DataDog · api-clients-generation-pipeline · Apr 17, 2026
@@ -64029,6 +64029,38 @@ components:
       type: string
       x-enum-varnames:
         - SIGNAL
+    SecurityMonitoringSignalUpdateAttributes:
+      description: Attributes for updating one or more triage attributes of a security signal.
+      properties:
+        archive_comment:
+          $ref: "#/components/schemas/SecurityMonitoringSignalArchiveComment"
+        archive_reason:
+          $ref: "#/components/schemas/SecurityMonitoringSignalArchiveReason"
+        assignee:
+          $ref: "#/components/schemas/SecurityMonitoringTriageUser"
+        state:
+          $ref: "#/components/schemas/SecurityMonitoringSignalState"
+        version:
+          $ref: "#/components/schemas/SecurityMonitoringSignalVersion"
+      type: object
+    SecurityMonitoringSignalUpdateData:
+      description: Data containing the triage update for a security signal.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/SecurityMonitoringSignalUpdateAttributes"
+        type:
+          $ref: "#/components/schemas/SecurityMonitoringSignalMetadataType"
+      required:
+        - attributes
+      type: object
+    SecurityMonitoringSignalUpdateRequest:
+      description: Request body for updating the triage attributes of a security signal.
+      properties:
+        data:
+          $ref: "#/components/schemas/SecurityMonitoringSignalUpdateData"
+      required:
+        - data
+      type: object
     SecurityMonitoringSignalVersion:
       description: Version of the updated signal. If server side version is higher, update will be rejected.
       format: int64
@@ -64182,6 +64214,33 @@ components:
         - count
         - events
       type: object
+    SecurityMonitoringSignalsBulkUpdateData:
+      description: Data for updating a single security signal in a bulk update operation.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/SecurityMonitoringSignalUpdateAttributes"
+        id:
+          description: The unique ID of the security signal.
+          example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA
+          type: string
+        type:
+          $ref: "#/components/schemas/SecurityMonitoringSignalType"
+      required:
+        - id
+        - attributes
+      type: object
+    SecurityMonitoringSignalsBulkUpdateRequest:
+      description: Request body for updating multiple attributes of multiple security signals.
+      properties:
+        data:
+          description: An array of signal updates.
+          items:
+            $ref: "#/components/schemas/SecurityMonitoringSignalsBulkUpdateData"
+          maxItems: 199
+          type: array
+      required:
+        - data
+      type: object
     SecurityMonitoringSignalsListResponse:
       description: "The response object with all security signals matching the request\nand pagination information."
       properties:
@@ -114190,6 +114249,51 @@ paths:
         operator: OR
         permissions:
           - security_monitoring_signals_write
+  /api/v2/security_monitoring/signals/bulk/update:
+    patch:
+      description: |-
+        Update one or more triage attributes of multiple security signals at once.
+        The maximum number of signals that can be updated in a single request is 199.
+      operationId: BulkEditSecurityMonitoringSignals
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/SecurityMonitoringSignalsBulkUpdateRequest"
+        description: Attributes describing the signal updates.
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/SecurityMonitoringSignalsBulkTriageUpdateResponse"
+          description: OK
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Forbidden
+        "429":
+          $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ: []
+      summary: Bulk update security signals
+      tags: ["Security Monitoring"]
+      x-codegen-request-body-name: body
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_signals_write
   /api/v2/security_monitoring/signals/search:
     post:
       description: |-
@@ -114479,6 +114583,58 @@ paths:
         permissions:
           - security_monitoring_rules_read
           - security_monitoring_signals_read
+  /api/v2/security_monitoring/signals/{signal_id}/update:
+    patch:
+      description: |-
+        Update one or more triage attributes of a security signal.
+      operationId: EditSecurityMonitoringSignal
+      parameters:
+        - $ref: "#/components/parameters/SignalID"
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/SecurityMonitoringSignalUpdateRequest"
+        description: Attributes describing the signal triage update.
