Microsoft Sentinel Public API support

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-06-23 07:59:26.325614",
-            "spec_repo_commit": "74866a53"
+            "regenerated": "2025-06-23 13:26:53.019562",
+            "spec_repo_commit": "2e491415"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-06-23 07:59:26.342135",
-            "spec_repo_commit": "74866a53"
+            "regenerated": "2025-06-23 13:26:53.036893",
+            "spec_repo_commit": "2e491415"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -10590,6 +10590,7 @@ components:
       - $ref: '#/components/schemas/CustomDestinationForwardDestinationHttp'
       - $ref: '#/components/schemas/CustomDestinationForwardDestinationSplunk'
       - $ref: '#/components/schemas/CustomDestinationForwardDestinationElasticsearch'
+      - $ref: '#/components/schemas/CustomDestinationForwardDestinationMicrosoftSentinel'
     CustomDestinationForwardDestinationElasticsearch:
       description: The Elasticsearch destination.
       properties:
@@ -10674,6 +10675,49 @@ components:
       type: string
       x-enum-varnames:
       - HTTP
+    CustomDestinationForwardDestinationMicrosoftSentinel:
+      description: The Microsoft Sentinel destination.
+      properties:
+        client_id:
+          description: Client ID from the Datadog Azure integration.
+          example: 9a2f4d83-2b5e-429e-a35a-2b3c4182db71
+          type: string
+        data_collection_endpoint:
+          description: Azure data collection endpoint.
+          example: https://my-dce-5kyl.eastus-1.ingest.monitor.azure.com
+          type: string
+        data_collection_rule_id:
+          description: Azure data collection rule ID.
+          example: dcr-000a00a000a00000a000000aa000a0aa
+          type: string
+        stream_name:
+          description: Azure stream name.
+          example: Custom-MyTable
+          type: string
+          writeOnly: true
+        tenant_id:
+          description: Tenant ID from the Datadog Azure integration.
+          example: f3c9a8a1-4c2e-4d2e-b911-9f3c28c3c8b2
+          type: string
+        type:
+          $ref: '#/components/schemas/CustomDestinationForwardDestinationMicrosoftSentinelType'
+      required:
+      - type
+      - tenant_id
+      - client_id
+      - data_collection_endpoint
+      - data_collection_rule_id
+      - stream_name
+      type: object
+    CustomDestinationForwardDestinationMicrosoftSentinelType:
+      default: microsoft_sentinel
+      description: Type of the Microsoft Sentinel destination.
+      enum:
+      - microsoft_sentinel
+      example: microsoft_sentinel
+      type: string
+      x-enum-varnames:
+      - MICROSOFT_SENTINEL
     CustomDestinationForwardDestinationSplunk:
       description: The Splunk HTTP Event Collector (HEC) destination.
       properties:
@@ -10849,6 +10893,7 @@ components:
       - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationHttp'
       - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationSplunk'
       - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationElasticsearch'
+      - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationMicrosoftSentinel'
     CustomDestinationResponseForwardDestinationElasticsearch:
       description: The Elasticsearch destination.
       properties:
@@ -10933,6 +10978,49 @@ components:
       type: string
       x-enum-varnames:
       - HTTP
+    CustomDestinationResponseForwardDestinationMicrosoftSentinel:
+      description: The Microsoft Sentinel destination.
+      properties:
+        client_id:
+          description: Client ID from the Datadog Azure integration.
+          example: 9a2f4d83-2b5e-429e-a35a-2b3c4182db71
+          type: string
+        data_collection_endpoint:
+          description: Azure data collection endpoint.
+          example: https://my-dce-5kyl.eastus-1.ingest.monitor.azure.com
+          type: string
+        data_collection_rule_id:
+          description: Azure data collection rule ID.
+          example: dcr-000a00a000a00000a000000aa000a0aa
+          type: string
+        stream_name:
+          description: Azure stream name.
+          example: Custom-MyTable
+          type: string
+          writeOnly: true
+        tenant_id:
+          description: Tenant ID from the Datadog Azure integration.
+          example: f3c9a8a1-4c2e-4d2e-b911-9f3c28c3c8b2
+          type: string
+        type:
+          $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationMicrosoftSentinelType'
+      required:
+      - type
+      - tenant_id
+      - client_id
+      - data_collection_endpoint
+      - data_collection_rule_id
+      - stream_name
+      type: object
+    CustomDestinationResponseForwardDestinationMicrosoftSentinelType:
+      default: microsoft_sentinel
+      description: Type of the Microsoft Sentinel destination.
+      enum:
+      - microsoft_sentinel
+      example: microsoft_sentinel
+      type: string
+      x-enum-varnames:
+      - MICROSOFT_SENTINEL
     CustomDestinationResponseForwardDestinationSplunk:
       description: The Splunk HTTP Event Collector (HEC) destination.
       properties:

