error reading 'agent': %w", err)
-		}
-		delete(object, "agent")
-	}
-
-	if raw, found := object["asset_tags"]; found {
-		err = json.Unmarshal(raw, &a.AssetTags)
+	if raw, found := object["datasets"]; found {
+		err = json.Unmarshal(raw, &a.Datasets)
 		if err != nil {
-			return fmt.Errorf("error reading 'asset_tags': %w", err)
+			return fmt.Errorf("error reading 'datasets': %w", err)
 		}
-		delete(object, "asset_tags")
+		delete(object, "datasets")
 	}
 
-	if raw, found := object["assets"]; found {
-		err = json.Unmarshal(raw, &a.Assets)
+	if raw, found := object["fields"]; found {
+		err = json.Unmarshal(raw, &a.Fields)
 		if err != nil {
-			return fmt.Errorf("error reading 'assets': %w", err)
+			return fmt.Errorf("error reading 'fields': %w", err)
 		}
-		delete(object, "assets")
+		delete(object, "fields")
 	}
 
-	if raw, found := object["categories"]; found {
-		err = json.Unmarshal(raw, &a.Categories)
-		if err != nil {
-			return fmt.Errorf("error reading 'categories': %w", err)
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
 		}
-		delete(object, "categories")
 	}
+	return nil
+}
 
-	if raw, found := object["conditions"]; found {
-		err = json.Unmarshal(raw, &a.Conditions)
-		if err != nil {
-			return fmt.Errorf("error reading 'conditions': %w", err)
-		}
-		delete(object, "conditions")
-	}
+// Override default JSON handling for PackageInfo_Discovery to handle AdditionalProperties
+func (a PackageInfo_Discovery) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
 
-	if raw, found := object["data_streams"]; found {
-		err = json.Unmarshal(raw, &a.DataStreams)
+	if a.Datasets != nil {
+		object["datasets"], err = json.Marshal(a.Datasets)
 		if err != nil {
-			return fmt.Errorf("error reading 'data_streams': %w", err)
+			return nil, fmt.Errorf("error marshaling 'datasets': %w", err)
 		}
-		delete(object, "data_streams")
 	}
 
-	if raw, found := object["description"]; found {
-		err = json.Unmarshal(raw, &a.Description)
+	if a.Fields != nil {
+		object["fields"], err = json.Marshal(a.Fields)
 		if err != nil {
-			return fmt.Errorf("error reading 'description': %w", err)
+			return nil, fmt.Errorf("error marshaling 'fields': %w", err)
 		}
-		delete(object, "description")
 	}
 
-	if raw, found := object["discovery"]; found {
-		err = json.Unmarshal(raw, &a.Discovery)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return fmt.Errorf("error reading 'discovery': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
-		delete(object, "discovery")
 	}
+	return json.Marshal(object)
+}
 
-	if raw, found := object["download"]; found {
-		err = json.Unmarshal(raw, &a.Download)
-		if err != nil {
-			return fmt.Errorf("error reading 'download': %w", err)
-		}
-		delete(object, "download")
+// Getter for additional properties for PackageInfo_Icons_Item. Returns the specified
+// element and whether it was found
+func (a PackageInfo_Icons_Item) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
 	}
+	return
+}
 
-	if raw, found := object["elasticsearch"]; found {
-		err = json.Unmarshal(raw, &a.Elasticsearch)
-		if err != nil {
-			return fmt.Errorf("error reading 'elasticsearch': %w", err)
-		}
-		delete(object, "elasticsearch")
+// Setter for additional properties for PackageInfo_Icons_Item
+func (a *PackageInfo_Icons_Item) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
 	}
+	a.AdditionalProperties[fieldName] = value
+}
 
-	if raw, found := object["format_version"]; found {
-		err = json.Unmarshal(raw, &a.FormatVersion)
-		if err != nil {
-			return fmt.Errorf("error reading 'format_version': %w", err)
-		}
-		delete(object, "format_version")
+// Override default JSON handling for PackageInfo_Icons_Item to handle AdditionalProperties
+func (a *PackageInfo_Icons_Item) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
+	if err != nil {
+		return err
 	}
 
-	if raw, found := object["icons"]; found {
-		err = json.Unmarshal(raw, &a.Icons)
+	if raw, found := object["dark_mode"]; found {
+		err = json.Unmarshal(raw, &a.DarkMode)
 		if err != nil {
-			return fmt.Errorf("error reading 'icons': %w", err)
+			return fmt.Errorf("error reading 'dark_mode': %w", err)
 		}
-		delete(object, "icons")
+		delete(object, "dark_mode")
 	}
 
-	if raw, found := object["installationInfo"]; found {
-		err = json.Unmarshal(raw, &a.InstallationInfo)
+	if raw, found := object["path"]; found {
+		err = json.Unmarshal(raw, &a.Path)
 		if err != nil {
-			return fmt.Errorf("error reading 'installationInfo': %w", err)
+			return fmt.Errorf("error reading 'path': %w", err)
 		}
-		delete(object, "installationInfo")
+		delete(object, "path")
 	}
 
-	if raw, found := object["internal"]; found {
-		err = json.Unmarshal(raw, &a.Internal)
+	if raw, found := object["size"]; found {
+		err = json.Unmarshal(raw, &a.Size)
 		if err != nil {
-			return fmt.Errorf("error reading 'internal': %w", err)
+			return fmt.Errorf("error reading 'size': %w", err)
 		}
-		delete(object, "internal")
+		delete(object, "size")
 	}
 
-	if raw, found := object["keepPoliciesUpToDate"]; found {
-		err = json.Unmarshal(raw, &a.KeepPoliciesUpToDate)
+	if raw, found := object["src"]; found {
+		err = json.Unmarshal(raw, &a.Src)
 		if err != nil {
-			return fmt.Errorf("error reading 'keepPoliciesUpToDate': %w", err)
+			return fmt.Errorf("error reading 'src': %w", err)
 		}
-		delete(object, "keepPoliciesUpToDate")
+		delete(object, "src")
 	}
 
-	if raw, found := object["latestVersion"]; found {
-		err = json.Unmarshal(raw, &a.LatestVersion)
+	if raw, found := object["title"]; found {
+		err = json.Unmarshal(raw, &a.Title)
 		if err != nil {
-			return fmt.Errorf("error reading 'latestVersion': %w", err)
+			return fmt.Errorf("error reading 'title': %w", err)
 		}
-		delete(object, "latestVersion")
+		delete(object, "title")
 	}
 
-	if raw, found := object["license"]; found {
-		err = json.Unmarshal(raw, &a.License)
+	if raw, found := object["type"]; found {
+		err = json.Unmarshal(raw, &a.Type)
 		if err != nil {
-			return fmt.Errorf("error reading 'license': %w", err)
+			return fmt.Errorf("error reading 'type': %w", err)
 		}
-		delete(object, "license")
+		delete(object, "type")
 	}
 
-	if raw, found := object["licensePath"]; found {
-		err = json.Unmarshal(raw, &a.LicensePath)
-		if err != nil {
-			return fmt.Errorf("error reading 'licensePath': %w", err)
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
 		}
-		delete(object, "licensePath")
 	}
+	return nil
+}
 
-	if raw, found := object["name"]; found {
-		err = json.Unmarshal(raw, &a.Name)
+// Override default JSON handling for PackageInfo_Icons_Item to handle AdditionalProperties
+func (a PackageInfo_Icons_Item) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
+
+	if a.DarkMode != nil {
+		object["dark_mode"], err = json.Marshal(a.DarkMode)
 		if err != nil {
-			return fmt.Errorf("error reading 'name': %w", err)
+			return nil, fmt.Errorf("error marshaling 'dark_mode': %w", err)
 		}
-		delete(object, "name")
 	}
 
-	if raw, found := object["notice"]; found {
-		err = json.Unmarshal(raw, &a.Notice)
+	if a.Path != nil {
+		object["path"], err = json.Marshal(a.Path)
 		if err != nil {
-			return fmt.Errorf("error reading 'notice': %w", err)
+			return nil, fmt.Errorf("error marshaling 'path': %w", err)
 		}
-		delete(object, "notice")
 	}
 
-	if raw, found := object["owner"]; found {
-		err = json.Unmarshal(raw, &a.Owner)
+	if a.Size != nil {
+		object["size"], err = json.Marshal(a.Size)
 		if err != nil {
-			return fmt.Errorf("error reading 'owner': %w", err)
+			return nil, fmt.Errorf("error marshaling 'size': %w", err)
 		}
-		delete(object, "owner")
 	}
 
-	if raw, found := object["path"]; found {
-		err = json.Unmarshal(raw, &a.Path)
-		if err != nil {
-			return fmt.Errorf("error reading 'path': %w", err)
-		}
-		delete(object, "path")
+	object["src"], err = json.Marshal(a.Src)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'src': %w", err)
 	}
 
-	if raw, found := object["policy_templates"]; found {
-		err = json.Unmarshal(raw, &a.PolicyTemplates)
+	if a.Title != nil {
+		object["title"], err = json.Marshal(a.Title)
 		if err != nil {
-			return fmt.Errorf("error reading 'policy_templates': %w", err)
+			return nil, fmt.Errorf("error marshaling 'title': %w", err)
 		}
-		delete(object, "policy_templates")
 	}
 
-	if raw, found := object["readme"]; found {
-		err = json.Unmarshal(raw, &a.Readme)
+	if a.Type != nil {
+		object["type"], err = json.Marshal(a.Type)
 		if err != nil {
-			return fmt.Errorf("error reading 'readme': %w", err)
+			return nil, fmt.Errorf("error marshaling 'type': %w", err)
 		}
-		delete(object, "readme")
 	}
 
-	if raw, found := object["release"]; found {
-		err = json.Unmarshal(raw, &a.Release)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return fmt.Errorf("error reading 'release': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
-		delete(object, "release")
 	}
+	return json.Marshal(object)
+}
 
-	if raw, found := object["screenshots"]; found {
-		err = json.Unmarshal(raw, &a.Screenshots)
-		if err != nil {
-			return fmt.Errorf("error reading 'screenshots': %w", err)
-		}
-		delete(object, "screenshots")
+// Getter for additional properties for PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item. Returns the specified
+// element and whether it was found
+func (a PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
 	}
+	return
+}
 
-	if raw, found := object["signature_path"]; found {
-		err = json.Unmarshal(raw, &a.SignaturePath)
-		if err != nil {
-			return fmt.Errorf("error reading 'signature_path': %w", err)
-		}
-		delete(object, "signature_path")
+// Setter for additional properties for PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item
+func (a *PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
 	}
+	a.AdditionalProperties[fieldName] = value
+}
 
-	if raw, found := object["source"]; found {
-		err = json.Unmarshal(raw, &a.Source)
-		if err != nil {
-			return fmt.Errorf("error reading 'source': %w", err)
-		}
-		delete(object, "source")
+// Override default JSON handling for PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item to handle AdditionalProperties
+func (a *PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
+	if err != nil {
+		return err
 	}
 
-	if raw, found := object["status"]; found {
-		err = json.Unmarshal(raw, &a.Status)
+	if raw, found := object["id"]; found {
+		err = json.Unmarshal(raw, &a.Id)
 		if err != nil {
-			return fmt.Errorf("error reading 'status': %w", err)
+			return fmt.Errorf("error reading 'id': %w", err)
 		}
-		delete(object, "status")
+		delete(object, "id")
 	}
 
-	if raw, found := object["title"]; found {
-		err = json.Unmarshal(raw, &a.Title)
+	if raw, found := object["originId"]; found {
+		err = json.Unmarshal(raw, &a.OriginId)
 		if err != nil {
-			return fmt.Errorf("error reading 'title': %w", err)
+			return fmt.Errorf("error reading 'originId': %w", err)
 		}
-		delete(object, "title")
+		delete(object, "originId")
 	}
 
 	if raw, found := object["type"]; found {
@@ -8175,22 +15351,6 @@ func (a *PackageInfo) UnmarshalJSON(b []byte) error {
 		delete(object, "type")
 	}
 
-	if raw, found := object["vars"]; found {
-		err = json.Unmarshal(raw, &a.Vars)
-		if err != nil {
-			return fmt.Errorf("error reading 'vars': %w", err)
-		}
-		delete(object, "vars")
-	}
-
-	if raw, found := object["version"]; found {
-		err = json.Unmarshal(raw, &a.Version)
-		if err != nil {
-			return fmt.Errorf("error reading 'version': %w", err)
-		}
-		delete(object, "version")
-	}
-
 	if len(object) != 0 {
 		a.AdditionalProperties = make(map[string]interface{})
 		for fieldName, fieldBuf := range object {
@@ -8205,234 +15365,329 @@ func (a *PackageInfo) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for PackageInfo to handle AdditionalProperties
-func (a PackageInfo) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item to handle AdditionalProperties
+func (a PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Agent != nil {
-		object["agent"], err = json.Marshal(a.Agent)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'agent': %w", err)
-		}
+	object["id"], err = json.Marshal(a.Id)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'id': %w", err)
 	}
 
-	if a.AssetTags != nil {
-		object["asset_tags"], err = json.Marshal(a.AssetTags)
+	if a.OriginId != nil {
+		object["originId"], err = json.Marshal(a.OriginId)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'asset_tags': %w", err)
+			return nil, fmt.Errorf("error marshaling 'originId': %w", err)
 		}
 	}
 
-	object["assets"], err = json.Marshal(a.Assets)
+	object["type"], err = json.Marshal(a.Type)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'assets': %w", err)
+		return nil, fmt.Errorf("error marshaling 'type': %w", err)
 	}
 
-	if a.Categories != nil {
-		object["categories"], err = json.Marshal(a.Categories)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'categories': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
 	}
+	return json.Marshal(object)
+}
 
-	if a.Conditions != nil {
-		object["conditions"], err = json.Marshal(a.Conditions)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'conditions': %w", err)
-		}
+// Getter for additional properties for PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features. Returns the specified
+// element and whether it was found
+func (a PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
 	}
+	return
+}
 
-	if a.DataStreams != nil {
-		object["data_streams"], err = json.Marshal(a.DataStreams)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'data_streams': %w", err)
-		}
+// Setter for additional properties for PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features
+func (a *PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
 	}
+	a.AdditionalProperties[fieldName] = value
+}
 
-	if a.Description != nil {
-		object["description"], err = json.Marshal(a.Description)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'description': %w", err)
-		}
+// Override default JSON handling for PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features to handle AdditionalProperties
+func (a *PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
+	if err != nil {
+		return err
 	}
 
-	if a.Discovery != nil {
-		object["discovery"], err = json.Marshal(a.Discovery)
+	if raw, found := object["doc_value_only_numeric"]; found {
+		err = json.Unmarshal(raw, &a.DocValueOnlyNumeric)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'discovery': %w", err)
+			return fmt.Errorf("error reading 'doc_value_only_numeric': %w", err)
 		}
+		delete(object, "doc_value_only_numeric")
 	}
 
-	if a.Download != nil {
-		object["download"], err = json.Marshal(a.Download)
+	if raw, found := object["doc_value_only_other"]; found {
+		err = json.Unmarshal(raw, &a.DocValueOnlyOther)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'download': %w", err)
+			return fmt.Errorf("error reading 'doc_value_only_other': %w", err)
 		}
+		delete(object, "doc_value_only_other")
 	}
 
-	if a.Elasticsearch != nil {
-		object["elasticsearch"], err = json.Marshal(a.Elasticsearch)
+	if raw, found := object["synthetic_source"]; found {
+		err = json.Unmarshal(raw, &a.SyntheticSource)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'elasticsearch': %w", err)
+			return fmt.Errorf("error reading 'synthetic_source': %w", err)
 		}
+		delete(object, "synthetic_source")
 	}
 
-	if a.FormatVersion != nil {
-		object["format_version"], err = json.Marshal(a.FormatVersion)
+	if raw, found := object["tsdb"]; found {
+		err = json.Unmarshal(raw, &a.Tsdb)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'format_version': %w", err)
+			return fmt.Errorf("error reading 'tsdb': %w", err)
 		}
+		delete(object, "tsdb")
 	}
 
-	if a.Icons != nil {
-		object["icons"], err = json.Marshal(a.Icons)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'icons': %w", err)
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
 		}
 	}
+	return nil
+}
 
-	if a.InstallationInfo != nil {
-		object["installationInfo"], err = json.Marshal(a.InstallationInfo)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'installationInfo': %w", err)
-		}
-	}
+// Override default JSON handling for PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features to handle AdditionalProperties
+func (a PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
 
-	if a.Internal != nil {
-		object["internal"], err = json.Marshal(a.Internal)
+	if a.DocValueOnlyNumeric != nil {
+		object["doc_value_only_numeric"], err = json.Marshal(a.DocValueOnlyNumeric)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'internal': %w", err)
+			return nil, fmt.Errorf("error marshaling 'doc_value_only_numeric': %w", err)
 		}
 	}
 
-	if a.KeepPoliciesUpToDate != nil {
-		object["keepPoliciesUpToDate"], err = json.Marshal(a.KeepPoliciesUpToDate)
+	if a.DocValueOnlyOther != nil {
+		object["doc_value_only_other"], err = json.Marshal(a.DocValueOnlyOther)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'keepPoliciesUpToDate': %w", err)
+			return nil, fmt.Errorf("error marshaling 'doc_value_only_other': %w", err)
 		}
 	}
 
-	if a.LatestVersion != nil {
-		object["latestVersion"], err = json.Marshal(a.LatestVersion)
+	if a.SyntheticSource != nil {
+		object["synthetic_source"], err = json.Marshal(a.SyntheticSource)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'latestVersion': %w", err)
+			return nil, fmt.Errorf("error marshaling 'synthetic_source': %w", err)
 		}
 	}
 
-	if a.License != nil {
-		object["license"], err = json.Marshal(a.License)
+	if a.Tsdb != nil {
+		object["tsdb"], err = json.Marshal(a.Tsdb)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'license': %w", err)
+			return nil, fmt.Errorf("error marshaling 'tsdb': %w", err)
 		}
 	}
 
-	if a.LicensePath != nil {
-		object["licensePath"], err = json.Marshal(a.LicensePath)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'licensePath': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
 	}
+	return json.Marshal(object)
+}
 
-	object["name"], err = json.Marshal(a.Name)
+// Getter for additional properties for PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item. Returns the specified
+// element and whether it was found
+func (a PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
+	}
+	return
+}
+
+// Setter for additional properties for PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item
+func (a *PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
+	}
+	a.AdditionalProperties[fieldName] = value
+}
+
+// Override default JSON handling for PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item to handle AdditionalProperties
+func (a *PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'name': %w", err)
+		return err
 	}
 
-	if a.Notice != nil {
-		object["notice"], err = json.Marshal(a.Notice)
+	if raw, found := object["data_stream"]; found {
+		err = json.Unmarshal(raw, &a.DataStream)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'notice': %w", err)
+			return fmt.Errorf("error reading 'data_stream': %w", err)
 		}
+		delete(object, "data_stream")
 	}
 
-	if a.Owner != nil {
-		object["owner"], err = json.Marshal(a.Owner)
+	if raw, found := object["features"]; found {
+		err = json.Unmarshal(raw, &a.Features)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'owner': %w", err)
+			return fmt.Errorf("error reading 'features': %w", err)
 		}
+		delete(object, "features")
 	}
 
-	if a.Path != nil {
-		object["path"], err = json.Marshal(a.Path)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'path': %w", err)
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
 		}
 	}
+	return nil
+}
+
+// Override default JSON handling for PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item to handle AdditionalProperties
+func (a PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
+
+	object["data_stream"], err = json.Marshal(a.DataStream)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'data_stream': %w", err)
+	}
 
-	if a.PolicyTemplates != nil {
-		object["policy_templates"], err = json.Marshal(a.PolicyTemplates)
+	object["features"], err = json.Marshal(a.Features)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'features': %w", err)
+	}
+
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'policy_templates': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
 	}
+	return json.Marshal(object)
+}
 
-	if a.Readme != nil {
-		object["readme"], err = json.Marshal(a.Readme)
+// Getter for additional properties for PackageInfo_InstallationInfo_InstalledEs_Item. Returns the specified
+// element and whether it was found
+func (a PackageInfo_InstallationInfo_InstalledEs_Item) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
+	}
+	return
+}
+
+// Setter for additional properties for PackageInfo_InstallationInfo_InstalledEs_Item
+func (a *PackageInfo_InstallationInfo_InstalledEs_Item) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
+	}
+	a.AdditionalProperties[fieldName] = value
+}
+
+// Override default JSON handling for PackageInfo_InstallationInfo_InstalledEs_Item to handle AdditionalProperties
+func (a *PackageInfo_InstallationInfo_InstalledEs_Item) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
+	if err != nil {
+		return err
+	}
+
+	if raw, found := object["deferred"]; found {
+		err = json.Unmarshal(raw, &a.Deferred)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'readme': %w", err)
+			return fmt.Errorf("error reading 'deferred': %w", err)
 		}
+		delete(object, "deferred")
 	}
 
-	if a.Release != nil {
-		object["release"], err = json.Marshal(a.Release)
+	if raw, found := object["id"]; found {
+		err = json.Unmarshal(raw, &a.Id)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'release': %w", err)
+			return fmt.Errorf("error reading 'id': %w", err)
 		}
+		delete(object, "id")
 	}
 
-	if a.Screenshots != nil {
-		object["screenshots"], err = json.Marshal(a.Screenshots)
+	if raw, found := object["type"]; found {
+		err = json.Unmarshal(raw, &a.Type)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'screenshots': %w", err)
+			return fmt.Errorf("error reading 'type': %w", err)
 		}
+		delete(object, "type")
 	}
 
-	if a.SignaturePath != nil {
-		object["signature_path"], err = json.Marshal(a.SignaturePath)
+	if raw, found := object["version"]; found {
+		err = json.Unmarshal(raw, &a.Version)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'signature_path': %w", err)
+			return fmt.Errorf("error reading 'version': %w", err)
 		}
+		delete(object, "version")
 	}
 
-	if a.Source != nil {
-		object["source"], err = json.Marshal(a.Source)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'source': %w", err)
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
 		}
 	}
+	return nil
+}
 
-	if a.Status != nil {
-		object["status"], err = json.Marshal(a.Status)
+// Override default JSON handling for PackageInfo_InstallationInfo_InstalledEs_Item to handle AdditionalProperties
+func (a PackageInfo_InstallationInfo_InstalledEs_Item) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
+
+	if a.Deferred != nil {
+		object["deferred"], err = json.Marshal(a.Deferred)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'status': %w", err)
+			return nil, fmt.Errorf("error marshaling 'deferred': %w", err)
 		}
 	}
 
-	object["title"], err = json.Marshal(a.Title)
+	object["id"], err = json.Marshal(a.Id)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'title': %w", err)
+		return nil, fmt.Errorf("error marshaling 'id': %w", err)
 	}
 
-	if a.Type != nil {
-		object["type"], err = json.Marshal(a.Type)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'type': %w", err)
-		}
+	object["type"], err = json.Marshal(a.Type)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'type': %w", err)
 	}
 
-	if a.Vars != nil {
-		object["vars"], err = json.Marshal(a.Vars)
+	if a.Version != nil {
+		object["version"], err = json.Marshal(a.Version)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'vars': %w", err)
+			return nil, fmt.Errorf("error marshaling 'version': %w", err)
 		}
 	}
 
-	object["version"], err = json.Marshal(a.Version)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'version': %w", err)
-	}
-
 	for fieldName, field := range a.AdditionalProperties {
 		object[fieldName], err = json.Marshal(field)
 		if err != nil {
@@ -8442,45 +15697,53 @@ func (a PackageInfo) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageInfo_Conditions_Elastic. Returns the specified
+// Getter for additional properties for PackageInfo_InstallationInfo_InstalledKibana_Item. Returns the specified
 // element and whether it was found
-func (a PackageInfo_Conditions_Elastic) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageInfo_InstallationInfo_InstalledKibana_Item) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageInfo_Conditions_Elastic
-func (a *PackageInfo_Conditions_Elastic) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageInfo_InstallationInfo_InstalledKibana_Item
+func (a *PackageInfo_InstallationInfo_InstalledKibana_Item) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageInfo_Conditions_Elastic to handle AdditionalProperties
-func (a *PackageInfo_Conditions_Elastic) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageInfo_InstallationInfo_InstalledKibana_Item to handle AdditionalProperties
+func (a *PackageInfo_InstallationInfo_InstalledKibana_Item) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["capabilities"]; found {
-		err = json.Unmarshal(raw, &a.Capabilities)
+	if raw, found := object["id"]; found {
+		err = json.Unmarshal(raw, &a.Id)
 		if err != nil {
-			return fmt.Errorf("error reading 'capabilities': %w", err)
+			return fmt.Errorf("error reading 'id': %w", err)
 		}
-		delete(object, "capabilities")
+		delete(object, "id")
 	}
 
-	if raw, found := object["subscription"]; found {
-		err = json.Unmarshal(raw, &a.Subscription)
+	if raw, found := object["originId"]; found {
+		err = json.Unmarshal(raw, &a.OriginId)
 		if err != nil {
-			return fmt.Errorf("error reading 'subscription': %w", err)
+			return fmt.Errorf("error reading 'originId': %w", err)
 		}
-		delete(object, "subscription")
+		delete(object, "originId")
+	}
+
+	if raw, found := object["type"]; found {
+		err = json.Unmarshal(raw, &a.Type)
+		if err != nil {
+			return fmt.Errorf("error reading 'type': %w", err)
+		}
+		delete(object, "type")
 	}
 
 	if len(object) != 0 {
@@ -8497,23 +15760,26 @@ func (a *PackageInfo_Conditions_Elastic) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for PackageInfo_Conditions_Elastic to handle AdditionalProperties
-func (a PackageInfo_Conditions_Elastic) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageInfo_InstallationInfo_InstalledKibana_Item to handle AdditionalProperties
+func (a PackageInfo_InstallationInfo_InstalledKibana_Item) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Capabilities != nil {
-		object["capabilities"], err = json.Marshal(a.Capabilities)
+	object["id"], err = json.Marshal(a.Id)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'id': %w", err)
+	}
+
+	if a.OriginId != nil {
+		object["originId"], err = json.Marshal(a.OriginId)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'capabilities': %w", err)
+			return nil, fmt.Errorf("error marshaling 'originId': %w", err)
 		}
 	}
 
-	if a.Subscription != nil {
-		object["subscription"], err = json.Marshal(a.Subscription)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'subscription': %w", err)
-		}
+	object["type"], err = json.Marshal(a.Type)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'type': %w", err)
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -8525,37 +15791,53 @@ func (a PackageInfo_Conditions_Elastic) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageInfo_Conditions_Kibana. Returns the specified
+// Getter for additional properties for PackageInfo_InstallationInfo_LatestExecutedState. Returns the specified
 // element and whether it was found
-func (a PackageInfo_Conditions_Kibana) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageInfo_InstallationInfo_LatestExecutedState) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageInfo_Conditions_Kibana
-func (a *PackageInfo_Conditions_Kibana) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageInfo_InstallationInfo_LatestExecutedState
+func (a *PackageInfo_InstallationInfo_LatestExecutedState) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageInfo_Conditions_Kibana to handle AdditionalProperties
-func (a *PackageInfo_Conditions_Kibana) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageInfo_InstallationInfo_LatestExecutedState to handle AdditionalProperties
+func (a *PackageInfo_InstallationInfo_LatestExecutedState) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["version"]; found {
-		err = json.Unmarshal(raw, &a.Version)
+	if raw, found := object["error"]; found {
+		err = json.Unmarshal(raw, &a.Error)
 		if err != nil {
-			return fmt.Errorf("error reading 'version': %w", err)
+			return fmt.Errorf("error reading 'error': %w", err)
 		}
-		delete(object, "version")
+		delete(object, "error")
+	}
+
+	if raw, found := object["name"]; found {
+		err = json.Unmarshal(raw, &a.Name)
+		if err != nil {
+			return fmt.Errorf("error reading 'name': %w", err)
+		}
+		delete(object, "name")
+	}
+
+	if raw, found := object["started_at"]; found {
+		err = json.Unmarshal(raw, &a.StartedAt)
+		if err != nil {
+			return fmt.Errorf("error reading 'started_at': %w", err)
+		}
+		delete(object, "started_at")
 	}
 
 	if len(object) != 0 {
@@ -8572,15 +15854,29 @@ func (a *PackageInfo_Conditions_Kibana) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for PackageInfo_Conditions_Kibana to handle AdditionalProperties
-func (a PackageInfo_Conditions_Kibana) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageInfo_InstallationInfo_LatestExecutedState to handle AdditionalProperties
+func (a PackageInfo_InstallationInfo_LatestExecutedState) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Version != nil {
-		object["version"], err = json.Marshal(a.Version)
+	if a.Error != nil {
+		object["error"], err = json.Marshal(a.Error)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'version': %w", err)
+			return nil, fmt.Errorf("error marshaling 'error': %w", err)
+		}
+	}
+
+	if a.Name != nil {
+		object["name"], err = json.Marshal(a.Name)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'name': %w", err)
+		}
+	}
+
+	if a.StartedAt != nil {
+		object["started_at"], err = json.Marshal(a.StartedAt)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'started_at': %w", err)
 		}
 	}
 
@@ -8593,45 +15889,53 @@ func (a PackageInfo_Conditions_Kibana) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageInfo_Conditions. Returns the specified
+// Getter for additional properties for PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error. Returns the specified
 // element and whether it was found
-func (a PackageInfo_Conditions) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageInfo_Conditions
-func (a *PackageInfo_Conditions) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error
+func (a *PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageInfo_Conditions to handle AdditionalProperties
-func (a *PackageInfo_Conditions) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error to handle AdditionalProperties
+func (a *PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["elastic"]; found {
-		err = json.Unmarshal(raw, &a.Elastic)
+	if raw, found := object["message"]; found {
+		err = json.Unmarshal(raw, &a.Message)
 		if err != nil {
-			return fmt.Errorf("error reading 'elastic': %w", err)
+			return fmt.Errorf("error reading 'message': %w", err)
 		}
-		delete(object, "elastic")
+		delete(object, "message")
 	}
 
-	if raw, found := object["kibana"]; found {
-		err = json.Unmarshal(raw, &a.Kibana)
+	if raw, found := object["name"]; found {
+		err = json.Unmarshal(raw, &a.Name)
 		if err != nil {
-			return fmt.Errorf("error reading 'kibana': %w", err)
+			return fmt.Errorf("error reading 'name': %w", err)
 		}
-		delete(object, "kibana")
+		delete(object, "name")
+	}
+
+	if raw, found := object["stack"]; found {
+		err = json.Unmarshal(raw, &a.Stack)
+		if err != nil {
+			return fmt.Errorf("error reading 'stack': %w", err)
+		}
+		delete(object, "stack")
 	}
 
 	if len(object) != 0 {
@@ -8648,22 +15952,25 @@ func (a *PackageInfo_Conditions) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for PackageInfo_Conditions to handle AdditionalProperties
-func (a PackageInfo_Conditions) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error to handle AdditionalProperties
+func (a PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Elastic != nil {
-		object["elastic"], err = json.Marshal(a.Elastic)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'elastic': %w", err)
-		}
+	object["message"], err = json.Marshal(a.Message)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'message': %w", err)
 	}
 
-	if a.Kibana != nil {
-		object["kibana"], err = json.Marshal(a.Kibana)
+	object["name"], err = json.Marshal(a.Name)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'name': %w", err)
+	}
+
+	if a.Stack != nil {
+		object["stack"], err = json.Marshal(a.Stack)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'kibana': %w", err)
+			return nil, fmt.Errorf("error marshaling 'stack': %w", err)
 		}
 	}
 
@@ -8676,37 +15983,53 @@ func (a PackageInfo_Conditions) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageInfo_Discovery_Fields_Item. Returns the specified
+// Getter for additional properties for PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item. Returns the specified
 // element and whether it was found
-func (a PackageInfo_Discovery_Fields_Item) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageInfo_Discovery_Fields_Item
-func (a *PackageInfo_Discovery_Fields_Item) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item
+func (a *PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageInfo_Discovery_Fields_Item to handle AdditionalProperties
-func (a *PackageInfo_Discovery_Fields_Item) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item to handle AdditionalProperties
+func (a *PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["name"]; found {
-		err = json.Unmarshal(raw, &a.Name)
+	if raw, found := object["created_at"]; found {
+		err = json.Unmarshal(raw, &a.CreatedAt)
 		if err != nil {
-			return fmt.Errorf("error reading 'name': %w", err)
+			return fmt.Errorf("error reading 'created_at': %w", err)
 		}
-		delete(object, "name")
+		delete(object, "created_at")
+	}
+
+	if raw, found := object["error"]; found {
+		err = json.Unmarshal(raw, &a.Error)
+		if err != nil {
+			return fmt.Errorf("error reading 'error': %w", err)
+		}
+		delete(object, "error")
+	}
+
+	if raw, found := object["target_version"]; found {
+		err = json.Unmarshal(raw, &a.TargetVersion)
+		if err != nil {
+			return fmt.Errorf("error reading 'target_version': %w", err)
+		}
+		delete(object, "target_version")
 	}
 
 	if len(object) != 0 {
@@ -8723,14 +16046,24 @@ func (a *PackageInfo_Discovery_Fields_Item) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for PackageInfo_Discovery_Fields_Item to handle AdditionalProperties
-func (a PackageInfo_Discovery_Fields_Item) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item to handle AdditionalProperties
+func (a PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	object["name"], err = json.Marshal(a.Name)
+	object["created_at"], err = json.Marshal(a.CreatedAt)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'name': %w", err)
+		return nil, fmt.Errorf("error marshaling 'created_at': %w", err)
+	}
+
+	object["error"], err = json.Marshal(a.Error)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'error': %w", err)
+	}
+
+	object["target_version"], err = json.Marshal(a.TargetVersion)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'target_version': %w", err)
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -8742,145 +16075,181 @@ func (a PackageInfo_Discovery_Fields_Item) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageInfo_Discovery. Returns the specified
+// Getter for additional properties for PackageInfo_InstallationInfo. Returns the specified
 // element and whether it was found
-func (a PackageInfo_Discovery) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageInfo_InstallationInfo) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageInfo_Discovery
-func (a *PackageInfo_Discovery) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageInfo_InstallationInfo
+func (a *PackageInfo_InstallationInfo) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageInfo_Discovery to handle AdditionalProperties
-func (a *PackageInfo_Discovery) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageInfo_InstallationInfo to handle AdditionalProperties
+func (a *PackageInfo_InstallationInfo) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["fields"]; found {
-		err = json.Unmarshal(raw, &a.Fields)
+	if raw, found := object["additional_spaces_installed_kibana"]; found {
+		err = json.Unmarshal(raw, &a.AdditionalSpacesInstalledKibana)
 		if err != nil {
-			return fmt.Errorf("error reading 'fields': %w", err)
+			return fmt.Errorf("error reading 'additional_spaces_installed_kibana': %w", err)
 		}
-		delete(object, "fields")
+		delete(object, "additional_spaces_installed_kibana")
 	}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
+	if raw, found := object["created_at"]; found {
+		err = json.Unmarshal(raw, &a.CreatedAt)
+		if err != nil {
+			return fmt.Errorf("error reading 'created_at': %w", err)
+		}
+		delete(object, "created_at")
+	}
+
+	if raw, found := object["experimental_data_stream_features"]; found {
+		err = json.Unmarshal(raw, &a.ExperimentalDataStreamFeatures)
+		if err != nil {
+			return fmt.Errorf("error reading 'experimental_data_stream_features': %w", err)
+		}
+		delete(object, "experimental_data_stream_features")
+	}
+
+	if raw, found := object["install_format_schema_version"]; found {
+		err = json.Unmarshal(raw, &a.InstallFormatSchemaVersion)
+		if err != nil {
+			return fmt.Errorf("error reading 'install_format_schema_version': %w", err)
+		}
+		delete(object, "install_format_schema_version")
+	}
+
+	if raw, found := object["install_source"]; found {
+		err = json.Unmarshal(raw, &a.InstallSource)
+		if err != nil {
+			return fmt.Errorf("error reading 'install_source': %w", err)
+		}
+		delete(object, "install_source")
+	}
+
+	if raw, found := object["install_status"]; found {
+		err = json.Unmarshal(raw, &a.InstallStatus)
+		if err != nil {
+			return fmt.Errorf("error reading 'install_status': %w", err)
+		}
+		delete(object, "install_status")
+	}
+
+	if raw, found := object["installed_es"]; found {
+		err = json.Unmarshal(raw, &a.InstalledEs)
+		if err != nil {
+			return fmt.Errorf("error reading 'installed_es': %w", err)
 		}
+		delete(object, "installed_es")
 	}
-	return nil
-}
 
-// Override default JSON handling for PackageInfo_Discovery to handle AdditionalProperties
-func (a PackageInfo_Discovery) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
+	if raw, found := object["installed_kibana"]; found {
+		err = json.Unmarshal(raw, &a.InstalledKibana)
+		if err != nil {
+			return fmt.Errorf("error reading 'installed_kibana': %w", err)
+		}
+		delete(object, "installed_kibana")
+	}
 
-	if a.Fields != nil {
-		object["fields"], err = json.Marshal(a.Fields)
+	if raw, found := object["installed_kibana_space_id"]; found {
+		err = json.Unmarshal(raw, &a.InstalledKibanaSpaceId)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'fields': %w", err)
+			return fmt.Errorf("error reading 'installed_kibana_space_id': %w", err)
 		}
+		delete(object, "installed_kibana_space_id")
 	}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
+	if raw, found := object["latest_executed_state"]; found {
+		err = json.Unmarshal(raw, &a.LatestExecutedState)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
+			return fmt.Errorf("error reading 'latest_executed_state': %w", err)
 		}
+		delete(object, "latest_executed_state")
 	}
-	return json.Marshal(object)
-}
 
-// Getter for additional properties for PackageInfo_Icons_Item. Returns the specified
-// element and whether it was found
-func (a PackageInfo_Icons_Item) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
+	if raw, found := object["latest_install_failed_attempts"]; found {
+		err = json.Unmarshal(raw, &a.LatestInstallFailedAttempts)
+		if err != nil {
+			return fmt.Errorf("error reading 'latest_install_failed_attempts': %w", err)
+		}
+		delete(object, "latest_install_failed_attempts")
 	}
-	return
-}
 
-// Setter for additional properties for PackageInfo_Icons_Item
-func (a *PackageInfo_Icons_Item) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
+	if raw, found := object["name"]; found {
+		err = json.Unmarshal(raw, &a.Name)
+		if err != nil {
+			return fmt.Errorf("error reading 'name': %w", err)
+		}
+		delete(object, "name")
 	}
-	a.AdditionalProperties[fieldName] = value
-}
 
-// Override default JSON handling for PackageInfo_Icons_Item to handle AdditionalProperties
-func (a *PackageInfo_Icons_Item) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
-	if err != nil {
-		return err
+	if raw, found := object["namespaces"]; found {
+		err = json.Unmarshal(raw, &a.Namespaces)
+		if err != nil {
+			return fmt.Errorf("error reading 'namespaces': %w", err)
+		}
+		delete(object, "namespaces")
 	}
 
-	if raw, found := object["dark_mode"]; found {
-		err = json.Unmarshal(raw, &a.DarkMode)
+	if raw, found := object["previous_version"]; found {
+		err = json.Unmarshal(raw, &a.PreviousVersion)
 		if err != nil {
-			return fmt.Errorf("error reading 'dark_mode': %w", err)
+			return fmt.Errorf("error reading 'previous_version': %w", err)
 		}
-		delete(object, "dark_mode")
+		delete(object, "previous_version")
 	}
 
-	if raw, found := object["path"]; found {
-		err = json.Unmarshal(raw, &a.Path)
+	if raw, found := object["type"]; found {
+		err = json.Unmarshal(raw, &a.Type)
 		if err != nil {
-			return fmt.Errorf("error reading 'path': %w", err)
+			return fmt.Errorf("error reading 'type': %w", err)
 		}
-		delete(object, "path")
+		delete(object, "type")
 	}
 
-	if raw, found := object["size"]; found {
-		err = json.Unmarshal(raw, &a.Size)
+	if raw, found := object["updated_at"]; found {
+		err = json.Unmarshal(raw, &a.UpdatedAt)
 		if err != nil {
-			return fmt.Errorf("error reading 'size': %w", err)
+			return fmt.Errorf("error reading 'updated_at': %w", err)
 		}
-		delete(object, "size")
+		delete(object, "updated_at")
 	}
 
-	if raw, found := object["src"]; found {
-		err = json.Unmarshal(raw, &a.Src)
+	if raw, found := object["verification_key_id"]; found {
+		err = json.Unmarshal(raw, &a.VerificationKeyId)
 		if err != nil {
-			return fmt.Errorf("error reading 'src': %w", err)
+			return fmt.Errorf("error reading 'verification_key_id': %w", err)
 		}
-		delete(object, "src")
+		delete(object, "verification_key_id")
 	}
 
-	if raw, found := object["title"]; found {
-		err = json.Unmarshal(raw, &a.Title)
+	if raw, found := object["verification_status"]; found {
+		err = json.Unmarshal(raw, &a.VerificationStatus)
 		if err != nil {
-			return fmt.Errorf("error reading 'title': %w", err)
+			return fmt.Errorf("error reading 'verification_status': %w", err)
 		}
-		delete(object, "title")
+		delete(object, "verification_status")
 	}
 
-	if raw, found := object["type"]; found {
-		err = json.Unmarshal(raw, &a.Type)
+	if raw, found := object["version"]; found {
+		err = json.Unmarshal(raw, &a.Version)
 		if err != nil {
-			return fmt.Errorf("error reading 'type': %w", err)
+			return fmt.Errorf("error reading 'version': %w", err)
 		}
-		delete(object, "type")
+		delete(object, "version")
 	}
 
 	if len(object) != 0 {
@@ -8897,143 +16266,126 @@ func (a *PackageInfo_Icons_Item) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for PackageInfo_Icons_Item to handle AdditionalProperties
-func (a PackageInfo_Icons_Item) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageInfo_InstallationInfo to handle AdditionalProperties
+func (a PackageInfo_InstallationInfo) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.DarkMode != nil {
-		object["dark_mode"], err = json.Marshal(a.DarkMode)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'dark_mode': %w", err)
-		}
-	}
-
-	if a.Path != nil {
-		object["path"], err = json.Marshal(a.Path)
+	if a.AdditionalSpacesInstalledKibana != nil {
+		object["additional_spaces_installed_kibana"], err = json.Marshal(a.AdditionalSpacesInstalledKibana)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'path': %w", err)
+			return nil, fmt.Errorf("error marshaling 'additional_spaces_installed_kibana': %w", err)
 		}
 	}
 
