Microsoft Sentinel Public API support (#729)

Co-authored-by: ci.datadog-api-spec <packages@datadoghq.com>

Author: api-clients-generation-pipeline[bot]

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-06-23 07:59:26.601798",
-            "spec_repo_commit": "74866a53"
+            "regenerated": "2025-06-23 13:26:50.467749",
+            "spec_repo_commit": "2e491415"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-06-23 07:59:26.619809",
-            "spec_repo_commit": "74866a53"
+            "regenerated": "2025-06-23 13:26:50.483970",
+            "spec_repo_commit": "2e491415"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -10590,6 +10590,7 @@ components:
       - $ref: '#/components/schemas/CustomDestinationForwardDestinationHttp'
       - $ref: '#/components/schemas/CustomDestinationForwardDestinationSplunk'
       - $ref: '#/components/schemas/CustomDestinationForwardDestinationElasticsearch'
+      - $ref: '#/components/schemas/CustomDestinationForwardDestinationMicrosoftSentinel'
     CustomDestinationForwardDestinationElasticsearch:
       description: The Elasticsearch destination.
       properties:
@@ -10674,6 +10675,49 @@ components:
       type: string
       x-enum-varnames:
       - HTTP
+    CustomDestinationForwardDestinationMicrosoftSentinel:
+      description: The Microsoft Sentinel destination.
+      properties:
+        client_id:
+          description: Client ID from the Datadog Azure integration.
+          example: 9a2f4d83-2b5e-429e-a35a-2b3c4182db71
+          type: string
+        data_collection_endpoint:
+          description: Azure data collection endpoint.
+          example: https://my-dce-5kyl.eastus-1.ingest.monitor.azure.com
+          type: string
+        data_collection_rule_id:
+          description: Azure data collection rule ID.
+          example: dcr-000a00a000a00000a000000aa000a0aa
+          type: string
+        stream_name:
+          description: Azure stream name.
+          example: Custom-MyTable
+          type: string
+          writeOnly: true
+        tenant_id:
+          description: Tenant ID from the Datadog Azure integration.
+          example: f3c9a8a1-4c2e-4d2e-b911-9f3c28c3c8b2
+          type: string
+        type:
+          $ref: '#/components/schemas/CustomDestinationForwardDestinationMicrosoftSentinelType'
+      required:
+      - type
+      - tenant_id
+      - client_id
+      - data_collection_endpoint
+      - data_collection_rule_id
+      - stream_name
+      type: object
+    CustomDestinationForwardDestinationMicrosoftSentinelType:
+      default: microsoft_sentinel
+      description: Type of the Microsoft Sentinel destination.
+      enum:
+      - microsoft_sentinel
+      example: microsoft_sentinel
+      type: string
+      x-enum-varnames:
+      - MICROSOFT_SENTINEL
     CustomDestinationForwardDestinationSplunk:
       description: The Splunk HTTP Event Collector (HEC) destination.
       properties:
@@ -10849,6 +10893,7 @@ components:
       - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationHttp'
       - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationSplunk'
       - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationElasticsearch'
+      - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationMicrosoftSentinel'
     CustomDestinationResponseForwardDestinationElasticsearch:
       description: The Elasticsearch destination.
       properties:
@@ -10933,6 +10978,49 @@ components:
       type: string
       x-enum-varnames:
       - HTTP
+    CustomDestinationResponseForwardDestinationMicrosoftSentinel:
+      description: The Microsoft Sentinel destination.
+      properties:
+        client_id:
+          description: Client ID from the Datadog Azure integration.
+          example: 9a2f4d83-2b5e-429e-a35a-2b3c4182db71
+          type: string
+        data_collection_endpoint:
+          description: Azure data collection endpoint.
+          example: https://my-dce-5kyl.eastus-1.ingest.monitor.azure.com
+          type: string
+        data_collection_rule_id:
+          description: Azure data collection rule ID.
+          example: dcr-000a00a000a00000a000000aa000a0aa
+          type: string
+        stream_name:
+          description: Azure stream name.
+          example: Custom-MyTable
+          type: string
+          writeOnly: true
+        tenant_id:
+          description: Tenant ID from the Datadog Azure integration.
+          example: f3c9a8a1-4c2e-4d2e-b911-9f3c28c3c8b2
+          type: string
+        type:
+          $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationMicrosoftSentinelType'
+      required:
+      - type
+      - tenant_id
+      - client_id
+      - data_collection_endpoint
+      - data_collection_rule_id
+      - stream_name
+      type: object
+    CustomDestinationResponseForwardDestinationMicrosoftSentinelType:
+      default: microsoft_sentinel
+      description: Type of the Microsoft Sentinel destination.
+      enum:
+      - microsoft_sentinel
+      example: microsoft_sentinel
+      type: string
+      x-enum-varnames:
+      - MICROSOFT_SENTINEL
     CustomDestinationResponseForwardDestinationSplunk:
       description: The Splunk HTTP Event Collector (HEC) destination.
       properties:

