DataDog · api-clients-generation-pipeline · May 28, 2026 · May 28, 2026
@@ -19385,9 +19385,6 @@ components:
     ConvertJobResultsToSignalsAttributes:
       description: Attributes for converting historical job results to signals.
       properties:
-        id:
-          description: Request ID.
-          type: string
         jobResultIds:
           description: Job result IDs.
           example:
@@ -38180,10 +38177,34 @@ components:
     HistoricalJobQuery:
       description: Query for selecting logs analyzed by the historical job.
       properties:
+        additionalFilters:
+          description: Additional filters appended to the query at evaluation time.
+          type: string
         aggregation:
           $ref: "#/components/schemas/SecurityMonitoringRuleQueryAggregation"
+        correlatedByFields:
+          description: Fields used to correlate results across queries in sequence detection rules.
+          items:
+            description: Field.
+            type: string
+          type: array
+        correlatedQueryIndex:
+          description: Zero-based index of the query to correlate with in sequence detection rules. Up to 10 queries are supported, so valid values are 0 to 9.
+          format: int64
+          maximum: 9
+          minimum: 0
+          type: integer
+        customQueryExtension:
+          description: Custom query extension used to refine the base query.
+          type: string
         dataSource:
           $ref: "#/components/schemas/SecurityMonitoringStandardDataSource"
+        datasetIds:
+          description: IDs of reference datasets used by this query.
+          items:
+            description: Dataset ID.
+            type: string
+          type: array
         distinctFields:
           description: Field for which the cardinality is measured. Sent as an array.
           items:
@@ -38201,6 +38222,15 @@ components:
           description: When false, events without a group-by value are ignored by the query. When true, events with missing group-by fields are processed with `N/A`, replacing the missing values.
           example: false
           type: boolean
+        index:
+          description: Index used to load the data for this query.
+          type: string
+        indexes:
+          description: Indexes used to load the data for this query. Mutually exclusive with `index`.
+          items:
+            description: Index name.
+            type: string
+          type: array
         metrics:
           description: Group of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values.
           items:
@@ -38214,6 +38244,9 @@ components:
           description: Query to run on logs.
           example: a > 3
           type: string
+        queryLanguage:
+          description: Language used to parse the query string.
+          type: string
       type: object
     HistoricalJobResponse:
       description: Historical job response.
@@ -38247,6 +38280,10 @@ components:
         modifiedAt:
           description: Last modification time of the job.
           type: string
+        progressRate:
+          description: Job execution progress as a value between 0 and 1. Available for ongoing jobs.
+          format: double
+          type: number
         signalOutput:
           description: Whether the job outputs signals.
           type: boolean
@@ -43777,9 +43814,10 @@ components:
             $ref: "#/components/schemas/CalculatedField"
           type: array
         cases:
-          description: Cases used for generating job results.
+          description: Cases used for generating job results. Up to 10 cases are allowed.
           items:
             $ref: "#/components/schemas/SecurityMonitoringRuleCaseCreate"
+          maxItems: 10
           type: array
         from:
           description: Starting time of data analyzed by the job.
@@ -43809,9 +43847,10 @@ components:
         options:
           $ref: "#/components/schemas/HistoricalJobOptions"
         queries:
-          description: Queries for selecting logs analyzed by the job.
+          description: Queries for selecting logs analyzed by the job. Up to 10 queries are allowed.
           items:
             $ref: "#/components/schemas/HistoricalJobQuery"
+          maxItems: 10
           type: array
         referenceTables:
           description: Reference tables used in the queries.
@@ -43825,10 +43864,11 @@ components:
             type: string
           type: array
         thirdPartyCases:
-          description: Cases for generating results from third-party detection method. Only available for third-party detection method.
+          description: Cases for generating results from third-party detection method. Only available for third-party detection method. Up to 10 cases are allowed.
           example: []
           items:
             $ref: "#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate"
+          maxItems: 10
           type: array
         to:
           description: Ending time of data analyzed by the job.
@@ -43850,6 +43890,12 @@ components:
     JobDefinitionFromRule:
       description: Definition of a historical job based on a security monitoring rule.
       properties:
+        caseIndex:
+          description: Zero-based index of the rule case to use as the job's signal condition. When omitted, all cases are evaluated. Up to 10 cases are supported, so valid values are 0 to 9.
+          format: int32
+          maximum: 9
+          minimum: 0
+          type: integer
         from:
           description: Starting time of data analyzed by the job.
           example: 1729843470000
@@ -71345,11 +71391,11 @@ components:
       properties:
         fromRule:
           $ref: "#/components/schemas/JobDefinitionFromRule"
-        id:
-          description: Request ID.
-          type: string
         jobDefinition:
           $ref: "#/components/schemas/JobDefinition"
+        signalOutput:
+          description: Whether the job outputs signals when results are converted.
+          type: boolean
       type: object
     RunHistoricalJobRequestData:
       description: Data for running a historical job request.

@@ -1 +1 @@
-2026-04-13T09:15:40.141Z
+2026-05-26T20:45:58.257Z
@@ -1 +1 @@
-2026-04-13T09:15:41.174Z
+2026-05-26T20:45:58.957Z
@@ -1 +1 @@
-2026-04-13T09:15:41.286Z
+2026-05-26T20:45:59.561Z
@@ -1 +1 @@
-2026-04-13T09:15:41.656Z
+2026-05-26T20:46:00.730Z
@@ -1 +1 @@
-2026-04-13T09:15:41.819Z
+2026-05-26T20:46:01.231Z
@@ -1 +1 @@
-2026-04-13T09:15:42.455Z
+2026-05-26T20:46:01.667Z
@@ -1 +1 @@
-2026-04-13T09:15:42.536Z
+2026-05-26T20:46:02.116Z
@@ -1 +1 @@
-2026-04-13T09:15:42.599Z
+2026-05-26T20:46:02.616Z
@@ -1 +1 @@
-2026-04-13T09:15:42.662Z
+2026-05-26T20:46:03.044Z
@@ -1 +1 @@
-2026-04-13T09:15:42.851Z
+2026-05-26T20:46:04.068Z
@@ -1 +1 @@
-2026-04-13T09:15:42.922Z
+2026-05-26T20:46:04.592Z
@@ -1 +1 @@
-2026-04-13T09:15:42.979Z
+2026-05-26T20:46:05.019Z