-	if a.Size != nil {
-		object["size"], err = json.Marshal(a.Size)
+	if a.CreatedAt != nil {
+		object["created_at"], err = json.Marshal(a.CreatedAt)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'size': %w", err)
+			return nil, fmt.Errorf("error marshaling 'created_at': %w", err)
 		}
 	}
 
-	object["src"], err = json.Marshal(a.Src)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'src': %w", err)
-	}
-
-	if a.Title != nil {
-		object["title"], err = json.Marshal(a.Title)
+	if a.ExperimentalDataStreamFeatures != nil {
+		object["experimental_data_stream_features"], err = json.Marshal(a.ExperimentalDataStreamFeatures)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'title': %w", err)
+			return nil, fmt.Errorf("error marshaling 'experimental_data_stream_features': %w", err)
 		}
 	}
 
-	if a.Type != nil {
-		object["type"], err = json.Marshal(a.Type)
+	if a.InstallFormatSchemaVersion != nil {
+		object["install_format_schema_version"], err = json.Marshal(a.InstallFormatSchemaVersion)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'type': %w", err)
+			return nil, fmt.Errorf("error marshaling 'install_format_schema_version': %w", err)
 		}
 	}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
-		}
+	object["install_source"], err = json.Marshal(a.InstallSource)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'install_source': %w", err)
 	}
-	return json.Marshal(object)
-}
 
-// Getter for additional properties for PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item. Returns the specified
-// element and whether it was found
-func (a PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
+	object["install_status"], err = json.Marshal(a.InstallStatus)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'install_status': %w", err)
 	}
-	return
-}
 
-// Setter for additional properties for PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item
-func (a *PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
+	object["installed_es"], err = json.Marshal(a.InstalledEs)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'installed_es': %w", err)
 	}
-	a.AdditionalProperties[fieldName] = value
-}
 
-// Override default JSON handling for PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item to handle AdditionalProperties
-func (a *PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
+	object["installed_kibana"], err = json.Marshal(a.InstalledKibana)
 	if err != nil {
-		return err
+		return nil, fmt.Errorf("error marshaling 'installed_kibana': %w", err)
 	}
 
-	if raw, found := object["id"]; found {
-		err = json.Unmarshal(raw, &a.Id)
+	if a.InstalledKibanaSpaceId != nil {
+		object["installed_kibana_space_id"], err = json.Marshal(a.InstalledKibanaSpaceId)
 		if err != nil {
-			return fmt.Errorf("error reading 'id': %w", err)
+			return nil, fmt.Errorf("error marshaling 'installed_kibana_space_id': %w", err)
 		}
-		delete(object, "id")
 	}
 
-	if raw, found := object["originId"]; found {
-		err = json.Unmarshal(raw, &a.OriginId)
+	if a.LatestExecutedState != nil {
+		object["latest_executed_state"], err = json.Marshal(a.LatestExecutedState)
 		if err != nil {
-			return fmt.Errorf("error reading 'originId': %w", err)
+			return nil, fmt.Errorf("error marshaling 'latest_executed_state': %w", err)
 		}
-		delete(object, "originId")
 	}
 
-	if raw, found := object["type"]; found {
-		err = json.Unmarshal(raw, &a.Type)
+	if a.LatestInstallFailedAttempts != nil {
+		object["latest_install_failed_attempts"], err = json.Marshal(a.LatestInstallFailedAttempts)
 		if err != nil {
-			return fmt.Errorf("error reading 'type': %w", err)
+			return nil, fmt.Errorf("error marshaling 'latest_install_failed_attempts': %w", err)
 		}
-		delete(object, "type")
 	}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
+	object["name"], err = json.Marshal(a.Name)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'name': %w", err)
+	}
+
+	if a.Namespaces != nil {
+		object["namespaces"], err = json.Marshal(a.Namespaces)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'namespaces': %w", err)
 		}
 	}
-	return nil
-}
 
-// Override default JSON handling for PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item to handle AdditionalProperties
-func (a PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
+	if a.PreviousVersion != nil {
+		object["previous_version"], err = json.Marshal(a.PreviousVersion)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'previous_version': %w", err)
+		}
+	}
 
-	object["id"], err = json.Marshal(a.Id)
+	object["type"], err = json.Marshal(a.Type)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'id': %w", err)
+		return nil, fmt.Errorf("error marshaling 'type': %w", err)
 	}
 
-	if a.OriginId != nil {
-		object["originId"], err = json.Marshal(a.OriginId)
+	if a.UpdatedAt != nil {
+		object["updated_at"], err = json.Marshal(a.UpdatedAt)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'originId': %w", err)
+			return nil, fmt.Errorf("error marshaling 'updated_at': %w", err)
+		}
+	}
+
+	if a.VerificationKeyId != nil {
+		object["verification_key_id"], err = json.Marshal(a.VerificationKeyId)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'verification_key_id': %w", err)
 		}
 	}
 
-	object["type"], err = json.Marshal(a.Type)
+	object["verification_status"], err = json.Marshal(a.VerificationStatus)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'verification_status': %w", err)
+	}
+
+	object["version"], err = json.Marshal(a.Version)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'type': %w", err)
+		return nil, fmt.Errorf("error marshaling 'version': %w", err)
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -9045,61 +16397,45 @@ func (a PackageInfo_InstallationInfo_AdditionalSpacesInstalledKibana_Item) Marsh
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features. Returns the specified
+// Getter for additional properties for PackageInfo_Owner. Returns the specified
 // element and whether it was found
-func (a PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageInfo_Owner) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features
-func (a *PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageInfo_Owner
+func (a *PackageInfo_Owner) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features to handle AdditionalProperties
-func (a *PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageInfo_Owner to handle AdditionalProperties
+func (a *PackageInfo_Owner) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["doc_value_only_numeric"]; found {
-		err = json.Unmarshal(raw, &a.DocValueOnlyNumeric)
-		if err != nil {
-			return fmt.Errorf("error reading 'doc_value_only_numeric': %w", err)
-		}
-		delete(object, "doc_value_only_numeric")
-	}
-
-	if raw, found := object["doc_value_only_other"]; found {
-		err = json.Unmarshal(raw, &a.DocValueOnlyOther)
-		if err != nil {
-			return fmt.Errorf("error reading 'doc_value_only_other': %w", err)
-		}
-		delete(object, "doc_value_only_other")
-	}
-
-	if raw, found := object["synthetic_source"]; found {
-		err = json.Unmarshal(raw, &a.SyntheticSource)
+	if raw, found := object["github"]; found {
+		err = json.Unmarshal(raw, &a.Github)
 		if err != nil {
-			return fmt.Errorf("error reading 'synthetic_source': %w", err)
+			return fmt.Errorf("error reading 'github': %w", err)
 		}
-		delete(object, "synthetic_source")
+		delete(object, "github")
 	}
 
-	if raw, found := object["tsdb"]; found {
-		err = json.Unmarshal(raw, &a.Tsdb)
+	if raw, found := object["type"]; found {
+		err = json.Unmarshal(raw, &a.Type)
 		if err != nil {
-			return fmt.Errorf("error reading 'tsdb': %w", err)
+			return fmt.Errorf("error reading 'type': %w", err)
 		}
-		delete(object, "tsdb")
+		delete(object, "type")
 	}
 
 	if len(object) != 0 {
@@ -9116,36 +16452,22 @@ func (a *PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features) U
 	return nil
 }
 
-// Override default JSON handling for PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features to handle AdditionalProperties
-func (a PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageInfo_Owner to handle AdditionalProperties
+func (a PackageInfo_Owner) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.DocValueOnlyNumeric != nil {
-		object["doc_value_only_numeric"], err = json.Marshal(a.DocValueOnlyNumeric)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'doc_value_only_numeric': %w", err)
-		}
-	}
-
-	if a.DocValueOnlyOther != nil {
-		object["doc_value_only_other"], err = json.Marshal(a.DocValueOnlyOther)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'doc_value_only_other': %w", err)
-		}
-	}
-
-	if a.SyntheticSource != nil {
-		object["synthetic_source"], err = json.Marshal(a.SyntheticSource)
+	if a.Github != nil {
+		object["github"], err = json.Marshal(a.Github)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'synthetic_source': %w", err)
+			return nil, fmt.Errorf("error marshaling 'github': %w", err)
 		}
 	}
 
-	if a.Tsdb != nil {
-		object["tsdb"], err = json.Marshal(a.Tsdb)
+	if a.Type != nil {
+		object["type"], err = json.Marshal(a.Type)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'tsdb': %w", err)
+			return nil, fmt.Errorf("error marshaling 'type': %w", err)
 		}
 	}
 
@@ -9158,45 +16480,37 @@ func (a PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Features) Ma
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item. Returns the specified
+// Getter for additional properties for PackageInfo_Source. Returns the specified
 // element and whether it was found
-func (a PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageInfo_Source) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item
-func (a *PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageInfo_Source
+func (a *PackageInfo_Source) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item to handle AdditionalProperties
-func (a *PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageInfo_Source to handle AdditionalProperties
+func (a *PackageInfo_Source) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["data_stream"]; found {
-		err = json.Unmarshal(raw, &a.DataStream)
-		if err != nil {
-			return fmt.Errorf("error reading 'data_stream': %w", err)
-		}
-		delete(object, "data_stream")
-	}
-
-	if raw, found := object["features"]; found {
-		err = json.Unmarshal(raw, &a.Features)
+	if raw, found := object["license"]; found {
+		err = json.Unmarshal(raw, &a.License)
 		if err != nil {
-			return fmt.Errorf("error reading 'features': %w", err)
+			return fmt.Errorf("error reading 'license': %w", err)
 		}
-		delete(object, "features")
+		delete(object, "license")
 	}
 
 	if len(object) != 0 {
@@ -9213,19 +16527,14 @@ func (a *PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item) Unmar
 	return nil
 }
 
-// Override default JSON handling for PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item to handle AdditionalProperties
-func (a PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageInfo_Source to handle AdditionalProperties
+func (a PackageInfo_Source) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	object["data_stream"], err = json.Marshal(a.DataStream)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'data_stream': %w", err)
-	}
-
-	object["features"], err = json.Marshal(a.Features)
+	object["license"], err = json.Marshal(a.License)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'features': %w", err)
+		return nil, fmt.Errorf("error marshaling 'license': %w", err)
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -9237,256 +16546,237 @@ func (a PackageInfo_InstallationInfo_ExperimentalDataStreamFeatures_Item) Marsha
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageInfo_InstallationInfo_InstalledEs_Item. Returns the specified
+// Getter for additional properties for PackageListItem. Returns the specified
 // element and whether it was found
-func (a PackageInfo_InstallationInfo_InstalledEs_Item) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageListItem) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageInfo_InstallationInfo_InstalledEs_Item
-func (a *PackageInfo_InstallationInfo_InstalledEs_Item) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageListItem
+func (a *PackageListItem) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageInfo_InstallationInfo_InstalledEs_Item to handle AdditionalProperties
-func (a *PackageInfo_InstallationInfo_InstalledEs_Item) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageListItem to handle AdditionalProperties
+func (a *PackageListItem) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["deferred"]; found {
-		err = json.Unmarshal(raw, &a.Deferred)
+	if raw, found := object["categories"]; found {
+		err = json.Unmarshal(raw, &a.Categories)
 		if err != nil {
-			return fmt.Errorf("error reading 'deferred': %w", err)
+			return fmt.Errorf("error reading 'categories': %w", err)
 		}
-		delete(object, "deferred")
+		delete(object, "categories")
 	}
 
-	if raw, found := object["id"]; found {
-		err = json.Unmarshal(raw, &a.Id)
+	if raw, found := object["conditions"]; found {
+		err = json.Unmarshal(raw, &a.Conditions)
 		if err != nil {
-			return fmt.Errorf("error reading 'id': %w", err)
+			return fmt.Errorf("error reading 'conditions': %w", err)
 		}
-		delete(object, "id")
+		delete(object, "conditions")
 	}
 
-	if raw, found := object["type"]; found {
-		err = json.Unmarshal(raw, &a.Type)
+	if raw, found := object["data_streams"]; found {
+		err = json.Unmarshal(raw, &a.DataStreams)
 		if err != nil {
-			return fmt.Errorf("error reading 'type': %w", err)
+			return fmt.Errorf("error reading 'data_streams': %w", err)
 		}
-		delete(object, "type")
+		delete(object, "data_streams")
 	}
 
-	if raw, found := object["version"]; found {
-		err = json.Unmarshal(raw, &a.Version)
+	if raw, found := object["description"]; found {
+		err = json.Unmarshal(raw, &a.Description)
 		if err != nil {
-			return fmt.Errorf("error reading 'version': %w", err)
+			return fmt.Errorf("error reading 'description': %w", err)
 		}
-		delete(object, "version")
+		delete(object, "description")
 	}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
+	if raw, found := object["discovery"]; found {
+		err = json.Unmarshal(raw, &a.Discovery)
+		if err != nil {
+			return fmt.Errorf("error reading 'discovery': %w", err)
 		}
+		delete(object, "discovery")
 	}
-	return nil
-}
-
-// Override default JSON handling for PackageInfo_InstallationInfo_InstalledEs_Item to handle AdditionalProperties
-func (a PackageInfo_InstallationInfo_InstalledEs_Item) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
 
-	if a.Deferred != nil {
-		object["deferred"], err = json.Marshal(a.Deferred)
+	if raw, found := object["download"]; found {
+		err = json.Unmarshal(raw, &a.Download)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'deferred': %w", err)
+			return fmt.Errorf("error reading 'download': %w", err)
 		}
+		delete(object, "download")
 	}
 
-	object["id"], err = json.Marshal(a.Id)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'id': %w", err)
-	}
-
-	object["type"], err = json.Marshal(a.Type)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'type': %w", err)
+	if raw, found := object["format_version"]; found {
+		err = json.Unmarshal(raw, &a.FormatVersion)
+		if err != nil {
+			return fmt.Errorf("error reading 'format_version': %w", err)
+		}
+		delete(object, "format_version")
 	}
 
-	if a.Version != nil {
-		object["version"], err = json.Marshal(a.Version)
+	if raw, found := object["icons"]; found {
+		err = json.Unmarshal(raw, &a.Icons)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'version': %w", err)
+			return fmt.Errorf("error reading 'icons': %w", err)
 		}
+		delete(object, "icons")
 	}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
+	if raw, found := object["id"]; found {
+		err = json.Unmarshal(raw, &a.Id)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
+			return fmt.Errorf("error reading 'id': %w", err)
 		}
+		delete(object, "id")
 	}
-	return json.Marshal(object)
-}
 
-// Getter for additional properties for PackageInfo_InstallationInfo_InstalledKibana_Item. Returns the specified
-// element and whether it was found
-func (a PackageInfo_InstallationInfo_InstalledKibana_Item) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
+	if raw, found := object["installationInfo"]; found {
+		err = json.Unmarshal(raw, &a.InstallationInfo)
+		if err != nil {
+			return fmt.Errorf("error reading 'installationInfo': %w", err)
+		}
+		delete(object, "installationInfo")
 	}
-	return
-}
 
-// Setter for additional properties for PackageInfo_InstallationInfo_InstalledKibana_Item
-func (a *PackageInfo_InstallationInfo_InstalledKibana_Item) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
+	if raw, found := object["integration"]; found {
+		err = json.Unmarshal(raw, &a.Integration)
+		if err != nil {
+			return fmt.Errorf("error reading 'integration': %w", err)
+		}
+		delete(object, "integration")
 	}
-	a.AdditionalProperties[fieldName] = value
-}
 
-// Override default JSON handling for PackageInfo_InstallationInfo_InstalledKibana_Item to handle AdditionalProperties
-func (a *PackageInfo_InstallationInfo_InstalledKibana_Item) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
-	if err != nil {
-		return err
+	if raw, found := object["internal"]; found {
+		err = json.Unmarshal(raw, &a.Internal)
+		if err != nil {
+			return fmt.Errorf("error reading 'internal': %w", err)
+		}
+		delete(object, "internal")
 	}
 
-	if raw, found := object["id"]; found {
-		err = json.Unmarshal(raw, &a.Id)
+	if raw, found := object["latestVersion"]; found {
+		err = json.Unmarshal(raw, &a.LatestVersion)
 		if err != nil {
-			return fmt.Errorf("error reading 'id': %w", err)
+			return fmt.Errorf("error reading 'latestVersion': %w", err)
 		}
-		delete(object, "id")
+		delete(object, "latestVersion")
 	}
 
-	if raw, found := object["originId"]; found {
-		err = json.Unmarshal(raw, &a.OriginId)
+	if raw, found := object["name"]; found {
+		err = json.Unmarshal(raw, &a.Name)
 		if err != nil {
-			return fmt.Errorf("error reading 'originId': %w", err)
+			return fmt.Errorf("error reading 'name': %w", err)
 		}
-		delete(object, "originId")
+		delete(object, "name")
 	}
 
-	if raw, found := object["type"]; found {
-		err = json.Unmarshal(raw, &a.Type)
+	if raw, found := object["owner"]; found {
+		err = json.Unmarshal(raw, &a.Owner)
 		if err != nil {
-			return fmt.Errorf("error reading 'type': %w", err)
+			return fmt.Errorf("error reading 'owner': %w", err)
 		}
-		delete(object, "type")
+		delete(object, "owner")
 	}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
+	if raw, found := object["path"]; found {
+		err = json.Unmarshal(raw, &a.Path)
+		if err != nil {
+			return fmt.Errorf("error reading 'path': %w", err)
 		}
+		delete(object, "path")
 	}
-	return nil
-}
-
-// Override default JSON handling for PackageInfo_InstallationInfo_InstalledKibana_Item to handle AdditionalProperties
-func (a PackageInfo_InstallationInfo_InstalledKibana_Item) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
 
-	object["id"], err = json.Marshal(a.Id)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'id': %w", err)
+	if raw, found := object["policy_templates"]; found {
+		err = json.Unmarshal(raw, &a.PolicyTemplates)
+		if err != nil {
+			return fmt.Errorf("error reading 'policy_templates': %w", err)
+		}
+		delete(object, "policy_templates")
 	}
 
-	if a.OriginId != nil {
-		object["originId"], err = json.Marshal(a.OriginId)
+	if raw, found := object["readme"]; found {
+		err = json.Unmarshal(raw, &a.Readme)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'originId': %w", err)
+			return fmt.Errorf("error reading 'readme': %w", err)
 		}
+		delete(object, "readme")
 	}
 
-	object["type"], err = json.Marshal(a.Type)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'type': %w", err)
+	if raw, found := object["release"]; found {
+		err = json.Unmarshal(raw, &a.Release)
+		if err != nil {
+			return fmt.Errorf("error reading 'release': %w", err)
+		}
+		delete(object, "release")
 	}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
+	if raw, found := object["signature_path"]; found {
+		err = json.Unmarshal(raw, &a.SignaturePath)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
+			return fmt.Errorf("error reading 'signature_path': %w", err)
 		}
+		delete(object, "signature_path")
 	}
-	return json.Marshal(object)
-}
 
-// Getter for additional properties for PackageInfo_InstallationInfo_LatestExecutedState. Returns the specified
-// element and whether it was found
-func (a PackageInfo_InstallationInfo_LatestExecutedState) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
+	if raw, found := object["source"]; found {
+		err = json.Unmarshal(raw, &a.Source)
+		if err != nil {
+			return fmt.Errorf("error reading 'source': %w", err)
+		}
+		delete(object, "source")
 	}
-	return
-}
 
-// Setter for additional properties for PackageInfo_InstallationInfo_LatestExecutedState
-func (a *PackageInfo_InstallationInfo_LatestExecutedState) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
+	if raw, found := object["status"]; found {
+		err = json.Unmarshal(raw, &a.Status)
+		if err != nil {
+			return fmt.Errorf("error reading 'status': %w", err)
+		}
+		delete(object, "status")
 	}
-	a.AdditionalProperties[fieldName] = value
-}
 
-// Override default JSON handling for PackageInfo_InstallationInfo_LatestExecutedState to handle AdditionalProperties
-func (a *PackageInfo_InstallationInfo_LatestExecutedState) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
-	if err != nil {
-		return err
+	if raw, found := object["title"]; found {
+		err = json.Unmarshal(raw, &a.Title)
+		if err != nil {
+			return fmt.Errorf("error reading 'title': %w", err)
+		}
+		delete(object, "title")
 	}
 
-	if raw, found := object["error"]; found {
-		err = json.Unmarshal(raw, &a.Error)
+	if raw, found := object["type"]; found {
+		err = json.Unmarshal(raw, &a.Type)
 		if err != nil {
-			return fmt.Errorf("error reading 'error': %w", err)
+			return fmt.Errorf("error reading 'type': %w", err)
 		}
-		delete(object, "error")
+		delete(object, "type")
 	}
 
-	if raw, found := object["name"]; found {
-		err = json.Unmarshal(raw, &a.Name)
+	if raw, found := object["vars"]; found {
+		err = json.Unmarshal(raw, &a.Vars)
 		if err != nil {
-			return fmt.Errorf("error reading 'name': %w", err)
+			return fmt.Errorf("error reading 'vars': %w", err)
 		}
-		delete(object, "name")
+		delete(object, "vars")
 	}
 
-	if raw, found := object["started_at"]; found {
-		err = json.Unmarshal(raw, &a.StartedAt)
+	if raw, found := object["version"]; found {
+		err = json.Unmarshal(raw, &a.Version)
 		if err != nil {
-			return fmt.Errorf("error reading 'started_at': %w", err)
+			return fmt.Errorf("error reading 'version': %w", err)
 		}
-		delete(object, "started_at")
+		delete(object, "version")
 	}
 
 	if len(object) != 0 {
@@ -9503,112 +16793,98 @@ func (a *PackageInfo_InstallationInfo_LatestExecutedState) UnmarshalJSON(b []byt
 	return nil
 }
 
-// Override default JSON handling for PackageInfo_InstallationInfo_LatestExecutedState to handle AdditionalProperties
-func (a PackageInfo_InstallationInfo_LatestExecutedState) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageListItem to handle AdditionalProperties
+func (a PackageListItem) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Error != nil {
-		object["error"], err = json.Marshal(a.Error)
+	if a.Categories != nil {
+		object["categories"], err = json.Marshal(a.Categories)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'error': %w", err)
+			return nil, fmt.Errorf("error marshaling 'categories': %w", err)
 		}
 	}
 
-	if a.Name != nil {
-		object["name"], err = json.Marshal(a.Name)
+	if a.Conditions != nil {
+		object["conditions"], err = json.Marshal(a.Conditions)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'name': %w", err)
+			return nil, fmt.Errorf("error marshaling 'conditions': %w", err)
 		}
 	}
 
-	if a.StartedAt != nil {
-		object["started_at"], err = json.Marshal(a.StartedAt)
+	if a.DataStreams != nil {
+		object["data_streams"], err = json.Marshal(a.DataStreams)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'started_at': %w", err)
+			return nil, fmt.Errorf("error marshaling 'data_streams': %w", err)
 		}
 	}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
+	if a.Description != nil {
+		object["description"], err = json.Marshal(a.Description)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
+			return nil, fmt.Errorf("error marshaling 'description': %w", err)
 		}
 	}
-	return json.Marshal(object)
-}
 
-// Getter for additional properties for PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error. Returns the specified
-// element and whether it was found
-func (a PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
+	if a.Discovery != nil {
+		object["discovery"], err = json.Marshal(a.Discovery)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'discovery': %w", err)
+		}
 	}
-	return
-}
 
-// Setter for additional properties for PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error
-func (a *PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
+	if a.Download != nil {
+		object["download"], err = json.Marshal(a.Download)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'download': %w", err)
+		}
 	}
-	a.AdditionalProperties[fieldName] = value
-}
 
-// Override default JSON handling for PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error to handle AdditionalProperties
-func (a *PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
-	if err != nil {
-		return err
+	if a.FormatVersion != nil {
+		object["format_version"], err = json.Marshal(a.FormatVersion)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'format_version': %w", err)
+		}
 	}
 
-	if raw, found := object["message"]; found {
-		err = json.Unmarshal(raw, &a.Message)
+	if a.Icons != nil {
+		object["icons"], err = json.Marshal(a.Icons)
 		if err != nil {
-			return fmt.Errorf("error reading 'message': %w", err)
+			return nil, fmt.Errorf("error marshaling 'icons': %w", err)
 		}
-		delete(object, "message")
 	}
 
-	if raw, found := object["name"]; found {
-		err = json.Unmarshal(raw, &a.Name)
+	object["id"], err = json.Marshal(a.Id)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'id': %w", err)
+	}
+
+	if a.InstallationInfo != nil {
+		object["installationInfo"], err = json.Marshal(a.InstallationInfo)
 		if err != nil {
-			return fmt.Errorf("error reading 'name': %w", err)
+			return nil, fmt.Errorf("error marshaling 'installationInfo': %w", err)
 		}
-		delete(object, "name")
 	}
 
-	if raw, found := object["stack"]; found {
-		err = json.Unmarshal(raw, &a.Stack)
+	if a.Integration != nil {
+		object["integration"], err = json.Marshal(a.Integration)
 		if err != nil {
-			return fmt.Errorf("error reading 'stack': %w", err)
+			return nil, fmt.Errorf("error marshaling 'integration': %w", err)
 		}
-		delete(object, "stack")
 	}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
+	if a.Internal != nil {
+		object["internal"], err = json.Marshal(a.Internal)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'internal': %w", err)
 		}
 	}
-	return nil
-}
-
-// Override default JSON handling for PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error to handle AdditionalProperties
-func (a PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
-
-	object["message"], err = json.Marshal(a.Message)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'message': %w", err)
+
+	if a.LatestVersion != nil {
+		object["latestVersion"], err = json.Marshal(a.LatestVersion)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'latestVersion': %w", err)
+		}
 	}
 
 	object["name"], err = json.Marshal(a.Name)
@@ -9616,103 +16892,84 @@ func (a PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Error) MarshalJ
 		return nil, fmt.Errorf("error marshaling 'name': %w", err)
 	}
 
-	if a.Stack != nil {
-		object["stack"], err = json.Marshal(a.Stack)
+	if a.Owner != nil {
+		object["owner"], err = json.Marshal(a.Owner)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'stack': %w", err)
+			return nil, fmt.Errorf("error marshaling 'owner': %w", err)
 		}
 	}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
+	if a.Path != nil {
+		object["path"], err = json.Marshal(a.Path)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
+			return nil, fmt.Errorf("error marshaling 'path': %w", err)
 		}
 	}
-	return json.Marshal(object)
-}
-
-// Getter for additional properties for PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item. Returns the specified
-// element and whether it was found
-func (a PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
-	}
-	return
-}
 
-// Setter for additional properties for PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item
-func (a *PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
+	if a.PolicyTemplates != nil {
+		object["policy_templates"], err = json.Marshal(a.PolicyTemplates)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'policy_templates': %w", err)
+		}
 	}
-	a.AdditionalProperties[fieldName] = value
-}
 
-// Override default JSON handling for PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item to handle AdditionalProperties
-func (a *PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
-	if err != nil {
-		return err
+	if a.Readme != nil {
+		object["readme"], err = json.Marshal(a.Readme)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'readme': %w", err)
+		}
 	}
 
-	if raw, found := object["created_at"]; found {
-		err = json.Unmarshal(raw, &a.CreatedAt)
+	if a.Release != nil {
+		object["release"], err = json.Marshal(a.Release)
 		if err != nil {
-			return fmt.Errorf("error reading 'created_at': %w", err)
+			return nil, fmt.Errorf("error marshaling 'release': %w", err)
 		}
-		delete(object, "created_at")
 	}
 
-	if raw, found := object["error"]; found {
-		err = json.Unmarshal(raw, &a.Error)
+	if a.SignaturePath != nil {
+		object["signature_path"], err = json.Marshal(a.SignaturePath)
 		if err != nil {
-			return fmt.Errorf("error reading 'error': %w", err)
+			return nil, fmt.Errorf("error marshaling 'signature_path': %w", err)
 		}
-		delete(object, "error")
 	}
 
-	if raw, found := object["target_version"]; found {
-		err = json.Unmarshal(raw, &a.TargetVersion)
+	if a.Source != nil {
+		object["source"], err = json.Marshal(a.Source)
 		if err != nil {
-			return fmt.Errorf("error reading 'target_version': %w", err)
+			return nil, fmt.Errorf("error marshaling 'source': %w", err)
 		}
-		delete(object, "target_version")
 	}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
+	if a.Status != nil {
+		object["status"], err = json.Marshal(a.Status)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'status': %w", err)
 		}
 	}
-	return nil
-}
-
-// Override default JSON handling for PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item to handle AdditionalProperties
-func (a PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
 
-	object["created_at"], err = json.Marshal(a.CreatedAt)
+	object["title"], err = json.Marshal(a.Title)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'created_at': %w", err)
+		return nil, fmt.Errorf("error marshaling 'title': %w", err)
 	}
 
-	object["error"], err = json.Marshal(a.Error)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'error': %w", err)
+	if a.Type != nil {
+		object["type"], err = json.Marshal(a.Type)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'type': %w", err)
+		}
 	}
 
-	object["target_version"], err = json.Marshal(a.TargetVersion)
+	if a.Vars != nil {
+		object["vars"], err = json.Marshal(a.Vars)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'vars': %w", err)
+		}
+	}
+
+	object["version"], err = json.Marshal(a.Version)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'target_version': %w", err)
+		return nil, fmt.Errorf("error marshaling 'version': %w", err)
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -9724,165 +16981,112 @@ func (a PackageInfo_InstallationInfo_LatestInstallFailedAttempts_Item) MarshalJS
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageInfo_InstallationInfo. Returns the specified
+// Getter for additional properties for PackageListItem_Conditions_Elastic. Returns the specified
 // element and whether it was found
-func (a PackageInfo_InstallationInfo) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageListItem_Conditions_Elastic) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageInfo_InstallationInfo
-func (a *PackageInfo_InstallationInfo) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageListItem_Conditions_Elastic
+func (a *PackageListItem_Conditions_Elastic) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageInfo_InstallationInfo to handle AdditionalProperties
-func (a *PackageInfo_InstallationInfo) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageListItem_Conditions_Elastic to handle AdditionalProperties
+func (a *PackageListItem_Conditions_Elastic) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["additional_spaces_installed_kibana"]; found {
-		err = json.Unmarshal(raw, &a.AdditionalSpacesInstalledKibana)
-		if err != nil {
-			return fmt.Errorf("error reading 'additional_spaces_installed_kibana': %w", err)
-		}
-		delete(object, "additional_spaces_installed_kibana")
-	}
-
-	if raw, found := object["created_at"]; found {
-		err = json.Unmarshal(raw, &a.CreatedAt)
-		if err != nil {
-			return fmt.Errorf("error reading 'created_at': %w", err)
-		}
-		delete(object, "created_at")
-	}
-
-	if raw, found := object["experimental_data_stream_features"]; found {
-		err = json.Unmarshal(raw, &a.ExperimentalDataStreamFeatures)
-		if err != nil {
-			return fmt.Errorf("error reading 'experimental_data_stream_features': %w", err)
-		}
-		delete(object, "experimental_data_stream_features")
-	}
-
-	if raw, found := object["install_format_schema_version"]; found {
-		err = json.Unmarshal(raw, &a.InstallFormatSchemaVersion)
-		if err != nil {
-			return fmt.Errorf("error reading 'install_format_schema_version': %w", err)
-		}
-		delete(object, "install_format_schema_version")
-	}
-
-	if raw, found := object["install_source"]; found {
-		err = json.Unmarshal(raw, &a.InstallSource)
-		if err != nil {
-			return fmt.Errorf("error reading 'install_source': %w", err)
-		}
-		delete(object, "install_source")
-	}
-
-	if raw, found := object["install_status"]; found {
-		err = json.Unmarshal(raw, &a.InstallStatus)
-		if err != nil {
-			return fmt.Errorf("error reading 'install_status': %w", err)
-		}
-		delete(object, "install_status")
-	}
-
-	if raw, found := object["installed_es"]; found {
-		err = json.Unmarshal(raw, &a.InstalledEs)
-		if err != nil {
-			return fmt.Errorf("error reading 'installed_es': %w", err)
-		}
-		delete(object, "installed_es")
-	}
-
-	if raw, found := object["installed_kibana"]; found {
-		err = json.Unmarshal(raw, &a.InstalledKibana)
+	if raw, found := object["capabilities"]; found {
+		err = json.Unmarshal(raw, &a.Capabilities)
 		if err != nil {
-			return fmt.Errorf("error reading 'installed_kibana': %w", err)
+			return fmt.Errorf("error reading 'capabilities': %w", err)
 		}
-		delete(object, "installed_kibana")
+		delete(object, "capabilities")
 	}
 
-	if raw, found := object["installed_kibana_space_id"]; found {
-		err = json.Unmarshal(raw, &a.InstalledKibanaSpaceId)
+	if raw, found := object["subscription"]; found {
+		err = json.Unmarshal(raw, &a.Subscription)
 		if err != nil {
-			return fmt.Errorf("error reading 'installed_kibana_space_id': %w", err)
+			return fmt.Errorf("error reading 'subscription': %w", err)
 		}
-		delete(object, "installed_kibana_space_id")
+		delete(object, "subscription")
 	}
 
-	if raw, found := object["latest_executed_state"]; found {
-		err = json.Unmarshal(raw, &a.LatestExecutedState)
-		if err != nil {
-			return fmt.Errorf("error reading 'latest_executed_state': %w", err)
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
 		}
-		delete(object, "latest_executed_state")
 	}
+	return nil
+}
 
-	if raw, found := object["latest_install_failed_attempts"]; found {
-		err = json.Unmarshal(raw, &a.LatestInstallFailedAttempts)
-		if err != nil {
-			return fmt.Errorf("error reading 'latest_install_failed_attempts': %w", err)
-		}
-		delete(object, "latest_install_failed_attempts")
-	}
+// Override default JSON handling for PackageListItem_Conditions_Elastic to handle AdditionalProperties
+func (a PackageListItem_Conditions_Elastic) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
 
-	if raw, found := object["name"]; found {
-		err = json.Unmarshal(raw, &a.Name)
+	if a.Capabilities != nil {
+		object["capabilities"], err = json.Marshal(a.Capabilities)
 		if err != nil {
-			return fmt.Errorf("error reading 'name': %w", err)
+			return nil, fmt.Errorf("error marshaling 'capabilities': %w", err)
 		}
-		delete(object, "name")
 	}
 
-	if raw, found := object["namespaces"]; found {
-		err = json.Unmarshal(raw, &a.Namespaces)
+	if a.Subscription != nil {
+		object["subscription"], err = json.Marshal(a.Subscription)
 		if err != nil {
-			return fmt.Errorf("error reading 'namespaces': %w", err)
+			return nil, fmt.Errorf("error marshaling 'subscription': %w", err)
 		}
-		delete(object, "namespaces")
 	}
 
-	if raw, found := object["type"]; found {
-		err = json.Unmarshal(raw, &a.Type)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return fmt.Errorf("error reading 'type': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
-		delete(object, "type")
 	}
-
-	if raw, found := object["updated_at"]; found {
-		err = json.Unmarshal(raw, &a.UpdatedAt)
-		if err != nil {
-			return fmt.Errorf("error reading 'updated_at': %w", err)
-		}
-		delete(object, "updated_at")
+	return json.Marshal(object)
+}
+
+// Getter for additional properties for PackageListItem_Conditions_Kibana. Returns the specified
+// element and whether it was found
+func (a PackageListItem_Conditions_Kibana) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
 	}
+	return
+}
 
-	if raw, found := object["verification_key_id"]; found {
-		err = json.Unmarshal(raw, &a.VerificationKeyId)
-		if err != nil {
-			return fmt.Errorf("error reading 'verification_key_id': %w", err)
-		}
-		delete(object, "verification_key_id")
+// Setter for additional properties for PackageListItem_Conditions_Kibana
+func (a *PackageListItem_Conditions_Kibana) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
 	}
+	a.AdditionalProperties[fieldName] = value
+}
 
-	if raw, found := object["verification_status"]; found {
-		err = json.Unmarshal(raw, &a.VerificationStatus)
-		if err != nil {
-			return fmt.Errorf("error reading 'verification_status': %w", err)
-		}
-		delete(object, "verification_status")
+// Override default JSON handling for PackageListItem_Conditions_Kibana to handle AdditionalProperties
+func (a *PackageListItem_Conditions_Kibana) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
+	if err != nil {
+		return err
 	}
 
 	if raw, found := object["version"]; found {
@@ -9907,119 +17111,165 @@ func (a *PackageInfo_InstallationInfo) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for PackageInfo_InstallationInfo to handle AdditionalProperties
-func (a PackageInfo_InstallationInfo) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageListItem_Conditions_Kibana to handle AdditionalProperties
+func (a PackageListItem_Conditions_Kibana) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.AdditionalSpacesInstalledKibana != nil {
-		object["additional_spaces_installed_kibana"], err = json.Marshal(a.AdditionalSpacesInstalledKibana)
+	if a.Version != nil {
+		object["version"], err = json.Marshal(a.Version)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'additional_spaces_installed_kibana': %w", err)
+			return nil, fmt.Errorf("error marshaling 'version': %w", err)
 		}
 	}
 
-	if a.CreatedAt != nil {
-		object["created_at"], err = json.Marshal(a.CreatedAt)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'created_at': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
 	}
+	return json.Marshal(object)
+}
 
-	if a.ExperimentalDataStreamFeatures != nil {
-		object["experimental_data_stream_features"], err = json.Marshal(a.ExperimentalDataStreamFeatures)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'experimental_data_stream_features': %w", err)
-		}
+// Getter for additional properties for PackageListItem_Conditions. Returns the specified
+// element and whether it was found
+func (a PackageListItem_Conditions) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
 	}
+	return
+}
 
-	if a.InstallFormatSchemaVersion != nil {
-		object["install_format_schema_version"], err = json.Marshal(a.InstallFormatSchemaVersion)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'install_format_schema_version': %w", err)
-		}
+// Setter for additional properties for PackageListItem_Conditions
+func (a *PackageListItem_Conditions) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
 	}
+	a.AdditionalProperties[fieldName] = value
+}
 
-	object["install_source"], err = json.Marshal(a.InstallSource)
+// Override default JSON handling for PackageListItem_Conditions to handle AdditionalProperties
+func (a *PackageListItem_Conditions) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'install_source': %w", err)
+		return err
 	}
 
-	object["install_status"], err = json.Marshal(a.InstallStatus)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'install_status': %w", err)
+	if raw, found := object["elastic"]; found {
+		err = json.Unmarshal(raw, &a.Elastic)
+		if err != nil {
+			return fmt.Errorf("error reading 'elastic': %w", err)
+		}
+		delete(object, "elastic")
 	}
 
-	object["installed_es"], err = json.Marshal(a.InstalledEs)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'installed_es': %w", err)
+	if raw, found := object["kibana"]; found {
+		err = json.Unmarshal(raw, &a.Kibana)
+		if err != nil {
+			return fmt.Errorf("error reading 'kibana': %w", err)
+		}
+		delete(object, "kibana")
 	}
 
-	object["installed_kibana"], err = json.Marshal(a.InstalledKibana)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'installed_kibana': %w", err)
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
+		}
 	}
+	return nil
+}
 
-	if a.InstalledKibanaSpaceId != nil {
-		object["installed_kibana_space_id"], err = json.Marshal(a.InstalledKibanaSpaceId)
+// Override default JSON handling for PackageListItem_Conditions to handle AdditionalProperties
+func (a PackageListItem_Conditions) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
+
+	if a.Elastic != nil {
+		object["elastic"], err = json.Marshal(a.Elastic)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'installed_kibana_space_id': %w", err)
+			return nil, fmt.Errorf("error marshaling 'elastic': %w", err)
 		}
 	}
 
-	if a.LatestExecutedState != nil {
-		object["latest_executed_state"], err = json.Marshal(a.LatestExecutedState)
+	if a.Kibana != nil {
+		object["kibana"], err = json.Marshal(a.Kibana)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'latest_executed_state': %w", err)
+			return nil, fmt.Errorf("error marshaling 'kibana': %w", err)
 		}
 	}
 
-	if a.LatestInstallFailedAttempts != nil {
-		object["latest_install_failed_attempts"], err = json.Marshal(a.LatestInstallFailedAttempts)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'latest_install_failed_attempts': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
 	}
+	return json.Marshal(object)
+}
 
-	object["name"], err = json.Marshal(a.Name)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'name': %w", err)
+// Getter for additional properties for PackageListItem_Discovery_Datasets_Item. Returns the specified
+// element and whether it was found
+func (a PackageListItem_Discovery_Datasets_Item) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
 	}
+	return
+}
 
-	if a.Namespaces != nil {
-		object["namespaces"], err = json.Marshal(a.Namespaces)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'namespaces': %w", err)
-		}
+// Setter for additional properties for PackageListItem_Discovery_Datasets_Item
+func (a *PackageListItem_Discovery_Datasets_Item) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
 	}
+	a.AdditionalProperties[fieldName] = value
+}
 
-	object["type"], err = json.Marshal(a.Type)
+// Override default JSON handling for PackageListItem_Discovery_Datasets_Item to handle AdditionalProperties
+func (a *PackageListItem_Discovery_Datasets_Item) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'type': %w", err)
+		return err
 	}
 
-	if a.UpdatedAt != nil {
-		object["updated_at"], err = json.Marshal(a.UpdatedAt)
+	if raw, found := object["name"]; found {
+		err = json.Unmarshal(raw, &a.Name)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'updated_at': %w", err)
+			return fmt.Errorf("error reading 'name': %w", err)
 		}
+		delete(object, "name")
 	}
 
-	if a.VerificationKeyId != nil {
-		object["verification_key_id"], err = json.Marshal(a.VerificationKeyId)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'verification_key_id': %w", err)
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
 		}
 	}
+	return nil
+}
 
-	object["verification_status"], err = json.Marshal(a.VerificationStatus)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'verification_status': %w", err)
-	}
+// Override default JSON handling for PackageListItem_Discovery_Datasets_Item to handle AdditionalProperties
+func (a PackageListItem_Discovery_Datasets_Item) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
 