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse"
+          description: OK
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Not Found
+        "429":
+          $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ: []
+      summary: Update a security signal's triage attributes
+      tags: ["Security Monitoring"]
+      x-codegen-request-body-name: body
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_signals_write
   /api/v2/security_monitoring/terraform/{resource_type}/bulk:
     post:
       description: |-

@@ -0,0 +1,50 @@
+// Bulk update security signals returns "OK" response
+
+import com.datadog.api.client.ApiClient;
+import com.datadog.api.client.ApiException;
+import com.datadog.api.client.v2.api.SecurityMonitoringApi;
+import com.datadog.api.client.v2.model.SecurityMonitoringSignalArchiveReason;
+import com.datadog.api.client.v2.model.SecurityMonitoringSignalState;
+import com.datadog.api.client.v2.model.SecurityMonitoringSignalType;
+import com.datadog.api.client.v2.model.SecurityMonitoringSignalUpdateAttributes;
+import com.datadog.api.client.v2.model.SecurityMonitoringSignalsBulkTriageUpdateResponse;
+import com.datadog.api.client.v2.model.SecurityMonitoringSignalsBulkUpdateData;
+import com.datadog.api.client.v2.model.SecurityMonitoringSignalsBulkUpdateRequest;
+import com.datadog.api.client.v2.model.SecurityMonitoringTriageUser;
+import java.util.Collections;
+
+public class Example {
+  public static void main(String[] args) {
+    ApiClient defaultClient = ApiClient.getDefaultApiClient();
+    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
+
+    SecurityMonitoringSignalsBulkUpdateRequest body =
+        new SecurityMonitoringSignalsBulkUpdateRequest()
+            .data(
+                Collections.singletonList(
+                    new SecurityMonitoringSignalsBulkUpdateData()
+                        .attributes(
+                            new SecurityMonitoringSignalUpdateAttributes()
+                                .archiveReason(SecurityMonitoringSignalArchiveReason.NONE)
+                                .assignee(
+                                    new SecurityMonitoringTriageUser()
+                                        .name(null)
+                                        .uuid("773b045d-ccf8-4808-bd3b-955ef6a8c940"))
+                                .state(SecurityMonitoringSignalState.OPEN))
+                        .id("AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA")
+                        .type(SecurityMonitoringSignalType.SIGNAL)));
+
+    try {
+      SecurityMonitoringSignalsBulkTriageUpdateResponse result =
+          apiInstance.bulkEditSecurityMonitoringSignals(body);
+      System.out.println(result);
+    } catch (ApiException e) {
+      System.err.println(
+          "Exception when calling SecurityMonitoringApi#bulkEditSecurityMonitoringSignals");
+      System.err.println("Status code: " + e.getCode());
+      System.err.println("Reason: " + e.getResponseBody());
+      System.err.println("Response headers: " + e.getResponseHeaders());
+      e.printStackTrace();
+    }
+  }
+}
@@ -0,0 +1,47 @@
+// Update a security signal's triage attributes returns "OK" response
+
+import com.datadog.api.client.ApiClient;
+import com.datadog.api.client.ApiException;
+import com.datadog.api.client.v2.api.SecurityMonitoringApi;
+import com.datadog.api.client.v2.model.SecurityMonitoringSignalArchiveReason;
+import com.datadog.api.client.v2.model.SecurityMonitoringSignalMetadataType;
+import com.datadog.api.client.v2.model.SecurityMonitoringSignalState;
+import com.datadog.api.client.v2.model.SecurityMonitoringSignalTriageUpdateResponse;
+import com.datadog.api.client.v2.model.SecurityMonitoringSignalUpdateAttributes;
+import com.datadog.api.client.v2.model.SecurityMonitoringSignalUpdateData;
+import com.datadog.api.client.v2.model.SecurityMonitoringSignalUpdateRequest;
+import com.datadog.api.client.v2.model.SecurityMonitoringTriageUser;
+
+public class Example {
+  public static void main(String[] args) {
+    ApiClient defaultClient = ApiClient.getDefaultApiClient();
+    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
+
+    SecurityMonitoringSignalUpdateRequest body =
+        new SecurityMonitoringSignalUpdateRequest()
+            .data(
+                new SecurityMonitoringSignalUpdateData()
+                    .attributes(
+                        new SecurityMonitoringSignalUpdateAttributes()
+                            .archiveReason(SecurityMonitoringSignalArchiveReason.NONE)
+                            .assignee(
+                                new SecurityMonitoringTriageUser()
+                                    .name(null)
+                                    .uuid("773b045d-ccf8-4808-bd3b-955ef6a8c940"))
+                            .state(SecurityMonitoringSignalState.OPEN))
+                    .type(SecurityMonitoringSignalMetadataType.SIGNAL_METADATA));
+
+    try {
+      SecurityMonitoringSignalTriageUpdateResponse result =
+          apiInstance.editSecurityMonitoringSignal("signal_id", body);
+      System.out.println(result);
+    } catch (ApiException e) {
+      System.err.println(
+          "Exception when calling SecurityMonitoringApi#editSecurityMonitoringSignal");
+      System.err.println("Status code: " + e.getCode());
+      System.err.println("Reason: " + e.getResponseBody());
+      System.err.println("Response headers: " + e.getResponseHeaders());
+      e.printStackTrace();
+    }
+  }
+}