Add custom fields to Rule update/validate API public documentation.

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-06-11 14:29:03.491775",
-            "spec_repo_commit": "847bdb30"
+            "regenerated": "2025-06-12 16:17:36.396850",
+            "spec_repo_commit": "2b721f6d"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-06-11 14:29:03.513770",
-            "spec_repo_commit": "847bdb30"
+            "regenerated": "2025-06-12 16:17:36.412179",
+            "spec_repo_commit": "2b721f6d"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -7238,6 +7238,14 @@ components:
           type: array
         complianceSignalOptions:
           $ref: '#/components/schemas/CloudConfigurationRuleComplianceSignalOptions'
+        customMessage:
+          description: Custom/Overridden message for generated signals (used in case
+            of Default rule update).
+          type: string
+        customName:
+          description: Custom/Overridden name of the rule (used in case of Default
+            rule update).
+          type: string
         filters:
           description: Additional queries to filter matched events before they are
             processed.
@@ -32717,6 +32725,8 @@ components:
 
             based on the event counts in the previously defined queries.'
           type: string
+        customStatus:
+          $ref: '#/components/schemas/SecurityMonitoringRuleSeverity'
         name:
           description: Name of the case.
           type: string
@@ -33243,6 +33253,13 @@ components:
           type: array
         complianceSignalOptions:
           $ref: '#/components/schemas/CloudConfigurationRuleComplianceSignalOptions'
+        customMessage:
+          description: Custom/Overridden Message for generated signals (used in case
+            of Default rule update).
+          type: string
+        customName:
+          description: Custom/Overridden name (used in case of Default rule update).
+          type: string
         filters:
           description: Additional queries to filter matched events before they are
             processed. This field is deprecated for log detection, signal correlation,
@@ -33574,6 +33591,14 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate'
           type: array
+        customMessage:
+          description: Custom/Overridden message for generated signals (used in case
+            of Default rule update).
+          type: string
+        customName:
+          description: Custom/Overridden name of the rule (used in case of Default
+            rule update).
+          type: string
         filters:
           description: Additional queries to filter matched events before they are
             processed. This field is deprecated for log detection, signal correlation,
@@ -33673,6 +33698,14 @@ components:
           description: User ID of the user who created the rule.
           format: int64
           type: integer
+        customMessage:
+          description: Custom/Overridden message for generated signals (used in case
+            of Default rule update).
+          type: string
+        customName:
+          description: Custom/Overridden name of the rule (used in case of Default
+            rule update).
+          type: string
         deprecationDate:
           description: When the rule will be deprecated, timestamp in milliseconds.
           format: int64
@@ -34060,6 +34093,14 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate'
           type: array
+        customMessage:
+          description: Custom/Overridden message for generated signals (used in case
+            of Default rule update).
+          type: string
+        customName:
+          description: Custom/Overridden name of the rule (used in case of Default
+            rule update).
+          type: string
         filters:
           description: Additional queries to filter matched events before they are
             processed. This field is deprecated for log detection, signal correlation,
@@ -34137,6 +34178,10 @@ components:
       properties:
         aggregation:
           $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation'
+        customQueryExtension:
+          description: Query extension to append to the logs query.
+          example: a > 3
+          type: string
         dataSource:
           $ref: '#/components/schemas/SecurityMonitoringStandardDataSource'
         distinctFields:
@@ -34200,6 +34245,14 @@ components:
           description: User ID of the user who created the rule.
           format: int64
           type: integer
+        customMessage:
+          description: Custom/Overridden message for generated signals (used in case
+            of Default rule update).
+          type: string
+        customName:
+          description: Custom/Overridden name of the rule (used in case of Default
+            rule update).
+          type: string
         defaultTags:
           description: Default Tags for default rules (included in tags)
           example:
@@ -34646,6 +34699,8 @@ components:
     SecurityMonitoringThirdPartyRuleCase:
       description: Case when signal is generated by a third party rule.
       properties:
+        customStatus:
+          $ref: '#/components/schemas/SecurityMonitoringRuleSeverity'
         name:
           description: Name of the case.
           type: string

src/datadog_api_client/v2/model/cloud_configuration_rule_payload.py

@@ -37,6 +37,8 @@ def openapi_types(_):
         return {
             "cases": ([CloudConfigurationRuleCaseCreate],),
             "compliance_signal_options": (CloudConfigurationRuleComplianceSignalOptions,),
+            "custom_message": (str,),
+            "custom_name": (str,),
             "filters": ([SecurityMonitoringFilter],),
             "is_enabled": (bool,),
             "message": (str,),
@@ -49,6 +51,8 @@ def openapi_types(_):
     attribute_map = {
         "cases": "cases",
         "compliance_signal_options": "complianceSignalOptions",
+        "custom_message": "customMessage",
+        "custom_name": "customName",
         "filters": "filters",
         "is_enabled": "isEnabled",
         "message": "message",
@@ -66,6 +70,8 @@ def __init__(
         message: str,
         name: str,
         options: CloudConfigurationRuleOptions,
+        custom_message: Union[str, UnsetType] = unset,
+        custom_name: Union[str, UnsetType] = unset,
         filters: Union[List[SecurityMonitoringFilter], UnsetType] = unset,
         tags: Union[List[str], UnsetType] = unset,
         type: Union[CloudConfigurationRuleType, UnsetType] = unset,
@@ -80,6 +86,12 @@ def __init__(
         :param compliance_signal_options: How to generate compliance signals. Useful for cloud_configuration rules only.
         :type compliance_signal_options: CloudConfigurationRuleComplianceSignalOptions
 