-	object["version"], err = json.Marshal(a.Version)
+	object["name"], err = json.Marshal(a.Name)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'version': %w", err)
+		return nil, fmt.Errorf("error marshaling 'name': %w", err)
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -10031,45 +17281,37 @@ func (a PackageInfo_InstallationInfo) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageInfo_Owner. Returns the specified
+// Getter for additional properties for PackageListItem_Discovery_Fields_Item. Returns the specified
 // element and whether it was found
-func (a PackageInfo_Owner) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageListItem_Discovery_Fields_Item) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageInfo_Owner
-func (a *PackageInfo_Owner) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageListItem_Discovery_Fields_Item
+func (a *PackageListItem_Discovery_Fields_Item) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageInfo_Owner to handle AdditionalProperties
-func (a *PackageInfo_Owner) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageListItem_Discovery_Fields_Item to handle AdditionalProperties
+func (a *PackageListItem_Discovery_Fields_Item) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["github"]; found {
-		err = json.Unmarshal(raw, &a.Github)
-		if err != nil {
-			return fmt.Errorf("error reading 'github': %w", err)
-		}
-		delete(object, "github")
-	}
-
-	if raw, found := object["type"]; found {
-		err = json.Unmarshal(raw, &a.Type)
+	if raw, found := object["name"]; found {
+		err = json.Unmarshal(raw, &a.Name)
 		if err != nil {
-			return fmt.Errorf("error reading 'type': %w", err)
+			return fmt.Errorf("error reading 'name': %w", err)
 		}
-		delete(object, "type")
+		delete(object, "name")
 	}
 
 	if len(object) != 0 {
@@ -10086,23 +17328,14 @@ func (a *PackageInfo_Owner) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for PackageInfo_Owner to handle AdditionalProperties
-func (a PackageInfo_Owner) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageListItem_Discovery_Fields_Item to handle AdditionalProperties
+func (a PackageListItem_Discovery_Fields_Item) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Github != nil {
-		object["github"], err = json.Marshal(a.Github)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'github': %w", err)
-		}
-	}
-
-	if a.Type != nil {
-		object["type"], err = json.Marshal(a.Type)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'type': %w", err)
-		}
+	object["name"], err = json.Marshal(a.Name)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'name': %w", err)
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -10114,37 +17347,45 @@ func (a PackageInfo_Owner) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageInfo_Source. Returns the specified
+// Getter for additional properties for PackageListItem_Discovery. Returns the specified
 // element and whether it was found
-func (a PackageInfo_Source) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageListItem_Discovery) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageInfo_Source
-func (a *PackageInfo_Source) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageListItem_Discovery
+func (a *PackageListItem_Discovery) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageInfo_Source to handle AdditionalProperties
-func (a *PackageInfo_Source) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageListItem_Discovery to handle AdditionalProperties
+func (a *PackageListItem_Discovery) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["license"]; found {
-		err = json.Unmarshal(raw, &a.License)
+	if raw, found := object["datasets"]; found {
+		err = json.Unmarshal(raw, &a.Datasets)
+		if err != nil {
+			return fmt.Errorf("error reading 'datasets': %w", err)
+		}
+		delete(object, "datasets")
+	}
+
+	if raw, found := object["fields"]; found {
+		err = json.Unmarshal(raw, &a.Fields)
 		if err != nil {
-			return fmt.Errorf("error reading 'license': %w", err)
+			return fmt.Errorf("error reading 'fields': %w", err)
 		}
-		delete(object, "license")
+		delete(object, "fields")
 	}
 
 	if len(object) != 0 {
@@ -10161,14 +17402,23 @@ func (a *PackageInfo_Source) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for PackageInfo_Source to handle AdditionalProperties
-func (a PackageInfo_Source) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageListItem_Discovery to handle AdditionalProperties
+func (a PackageListItem_Discovery) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	object["license"], err = json.Marshal(a.License)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'license': %w", err)
+	if a.Datasets != nil {
+		object["datasets"], err = json.Marshal(a.Datasets)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'datasets': %w", err)
+		}
+	}
+
+	if a.Fields != nil {
+		object["fields"], err = json.Marshal(a.Fields)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'fields': %w", err)
+		}
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -10180,237 +17430,194 @@ func (a PackageInfo_Source) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageListItem. Returns the specified
+// Getter for additional properties for PackageListItem_Icons_Item. Returns the specified
 // element and whether it was found
-func (a PackageListItem) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageListItem_Icons_Item) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageListItem
-func (a *PackageListItem) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageListItem_Icons_Item
+func (a *PackageListItem_Icons_Item) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageListItem to handle AdditionalProperties
-func (a *PackageListItem) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageListItem_Icons_Item to handle AdditionalProperties
+func (a *PackageListItem_Icons_Item) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["categories"]; found {
-		err = json.Unmarshal(raw, &a.Categories)
-		if err != nil {
-			return fmt.Errorf("error reading 'categories': %w", err)
-		}
-		delete(object, "categories")
-	}
-
-	if raw, found := object["conditions"]; found {
-		err = json.Unmarshal(raw, &a.Conditions)
-		if err != nil {
-			return fmt.Errorf("error reading 'conditions': %w", err)
-		}
-		delete(object, "conditions")
-	}
-
-	if raw, found := object["data_streams"]; found {
-		err = json.Unmarshal(raw, &a.DataStreams)
-		if err != nil {
-			return fmt.Errorf("error reading 'data_streams': %w", err)
-		}
-		delete(object, "data_streams")
-	}
-
-	if raw, found := object["description"]; found {
-		err = json.Unmarshal(raw, &a.Description)
+	if raw, found := object["dark_mode"]; found {
+		err = json.Unmarshal(raw, &a.DarkMode)
 		if err != nil {
-			return fmt.Errorf("error reading 'description': %w", err)
+			return fmt.Errorf("error reading 'dark_mode': %w", err)
 		}
-		delete(object, "description")
+		delete(object, "dark_mode")
 	}
 
-	if raw, found := object["discovery"]; found {
-		err = json.Unmarshal(raw, &a.Discovery)
+	if raw, found := object["path"]; found {
+		err = json.Unmarshal(raw, &a.Path)
 		if err != nil {
-			return fmt.Errorf("error reading 'discovery': %w", err)
+			return fmt.Errorf("error reading 'path': %w", err)
 		}
-		delete(object, "discovery")
+		delete(object, "path")
 	}
 
-	if raw, found := object["download"]; found {
-		err = json.Unmarshal(raw, &a.Download)
+	if raw, found := object["size"]; found {
+		err = json.Unmarshal(raw, &a.Size)
 		if err != nil {
-			return fmt.Errorf("error reading 'download': %w", err)
+			return fmt.Errorf("error reading 'size': %w", err)
 		}
-		delete(object, "download")
+		delete(object, "size")
 	}
 
-	if raw, found := object["format_version"]; found {
-		err = json.Unmarshal(raw, &a.FormatVersion)
+	if raw, found := object["src"]; found {
+		err = json.Unmarshal(raw, &a.Src)
 		if err != nil {
-			return fmt.Errorf("error reading 'format_version': %w", err)
+			return fmt.Errorf("error reading 'src': %w", err)
 		}
-		delete(object, "format_version")
+		delete(object, "src")
 	}
 
-	if raw, found := object["icons"]; found {
-		err = json.Unmarshal(raw, &a.Icons)
+	if raw, found := object["title"]; found {
+		err = json.Unmarshal(raw, &a.Title)
 		if err != nil {
-			return fmt.Errorf("error reading 'icons': %w", err)
+			return fmt.Errorf("error reading 'title': %w", err)
 		}
-		delete(object, "icons")
+		delete(object, "title")
 	}
 
-	if raw, found := object["id"]; found {
-		err = json.Unmarshal(raw, &a.Id)
+	if raw, found := object["type"]; found {
+		err = json.Unmarshal(raw, &a.Type)
 		if err != nil {
-			return fmt.Errorf("error reading 'id': %w", err)
+			return fmt.Errorf("error reading 'type': %w", err)
 		}
-		delete(object, "id")
+		delete(object, "type")
 	}
 
-	if raw, found := object["installationInfo"]; found {
-		err = json.Unmarshal(raw, &a.InstallationInfo)
-		if err != nil {
-			return fmt.Errorf("error reading 'installationInfo': %w", err)
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
 		}
-		delete(object, "installationInfo")
 	}
+	return nil
+}
 
-	if raw, found := object["integration"]; found {
-		err = json.Unmarshal(raw, &a.Integration)
-		if err != nil {
-			return fmt.Errorf("error reading 'integration': %w", err)
-		}
-		delete(object, "integration")
-	}
+// Override default JSON handling for PackageListItem_Icons_Item to handle AdditionalProperties
+func (a PackageListItem_Icons_Item) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
 
-	if raw, found := object["internal"]; found {
-		err = json.Unmarshal(raw, &a.Internal)
+	if a.DarkMode != nil {
+		object["dark_mode"], err = json.Marshal(a.DarkMode)
 		if err != nil {
-			return fmt.Errorf("error reading 'internal': %w", err)
+			return nil, fmt.Errorf("error marshaling 'dark_mode': %w", err)
 		}
-		delete(object, "internal")
 	}
 
-	if raw, found := object["latestVersion"]; found {
-		err = json.Unmarshal(raw, &a.LatestVersion)
+	if a.Path != nil {
+		object["path"], err = json.Marshal(a.Path)
 		if err != nil {
-			return fmt.Errorf("error reading 'latestVersion': %w", err)
+			return nil, fmt.Errorf("error marshaling 'path': %w", err)
 		}
-		delete(object, "latestVersion")
 	}
 
-	if raw, found := object["name"]; found {
-		err = json.Unmarshal(raw, &a.Name)
+	if a.Size != nil {
+		object["size"], err = json.Marshal(a.Size)
 		if err != nil {
-			return fmt.Errorf("error reading 'name': %w", err)
+			return nil, fmt.Errorf("error marshaling 'size': %w", err)
 		}
-		delete(object, "name")
 	}
 
-	if raw, found := object["owner"]; found {
-		err = json.Unmarshal(raw, &a.Owner)
-		if err != nil {
-			return fmt.Errorf("error reading 'owner': %w", err)
-		}
-		delete(object, "owner")
+	object["src"], err = json.Marshal(a.Src)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'src': %w", err)
 	}
 
-	if raw, found := object["path"]; found {
-		err = json.Unmarshal(raw, &a.Path)
+	if a.Title != nil {
+		object["title"], err = json.Marshal(a.Title)
 		if err != nil {
-			return fmt.Errorf("error reading 'path': %w", err)
+			return nil, fmt.Errorf("error marshaling 'title': %w", err)
 		}
-		delete(object, "path")
 	}
 
-	if raw, found := object["policy_templates"]; found {
-		err = json.Unmarshal(raw, &a.PolicyTemplates)
+	if a.Type != nil {
+		object["type"], err = json.Marshal(a.Type)
 		if err != nil {
-			return fmt.Errorf("error reading 'policy_templates': %w", err)
+			return nil, fmt.Errorf("error marshaling 'type': %w", err)
 		}
-		delete(object, "policy_templates")
 	}
 
-	if raw, found := object["readme"]; found {
-		err = json.Unmarshal(raw, &a.Readme)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return fmt.Errorf("error reading 'readme': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
-		delete(object, "readme")
 	}
+	return json.Marshal(object)
+}
 
-	if raw, found := object["release"]; found {
-		err = json.Unmarshal(raw, &a.Release)
-		if err != nil {
-			return fmt.Errorf("error reading 'release': %w", err)
-		}
-		delete(object, "release")
+// Getter for additional properties for PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item. Returns the specified
+// element and whether it was found
+func (a PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
 	}
+	return
+}
 
-	if raw, found := object["signature_path"]; found {
-		err = json.Unmarshal(raw, &a.SignaturePath)
-		if err != nil {
-			return fmt.Errorf("error reading 'signature_path': %w", err)
-		}
-		delete(object, "signature_path")
+// Setter for additional properties for PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item
+func (a *PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
 	}
+	a.AdditionalProperties[fieldName] = value
+}
 
-	if raw, found := object["source"]; found {
-		err = json.Unmarshal(raw, &a.Source)
-		if err != nil {
-			return fmt.Errorf("error reading 'source': %w", err)
-		}
-		delete(object, "source")
+// Override default JSON handling for PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item to handle AdditionalProperties
+func (a *PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
+	if err != nil {
+		return err
 	}
 
-	if raw, found := object["status"]; found {
-		err = json.Unmarshal(raw, &a.Status)
+	if raw, found := object["id"]; found {
+		err = json.Unmarshal(raw, &a.Id)
 		if err != nil {
-			return fmt.Errorf("error reading 'status': %w", err)
+			return fmt.Errorf("error reading 'id': %w", err)
 		}
-		delete(object, "status")
+		delete(object, "id")
 	}
 
-	if raw, found := object["title"]; found {
-		err = json.Unmarshal(raw, &a.Title)
+	if raw, found := object["originId"]; found {
+		err = json.Unmarshal(raw, &a.OriginId)
 		if err != nil {
-			return fmt.Errorf("error reading 'title': %w", err)
+			return fmt.Errorf("error reading 'originId': %w", err)
 		}
-		delete(object, "title")
+		delete(object, "originId")
 	}
 
 	if raw, found := object["type"]; found {
 		err = json.Unmarshal(raw, &a.Type)
 		if err != nil {
-			return fmt.Errorf("error reading 'type': %w", err)
-		}
-		delete(object, "type")
-	}
-
-	if raw, found := object["vars"]; found {
-		err = json.Unmarshal(raw, &a.Vars)
-		if err != nil {
-			return fmt.Errorf("error reading 'vars': %w", err)
-		}
-		delete(object, "vars")
-	}
-
-	if raw, found := object["version"]; found {
-		err = json.Unmarshal(raw, &a.Version)
-		if err != nil {
-			return fmt.Errorf("error reading 'version': %w", err)
+			return fmt.Errorf("error reading 'type': %w", err)
 		}
-		delete(object, "version")
+		delete(object, "type")
 	}
 
 	if len(object) != 0 {
@@ -10427,183 +17634,218 @@ func (a *PackageListItem) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for PackageListItem to handle AdditionalProperties
-func (a PackageListItem) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item to handle AdditionalProperties
+func (a PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Categories != nil {
-		object["categories"], err = json.Marshal(a.Categories)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'categories': %w", err)
-		}
-	}
-
-	if a.Conditions != nil {
-		object["conditions"], err = json.Marshal(a.Conditions)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'conditions': %w", err)
-		}
-	}
-
-	if a.DataStreams != nil {
-		object["data_streams"], err = json.Marshal(a.DataStreams)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'data_streams': %w", err)
-		}
+	object["id"], err = json.Marshal(a.Id)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'id': %w", err)
 	}
 
-	if a.Description != nil {
-		object["description"], err = json.Marshal(a.Description)
+	if a.OriginId != nil {
+		object["originId"], err = json.Marshal(a.OriginId)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'description': %w", err)
+			return nil, fmt.Errorf("error marshaling 'originId': %w", err)
 		}
 	}
 
-	if a.Discovery != nil {
-		object["discovery"], err = json.Marshal(a.Discovery)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'discovery': %w", err)
-		}
+	object["type"], err = json.Marshal(a.Type)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'type': %w", err)
 	}
 
-	if a.Download != nil {
-		object["download"], err = json.Marshal(a.Download)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'download': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
 	}
+	return json.Marshal(object)
+}
 
-	if a.FormatVersion != nil {
-		object["format_version"], err = json.Marshal(a.FormatVersion)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'format_version': %w", err)
-		}
+// Getter for additional properties for PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features. Returns the specified
+// element and whether it was found
+func (a PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
 	}
+	return
+}
 
-	if a.Icons != nil {
-		object["icons"], err = json.Marshal(a.Icons)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'icons': %w", err)
-		}
+// Setter for additional properties for PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features
+func (a *PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
 	}
+	a.AdditionalProperties[fieldName] = value
+}
 
-	object["id"], err = json.Marshal(a.Id)
+// Override default JSON handling for PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features to handle AdditionalProperties
+func (a *PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'id': %w", err)
+		return err
 	}
 
-	if a.InstallationInfo != nil {
-		object["installationInfo"], err = json.Marshal(a.InstallationInfo)
+	if raw, found := object["doc_value_only_numeric"]; found {
+		err = json.Unmarshal(raw, &a.DocValueOnlyNumeric)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'installationInfo': %w", err)
+			return fmt.Errorf("error reading 'doc_value_only_numeric': %w", err)
 		}
+		delete(object, "doc_value_only_numeric")
 	}
 
-	if a.Integration != nil {
-		object["integration"], err = json.Marshal(a.Integration)
+	if raw, found := object["doc_value_only_other"]; found {
+		err = json.Unmarshal(raw, &a.DocValueOnlyOther)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'integration': %w", err)
+			return fmt.Errorf("error reading 'doc_value_only_other': %w", err)
 		}
+		delete(object, "doc_value_only_other")
 	}
 
-	if a.Internal != nil {
-		object["internal"], err = json.Marshal(a.Internal)
+	if raw, found := object["synthetic_source"]; found {
+		err = json.Unmarshal(raw, &a.SyntheticSource)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'internal': %w", err)
+			return fmt.Errorf("error reading 'synthetic_source': %w", err)
 		}
+		delete(object, "synthetic_source")
 	}
 
-	if a.LatestVersion != nil {
-		object["latestVersion"], err = json.Marshal(a.LatestVersion)
+	if raw, found := object["tsdb"]; found {
+		err = json.Unmarshal(raw, &a.Tsdb)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'latestVersion': %w", err)
+			return fmt.Errorf("error reading 'tsdb': %w", err)
 		}
+		delete(object, "tsdb")
 	}
 
-	object["name"], err = json.Marshal(a.Name)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'name': %w", err)
-	}
-
-	if a.Owner != nil {
-		object["owner"], err = json.Marshal(a.Owner)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'owner': %w", err)
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
 		}
 	}
+	return nil
+}
 
-	if a.Path != nil {
-		object["path"], err = json.Marshal(a.Path)
+// Override default JSON handling for PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features to handle AdditionalProperties
+func (a PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
+
+	if a.DocValueOnlyNumeric != nil {
+		object["doc_value_only_numeric"], err = json.Marshal(a.DocValueOnlyNumeric)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'path': %w", err)
+			return nil, fmt.Errorf("error marshaling 'doc_value_only_numeric': %w", err)
 		}
 	}
 
-	if a.PolicyTemplates != nil {
-		object["policy_templates"], err = json.Marshal(a.PolicyTemplates)
+	if a.DocValueOnlyOther != nil {
+		object["doc_value_only_other"], err = json.Marshal(a.DocValueOnlyOther)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'policy_templates': %w", err)
+			return nil, fmt.Errorf("error marshaling 'doc_value_only_other': %w", err)
 		}
 	}
 
-	if a.Readme != nil {
-		object["readme"], err = json.Marshal(a.Readme)
+	if a.SyntheticSource != nil {
+		object["synthetic_source"], err = json.Marshal(a.SyntheticSource)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'readme': %w", err)
+			return nil, fmt.Errorf("error marshaling 'synthetic_source': %w", err)
 		}
 	}
 
-	if a.Release != nil {
-		object["release"], err = json.Marshal(a.Release)
+	if a.Tsdb != nil {
+		object["tsdb"], err = json.Marshal(a.Tsdb)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'release': %w", err)
+			return nil, fmt.Errorf("error marshaling 'tsdb': %w", err)
 		}
 	}
 
-	if a.SignaturePath != nil {
-		object["signature_path"], err = json.Marshal(a.SignaturePath)
+	for fieldName, field := range a.AdditionalProperties {
+		object[fieldName], err = json.Marshal(field)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'signature_path': %w", err)
+			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
 		}
 	}
+	return json.Marshal(object)
+}
 
-	if a.Source != nil {
-		object["source"], err = json.Marshal(a.Source)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'source': %w", err)
-		}
+// Getter for additional properties for PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item. Returns the specified
+// element and whether it was found
+func (a PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
 	}
+	return
+}
 
-	if a.Status != nil {
-		object["status"], err = json.Marshal(a.Status)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'status': %w", err)
-		}
+// Setter for additional properties for PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item
+func (a *PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
 	}
+	a.AdditionalProperties[fieldName] = value
+}
 
-	object["title"], err = json.Marshal(a.Title)
+// Override default JSON handling for PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item to handle AdditionalProperties
+func (a *PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item) UnmarshalJSON(b []byte) error {
+	object := make(map[string]json.RawMessage)
+	err := json.Unmarshal(b, &object)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'title': %w", err)
+		return err
 	}
 
-	if a.Type != nil {
-		object["type"], err = json.Marshal(a.Type)
+	if raw, found := object["data_stream"]; found {
+		err = json.Unmarshal(raw, &a.DataStream)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'type': %w", err)
+			return fmt.Errorf("error reading 'data_stream': %w", err)
 		}
+		delete(object, "data_stream")
 	}
 
-	if a.Vars != nil {
-		object["vars"], err = json.Marshal(a.Vars)
+	if raw, found := object["features"]; found {
+		err = json.Unmarshal(raw, &a.Features)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'vars': %w", err)
+			return fmt.Errorf("error reading 'features': %w", err)
 		}
+		delete(object, "features")
 	}
 
-	object["version"], err = json.Marshal(a.Version)
+	if len(object) != 0 {
+		a.AdditionalProperties = make(map[string]interface{})
+		for fieldName, fieldBuf := range object {
+			var fieldVal interface{}
+			err := json.Unmarshal(fieldBuf, &fieldVal)
+			if err != nil {
+				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
+			}
+			a.AdditionalProperties[fieldName] = fieldVal
+		}
+	}
+	return nil
+}
+
+// Override default JSON handling for PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item to handle AdditionalProperties
+func (a PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item) MarshalJSON() ([]byte, error) {
+	var err error
+	object := make(map[string]json.RawMessage)
+
+	object["data_stream"], err = json.Marshal(a.DataStream)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'version': %w", err)
+		return nil, fmt.Errorf("error marshaling 'data_stream': %w", err)
+	}
+
+	object["features"], err = json.Marshal(a.Features)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'features': %w", err)
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -10615,45 +17857,61 @@ func (a PackageListItem) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageListItem_Conditions_Elastic. Returns the specified
+// Getter for additional properties for PackageListItem_InstallationInfo_InstalledEs_Item. Returns the specified
 // element and whether it was found
-func (a PackageListItem_Conditions_Elastic) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageListItem_InstallationInfo_InstalledEs_Item) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageListItem_Conditions_Elastic
-func (a *PackageListItem_Conditions_Elastic) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageListItem_InstallationInfo_InstalledEs_Item
+func (a *PackageListItem_InstallationInfo_InstalledEs_Item) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageListItem_Conditions_Elastic to handle AdditionalProperties
-func (a *PackageListItem_Conditions_Elastic) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageListItem_InstallationInfo_InstalledEs_Item to handle AdditionalProperties
+func (a *PackageListItem_InstallationInfo_InstalledEs_Item) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["capabilities"]; found {
-		err = json.Unmarshal(raw, &a.Capabilities)
+	if raw, found := object["deferred"]; found {
+		err = json.Unmarshal(raw, &a.Deferred)
+		if err != nil {
+			return fmt.Errorf("error reading 'deferred': %w", err)
+		}
+		delete(object, "deferred")
+	}
+
+	if raw, found := object["id"]; found {
+		err = json.Unmarshal(raw, &a.Id)
 		if err != nil {
-			return fmt.Errorf("error reading 'capabilities': %w", err)
+			return fmt.Errorf("error reading 'id': %w", err)
 		}
-		delete(object, "capabilities")
+		delete(object, "id")
 	}
 
-	if raw, found := object["subscription"]; found {
-		err = json.Unmarshal(raw, &a.Subscription)
+	if raw, found := object["type"]; found {
+		err = json.Unmarshal(raw, &a.Type)
 		if err != nil {
-			return fmt.Errorf("error reading 'subscription': %w", err)
+			return fmt.Errorf("error reading 'type': %w", err)
 		}
-		delete(object, "subscription")
+		delete(object, "type")
+	}
+
+	if raw, found := object["version"]; found {
+		err = json.Unmarshal(raw, &a.Version)
+		if err != nil {
+			return fmt.Errorf("error reading 'version': %w", err)
+		}
+		delete(object, "version")
 	}
 
 	if len(object) != 0 {
@@ -10670,22 +17928,32 @@ func (a *PackageListItem_Conditions_Elastic) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for PackageListItem_Conditions_Elastic to handle AdditionalProperties
-func (a PackageListItem_Conditions_Elastic) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageListItem_InstallationInfo_InstalledEs_Item to handle AdditionalProperties
+func (a PackageListItem_InstallationInfo_InstalledEs_Item) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Capabilities != nil {
-		object["capabilities"], err = json.Marshal(a.Capabilities)
+	if a.Deferred != nil {
+		object["deferred"], err = json.Marshal(a.Deferred)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'capabilities': %w", err)
+			return nil, fmt.Errorf("error marshaling 'deferred': %w", err)
 		}
 	}
 
-	if a.Subscription != nil {
-		object["subscription"], err = json.Marshal(a.Subscription)
+	object["id"], err = json.Marshal(a.Id)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'id': %w", err)
+	}
+
+	object["type"], err = json.Marshal(a.Type)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'type': %w", err)
+	}
+
+	if a.Version != nil {
+		object["version"], err = json.Marshal(a.Version)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'subscription': %w", err)
+			return nil, fmt.Errorf("error marshaling 'version': %w", err)
 		}
 	}
 
@@ -10698,37 +17966,53 @@ func (a PackageListItem_Conditions_Elastic) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageListItem_Conditions_Kibana. Returns the specified
+// Getter for additional properties for PackageListItem_InstallationInfo_InstalledKibana_Item. Returns the specified
 // element and whether it was found
-func (a PackageListItem_Conditions_Kibana) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageListItem_InstallationInfo_InstalledKibana_Item) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageListItem_Conditions_Kibana
-func (a *PackageListItem_Conditions_Kibana) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageListItem_InstallationInfo_InstalledKibana_Item
+func (a *PackageListItem_InstallationInfo_InstalledKibana_Item) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageListItem_Conditions_Kibana to handle AdditionalProperties
-func (a *PackageListItem_Conditions_Kibana) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageListItem_InstallationInfo_InstalledKibana_Item to handle AdditionalProperties
+func (a *PackageListItem_InstallationInfo_InstalledKibana_Item) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["version"]; found {
-		err = json.Unmarshal(raw, &a.Version)
+	if raw, found := object["id"]; found {
+		err = json.Unmarshal(raw, &a.Id)
 		if err != nil {
-			return fmt.Errorf("error reading 'version': %w", err)
+			return fmt.Errorf("error reading 'id': %w", err)
 		}
-		delete(object, "version")
+		delete(object, "id")
+	}
+
+	if raw, found := object["originId"]; found {
+		err = json.Unmarshal(raw, &a.OriginId)
+		if err != nil {
+			return fmt.Errorf("error reading 'originId': %w", err)
+		}
+		delete(object, "originId")
+	}
+
+	if raw, found := object["type"]; found {
+		err = json.Unmarshal(raw, &a.Type)
+		if err != nil {
+			return fmt.Errorf("error reading 'type': %w", err)
+		}
+		delete(object, "type")
 	}
 
 	if len(object) != 0 {
@@ -10745,18 +18029,28 @@ func (a *PackageListItem_Conditions_Kibana) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for PackageListItem_Conditions_Kibana to handle AdditionalProperties
-func (a PackageListItem_Conditions_Kibana) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageListItem_InstallationInfo_InstalledKibana_Item to handle AdditionalProperties
+func (a PackageListItem_InstallationInfo_InstalledKibana_Item) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Version != nil {
-		object["version"], err = json.Marshal(a.Version)
+	object["id"], err = json.Marshal(a.Id)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'id': %w", err)
+	}
+
+	if a.OriginId != nil {
+		object["originId"], err = json.Marshal(a.OriginId)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'version': %w", err)
+			return nil, fmt.Errorf("error marshaling 'originId': %w", err)
 		}
 	}
 
+	object["type"], err = json.Marshal(a.Type)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'type': %w", err)
+	}
+
 	for fieldName, field := range a.AdditionalProperties {
 		object[fieldName], err = json.Marshal(field)
 		if err != nil {
@@ -10766,45 +18060,53 @@ func (a PackageListItem_Conditions_Kibana) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageListItem_Conditions. Returns the specified
+// Getter for additional properties for PackageListItem_InstallationInfo_LatestExecutedState. Returns the specified
 // element and whether it was found
-func (a PackageListItem_Conditions) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageListItem_InstallationInfo_LatestExecutedState) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageListItem_Conditions
-func (a *PackageListItem_Conditions) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageListItem_InstallationInfo_LatestExecutedState
+func (a *PackageListItem_InstallationInfo_LatestExecutedState) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageListItem_Conditions to handle AdditionalProperties
-func (a *PackageListItem_Conditions) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageListItem_InstallationInfo_LatestExecutedState to handle AdditionalProperties
+func (a *PackageListItem_InstallationInfo_LatestExecutedState) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["elastic"]; found {
-		err = json.Unmarshal(raw, &a.Elastic)
+	if raw, found := object["error"]; found {
+		err = json.Unmarshal(raw, &a.Error)
 		if err != nil {
-			return fmt.Errorf("error reading 'elastic': %w", err)
+			return fmt.Errorf("error reading 'error': %w", err)
 		}
-		delete(object, "elastic")
+		delete(object, "error")
 	}
 
-	if raw, found := object["kibana"]; found {
-		err = json.Unmarshal(raw, &a.Kibana)
+	if raw, found := object["name"]; found {
+		err = json.Unmarshal(raw, &a.Name)
 		if err != nil {
-			return fmt.Errorf("error reading 'kibana': %w", err)
+			return fmt.Errorf("error reading 'name': %w", err)
 		}
-		delete(object, "kibana")
+		delete(object, "name")
+	}
+
+	if raw, found := object["started_at"]; found {
+		err = json.Unmarshal(raw, &a.StartedAt)
+		if err != nil {
+			return fmt.Errorf("error reading 'started_at': %w", err)
+		}
+		delete(object, "started_at")
 	}
 
 	if len(object) != 0 {
@@ -10821,22 +18123,29 @@ func (a *PackageListItem_Conditions) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for PackageListItem_Conditions to handle AdditionalProperties
-func (a PackageListItem_Conditions) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageListItem_InstallationInfo_LatestExecutedState to handle AdditionalProperties
+func (a PackageListItem_InstallationInfo_LatestExecutedState) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Elastic != nil {
-		object["elastic"], err = json.Marshal(a.Elastic)
+	if a.Error != nil {
+		object["error"], err = json.Marshal(a.Error)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'elastic': %w", err)
+			return nil, fmt.Errorf("error marshaling 'error': %w", err)
 		}
 	}
 
-	if a.Kibana != nil {
-		object["kibana"], err = json.Marshal(a.Kibana)
+	if a.Name != nil {
+		object["name"], err = json.Marshal(a.Name)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'kibana': %w", err)
+			return nil, fmt.Errorf("error marshaling 'name': %w", err)
+		}
+	}
+
+	if a.StartedAt != nil {
+		object["started_at"], err = json.Marshal(a.StartedAt)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'started_at': %w", err)
 		}
 	}
 
@@ -10849,31 +18158,39 @@ func (a PackageListItem_Conditions) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageListItem_Discovery_Fields_Item. Returns the specified
+// Getter for additional properties for PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error. Returns the specified
 // element and whether it was found
-func (a PackageListItem_Discovery_Fields_Item) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageListItem_Discovery_Fields_Item
-func (a *PackageListItem_Discovery_Fields_Item) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error
+func (a *PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageListItem_Discovery_Fields_Item to handle AdditionalProperties
-func (a *PackageListItem_Discovery_Fields_Item) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error to handle AdditionalProperties
+func (a *PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
+	if raw, found := object["message"]; found {
+		err = json.Unmarshal(raw, &a.Message)
+		if err != nil {
+			return fmt.Errorf("error reading 'message': %w", err)
+		}
+		delete(object, "message")
+	}
+
 	if raw, found := object["name"]; found {
 		err = json.Unmarshal(raw, &a.Name)
 		if err != nil {
@@ -10882,6 +18199,14 @@ func (a *PackageListItem_Discovery_Fields_Item) UnmarshalJSON(b []byte) error {
 		delete(object, "name")
 	}
 
+	if raw, found := object["stack"]; found {
+		err = json.Unmarshal(raw, &a.Stack)
+		if err != nil {
+			return fmt.Errorf("error reading 'stack': %w", err)
+		}
+		delete(object, "stack")
+	}
+
 	if len(object) != 0 {
 		a.AdditionalProperties = make(map[string]interface{})
 		for fieldName, fieldBuf := range object {
@@ -10896,16 +18221,28 @@ func (a *PackageListItem_Discovery_Fields_Item) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for PackageListItem_Discovery_Fields_Item to handle AdditionalProperties
-func (a PackageListItem_Discovery_Fields_Item) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error to handle AdditionalProperties
+func (a PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
+	object["message"], err = json.Marshal(a.Message)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'message': %w", err)
+	}
+
 	object["name"], err = json.Marshal(a.Name)
 	if err != nil {
 		return nil, fmt.Errorf("error marshaling 'name': %w", err)
 	}
 
+	if a.Stack != nil {
+		object["stack"], err = json.Marshal(a.Stack)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'stack': %w", err)
+		}
+	}
+
 	for fieldName, field := range a.AdditionalProperties {
 		object[fieldName], err = json.Marshal(field)
 		if err != nil {
@@ -10915,37 +18252,53 @@ func (a PackageListItem_Discovery_Fields_Item) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageListItem_Discovery. Returns the specified
+// Getter for additional properties for PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item. Returns the specified
 // element and whether it was found
-func (a PackageListItem_Discovery) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageListItem_Discovery
-func (a *PackageListItem_Discovery) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item
+func (a *PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageListItem_Discovery to handle AdditionalProperties
-func (a *PackageListItem_Discovery) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item to handle AdditionalProperties
+func (a *PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["fields"]; found {
-		err = json.Unmarshal(raw, &a.Fields)
+	if raw, found := object["created_at"]; found {
+		err = json.Unmarshal(raw, &a.CreatedAt)
 		if err != nil {
-			return fmt.Errorf("error reading 'fields': %w", err)
+			return fmt.Errorf("error reading 'created_at': %w", err)
 		}
-		delete(object, "fields")
+		delete(object, "created_at")
+	}
+
+	if raw, found := object["error"]; found {
+		err = json.Unmarshal(raw, &a.Error)
+		if err != nil {
+			return fmt.Errorf("error reading 'error': %w", err)
+		}
+		delete(object, "error")
+	}
+
+	if raw, found := object["target_version"]; found {
+		err = json.Unmarshal(raw, &a.TargetVersion)
+		if err != nil {
+			return fmt.Errorf("error reading 'target_version': %w", err)
+		}
+		delete(object, "target_version")
 	}
 
 	if len(object) != 0 {
@@ -10962,16 +18315,24 @@ func (a *PackageListItem_Discovery) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for PackageListItem_Discovery to handle AdditionalProperties
-func (a PackageListItem_Discovery) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item to handle AdditionalProperties
+func (a PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Fields != nil {
-		object["fields"], err = json.Marshal(a.Fields)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'fields': %w", err)
-		}
+	object["created_at"], err = json.Marshal(a.CreatedAt)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'created_at': %w", err)
+	}
+
+	object["error"], err = json.Marshal(a.Error)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'error': %w", err)
+	}
+
+	object["target_version"], err = json.Marshal(a.TargetVersion)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'target_version': %w", err)
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -10983,69 +18344,141 @@ func (a PackageListItem_Discovery) MarshalJSON() ([]byte, error) {
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageListItem_Icons_Item. Returns the specified
+// Getter for additional properties for PackageListItem_InstallationInfo. Returns the specified
 // element and whether it was found
-func (a PackageListItem_Icons_Item) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageListItem_InstallationInfo) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageListItem_Icons_Item
-func (a *PackageListItem_Icons_Item) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageListItem_InstallationInfo
+func (a *PackageListItem_InstallationInfo) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageListItem_Icons_Item to handle AdditionalProperties
-func (a *PackageListItem_Icons_Item) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageListItem_InstallationInfo to handle AdditionalProperties
+func (a *PackageListItem_InstallationInfo) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["dark_mode"]; found {
-		err = json.Unmarshal(raw, &a.DarkMode)
+	if raw, found := object["additional_spaces_installed_kibana"]; found {
+		err = json.Unmarshal(raw, &a.AdditionalSpacesInstalledKibana)
 		if err != nil {
-			return fmt.Errorf("error reading 'dark_mode': %w", err)
+			return fmt.Errorf("error reading 'additional_spaces_installed_kibana': %w", err)
 		}
-		delete(object, "dark_mode")
+		delete(object, "additional_spaces_installed_kibana")
 	}
 
-	if raw, found := object["path"]; found {
-		err = json.Unmarshal(raw, &a.Path)
+	if raw, found := object["created_at"]; found {
+		err = json.Unmarshal(raw, &a.CreatedAt)
 		if err != nil {
-			return fmt.Errorf("error reading 'path': %w", err)
+			return fmt.Errorf("error reading 'created_at': %w", err)
 		}
-		delete(object, "path")
+		delete(object, "created_at")
 	}
 
-	if raw, found := object["size"]; found {
-		err = json.Unmarshal(raw, &a.Size)
+	if raw, found := object["experimental_data_stream_features"]; found {
+		err = json.Unmarshal(raw, &a.ExperimentalDataStreamFeatures)
 		if err != nil {
-			return fmt.Errorf("error reading 'size': %w", err)
+			return fmt.Errorf("error reading 'experimental_data_stream_features': %w", err)
 		}
-		delete(object, "size")
+		delete(object, "experimental_data_stream_features")
 	}
 
-	if raw, found := object["src"]; found {
-		err = json.Unmarshal(raw, &a.Src)
+	if raw, found := object["install_format_schema_version"]; found {
+		err = json.Unmarshal(raw, &a.InstallFormatSchemaVersion)
 		if err != nil {
-			return fmt.Errorf("error reading 'src': %w", err)
+			return fmt.Errorf("error reading 'install_format_schema_version': %w", err)
 		}
-		delete(object, "src")
+		delete(object, "install_format_schema_version")
 	}
 
-	if raw, found := object["title"]; found {
-		err = json.Unmarshal(raw, &a.Title)
+	if raw, found := object["install_source"]; found {
+		err = json.Unmarshal(raw, &a.InstallSource)
 		if err != nil {
-			return fmt.Errorf("error reading 'title': %w", err)
+			return fmt.Errorf("error reading 'install_source': %w", err)
 		}
-		delete(object, "title")
+		delete(object, "install_source")
+	}
+
+	if raw, found := object["install_status"]; found {
+		err = json.Unmarshal(raw, &a.InstallStatus)
+		if err != nil {
+			return fmt.Errorf("error reading 'install_status': %w", err)
+		}
+		delete(object, "install_status")
+	}
+
+	if raw, found := object["installed_es"]; found {
+		err = json.Unmarshal(raw, &a.InstalledEs)
+		if err != nil {
+			return fmt.Errorf("error reading 'installed_es': %w", err)
+		}
+		delete(object, "installed_es")
+	}
+
+	if raw, found := object["installed_kibana"]; found {
+		err = json.Unmarshal(raw, &a.InstalledKibana)
+		if err != nil {
+			return fmt.Errorf("error reading 'installed_kibana': %w", err)
+		}
+		delete(object, "installed_kibana")
+	}
+
+	if raw, found := object["installed_kibana_space_id"]; found {
+		err = json.Unmarshal(raw, &a.InstalledKibanaSpaceId)
+		if err != nil {
+			return fmt.Errorf("error reading 'installed_kibana_space_id': %w", err)
+		}
+		delete(object, "installed_kibana_space_id")
+	}
+
+	if raw, found := object["latest_executed_state"]; found {
+		err = json.Unmarshal(raw, &a.LatestExecutedState)
+		if err != nil {
+			return fmt.Errorf("error reading 'latest_executed_state': %w", err)
+		}
+		delete(object, "latest_executed_state")
+	}
+
+	if raw, found := object["latest_install_failed_attempts"]; found {
+		err = json.Unmarshal(raw, &a.LatestInstallFailedAttempts)
+		if err != nil {
+			return fmt.Errorf("error reading 'latest_install_failed_attempts': %w", err)
+		}
+		delete(object, "latest_install_failed_attempts")
+	}
+
+	if raw, found := object["name"]; found {
+		err = json.Unmarshal(raw, &a.Name)
+		if err != nil {
+			return fmt.Errorf("error reading 'name': %w", err)
+		}
+		delete(object, "name")
+	}
+
+	if raw, found := object["namespaces"]; found {
+		err = json.Unmarshal(raw, &a.Namespaces)
+		if err != nil {
+			return fmt.Errorf("error reading 'namespaces': %w", err)
+		}
+		delete(object, "namespaces")
+	}
+
+	if raw, found := object["previous_version"]; found {
+		err = json.Unmarshal(raw, &a.PreviousVersion)
+		if err != nil {
+			return fmt.Errorf("error reading 'previous_version': %w", err)
+		}
+		delete(object, "previous_version")
 	}
 
 	if raw, found := object["type"]; found {
@@ -11056,6 +18489,38 @@ func (a *PackageListItem_Icons_Item) UnmarshalJSON(b []byte) error {
 		delete(object, "type")
 	}
 
+	if raw, found := object["updated_at"]; found {
+		err = json.Unmarshal(raw, &a.UpdatedAt)
+		if err != nil {
+			return fmt.Errorf("error reading 'updated_at': %w", err)
+		}
+		delete(object, "updated_at")
+	}
+
+	if raw, found := object["verification_key_id"]; found {
+		err = json.Unmarshal(raw, &a.VerificationKeyId)
+		if err != nil {
+			return fmt.Errorf("error reading 'verification_key_id': %w", err)
+		}
+		delete(object, "verification_key_id")
+	}
+
+	if raw, found := object["verification_status"]; found {
+		err = json.Unmarshal(raw, &a.VerificationStatus)
+		if err != nil {
+			return fmt.Errorf("error reading 'verification_status': %w", err)
+		}
+		delete(object, "verification_status")
+	}
+
+	if raw, found := object["version"]; found {
+		err = json.Unmarshal(raw, &a.Version)
+		if err != nil {
+			return fmt.Errorf("error reading 'version': %w", err)
+		}
+		delete(object, "version")
+	}
+
 	if len(object) != 0 {
 		a.AdditionalProperties = make(map[string]interface{})
 		for fieldName, fieldBuf := range object {
@@ -11070,143 +18535,126 @@ func (a *PackageListItem_Icons_Item) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// Override default JSON handling for PackageListItem_Icons_Item to handle AdditionalProperties
-func (a PackageListItem_Icons_Item) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageListItem_InstallationInfo to handle AdditionalProperties
+func (a PackageListItem_InstallationInfo) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.DarkMode != nil {
-		object["dark_mode"], err = json.Marshal(a.DarkMode)
+	if a.AdditionalSpacesInstalledKibana != nil {
+		object["additional_spaces_installed_kibana"], err = json.Marshal(a.AdditionalSpacesInstalledKibana)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'dark_mode': %w", err)
+			return nil, fmt.Errorf("error marshaling 'additional_spaces_installed_kibana': %w", err)
 		}
 	}
 