examples/v2/logs-custom-destinations/CreateLogsCustomDestination_1735989579.java

@@ -0,0 +1,62 @@
+// Create a Microsoft Sentinel custom destination returns "OK" response
+
+import com.datadog.api.client.ApiClient;
+import com.datadog.api.client.ApiException;
+import com.datadog.api.client.v2.api.LogsCustomDestinationsApi;
+import com.datadog.api.client.v2.model.CustomDestinationAttributeTagsRestrictionListType;
+import com.datadog.api.client.v2.model.CustomDestinationCreateRequest;
+import com.datadog.api.client.v2.model.CustomDestinationCreateRequestAttributes;
+import com.datadog.api.client.v2.model.CustomDestinationCreateRequestDefinition;
+import com.datadog.api.client.v2.model.CustomDestinationForwardDestination;
+import com.datadog.api.client.v2.model.CustomDestinationForwardDestinationMicrosoftSentinel;
+import com.datadog.api.client.v2.model.CustomDestinationForwardDestinationMicrosoftSentinelType;
+import com.datadog.api.client.v2.model.CustomDestinationResponse;
+import com.datadog.api.client.v2.model.CustomDestinationType;
+import java.util.Arrays;
+
+public class Example {
+  public static void main(String[] args) {
+    ApiClient defaultClient = ApiClient.getDefaultApiClient();
+    LogsCustomDestinationsApi apiInstance = new LogsCustomDestinationsApi(defaultClient);
+
+    CustomDestinationCreateRequest body =
+        new CustomDestinationCreateRequest()
+            .data(
+                new CustomDestinationCreateRequestDefinition()
+                    .attributes(
+                        new CustomDestinationCreateRequestAttributes()
+                            .enabled(false)
+                            .forwardTags(false)
+                            .forwardTagsRestrictionList(Arrays.asList("datacenter", "host"))
+                            .forwardTagsRestrictionListType(
+                                CustomDestinationAttributeTagsRestrictionListType.ALLOW_LIST)
+                            .forwarderDestination(
+                                new CustomDestinationForwardDestination(
+                                    new CustomDestinationForwardDestinationMicrosoftSentinel()
+                                        .type(
+                                            CustomDestinationForwardDestinationMicrosoftSentinelType
+                                                .MICROSOFT_SENTINEL)
+                                        .tenantId("f3c9a8a1-4c2e-4d2e-b911-9f3c28c3c8b2")
+                                        .clientId("9a2f4d83-2b5e-429e-a35a-2b3c4182db71")
+                                        .dataCollectionEndpoint(
+                                            "https://my-dce-5kyl.eastus-1.ingest.monitor.azure.com")
+                                        .dataCollectionRuleId(
+                                            "dcr-000a00a000a00000a000000aa000a0aa")
+                                        .streamName("Custom-MyTable")))
+                            .name("Nginx logs")
+                            .query("source:nginx"))
+                    .type(CustomDestinationType.CUSTOM_DESTINATION));
+
+    try {
+      CustomDestinationResponse result = apiInstance.createLogsCustomDestination(body);
+      System.out.println(result);
+    } catch (ApiException e) {
+      System.err.println(
+          "Exception when calling LogsCustomDestinationsApi#createLogsCustomDestination");
+      System.err.println("Status code: " + e.getCode());
+      System.err.println("Reason: " + e.getResponseBody());
+      System.err.println("Response headers: " + e.getResponseHeaders());
+      e.printStackTrace();
+    }
+  }
+}

src/main/java/com/datadog/api/client/v2/model/CustomDestinationForwardDestination.java