examples/v2_logs-custom-destinations_CreateLogsCustomDestination_1735989579.rs

@@ -0,0 +1,50 @@
+// Create a Microsoft Sentinel custom destination returns "OK" response
+use datadog_api_client::datadog;
+use datadog_api_client::datadogV2::api_logs_custom_destinations::LogsCustomDestinationsAPI;
+use datadog_api_client::datadogV2::model::CustomDestinationAttributeTagsRestrictionListType;
+use datadog_api_client::datadogV2::model::CustomDestinationCreateRequest;
+use datadog_api_client::datadogV2::model::CustomDestinationCreateRequestAttributes;
+use datadog_api_client::datadogV2::model::CustomDestinationCreateRequestDefinition;
+use datadog_api_client::datadogV2::model::CustomDestinationForwardDestination;
+use datadog_api_client::datadogV2::model::CustomDestinationForwardDestinationMicrosoftSentinel;
+use datadog_api_client::datadogV2::model::CustomDestinationForwardDestinationMicrosoftSentinelType;
+use datadog_api_client::datadogV2::model::CustomDestinationType;
+
+#[tokio::main]
+async fn main() {
+    let body =
+        CustomDestinationCreateRequest
+        ::new().data(
+            CustomDestinationCreateRequestDefinition::new(
+                CustomDestinationCreateRequestAttributes::new(
+                    CustomDestinationForwardDestination::CustomDestinationForwardDestinationMicrosoftSentinel(
+                        Box::new(
+                            CustomDestinationForwardDestinationMicrosoftSentinel::new(
+                                "9a2f4d83-2b5e-429e-a35a-2b3c4182db71".to_string(),
+                                "https://my-dce-5kyl.eastus-1.ingest.monitor.azure.com".to_string(),
+                                "dcr-000a00a000a00000a000000aa000a0aa".to_string(),
+                                "Custom-MyTable".to_string(),
+                                "f3c9a8a1-4c2e-4d2e-b911-9f3c28c3c8b2".to_string(),
+                                CustomDestinationForwardDestinationMicrosoftSentinelType::MICROSOFT_SENTINEL,
+                            ),
+                        ),
+                    ),
+                    "Nginx logs".to_string(),
+                )
+                    .enabled(false)
+                    .forward_tags(false)
+                    .forward_tags_restriction_list(vec!["datacenter".to_string(), "host".to_string()])
+                    .forward_tags_restriction_list_type(CustomDestinationAttributeTagsRestrictionListType::ALLOW_LIST)
+                    .query("source:nginx".to_string()),
+                CustomDestinationType::CUSTOM_DESTINATION,
+            ),
+        );
+    let configuration = datadog::Configuration::new();
+    let api = LogsCustomDestinationsAPI::with_config(configuration);
+    let resp = api.create_logs_custom_destination(body).await;
+    if let Ok(value) = resp {
+        println!("{:#?}", value);
+    } else {
+        println!("{:#?}", resp.unwrap_err());
+    }
+}