-	if a.Path != nil {
-		object["path"], err = json.Marshal(a.Path)
+	if a.CreatedAt != nil {
+		object["created_at"], err = json.Marshal(a.CreatedAt)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'path': %w", err)
+			return nil, fmt.Errorf("error marshaling 'created_at': %w", err)
 		}
 	}
 
-	if a.Size != nil {
-		object["size"], err = json.Marshal(a.Size)
+	if a.ExperimentalDataStreamFeatures != nil {
+		object["experimental_data_stream_features"], err = json.Marshal(a.ExperimentalDataStreamFeatures)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'size': %w", err)
+			return nil, fmt.Errorf("error marshaling 'experimental_data_stream_features': %w", err)
 		}
 	}
 
-	object["src"], err = json.Marshal(a.Src)
+	if a.InstallFormatSchemaVersion != nil {
+		object["install_format_schema_version"], err = json.Marshal(a.InstallFormatSchemaVersion)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'install_format_schema_version': %w", err)
+		}
+	}
+
+	object["install_source"], err = json.Marshal(a.InstallSource)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'src': %w", err)
+		return nil, fmt.Errorf("error marshaling 'install_source': %w", err)
 	}
 
-	if a.Title != nil {
-		object["title"], err = json.Marshal(a.Title)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'title': %w", err)
-		}
+	object["install_status"], err = json.Marshal(a.InstallStatus)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'install_status': %w", err)
 	}
 
-	if a.Type != nil {
-		object["type"], err = json.Marshal(a.Type)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'type': %w", err)
-		}
+	object["installed_es"], err = json.Marshal(a.InstalledEs)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'installed_es': %w", err)
 	}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
+	object["installed_kibana"], err = json.Marshal(a.InstalledKibana)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'installed_kibana': %w", err)
+	}
+
+	if a.InstalledKibanaSpaceId != nil {
+		object["installed_kibana_space_id"], err = json.Marshal(a.InstalledKibanaSpaceId)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
+			return nil, fmt.Errorf("error marshaling 'installed_kibana_space_id': %w", err)
 		}
 	}
-	return json.Marshal(object)
-}
 
-// Getter for additional properties for PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item. Returns the specified
-// element and whether it was found
-func (a PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
+	if a.LatestExecutedState != nil {
+		object["latest_executed_state"], err = json.Marshal(a.LatestExecutedState)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'latest_executed_state': %w", err)
+		}
 	}
-	return
-}
 
-// Setter for additional properties for PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item
-func (a *PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
+	if a.LatestInstallFailedAttempts != nil {
+		object["latest_install_failed_attempts"], err = json.Marshal(a.LatestInstallFailedAttempts)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'latest_install_failed_attempts': %w", err)
+		}
 	}
-	a.AdditionalProperties[fieldName] = value
-}
 
-// Override default JSON handling for PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item to handle AdditionalProperties
-func (a *PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
+	object["name"], err = json.Marshal(a.Name)
 	if err != nil {
-		return err
+		return nil, fmt.Errorf("error marshaling 'name': %w", err)
 	}
 
-	if raw, found := object["id"]; found {
-		err = json.Unmarshal(raw, &a.Id)
+	if a.Namespaces != nil {
+		object["namespaces"], err = json.Marshal(a.Namespaces)
 		if err != nil {
-			return fmt.Errorf("error reading 'id': %w", err)
+			return nil, fmt.Errorf("error marshaling 'namespaces': %w", err)
 		}
-		delete(object, "id")
 	}
 
-	if raw, found := object["originId"]; found {
-		err = json.Unmarshal(raw, &a.OriginId)
+	if a.PreviousVersion != nil {
+		object["previous_version"], err = json.Marshal(a.PreviousVersion)
 		if err != nil {
-			return fmt.Errorf("error reading 'originId': %w", err)
+			return nil, fmt.Errorf("error marshaling 'previous_version': %w", err)
 		}
-		delete(object, "originId")
 	}
 
-	if raw, found := object["type"]; found {
-		err = json.Unmarshal(raw, &a.Type)
+	object["type"], err = json.Marshal(a.Type)
+	if err != nil {
+		return nil, fmt.Errorf("error marshaling 'type': %w", err)
+	}
+
+	if a.UpdatedAt != nil {
+		object["updated_at"], err = json.Marshal(a.UpdatedAt)
 		if err != nil {
-			return fmt.Errorf("error reading 'type': %w", err)
+			return nil, fmt.Errorf("error marshaling 'updated_at': %w", err)
 		}
-		delete(object, "type")
 	}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
+	if a.VerificationKeyId != nil {
+		object["verification_key_id"], err = json.Marshal(a.VerificationKeyId)
+		if err != nil {
+			return nil, fmt.Errorf("error marshaling 'verification_key_id': %w", err)
 		}
 	}
-	return nil
-}
 
-// Override default JSON handling for PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item to handle AdditionalProperties
-func (a PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
-
-	object["id"], err = json.Marshal(a.Id)
+	object["verification_status"], err = json.Marshal(a.VerificationStatus)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'id': %w", err)
-	}
-
-	if a.OriginId != nil {
-		object["originId"], err = json.Marshal(a.OriginId)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'originId': %w", err)
-		}
+		return nil, fmt.Errorf("error marshaling 'verification_status': %w", err)
 	}
 
-	object["type"], err = json.Marshal(a.Type)
+	object["version"], err = json.Marshal(a.Version)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'type': %w", err)
+		return nil, fmt.Errorf("error marshaling 'version': %w", err)
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -11218,61 +18666,45 @@ func (a PackageListItem_InstallationInfo_AdditionalSpacesInstalledKibana_Item) M
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features. Returns the specified
+// Getter for additional properties for PackageListItem_Owner. Returns the specified
 // element and whether it was found
-func (a PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageListItem_Owner) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features
-func (a *PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageListItem_Owner
+func (a *PackageListItem_Owner) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features to handle AdditionalProperties
-func (a *PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageListItem_Owner to handle AdditionalProperties
+func (a *PackageListItem_Owner) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["doc_value_only_numeric"]; found {
-		err = json.Unmarshal(raw, &a.DocValueOnlyNumeric)
-		if err != nil {
-			return fmt.Errorf("error reading 'doc_value_only_numeric': %w", err)
-		}
-		delete(object, "doc_value_only_numeric")
-	}
-
-	if raw, found := object["doc_value_only_other"]; found {
-		err = json.Unmarshal(raw, &a.DocValueOnlyOther)
-		if err != nil {
-			return fmt.Errorf("error reading 'doc_value_only_other': %w", err)
-		}
-		delete(object, "doc_value_only_other")
-	}
-
-	if raw, found := object["synthetic_source"]; found {
-		err = json.Unmarshal(raw, &a.SyntheticSource)
+	if raw, found := object["github"]; found {
+		err = json.Unmarshal(raw, &a.Github)
 		if err != nil {
-			return fmt.Errorf("error reading 'synthetic_source': %w", err)
+			return fmt.Errorf("error reading 'github': %w", err)
 		}
-		delete(object, "synthetic_source")
+		delete(object, "github")
 	}
 
-	if raw, found := object["tsdb"]; found {
-		err = json.Unmarshal(raw, &a.Tsdb)
+	if raw, found := object["type"]; found {
+		err = json.Unmarshal(raw, &a.Type)
 		if err != nil {
-			return fmt.Errorf("error reading 'tsdb': %w", err)
+			return fmt.Errorf("error reading 'type': %w", err)
 		}
-		delete(object, "tsdb")
+		delete(object, "type")
 	}
 
 	if len(object) != 0 {
@@ -11289,36 +18721,22 @@ func (a *PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Feature
 	return nil
 }
 
-// Override default JSON handling for PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features to handle AdditionalProperties
-func (a PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageListItem_Owner to handle AdditionalProperties
+func (a PackageListItem_Owner) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.DocValueOnlyNumeric != nil {
-		object["doc_value_only_numeric"], err = json.Marshal(a.DocValueOnlyNumeric)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'doc_value_only_numeric': %w", err)
-		}
-	}
-
-	if a.DocValueOnlyOther != nil {
-		object["doc_value_only_other"], err = json.Marshal(a.DocValueOnlyOther)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'doc_value_only_other': %w", err)
-		}
-	}
-
-	if a.SyntheticSource != nil {
-		object["synthetic_source"], err = json.Marshal(a.SyntheticSource)
+	if a.Github != nil {
+		object["github"], err = json.Marshal(a.Github)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'synthetic_source': %w", err)
+			return nil, fmt.Errorf("error marshaling 'github': %w", err)
 		}
 	}
 
-	if a.Tsdb != nil {
-		object["tsdb"], err = json.Marshal(a.Tsdb)
+	if a.Type != nil {
+		object["type"], err = json.Marshal(a.Type)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'tsdb': %w", err)
+			return nil, fmt.Errorf("error marshaling 'type': %w", err)
 		}
 	}
 
@@ -11331,45 +18749,37 @@ func (a PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Features
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item. Returns the specified
+// Getter for additional properties for PackageListItem_Source. Returns the specified
 // element and whether it was found
-func (a PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item) Get(fieldName string) (value interface{}, found bool) {
+func (a PackageListItem_Source) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item
-func (a *PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackageListItem_Source
+func (a *PackageListItem_Source) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item to handle AdditionalProperties
-func (a *PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackageListItem_Source to handle AdditionalProperties
+func (a *PackageListItem_Source) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["data_stream"]; found {
-		err = json.Unmarshal(raw, &a.DataStream)
-		if err != nil {
-			return fmt.Errorf("error reading 'data_stream': %w", err)
-		}
-		delete(object, "data_stream")
-	}
-
-	if raw, found := object["features"]; found {
-		err = json.Unmarshal(raw, &a.Features)
+	if raw, found := object["license"]; found {
+		err = json.Unmarshal(raw, &a.License)
 		if err != nil {
-			return fmt.Errorf("error reading 'features': %w", err)
+			return fmt.Errorf("error reading 'license': %w", err)
 		}
-		delete(object, "features")
+		delete(object, "license")
 	}
 
 	if len(object) != 0 {
@@ -11386,19 +18796,14 @@ func (a *PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item) U
 	return nil
 }
 
-// Override default JSON handling for PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item to handle AdditionalProperties
-func (a PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackageListItem_Source to handle AdditionalProperties
+func (a PackageListItem_Source) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	object["data_stream"], err = json.Marshal(a.DataStream)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'data_stream': %w", err)
-	}
-
-	object["features"], err = json.Marshal(a.Features)
+	object["license"], err = json.Marshal(a.License)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'features': %w", err)
+		return nil, fmt.Errorf("error marshaling 'license': %w", err)
 	}
 
 	for fieldName, field := range a.AdditionalProperties {
@@ -11410,61 +18815,37 @@ func (a PackageListItem_InstallationInfo_ExperimentalDataStreamFeatures_Item) Ma
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageListItem_InstallationInfo_InstalledEs_Item. Returns the specified
+// Getter for additional properties for PackagePolicy_Elasticsearch_Privileges. Returns the specified
 // element and whether it was found
-func (a PackageListItem_InstallationInfo_InstalledEs_Item) Get(fieldName string) (value interface{}, found bool) {
+func (a PackagePolicy_Elasticsearch_Privileges) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageListItem_InstallationInfo_InstalledEs_Item
-func (a *PackageListItem_InstallationInfo_InstalledEs_Item) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackagePolicy_Elasticsearch_Privileges
+func (a *PackagePolicy_Elasticsearch_Privileges) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageListItem_InstallationInfo_InstalledEs_Item to handle AdditionalProperties
-func (a *PackageListItem_InstallationInfo_InstalledEs_Item) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackagePolicy_Elasticsearch_Privileges to handle AdditionalProperties
+func (a *PackagePolicy_Elasticsearch_Privileges) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["deferred"]; found {
-		err = json.Unmarshal(raw, &a.Deferred)
-		if err != nil {
-			return fmt.Errorf("error reading 'deferred': %w", err)
-		}
-		delete(object, "deferred")
-	}
-
-	if raw, found := object["id"]; found {
-		err = json.Unmarshal(raw, &a.Id)
-		if err != nil {
-			return fmt.Errorf("error reading 'id': %w", err)
-		}
-		delete(object, "id")
-	}
-
-	if raw, found := object["type"]; found {
-		err = json.Unmarshal(raw, &a.Type)
-		if err != nil {
-			return fmt.Errorf("error reading 'type': %w", err)
-		}
-		delete(object, "type")
-	}
-
-	if raw, found := object["version"]; found {
-		err = json.Unmarshal(raw, &a.Version)
+	if raw, found := object["cluster"]; found {
+		err = json.Unmarshal(raw, &a.Cluster)
 		if err != nil {
-			return fmt.Errorf("error reading 'version': %w", err)
+			return fmt.Errorf("error reading 'cluster': %w", err)
 		}
-		delete(object, "version")
+		delete(object, "cluster")
 	}
 
 	if len(object) != 0 {
@@ -11481,32 +18862,15 @@ func (a *PackageListItem_InstallationInfo_InstalledEs_Item) UnmarshalJSON(b []by
 	return nil
 }
 
-// Override default JSON handling for PackageListItem_InstallationInfo_InstalledEs_Item to handle AdditionalProperties
-func (a PackageListItem_InstallationInfo_InstalledEs_Item) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackagePolicy_Elasticsearch_Privileges to handle AdditionalProperties
+func (a PackagePolicy_Elasticsearch_Privileges) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	if a.Deferred != nil {
-		object["deferred"], err = json.Marshal(a.Deferred)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'deferred': %w", err)
-		}
-	}
-
-	object["id"], err = json.Marshal(a.Id)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'id': %w", err)
-	}
-
-	object["type"], err = json.Marshal(a.Type)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'type': %w", err)
-	}
-
-	if a.Version != nil {
-		object["version"], err = json.Marshal(a.Version)
+	if a.Cluster != nil {
+		object["cluster"], err = json.Marshal(a.Cluster)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'version': %w", err)
+			return nil, fmt.Errorf("error marshaling 'cluster': %w", err)
 		}
 	}
 
@@ -11519,53 +18883,37 @@ func (a PackageListItem_InstallationInfo_InstalledEs_Item) MarshalJSON() ([]byte
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageListItem_InstallationInfo_InstalledKibana_Item. Returns the specified
+// Getter for additional properties for PackagePolicy_Elasticsearch. Returns the specified
 // element and whether it was found
-func (a PackageListItem_InstallationInfo_InstalledKibana_Item) Get(fieldName string) (value interface{}, found bool) {
+func (a PackagePolicy_Elasticsearch) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageListItem_InstallationInfo_InstalledKibana_Item
-func (a *PackageListItem_InstallationInfo_InstalledKibana_Item) Set(fieldName string, value interface{}) {
+// Setter for additional properties for PackagePolicy_Elasticsearch
+func (a *PackagePolicy_Elasticsearch) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageListItem_InstallationInfo_InstalledKibana_Item to handle AdditionalProperties
-func (a *PackageListItem_InstallationInfo_InstalledKibana_Item) UnmarshalJSON(b []byte) error {
+// Override default JSON handling for PackagePolicy_Elasticsearch to handle AdditionalProperties
+func (a *PackagePolicy_Elasticsearch) UnmarshalJSON(b []byte) error {
 	object := make(map[string]json.RawMessage)
 	err := json.Unmarshal(b, &object)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["id"]; found {
-		err = json.Unmarshal(raw, &a.Id)
-		if err != nil {
-			return fmt.Errorf("error reading 'id': %w", err)
-		}
-		delete(object, "id")
-	}
-
-	if raw, found := object["originId"]; found {
-		err = json.Unmarshal(raw, &a.OriginId)
-		if err != nil {
-			return fmt.Errorf("error reading 'originId': %w", err)
-		}
-		delete(object, "originId")
-	}
-
-	if raw, found := object["type"]; found {
-		err = json.Unmarshal(raw, &a.Type)
+	if raw, found := object["privileges"]; found {
+		err = json.Unmarshal(raw, &a.Privileges)
 		if err != nil {
-			return fmt.Errorf("error reading 'type': %w", err)
+			return fmt.Errorf("error reading 'privileges': %w", err)
 		}
-		delete(object, "type")
+		delete(object, "privileges")
 	}
 
 	if len(object) != 0 {
@@ -11582,28 +18930,18 @@ func (a *PackageListItem_InstallationInfo_InstalledKibana_Item) UnmarshalJSON(b
 	return nil
 }
 
-// Override default JSON handling for PackageListItem_InstallationInfo_InstalledKibana_Item to handle AdditionalProperties
-func (a PackageListItem_InstallationInfo_InstalledKibana_Item) MarshalJSON() ([]byte, error) {
+// Override default JSON handling for PackagePolicy_Elasticsearch to handle AdditionalProperties
+func (a PackagePolicy_Elasticsearch) MarshalJSON() ([]byte, error) {
 	var err error
 	object := make(map[string]json.RawMessage)
 
-	object["id"], err = json.Marshal(a.Id)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'id': %w", err)
-	}
-
-	if a.OriginId != nil {
-		object["originId"], err = json.Marshal(a.OriginId)
+	if a.Privileges != nil {
+		object["privileges"], err = json.Marshal(a.Privileges)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'originId': %w", err)
+			return nil, fmt.Errorf("error marshaling 'privileges': %w", err)
 		}
 	}
 
-	object["type"], err = json.Marshal(a.Type)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'type': %w", err)
-	}
-
 	for fieldName, field := range a.AdditionalProperties {
 		object[fieldName], err = json.Marshal(field)
 		if err != nil {
@@ -11613,914 +18951,1306 @@ func (a PackageListItem_InstallationInfo_InstalledKibana_Item) MarshalJSON() ([]
 	return json.Marshal(object)
 }
 
-// Getter for additional properties for PackageListItem_InstallationInfo_LatestExecutedState. Returns the specified
+// Getter for additional properties for UpdateConnectorConfig. Returns the specified
 // element and whether it was found
-func (a PackageListItem_InstallationInfo_LatestExecutedState) Get(fieldName string) (value interface{}, found bool) {
+func (a UpdateConnectorConfig) Get(fieldName string) (value interface{}, found bool) {
 	if a.AdditionalProperties != nil {
 		value, found = a.AdditionalProperties[fieldName]
 	}
 	return
 }
 
-// Setter for additional properties for PackageListItem_InstallationInfo_LatestExecutedState
-func (a *PackageListItem_InstallationInfo_LatestExecutedState) Set(fieldName string, value interface{}) {
+// Setter for additional properties for UpdateConnectorConfig
+func (a *UpdateConnectorConfig) Set(fieldName string, value interface{}) {
 	if a.AdditionalProperties == nil {
 		a.AdditionalProperties = make(map[string]interface{})
 	}
 	a.AdditionalProperties[fieldName] = value
 }
 
-// Override default JSON handling for PackageListItem_InstallationInfo_LatestExecutedState to handle AdditionalProperties
-func (a *PackageListItem_InstallationInfo_LatestExecutedState) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
+// Getter for additional properties for UpdateConnectorSecrets. Returns the specified
+// element and whether it was found
+func (a UpdateConnectorSecrets) Get(fieldName string) (value interface{}, found bool) {
+	if a.AdditionalProperties != nil {
+		value, found = a.AdditionalProperties[fieldName]
+	}
+	return
+}
+
+// Setter for additional properties for UpdateConnectorSecrets
+func (a *UpdateConnectorSecrets) Set(fieldName string, value interface{}) {
+	if a.AdditionalProperties == nil {
+		a.AdditionalProperties = make(map[string]interface{})
+	}
+	a.AdditionalProperties[fieldName] = value
+}
+
+// AsSecurityDetectionsAPIEcsMappingValue0 returns the union data inside the SecurityDetectionsAPIEcsMapping_Value as a SecurityDetectionsAPIEcsMappingValue0
+func (t SecurityDetectionsAPIEcsMapping_Value) AsSecurityDetectionsAPIEcsMappingValue0() (SecurityDetectionsAPIEcsMappingValue0, error) {
+	var body SecurityDetectionsAPIEcsMappingValue0
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
+
+// FromSecurityDetectionsAPIEcsMappingValue0 overwrites any union data inside the SecurityDetectionsAPIEcsMapping_Value as the provided SecurityDetectionsAPIEcsMappingValue0
+func (t *SecurityDetectionsAPIEcsMapping_Value) FromSecurityDetectionsAPIEcsMappingValue0(v SecurityDetectionsAPIEcsMappingValue0) error {
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPIEcsMappingValue0 performs a merge with any union data inside the SecurityDetectionsAPIEcsMapping_Value, using the provided SecurityDetectionsAPIEcsMappingValue0
+func (t *SecurityDetectionsAPIEcsMapping_Value) MergeSecurityDetectionsAPIEcsMappingValue0(v SecurityDetectionsAPIEcsMappingValue0) error {
+	b, err := json.Marshal(v)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["error"]; found {
-		err = json.Unmarshal(raw, &a.Error)
-		if err != nil {
-			return fmt.Errorf("error reading 'error': %w", err)
-		}
-		delete(object, "error")
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
+
+// AsSecurityDetectionsAPIEcsMappingValue1 returns the union data inside the SecurityDetectionsAPIEcsMapping_Value as a SecurityDetectionsAPIEcsMappingValue1
+func (t SecurityDetectionsAPIEcsMapping_Value) AsSecurityDetectionsAPIEcsMappingValue1() (SecurityDetectionsAPIEcsMappingValue1, error) {
+	var body SecurityDetectionsAPIEcsMappingValue1
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
+
+// FromSecurityDetectionsAPIEcsMappingValue1 overwrites any union data inside the SecurityDetectionsAPIEcsMapping_Value as the provided SecurityDetectionsAPIEcsMappingValue1
+func (t *SecurityDetectionsAPIEcsMapping_Value) FromSecurityDetectionsAPIEcsMappingValue1(v SecurityDetectionsAPIEcsMappingValue1) error {
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPIEcsMappingValue1 performs a merge with any union data inside the SecurityDetectionsAPIEcsMapping_Value, using the provided SecurityDetectionsAPIEcsMappingValue1
+func (t *SecurityDetectionsAPIEcsMapping_Value) MergeSecurityDetectionsAPIEcsMappingValue1(v SecurityDetectionsAPIEcsMappingValue1) error {
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
 	}
 
-	if raw, found := object["name"]; found {
-		err = json.Unmarshal(raw, &a.Name)
-		if err != nil {
-			return fmt.Errorf("error reading 'name': %w", err)
-		}
-		delete(object, "name")
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
+
+func (t SecurityDetectionsAPIEcsMapping_Value) MarshalJSON() ([]byte, error) {
+	b, err := t.union.MarshalJSON()
+	return b, err
+}
+
+func (t *SecurityDetectionsAPIEcsMapping_Value) UnmarshalJSON(b []byte) error {
+	err := t.union.UnmarshalJSON(b)
+	return err
+}
+
+// AsSecurityDetectionsAPIDefaultParams returns the union data inside the SecurityDetectionsAPIEndpointResponseAction_Params as a SecurityDetectionsAPIDefaultParams
+func (t SecurityDetectionsAPIEndpointResponseAction_Params) AsSecurityDetectionsAPIDefaultParams() (SecurityDetectionsAPIDefaultParams, error) {
+	var body SecurityDetectionsAPIDefaultParams
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
+
+// FromSecurityDetectionsAPIDefaultParams overwrites any union data inside the SecurityDetectionsAPIEndpointResponseAction_Params as the provided SecurityDetectionsAPIDefaultParams
+func (t *SecurityDetectionsAPIEndpointResponseAction_Params) FromSecurityDetectionsAPIDefaultParams(v SecurityDetectionsAPIDefaultParams) error {
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPIDefaultParams performs a merge with any union data inside the SecurityDetectionsAPIEndpointResponseAction_Params, using the provided SecurityDetectionsAPIDefaultParams
+func (t *SecurityDetectionsAPIEndpointResponseAction_Params) MergeSecurityDetectionsAPIDefaultParams(v SecurityDetectionsAPIDefaultParams) error {
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
 	}
 
-	if raw, found := object["started_at"]; found {
-		err = json.Unmarshal(raw, &a.StartedAt)
-		if err != nil {
-			return fmt.Errorf("error reading 'started_at': %w", err)
-		}
-		delete(object, "started_at")
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
+
+// AsSecurityDetectionsAPIProcessesParams returns the union data inside the SecurityDetectionsAPIEndpointResponseAction_Params as a SecurityDetectionsAPIProcessesParams
+func (t SecurityDetectionsAPIEndpointResponseAction_Params) AsSecurityDetectionsAPIProcessesParams() (SecurityDetectionsAPIProcessesParams, error) {
+	var body SecurityDetectionsAPIProcessesParams
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
+
+// FromSecurityDetectionsAPIProcessesParams overwrites any union data inside the SecurityDetectionsAPIEndpointResponseAction_Params as the provided SecurityDetectionsAPIProcessesParams
+func (t *SecurityDetectionsAPIEndpointResponseAction_Params) FromSecurityDetectionsAPIProcessesParams(v SecurityDetectionsAPIProcessesParams) error {
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPIProcessesParams performs a merge with any union data inside the SecurityDetectionsAPIEndpointResponseAction_Params, using the provided SecurityDetectionsAPIProcessesParams
+func (t *SecurityDetectionsAPIEndpointResponseAction_Params) MergeSecurityDetectionsAPIProcessesParams(v SecurityDetectionsAPIProcessesParams) error {
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
 	}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
-		}
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
+
+func (t SecurityDetectionsAPIEndpointResponseAction_Params) MarshalJSON() ([]byte, error) {
+	b, err := t.union.MarshalJSON()
+	return b, err
+}
+
+func (t *SecurityDetectionsAPIEndpointResponseAction_Params) UnmarshalJSON(b []byte) error {
+	err := t.union.UnmarshalJSON(b)
+	return err
+}
+
+// AsSecurityDetectionsAPIMachineLearningJobId0 returns the union data inside the SecurityDetectionsAPIMachineLearningJobId as a SecurityDetectionsAPIMachineLearningJobId0
+func (t SecurityDetectionsAPIMachineLearningJobId) AsSecurityDetectionsAPIMachineLearningJobId0() (SecurityDetectionsAPIMachineLearningJobId0, error) {
+	var body SecurityDetectionsAPIMachineLearningJobId0
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
+
+// FromSecurityDetectionsAPIMachineLearningJobId0 overwrites any union data inside the SecurityDetectionsAPIMachineLearningJobId as the provided SecurityDetectionsAPIMachineLearningJobId0
+func (t *SecurityDetectionsAPIMachineLearningJobId) FromSecurityDetectionsAPIMachineLearningJobId0(v SecurityDetectionsAPIMachineLearningJobId0) error {
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPIMachineLearningJobId0 performs a merge with any union data inside the SecurityDetectionsAPIMachineLearningJobId, using the provided SecurityDetectionsAPIMachineLearningJobId0
+func (t *SecurityDetectionsAPIMachineLearningJobId) MergeSecurityDetectionsAPIMachineLearningJobId0(v SecurityDetectionsAPIMachineLearningJobId0) error {
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
+	}
+
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
+
+// AsSecurityDetectionsAPIMachineLearningJobId1 returns the union data inside the SecurityDetectionsAPIMachineLearningJobId as a SecurityDetectionsAPIMachineLearningJobId1
+func (t SecurityDetectionsAPIMachineLearningJobId) AsSecurityDetectionsAPIMachineLearningJobId1() (SecurityDetectionsAPIMachineLearningJobId1, error) {
+	var body SecurityDetectionsAPIMachineLearningJobId1
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
+
+// FromSecurityDetectionsAPIMachineLearningJobId1 overwrites any union data inside the SecurityDetectionsAPIMachineLearningJobId as the provided SecurityDetectionsAPIMachineLearningJobId1
+func (t *SecurityDetectionsAPIMachineLearningJobId) FromSecurityDetectionsAPIMachineLearningJobId1(v SecurityDetectionsAPIMachineLearningJobId1) error {
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPIMachineLearningJobId1 performs a merge with any union data inside the SecurityDetectionsAPIMachineLearningJobId, using the provided SecurityDetectionsAPIMachineLearningJobId1
+func (t *SecurityDetectionsAPIMachineLearningJobId) MergeSecurityDetectionsAPIMachineLearningJobId1(v SecurityDetectionsAPIMachineLearningJobId1) error {
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
+	}
+
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
+
+func (t SecurityDetectionsAPIMachineLearningJobId) MarshalJSON() ([]byte, error) {
+	b, err := t.union.MarshalJSON()
+	return b, err
+}
+
+func (t *SecurityDetectionsAPIMachineLearningJobId) UnmarshalJSON(b []byte) error {
+	err := t.union.UnmarshalJSON(b)
+	return err
+}
+
+// AsSecurityDetectionsAPIOsqueryResponseAction returns the union data inside the SecurityDetectionsAPIResponseAction as a SecurityDetectionsAPIOsqueryResponseAction
+func (t SecurityDetectionsAPIResponseAction) AsSecurityDetectionsAPIOsqueryResponseAction() (SecurityDetectionsAPIOsqueryResponseAction, error) {
+	var body SecurityDetectionsAPIOsqueryResponseAction
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
+
+// FromSecurityDetectionsAPIOsqueryResponseAction overwrites any union data inside the SecurityDetectionsAPIResponseAction as the provided SecurityDetectionsAPIOsqueryResponseAction
+func (t *SecurityDetectionsAPIResponseAction) FromSecurityDetectionsAPIOsqueryResponseAction(v SecurityDetectionsAPIOsqueryResponseAction) error {
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPIOsqueryResponseAction performs a merge with any union data inside the SecurityDetectionsAPIResponseAction, using the provided SecurityDetectionsAPIOsqueryResponseAction
+func (t *SecurityDetectionsAPIResponseAction) MergeSecurityDetectionsAPIOsqueryResponseAction(v SecurityDetectionsAPIOsqueryResponseAction) error {
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
+	}
+
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
+
+// AsSecurityDetectionsAPIEndpointResponseAction returns the union data inside the SecurityDetectionsAPIResponseAction as a SecurityDetectionsAPIEndpointResponseAction
+func (t SecurityDetectionsAPIResponseAction) AsSecurityDetectionsAPIEndpointResponseAction() (SecurityDetectionsAPIEndpointResponseAction, error) {
+	var body SecurityDetectionsAPIEndpointResponseAction
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
+
+// FromSecurityDetectionsAPIEndpointResponseAction overwrites any union data inside the SecurityDetectionsAPIResponseAction as the provided SecurityDetectionsAPIEndpointResponseAction
+func (t *SecurityDetectionsAPIResponseAction) FromSecurityDetectionsAPIEndpointResponseAction(v SecurityDetectionsAPIEndpointResponseAction) error {
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPIEndpointResponseAction performs a merge with any union data inside the SecurityDetectionsAPIResponseAction, using the provided SecurityDetectionsAPIEndpointResponseAction
+func (t *SecurityDetectionsAPIResponseAction) MergeSecurityDetectionsAPIEndpointResponseAction(v SecurityDetectionsAPIEndpointResponseAction) error {
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
 	}
-	return nil
+
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
 }
 
-// Override default JSON handling for PackageListItem_InstallationInfo_LatestExecutedState to handle AdditionalProperties
-func (a PackageListItem_InstallationInfo_LatestExecutedState) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
+func (t SecurityDetectionsAPIResponseAction) MarshalJSON() ([]byte, error) {
+	b, err := t.union.MarshalJSON()
+	return b, err
+}
 
-	if a.Error != nil {
-		object["error"], err = json.Marshal(a.Error)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'error': %w", err)
-		}
-	}
+func (t *SecurityDetectionsAPIResponseAction) UnmarshalJSON(b []byte) error {
+	err := t.union.UnmarshalJSON(b)
+	return err
+}
 
-	if a.Name != nil {
-		object["name"], err = json.Marshal(a.Name)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'name': %w", err)
-		}
-	}
+// AsSecurityDetectionsAPIRuleActionThrottle0 returns the union data inside the SecurityDetectionsAPIRuleActionThrottle as a SecurityDetectionsAPIRuleActionThrottle0
+func (t SecurityDetectionsAPIRuleActionThrottle) AsSecurityDetectionsAPIRuleActionThrottle0() (SecurityDetectionsAPIRuleActionThrottle0, error) {
+	var body SecurityDetectionsAPIRuleActionThrottle0
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
 
-	if a.StartedAt != nil {
-		object["started_at"], err = json.Marshal(a.StartedAt)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'started_at': %w", err)
-		}
-	}
+// FromSecurityDetectionsAPIRuleActionThrottle0 overwrites any union data inside the SecurityDetectionsAPIRuleActionThrottle as the provided SecurityDetectionsAPIRuleActionThrottle0
+func (t *SecurityDetectionsAPIRuleActionThrottle) FromSecurityDetectionsAPIRuleActionThrottle0(v SecurityDetectionsAPIRuleActionThrottle0) error {
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
-		}
+// MergeSecurityDetectionsAPIRuleActionThrottle0 performs a merge with any union data inside the SecurityDetectionsAPIRuleActionThrottle, using the provided SecurityDetectionsAPIRuleActionThrottle0
+func (t *SecurityDetectionsAPIRuleActionThrottle) MergeSecurityDetectionsAPIRuleActionThrottle0(v SecurityDetectionsAPIRuleActionThrottle0) error {
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
 	}
-	return json.Marshal(object)
+
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
 }
 
-// Getter for additional properties for PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error. Returns the specified
-// element and whether it was found
-func (a PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
-	}
-	return
+// AsSecurityDetectionsAPIRuleActionThrottle1 returns the union data inside the SecurityDetectionsAPIRuleActionThrottle as a SecurityDetectionsAPIRuleActionThrottle1
+func (t SecurityDetectionsAPIRuleActionThrottle) AsSecurityDetectionsAPIRuleActionThrottle1() (SecurityDetectionsAPIRuleActionThrottle1, error) {
+	var body SecurityDetectionsAPIRuleActionThrottle1
+	err := json.Unmarshal(t.union, &body)
+	return body, err
 }
 
-// Setter for additional properties for PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error
-func (a *PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
-	}
-	a.AdditionalProperties[fieldName] = value
+// FromSecurityDetectionsAPIRuleActionThrottle1 overwrites any union data inside the SecurityDetectionsAPIRuleActionThrottle as the provided SecurityDetectionsAPIRuleActionThrottle1
+func (t *SecurityDetectionsAPIRuleActionThrottle) FromSecurityDetectionsAPIRuleActionThrottle1(v SecurityDetectionsAPIRuleActionThrottle1) error {
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
 }
 
-// Override default JSON handling for PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error to handle AdditionalProperties
-func (a *PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
+// MergeSecurityDetectionsAPIRuleActionThrottle1 performs a merge with any union data inside the SecurityDetectionsAPIRuleActionThrottle, using the provided SecurityDetectionsAPIRuleActionThrottle1
+func (t *SecurityDetectionsAPIRuleActionThrottle) MergeSecurityDetectionsAPIRuleActionThrottle1(v SecurityDetectionsAPIRuleActionThrottle1) error {
+	b, err := json.Marshal(v)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["message"]; found {
-		err = json.Unmarshal(raw, &a.Message)
-		if err != nil {
-			return fmt.Errorf("error reading 'message': %w", err)
-		}
-		delete(object, "message")
-	}
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
 
-	if raw, found := object["name"]; found {
-		err = json.Unmarshal(raw, &a.Name)
-		if err != nil {
-			return fmt.Errorf("error reading 'name': %w", err)
-		}
-		delete(object, "name")
-	}
+func (t SecurityDetectionsAPIRuleActionThrottle) MarshalJSON() ([]byte, error) {
+	b, err := t.union.MarshalJSON()
+	return b, err
+}
 
-	if raw, found := object["stack"]; found {
-		err = json.Unmarshal(raw, &a.Stack)
-		if err != nil {
-			return fmt.Errorf("error reading 'stack': %w", err)
-		}
-		delete(object, "stack")
-	}
+func (t *SecurityDetectionsAPIRuleActionThrottle) UnmarshalJSON(b []byte) error {
+	err := t.union.UnmarshalJSON(b)
+	return err
+}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
-		}
-	}
-	return nil
+// AsSecurityDetectionsAPIEqlRuleCreateProps returns the union data inside the SecurityDetectionsAPIRuleCreateProps as a SecurityDetectionsAPIEqlRuleCreateProps
+func (t SecurityDetectionsAPIRuleCreateProps) AsSecurityDetectionsAPIEqlRuleCreateProps() (SecurityDetectionsAPIEqlRuleCreateProps, error) {
+	var body SecurityDetectionsAPIEqlRuleCreateProps
+	err := json.Unmarshal(t.union, &body)
+	return body, err
 }
 
-// Override default JSON handling for PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error to handle AdditionalProperties
-func (a PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Error) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
+// FromSecurityDetectionsAPIEqlRuleCreateProps overwrites any union data inside the SecurityDetectionsAPIRuleCreateProps as the provided SecurityDetectionsAPIEqlRuleCreateProps
+func (t *SecurityDetectionsAPIRuleCreateProps) FromSecurityDetectionsAPIEqlRuleCreateProps(v SecurityDetectionsAPIEqlRuleCreateProps) error {
+	v.Type = "Security_Detections_API_EqlRuleCreateProps"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
 
-	object["message"], err = json.Marshal(a.Message)
+// MergeSecurityDetectionsAPIEqlRuleCreateProps performs a merge with any union data inside the SecurityDetectionsAPIRuleCreateProps, using the provided SecurityDetectionsAPIEqlRuleCreateProps
+func (t *SecurityDetectionsAPIRuleCreateProps) MergeSecurityDetectionsAPIEqlRuleCreateProps(v SecurityDetectionsAPIEqlRuleCreateProps) error {
+	v.Type = "Security_Detections_API_EqlRuleCreateProps"
+	b, err := json.Marshal(v)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'message': %w", err)
+		return err
 	}
 
-	object["name"], err = json.Marshal(a.Name)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'name': %w", err)
-	}
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
 
-	if a.Stack != nil {
-		object["stack"], err = json.Marshal(a.Stack)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'stack': %w", err)
-		}
-	}
+// AsSecurityDetectionsAPIQueryRuleCreateProps returns the union data inside the SecurityDetectionsAPIRuleCreateProps as a SecurityDetectionsAPIQueryRuleCreateProps
+func (t SecurityDetectionsAPIRuleCreateProps) AsSecurityDetectionsAPIQueryRuleCreateProps() (SecurityDetectionsAPIQueryRuleCreateProps, error) {
+	var body SecurityDetectionsAPIQueryRuleCreateProps
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
-		}
-	}
-	return json.Marshal(object)
+// FromSecurityDetectionsAPIQueryRuleCreateProps overwrites any union data inside the SecurityDetectionsAPIRuleCreateProps as the provided SecurityDetectionsAPIQueryRuleCreateProps
+func (t *SecurityDetectionsAPIRuleCreateProps) FromSecurityDetectionsAPIQueryRuleCreateProps(v SecurityDetectionsAPIQueryRuleCreateProps) error {
+	v.Type = "Security_Detections_API_QueryRuleCreateProps"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
 }
 
-// Getter for additional properties for PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item. Returns the specified
-// element and whether it was found
-func (a PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
+// MergeSecurityDetectionsAPIQueryRuleCreateProps performs a merge with any union data inside the SecurityDetectionsAPIRuleCreateProps, using the provided SecurityDetectionsAPIQueryRuleCreateProps
+func (t *SecurityDetectionsAPIRuleCreateProps) MergeSecurityDetectionsAPIQueryRuleCreateProps(v SecurityDetectionsAPIQueryRuleCreateProps) error {
+	v.Type = "Security_Detections_API_QueryRuleCreateProps"
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
 	}
-	return
+
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
 }
 
-// Setter for additional properties for PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item
-func (a *PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
-	}
-	a.AdditionalProperties[fieldName] = value
+// AsSecurityDetectionsAPISavedQueryRuleCreateProps returns the union data inside the SecurityDetectionsAPIRuleCreateProps as a SecurityDetectionsAPISavedQueryRuleCreateProps
+func (t SecurityDetectionsAPIRuleCreateProps) AsSecurityDetectionsAPISavedQueryRuleCreateProps() (SecurityDetectionsAPISavedQueryRuleCreateProps, error) {
+	var body SecurityDetectionsAPISavedQueryRuleCreateProps
+	err := json.Unmarshal(t.union, &body)
+	return body, err
 }
 
-// Override default JSON handling for PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item to handle AdditionalProperties
-func (a *PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
+// FromSecurityDetectionsAPISavedQueryRuleCreateProps overwrites any union data inside the SecurityDetectionsAPIRuleCreateProps as the provided SecurityDetectionsAPISavedQueryRuleCreateProps
+func (t *SecurityDetectionsAPIRuleCreateProps) FromSecurityDetectionsAPISavedQueryRuleCreateProps(v SecurityDetectionsAPISavedQueryRuleCreateProps) error {
+	v.Type = "Security_Detections_API_SavedQueryRuleCreateProps"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPISavedQueryRuleCreateProps performs a merge with any union data inside the SecurityDetectionsAPIRuleCreateProps, using the provided SecurityDetectionsAPISavedQueryRuleCreateProps
+func (t *SecurityDetectionsAPIRuleCreateProps) MergeSecurityDetectionsAPISavedQueryRuleCreateProps(v SecurityDetectionsAPISavedQueryRuleCreateProps) error {
+	v.Type = "Security_Detections_API_SavedQueryRuleCreateProps"
+	b, err := json.Marshal(v)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["created_at"]; found {
-		err = json.Unmarshal(raw, &a.CreatedAt)
-		if err != nil {
-			return fmt.Errorf("error reading 'created_at': %w", err)
-		}
-		delete(object, "created_at")
-	}
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
 