@@ -241,6 +241,61 @@ public CustomDestinationForwardDestination deserialize(
             e);
       }
 
+      // deserialize CustomDestinationForwardDestinationMicrosoftSentinel
+      try {
+        boolean attemptParsing = true;
+        // ensure that we respect type coercion as set on the client ObjectMapper
+        if (CustomDestinationForwardDestinationMicrosoftSentinel.class.equals(Integer.class)
+            || CustomDestinationForwardDestinationMicrosoftSentinel.class.equals(Long.class)
+            || CustomDestinationForwardDestinationMicrosoftSentinel.class.equals(Float.class)
+            || CustomDestinationForwardDestinationMicrosoftSentinel.class.equals(Double.class)
+            || CustomDestinationForwardDestinationMicrosoftSentinel.class.equals(Boolean.class)
+            || CustomDestinationForwardDestinationMicrosoftSentinel.class.equals(String.class)) {
+          attemptParsing = typeCoercion;
+          if (!attemptParsing) {
+            attemptParsing |=
+                ((CustomDestinationForwardDestinationMicrosoftSentinel.class.equals(Integer.class)
+                        || CustomDestinationForwardDestinationMicrosoftSentinel.class.equals(
+                            Long.class))
+                    && token == JsonToken.VALUE_NUMBER_INT);
+            attemptParsing |=
+                ((CustomDestinationForwardDestinationMicrosoftSentinel.class.equals(Float.class)
+                        || CustomDestinationForwardDestinationMicrosoftSentinel.class.equals(
+                            Double.class))
+                    && (token == JsonToken.VALUE_NUMBER_FLOAT
+                        || token == JsonToken.VALUE_NUMBER_INT));
+            attemptParsing |=
+                (CustomDestinationForwardDestinationMicrosoftSentinel.class.equals(Boolean.class)
+                    && (token == JsonToken.VALUE_FALSE || token == JsonToken.VALUE_TRUE));
+            attemptParsing |=
+                (CustomDestinationForwardDestinationMicrosoftSentinel.class.equals(String.class)
+                    && token == JsonToken.VALUE_STRING);
+          }
+        }
+        if (attemptParsing) {
+          tmp =
+              tree.traverse(jp.getCodec())
+                  .readValueAs(CustomDestinationForwardDestinationMicrosoftSentinel.class);
+          // TODO: there is no validation against JSON schema constraints
+          // (min, max, enum, pattern...), this does not perform a strict JSON
+          // validation, which means the 'match' count may be higher than it should be.
+          if (!((CustomDestinationForwardDestinationMicrosoftSentinel) tmp).unparsed) {
+            deserialized = tmp;
+            match++;
+          }
+          log.log(
+              Level.FINER,
+              "Input data matches schema 'CustomDestinationForwardDestinationMicrosoftSentinel'");
+        }
+      } catch (Exception e) {
+        // deserialization failed, continue
+        log.log(
+            Level.FINER,
+            "Input data does not match schema"
+                + " 'CustomDestinationForwardDestinationMicrosoftSentinel'",
+            e);
+      }
+
       CustomDestinationForwardDestination ret = new CustomDestinationForwardDestination();
       if (match == 1) {
         ret.setActualInstance(deserialized);
@@ -286,6 +341,12 @@ public CustomDestinationForwardDestination(CustomDestinationForwardDestinationEl
     setActualInstance(o);
   }
 