src/datadogV2/model/mod.rs

@@ -2272,6 +2272,10 @@ pub mod model_custom_destination_response_forward_destination_elasticsearch;
 pub use self::model_custom_destination_response_forward_destination_elasticsearch::CustomDestinationResponseForwardDestinationElasticsearch;
 pub mod model_custom_destination_response_forward_destination_elasticsearch_type;
 pub use self::model_custom_destination_response_forward_destination_elasticsearch_type::CustomDestinationResponseForwardDestinationElasticsearchType;
+pub mod model_custom_destination_response_forward_destination_microsoft_sentinel;
+pub use self::model_custom_destination_response_forward_destination_microsoft_sentinel::CustomDestinationResponseForwardDestinationMicrosoftSentinel;
+pub mod model_custom_destination_response_forward_destination_microsoft_sentinel_type;
+pub use self::model_custom_destination_response_forward_destination_microsoft_sentinel_type::CustomDestinationResponseForwardDestinationMicrosoftSentinelType;
 pub mod model_custom_destination_response_forward_destination;
 pub use self::model_custom_destination_response_forward_destination::CustomDestinationResponseForwardDestination;
 pub mod model_custom_destination_type;
@@ -2306,6 +2310,10 @@ pub mod model_custom_destination_elasticsearch_destination_auth;
 pub use self::model_custom_destination_elasticsearch_destination_auth::CustomDestinationElasticsearchDestinationAuth;
 pub mod model_custom_destination_forward_destination_elasticsearch_type;
 pub use self::model_custom_destination_forward_destination_elasticsearch_type::CustomDestinationForwardDestinationElasticsearchType;
+pub mod model_custom_destination_forward_destination_microsoft_sentinel;
+pub use self::model_custom_destination_forward_destination_microsoft_sentinel::CustomDestinationForwardDestinationMicrosoftSentinel;
+pub mod model_custom_destination_forward_destination_microsoft_sentinel_type;
+pub use self::model_custom_destination_forward_destination_microsoft_sentinel_type::CustomDestinationForwardDestinationMicrosoftSentinelType;
 pub mod model_custom_destination_forward_destination;
 pub use self::model_custom_destination_forward_destination::CustomDestinationForwardDestination;
 pub mod model_custom_destination_response;

src/datadogV2/model/model_custom_destination_forward_destination.rs

@@ -17,6 +17,9 @@ pub enum CustomDestinationForwardDestination {
     CustomDestinationForwardDestinationElasticsearch(
         Box<crate::datadogV2::model::CustomDestinationForwardDestinationElasticsearch>,
     ),
+    CustomDestinationForwardDestinationMicrosoftSentinel(
+        Box<crate::datadogV2::model::CustomDestinationForwardDestinationMicrosoftSentinel>,
+    ),
     UnparsedObject(crate::datadog::UnparsedObject),
 }
 
@@ -58,6 +61,14 @@ impl<'de> Deserialize<'de> for CustomDestinationForwardDestination {
                 return Ok(CustomDestinationForwardDestination::CustomDestinationForwardDestinationElasticsearch(_v));
             }
         }
+        if let Ok(_v) = serde_json::from_value::<
+            Box<crate::datadogV2::model::CustomDestinationForwardDestinationMicrosoftSentinel>,
+        >(value.clone())
+        {
+            if !_v._unparsed {
+                return Ok(CustomDestinationForwardDestination::CustomDestinationForwardDestinationMicrosoftSentinel(_v));
+            }
+        }
 
         return Ok(CustomDestinationForwardDestination::UnparsedObject(
             crate::datadog::UnparsedObject { value },

src/datadogV2/model/model_custom_destination_forward_destination_microsoft_sentinel.rs