-	if raw, found := object["error"]; found {
-		err = json.Unmarshal(raw, &a.Error)
-		if err != nil {
-			return fmt.Errorf("error reading 'error': %w", err)
-		}
-		delete(object, "error")
-	}
+// AsSecurityDetectionsAPIThresholdRuleCreateProps returns the union data inside the SecurityDetectionsAPIRuleCreateProps as a SecurityDetectionsAPIThresholdRuleCreateProps
+func (t SecurityDetectionsAPIRuleCreateProps) AsSecurityDetectionsAPIThresholdRuleCreateProps() (SecurityDetectionsAPIThresholdRuleCreateProps, error) {
+	var body SecurityDetectionsAPIThresholdRuleCreateProps
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
 
-	if raw, found := object["target_version"]; found {
-		err = json.Unmarshal(raw, &a.TargetVersion)
-		if err != nil {
-			return fmt.Errorf("error reading 'target_version': %w", err)
-		}
-		delete(object, "target_version")
-	}
+// FromSecurityDetectionsAPIThresholdRuleCreateProps overwrites any union data inside the SecurityDetectionsAPIRuleCreateProps as the provided SecurityDetectionsAPIThresholdRuleCreateProps
+func (t *SecurityDetectionsAPIRuleCreateProps) FromSecurityDetectionsAPIThresholdRuleCreateProps(v SecurityDetectionsAPIThresholdRuleCreateProps) error {
+	v.Type = "Security_Detections_API_ThresholdRuleCreateProps"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
-		}
+// MergeSecurityDetectionsAPIThresholdRuleCreateProps performs a merge with any union data inside the SecurityDetectionsAPIRuleCreateProps, using the provided SecurityDetectionsAPIThresholdRuleCreateProps
+func (t *SecurityDetectionsAPIRuleCreateProps) MergeSecurityDetectionsAPIThresholdRuleCreateProps(v SecurityDetectionsAPIThresholdRuleCreateProps) error {
+	v.Type = "Security_Detections_API_ThresholdRuleCreateProps"
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
 	}
-	return nil
+
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
+
+// AsSecurityDetectionsAPIThreatMatchRuleCreateProps returns the union data inside the SecurityDetectionsAPIRuleCreateProps as a SecurityDetectionsAPIThreatMatchRuleCreateProps
+func (t SecurityDetectionsAPIRuleCreateProps) AsSecurityDetectionsAPIThreatMatchRuleCreateProps() (SecurityDetectionsAPIThreatMatchRuleCreateProps, error) {
+	var body SecurityDetectionsAPIThreatMatchRuleCreateProps
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
+
+// FromSecurityDetectionsAPIThreatMatchRuleCreateProps overwrites any union data inside the SecurityDetectionsAPIRuleCreateProps as the provided SecurityDetectionsAPIThreatMatchRuleCreateProps
+func (t *SecurityDetectionsAPIRuleCreateProps) FromSecurityDetectionsAPIThreatMatchRuleCreateProps(v SecurityDetectionsAPIThreatMatchRuleCreateProps) error {
+	v.Type = "Security_Detections_API_ThreatMatchRuleCreateProps"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
 }
 
-// Override default JSON handling for PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item to handle AdditionalProperties
-func (a PackageListItem_InstallationInfo_LatestInstallFailedAttempts_Item) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
-
-	object["created_at"], err = json.Marshal(a.CreatedAt)
+// MergeSecurityDetectionsAPIThreatMatchRuleCreateProps performs a merge with any union data inside the SecurityDetectionsAPIRuleCreateProps, using the provided SecurityDetectionsAPIThreatMatchRuleCreateProps
+func (t *SecurityDetectionsAPIRuleCreateProps) MergeSecurityDetectionsAPIThreatMatchRuleCreateProps(v SecurityDetectionsAPIThreatMatchRuleCreateProps) error {
+	v.Type = "Security_Detections_API_ThreatMatchRuleCreateProps"
+	b, err := json.Marshal(v)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'created_at': %w", err)
+		return err
 	}
 
-	object["error"], err = json.Marshal(a.Error)
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
+
+// AsSecurityDetectionsAPIMachineLearningRuleCreateProps returns the union data inside the SecurityDetectionsAPIRuleCreateProps as a SecurityDetectionsAPIMachineLearningRuleCreateProps
+func (t SecurityDetectionsAPIRuleCreateProps) AsSecurityDetectionsAPIMachineLearningRuleCreateProps() (SecurityDetectionsAPIMachineLearningRuleCreateProps, error) {
+	var body SecurityDetectionsAPIMachineLearningRuleCreateProps
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
+
+// FromSecurityDetectionsAPIMachineLearningRuleCreateProps overwrites any union data inside the SecurityDetectionsAPIRuleCreateProps as the provided SecurityDetectionsAPIMachineLearningRuleCreateProps
+func (t *SecurityDetectionsAPIRuleCreateProps) FromSecurityDetectionsAPIMachineLearningRuleCreateProps(v SecurityDetectionsAPIMachineLearningRuleCreateProps) error {
+	v.Type = "Security_Detections_API_MachineLearningRuleCreateProps"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPIMachineLearningRuleCreateProps performs a merge with any union data inside the SecurityDetectionsAPIRuleCreateProps, using the provided SecurityDetectionsAPIMachineLearningRuleCreateProps
+func (t *SecurityDetectionsAPIRuleCreateProps) MergeSecurityDetectionsAPIMachineLearningRuleCreateProps(v SecurityDetectionsAPIMachineLearningRuleCreateProps) error {
+	v.Type = "Security_Detections_API_MachineLearningRuleCreateProps"
+	b, err := json.Marshal(v)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'error': %w", err)
+		return err
 	}
 
-	object["target_version"], err = json.Marshal(a.TargetVersion)
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
+
+// AsSecurityDetectionsAPINewTermsRuleCreateProps returns the union data inside the SecurityDetectionsAPIRuleCreateProps as a SecurityDetectionsAPINewTermsRuleCreateProps
+func (t SecurityDetectionsAPIRuleCreateProps) AsSecurityDetectionsAPINewTermsRuleCreateProps() (SecurityDetectionsAPINewTermsRuleCreateProps, error) {
+	var body SecurityDetectionsAPINewTermsRuleCreateProps
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
+
+// FromSecurityDetectionsAPINewTermsRuleCreateProps overwrites any union data inside the SecurityDetectionsAPIRuleCreateProps as the provided SecurityDetectionsAPINewTermsRuleCreateProps
+func (t *SecurityDetectionsAPIRuleCreateProps) FromSecurityDetectionsAPINewTermsRuleCreateProps(v SecurityDetectionsAPINewTermsRuleCreateProps) error {
+	v.Type = "Security_Detections_API_NewTermsRuleCreateProps"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPINewTermsRuleCreateProps performs a merge with any union data inside the SecurityDetectionsAPIRuleCreateProps, using the provided SecurityDetectionsAPINewTermsRuleCreateProps
+func (t *SecurityDetectionsAPIRuleCreateProps) MergeSecurityDetectionsAPINewTermsRuleCreateProps(v SecurityDetectionsAPINewTermsRuleCreateProps) error {
+	v.Type = "Security_Detections_API_NewTermsRuleCreateProps"
+	b, err := json.Marshal(v)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'target_version': %w", err)
+		return err
 	}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
-		}
-	}
-	return json.Marshal(object)
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
 }
 
-// Getter for additional properties for PackageListItem_InstallationInfo. Returns the specified
-// element and whether it was found
-func (a PackageListItem_InstallationInfo) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
-	}
-	return
+// AsSecurityDetectionsAPIEsqlRuleCreateProps returns the union data inside the SecurityDetectionsAPIRuleCreateProps as a SecurityDetectionsAPIEsqlRuleCreateProps
+func (t SecurityDetectionsAPIRuleCreateProps) AsSecurityDetectionsAPIEsqlRuleCreateProps() (SecurityDetectionsAPIEsqlRuleCreateProps, error) {
+	var body SecurityDetectionsAPIEsqlRuleCreateProps
+	err := json.Unmarshal(t.union, &body)
+	return body, err
 }
 
-// Setter for additional properties for PackageListItem_InstallationInfo
-func (a *PackageListItem_InstallationInfo) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
-	}
-	a.AdditionalProperties[fieldName] = value
+// FromSecurityDetectionsAPIEsqlRuleCreateProps overwrites any union data inside the SecurityDetectionsAPIRuleCreateProps as the provided SecurityDetectionsAPIEsqlRuleCreateProps
+func (t *SecurityDetectionsAPIRuleCreateProps) FromSecurityDetectionsAPIEsqlRuleCreateProps(v SecurityDetectionsAPIEsqlRuleCreateProps) error {
+	v.Type = "Security_Detections_API_EsqlRuleCreateProps"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
 }
 
-// Override default JSON handling for PackageListItem_InstallationInfo to handle AdditionalProperties
-func (a *PackageListItem_InstallationInfo) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
+// MergeSecurityDetectionsAPIEsqlRuleCreateProps performs a merge with any union data inside the SecurityDetectionsAPIRuleCreateProps, using the provided SecurityDetectionsAPIEsqlRuleCreateProps
+func (t *SecurityDetectionsAPIRuleCreateProps) MergeSecurityDetectionsAPIEsqlRuleCreateProps(v SecurityDetectionsAPIEsqlRuleCreateProps) error {
+	v.Type = "Security_Detections_API_EsqlRuleCreateProps"
+	b, err := json.Marshal(v)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["additional_spaces_installed_kibana"]; found {
-		err = json.Unmarshal(raw, &a.AdditionalSpacesInstalledKibana)
-		if err != nil {
-			return fmt.Errorf("error reading 'additional_spaces_installed_kibana': %w", err)
-		}
-		delete(object, "additional_spaces_installed_kibana")
-	}
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
 
-	if raw, found := object["created_at"]; found {
-		err = json.Unmarshal(raw, &a.CreatedAt)
-		if err != nil {
-			return fmt.Errorf("error reading 'created_at': %w", err)
-		}
-		delete(object, "created_at")
+func (t SecurityDetectionsAPIRuleCreateProps) Discriminator() (string, error) {
+	var discriminator struct {
+		Discriminator string `json:"type"`
 	}
+	err := json.Unmarshal(t.union, &discriminator)
+	return discriminator.Discriminator, err
+}
 
-	if raw, found := object["experimental_data_stream_features"]; found {
-		err = json.Unmarshal(raw, &a.ExperimentalDataStreamFeatures)
-		if err != nil {
-			return fmt.Errorf("error reading 'experimental_data_stream_features': %w", err)
-		}
-		delete(object, "experimental_data_stream_features")
+func (t SecurityDetectionsAPIRuleCreateProps) ValueByDiscriminator() (interface{}, error) {
+	discriminator, err := t.Discriminator()
+	if err != nil {
+		return nil, err
 	}
-
-	if raw, found := object["install_format_schema_version"]; found {
-		err = json.Unmarshal(raw, &a.InstallFormatSchemaVersion)
-		if err != nil {
-			return fmt.Errorf("error reading 'install_format_schema_version': %w", err)
-		}
-		delete(object, "install_format_schema_version")
+	switch discriminator {
+	case "Security_Detections_API_EqlRuleCreateProps":
+		return t.AsSecurityDetectionsAPIEqlRuleCreateProps()
+	case "Security_Detections_API_EsqlRuleCreateProps":
+		return t.AsSecurityDetectionsAPIEsqlRuleCreateProps()
+	case "Security_Detections_API_MachineLearningRuleCreateProps":
+		return t.AsSecurityDetectionsAPIMachineLearningRuleCreateProps()
+	case "Security_Detections_API_NewTermsRuleCreateProps":
+		return t.AsSecurityDetectionsAPINewTermsRuleCreateProps()
+	case "Security_Detections_API_QueryRuleCreateProps":
+		return t.AsSecurityDetectionsAPIQueryRuleCreateProps()
+	case "Security_Detections_API_SavedQueryRuleCreateProps":
+		return t.AsSecurityDetectionsAPISavedQueryRuleCreateProps()
+	case "Security_Detections_API_ThreatMatchRuleCreateProps":
+		return t.AsSecurityDetectionsAPIThreatMatchRuleCreateProps()
+	case "Security_Detections_API_ThresholdRuleCreateProps":
+		return t.AsSecurityDetectionsAPIThresholdRuleCreateProps()
+	default:
+		return nil, errors.New("unknown discriminator value: " + discriminator)
 	}
+}
 
-	if raw, found := object["install_source"]; found {
-		err = json.Unmarshal(raw, &a.InstallSource)
-		if err != nil {
-			return fmt.Errorf("error reading 'install_source': %w", err)
-		}
-		delete(object, "install_source")
-	}
+func (t SecurityDetectionsAPIRuleCreateProps) MarshalJSON() ([]byte, error) {
+	b, err := t.union.MarshalJSON()
+	return b, err
+}
 
-	if raw, found := object["install_status"]; found {
-		err = json.Unmarshal(raw, &a.InstallStatus)
-		if err != nil {
-			return fmt.Errorf("error reading 'install_status': %w", err)
-		}
-		delete(object, "install_status")
-	}
+func (t *SecurityDetectionsAPIRuleCreateProps) UnmarshalJSON(b []byte) error {
+	err := t.union.UnmarshalJSON(b)
+	return err
+}
 
-	if raw, found := object["installed_es"]; found {
-		err = json.Unmarshal(raw, &a.InstalledEs)
-		if err != nil {
-			return fmt.Errorf("error reading 'installed_es': %w", err)
-		}
-		delete(object, "installed_es")
-	}
+// AsSecurityDetectionsAPIEqlRule returns the union data inside the SecurityDetectionsAPIRuleResponse as a SecurityDetectionsAPIEqlRule
+func (t SecurityDetectionsAPIRuleResponse) AsSecurityDetectionsAPIEqlRule() (SecurityDetectionsAPIEqlRule, error) {
+	var body SecurityDetectionsAPIEqlRule
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
 
-	if raw, found := object["installed_kibana"]; found {
-		err = json.Unmarshal(raw, &a.InstalledKibana)
-		if err != nil {
-			return fmt.Errorf("error reading 'installed_kibana': %w", err)
-		}
-		delete(object, "installed_kibana")
-	}
+// FromSecurityDetectionsAPIEqlRule overwrites any union data inside the SecurityDetectionsAPIRuleResponse as the provided SecurityDetectionsAPIEqlRule
+func (t *SecurityDetectionsAPIRuleResponse) FromSecurityDetectionsAPIEqlRule(v SecurityDetectionsAPIEqlRule) error {
+	v.Type = "Security_Detections_API_EqlRule"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
 
-	if raw, found := object["installed_kibana_space_id"]; found {
-		err = json.Unmarshal(raw, &a.InstalledKibanaSpaceId)
-		if err != nil {
-			return fmt.Errorf("error reading 'installed_kibana_space_id': %w", err)
-		}
-		delete(object, "installed_kibana_space_id")
+// MergeSecurityDetectionsAPIEqlRule performs a merge with any union data inside the SecurityDetectionsAPIRuleResponse, using the provided SecurityDetectionsAPIEqlRule
+func (t *SecurityDetectionsAPIRuleResponse) MergeSecurityDetectionsAPIEqlRule(v SecurityDetectionsAPIEqlRule) error {
+	v.Type = "Security_Detections_API_EqlRule"
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
 	}
 
-	if raw, found := object["latest_executed_state"]; found {
-		err = json.Unmarshal(raw, &a.LatestExecutedState)
-		if err != nil {
-			return fmt.Errorf("error reading 'latest_executed_state': %w", err)
-		}
-		delete(object, "latest_executed_state")
-	}
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
 
-	if raw, found := object["latest_install_failed_attempts"]; found {
-		err = json.Unmarshal(raw, &a.LatestInstallFailedAttempts)
-		if err != nil {
-			return fmt.Errorf("error reading 'latest_install_failed_attempts': %w", err)
-		}
-		delete(object, "latest_install_failed_attempts")
-	}
+// AsSecurityDetectionsAPIQueryRule returns the union data inside the SecurityDetectionsAPIRuleResponse as a SecurityDetectionsAPIQueryRule
+func (t SecurityDetectionsAPIRuleResponse) AsSecurityDetectionsAPIQueryRule() (SecurityDetectionsAPIQueryRule, error) {
+	var body SecurityDetectionsAPIQueryRule
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
 
-	if raw, found := object["name"]; found {
-		err = json.Unmarshal(raw, &a.Name)
-		if err != nil {
-			return fmt.Errorf("error reading 'name': %w", err)
-		}
-		delete(object, "name")
-	}
+// FromSecurityDetectionsAPIQueryRule overwrites any union data inside the SecurityDetectionsAPIRuleResponse as the provided SecurityDetectionsAPIQueryRule
+func (t *SecurityDetectionsAPIRuleResponse) FromSecurityDetectionsAPIQueryRule(v SecurityDetectionsAPIQueryRule) error {
+	v.Type = "Security_Detections_API_QueryRule"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
 
-	if raw, found := object["namespaces"]; found {
-		err = json.Unmarshal(raw, &a.Namespaces)
-		if err != nil {
-			return fmt.Errorf("error reading 'namespaces': %w", err)
-		}
-		delete(object, "namespaces")
+// MergeSecurityDetectionsAPIQueryRule performs a merge with any union data inside the SecurityDetectionsAPIRuleResponse, using the provided SecurityDetectionsAPIQueryRule
+func (t *SecurityDetectionsAPIRuleResponse) MergeSecurityDetectionsAPIQueryRule(v SecurityDetectionsAPIQueryRule) error {
+	v.Type = "Security_Detections_API_QueryRule"
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
 	}
 
-	if raw, found := object["type"]; found {
-		err = json.Unmarshal(raw, &a.Type)
-		if err != nil {
-			return fmt.Errorf("error reading 'type': %w", err)
-		}
-		delete(object, "type")
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
+
+// AsSecurityDetectionsAPISavedQueryRule returns the union data inside the SecurityDetectionsAPIRuleResponse as a SecurityDetectionsAPISavedQueryRule
+func (t SecurityDetectionsAPIRuleResponse) AsSecurityDetectionsAPISavedQueryRule() (SecurityDetectionsAPISavedQueryRule, error) {
+	var body SecurityDetectionsAPISavedQueryRule
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
+
+// FromSecurityDetectionsAPISavedQueryRule overwrites any union data inside the SecurityDetectionsAPIRuleResponse as the provided SecurityDetectionsAPISavedQueryRule
+func (t *SecurityDetectionsAPIRuleResponse) FromSecurityDetectionsAPISavedQueryRule(v SecurityDetectionsAPISavedQueryRule) error {
+	v.Type = "Security_Detections_API_SavedQueryRule"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPISavedQueryRule performs a merge with any union data inside the SecurityDetectionsAPIRuleResponse, using the provided SecurityDetectionsAPISavedQueryRule
+func (t *SecurityDetectionsAPIRuleResponse) MergeSecurityDetectionsAPISavedQueryRule(v SecurityDetectionsAPISavedQueryRule) error {
+	v.Type = "Security_Detections_API_SavedQueryRule"
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
 	}
 
-	if raw, found := object["updated_at"]; found {
-		err = json.Unmarshal(raw, &a.UpdatedAt)
-		if err != nil {
-			return fmt.Errorf("error reading 'updated_at': %w", err)
-		}
-		delete(object, "updated_at")
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
+
+// AsSecurityDetectionsAPIThresholdRule returns the union data inside the SecurityDetectionsAPIRuleResponse as a SecurityDetectionsAPIThresholdRule
+func (t SecurityDetectionsAPIRuleResponse) AsSecurityDetectionsAPIThresholdRule() (SecurityDetectionsAPIThresholdRule, error) {
+	var body SecurityDetectionsAPIThresholdRule
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
+
+// FromSecurityDetectionsAPIThresholdRule overwrites any union data inside the SecurityDetectionsAPIRuleResponse as the provided SecurityDetectionsAPIThresholdRule
+func (t *SecurityDetectionsAPIRuleResponse) FromSecurityDetectionsAPIThresholdRule(v SecurityDetectionsAPIThresholdRule) error {
+	v.Type = "Security_Detections_API_ThresholdRule"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPIThresholdRule performs a merge with any union data inside the SecurityDetectionsAPIRuleResponse, using the provided SecurityDetectionsAPIThresholdRule
+func (t *SecurityDetectionsAPIRuleResponse) MergeSecurityDetectionsAPIThresholdRule(v SecurityDetectionsAPIThresholdRule) error {
+	v.Type = "Security_Detections_API_ThresholdRule"
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
 	}
 
-	if raw, found := object["verification_key_id"]; found {
-		err = json.Unmarshal(raw, &a.VerificationKeyId)
-		if err != nil {
-			return fmt.Errorf("error reading 'verification_key_id': %w", err)
-		}
-		delete(object, "verification_key_id")
-	}
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
 
-	if raw, found := object["verification_status"]; found {
-		err = json.Unmarshal(raw, &a.VerificationStatus)
-		if err != nil {
-			return fmt.Errorf("error reading 'verification_status': %w", err)
-		}
-		delete(object, "verification_status")
-	}
+// AsSecurityDetectionsAPIThreatMatchRule returns the union data inside the SecurityDetectionsAPIRuleResponse as a SecurityDetectionsAPIThreatMatchRule
+func (t SecurityDetectionsAPIRuleResponse) AsSecurityDetectionsAPIThreatMatchRule() (SecurityDetectionsAPIThreatMatchRule, error) {
+	var body SecurityDetectionsAPIThreatMatchRule
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
 
-	if raw, found := object["version"]; found {
-		err = json.Unmarshal(raw, &a.Version)
-		if err != nil {
-			return fmt.Errorf("error reading 'version': %w", err)
-		}
-		delete(object, "version")
-	}
+// FromSecurityDetectionsAPIThreatMatchRule overwrites any union data inside the SecurityDetectionsAPIRuleResponse as the provided SecurityDetectionsAPIThreatMatchRule
+func (t *SecurityDetectionsAPIRuleResponse) FromSecurityDetectionsAPIThreatMatchRule(v SecurityDetectionsAPIThreatMatchRule) error {
+	v.Type = "Security_Detections_API_ThreatMatchRule"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
-		}
+// MergeSecurityDetectionsAPIThreatMatchRule performs a merge with any union data inside the SecurityDetectionsAPIRuleResponse, using the provided SecurityDetectionsAPIThreatMatchRule
+func (t *SecurityDetectionsAPIRuleResponse) MergeSecurityDetectionsAPIThreatMatchRule(v SecurityDetectionsAPIThreatMatchRule) error {
+	v.Type = "Security_Detections_API_ThreatMatchRule"
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
 	}
-	return nil
+
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
 }
 
-// Override default JSON handling for PackageListItem_InstallationInfo to handle AdditionalProperties
-func (a PackageListItem_InstallationInfo) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
+// AsSecurityDetectionsAPIMachineLearningRule returns the union data inside the SecurityDetectionsAPIRuleResponse as a SecurityDetectionsAPIMachineLearningRule
+func (t SecurityDetectionsAPIRuleResponse) AsSecurityDetectionsAPIMachineLearningRule() (SecurityDetectionsAPIMachineLearningRule, error) {
+	var body SecurityDetectionsAPIMachineLearningRule
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
 
-	if a.AdditionalSpacesInstalledKibana != nil {
-		object["additional_spaces_installed_kibana"], err = json.Marshal(a.AdditionalSpacesInstalledKibana)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'additional_spaces_installed_kibana': %w", err)
-		}
-	}
+// FromSecurityDetectionsAPIMachineLearningRule overwrites any union data inside the SecurityDetectionsAPIRuleResponse as the provided SecurityDetectionsAPIMachineLearningRule
+func (t *SecurityDetectionsAPIRuleResponse) FromSecurityDetectionsAPIMachineLearningRule(v SecurityDetectionsAPIMachineLearningRule) error {
+	v.Type = "Security_Detections_API_MachineLearningRule"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
 
-	if a.CreatedAt != nil {
-		object["created_at"], err = json.Marshal(a.CreatedAt)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'created_at': %w", err)
-		}
+// MergeSecurityDetectionsAPIMachineLearningRule performs a merge with any union data inside the SecurityDetectionsAPIRuleResponse, using the provided SecurityDetectionsAPIMachineLearningRule
+func (t *SecurityDetectionsAPIRuleResponse) MergeSecurityDetectionsAPIMachineLearningRule(v SecurityDetectionsAPIMachineLearningRule) error {
+	v.Type = "Security_Detections_API_MachineLearningRule"
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
 	}
 
-	if a.ExperimentalDataStreamFeatures != nil {
-		object["experimental_data_stream_features"], err = json.Marshal(a.ExperimentalDataStreamFeatures)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'experimental_data_stream_features': %w", err)
-		}
-	}
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
 
-	if a.InstallFormatSchemaVersion != nil {
-		object["install_format_schema_version"], err = json.Marshal(a.InstallFormatSchemaVersion)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'install_format_schema_version': %w", err)
-		}
-	}
+// AsSecurityDetectionsAPINewTermsRule returns the union data inside the SecurityDetectionsAPIRuleResponse as a SecurityDetectionsAPINewTermsRule
+func (t SecurityDetectionsAPIRuleResponse) AsSecurityDetectionsAPINewTermsRule() (SecurityDetectionsAPINewTermsRule, error) {
+	var body SecurityDetectionsAPINewTermsRule
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
 
-	object["install_source"], err = json.Marshal(a.InstallSource)
+// FromSecurityDetectionsAPINewTermsRule overwrites any union data inside the SecurityDetectionsAPIRuleResponse as the provided SecurityDetectionsAPINewTermsRule
+func (t *SecurityDetectionsAPIRuleResponse) FromSecurityDetectionsAPINewTermsRule(v SecurityDetectionsAPINewTermsRule) error {
+	v.Type = "Security_Detections_API_NewTermsRule"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPINewTermsRule performs a merge with any union data inside the SecurityDetectionsAPIRuleResponse, using the provided SecurityDetectionsAPINewTermsRule
+func (t *SecurityDetectionsAPIRuleResponse) MergeSecurityDetectionsAPINewTermsRule(v SecurityDetectionsAPINewTermsRule) error {
+	v.Type = "Security_Detections_API_NewTermsRule"
+	b, err := json.Marshal(v)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'install_source': %w", err)
+		return err
 	}
 
-	object["install_status"], err = json.Marshal(a.InstallStatus)
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
+
+// AsSecurityDetectionsAPIEsqlRule returns the union data inside the SecurityDetectionsAPIRuleResponse as a SecurityDetectionsAPIEsqlRule
+func (t SecurityDetectionsAPIRuleResponse) AsSecurityDetectionsAPIEsqlRule() (SecurityDetectionsAPIEsqlRule, error) {
+	var body SecurityDetectionsAPIEsqlRule
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
+
+// FromSecurityDetectionsAPIEsqlRule overwrites any union data inside the SecurityDetectionsAPIRuleResponse as the provided SecurityDetectionsAPIEsqlRule
+func (t *SecurityDetectionsAPIRuleResponse) FromSecurityDetectionsAPIEsqlRule(v SecurityDetectionsAPIEsqlRule) error {
+	v.Type = "Security_Detections_API_EsqlRule"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPIEsqlRule performs a merge with any union data inside the SecurityDetectionsAPIRuleResponse, using the provided SecurityDetectionsAPIEsqlRule
+func (t *SecurityDetectionsAPIRuleResponse) MergeSecurityDetectionsAPIEsqlRule(v SecurityDetectionsAPIEsqlRule) error {
+	v.Type = "Security_Detections_API_EsqlRule"
+	b, err := json.Marshal(v)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'install_status': %w", err)
+		return err
 	}
 
-	object["installed_es"], err = json.Marshal(a.InstalledEs)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'installed_es': %w", err)
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
+
+func (t SecurityDetectionsAPIRuleResponse) Discriminator() (string, error) {
+	var discriminator struct {
+		Discriminator string `json:"type"`
 	}
+	err := json.Unmarshal(t.union, &discriminator)
+	return discriminator.Discriminator, err
+}
 
-	object["installed_kibana"], err = json.Marshal(a.InstalledKibana)
+func (t SecurityDetectionsAPIRuleResponse) ValueByDiscriminator() (interface{}, error) {
+	discriminator, err := t.Discriminator()
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'installed_kibana': %w", err)
+		return nil, err
 	}
-
-	if a.InstalledKibanaSpaceId != nil {
-		object["installed_kibana_space_id"], err = json.Marshal(a.InstalledKibanaSpaceId)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'installed_kibana_space_id': %w", err)
-		}
+	switch discriminator {
+	case "Security_Detections_API_EqlRule":
+		return t.AsSecurityDetectionsAPIEqlRule()
+	case "Security_Detections_API_EsqlRule":
+		return t.AsSecurityDetectionsAPIEsqlRule()
+	case "Security_Detections_API_MachineLearningRule":
+		return t.AsSecurityDetectionsAPIMachineLearningRule()
+	case "Security_Detections_API_NewTermsRule":
+		return t.AsSecurityDetectionsAPINewTermsRule()
+	case "Security_Detections_API_QueryRule":
+		return t.AsSecurityDetectionsAPIQueryRule()
+	case "Security_Detections_API_SavedQueryRule":
+		return t.AsSecurityDetectionsAPISavedQueryRule()
+	case "Security_Detections_API_ThreatMatchRule":
+		return t.AsSecurityDetectionsAPIThreatMatchRule()
+	case "Security_Detections_API_ThresholdRule":
+		return t.AsSecurityDetectionsAPIThresholdRule()
+	default:
+		return nil, errors.New("unknown discriminator value: " + discriminator)
 	}
+}
 
-	if a.LatestExecutedState != nil {
-		object["latest_executed_state"], err = json.Marshal(a.LatestExecutedState)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'latest_executed_state': %w", err)
-		}
-	}
+func (t SecurityDetectionsAPIRuleResponse) MarshalJSON() ([]byte, error) {
+	b, err := t.union.MarshalJSON()
+	return b, err
+}
 
-	if a.LatestInstallFailedAttempts != nil {
-		object["latest_install_failed_attempts"], err = json.Marshal(a.LatestInstallFailedAttempts)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'latest_install_failed_attempts': %w", err)
-		}
-	}
+func (t *SecurityDetectionsAPIRuleResponse) UnmarshalJSON(b []byte) error {
+	err := t.union.UnmarshalJSON(b)
+	return err
+}
 
-	object["name"], err = json.Marshal(a.Name)
+// AsSecurityDetectionsAPIExternalRuleSource returns the union data inside the SecurityDetectionsAPIRuleSource as a SecurityDetectionsAPIExternalRuleSource
+func (t SecurityDetectionsAPIRuleSource) AsSecurityDetectionsAPIExternalRuleSource() (SecurityDetectionsAPIExternalRuleSource, error) {
+	var body SecurityDetectionsAPIExternalRuleSource
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
+
+// FromSecurityDetectionsAPIExternalRuleSource overwrites any union data inside the SecurityDetectionsAPIRuleSource as the provided SecurityDetectionsAPIExternalRuleSource
+func (t *SecurityDetectionsAPIRuleSource) FromSecurityDetectionsAPIExternalRuleSource(v SecurityDetectionsAPIExternalRuleSource) error {
+	v.Type = "Security_Detections_API_ExternalRuleSource"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPIExternalRuleSource performs a merge with any union data inside the SecurityDetectionsAPIRuleSource, using the provided SecurityDetectionsAPIExternalRuleSource
+func (t *SecurityDetectionsAPIRuleSource) MergeSecurityDetectionsAPIExternalRuleSource(v SecurityDetectionsAPIExternalRuleSource) error {
+	v.Type = "Security_Detections_API_ExternalRuleSource"
+	b, err := json.Marshal(v)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'name': %w", err)
+		return err
 	}
 
-	if a.Namespaces != nil {
-		object["namespaces"], err = json.Marshal(a.Namespaces)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'namespaces': %w", err)
-		}
-	}
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
 
-	object["type"], err = json.Marshal(a.Type)
+// AsSecurityDetectionsAPIInternalRuleSource returns the union data inside the SecurityDetectionsAPIRuleSource as a SecurityDetectionsAPIInternalRuleSource
+func (t SecurityDetectionsAPIRuleSource) AsSecurityDetectionsAPIInternalRuleSource() (SecurityDetectionsAPIInternalRuleSource, error) {
+	var body SecurityDetectionsAPIInternalRuleSource
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
+
+// FromSecurityDetectionsAPIInternalRuleSource overwrites any union data inside the SecurityDetectionsAPIRuleSource as the provided SecurityDetectionsAPIInternalRuleSource
+func (t *SecurityDetectionsAPIRuleSource) FromSecurityDetectionsAPIInternalRuleSource(v SecurityDetectionsAPIInternalRuleSource) error {
+	v.Type = "Security_Detections_API_InternalRuleSource"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPIInternalRuleSource performs a merge with any union data inside the SecurityDetectionsAPIRuleSource, using the provided SecurityDetectionsAPIInternalRuleSource
+func (t *SecurityDetectionsAPIRuleSource) MergeSecurityDetectionsAPIInternalRuleSource(v SecurityDetectionsAPIInternalRuleSource) error {
+	v.Type = "Security_Detections_API_InternalRuleSource"
+	b, err := json.Marshal(v)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'type': %w", err)
+		return err
 	}
 
-	if a.UpdatedAt != nil {
-		object["updated_at"], err = json.Marshal(a.UpdatedAt)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'updated_at': %w", err)
-		}
-	}
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
 
-	if a.VerificationKeyId != nil {
-		object["verification_key_id"], err = json.Marshal(a.VerificationKeyId)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'verification_key_id': %w", err)
-		}
+func (t SecurityDetectionsAPIRuleSource) Discriminator() (string, error) {
+	var discriminator struct {
+		Discriminator string `json:"type"`
 	}
+	err := json.Unmarshal(t.union, &discriminator)
+	return discriminator.Discriminator, err
+}
 
-	object["verification_status"], err = json.Marshal(a.VerificationStatus)
+func (t SecurityDetectionsAPIRuleSource) ValueByDiscriminator() (interface{}, error) {
+	discriminator, err := t.Discriminator()
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'verification_status': %w", err)
+		return nil, err
 	}
-
-	object["version"], err = json.Marshal(a.Version)
-	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'version': %w", err)
+	switch discriminator {
+	case "Security_Detections_API_ExternalRuleSource":
+		return t.AsSecurityDetectionsAPIExternalRuleSource()
+	case "Security_Detections_API_InternalRuleSource":
+		return t.AsSecurityDetectionsAPIInternalRuleSource()
+	default:
+		return nil, errors.New("unknown discriminator value: " + discriminator)
 	}
+}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
-		}
-	}
-	return json.Marshal(object)
+func (t SecurityDetectionsAPIRuleSource) MarshalJSON() ([]byte, error) {
+	b, err := t.union.MarshalJSON()
+	return b, err
 }
 
-// Getter for additional properties for PackageListItem_Owner. Returns the specified
-// element and whether it was found
-func (a PackageListItem_Owner) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
-	}
-	return
+func (t *SecurityDetectionsAPIRuleSource) UnmarshalJSON(b []byte) error {
+	err := t.union.UnmarshalJSON(b)
+	return err
+}
+
+// AsSecurityDetectionsAPIEqlRuleUpdateProps returns the union data inside the SecurityDetectionsAPIRuleUpdateProps as a SecurityDetectionsAPIEqlRuleUpdateProps
+func (t SecurityDetectionsAPIRuleUpdateProps) AsSecurityDetectionsAPIEqlRuleUpdateProps() (SecurityDetectionsAPIEqlRuleUpdateProps, error) {
+	var body SecurityDetectionsAPIEqlRuleUpdateProps
+	err := json.Unmarshal(t.union, &body)
+	return body, err
 }
 
-// Setter for additional properties for PackageListItem_Owner
-func (a *PackageListItem_Owner) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
-	}
-	a.AdditionalProperties[fieldName] = value
+// FromSecurityDetectionsAPIEqlRuleUpdateProps overwrites any union data inside the SecurityDetectionsAPIRuleUpdateProps as the provided SecurityDetectionsAPIEqlRuleUpdateProps
+func (t *SecurityDetectionsAPIRuleUpdateProps) FromSecurityDetectionsAPIEqlRuleUpdateProps(v SecurityDetectionsAPIEqlRuleUpdateProps) error {
+	v.Type = "Security_Detections_API_EqlRuleUpdateProps"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
 }
 
-// Override default JSON handling for PackageListItem_Owner to handle AdditionalProperties
-func (a *PackageListItem_Owner) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
+// MergeSecurityDetectionsAPIEqlRuleUpdateProps performs a merge with any union data inside the SecurityDetectionsAPIRuleUpdateProps, using the provided SecurityDetectionsAPIEqlRuleUpdateProps
+func (t *SecurityDetectionsAPIRuleUpdateProps) MergeSecurityDetectionsAPIEqlRuleUpdateProps(v SecurityDetectionsAPIEqlRuleUpdateProps) error {
+	v.Type = "Security_Detections_API_EqlRuleUpdateProps"
+	b, err := json.Marshal(v)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["github"]; found {
-		err = json.Unmarshal(raw, &a.Github)
-		if err != nil {
-			return fmt.Errorf("error reading 'github': %w", err)
-		}
-		delete(object, "github")
-	}
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
 
-	if raw, found := object["type"]; found {
-		err = json.Unmarshal(raw, &a.Type)
-		if err != nil {
-			return fmt.Errorf("error reading 'type': %w", err)
-		}
-		delete(object, "type")
-	}
+// AsSecurityDetectionsAPIQueryRuleUpdateProps returns the union data inside the SecurityDetectionsAPIRuleUpdateProps as a SecurityDetectionsAPIQueryRuleUpdateProps
+func (t SecurityDetectionsAPIRuleUpdateProps) AsSecurityDetectionsAPIQueryRuleUpdateProps() (SecurityDetectionsAPIQueryRuleUpdateProps, error) {
+	var body SecurityDetectionsAPIQueryRuleUpdateProps
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
-		}
+// FromSecurityDetectionsAPIQueryRuleUpdateProps overwrites any union data inside the SecurityDetectionsAPIRuleUpdateProps as the provided SecurityDetectionsAPIQueryRuleUpdateProps
+func (t *SecurityDetectionsAPIRuleUpdateProps) FromSecurityDetectionsAPIQueryRuleUpdateProps(v SecurityDetectionsAPIQueryRuleUpdateProps) error {
+	v.Type = "Security_Detections_API_QueryRuleUpdateProps"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPIQueryRuleUpdateProps performs a merge with any union data inside the SecurityDetectionsAPIRuleUpdateProps, using the provided SecurityDetectionsAPIQueryRuleUpdateProps
+func (t *SecurityDetectionsAPIRuleUpdateProps) MergeSecurityDetectionsAPIQueryRuleUpdateProps(v SecurityDetectionsAPIQueryRuleUpdateProps) error {
+	v.Type = "Security_Detections_API_QueryRuleUpdateProps"
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
 	}
-	return nil
+
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
 }
 
-// Override default JSON handling for PackageListItem_Owner to handle AdditionalProperties
-func (a PackageListItem_Owner) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
+// AsSecurityDetectionsAPISavedQueryRuleUpdateProps returns the union data inside the SecurityDetectionsAPIRuleUpdateProps as a SecurityDetectionsAPISavedQueryRuleUpdateProps
+func (t SecurityDetectionsAPIRuleUpdateProps) AsSecurityDetectionsAPISavedQueryRuleUpdateProps() (SecurityDetectionsAPISavedQueryRuleUpdateProps, error) {
+	var body SecurityDetectionsAPISavedQueryRuleUpdateProps
+	err := json.Unmarshal(t.union, &body)
+	return body, err
+}
 
-	if a.Github != nil {
-		object["github"], err = json.Marshal(a.Github)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'github': %w", err)
-		}
-	}
+// FromSecurityDetectionsAPISavedQueryRuleUpdateProps overwrites any union data inside the SecurityDetectionsAPIRuleUpdateProps as the provided SecurityDetectionsAPISavedQueryRuleUpdateProps
+func (t *SecurityDetectionsAPIRuleUpdateProps) FromSecurityDetectionsAPISavedQueryRuleUpdateProps(v SecurityDetectionsAPISavedQueryRuleUpdateProps) error {
+	v.Type = "Security_Detections_API_SavedQueryRuleUpdateProps"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
 
-	if a.Type != nil {
-		object["type"], err = json.Marshal(a.Type)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'type': %w", err)
-		}
+// MergeSecurityDetectionsAPISavedQueryRuleUpdateProps performs a merge with any union data inside the SecurityDetectionsAPIRuleUpdateProps, using the provided SecurityDetectionsAPISavedQueryRuleUpdateProps
+func (t *SecurityDetectionsAPIRuleUpdateProps) MergeSecurityDetectionsAPISavedQueryRuleUpdateProps(v SecurityDetectionsAPISavedQueryRuleUpdateProps) error {
+	v.Type = "Security_Detections_API_SavedQueryRuleUpdateProps"
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
 	}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
-		}
-	}
-	return json.Marshal(object)
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
 }
 
-// Getter for additional properties for PackageListItem_Source. Returns the specified
-// element and whether it was found
-func (a PackageListItem_Source) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
-	}
-	return
+// AsSecurityDetectionsAPIThresholdRuleUpdateProps returns the union data inside the SecurityDetectionsAPIRuleUpdateProps as a SecurityDetectionsAPIThresholdRuleUpdateProps
+func (t SecurityDetectionsAPIRuleUpdateProps) AsSecurityDetectionsAPIThresholdRuleUpdateProps() (SecurityDetectionsAPIThresholdRuleUpdateProps, error) {
+	var body SecurityDetectionsAPIThresholdRuleUpdateProps
+	err := json.Unmarshal(t.union, &body)
+	return body, err
 }
 
-// Setter for additional properties for PackageListItem_Source
-func (a *PackageListItem_Source) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
-	}
-	a.AdditionalProperties[fieldName] = value
+// FromSecurityDetectionsAPIThresholdRuleUpdateProps overwrites any union data inside the SecurityDetectionsAPIRuleUpdateProps as the provided SecurityDetectionsAPIThresholdRuleUpdateProps
+func (t *SecurityDetectionsAPIRuleUpdateProps) FromSecurityDetectionsAPIThresholdRuleUpdateProps(v SecurityDetectionsAPIThresholdRuleUpdateProps) error {
+	v.Type = "Security_Detections_API_ThresholdRuleUpdateProps"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
 }
 
-// Override default JSON handling for PackageListItem_Source to handle AdditionalProperties
-func (a *PackageListItem_Source) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
+// MergeSecurityDetectionsAPIThresholdRuleUpdateProps performs a merge with any union data inside the SecurityDetectionsAPIRuleUpdateProps, using the provided SecurityDetectionsAPIThresholdRuleUpdateProps
+func (t *SecurityDetectionsAPIRuleUpdateProps) MergeSecurityDetectionsAPIThresholdRuleUpdateProps(v SecurityDetectionsAPIThresholdRuleUpdateProps) error {
+	v.Type = "Security_Detections_API_ThresholdRuleUpdateProps"
+	b, err := json.Marshal(v)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["license"]; found {
-		err = json.Unmarshal(raw, &a.License)
-		if err != nil {
-			return fmt.Errorf("error reading 'license': %w", err)
-		}
-		delete(object, "license")
-	}
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
-		}
-	}
-	return nil
+// AsSecurityDetectionsAPIThreatMatchRuleUpdateProps returns the union data inside the SecurityDetectionsAPIRuleUpdateProps as a SecurityDetectionsAPIThreatMatchRuleUpdateProps
+func (t SecurityDetectionsAPIRuleUpdateProps) AsSecurityDetectionsAPIThreatMatchRuleUpdateProps() (SecurityDetectionsAPIThreatMatchRuleUpdateProps, error) {
+	var body SecurityDetectionsAPIThreatMatchRuleUpdateProps
+	err := json.Unmarshal(t.union, &body)
+	return body, err
 }
 
-// Override default JSON handling for PackageListItem_Source to handle AdditionalProperties
-func (a PackageListItem_Source) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
+// FromSecurityDetectionsAPIThreatMatchRuleUpdateProps overwrites any union data inside the SecurityDetectionsAPIRuleUpdateProps as the provided SecurityDetectionsAPIThreatMatchRuleUpdateProps
+func (t *SecurityDetectionsAPIRuleUpdateProps) FromSecurityDetectionsAPIThreatMatchRuleUpdateProps(v SecurityDetectionsAPIThreatMatchRuleUpdateProps) error {
+	v.Type = "Security_Detections_API_ThreatMatchRuleUpdateProps"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
 
-	object["license"], err = json.Marshal(a.License)
+// MergeSecurityDetectionsAPIThreatMatchRuleUpdateProps performs a merge with any union data inside the SecurityDetectionsAPIRuleUpdateProps, using the provided SecurityDetectionsAPIThreatMatchRuleUpdateProps
+func (t *SecurityDetectionsAPIRuleUpdateProps) MergeSecurityDetectionsAPIThreatMatchRuleUpdateProps(v SecurityDetectionsAPIThreatMatchRuleUpdateProps) error {
+	v.Type = "Security_Detections_API_ThreatMatchRuleUpdateProps"
+	b, err := json.Marshal(v)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling 'license': %w", err)
+		return err
 	}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
-		}
-	}
-	return json.Marshal(object)
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
 }
 
-// Getter for additional properties for PackagePolicy_Elasticsearch_Privileges. Returns the specified
-// element and whether it was found
-func (a PackagePolicy_Elasticsearch_Privileges) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
-	}
-	return
+// AsSecurityDetectionsAPIMachineLearningRuleUpdateProps returns the union data inside the SecurityDetectionsAPIRuleUpdateProps as a SecurityDetectionsAPIMachineLearningRuleUpdateProps
+func (t SecurityDetectionsAPIRuleUpdateProps) AsSecurityDetectionsAPIMachineLearningRuleUpdateProps() (SecurityDetectionsAPIMachineLearningRuleUpdateProps, error) {
+	var body SecurityDetectionsAPIMachineLearningRuleUpdateProps
+	err := json.Unmarshal(t.union, &body)
+	return body, err
 }
 
-// Setter for additional properties for PackagePolicy_Elasticsearch_Privileges
-func (a *PackagePolicy_Elasticsearch_Privileges) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
-	}
-	a.AdditionalProperties[fieldName] = value
+// FromSecurityDetectionsAPIMachineLearningRuleUpdateProps overwrites any union data inside the SecurityDetectionsAPIRuleUpdateProps as the provided SecurityDetectionsAPIMachineLearningRuleUpdateProps
+func (t *SecurityDetectionsAPIRuleUpdateProps) FromSecurityDetectionsAPIMachineLearningRuleUpdateProps(v SecurityDetectionsAPIMachineLearningRuleUpdateProps) error {
+	v.Type = "Security_Detections_API_MachineLearningRuleUpdateProps"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
 }
 
-// Override default JSON handling for PackagePolicy_Elasticsearch_Privileges to handle AdditionalProperties
-func (a *PackagePolicy_Elasticsearch_Privileges) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
+// MergeSecurityDetectionsAPIMachineLearningRuleUpdateProps performs a merge with any union data inside the SecurityDetectionsAPIRuleUpdateProps, using the provided SecurityDetectionsAPIMachineLearningRuleUpdateProps
+func (t *SecurityDetectionsAPIRuleUpdateProps) MergeSecurityDetectionsAPIMachineLearningRuleUpdateProps(v SecurityDetectionsAPIMachineLearningRuleUpdateProps) error {
+	v.Type = "Security_Detections_API_MachineLearningRuleUpdateProps"
+	b, err := json.Marshal(v)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["cluster"]; found {
-		err = json.Unmarshal(raw, &a.Cluster)
-		if err != nil {
-			return fmt.Errorf("error reading 'cluster': %w", err)
-		}
-		delete(object, "cluster")
-	}
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
-		}
-	}
-	return nil
+// AsSecurityDetectionsAPINewTermsRuleUpdateProps returns the union data inside the SecurityDetectionsAPIRuleUpdateProps as a SecurityDetectionsAPINewTermsRuleUpdateProps
+func (t SecurityDetectionsAPIRuleUpdateProps) AsSecurityDetectionsAPINewTermsRuleUpdateProps() (SecurityDetectionsAPINewTermsRuleUpdateProps, error) {
+	var body SecurityDetectionsAPINewTermsRuleUpdateProps
+	err := json.Unmarshal(t.union, &body)
+	return body, err
 }
 
-// Override default JSON handling for PackagePolicy_Elasticsearch_Privileges to handle AdditionalProperties
-func (a PackagePolicy_Elasticsearch_Privileges) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
+// FromSecurityDetectionsAPINewTermsRuleUpdateProps overwrites any union data inside the SecurityDetectionsAPIRuleUpdateProps as the provided SecurityDetectionsAPINewTermsRuleUpdateProps
+func (t *SecurityDetectionsAPIRuleUpdateProps) FromSecurityDetectionsAPINewTermsRuleUpdateProps(v SecurityDetectionsAPINewTermsRuleUpdateProps) error {
+	v.Type = "Security_Detections_API_NewTermsRuleUpdateProps"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
 
-	if a.Cluster != nil {
-		object["cluster"], err = json.Marshal(a.Cluster)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'cluster': %w", err)
-		}
+// MergeSecurityDetectionsAPINewTermsRuleUpdateProps performs a merge with any union data inside the SecurityDetectionsAPIRuleUpdateProps, using the provided SecurityDetectionsAPINewTermsRuleUpdateProps
+func (t *SecurityDetectionsAPIRuleUpdateProps) MergeSecurityDetectionsAPINewTermsRuleUpdateProps(v SecurityDetectionsAPINewTermsRuleUpdateProps) error {
+	v.Type = "Security_Detections_API_NewTermsRuleUpdateProps"
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
 	}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
-		}
-	}
-	return json.Marshal(object)
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
 }
 
-// Getter for additional properties for PackagePolicy_Elasticsearch. Returns the specified
-// element and whether it was found
-func (a PackagePolicy_Elasticsearch) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
-	}
-	return
+// AsSecurityDetectionsAPIEsqlRuleUpdateProps returns the union data inside the SecurityDetectionsAPIRuleUpdateProps as a SecurityDetectionsAPIEsqlRuleUpdateProps
+func (t SecurityDetectionsAPIRuleUpdateProps) AsSecurityDetectionsAPIEsqlRuleUpdateProps() (SecurityDetectionsAPIEsqlRuleUpdateProps, error) {
+	var body SecurityDetectionsAPIEsqlRuleUpdateProps
+	err := json.Unmarshal(t.union, &body)
+	return body, err
 }
 
-// Setter for additional properties for PackagePolicy_Elasticsearch
-func (a *PackagePolicy_Elasticsearch) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
-	}
-	a.AdditionalProperties[fieldName] = value
+// FromSecurityDetectionsAPIEsqlRuleUpdateProps overwrites any union data inside the SecurityDetectionsAPIRuleUpdateProps as the provided SecurityDetectionsAPIEsqlRuleUpdateProps
+func (t *SecurityDetectionsAPIRuleUpdateProps) FromSecurityDetectionsAPIEsqlRuleUpdateProps(v SecurityDetectionsAPIEsqlRuleUpdateProps) error {
+	v.Type = "Security_Detections_API_EsqlRuleUpdateProps"
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
 }
 
-// Override default JSON handling for PackagePolicy_Elasticsearch to handle AdditionalProperties
-func (a *PackagePolicy_Elasticsearch) UnmarshalJSON(b []byte) error {
-	object := make(map[string]json.RawMessage)
-	err := json.Unmarshal(b, &object)
+// MergeSecurityDetectionsAPIEsqlRuleUpdateProps performs a merge with any union data inside the SecurityDetectionsAPIRuleUpdateProps, using the provided SecurityDetectionsAPIEsqlRuleUpdateProps
+func (t *SecurityDetectionsAPIRuleUpdateProps) MergeSecurityDetectionsAPIEsqlRuleUpdateProps(v SecurityDetectionsAPIEsqlRuleUpdateProps) error {
+	v.Type = "Security_Detections_API_EsqlRuleUpdateProps"
+	b, err := json.Marshal(v)
 	if err != nil {
 		return err
 	}
 
-	if raw, found := object["privileges"]; found {
-		err = json.Unmarshal(raw, &a.Privileges)
-		if err != nil {
-			return fmt.Errorf("error reading 'privileges': %w", err)
-		}
-		delete(object, "privileges")
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
+
+func (t SecurityDetectionsAPIRuleUpdateProps) Discriminator() (string, error) {
+	var discriminator struct {
+		Discriminator string `json:"type"`
 	}
+	err := json.Unmarshal(t.union, &discriminator)
+	return discriminator.Discriminator, err
+}
 
-	if len(object) != 0 {
-		a.AdditionalProperties = make(map[string]interface{})
-		for fieldName, fieldBuf := range object {
-			var fieldVal interface{}
-			err := json.Unmarshal(fieldBuf, &fieldVal)
-			if err != nil {
-				return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
-			}
-			a.AdditionalProperties[fieldName] = fieldVal
-		}
+func (t SecurityDetectionsAPIRuleUpdateProps) ValueByDiscriminator() (interface{}, error) {
+	discriminator, err := t.Discriminator()
+	if err != nil {
+		return nil, err
+	}
+	switch discriminator {
+	case "Security_Detections_API_EqlRuleUpdateProps":
+		return t.AsSecurityDetectionsAPIEqlRuleUpdateProps()
+	case "Security_Detections_API_EsqlRuleUpdateProps":
+		return t.AsSecurityDetectionsAPIEsqlRuleUpdateProps()
+	case "Security_Detections_API_MachineLearningRuleUpdateProps":
+		return t.AsSecurityDetectionsAPIMachineLearningRuleUpdateProps()
+	case "Security_Detections_API_NewTermsRuleUpdateProps":
+		return t.AsSecurityDetectionsAPINewTermsRuleUpdateProps()
+	case "Security_Detections_API_QueryRuleUpdateProps":
+		return t.AsSecurityDetectionsAPIQueryRuleUpdateProps()
+	case "Security_Detections_API_SavedQueryRuleUpdateProps":
+		return t.AsSecurityDetectionsAPISavedQueryRuleUpdateProps()
+	case "Security_Detections_API_ThreatMatchRuleUpdateProps":
+		return t.AsSecurityDetectionsAPIThreatMatchRuleUpdateProps()
+	case "Security_Detections_API_ThresholdRuleUpdateProps":
+		return t.AsSecurityDetectionsAPIThresholdRuleUpdateProps()
+	default:
+		return nil, errors.New("unknown discriminator value: " + discriminator)
 	}
-	return nil
 }
 
-// Override default JSON handling for PackagePolicy_Elasticsearch to handle AdditionalProperties
-func (a PackagePolicy_Elasticsearch) MarshalJSON() ([]byte, error) {
-	var err error
-	object := make(map[string]json.RawMessage)
+func (t SecurityDetectionsAPIRuleUpdateProps) MarshalJSON() ([]byte, error) {
+	b, err := t.union.MarshalJSON()
+	return b, err
+}
 
-	if a.Privileges != nil {
-		object["privileges"], err = json.Marshal(a.Privileges)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling 'privileges': %w", err)
-		}
-	}
+func (t *SecurityDetectionsAPIRuleUpdateProps) UnmarshalJSON(b []byte) error {
+	err := t.union.UnmarshalJSON(b)
+	return err
+}
 
-	for fieldName, field := range a.AdditionalProperties {
-		object[fieldName], err = json.Marshal(field)
-		if err != nil {
-			return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
-		}
-	}
-	return json.Marshal(object)
+// AsSecurityDetectionsAPIThresholdField0 returns the union data inside the SecurityDetectionsAPIThresholdField as a SecurityDetectionsAPIThresholdField0
+func (t SecurityDetectionsAPIThresholdField) AsSecurityDetectionsAPIThresholdField0() (SecurityDetectionsAPIThresholdField0, error) {
+	var body SecurityDetectionsAPIThresholdField0
+	err := json.Unmarshal(t.union, &body)
+	return body, err
 }
 
-// Getter for additional properties for UpdateConnectorConfig. Returns the specified
-// element and whether it was found
-func (a UpdateConnectorConfig) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
-	}
-	return
+// FromSecurityDetectionsAPIThresholdField0 overwrites any union data inside the SecurityDetectionsAPIThresholdField as the provided SecurityDetectionsAPIThresholdField0
+func (t *SecurityDetectionsAPIThresholdField) FromSecurityDetectionsAPIThresholdField0(v SecurityDetectionsAPIThresholdField0) error {
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
 }
 
-// Setter for additional properties for UpdateConnectorConfig
-func (a *UpdateConnectorConfig) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
+// MergeSecurityDetectionsAPIThresholdField0 performs a merge with any union data inside the SecurityDetectionsAPIThresholdField, using the provided SecurityDetectionsAPIThresholdField0
+func (t *SecurityDetectionsAPIThresholdField) MergeSecurityDetectionsAPIThresholdField0(v SecurityDetectionsAPIThresholdField0) error {
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
 	}
-	a.AdditionalProperties[fieldName] = value
+
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
 }
 
-// Getter for additional properties for UpdateConnectorSecrets. Returns the specified
-// element and whether it was found
-func (a UpdateConnectorSecrets) Get(fieldName string) (value interface{}, found bool) {
-	if a.AdditionalProperties != nil {
-		value, found = a.AdditionalProperties[fieldName]
-	}
-	return
+// AsSecurityDetectionsAPIThresholdField1 returns the union data inside the SecurityDetectionsAPIThresholdField as a SecurityDetectionsAPIThresholdField1
+func (t SecurityDetectionsAPIThresholdField) AsSecurityDetectionsAPIThresholdField1() (SecurityDetectionsAPIThresholdField1, error) {
+	var body SecurityDetectionsAPIThresholdField1
+	err := json.Unmarshal(t.union, &body)
+	return body, err
 }
 
-// Setter for additional properties for UpdateConnectorSecrets
-func (a *UpdateConnectorSecrets) Set(fieldName string, value interface{}) {
-	if a.AdditionalProperties == nil {
-		a.AdditionalProperties = make(map[string]interface{})
+// FromSecurityDetectionsAPIThresholdField1 overwrites any union data inside the SecurityDetectionsAPIThresholdField as the provided SecurityDetectionsAPIThresholdField1
+func (t *SecurityDetectionsAPIThresholdField) FromSecurityDetectionsAPIThresholdField1(v SecurityDetectionsAPIThresholdField1) error {
+	b, err := json.Marshal(v)
+	t.union = b
+	return err
+}
+
+// MergeSecurityDetectionsAPIThresholdField1 performs a merge with any union data inside the SecurityDetectionsAPIThresholdField, using the provided SecurityDetectionsAPIThresholdField1
+func (t *SecurityDetectionsAPIThresholdField) MergeSecurityDetectionsAPIThresholdField1(v SecurityDetectionsAPIThresholdField1) error {
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
 	}
-	a.AdditionalProperties[fieldName] = value
+
+	merged, err := runtime.JSONMerge(t.union, b)
+	t.union = merged
+	return err
+}
+
+func (t SecurityDetectionsAPIThresholdField) MarshalJSON() ([]byte, error) {
+	b, err := t.union.MarshalJSON()
+	return b, err
+}
+
+func (t *SecurityDetectionsAPIThresholdField) UnmarshalJSON(b []byte) error {
+	err := t.union.UnmarshalJSON(b)
+	return err
 }
 
 // AsAgentPolicyPackagePolicies1Inputs1StreamsVars0 returns the union data inside the AgentPolicy_PackagePolicies_1_Inputs_1_Streams_Vars_AdditionalProperties as a AgentPolicyPackagePolicies1Inputs1StreamsVars0
@@ -18228,6 +25958,22 @@ type ClientInterface interface {
 
 	UpdateDataViewDefault(ctx context.Context, spaceId SpaceId, viewId DataViewsViewId, body UpdateDataViewDefaultJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error)
 
+	// DeleteRule request
+	DeleteRule(ctx context.Context, spaceId SpaceId, params *DeleteRuleParams, reqEditors ...RequestEditorFn) (*http.Response, error)
+
+	// ReadRule request
+	ReadRule(ctx context.Context, spaceId SpaceId, params *ReadRuleParams, reqEditors ...RequestEditorFn) (*http.Response, error)
+
+	// CreateRuleWithBody request with any body
+	CreateRuleWithBody(ctx context.Context, spaceId SpaceId, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error)
+
+	CreateRule(ctx context.Context, spaceId SpaceId, body CreateRuleJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error)
+
+	// UpdateRuleWithBody request with any body
+	UpdateRuleWithBody(ctx context.Context, spaceId SpaceId, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error)
+
+	UpdateRule(ctx context.Context, spaceId SpaceId, body UpdateRuleJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error)
+
 	// PostMaintenanceWindowWithBody request with any body
 	PostMaintenanceWindowWithBody(ctx context.Context, spaceId SpaceId, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error)
 
@@ -18941,8 +26687,152 @@ func (c *Client) DeleteDataViewDefault(ctx context.Context, spaceId SpaceId, vie
 	return c.Client.Do(req)
 }
 
-func (c *Client) GetDataViewDefault(ctx context.Context, spaceId SpaceId, viewId DataViewsViewId, reqEditors ...RequestEditorFn) (*http.Response, error) {
-	req, err := NewGetDataViewDefaultRequest(c.Server, spaceId, viewId)
+func (c *Client) GetDataViewDefault(ctx context.Context, spaceId SpaceId, viewId DataViewsViewId, reqEditors ...RequestEditorFn) (*http.Response, error) {
+	req, err := NewGetDataViewDefaultRequest(c.Server, spaceId, viewId)
+	if err != nil {
+		return nil, err
+	}
+	req = req.WithContext(ctx)
+	if err := c.applyEditors(ctx, req, reqEditors); err != nil {
+		return nil, err
+	}
+	return c.Client.Do(req)
+}
+
+func (c *Client) UpdateDataViewDefaultWithBody(ctx context.Context, spaceId SpaceId, viewId DataViewsViewId, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) {
+	req, err := NewUpdateDataViewDefaultRequestWithBody(c.Server, spaceId, viewId, contentType, body)
+	if err != nil {
+		return nil, err
+	}
+	req = req.WithContext(ctx)
+	if err := c.applyEditors(ctx, req, reqEditors); err != nil {
+		return nil, err
+	}
+	return c.Client.Do(req)
+}
+
+func (c *Client) UpdateDataViewDefault(ctx context.Context, spaceId SpaceId, viewId DataViewsViewId, body UpdateDataViewDefaultJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) {
+	req, err := NewUpdateDataViewDefaultRequest(c.Server, spaceId, viewId, body)
+	if err != nil {
+		return nil, err
+	}
+	req = req.WithContext(ctx)
+	if err := c.applyEditors(ctx, req, reqEditors); err != nil {
+		return nil, err
+	}
+	return c.Client.Do(req)
+}
+
+func (c *Client) DeleteRule(ctx context.Context, spaceId SpaceId, params *DeleteRuleParams, reqEditors ...RequestEditorFn) (*http.Response, error) {
+	req, err := NewDeleteRuleRequest(c.Server, spaceId, params)
+	if err != nil {
+		return nil, err
+	}
+	req = req.WithContext(ctx)
+	if err := c.applyEditors(ctx, req, reqEditors); err != nil {
+		return nil, err
+	}
+	return c.Client.Do(req)
+}
+
+func (c *Client) ReadRule(ctx context.Context, spaceId SpaceId, params *ReadRuleParams, reqEditors ...RequestEditorFn) (*http.Response, error) {
+	req, err := NewReadRuleRequest(c.Server, spaceId, params)
+	if err != nil {
+		return nil, err
+	}
+	req = req.WithContext(ctx)
+	if err := c.applyEditors(ctx, req, reqEditors); err != nil {
+		return nil, err
+	}
+	return c.Client.Do(req)
+}
+
+func (c *Client) CreateRuleWithBody(ctx context.Context, spaceId SpaceId, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) {
+	req, err := NewCreateRuleRequestWithBody(c.Server, spaceId, contentType, body)
+	if err != nil {
+		return nil, err
+	}
+	req = req.WithContext(ctx)
+	if err := c.applyEditors(ctx, req, reqEditors); err != nil {
+		return nil, err
+	}
+	return c.Client.Do(req)
+}
+
+func (c *Client) CreateRule(ctx context.Context, spaceId SpaceId, body CreateRuleJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) {
+	req, err := NewCreateRuleRequest(c.Server, spaceId, body)
+	if err != nil {
+		return nil, err
+	}
+	req = req.WithContext(ctx)
+	if err := c.applyEditors(ctx, req, reqEditors); err != nil {
+		return nil, err
+	}
+	return c.Client.Do(req)
+}
+
+func (c *Client) UpdateRuleWithBody(ctx context.Context, spaceId SpaceId, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) {
+	req, err := NewUpdateRuleRequestWithBody(c.Server, spaceId, contentType, body)
+	if err != nil {
+		return nil, err
+	}
+	req = req.WithContext(ctx)
+	if err := c.applyEditors(ctx, req, reqEditors); err != nil {
+		return nil, err
+	}
+	return c.Client.Do(req)
+}
+
+func (c *Client) UpdateRule(ctx context.Context, spaceId SpaceId, body UpdateRuleJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) {
+	req, err := NewUpdateRuleRequest(c.Server, spaceId, body)
+	if err != nil {
+		return nil, err
+	}
+	req = req.WithContext(ctx)
+	if err := c.applyEditors(ctx, req, reqEditors); err != nil {
+		return nil, err
+	}
+	return c.Client.Do(req)
+}
+
+func (c *Client) PostMaintenanceWindowWithBody(ctx context.Context, spaceId SpaceId, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) {
+	req, err := NewPostMaintenanceWindowRequestWithBody(c.Server, spaceId, contentType, body)
+	if err != nil {
+		return nil, err
+	}
+	req = req.WithContext(ctx)
+	if err := c.applyEditors(ctx, req, reqEditors); err != nil {
+		return nil, err
+	}
+	return c.Client.Do(req)
+}
+
+func (c *Client) PostMaintenanceWindow(ctx context.Context, spaceId SpaceId, body PostMaintenanceWindowJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) {
+	req, err := NewPostMaintenanceWindowRequest(c.Server, spaceId, body)
+	if err != nil {
+		return nil, err
+	}
+	req = req.WithContext(ctx)
+	if err := c.applyEditors(ctx, req, reqEditors); err != nil {
+		return nil, err
+	}
+	return c.Client.Do(req)
+}
+
+func (c *Client) DeleteMaintenanceWindowId(ctx context.Context, spaceId SpaceId, id string, reqEditors ...RequestEditorFn) (*http.Response, error) {
+	req, err := NewDeleteMaintenanceWindowIdRequest(c.Server, spaceId, id)
+	if err != nil {
+		return nil, err
+	}
+	req = req.WithContext(ctx)
+	if err := c.applyEditors(ctx, req, reqEditors); err != nil {
+		return nil, err
+	}
+	return c.Client.Do(req)
+}
+
+func (c *Client) GetMaintenanceWindowId(ctx context.Context, spaceId SpaceId, id string, reqEditors ...RequestEditorFn) (*http.Response, error) {
+	req, err := NewGetMaintenanceWindowIdRequest(c.Server, spaceId, id)
 	if err != nil {
 		return nil, err
 	}
@@ -18953,8 +26843,8 @@ func (c *Client) GetDataViewDefault(ctx context.Context, spaceId SpaceId, viewId
 	return c.Client.Do(req)
 }
 
-func (c *Client) UpdateDataViewDefaultWithBody(ctx context.Context, spaceId SpaceId, viewId DataViewsViewId, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) {
-	req, err := NewUpdateDataViewDefaultRequestWithBody(c.Server, spaceId, viewId, contentType, body)
+func (c *Client) PatchMaintenanceWindowIdWithBody(ctx context.Context, spaceId SpaceId, id string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) {
+	req, err := NewPatchMaintenanceWindowIdRequestWithBody(c.Server, spaceId, id, contentType, body)
 	if err != nil {
 		return nil, err
 	}
@@ -18965,8 +26855,8 @@ func (c *Client) UpdateDataViewDefaultWithBody(ctx context.Context, spaceId Spac
 	return c.Client.Do(req)
 }
 
-func (c *Client) UpdateDataViewDefault(ctx context.Context, spaceId SpaceId, viewId DataViewsViewId, body UpdateDataViewDefaultJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) {
-	req, err := NewUpdateDataViewDefaultRequest(c.Server, spaceId, viewId, body)
+func (c *Client) PatchMaintenanceWindowId(ctx context.Context, spaceId SpaceId, id string, body PatchMaintenanceWindowIdJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) {
+	req, err := NewPatchMaintenanceWindowIdRequest(c.Server, spaceId, id, body)
 	if err != nil {
 		return nil, err
 	}
@@ -19145,78 +27035,6 @@ func NewCreateUpdateAgentConfigurationRequestWithBody(server string, params *Cre
 	return req, nil
 }
 
-func (c *Client) PostMaintenanceWindowWithBody(ctx context.Context, spaceId SpaceId, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) {
-	req, err := NewPostMaintenanceWindowRequestWithBody(c.Server, spaceId, contentType, body)
-	if err != nil {
-		return nil, err
-	}
-	req = req.WithContext(ctx)
-	if err := c.applyEditors(ctx, req, reqEditors); err != nil {
-		return nil, err
-	}
-	return c.Client.Do(req)
-}
-
-func (c *Client) PostMaintenanceWindow(ctx context.Context, spaceId SpaceId, body PostMaintenanceWindowJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) {
-	req, err := NewPostMaintenanceWindowRequest(c.Server, spaceId, body)
-	if err != nil {
-		return nil, err
-	}
-	req = req.WithContext(ctx)
-	if err := c.applyEditors(ctx, req, reqEditors); err != nil {
-		return nil, err
-	}
-	return c.Client.Do(req)
-}
-
-func (c *Client) DeleteMaintenanceWindowId(ctx context.Context, spaceId SpaceId, id string, reqEditors ...RequestEditorFn) (*http.Response, error) {
-	req, err := NewDeleteMaintenanceWindowIdRequest(c.Server, spaceId, id)
-	if err != nil {
-		return nil, err
-	}
-	req = req.WithContext(ctx)
-	if err := c.applyEditors(ctx, req, reqEditors); err != nil {
-		return nil, err
-	}
-	return c.Client.Do(req)
-}
-
-func (c *Client) GetMaintenanceWindowId(ctx context.Context, spaceId SpaceId, id string, reqEditors ...RequestEditorFn) (*http.Response, error) {
-	req, err := NewGetMaintenanceWindowIdRequest(c.Server, spaceId, id)
-	if err != nil {
-		return nil, err
-	}
-	req = req.WithContext(ctx)
-	if err := c.applyEditors(ctx, req, reqEditors); err != nil {
-		return nil, err
-	}
-	return c.Client.Do(req)
-}
-
-func (c *Client) PatchMaintenanceWindowIdWithBody(ctx context.Context, spaceId SpaceId, id string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) {
-	req, err := NewPatchMaintenanceWindowIdRequestWithBody(c.Server, spaceId, id, contentType, body)
-	if err != nil {
-		return nil, err
-	}
-	req = req.WithContext(ctx)
-	if err := c.applyEditors(ctx, req, reqEditors); err != nil {
-		return nil, err
-	}
-	return c.Client.Do(req)
-}
-
-func (c *Client) PatchMaintenanceWindowId(ctx context.Context, spaceId SpaceId, id string, body PatchMaintenanceWindowIdJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) {
-	req, err := NewPatchMaintenanceWindowIdRequest(c.Server, spaceId, id, body)
-	if err != nil {
-		return nil, err
-	}
-	req = req.WithContext(ctx)
-	if err := c.applyEditors(ctx, req, reqEditors); err != nil {
-		return nil, err
-	}
-	return c.Client.Do(req)
-}
-
 // NewGetFleetAgentPoliciesRequest generates requests for GetFleetAgentPolicies
 func NewGetFleetAgentPoliciesRequest(server string, params *GetFleetAgentPoliciesParams) (*http.Request, error) {
 	var err error
@@ -21352,12 +29170,184 @@ func NewCreateDataViewDefaultwRequest(server string, spaceId SpaceId, body Creat
 	if err != nil {
 		return nil, err
 	}
-	bodyReader = bytes.NewReader(buf)
-	return NewCreateDataViewDefaultwRequestWithBody(server, spaceId, "application/json", bodyReader)
+	bodyReader = bytes.NewReader(buf)
+	return NewCreateDataViewDefaultwRequestWithBody(server, spaceId, "application/json", bodyReader)
+}
+
+// NewCreateDataViewDefaultwRequestWithBody generates requests for CreateDataViewDefaultw with any type of body
+func NewCreateDataViewDefaultwRequestWithBody(server string, spaceId SpaceId, contentType string, body io.Reader) (*http.Request, error) {
+	var err error
+
+	var pathParam0 string
+
+	pathParam0, err = runtime.StyleParamWithLocation("simple", false, "spaceId", runtime.ParamLocationPath, spaceId)
+	if err != nil {
+		return nil, err
+	}
+
+	serverURL, err := url.Parse(server)
+	if err != nil {
+		return nil, err
+	}
+
+	operationPath := fmt.Sprintf("/s/%s/api/data_views/data_view", pathParam0)
+	if operationPath[0] == '/' {
+		operationPath = "." + operationPath
+	}
+
+	queryURL, err := serverURL.Parse(operationPath)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest("POST", queryURL.String(), body)
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Add("Content-Type", contentType)
+
+	return req, nil
+}
+
+// NewDeleteDataViewDefaultRequest generates requests for DeleteDataViewDefault
+func NewDeleteDataViewDefaultRequest(server string, spaceId SpaceId, viewId DataViewsViewId) (*http.Request, error) {
+	var err error
+
+	var pathParam0 string
+
+	pathParam0, err = runtime.StyleParamWithLocation("simple", false, "spaceId", runtime.ParamLocationPath, spaceId)
+	if err != nil {
+		return nil, err
+	}
+
+	var pathParam1 string
+
+	pathParam1, err = runtime.StyleParamWithLocation("simple", false, "viewId", runtime.ParamLocationPath, viewId)
+	if err != nil {
+		return nil, err
+	}
+
+	serverURL, err := url.Parse(server)
+	if err != nil {
+		return nil, err
+	}
+
+	operationPath := fmt.Sprintf("/s/%s/api/data_views/data_view/%s", pathParam0, pathParam1)
+	if operationPath[0] == '/' {
+		operationPath = "." + operationPath
+	}
+
+	queryURL, err := serverURL.Parse(operationPath)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest("DELETE", queryURL.String(), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return req, nil
+}
+
+// NewGetDataViewDefaultRequest generates requests for GetDataViewDefault
+func NewGetDataViewDefaultRequest(server string, spaceId SpaceId, viewId DataViewsViewId) (*http.Request, error) {
+	var err error
+
+	var pathParam0 string
+
+	pathParam0, err = runtime.StyleParamWithLocation("simple", false, "spaceId", runtime.ParamLocationPath, spaceId)
+	if err != nil {
+		return nil, err
+	}
+
+	var pathParam1 string
+
+	pathParam1, err = runtime.StyleParamWithLocation("simple", false, "viewId", runtime.ParamLocationPath, viewId)
+	if err != nil {
+		return nil, err
+	}
+
+	serverURL, err := url.Parse(server)
+	if err != nil {
+		return nil, err
+	}
+
+	operationPath := fmt.Sprintf("/s/%s/api/data_views/data_view/%s", pathParam0, pathParam1)
+	if operationPath[0] == '/' {
+		operationPath = "." + operationPath
+	}
+
+	queryURL, err := serverURL.Parse(operationPath)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest("GET", queryURL.String(), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return req, nil
+}
+
+// NewUpdateDataViewDefaultRequest calls the generic UpdateDataViewDefault builder with application/json body
+func NewUpdateDataViewDefaultRequest(server string, spaceId SpaceId, viewId DataViewsViewId, body UpdateDataViewDefaultJSONRequestBody) (*http.Request, error) {
+	var bodyReader io.Reader
+	buf, err := json.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+	bodyReader = bytes.NewReader(buf)
+	return NewUpdateDataViewDefaultRequestWithBody(server, spaceId, viewId, "application/json", bodyReader)
+}
+
+// NewUpdateDataViewDefaultRequestWithBody generates requests for UpdateDataViewDefault with any type of body
+func NewUpdateDataViewDefaultRequestWithBody(server string, spaceId SpaceId, viewId DataViewsViewId, contentType string, body io.Reader) (*http.Request, error) {
+	var err error
+
+	var pathParam0 string
+
+	pathParam0, err = runtime.StyleParamWithLocation("simple", false, "spaceId", runtime.ParamLocationPath, spaceId)
+	if err != nil {
+		return nil, err
+	}
+
+	var pathParam1 string
+
+	pathParam1, err = runtime.StyleParamWithLocation("simple", false, "viewId", runtime.ParamLocationPath, viewId)
+	if err != nil {
+		return nil, err
+	}
+
+	serverURL, err := url.Parse(server)
+	if err != nil {
+		return nil, err
+	}
+
+	operationPath := fmt.Sprintf("/s/%s/api/data_views/data_view/%s", pathParam0, pathParam1)
+	if operationPath[0] == '/' {
+		operationPath = "." + operationPath
+	}
+
+	queryURL, err := serverURL.Parse(operationPath)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest("POST", queryURL.String(), body)
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Add("Content-Type", contentType)
+
+	return req, nil
 }
 
-// NewCreateDataViewDefaultwRequestWithBody generates requests for CreateDataViewDefaultw with any type of body
-func NewCreateDataViewDefaultwRequestWithBody(server string, spaceId SpaceId, contentType string, body io.Reader) (*http.Request, error) {
+// NewDeleteRuleRequest generates requests for DeleteRule
+func NewDeleteRuleRequest(server string, spaceId SpaceId, params *DeleteRuleParams) (*http.Request, error) {
 	var err error
 
 	var pathParam0 string
@@ -21372,7 +29362,7 @@ func NewCreateDataViewDefaultwRequestWithBody(server string, spaceId SpaceId, co
 		return nil, err
 	}
 
-	operationPath := fmt.Sprintf("/s/%s/api/data_views/data_view", pathParam0)
+	operationPath := fmt.Sprintf("/s/%s/api/detection_engine/rules", pathParam0)
 	if operationPath[0] == '/' {
 		operationPath = "." + operationPath
 	}
@@ -21382,18 +29372,54 @@ func NewCreateDataViewDefaultwRequestWithBody(server string, spaceId SpaceId, co
 		return nil, err
 	}
 
-	req, err := http.NewRequest("POST", queryURL.String(), body)
+	if params != nil {
+		queryValues := queryURL.Query()
+
+		if params.Id != nil {
+
+			if queryFrag, err := runtime.StyleParamWithLocation("form", true, "id", runtime.ParamLocationQuery, *params.Id); err != nil {
+				return nil, err
+			} else if parsed, err := url.ParseQuery(queryFrag); err != nil {
+				return nil, err
+			} else {
+				for k, v := range parsed {
+					for _, v2 := range v {
+						queryValues.Add(k, v2)
+					}
+				}
+			}
+
+		}
+
+		if params.RuleId != nil {
+
+			if queryFrag, err := runtime.StyleParamWithLocation("form", true, "rule_id", runtime.ParamLocationQuery, *params.RuleId); err != nil {
+				return nil, err
+			} else if parsed, err := url.ParseQuery(queryFrag); err != nil {
+				return nil, err
+			} else {
+				for k, v := range parsed {
+					for _, v2 := range v {
+						queryValues.Add(k, v2)
+					}
+				}
+			}
+
+		}
+
+		queryURL.RawQuery = queryValues.Encode()
+	}
+
+	req, err := http.NewRequest("DELETE", queryURL.String(), nil)
 	if err != nil {
 		return nil, err
 	}
 
-	req.Header.Add("Content-Type", contentType)
-
 	return req, nil
 }
 
-// NewDeleteDataViewDefaultRequest generates requests for DeleteDataViewDefault
-func NewDeleteDataViewDefaultRequest(server string, spaceId SpaceId, viewId DataViewsViewId) (*http.Request, error) {
+// NewReadRuleRequest generates requests for ReadRule
+func NewReadRuleRequest(server string, spaceId SpaceId, params *ReadRuleParams) (*http.Request, error) {
 	var err error
 
 	var pathParam0 string
@@ -21403,19 +29429,12 @@ func NewDeleteDataViewDefaultRequest(server string, spaceId SpaceId, viewId Data
 		return nil, err
 	}
 
-	var pathParam1 string
-
-	pathParam1, err = runtime.StyleParamWithLocation("simple", false, "viewId", runtime.ParamLocationPath, viewId)
-	if err != nil {
-		return nil, err
-	}
-
 	serverURL, err := url.Parse(server)
 	if err != nil {
 		return nil, err
 	}
 
-	operationPath := fmt.Sprintf("/s/%s/api/data_views/data_view/%s", pathParam0, pathParam1)
+	operationPath := fmt.Sprintf("/s/%s/api/detection_engine/rules", pathParam0)
 	if operationPath[0] == '/' {
 		operationPath = "." + operationPath
 	}
@@ -21425,7 +29444,45 @@ func NewDeleteDataViewDefaultRequest(server string, spaceId SpaceId, viewId Data
 		return nil, err
 	}
 
-	req, err := http.NewRequest("DELETE", queryURL.String(), nil)
+	if params != nil {
+		queryValues := queryURL.Query()
+
+		if params.Id != nil {
+
+			if queryFrag, err := runtime.StyleParamWithLocation("form", true, "id", runtime.ParamLocationQuery, *params.Id); err != nil {
+				return nil, err
+			} else if parsed, err := url.ParseQuery(queryFrag); err != nil {
+				return nil, err
+			} else {
+				for k, v := range parsed {
+					for _, v2 := range v {
+						queryValues.Add(k, v2)
+					}
+				}
+			}
+
+		}
+
+		if params.RuleId != nil {
+
+			if queryFrag, err := runtime.StyleParamWithLocation("form", true, "rule_id", runtime.ParamLocationQuery, *params.RuleId); err != nil {
+				return nil, err
+			} else if parsed, err := url.ParseQuery(queryFrag); err != nil {
+				return nil, err
+			} else {
+				for k, v := range parsed {
+					for _, v2 := range v {
+						queryValues.Add(k, v2)
+					}
+				}
+			}
+
+		}
+
+		queryURL.RawQuery = queryValues.Encode()
+	}
+
+	req, err := http.NewRequest("GET", queryURL.String(), nil)
 	if err != nil {
 		return nil, err
 	}
@@ -21433,20 +29490,24 @@ func NewDeleteDataViewDefaultRequest(server string, spaceId SpaceId, viewId Data
 	return req, nil
 }
 
-// NewGetDataViewDefaultRequest generates requests for GetDataViewDefault
-func NewGetDataViewDefaultRequest(server string, spaceId SpaceId, viewId DataViewsViewId) (*http.Request, error) {
-	var err error
-
-	var pathParam0 string
-
-	pathParam0, err = runtime.StyleParamWithLocation("simple", false, "spaceId", runtime.ParamLocationPath, spaceId)
+// NewCreateRuleRequest calls the generic CreateRule builder with application/json body
+func NewCreateRuleRequest(server string, spaceId SpaceId, body CreateRuleJSONRequestBody) (*http.Request, error) {
+	var bodyReader io.Reader
+	buf, err := json.Marshal(body)
 	if err != nil {
 		return nil, err
 	}
+	bodyReader = bytes.NewReader(buf)
+	return NewCreateRuleRequestWithBody(server, spaceId, "application/json", bodyReader)
+}
 
-	var pathParam1 string
+// NewCreateRuleRequestWithBody generates requests for CreateRule with any type of body
+func NewCreateRuleRequestWithBody(server string, spaceId SpaceId, contentType string, body io.Reader) (*http.Request, error) {
+	var err error
 
-	pathParam1, err = runtime.StyleParamWithLocation("simple", false, "viewId", runtime.ParamLocationPath, viewId)
+	var pathParam0 string
+
+	pathParam0, err = runtime.StyleParamWithLocation("simple", false, "spaceId", runtime.ParamLocationPath, spaceId)
 	if err != nil {
 		return nil, err
 	}
@@ -21456,7 +29517,7 @@ func NewGetDataViewDefaultRequest(server string, spaceId SpaceId, viewId DataVie
 		return nil, err
 	}
 
-	operationPath := fmt.Sprintf("/s/%s/api/data_views/data_view/%s", pathParam0, pathParam1)
+	operationPath := fmt.Sprintf("/s/%s/api/detection_engine/rules", pathParam0)
 	if operationPath[0] == '/' {
 		operationPath = "." + operationPath
 	}
@@ -21466,27 +29527,29 @@ func NewGetDataViewDefaultRequest(server string, spaceId SpaceId, viewId DataVie
 		return nil, err
 	}
 
-	req, err := http.NewRequest("GET", queryURL.String(), nil)
+	req, err := http.NewRequest("POST", queryURL.String(), body)
 	if err != nil {
 		return nil, err
 	}
 