+  public CustomDestinationForwardDestination(
+      CustomDestinationForwardDestinationMicrosoftSentinel o) {
+    super("oneOf", Boolean.FALSE);
+    setActualInstance(o);
+  }
+
   static {
     schemas.put(
         "CustomDestinationForwardDestinationHttp",
@@ -296,6 +357,9 @@ public CustomDestinationForwardDestination(CustomDestinationForwardDestinationEl
     schemas.put(
         "CustomDestinationForwardDestinationElasticsearch",
         new GenericType<CustomDestinationForwardDestinationElasticsearch>() {});
+    schemas.put(
+        "CustomDestinationForwardDestinationMicrosoftSentinel",
+        new GenericType<CustomDestinationForwardDestinationMicrosoftSentinel>() {});
     JSON.registerDescendants(
         CustomDestinationForwardDestination.class, Collections.unmodifiableMap(schemas));
   }
@@ -308,7 +372,8 @@ public Map<String, GenericType> getSchemas() {
   /**
    * Set the instance that matches the oneOf child schema, check the instance parameter is valid
    * against the oneOf child schemas: CustomDestinationForwardDestinationHttp,
-   * CustomDestinationForwardDestinationSplunk, CustomDestinationForwardDestinationElasticsearch
+   * CustomDestinationForwardDestinationSplunk, CustomDestinationForwardDestinationElasticsearch,
+   * CustomDestinationForwardDestinationMicrosoftSentinel
    *
    * <p>It could be an instance of the 'oneOf' schemas. The oneOf child schemas may themselves be a
    * composed schema (allOf, anyOf, oneOf).
@@ -332,6 +397,13 @@ public void setActualInstance(Object instance) {
       super.setActualInstance(instance);
       return;
     }
+    if (JSON.isInstanceOf(
+        CustomDestinationForwardDestinationMicrosoftSentinel.class,
+        instance,
+        new HashSet<Class<?>>())) {
+      super.setActualInstance(instance);
+      return;
+    }
 
     if (JSON.isInstanceOf(UnparsedObject.class, instance, new HashSet<Class<?>>())) {
       super.setActualInstance(instance);
@@ -340,16 +412,19 @@ public void setActualInstance(Object instance) {
     throw new RuntimeException(
         "Invalid instance type. Must be CustomDestinationForwardDestinationHttp,"
             + " CustomDestinationForwardDestinationSplunk,"
-            + " CustomDestinationForwardDestinationElasticsearch");
+            + " CustomDestinationForwardDestinationElasticsearch,"
+            + " CustomDestinationForwardDestinationMicrosoftSentinel");
   }
 
   /**
    * Get the actual instance, which can be the following: CustomDestinationForwardDestinationHttp,
-   * CustomDestinationForwardDestinationSplunk, CustomDestinationForwardDestinationElasticsearch
+   * CustomDestinationForwardDestinationSplunk, CustomDestinationForwardDestinationElasticsearch,
+   * CustomDestinationForwardDestinationMicrosoftSentinel
    *
    * @return The actual instance (CustomDestinationForwardDestinationHttp,
    *     CustomDestinationForwardDestinationSplunk,
-   *     CustomDestinationForwardDestinationElasticsearch)
+   *     CustomDestinationForwardDestinationElasticsearch,
+   *     CustomDestinationForwardDestinationMicrosoftSentinel)
    */
   @Override
   public Object getActualInstance() {
@@ -393,4 +468,18 @@ public CustomDestinationForwardDestinationSplunk getCustomDestinationForwardDest
       getCustomDestinationForwardDestinationElasticsearch() throws ClassCastException {
     return (CustomDestinationForwardDestinationElasticsearch) super.getActualInstance();
   }
+
+  /**
+   * Get the actual instance of `CustomDestinationForwardDestinationMicrosoftSentinel`. If the
+   * actual instance is not `CustomDestinationForwardDestinationMicrosoftSentinel`, the
+   * ClassCastException will be thrown.
+   *
+   * @return The actual instance of `CustomDestinationForwardDestinationMicrosoftSentinel`
+   * @throws ClassCastException if the instance is not
+   *     `CustomDestinationForwardDestinationMicrosoftSentinel`
+   */
+  public CustomDestinationForwardDestinationMicrosoftSentinel
+      getCustomDestinationForwardDestinationMicrosoftSentinel() throws ClassCastException {
+    return (CustomDestinationForwardDestinationMicrosoftSentinel) super.getActualInstance();
+  }
 }