@@ -0,0 +1,163 @@
+// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2019-Present Datadog, Inc.
+use serde::de::{Error, MapAccess, Visitor};
+use serde::{Deserialize, Deserializer, Serialize};
+use serde_with::skip_serializing_none;
+use std::fmt::{self, Formatter};
+
+/// The Microsoft Sentinel destination.
+#[non_exhaustive]
+#[skip_serializing_none]
+#[derive(Clone, Debug, PartialEq, Serialize)]
+pub struct CustomDestinationForwardDestinationMicrosoftSentinel {
+    /// Client ID from the Datadog Azure integration.
+    #[serde(rename = "client_id")]
+    pub client_id: String,
+    /// Azure data collection endpoint.
+    #[serde(rename = "data_collection_endpoint")]
+    pub data_collection_endpoint: String,
+    /// Azure data collection rule ID.
+    #[serde(rename = "data_collection_rule_id")]
+    pub data_collection_rule_id: String,
+    /// Azure stream name.
+    #[serde(rename = "stream_name")]
+    pub stream_name: String,
+    /// Tenant ID from the Datadog Azure integration.
+    #[serde(rename = "tenant_id")]
+    pub tenant_id: String,
+    /// Type of the Microsoft Sentinel destination.
+    #[serde(rename = "type")]
+    pub type_: crate::datadogV2::model::CustomDestinationForwardDestinationMicrosoftSentinelType,
+    #[serde(flatten)]
+    pub additional_properties: std::collections::BTreeMap<String, serde_json::Value>,
+    #[serde(skip)]
+    #[serde(default)]
+    pub(crate) _unparsed: bool,
+}
+
+impl CustomDestinationForwardDestinationMicrosoftSentinel {
+    pub fn new(
+        client_id: String,
+        data_collection_endpoint: String,
+        data_collection_rule_id: String,
+        stream_name: String,
+        tenant_id: String,
+        type_: crate::datadogV2::model::CustomDestinationForwardDestinationMicrosoftSentinelType,
+    ) -> CustomDestinationForwardDestinationMicrosoftSentinel {
+        CustomDestinationForwardDestinationMicrosoftSentinel {
+            client_id,
+            data_collection_endpoint,
+            data_collection_rule_id,
+            stream_name,
+            tenant_id,
+            type_,
+            additional_properties: std::collections::BTreeMap::new(),
+            _unparsed: false,
+        }
+    }
+
+    pub fn additional_properties(
+        mut self,
+        value: std::collections::BTreeMap<String, serde_json::Value>,
+    ) -> Self {
+        self.additional_properties = value;
+        self
+    }
+}
+
+impl<'de> Deserialize<'de> for CustomDestinationForwardDestinationMicrosoftSentinel {
+    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+    where
+        D: Deserializer<'de>,
+    {
+        struct CustomDestinationForwardDestinationMicrosoftSentinelVisitor;
+        impl<'a> Visitor<'a> for CustomDestinationForwardDestinationMicrosoftSentinelVisitor {
+            type Value = CustomDestinationForwardDestinationMicrosoftSentinel;
+
+            fn expecting(&self, f: &mut Formatter<'_>) -> fmt::Result {
+                f.write_str("a mapping")
+            }
+
+            fn visit_map<M>(self, mut map: M) -> Result<Self::Value, M::Error>
+            where
+                M: MapAccess<'a>,
+            {
+                let mut client_id: Option<String> = None;
+                let mut data_collection_endpoint: Option<String> = None;
+                let mut data_collection_rule_id: Option<String> = None;
+                let mut stream_name: Option<String> = None;
+                let mut tenant_id: Option<String> = None;
+                let mut type_: Option<crate::datadogV2::model::CustomDestinationForwardDestinationMicrosoftSentinelType> = None;
+                let mut additional_properties: std::collections::BTreeMap<
+                    String,
+                    serde_json::Value,
+                > = std::collections::BTreeMap::new();
+                let mut _unparsed = false;
+
+                while let Some((k, v)) = map.next_entry::<String, serde_json::Value>()? {
+                    match k.as_str() {
+                        "client_id" => {
+                            client_id = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
+                        }
+                        "data_collection_endpoint" => {
+                            data_collection_endpoint =
+                                Some(serde_json::from_value(v).map_err(M::Error::custom)?);
+                        }
+                        "data_collection_rule_id" => {
+                            data_collection_rule_id =
+                                Some(serde_json::from_value(v).map_err(M::Error::custom)?);
+                        }
+                        "stream_name" => {
+                            stream_name =
+                                Some(serde_json::from_value(v).map_err(M::Error::custom)?);
+                        }
+                        "tenant_id" => {
+                            tenant_id = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
+                        }
+                        "type" => {
+                            type_ = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
+                            if let Some(ref _type_) = type_ {
+                                match _type_ {
+                                    crate::datadogV2::model::CustomDestinationForwardDestinationMicrosoftSentinelType::UnparsedObject(_type_) => {
+                                        _unparsed = true;
+                                    },
+                                    _ => {}
+                                }
+                            }
+                        }
+                        &_ => {
+                            if let Ok(value) = serde_json::from_value(v.clone()) {
+                                additional_properties.insert(k, value);
+                            }
+                        }
+                    }
+                }
+                let client_id = client_id.ok_or_else(|| M::Error::missing_field("client_id"))?;
+                let data_collection_endpoint = data_collection_endpoint
+                    .ok_or_else(|| M::Error::missing_field("data_collection_endpoint"))?;
+                let data_collection_rule_id = data_collection_rule_id
+                    .ok_or_else(|| M::Error::missing_field("data_collection_rule_id"))?;
+                let stream_name =
+                    stream_name.ok_or_else(|| M::Error::missing_field("stream_name"))?;
+                let tenant_id = tenant_id.ok_or_else(|| M::Error::missing_field("tenant_id"))?;
+                let type_ = type_.ok_or_else(|| M::Error::missing_field("type_"))?;
+
+                let content = CustomDestinationForwardDestinationMicrosoftSentinel {
+                    client_id,
+                    data_collection_endpoint,
+                    data_collection_rule_id,
+                    stream_name,
+                    tenant_id,
+                    type_,
+                    additional_properties,
+                    _unparsed,
+                };
+
+                Ok(content)
+            }
+        }
+
+        deserializer.deserialize_any(CustomDestinationForwardDestinationMicrosoftSentinelVisitor)
+    }
+}