+        :param custom_message: Custom/Overridden message for generated signals (used in case of Default rule update).
+        :type custom_message: str, optional
+
+        :param custom_name: Custom/Overridden name of the rule (used in case of Default rule update).
+        :type custom_name: str, optional
+
         :param filters: Additional queries to filter matched events before they are processed.
         :type filters: [SecurityMonitoringFilter], optional
 
@@ -101,6 +113,10 @@ def __init__(
         :param type: The rule type.
         :type type: CloudConfigurationRuleType, optional
         """
+        if custom_message is not unset:
+            kwargs["custom_message"] = custom_message
+        if custom_name is not unset:
+            kwargs["custom_name"] = custom_name
         if filters is not unset:
             kwargs["filters"] = filters
         if tags is not unset:

src/datadog_api_client/v2/model/security_monitoring_rule_case.py

@@ -27,6 +27,7 @@ def openapi_types(_):
         return {
             "actions": ([SecurityMonitoringRuleCaseAction],),
             "condition": (str,),
+            "custom_status": (SecurityMonitoringRuleSeverity,),
             "name": (str,),
             "notifications": ([str],),
             "status": (SecurityMonitoringRuleSeverity,),
@@ -35,6 +36,7 @@ def openapi_types(_):
     attribute_map = {
         "actions": "actions",
         "condition": "condition",
+        "custom_status": "customStatus",
         "name": "name",
         "notifications": "notifications",
         "status": "status",
@@ -44,6 +46,7 @@ def __init__(
         self_,
         actions: Union[List[SecurityMonitoringRuleCaseAction], UnsetType] = unset,
         condition: Union[str, UnsetType] = unset,
+        custom_status: Union[SecurityMonitoringRuleSeverity, UnsetType] = unset,
         name: Union[str, UnsetType] = unset,
         notifications: Union[List[str], UnsetType] = unset,
         status: Union[SecurityMonitoringRuleSeverity, UnsetType] = unset,
@@ -59,6 +62,9 @@ def __init__(
             based on the event counts in the previously defined queries.
         :type condition: str, optional
 
+        :param custom_status: Severity of the Security Signal.
+        :type custom_status: SecurityMonitoringRuleSeverity, optional
+
         :param name: Name of the case.
         :type name: str, optional
 
@@ -72,6 +78,8 @@ def __init__(
             kwargs["actions"] = actions
         if condition is not unset:
             kwargs["condition"] = condition
+        if custom_status is not unset:
+            kwargs["custom_status"] = custom_status
         if name is not unset:
             kwargs["name"] = name
         if notifications is not unset:

src/datadog_api_client/v2/model/security_monitoring_rule_convert_payload.py

@@ -18,6 +18,12 @@ def __init__(self, **kwargs):
         :param cases: Cases for generating signals.
         :type cases: [SecurityMonitoringRuleCaseCreate]
 
+        :param custom_message: Custom/Overridden message for generated signals (used in case of Default rule update).
+        :type custom_message: str, optional
+
+        :param custom_name: Custom/Overridden name of the rule (used in case of Default rule update).
+        :type custom_name: str, optional
+
         :param filters: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules.
         :type filters: [SecurityMonitoringFilter], optional
 

src/datadog_api_client/v2/model/security_monitoring_rule_query.py

@@ -18,6 +18,9 @@ def __init__(self, **kwargs):
         :param aggregation: The aggregation type.
         :type aggregation: SecurityMonitoringRuleQueryAggregation, optional
 
+        :param custom_query_extension: Query extension to append to the logs query.
+        :type custom_query_extension: str, optional
+
         :param data_source: Source of events, either logs, audit trail, or Datadog events.
         :type data_source: SecurityMonitoringStandardDataSource, optional
 

src/datadog_api_client/v2/model/security_monitoring_rule_response.py

@@ -27,6 +27,12 @@ def __init__(self, **kwargs):
         :param creation_author_id: User ID of the user who created the rule.
         :type creation_author_id: int, optional
 