+	req.Header.Add("Content-Type", contentType)
+
 	return req, nil
 }
 
-// NewUpdateDataViewDefaultRequest calls the generic UpdateDataViewDefault builder with application/json body
-func NewUpdateDataViewDefaultRequest(server string, spaceId SpaceId, viewId DataViewsViewId, body UpdateDataViewDefaultJSONRequestBody) (*http.Request, error) {
+// NewUpdateRuleRequest calls the generic UpdateRule builder with application/json body
+func NewUpdateRuleRequest(server string, spaceId SpaceId, body UpdateRuleJSONRequestBody) (*http.Request, error) {
 	var bodyReader io.Reader
 	buf, err := json.Marshal(body)
 	if err != nil {
 		return nil, err
 	}
 	bodyReader = bytes.NewReader(buf)
-	return NewUpdateDataViewDefaultRequestWithBody(server, spaceId, viewId, "application/json", bodyReader)
+	return NewUpdateRuleRequestWithBody(server, spaceId, "application/json", bodyReader)
 }
 
-// NewUpdateDataViewDefaultRequestWithBody generates requests for UpdateDataViewDefault with any type of body
-func NewUpdateDataViewDefaultRequestWithBody(server string, spaceId SpaceId, viewId DataViewsViewId, contentType string, body io.Reader) (*http.Request, error) {
+// NewUpdateRuleRequestWithBody generates requests for UpdateRule with any type of body
+func NewUpdateRuleRequestWithBody(server string, spaceId SpaceId, contentType string, body io.Reader) (*http.Request, error) {
 	var err error
 
 	var pathParam0 string
@@ -21496,19 +29559,12 @@ func NewUpdateDataViewDefaultRequestWithBody(server string, spaceId SpaceId, vie
 		return nil, err
 	}
 
-	var pathParam1 string
-
-	pathParam1, err = runtime.StyleParamWithLocation("simple", false, "viewId", runtime.ParamLocationPath, viewId)
-	if err != nil {
-		return nil, err
-	}
-
 	serverURL, err := url.Parse(server)
 	if err != nil {
 		return nil, err
 	}
 
-	operationPath := fmt.Sprintf("/s/%s/api/data_views/data_view/%s", pathParam0, pathParam1)
+	operationPath := fmt.Sprintf("/s/%s/api/detection_engine/rules", pathParam0)
 	if operationPath[0] == '/' {
 		operationPath = "." + operationPath
 	}
@@ -21518,7 +29574,7 @@ func NewUpdateDataViewDefaultRequestWithBody(server string, spaceId SpaceId, vie
 		return nil, err
 	}
 
-	req, err := http.NewRequest("POST", queryURL.String(), body)
+	req, err := http.NewRequest("PUT", queryURL.String(), body)
 	if err != nil {
 		return nil, err
 	}
@@ -21919,6 +29975,22 @@ type ClientWithResponsesInterface interface {
 
 	UpdateDataViewDefaultWithResponse(ctx context.Context, spaceId SpaceId, viewId DataViewsViewId, body UpdateDataViewDefaultJSONRequestBody, reqEditors ...RequestEditorFn) (*UpdateDataViewDefaultResponse, error)
 
+	// DeleteRuleWithResponse request
+	DeleteRuleWithResponse(ctx context.Context, spaceId SpaceId, params *DeleteRuleParams, reqEditors ...RequestEditorFn) (*DeleteRuleResponse, error)
+
+	// ReadRuleWithResponse request
+	ReadRuleWithResponse(ctx context.Context, spaceId SpaceId, params *ReadRuleParams, reqEditors ...RequestEditorFn) (*ReadRuleResponse, error)
+
+	// CreateRuleWithBodyWithResponse request with any body
+	CreateRuleWithBodyWithResponse(ctx context.Context, spaceId SpaceId, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateRuleResponse, error)
+
+	CreateRuleWithResponse(ctx context.Context, spaceId SpaceId, body CreateRuleJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateRuleResponse, error)
+
+	// UpdateRuleWithBodyWithResponse request with any body
+	UpdateRuleWithBodyWithResponse(ctx context.Context, spaceId SpaceId, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*UpdateRuleResponse, error)
+
+	UpdateRuleWithResponse(ctx context.Context, spaceId SpaceId, body UpdateRuleJSONRequestBody, reqEditors ...RequestEditorFn) (*UpdateRuleResponse, error)
+
 	// PostMaintenanceWindowWithBodyWithResponse request with any body
 	PostMaintenanceWindowWithBodyWithResponse(ctx context.Context, spaceId SpaceId, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*PostMaintenanceWindowResponse, error)
 
@@ -23274,47 +31346,92 @@ func (r UpdateDataViewDefaultResponse) StatusCode() int {
 	return 0
 }
 
-// DeleteAgentConfigurationWithBodyWithResponse request with arbitrary body returning *DeleteAgentConfigurationResponse
-func (c *ClientWithResponses) DeleteAgentConfigurationWithBodyWithResponse(ctx context.Context, params *DeleteAgentConfigurationParams, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*DeleteAgentConfigurationResponse, error) {
-	rsp, err := c.DeleteAgentConfigurationWithBody(ctx, params, contentType, body, reqEditors...)
-	if err != nil {
-		return nil, err
+type DeleteRuleResponse struct {
+	Body         []byte
+	HTTPResponse *http.Response
+	JSON200      *SecurityDetectionsAPIRuleResponse
+}
+
+// Status returns HTTPResponse.Status
+func (r DeleteRuleResponse) Status() string {
+	if r.HTTPResponse != nil {
+		return r.HTTPResponse.Status
 	}
-	return ParseDeleteAgentConfigurationResponse(rsp)
+	return http.StatusText(0)
 }
 
-func (c *ClientWithResponses) DeleteAgentConfigurationWithResponse(ctx context.Context, params *DeleteAgentConfigurationParams, body DeleteAgentConfigurationJSONRequestBody, reqEditors ...RequestEditorFn) (*DeleteAgentConfigurationResponse, error) {
-	rsp, err := c.DeleteAgentConfiguration(ctx, params, body, reqEditors...)
-	if err != nil {
-		return nil, err
+// StatusCode returns HTTPResponse.StatusCode
+func (r DeleteRuleResponse) StatusCode() int {
+	if r.HTTPResponse != nil {
+		return r.HTTPResponse.StatusCode
 	}
-	return ParseDeleteAgentConfigurationResponse(rsp)
+	return 0
 }
 
-// GetAgentConfigurationsWithResponse request returning *GetAgentConfigurationsResponse
-func (c *ClientWithResponses) GetAgentConfigurationsWithResponse(ctx context.Context, params *GetAgentConfigurationsParams, reqEditors ...RequestEditorFn) (*GetAgentConfigurationsResponse, error) {
-	rsp, err := c.GetAgentConfigurations(ctx, params, reqEditors...)
-	if err != nil {
-		return nil, err
+type ReadRuleResponse struct {
+	Body         []byte
+	HTTPResponse *http.Response
+	JSON200      *SecurityDetectionsAPIRuleResponse
+}
+
+// Status returns HTTPResponse.Status
+func (r ReadRuleResponse) Status() string {
+	if r.HTTPResponse != nil {
+		return r.HTTPResponse.Status
 	}
-	return ParseGetAgentConfigurationsResponse(rsp)
+	return http.StatusText(0)
 }
 
-// CreateUpdateAgentConfigurationWithBodyWithResponse request with arbitrary body returning *CreateUpdateAgentConfigurationResponse
-func (c *ClientWithResponses) CreateUpdateAgentConfigurationWithBodyWithResponse(ctx context.Context, params *CreateUpdateAgentConfigurationParams, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateUpdateAgentConfigurationResponse, error) {
-	rsp, err := c.CreateUpdateAgentConfigurationWithBody(ctx, params, contentType, body, reqEditors...)
-	if err != nil {
-		return nil, err
+// StatusCode returns HTTPResponse.StatusCode
+func (r ReadRuleResponse) StatusCode() int {
+	if r.HTTPResponse != nil {
+		return r.HTTPResponse.StatusCode
 	}
-	return ParseCreateUpdateAgentConfigurationResponse(rsp)
+	return 0
 }
 
-func (c *ClientWithResponses) CreateUpdateAgentConfigurationWithResponse(ctx context.Context, params *CreateUpdateAgentConfigurationParams, body CreateUpdateAgentConfigurationJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateUpdateAgentConfigurationResponse, error) {
-	rsp, err := c.CreateUpdateAgentConfiguration(ctx, params, body, reqEditors...)
-	if err != nil {
-		return nil, err
+type CreateRuleResponse struct {
+	Body         []byte
+	HTTPResponse *http.Response
+	JSON200      *SecurityDetectionsAPIRuleResponse
+}
+
+// Status returns HTTPResponse.Status
+func (r CreateRuleResponse) Status() string {
+	if r.HTTPResponse != nil {
+		return r.HTTPResponse.Status
 	}
-	return ParseCreateUpdateAgentConfigurationResponse(rsp)
+	return http.StatusText(0)
+}
+
+// StatusCode returns HTTPResponse.StatusCode
+func (r CreateRuleResponse) StatusCode() int {
+	if r.HTTPResponse != nil {
+		return r.HTTPResponse.StatusCode
+	}
+	return 0
+}
+
+type UpdateRuleResponse struct {
+	Body         []byte
+	HTTPResponse *http.Response
+	JSON200      *SecurityDetectionsAPIRuleResponse
+}
+
+// Status returns HTTPResponse.Status
+func (r UpdateRuleResponse) Status() string {
+	if r.HTTPResponse != nil {
+		return r.HTTPResponse.Status
+	}
+	return http.StatusText(0)
+}
+
+// StatusCode returns HTTPResponse.StatusCode
+func (r UpdateRuleResponse) StatusCode() int {
+	if r.HTTPResponse != nil {
+		return r.HTTPResponse.StatusCode
+	}
+	return 0
 }
 
 type PostMaintenanceWindowResponse struct {
@@ -23574,26 +31691,69 @@ type PatchMaintenanceWindowIdResponse struct {
 		// UpdatedAt The date and time when the maintenance window was last updated.
 		UpdatedAt string `json:"updated_at"`
 
-		// UpdatedBy The identifier for the user that last updated this maintenance window.
-		UpdatedBy *string `json:"updated_by"`
+		// UpdatedBy The identifier for the user that last updated this maintenance window.
+		UpdatedBy *string `json:"updated_by"`
+	}
+}
+type PatchMaintenanceWindowId200Status string
+
+// Status returns HTTPResponse.Status
+func (r PatchMaintenanceWindowIdResponse) Status() string {
+	if r.HTTPResponse != nil {
+		return r.HTTPResponse.Status
+	}
+	return http.StatusText(0)
+}
+
+// StatusCode returns HTTPResponse.StatusCode
+func (r PatchMaintenanceWindowIdResponse) StatusCode() int {
+	if r.HTTPResponse != nil {
+		return r.HTTPResponse.StatusCode
+	}
+	return 0
+}
+
+// DeleteAgentConfigurationWithBodyWithResponse request with arbitrary body returning *DeleteAgentConfigurationResponse
+func (c *ClientWithResponses) DeleteAgentConfigurationWithBodyWithResponse(ctx context.Context, params *DeleteAgentConfigurationParams, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*DeleteAgentConfigurationResponse, error) {
+	rsp, err := c.DeleteAgentConfigurationWithBody(ctx, params, contentType, body, reqEditors...)
+	if err != nil {
+		return nil, err
+	}
+	return ParseDeleteAgentConfigurationResponse(rsp)
+}
+
+func (c *ClientWithResponses) DeleteAgentConfigurationWithResponse(ctx context.Context, params *DeleteAgentConfigurationParams, body DeleteAgentConfigurationJSONRequestBody, reqEditors ...RequestEditorFn) (*DeleteAgentConfigurationResponse, error) {
+	rsp, err := c.DeleteAgentConfiguration(ctx, params, body, reqEditors...)
+	if err != nil {
+		return nil, err
+	}
+	return ParseDeleteAgentConfigurationResponse(rsp)
+}
+
+// GetAgentConfigurationsWithResponse request returning *GetAgentConfigurationsResponse
+func (c *ClientWithResponses) GetAgentConfigurationsWithResponse(ctx context.Context, params *GetAgentConfigurationsParams, reqEditors ...RequestEditorFn) (*GetAgentConfigurationsResponse, error) {
+	rsp, err := c.GetAgentConfigurations(ctx, params, reqEditors...)
+	if err != nil {
+		return nil, err
 	}
+	return ParseGetAgentConfigurationsResponse(rsp)
 }
-type PatchMaintenanceWindowId200Status string
 
-// Status returns HTTPResponse.Status
-func (r PatchMaintenanceWindowIdResponse) Status() string {
-	if r.HTTPResponse != nil {
-		return r.HTTPResponse.Status
+// CreateUpdateAgentConfigurationWithBodyWithResponse request with arbitrary body returning *CreateUpdateAgentConfigurationResponse
+func (c *ClientWithResponses) CreateUpdateAgentConfigurationWithBodyWithResponse(ctx context.Context, params *CreateUpdateAgentConfigurationParams, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateUpdateAgentConfigurationResponse, error) {
+	rsp, err := c.CreateUpdateAgentConfigurationWithBody(ctx, params, contentType, body, reqEditors...)
+	if err != nil {
+		return nil, err
 	}
-	return http.StatusText(0)
+	return ParseCreateUpdateAgentConfigurationResponse(rsp)
 }
 
-// StatusCode returns HTTPResponse.StatusCode
-func (r PatchMaintenanceWindowIdResponse) StatusCode() int {
-	if r.HTTPResponse != nil {
-		return r.HTTPResponse.StatusCode
+func (c *ClientWithResponses) CreateUpdateAgentConfigurationWithResponse(ctx context.Context, params *CreateUpdateAgentConfigurationParams, body CreateUpdateAgentConfigurationJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateUpdateAgentConfigurationResponse, error) {
+	rsp, err := c.CreateUpdateAgentConfiguration(ctx, params, body, reqEditors...)
+	if err != nil {
+		return nil, err
 	}
-	return 0
+	return ParseCreateUpdateAgentConfigurationResponse(rsp)
 }
 
 // GetFleetAgentPoliciesWithResponse request returning *GetFleetAgentPoliciesResponse
@@ -24084,6 +32244,110 @@ func (c *ClientWithResponses) UpdateDataViewDefaultWithResponse(ctx context.Cont
 	return ParseUpdateDataViewDefaultResponse(rsp)
 }
 
+// DeleteRuleWithResponse request returning *DeleteRuleResponse
+func (c *ClientWithResponses) DeleteRuleWithResponse(ctx context.Context, spaceId SpaceId, params *DeleteRuleParams, reqEditors ...RequestEditorFn) (*DeleteRuleResponse, error) {
+	rsp, err := c.DeleteRule(ctx, spaceId, params, reqEditors...)
+	if err != nil {
+		return nil, err
+	}
+	return ParseDeleteRuleResponse(rsp)
+}
+
+// ReadRuleWithResponse request returning *ReadRuleResponse
+func (c *ClientWithResponses) ReadRuleWithResponse(ctx context.Context, spaceId SpaceId, params *ReadRuleParams, reqEditors ...RequestEditorFn) (*ReadRuleResponse, error) {
+	rsp, err := c.ReadRule(ctx, spaceId, params, reqEditors...)
+	if err != nil {
+		return nil, err
+	}
+	return ParseReadRuleResponse(rsp)
+}
+
+// CreateRuleWithBodyWithResponse request with arbitrary body returning *CreateRuleResponse
+func (c *ClientWithResponses) CreateRuleWithBodyWithResponse(ctx context.Context, spaceId SpaceId, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*CreateRuleResponse, error) {
+	rsp, err := c.CreateRuleWithBody(ctx, spaceId, contentType, body, reqEditors...)
+	if err != nil {
+		return nil, err
+	}
+	return ParseCreateRuleResponse(rsp)
+}
+
+func (c *ClientWithResponses) CreateRuleWithResponse(ctx context.Context, spaceId SpaceId, body CreateRuleJSONRequestBody, reqEditors ...RequestEditorFn) (*CreateRuleResponse, error) {
+	rsp, err := c.CreateRule(ctx, spaceId, body, reqEditors...)
+	if err != nil {
+		return nil, err
+	}
+	return ParseCreateRuleResponse(rsp)
+}
+
+// UpdateRuleWithBodyWithResponse request with arbitrary body returning *UpdateRuleResponse
+func (c *ClientWithResponses) UpdateRuleWithBodyWithResponse(ctx context.Context, spaceId SpaceId, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*UpdateRuleResponse, error) {
+	rsp, err := c.UpdateRuleWithBody(ctx, spaceId, contentType, body, reqEditors...)
+	if err != nil {
+		return nil, err
+	}
+	return ParseUpdateRuleResponse(rsp)
+}
+
+func (c *ClientWithResponses) UpdateRuleWithResponse(ctx context.Context, spaceId SpaceId, body UpdateRuleJSONRequestBody, reqEditors ...RequestEditorFn) (*UpdateRuleResponse, error) {
+	rsp, err := c.UpdateRule(ctx, spaceId, body, reqEditors...)
+	if err != nil {
+		return nil, err
+	}
+	return ParseUpdateRuleResponse(rsp)
+}
+
+// PostMaintenanceWindowWithBodyWithResponse request with arbitrary body returning *PostMaintenanceWindowResponse
+func (c *ClientWithResponses) PostMaintenanceWindowWithBodyWithResponse(ctx context.Context, spaceId SpaceId, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*PostMaintenanceWindowResponse, error) {
+	rsp, err := c.PostMaintenanceWindowWithBody(ctx, spaceId, contentType, body, reqEditors...)
+	if err != nil {
+		return nil, err
+	}
+	return ParsePostMaintenanceWindowResponse(rsp)
+}
+
+func (c *ClientWithResponses) PostMaintenanceWindowWithResponse(ctx context.Context, spaceId SpaceId, body PostMaintenanceWindowJSONRequestBody, reqEditors ...RequestEditorFn) (*PostMaintenanceWindowResponse, error) {
+	rsp, err := c.PostMaintenanceWindow(ctx, spaceId, body, reqEditors...)
+	if err != nil {
+		return nil, err
+	}
+	return ParsePostMaintenanceWindowResponse(rsp)
+}
+
+// DeleteMaintenanceWindowIdWithResponse request returning *DeleteMaintenanceWindowIdResponse
+func (c *ClientWithResponses) DeleteMaintenanceWindowIdWithResponse(ctx context.Context, spaceId SpaceId, id string, reqEditors ...RequestEditorFn) (*DeleteMaintenanceWindowIdResponse, error) {
+	rsp, err := c.DeleteMaintenanceWindowId(ctx, spaceId, id, reqEditors...)
+	if err != nil {
+		return nil, err
+	}
+	return ParseDeleteMaintenanceWindowIdResponse(rsp)
+}
+
+// GetMaintenanceWindowIdWithResponse request returning *GetMaintenanceWindowIdResponse
+func (c *ClientWithResponses) GetMaintenanceWindowIdWithResponse(ctx context.Context, spaceId SpaceId, id string, reqEditors ...RequestEditorFn) (*GetMaintenanceWindowIdResponse, error) {
+	rsp, err := c.GetMaintenanceWindowId(ctx, spaceId, id, reqEditors...)
+	if err != nil {
+		return nil, err
+	}
+	return ParseGetMaintenanceWindowIdResponse(rsp)
+}
+
+// PatchMaintenanceWindowIdWithBodyWithResponse request with arbitrary body returning *PatchMaintenanceWindowIdResponse
+func (c *ClientWithResponses) PatchMaintenanceWindowIdWithBodyWithResponse(ctx context.Context, spaceId SpaceId, id string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*PatchMaintenanceWindowIdResponse, error) {
+	rsp, err := c.PatchMaintenanceWindowIdWithBody(ctx, spaceId, id, contentType, body, reqEditors...)
+	if err != nil {
+		return nil, err
+	}
+	return ParsePatchMaintenanceWindowIdResponse(rsp)
+}
+
+func (c *ClientWithResponses) PatchMaintenanceWindowIdWithResponse(ctx context.Context, spaceId SpaceId, id string, body PatchMaintenanceWindowIdJSONRequestBody, reqEditors ...RequestEditorFn) (*PatchMaintenanceWindowIdResponse, error) {
+	rsp, err := c.PatchMaintenanceWindowId(ctx, spaceId, id, body, reqEditors...)
+	if err != nil {
+		return nil, err
+	}
+	return ParsePatchMaintenanceWindowIdResponse(rsp)
+}
+
 // ParseDeleteAgentConfigurationResponse parses an HTTP response from a DeleteAgentConfigurationWithResponse call
 func ParseDeleteAgentConfigurationResponse(rsp *http.Response) (*DeleteAgentConfigurationResponse, error) {
 	bodyBytes, err := io.ReadAll(rsp.Body)
@@ -24239,58 +32503,6 @@ func ParseCreateUpdateAgentConfigurationResponse(rsp *http.Response) (*CreateUpd
 	return response, nil
 }
 
-// PostMaintenanceWindowWithBodyWithResponse request with arbitrary body returning *PostMaintenanceWindowResponse
-func (c *ClientWithResponses) PostMaintenanceWindowWithBodyWithResponse(ctx context.Context, spaceId SpaceId, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*PostMaintenanceWindowResponse, error) {
-	rsp, err := c.PostMaintenanceWindowWithBody(ctx, spaceId, contentType, body, reqEditors...)
-	if err != nil {
-		return nil, err
-	}
-	return ParsePostMaintenanceWindowResponse(rsp)
-}
-
-func (c *ClientWithResponses) PostMaintenanceWindowWithResponse(ctx context.Context, spaceId SpaceId, body PostMaintenanceWindowJSONRequestBody, reqEditors ...RequestEditorFn) (*PostMaintenanceWindowResponse, error) {
-	rsp, err := c.PostMaintenanceWindow(ctx, spaceId, body, reqEditors...)
-	if err != nil {
-		return nil, err
-	}
-	return ParsePostMaintenanceWindowResponse(rsp)
-}
-
-// DeleteMaintenanceWindowIdWithResponse request returning *DeleteMaintenanceWindowIdResponse
-func (c *ClientWithResponses) DeleteMaintenanceWindowIdWithResponse(ctx context.Context, spaceId SpaceId, id string, reqEditors ...RequestEditorFn) (*DeleteMaintenanceWindowIdResponse, error) {
-	rsp, err := c.DeleteMaintenanceWindowId(ctx, spaceId, id, reqEditors...)
-	if err != nil {
-		return nil, err
-	}
-	return ParseDeleteMaintenanceWindowIdResponse(rsp)
-}
-
-// GetMaintenanceWindowIdWithResponse request returning *GetMaintenanceWindowIdResponse
-func (c *ClientWithResponses) GetMaintenanceWindowIdWithResponse(ctx context.Context, spaceId SpaceId, id string, reqEditors ...RequestEditorFn) (*GetMaintenanceWindowIdResponse, error) {
-	rsp, err := c.GetMaintenanceWindowId(ctx, spaceId, id, reqEditors...)
-	if err != nil {
-		return nil, err
-	}
-	return ParseGetMaintenanceWindowIdResponse(rsp)
-}
-
-// PatchMaintenanceWindowIdWithBodyWithResponse request with arbitrary body returning *PatchMaintenanceWindowIdResponse
-func (c *ClientWithResponses) PatchMaintenanceWindowIdWithBodyWithResponse(ctx context.Context, spaceId SpaceId, id string, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*PatchMaintenanceWindowIdResponse, error) {
-	rsp, err := c.PatchMaintenanceWindowIdWithBody(ctx, spaceId, id, contentType, body, reqEditors...)
-	if err != nil {
-		return nil, err
-	}
-	return ParsePatchMaintenanceWindowIdResponse(rsp)
-}
-
-func (c *ClientWithResponses) PatchMaintenanceWindowIdWithResponse(ctx context.Context, spaceId SpaceId, id string, body PatchMaintenanceWindowIdJSONRequestBody, reqEditors ...RequestEditorFn) (*PatchMaintenanceWindowIdResponse, error) {
-	rsp, err := c.PatchMaintenanceWindowId(ctx, spaceId, id, body, reqEditors...)
-	if err != nil {
-		return nil, err
-	}
-	return ParsePatchMaintenanceWindowIdResponse(rsp)
-}
-
 // ParseGetFleetAgentPoliciesResponse parses an HTTP response from a GetFleetAgentPoliciesWithResponse call
 func ParseGetFleetAgentPoliciesResponse(rsp *http.Response) (*GetFleetAgentPoliciesResponse, error) {
 	bodyBytes, err := io.ReadAll(rsp.Body)
@@ -25843,6 +34055,110 @@ func ParseUpdateDataViewDefaultResponse(rsp *http.Response) (*UpdateDataViewDefa
 	return response, nil
 }
 
+// ParseDeleteRuleResponse parses an HTTP response from a DeleteRuleWithResponse call
+func ParseDeleteRuleResponse(rsp *http.Response) (*DeleteRuleResponse, error) {
+	bodyBytes, err := io.ReadAll(rsp.Body)
+	defer func() { _ = rsp.Body.Close() }()
+	if err != nil {
+		return nil, err
+	}
+
+	response := &DeleteRuleResponse{
+		Body:         bodyBytes,
+		HTTPResponse: rsp,
+	}
+
+	switch {
+	case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200:
+		var dest SecurityDetectionsAPIRuleResponse
+		if err := json.Unmarshal(bodyBytes, &dest); err != nil {
+			return nil, err
+		}
+		response.JSON200 = &dest
+
+	}
+
+	return response, nil
+}
+
+// ParseReadRuleResponse parses an HTTP response from a ReadRuleWithResponse call
+func ParseReadRuleResponse(rsp *http.Response) (*ReadRuleResponse, error) {
+	bodyBytes, err := io.ReadAll(rsp.Body)
+	defer func() { _ = rsp.Body.Close() }()
+	if err != nil {
+		return nil, err
+	}
+
+	response := &ReadRuleResponse{
+		Body:         bodyBytes,
+		HTTPResponse: rsp,
+	}
+
+	switch {
+	case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200:
+		var dest SecurityDetectionsAPIRuleResponse
+		if err := json.Unmarshal(bodyBytes, &dest); err != nil {
+			return nil, err
+		}
+		response.JSON200 = &dest
+
+	}
+
+	return response, nil
+}
+
+// ParseCreateRuleResponse parses an HTTP response from a CreateRuleWithResponse call
+func ParseCreateRuleResponse(rsp *http.Response) (*CreateRuleResponse, error) {
+	bodyBytes, err := io.ReadAll(rsp.Body)
+	defer func() { _ = rsp.Body.Close() }()
+	if err != nil {
+		return nil, err
+	}
+
+	response := &CreateRuleResponse{
+		Body:         bodyBytes,
+		HTTPResponse: rsp,
+	}
+
+	switch {
+	case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200:
+		var dest SecurityDetectionsAPIRuleResponse
+		if err := json.Unmarshal(bodyBytes, &dest); err != nil {
+			return nil, err
+		}
+		response.JSON200 = &dest
+
+	}
+
+	return response, nil
+}
+
+// ParseUpdateRuleResponse parses an HTTP response from a UpdateRuleWithResponse call
+func ParseUpdateRuleResponse(rsp *http.Response) (*UpdateRuleResponse, error) {
+	bodyBytes, err := io.ReadAll(rsp.Body)
+	defer func() { _ = rsp.Body.Close() }()
+	if err != nil {
+		return nil, err
+	}
+
+	response := &UpdateRuleResponse{
+		Body:         bodyBytes,
+		HTTPResponse: rsp,
+	}
+
+	switch {
+	case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 200:
+		var dest SecurityDetectionsAPIRuleResponse
+		if err := json.Unmarshal(bodyBytes, &dest); err != nil {
+			return nil, err
+		}
+		response.JSON200 = &dest
+
+	}
+
+	return response, nil
+}
+
 // ParsePostMaintenanceWindowResponse parses an HTTP response from a PostMaintenanceWindowWithResponse call
 func ParsePostMaintenanceWindowResponse(rsp *http.Response) (*PostMaintenanceWindowResponse, error) {
 	bodyBytes, err := io.ReadAll(rsp.Body)
diff --git a/generated/kbapi/transform_schema.go b/generated/kbapi/transform_schema.go
index 1e6af5f1d..ac9ac7491 100644
--- a/generated/kbapi/transform_schema.go
+++ b/generated/kbapi/transform_schema.go
@@ -584,6 +584,7 @@ func transformFilterPaths(schema *Schema) {
 		"/api/maintenance_window/{id}":                   {"delete", "get", "patch"},
 		"/api/actions/connector/{id}":                    {"get", "put", "post", "delete"},
 		"/api/actions/connectors":                        {"get"},
+		"/api/detection_engine/rules":                    {"get", "post", "put", "delete"},
 	}
 
 	for path, pathInfo := range schema.Paths {
@@ -734,6 +735,7 @@ func transformKibanaPaths(schema *Schema) {
 		"/api/maintenance_window/{id}",
 		"/api/actions/connector/{id}",
 		"/api/actions/connectors",
+		"/api/detection_engine/rules",
 	}
 
 	// Add a spaceId parameter if not already present
diff --git a/internal/kibana/security/detection_rule/acc_test.go b/internal/kibana/security/detection_rule/acc_test.go
new file mode 100644
index 000000000..6128cd946
--- /dev/null
+++ b/internal/kibana/security/detection_rule/acc_test.go
@@ -0,0 +1,97 @@
+package detection_rule_test
+
+import (
+	"testing"
+
+	"github.com/elastic/terraform-provider-elasticstack/internal/acctest"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+func TestAccResourceKibanaSecurityDetectionRule(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(t) },
+		ProtoV6ProviderFactories: acctest.Providers,
+		Steps: []resource.TestStep{
+			// Test Create and Read
+			{
+				Config: testAccResourceKibanaSecurityDetectionRuleCreate(),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_detection_rule.test", "name", "Test Detection Rule"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_detection_rule.test", "description", "Test security detection rule"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_detection_rule.test", "type", "query"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_detection_rule.test", "severity", "medium"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_detection_rule.test", "enabled", "true"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_security_detection_rule.test", "id"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_security_detection_rule.test", "rule_id"),
+				),
+			},
+			// Test Update
+			{
+				Config: testAccResourceKibanaSecurityDetectionRuleUpdate(),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_detection_rule.test", "name", "Updated Test Detection Rule"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_detection_rule.test", "description", "Updated test security detection rule"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_detection_rule.test", "type", "query"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_detection_rule.test", "severity", "high"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_detection_rule.test", "enabled", "false"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_security_detection_rule.test", "id"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_security_detection_rule.test", "rule_id"),
+				),
+			},
+			// Test Import (Read)
+			{
+				ResourceName:      "elasticstack_kibana_security_detection_rule.test",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccResourceKibanaSecurityDetectionRuleCreate() string {
+	return `
+provider "elasticstack" {
+  kibana {}
+}
+
+resource "elasticstack_kibana_security_detection_rule" "test" {
+  name        = "Test Detection Rule"
+  description = "Test security detection rule"
+  type        = "query"
+  query       = "*:*"
+  language    = "kuery"
+  severity    = "medium"
+  risk        = 50
+  enabled     = true
+  tags        = ["test"]
+  interval    = "5m"
+  from        = "now-6m"
+  to          = "now"
+  version     = 1
+  max_signals = 100
+}`
+}
+
+func testAccResourceKibanaSecurityDetectionRuleUpdate() string {
+	return `
+provider "elasticstack" {
+  kibana {}
+}
+
+resource "elasticstack_kibana_security_detection_rule" "test" {
+  name        = "Updated Test Detection Rule"
+  description = "Updated test security detection rule"
+  type        = "query"
+  query       = "event.category:network"
+  language    = "kuery"
+  severity    = "high"
+  risk        = 75
+  enabled     = false
+  tags        = ["test", "updated"]
+  interval    = "10m"
+  from        = "now-15m"
+  to          = "now"
+  version     = 1
+  max_signals = 200
+}`
+}
diff --git a/internal/kibana/security/detection_rule/client.go b/internal/kibana/security/detection_rule/client.go
new file mode 100644
index 000000000..10ff2ae13
--- /dev/null
+++ b/internal/kibana/security/detection_rule/client.go
@@ -0,0 +1,608 @@
+package detection_rule
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/elastic/terraform-provider-elasticstack/generated/kbapi"
+	"github.com/elastic/terraform-provider-elasticstack/internal/clients"
+	"github.com/google/uuid"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+)
+
+// CreateSecurityDetectionRule creates a new security detection rule using the generated API client
+func CreateSecurityDetectionRule(ctx context.Context, client *clients.ApiClient, spaceId string, rule *SecurityDetectionRuleRequest) (*SecurityDetectionRuleResponse, diag.Diagnostics) {
+	var diags diag.Diagnostics
+
+	kbClient, err := client.GetKibanaClient()
+	if err != nil {
+		diags.AddError("Failed to get Kibana client", err.Error())
+		return nil, diags
+	}
+
+	// Create the generated API client
+	genClient, err := kbapi.NewClientWithResponses(kbClient.Client.BaseURL, kbapi.WithHTTPClient(kbClient.Client.GetClient()))
+	if err != nil {
+		diags.AddError("Failed to create generated client", err.Error())
+		return nil, diags
+	}
+
+	// Convert our request to the generated API types
+	createProps := kbapi.SecurityDetectionsAPIRuleCreateProps{}
+	
+	// Create a QueryRuleCreateProps for simplicity (we can extend this later for other rule types)
+	enabled := kbapi.SecurityDetectionsAPIIsRuleEnabled(rule.Enabled)
+	from := kbapi.SecurityDetectionsAPIRuleIntervalFrom(rule.From)
+	to := kbapi.SecurityDetectionsAPIRuleIntervalTo(rule.To)
+	interval := kbapi.SecurityDetectionsAPIRuleInterval(rule.Interval)
+
+	queryRuleProps := kbapi.SecurityDetectionsAPIQueryRuleCreateProps{
+		Name:        rule.Name,
+		Description: kbapi.SecurityDetectionsAPIRuleDescription(rule.Description),
+		Type:        kbapi.SecurityDetectionsAPIQueryRuleCreatePropsType(rule.Type),
+		Severity:    kbapi.SecurityDetectionsAPISeverity(rule.Severity),
+		RiskScore:   rule.Risk,
+		Enabled:     &enabled,
+		From:        &from,
+		To:          &to,
+		Interval:    &interval,
+		MaxSignals:  &rule.MaxSignals,
+		Version:     &rule.Version,
+	}
+
+	// Set optional fields
+	if rule.Query != nil {
+		query := kbapi.SecurityDetectionsAPIRuleQuery(*rule.Query)
+		queryRuleProps.Query = &query
+	}
+	if rule.Language != nil {
+		language := kbapi.SecurityDetectionsAPIKqlQueryLanguage(*rule.Language)
+		queryRuleProps.Language = &language
+	}
+	if len(rule.Index) > 0 {
+		indexArray := make(kbapi.SecurityDetectionsAPIIndexPatternArray, len(rule.Index))
+		for i, idx := range rule.Index {
+			indexArray[i] = idx
+		}
+		queryRuleProps.Index = &indexArray
+	}
+	if len(rule.Tags) > 0 {
+		tagArray := make(kbapi.SecurityDetectionsAPIRuleTagArray, len(rule.Tags))
+		for i, tag := range rule.Tags {
+			tagArray[i] = tag
+		}
+		queryRuleProps.Tags = &tagArray
+	}
+	if len(rule.Author) > 0 {
+		authorArray := make(kbapi.SecurityDetectionsAPIRuleAuthorArray, len(rule.Author))
+		for i, author := range rule.Author {
+			authorArray[i] = author
+		}
+		queryRuleProps.Author = &authorArray
+	}
+	if rule.License != nil {
+		license := kbapi.SecurityDetectionsAPIRuleLicense(*rule.License)
+		queryRuleProps.License = &license
+	}
+	if rule.RuleNameOverride != nil {
+		override := kbapi.SecurityDetectionsAPIRuleNameOverride(*rule.RuleNameOverride)
+		queryRuleProps.RuleNameOverride = &override
+	}
+	if rule.TimestampOverride != nil {
+		timestampOverride := kbapi.SecurityDetectionsAPITimestampOverride(*rule.TimestampOverride)
+		queryRuleProps.TimestampOverride = &timestampOverride
+	}
+	if rule.Note != nil {
+		note := kbapi.SecurityDetectionsAPIInvestigationGuide(*rule.Note)
+		queryRuleProps.Note = &note
+	}
+	if len(rule.References) > 0 {
+		refArray := make(kbapi.SecurityDetectionsAPIRuleReferenceArray, len(rule.References))
+		for i, ref := range rule.References {
+			refArray[i] = ref
+		}
+		queryRuleProps.References = &refArray
+	}
+	if len(rule.FalsePositives) > 0 {
+		fpArray := make(kbapi.SecurityDetectionsAPIRuleFalsePositiveArray, len(rule.FalsePositives))
+		for i, fp := range rule.FalsePositives {
+			fpArray[i] = fp
+		}
+		queryRuleProps.FalsePositives = &fpArray
+	}
+
+	// Set the query rule props in the union
+	if err := createProps.FromSecurityDetectionsAPIQueryRuleCreateProps(queryRuleProps); err != nil {
+		diags.AddError("Failed to create request body", err.Error())
+		return nil, diags
+	}
+
+	// Call the generated API
+	resp, err := genClient.CreateRuleWithResponse(ctx, kbapi.SpaceId(spaceId), createProps)
+	if err != nil {
+		diags.AddError("Failed to execute request", err.Error())
+		return nil, diags
+	}
+
+	// Check for API errors
+	if resp.StatusCode() >= 300 {
+		diags.AddError(
+			"API request failed",
+			fmt.Sprintf("Status: %d, Body: %s", resp.StatusCode(), string(resp.Body)),
+		)
+		return nil, diags
+	}
+
+	// Parse the response - it's a union type so we need to convert it
+	if resp.JSON200 == nil {
+		diags.AddError("Unexpected response", "Expected JSON response but got nil")
+		return nil, diags
+	}
+
+	ruleResponse, err := resp.JSON200.AsSecurityDetectionsAPIQueryRule()
+	if err != nil {
+		diags.AddError("Failed to parse response", err.Error())
+		return nil, diags
+	}
+
+	// Convert the response to our internal type
+	result := &SecurityDetectionRuleResponse{
+		ID:          ruleResponse.Id.String(),
+		Name:        ruleResponse.Name,
+		Description: string(ruleResponse.Description),
+		Type:        string(ruleResponse.Type),
+		Severity:    string(ruleResponse.Severity),
+		Risk:        ruleResponse.RiskScore,
+		Enabled:     bool(ruleResponse.Enabled),
+		From:        string(ruleResponse.From),
+		To:          string(ruleResponse.To),
+		Interval:    string(ruleResponse.Interval),
+		Version:     ruleResponse.Version,
+		MaxSignals:  ruleResponse.MaxSignals,
+		CreatedAt:   ruleResponse.CreatedAt.Format("2006-01-02T15:04:05.000Z"),
+		CreatedBy:   ruleResponse.CreatedBy,
+		UpdatedAt:   ruleResponse.UpdatedAt.Format("2006-01-02T15:04:05.000Z"),
+		UpdatedBy:   ruleResponse.UpdatedBy,
+	}
+
+	// Set optional fields
+	queryStr := string(ruleResponse.Query)
+	result.Query = &queryStr
+
+	langStr := string(ruleResponse.Language)
+	result.Language = &langStr
+
+	if ruleResponse.Index != nil {
+		result.Index = make([]string, len(*ruleResponse.Index))
+		for i, idx := range *ruleResponse.Index {
+			result.Index[i] = idx
+		}
+	}
+	result.Tags = make([]string, len(ruleResponse.Tags))
+	for i, tag := range ruleResponse.Tags {
+		result.Tags[i] = tag
+	}
+	result.Author = make([]string, len(ruleResponse.Author))
+	for i, author := range ruleResponse.Author {
+		result.Author[i] = author
+	}
+	if ruleResponse.License != nil {
+		licenseStr := string(*ruleResponse.License)
+		result.License = &licenseStr
+	}
+	if ruleResponse.RuleNameOverride != nil {
+		overrideStr := string(*ruleResponse.RuleNameOverride)
+		result.RuleNameOverride = &overrideStr
+	}
+	if ruleResponse.TimestampOverride != nil {
+		timestampStr := string(*ruleResponse.TimestampOverride)
+		result.TimestampOverride = &timestampStr
+	}
+	if ruleResponse.Note != nil {
+		noteStr := string(*ruleResponse.Note)
+		result.Note = &noteStr
+	}
+	result.References = make([]string, len(ruleResponse.References))
+	for i, ref := range ruleResponse.References {
+		result.References[i] = ref
+	}
+	result.FalsePositives = make([]string, len(ruleResponse.FalsePositives))
+	for i, fp := range ruleResponse.FalsePositives {
+		result.FalsePositives[i] = fp
+	}
+
+	return result, diags
+}
+
+// GetSecurityDetectionRule retrieves a security detection rule by ID using the generated API client
+func GetSecurityDetectionRule(ctx context.Context, client *clients.ApiClient, spaceId, ruleId string) (*SecurityDetectionRuleResponse, diag.Diagnostics) {
+	var diags diag.Diagnostics
+
+	kbClient, err := client.GetKibanaClient()
+	if err != nil {
+		diags.AddError("Failed to get Kibana client", err.Error())
+		return nil, diags
+	}
+
+	// Create the generated API client
+	genClient, err := kbapi.NewClientWithResponses(kbClient.Client.BaseURL, kbapi.WithHTTPClient(kbClient.Client.GetClient()))
+	if err != nil {
+		diags.AddError("Failed to create generated client", err.Error())
+		return nil, diags
+	}
+
+	// Set up parameters - use rule ID for reading
+	parsedId, err := uuid.Parse(ruleId)
+	if err != nil {
+		diags.AddError("Invalid rule ID", fmt.Sprintf("Failed to parse rule ID as UUID: %s", err.Error()))
+		return nil, diags
+	}
+	id := kbapi.SecurityDetectionsAPIRuleObjectId(parsedId)
+	params := &kbapi.ReadRuleParams{
+		Id: &id,
+	}
+
+	// Call the generated API
+	resp, err := genClient.ReadRuleWithResponse(ctx, kbapi.SpaceId(spaceId), params)
+	if err != nil {
+		diags.AddError("Failed to execute request", err.Error())
+		return nil, diags
+	}
+
+	// Handle not found
+	if resp.StatusCode() == 404 {
+		return nil, diags // Rule not found
+	}
+
+	// Check for other API errors
+	if resp.StatusCode() >= 300 {
+		diags.AddError(
+			"API request failed",
+			fmt.Sprintf("Status: %d, Body: %s", resp.StatusCode(), string(resp.Body)),
+		)
+		return nil, diags
+	}
+
+	// Parse the response
+	if resp.JSON200 == nil {
+		diags.AddError("Unexpected response", "Expected JSON response but got nil")
+		return nil, diags
+	}
+
+	ruleResponse, err := resp.JSON200.AsSecurityDetectionsAPIQueryRule()
+	if err != nil {
+		diags.AddError("Failed to parse response", err.Error())
+		return nil, diags
+	}
+
+	// Convert the response to our internal type (same logic as Create)
+	result := &SecurityDetectionRuleResponse{
+		ID:          ruleResponse.Id.String(),
+		Name:        ruleResponse.Name,
+		Description: string(ruleResponse.Description),
+		Type:        string(ruleResponse.Type),
+		Severity:    string(ruleResponse.Severity),
+		Risk:        ruleResponse.RiskScore,
+		Enabled:     bool(ruleResponse.Enabled),
+		From:        string(ruleResponse.From),
+		To:          string(ruleResponse.To),
+		Interval:    string(ruleResponse.Interval),
+		Version:     ruleResponse.Version,
+		MaxSignals:  ruleResponse.MaxSignals,
+		CreatedAt:   ruleResponse.CreatedAt.Format("2006-01-02T15:04:05.000Z"),
+		CreatedBy:   ruleResponse.CreatedBy,
+		UpdatedAt:   ruleResponse.UpdatedAt.Format("2006-01-02T15:04:05.000Z"),
+		UpdatedBy:   ruleResponse.UpdatedBy,
+	}
+
+	// Set optional fields (same logic as Create)
+	queryStr := string(ruleResponse.Query)
+	result.Query = &queryStr
+
+	langStr := string(ruleResponse.Language)
+	result.Language = &langStr
+
+	if ruleResponse.Index != nil {
+		result.Index = make([]string, len(*ruleResponse.Index))
+		for i, idx := range *ruleResponse.Index {
+			result.Index[i] = idx
+		}
+	}
+	result.Tags = make([]string, len(ruleResponse.Tags))
+	for i, tag := range ruleResponse.Tags {
+		result.Tags[i] = tag
+	}
+	result.Author = make([]string, len(ruleResponse.Author))
+	for i, author := range ruleResponse.Author {
+		result.Author[i] = author
+	}
+	if ruleResponse.License != nil {
+		licenseStr := string(*ruleResponse.License)
+		result.License = &licenseStr
+	}
+	if ruleResponse.RuleNameOverride != nil {
+		overrideStr := string(*ruleResponse.RuleNameOverride)
+		result.RuleNameOverride = &overrideStr
+	}
+	if ruleResponse.TimestampOverride != nil {
+		timestampStr := string(*ruleResponse.TimestampOverride)
+		result.TimestampOverride = &timestampStr
+	}
+	if ruleResponse.Note != nil {
+		noteStr := string(*ruleResponse.Note)
+		result.Note = &noteStr
+	}
+	result.References = make([]string, len(ruleResponse.References))
+	for i, ref := range ruleResponse.References {
+		result.References[i] = ref
+	}
+	result.FalsePositives = make([]string, len(ruleResponse.FalsePositives))
+	for i, fp := range ruleResponse.FalsePositives {
+		result.FalsePositives[i] = fp
+	}
+
+	return result, diags
+}
+
+// UpdateSecurityDetectionRule updates an existing security detection rule using the generated API client
+func UpdateSecurityDetectionRule(ctx context.Context, client *clients.ApiClient, spaceId, ruleId string, rule *SecurityDetectionRuleRequest) (*SecurityDetectionRuleResponse, diag.Diagnostics) {
+	var diags diag.Diagnostics
+
+	kbClient, err := client.GetKibanaClient()
+	if err != nil {
+		diags.AddError("Failed to get Kibana client", err.Error())
+		return nil, diags
+	}
+
+	// Create the generated API client
+	genClient, err := kbapi.NewClientWithResponses(kbClient.Client.BaseURL, kbapi.WithHTTPClient(kbClient.Client.GetClient()))
+	if err != nil {
+		diags.AddError("Failed to create generated client", err.Error())
+		return nil, diags
+	}
+
+	// Convert our request to the generated API types for update
+	updateProps := kbapi.SecurityDetectionsAPIRuleUpdateProps{}
+	
+	// Create a QueryRuleUpdateProps
+	parsedId, err := uuid.Parse(ruleId)
+	if err != nil {
+		diags.AddError("Invalid rule ID", fmt.Sprintf("Failed to parse rule ID as UUID: %s", err.Error()))
+		return nil, diags
+	}
+	id := kbapi.SecurityDetectionsAPIRuleObjectId(parsedId)
+	enabled := kbapi.SecurityDetectionsAPIIsRuleEnabled(rule.Enabled)
+	from := kbapi.SecurityDetectionsAPIRuleIntervalFrom(rule.From)
+	to := kbapi.SecurityDetectionsAPIRuleIntervalTo(rule.To)
+	interval := kbapi.SecurityDetectionsAPIRuleInterval(rule.Interval)
+
+	queryRuleProps := kbapi.SecurityDetectionsAPIQueryRuleUpdateProps{
+		Id:          &id,
+		Name:        rule.Name,
+		Description: kbapi.SecurityDetectionsAPIRuleDescription(rule.Description),
+		Type:        kbapi.SecurityDetectionsAPIQueryRuleUpdatePropsType(rule.Type),
+		Severity:    kbapi.SecurityDetectionsAPISeverity(rule.Severity),
+		RiskScore:   rule.Risk,
+		Enabled:     &enabled,
+		From:        &from,
+		To:          &to,
+		Interval:    &interval,
+		MaxSignals:  &rule.MaxSignals,
+		Version:     &rule.Version,
+	}
+
+	// Set optional fields (same logic as Create)
+	if rule.Query != nil {
+		query := kbapi.SecurityDetectionsAPIRuleQuery(*rule.Query)
+		queryRuleProps.Query = &query
+	}
+	if rule.Language != nil {
+		language := kbapi.SecurityDetectionsAPIKqlQueryLanguage(*rule.Language)
+		queryRuleProps.Language = &language
+	}
+	if len(rule.Index) > 0 {
+		indexArray := make(kbapi.SecurityDetectionsAPIIndexPatternArray, len(rule.Index))
+		for i, idx := range rule.Index {
+			indexArray[i] = idx
+		}
+		queryRuleProps.Index = &indexArray
+	}
+	if len(rule.Tags) > 0 {
+		tagArray := make(kbapi.SecurityDetectionsAPIRuleTagArray, len(rule.Tags))
+		for i, tag := range rule.Tags {
+			tagArray[i] = tag
+		}
+		queryRuleProps.Tags = &tagArray
+	}
+	if len(rule.Author) > 0 {
+		authorArray := make(kbapi.SecurityDetectionsAPIRuleAuthorArray, len(rule.Author))
+		for i, author := range rule.Author {
+			authorArray[i] = author
+		}
+		queryRuleProps.Author = &authorArray
+	}
+	if rule.License != nil {
+		license := kbapi.SecurityDetectionsAPIRuleLicense(*rule.License)
+		queryRuleProps.License = &license
+	}
+	if rule.RuleNameOverride != nil {
+		override := kbapi.SecurityDetectionsAPIRuleNameOverride(*rule.RuleNameOverride)
+		queryRuleProps.RuleNameOverride = &override
+	}
+	if rule.TimestampOverride != nil {
+		timestampOverride := kbapi.SecurityDetectionsAPITimestampOverride(*rule.TimestampOverride)
+		queryRuleProps.TimestampOverride = &timestampOverride
+	}
+	if rule.Note != nil {
+		note := kbapi.SecurityDetectionsAPIInvestigationGuide(*rule.Note)
+		queryRuleProps.Note = &note
+	}
+	if len(rule.References) > 0 {
+		refArray := make(kbapi.SecurityDetectionsAPIRuleReferenceArray, len(rule.References))
+		for i, ref := range rule.References {
+			refArray[i] = ref
+		}
+		queryRuleProps.References = &refArray
+	}
+	if len(rule.FalsePositives) > 0 {
+		fpArray := make(kbapi.SecurityDetectionsAPIRuleFalsePositiveArray, len(rule.FalsePositives))
+		for i, fp := range rule.FalsePositives {
+			fpArray[i] = fp
+		}
+		queryRuleProps.FalsePositives = &fpArray
+	}
+
+	// Set the query rule props in the union
+	if err := updateProps.FromSecurityDetectionsAPIQueryRuleUpdateProps(queryRuleProps); err != nil {
+		diags.AddError("Failed to create request body", err.Error())
+		return nil, diags
+	}
+
+	// Call the generated API
+	resp, err := genClient.UpdateRuleWithResponse(ctx, kbapi.SpaceId(spaceId), updateProps)
+	if err != nil {
+		diags.AddError("Failed to execute request", err.Error())
+		return nil, diags
+	}
+
+	// Check for API errors
+	if resp.StatusCode() >= 300 {
+		diags.AddError(
+			"API request failed",
+			fmt.Sprintf("Status: %d, Body: %s", resp.StatusCode(), string(resp.Body)),
+		)
+		return nil, diags
+	}
+
+	// Parse the response
+	if resp.JSON200 == nil {
+		diags.AddError("Unexpected response", "Expected JSON response but got nil")
+		return nil, diags
+	}
+
+	ruleResponse, err := resp.JSON200.AsSecurityDetectionsAPIQueryRule()
+	if err != nil {
+		diags.AddError("Failed to parse response", err.Error())
+		return nil, diags
+	}
+
+	// Convert the response to our internal type (same logic as Create/Read)
+	result := &SecurityDetectionRuleResponse{
+		ID:          ruleResponse.Id.String(),
+		Name:        ruleResponse.Name,
+		Description: string(ruleResponse.Description),
+		Type:        string(ruleResponse.Type),
+		Severity:    string(ruleResponse.Severity),
+		Risk:        ruleResponse.RiskScore,
+		Enabled:     bool(ruleResponse.Enabled),
+		From:        string(ruleResponse.From),
+		To:          string(ruleResponse.To),
+		Interval:    string(ruleResponse.Interval),
+		Version:     ruleResponse.Version,
+		MaxSignals:  ruleResponse.MaxSignals,
+		CreatedAt:   ruleResponse.CreatedAt.Format("2006-01-02T15:04:05.000Z"),
+		CreatedBy:   ruleResponse.CreatedBy,
+		UpdatedAt:   ruleResponse.UpdatedAt.Format("2006-01-02T15:04:05.000Z"),
+		UpdatedBy:   ruleResponse.UpdatedBy,
+	}
+
+	// Set optional fields (same logic as Create/Read)
+	queryStr := string(ruleResponse.Query)
+	result.Query = &queryStr
+
+	langStr := string(ruleResponse.Language)
+	result.Language = &langStr
+
+	if ruleResponse.Index != nil {
+		result.Index = make([]string, len(*ruleResponse.Index))
+		for i, idx := range *ruleResponse.Index {
+			result.Index[i] = idx
+		}
+	}
+	result.Tags = make([]string, len(ruleResponse.Tags))
+	for i, tag := range ruleResponse.Tags {
+		result.Tags[i] = tag
+	}
+	result.Author = make([]string, len(ruleResponse.Author))
+	for i, author := range ruleResponse.Author {
+		result.Author[i] = author
+	}
+	if ruleResponse.License != nil {
+		licenseStr := string(*ruleResponse.License)
+		result.License = &licenseStr
+	}
+	if ruleResponse.RuleNameOverride != nil {
+		overrideStr := string(*ruleResponse.RuleNameOverride)
+		result.RuleNameOverride = &overrideStr
+	}
+	if ruleResponse.TimestampOverride != nil {
+		timestampStr := string(*ruleResponse.TimestampOverride)
+		result.TimestampOverride = &timestampStr
+	}
+	if ruleResponse.Note != nil {
+		noteStr := string(*ruleResponse.Note)
+		result.Note = &noteStr
+	}
+	result.References = make([]string, len(ruleResponse.References))
+	for i, ref := range ruleResponse.References {
+		result.References[i] = ref
+	}
+	result.FalsePositives = make([]string, len(ruleResponse.FalsePositives))
+	for i, fp := range ruleResponse.FalsePositives {
+		result.FalsePositives[i] = fp
+	}
+
+	return result, diags
+}
+
+// DeleteSecurityDetectionRule deletes a security detection rule by ID using the generated API client
+func DeleteSecurityDetectionRule(ctx context.Context, client *clients.ApiClient, spaceId, ruleId string) diag.Diagnostics {
+	var diags diag.Diagnostics
+
+	kbClient, err := client.GetKibanaClient()
+	if err != nil {
+		diags.AddError("Failed to get Kibana client", err.Error())
+		return diags
+	}
+
+	// Create the generated API client
+	genClient, err := kbapi.NewClientWithResponses(kbClient.Client.BaseURL, kbapi.WithHTTPClient(kbClient.Client.GetClient()))
+	if err != nil {
+		diags.AddError("Failed to create generated client", err.Error())
+		return diags
+	}
+
+	// Set up parameters - use rule ID for deletion
+	parsedId, err := uuid.Parse(ruleId)
+	if err != nil {
+		diags.AddError("Invalid rule ID", fmt.Sprintf("Failed to parse rule ID as UUID: %s", err.Error()))
+		return diags
+	}
+	id := kbapi.SecurityDetectionsAPIRuleObjectId(parsedId)
+	params := &kbapi.DeleteRuleParams{
+		Id: &id,
+	}
+
+	// Call the generated API
+	resp, err := genClient.DeleteRuleWithResponse(ctx, kbapi.SpaceId(spaceId), params)
+	if err != nil {
+		diags.AddError("Failed to execute request", err.Error())
+		return diags
+	}
+
+	// Handle not found (rule might already be deleted)
+	if resp.StatusCode() == 404 {
+		return diags // Already deleted, no error
+	}
+
+	// Check for other API errors
+	if resp.StatusCode() >= 300 {
+		diags.AddError(
+			"API request failed",
+			fmt.Sprintf("Status: %d, Body: %s", resp.StatusCode(), string(resp.Body)),
+		)
+		return diags
+	}
+
+	return diags
+}
diff --git a/internal/kibana/security/detection_rule/create.go b/internal/kibana/security/detection_rule/create.go
new file mode 100644
index 000000000..33f22ce18
--- /dev/null
+++ b/internal/kibana/security/detection_rule/create.go
@@ -0,0 +1,314 @@
+package detection_rule
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/elastic/terraform-provider-elasticstack/internal/clients"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+func (r *securityDetectionRuleResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+	var data SecurityDetectionRuleData
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Convert the data to API request
+	apiRequest, diags := dataToAPIRequest(ctx, &data)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Get space ID
+	spaceId := data.SpaceId.ValueString()
+	if spaceId == "" {
+		spaceId = "default"
+	}
+
+	// Create the rule
+	result, diags := CreateSecurityDetectionRule(ctx, r.client, spaceId, apiRequest)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Update the data with the response
+	diags = apiResponseToData(ctx, result, &data)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Create composite ID for state management
+	compositeID := &clients.CompositeId{
+		ClusterId:  spaceId,
+		ResourceId: result.ID,
+	}
+	data.Id = types.StringValue(compositeID.String())
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func dataToAPIRequest(ctx context.Context, data *SecurityDetectionRuleData) (*SecurityDetectionRuleRequest, diag.Diagnostics) {
+	var diags diag.Diagnostics
+
+	req := &SecurityDetectionRuleRequest{
+		Name:        data.Name.ValueString(),
+		Description: data.Description.ValueString(),
+		Type:        data.Type.ValueString(),
+		Severity:    data.Severity.ValueString(),
+		Risk:        int(data.Risk.ValueInt64()),
+		Enabled:     data.Enabled.ValueBool(),
+		From:        data.From.ValueString(),
+		To:          data.To.ValueString(),
+		Interval:    data.Interval.ValueString(),
+		Version:     int(data.Version.ValueInt64()),
+		MaxSignals:  int(data.MaxSignals.ValueInt64()),
+	}
+
+	// Handle optional string fields
+	if !data.Query.IsNull() && !data.Query.IsUnknown() {
+		query := data.Query.ValueString()
+		req.Query = &query
+	}
+
+	if !data.Language.IsNull() && !data.Language.IsUnknown() {
+		language := data.Language.ValueString()
+		req.Language = &language
+	}
+
+	if !data.License.IsNull() && !data.License.IsUnknown() {
+		license := data.License.ValueString()
+		req.License = &license
+	}
+
+	if !data.RuleNameOverride.IsNull() && !data.RuleNameOverride.IsUnknown() {
+		override := data.RuleNameOverride.ValueString()
+		req.RuleNameOverride = &override
+	}
+
+	if !data.TimestampOverride.IsNull() && !data.TimestampOverride.IsUnknown() {
+		override := data.TimestampOverride.ValueString()
+		req.TimestampOverride = &override
+	}
+
+	if !data.Note.IsNull() && !data.Note.IsUnknown() {
+		note := data.Note.ValueString()
+		req.Note = &note
+	}
+
+	// Handle Meta as JSON
+	if !data.Meta.IsNull() && !data.Meta.IsUnknown() {
+		var meta map[string]any
+		err := json.Unmarshal([]byte(data.Meta.ValueString()), &meta)
+		if err != nil {
+			diags.AddError("Invalid meta JSON", err.Error())
+			return nil, diags
+		}
+		req.Meta = &meta
+	}
+
+	// Handle string arrays
+	if !data.Index.IsNull() && !data.Index.IsUnknown() {
+		var indices []string
+		diags.Append(data.Index.ElementsAs(ctx, &indices, false)...)
+		if diags.HasError() {
+			return nil, diags
+		}
+		req.Index = indices
+	}
+
+	if !data.Tags.IsNull() && !data.Tags.IsUnknown() {
+		var tags []string
+		diags.Append(data.Tags.ElementsAs(ctx, &tags, false)...)
+		if diags.HasError() {
+			return nil, diags
+		}
+		req.Tags = tags
+	}
+
+	if !data.Author.IsNull() && !data.Author.IsUnknown() {
+		var authors []string
+		diags.Append(data.Author.ElementsAs(ctx, &authors, false)...)
+		if diags.HasError() {
+			return nil, diags
+		}
+		req.Author = authors
+	}
+
+	if !data.References.IsNull() && !data.References.IsUnknown() {
+		var references []string
+		diags.Append(data.References.ElementsAs(ctx, &references, false)...)
+		if diags.HasError() {
+			return nil, diags
+		}
+		req.References = references
+	}
+
+	if !data.FalsePositives.IsNull() && !data.FalsePositives.IsUnknown() {
+		var falsePositives []string
+		diags.Append(data.FalsePositives.ElementsAs(ctx, &falsePositives, false)...)
+		if diags.HasError() {
+			return nil, diags
+		}
+		req.FalsePositives = falsePositives
+	}
+
+	// Handle exceptions list (for now, just as string array)
+	if !data.ExceptionsList.IsNull() && !data.ExceptionsList.IsUnknown() {
+		var exceptions []string
+		diags.Append(data.ExceptionsList.ElementsAs(ctx, &exceptions, false)...)
+		if diags.HasError() {
+			return nil, diags
+		}
+		// Convert to []any for JSON serialization
+		req.ExceptionsList = make([]any, len(exceptions))
+		for i, ex := range exceptions {
+			req.ExceptionsList[i] = ex
+		}
+	}
+
+	return req, diags
+}
+
+func apiResponseToData(ctx context.Context, result *SecurityDetectionRuleResponse, data *SecurityDetectionRuleData) diag.Diagnostics {
+	var diags diag.Diagnostics
+
+	data.RuleId = types.StringValue(result.ID)
+	data.Name = types.StringValue(result.Name)
+	data.Description = types.StringValue(result.Description)
+	data.Type = types.StringValue(result.Type)
+	data.Severity = types.StringValue(result.Severity)
+	data.Risk = types.Int64Value(int64(result.Risk))
+	data.Enabled = types.BoolValue(result.Enabled)
+	data.From = types.StringValue(result.From)
+	data.To = types.StringValue(result.To)
+	data.Interval = types.StringValue(result.Interval)
+	data.Version = types.Int64Value(int64(result.Version))
+	data.MaxSignals = types.Int64Value(int64(result.MaxSignals))
+
+	// Handle optional fields
+	if result.Query != nil {
+		data.Query = types.StringValue(*result.Query)
+	} else {
+		data.Query = types.StringNull()
+	}
+
+	if result.Language != nil {
+		data.Language = types.StringValue(*result.Language)
+	} else {
+		data.Language = types.StringValue("kuery") // Default value
+	}
+
+	if result.License != nil {
+		data.License = types.StringValue(*result.License)
+	} else {
+		data.License = types.StringNull()
+	}
+
+	if result.RuleNameOverride != nil {
+		data.RuleNameOverride = types.StringValue(*result.RuleNameOverride)
+	} else {
+		data.RuleNameOverride = types.StringNull()
+	}
+
+	if result.TimestampOverride != nil {
+		data.TimestampOverride = types.StringValue(*result.TimestampOverride)
+	} else {
+		data.TimestampOverride = types.StringNull()
+	}
+
+	if result.Note != nil {
+		data.Note = types.StringValue(*result.Note)
+	} else {
+		data.Note = types.StringNull()
+	}
+
+	// Handle Meta as JSON string
+	if result.Meta != nil {
+		metaBytes, err := json.Marshal(result.Meta)
+		if err != nil {
+			diags.AddError("Failed to marshal meta", err.Error())
+			return diags
+		}
+		data.Meta = types.StringValue(string(metaBytes))
+	} else {
+		data.Meta = types.StringNull()
+	}
+
+	// Handle arrays
+	if len(result.Index) > 0 {
+		indexValues := make([]types.String, len(result.Index))
+		for i, idx := range result.Index {
+			indexValues[i] = types.StringValue(idx)
+		}
+		data.Index, _ = types.ListValueFrom(ctx, types.StringType, indexValues)
+	} else {
+		// Default to wildcard index
+		data.Index, _ = types.ListValueFrom(ctx, types.StringType, []types.String{types.StringValue("*")})
+	}
+
+	if len(result.Tags) > 0 {
+		tagValues := make([]types.String, len(result.Tags))
+		for i, tag := range result.Tags {
+			tagValues[i] = types.StringValue(tag)
+		}
+		data.Tags, _ = types.ListValueFrom(ctx, types.StringType, tagValues)
+	} else {
+		data.Tags, _ = types.ListValueFrom(ctx, types.StringType, []types.String{})
+	}
+
+	if len(result.Author) > 0 {
+		authorValues := make([]types.String, len(result.Author))
+		for i, author := range result.Author {
+			authorValues[i] = types.StringValue(author)
+		}
+		data.Author, _ = types.ListValueFrom(ctx, types.StringType, authorValues)
+	} else {
+		data.Author, _ = types.ListValueFrom(ctx, types.StringType, []types.String{})
+	}
+
+	if len(result.References) > 0 {
+		refValues := make([]types.String, len(result.References))
+		for i, ref := range result.References {
+			refValues[i] = types.StringValue(ref)
+		}
+		data.References, _ = types.ListValueFrom(ctx, types.StringType, refValues)
+	} else {
+		data.References, _ = types.ListValueFrom(ctx, types.StringType, []types.String{})
+	}
+
+	if len(result.FalsePositives) > 0 {
+		fpValues := make([]types.String, len(result.FalsePositives))
+		for i, fp := range result.FalsePositives {
+			fpValues[i] = types.StringValue(fp)
+		}
+		data.FalsePositives, _ = types.ListValueFrom(ctx, types.StringType, fpValues)
+	} else {
+		data.FalsePositives, _ = types.ListValueFrom(ctx, types.StringType, []types.String{})
+	}
+
+	if len(result.ExceptionsList) > 0 {
+		// Convert exceptions to strings (simplified)
+		excValues := make([]types.String, len(result.ExceptionsList))
+		for i, exc := range result.ExceptionsList {
+			if excStr, ok := exc.(string); ok {
+				excValues[i] = types.StringValue(excStr)
+			} else {
+				// Convert complex exceptions to JSON strings
+				excBytes, _ := json.Marshal(exc)
+				excValues[i] = types.StringValue(string(excBytes))
+			}
+		}
+		data.ExceptionsList, _ = types.ListValueFrom(ctx, types.StringType, excValues)
+	} else {
+		data.ExceptionsList, _ = types.ListValueFrom(ctx, types.StringType, []types.String{})
+	}
+
+	return diags
+}
diff --git a/internal/kibana/security/detection_rule/delete.go b/internal/kibana/security/detection_rule/delete.go
new file mode 100644
index 000000000..8cae6c0d6
--- /dev/null
+++ b/internal/kibana/security/detection_rule/delete.go
@@ -0,0 +1,35 @@
+package detection_rule
+
+import (
+	"context"
+
+	"github.com/elastic/terraform-provider-elasticstack/internal/clients"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+)
+
+func (r *securityDetectionRuleResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+	var data SecurityDetectionRuleData
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Parse the composite ID
+	compId, diags := clients.CompositeIdFromStrFw(data.Id.ValueString())
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	spaceId := compId.ClusterId
+	ruleId := compId.ResourceId
+
+	// Delete the rule
+	diags = DeleteSecurityDetectionRule(ctx, r.client, spaceId, ruleId)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Resource is automatically removed from state
+}
diff --git a/internal/kibana/security/detection_rule/models.go b/internal/kibana/security/detection_rule/models.go
new file mode 100644
index 000000000..4640625ea
--- /dev/null
+++ b/internal/kibana/security/detection_rule/models.go
@@ -0,0 +1,97 @@
+package detection_rule
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+type SecurityDetectionRuleData struct {
+	Id                types.String `tfsdk:"id"`
+	KibanaConnection  types.List   `tfsdk:"kibana_connection"`
+	SpaceId           types.String `tfsdk:"space_id"`
+	RuleId            types.String `tfsdk:"rule_id"`
+	Name              types.String `tfsdk:"name"`
+	Description       types.String `tfsdk:"description"`
+	Type              types.String `tfsdk:"type"`
+	Query             types.String `tfsdk:"query"`
+	Language          types.String `tfsdk:"language"`
+	Index             types.List   `tfsdk:"index"`
+	Severity          types.String `tfsdk:"severity"`
+	Risk              types.Int64  `tfsdk:"risk"`
+	Enabled           types.Bool   `tfsdk:"enabled"`
+	Tags              types.List   `tfsdk:"tags"`
+	From              types.String `tfsdk:"from"`
+	To                types.String `tfsdk:"to"`
+	Interval          types.String `tfsdk:"interval"`
+	Meta              types.String `tfsdk:"meta"`
+	Author            types.List   `tfsdk:"author"`
+	License           types.String `tfsdk:"license"`
+	RuleNameOverride  types.String `tfsdk:"rule_name_override"`
+	TimestampOverride types.String `tfsdk:"timestamp_override"`
+	Note              types.String `tfsdk:"note"`
+	References        types.List   `tfsdk:"references"`
+	FalsePositives    types.List   `tfsdk:"false_positives"`
+	ExceptionsList    types.List   `tfsdk:"exceptions_list"`
+	Version           types.Int64  `tfsdk:"version"`
+	MaxSignals        types.Int64  `tfsdk:"max_signals"`
+}
+
+// SecurityDetectionRuleRequest represents a security detection rule creation/update request
+type SecurityDetectionRuleRequest struct {
+	Name              string          `json:"name"`
+	Description       string          `json:"description"`
+	Type              string          `json:"type"`
+	Query             *string         `json:"query,omitempty"`
+	Language          *string         `json:"language,omitempty"`
+	Index             []string        `json:"index,omitempty"`
+	Severity          string          `json:"severity"`
+	Risk              int             `json:"risk_score"`
+	Enabled           bool            `json:"enabled"`
+	Tags              []string        `json:"tags,omitempty"`
+	From              string          `json:"from"`
+	To                string          `json:"to"`
+	Interval          string          `json:"interval"`
+	Meta              *map[string]any `json:"meta,omitempty"`
+	Author            []string        `json:"author,omitempty"`
+	License           *string         `json:"license,omitempty"`
+	RuleNameOverride  *string         `json:"rule_name_override,omitempty"`
+	TimestampOverride *string         `json:"timestamp_override,omitempty"`
+	Note              *string         `json:"note,omitempty"`
+	References        []string        `json:"references,omitempty"`
+	FalsePositives    []string        `json:"false_positives,omitempty"`
+	ExceptionsList    []any           `json:"exceptions_list,omitempty"`
+	Version           int             `json:"version"`
+	MaxSignals        int             `json:"max_signals"`
+}
+
+// SecurityDetectionRuleResponse represents the API response for a security detection rule
+type SecurityDetectionRuleResponse struct {
+	ID                string          `json:"id"`
+	Name              string          `json:"name"`
+	Description       string          `json:"description"`
+	Type              string          `json:"type"`
+	Query             *string         `json:"query,omitempty"`
+	Language          *string         `json:"language,omitempty"`
+	Index             []string        `json:"index,omitempty"`
+	Severity          string          `json:"severity"`
+	Risk              int             `json:"risk_score"`
+	Enabled           bool            `json:"enabled"`
+	Tags              []string        `json:"tags,omitempty"`
+	From              string          `json:"from"`
+	To                string          `json:"to"`
+	Interval          string          `json:"interval"`
+	Meta              *map[string]any `json:"meta,omitempty"`
+	Author            []string        `json:"author,omitempty"`
+	License           *string         `json:"license,omitempty"`
+	RuleNameOverride  *string         `json:"rule_name_override,omitempty"`
+	TimestampOverride *string         `json:"timestamp_override,omitempty"`
+	Note              *string         `json:"note,omitempty"`
+	References        []string        `json:"references,omitempty"`
+	FalsePositives    []string        `json:"false_positives,omitempty"`
+	ExceptionsList    []any           `json:"exceptions_list,omitempty"`
+	Version           int             `json:"version"`
+	MaxSignals        int             `json:"max_signals"`
+	CreatedAt         string          `json:"created_at"`
+	CreatedBy         string          `json:"created_by"`
+	UpdatedAt         string          `json:"updated_at"`
+	UpdatedBy         string          `json:"updated_by"`
+}
diff --git a/internal/kibana/security/detection_rule/read.go b/internal/kibana/security/detection_rule/read.go
new file mode 100644
index 000000000..7debb2af6
--- /dev/null
+++ b/internal/kibana/security/detection_rule/read.go
@@ -0,0 +1,56 @@
+package detection_rule
+
+import (
+	"context"
+
+	"github.com/elastic/terraform-provider-elasticstack/internal/clients"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+)
+
+func (r *securityDetectionRuleResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+	var data SecurityDetectionRuleData
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Parse the composite ID
+	compId, diags := clients.CompositeIdFromStrFw(data.Id.ValueString())
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	spaceId := compId.ClusterId
+	ruleId := compId.ResourceId
+
+	// Get the rule from the API
+	result, diags := GetSecurityDetectionRule(ctx, r.client, spaceId, ruleId)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// If rule not found, remove from state
+	if result == nil {
+		tflog.Warn(ctx, "Security detection rule not found, removing from state", map[string]interface{}{
+			"rule_id":  ruleId,
+			"space_id": spaceId,
+		})
+		resp.State.RemoveResource(ctx)
+		return
+	}
+
+	// Update the data with the response
+	diags = apiResponseToData(ctx, result, &data)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Set space_id from the composite ID (keep existing value from config)
+	// data.SpaceId remains unchanged
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
diff --git a/internal/kibana/security/detection_rule/resource.go b/internal/kibana/security/detection_rule/resource.go
new file mode 100644
index 000000000..d79335968
--- /dev/null
+++ b/internal/kibana/security/detection_rule/resource.go
@@ -0,0 +1,26 @@
+package detection_rule
+
+import (
+	"context"
+
+	"github.com/elastic/terraform-provider-elasticstack/internal/clients"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+)
+
+func NewSecurityDetectionRuleResource() resource.Resource {
+	return &securityDetectionRuleResource{}
+}
+
+type securityDetectionRuleResource struct {
+	client *clients.ApiClient
+}
+
+func (r *securityDetectionRuleResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_kibana_security_detection_rule"
+}
+
+func (r *securityDetectionRuleResource) Configure(_ context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
+	client, diags := clients.ConvertProviderData(req.ProviderData)
+	resp.Diagnostics.Append(diags...)
+	r.client = client
+}
diff --git a/internal/kibana/security/detection_rule/schema.go b/internal/kibana/security/detection_rule/schema.go
new file mode 100644
index 000000000..693a0b293
--- /dev/null
+++ b/internal/kibana/security/detection_rule/schema.go
@@ -0,0 +1,200 @@
+package detection_rule
+
+import (
+	"context"
+	"regexp"
+
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/booldefault"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/int64default"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/listdefault"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+
+	providerschema "github.com/elastic/terraform-provider-elasticstack/internal/schema"
+)
+
+func (r *securityDetectionRuleResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) {
+	resp.Schema = GetSchema()
+}
+
+func GetSchema() schema.Schema {
+	return schema.Schema{
+		MarkdownDescription: "Creates or updates a Kibana security detection rule. See https://www.elastic.co/guide/en/security/current/rules-api-create.html",
+		Blocks: map[string]schema.Block{
+			"kibana_connection": providerschema.GetKbFWConnectionBlock(),
+		},
+		Attributes: map[string]schema.Attribute{
+			"id": schema.StringAttribute{
+				MarkdownDescription: "Internal identifier of the resource",
+				Computed:            true,
+			},
+			"space_id": schema.StringAttribute{
+				MarkdownDescription: "An identifier for the space. If space_id is not provided, the default space is used.",
+				Optional:            true,
+				Computed:            true,
+				Default:             stringdefault.StaticString("default"),
+				PlanModifiers: []planmodifier.String{
+					stringplanmodifier.RequiresReplace(),
+				},
+			},
+			"rule_id": schema.StringAttribute{
+				MarkdownDescription: "The identifier for the rule. If not provided, an ID is randomly generated.",
+				Optional:            true,
+				Computed:            true,
+				PlanModifiers: []planmodifier.String{
+					stringplanmodifier.UseStateForUnknown(),
+					stringplanmodifier.RequiresReplace(),
+				},
+			},
+			"name": schema.StringAttribute{
+				MarkdownDescription: "The name of the detection rule.",
+				Required:            true,
+			},
+			"description": schema.StringAttribute{
+				MarkdownDescription: "The description of the detection rule.",
+				Required:            true,
+			},
+			"type": schema.StringAttribute{
+				MarkdownDescription: "The rule type. Valid values are: eql, query, machine_learning, threshold, threat_match, new_terms.",
+				Required:            true,
+				Validators: []validator.String{
+					stringvalidator.OneOf("eql", "query", "machine_learning", "threshold", "threat_match", "new_terms"),
+				},
+			},
+			"query": schema.StringAttribute{
+				MarkdownDescription: "The query that the rule will use to generate alerts.",
+				Optional:            true,
+			},
+			"language": schema.StringAttribute{
+				MarkdownDescription: "The query language. Valid values are: kuery, lucene, eql.",
+				Optional:            true,
+				Computed:            true,
+				Default:             stringdefault.StaticString("kuery"),
+				Validators: []validator.String{
+					stringvalidator.OneOf("kuery", "lucene", "eql"),
+				},
+			},
+			"index": schema.ListAttribute{
+				MarkdownDescription: "A list of index patterns to search.",
+				ElementType:         types.StringType,
+				Optional:            true,
+				Computed:            true,
+				Default:             listdefault.StaticValue(types.ListValueMust(types.StringType, []attr.Value{types.StringValue("*")})),
+			},
+			"severity": schema.StringAttribute{
+				MarkdownDescription: "The severity of the rule. Valid values are: low, medium, high, critical.",
+				Required:            true,
+				Validators: []validator.String{
+					stringvalidator.OneOf("low", "medium", "high", "critical"),
+				},
+			},
+			"risk": schema.Int64Attribute{
+				MarkdownDescription: "A numerical representation of the alert's severity from 1-100.",
+				Optional:            true,
+				Computed:            true,
+				Default:             int64default.StaticInt64(21),
+			},
+			"enabled": schema.BoolAttribute{
+				MarkdownDescription: "Determines whether the rule is enabled.",
+				Optional:            true,
+				Computed:            true,
+				Default:             booldefault.StaticBool(true),
+			},
+			"tags": schema.ListAttribute{
+				MarkdownDescription: "String array containing words and phrases to help categorize, filter, and search rules.",
+				ElementType:         types.StringType,
+				Optional:            true,
+				Computed:            true,
+				Default:             listdefault.StaticValue(types.ListValueMust(types.StringType, []attr.Value{})),
+			},
+			"from": schema.StringAttribute{
+				MarkdownDescription: "Time from which data is analyzed each time the rule executes, using date math syntax.",
+				Optional:            true,
+				Computed:            true,
+				Default:             stringdefault.StaticString("now-6m"),
+			},
+			"to": schema.StringAttribute{
+				MarkdownDescription: "Time to which data is analyzed each time the rule executes, using date math syntax.",
+				Optional:            true,
+				Computed:            true,
+				Default:             stringdefault.StaticString("now"),
+			},
+			"interval": schema.StringAttribute{
+				MarkdownDescription: "How often the rule executes.",
+				Optional:            true,
+				Computed:            true,
+				Default:             stringdefault.StaticString("5m"),
+				Validators: []validator.String{
+					stringvalidator.RegexMatches(regexp.MustCompile(`^\d+[smhd]$`), "must be a valid duration (e.g., '5m', '1h')"),
+				},
+			},
+			"meta": schema.StringAttribute{
+				MarkdownDescription: "Optional metadata about the rule as a JSON string.",
+				Optional:            true,
+			},
+			"author": schema.ListAttribute{
+				MarkdownDescription: "String array containing the rule's author(s).",
+				ElementType:         types.StringType,
+				Optional:            true,
+				Computed:            true,
+				Default:             listdefault.StaticValue(types.ListValueMust(types.StringType, []attr.Value{})),
+			},
+			"license": schema.StringAttribute{
+				MarkdownDescription: "The rule's license.",
+				Optional:            true,
+			},
+			"rule_name_override": schema.StringAttribute{
+				MarkdownDescription: "Sets the source field for the alert's rule name.",
+				Optional:            true,
+			},
+			"timestamp_override": schema.StringAttribute{
+				MarkdownDescription: "Sets the time field used to query indices.",
+				Optional:            true,
+			},
+			"note": schema.StringAttribute{
+				MarkdownDescription: "Notes to help investigate alerts produced by the rule.",
+				Optional:            true,
+			},
+			"references": schema.ListAttribute{
+				MarkdownDescription: "String array containing notes about or references to relevant information about the rule.",
+				ElementType:         types.StringType,
+				Optional:            true,
+				Computed:            true,
+				Default:             listdefault.StaticValue(types.ListValueMust(types.StringType, []attr.Value{})),
+			},
+			"false_positives": schema.ListAttribute{
+				MarkdownDescription: "String array describing common reasons why the rule may issue false-positive alerts.",
+				ElementType:         types.StringType,
+				Optional:            true,
+				Computed:            true,
+				Default:             listdefault.StaticValue(types.ListValueMust(types.StringType, []attr.Value{})),
+			},
+			"exceptions_list": schema.ListAttribute{
+				MarkdownDescription: "List of exceptions that prevent alerts from being generated.",
+				ElementType:         types.StringType,
+				Optional:            true,
+				Computed:            true,
+				Default:             listdefault.StaticValue(types.ListValueMust(types.StringType, []attr.Value{})),
+			},
+			"version": schema.Int64Attribute{
+				MarkdownDescription: "The rule's version number.",
+				Optional:            true,
+				Computed:            true,
+				Default:             int64default.StaticInt64(1),
+			},
+			"max_signals": schema.Int64Attribute{
+				MarkdownDescription: "Maximum number of alerts the rule can produce during a single execution.",
+				Optional:            true,
+				Computed:            true,
+				Default:             int64default.StaticInt64(100),
+			},
+		},
+	}
+}
diff --git a/internal/kibana/security/detection_rule/update.go b/internal/kibana/security/detection_rule/update.go
new file mode 100644
index 000000000..b172cd31f
--- /dev/null
+++ b/internal/kibana/security/detection_rule/update.go
@@ -0,0 +1,49 @@
+package detection_rule
+
+import (
+	"context"
+
+	"github.com/elastic/terraform-provider-elasticstack/internal/clients"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+)
+
+func (r *securityDetectionRuleResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+	var data SecurityDetectionRuleData
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Parse the composite ID
+	compId, diags := clients.CompositeIdFromStrFw(data.Id.ValueString())
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	spaceId := compId.ClusterId
+	ruleId := compId.ResourceId
+
+	// Convert the data to API request
+	apiRequest, diags := dataToAPIRequest(ctx, &data)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Update the rule
+	result, diags := UpdateSecurityDetectionRule(ctx, r.client, spaceId, ruleId, apiRequest)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Update the data with the response
+	diags = apiResponseToData(ctx, result, &data)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
diff --git a/provider/plugin_framework.go b/provider/plugin_framework.go
index 4da1e743d..4413164ff 100644
--- a/provider/plugin_framework.go
+++ b/provider/plugin_framework.go
@@ -23,6 +23,7 @@ import (
 	"github.com/elastic/terraform-provider-elasticstack/internal/kibana/data_view"
 	"github.com/elastic/terraform-provider-elasticstack/internal/kibana/import_saved_objects"
 	"github.com/elastic/terraform-provider-elasticstack/internal/kibana/maintenance_window"
+	"github.com/elastic/terraform-provider-elasticstack/internal/kibana/security/detection_rule"
 	"github.com/elastic/terraform-provider-elasticstack/internal/kibana/spaces"
 	"github.com/elastic/terraform-provider-elasticstack/internal/kibana/synthetics"
 	"github.com/elastic/terraform-provider-elasticstack/internal/kibana/synthetics/parameter"
@@ -112,6 +113,7 @@ func (p *Provider) Resources(ctx context.Context) []func() resource.Resource {
 		server_host.NewResource,
 		system_user.NewSystemUserResource,
 		maintenance_window.NewResource,
+		detection_rule.NewSecurityDetectionRuleResource,
 		enrich.NewEnrichPolicyResource,
 		role_mapping.NewRoleMappingResource,
 	}