+        :param custom_message: Custom/Overridden message for generated signals (used in case of Default rule update).
+        :type custom_message: str, optional
+
+        :param custom_name: Custom/Overridden name of the rule (used in case of Default rule update).
+        :type custom_name: str, optional
+
         :param default_tags: Default Tags for default rules (included in tags)
         :type default_tags: [str], optional
 

src/datadog_api_client/v2/model/security_monitoring_rule_update_payload.py

@@ -53,6 +53,8 @@ def openapi_types(_):
         return {
             "cases": ([SecurityMonitoringRuleCase],),
             "compliance_signal_options": (CloudConfigurationRuleComplianceSignalOptions,),
+            "custom_message": (str,),
+            "custom_name": (str,),
             "filters": ([SecurityMonitoringFilter],),
             "group_signals_by": ([str],),
             "has_extended_title": (bool,),
@@ -70,6 +72,8 @@ def openapi_types(_):
     attribute_map = {
         "cases": "cases",
         "compliance_signal_options": "complianceSignalOptions",
+        "custom_message": "customMessage",
+        "custom_name": "customName",
         "filters": "filters",
         "group_signals_by": "groupSignalsBy",
         "has_extended_title": "hasExtendedTitle",
@@ -88,6 +92,8 @@ def __init__(
         self_,
         cases: Union[List[SecurityMonitoringRuleCase], UnsetType] = unset,
         compliance_signal_options: Union[CloudConfigurationRuleComplianceSignalOptions, UnsetType] = unset,
+        custom_message: Union[str, UnsetType] = unset,
+        custom_name: Union[str, UnsetType] = unset,
         filters: Union[List[SecurityMonitoringFilter], UnsetType] = unset,
         group_signals_by: Union[List[str], UnsetType] = unset,
         has_extended_title: Union[bool, UnsetType] = unset,
@@ -118,6 +124,12 @@ def __init__(
         :param compliance_signal_options: How to generate compliance signals. Useful for cloud_configuration rules only.
         :type compliance_signal_options: CloudConfigurationRuleComplianceSignalOptions, optional
 
+        :param custom_message: Custom/Overridden Message for generated signals (used in case of Default rule update).
+        :type custom_message: str, optional
+
+        :param custom_name: Custom/Overridden name (used in case of Default rule update).
+        :type custom_name: str, optional
+
         :param filters: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules.
         :type filters: [SecurityMonitoringFilter], optional
 
@@ -158,6 +170,10 @@ def __init__(
             kwargs["cases"] = cases
         if compliance_signal_options is not unset:
             kwargs["compliance_signal_options"] = compliance_signal_options
+        if custom_message is not unset:
+            kwargs["custom_message"] = custom_message
+        if custom_name is not unset:
+            kwargs["custom_name"] = custom_name
         if filters is not unset:
             kwargs["filters"] = filters
         if group_signals_by is not unset:

src/datadog_api_client/v2/model/security_monitoring_rule_validate_payload.py

@@ -18,6 +18,12 @@ def __init__(self, **kwargs):
         :param cases: Cases for generating signals.
         :type cases: [SecurityMonitoringRuleCaseCreate]
 
+        :param custom_message: Custom/Overridden message for generated signals (used in case of Default rule update).
+        :type custom_message: str, optional
+
+        :param custom_name: Custom/Overridden name of the rule (used in case of Default rule update).
+        :type custom_name: str, optional
+
         :param filters: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules.
         :type filters: [SecurityMonitoringFilter], optional
 

src/datadog_api_client/v2/model/security_monitoring_signal_rule_payload.py

@@ -32,6 +32,8 @@ def openapi_types(_):
 
         return {
             "cases": ([SecurityMonitoringRuleCaseCreate],),
+            "custom_message": (str,),
+            "custom_name": (str,),
             "filters": ([SecurityMonitoringFilter],),
             "has_extended_title": (bool,),
             "is_enabled": (bool,),
@@ -45,6 +47,8 @@ def openapi_types(_):
 
     attribute_map = {
         "cases": "cases",
+        "custom_message": "customMessage",
+        "custom_name": "customName",
         "filters": "filters",
         "has_extended_title": "hasExtendedTitle",
         "is_enabled": "isEnabled",
@@ -64,6 +68,8 @@ def __init__(
         name: str,
         options: SecurityMonitoringRuleOptions,
         queries: List[SecurityMonitoringSignalRuleQuery],
+        custom_message: Union[str, UnsetType] = unset,
+        custom_name: Union[str, UnsetType] = unset,
         filters: Union[List[SecurityMonitoringFilter], UnsetType] = unset,
         has_extended_title: Union[bool, UnsetType] = unset,
         tags: Union[List[str], UnsetType] = unset,
@@ -76,6 +82,12 @@ def __init__(
         :param cases: Cases for generating signals.
         :type cases: [SecurityMonitoringRuleCaseCreate]
 
+        :param custom_message: Custom/Overridden message for generated signals (used in case of Default rule update).
+        :type custom_message: str, optional
+
+        :param custom_name: Custom/Overridden name of the rule (used in case of Default rule update).
+        :type custom_name: str, optional
+
         :param filters: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules.
         :type filters: [SecurityMonitoringFilter], optional
 
@@ -103,6 +115,10 @@ def __init__(
         :param type: The rule type.
         :type type: SecurityMonitoringSignalRuleType, optional
         """
+        if custom_message is not unset:
+            kwargs["custom_message"] = custom_message
+        if custom_name is not unset:
+            kwargs["custom_name"] = custom_name
         if filters is not unset:
             kwargs["filters"] = filters
         if has_extended_title is not unset: