Microsoft Sentinel Public API support

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-06-23 07:59:25.289975",
-            "spec_repo_commit": "74866a53"
+            "regenerated": "2025-06-23 13:26:53.358816",
+            "spec_repo_commit": "2e491415"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-06-23 07:59:25.307606",
-            "spec_repo_commit": "74866a53"
+            "regenerated": "2025-06-23 13:26:53.376995",
+            "spec_repo_commit": "2e491415"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -10590,6 +10590,7 @@ components:
       - $ref: '#/components/schemas/CustomDestinationForwardDestinationHttp'
       - $ref: '#/components/schemas/CustomDestinationForwardDestinationSplunk'
       - $ref: '#/components/schemas/CustomDestinationForwardDestinationElasticsearch'
+      - $ref: '#/components/schemas/CustomDestinationForwardDestinationMicrosoftSentinel'
     CustomDestinationForwardDestinationElasticsearch:
       description: The Elasticsearch destination.
       properties:
@@ -10674,6 +10675,49 @@ components:
       type: string
       x-enum-varnames:
       - HTTP
+    CustomDestinationForwardDestinationMicrosoftSentinel:
+      description: The Microsoft Sentinel destination.
+      properties:
+        client_id:
+          description: Client ID from the Datadog Azure integration.
+          example: 9a2f4d83-2b5e-429e-a35a-2b3c4182db71
+          type: string
+        data_collection_endpoint:
+          description: Azure data collection endpoint.
+          example: https://my-dce-5kyl.eastus-1.ingest.monitor.azure.com
+          type: string
+        data_collection_rule_id:
+          description: Azure data collection rule ID.
+          example: dcr-000a00a000a00000a000000aa000a0aa
+          type: string
+        stream_name:
+          description: Azure stream name.
+          example: Custom-MyTable
+          type: string
+          writeOnly: true
+        tenant_id:
+          description: Tenant ID from the Datadog Azure integration.
+          example: f3c9a8a1-4c2e-4d2e-b911-9f3c28c3c8b2
+          type: string
+        type:
+          $ref: '#/components/schemas/CustomDestinationForwardDestinationMicrosoftSentinelType'
+      required:
+      - type
+      - tenant_id
+      - client_id
+      - data_collection_endpoint
+      - data_collection_rule_id
+      - stream_name
+      type: object
+    CustomDestinationForwardDestinationMicrosoftSentinelType:
+      default: microsoft_sentinel
+      description: Type of the Microsoft Sentinel destination.
+      enum:
+      - microsoft_sentinel
+      example: microsoft_sentinel
+      type: string
+      x-enum-varnames:
+      - MICROSOFT_SENTINEL
     CustomDestinationForwardDestinationSplunk:
       description: The Splunk HTTP Event Collector (HEC) destination.
       properties:
@@ -10849,6 +10893,7 @@ components:
       - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationHttp'
       - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationSplunk'
       - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationElasticsearch'
+      - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationMicrosoftSentinel'
     CustomDestinationResponseForwardDestinationElasticsearch:
       description: The Elasticsearch destination.
       properties:
@@ -10933,6 +10978,49 @@ components:
       type: string
       x-enum-varnames:
       - HTTP
+    CustomDestinationResponseForwardDestinationMicrosoftSentinel:
+      description: The Microsoft Sentinel destination.
+      properties:
+        client_id:
+          description: Client ID from the Datadog Azure integration.
+          example: 9a2f4d83-2b5e-429e-a35a-2b3c4182db71
+          type: string
+        data_collection_endpoint:
+          description: Azure data collection endpoint.
+          example: https://my-dce-5kyl.eastus-1.ingest.monitor.azure.com
+          type: string
+        data_collection_rule_id:
+          description: Azure data collection rule ID.
+          example: dcr-000a00a000a00000a000000aa000a0aa
+          type: string
+        stream_name:
+          description: Azure stream name.
+          example: Custom-MyTable
+          type: string
+          writeOnly: true
+        tenant_id:
+          description: Tenant ID from the Datadog Azure integration.
+          example: f3c9a8a1-4c2e-4d2e-b911-9f3c28c3c8b2
+          type: string
+        type:
+          $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationMicrosoftSentinelType'
+      required:
+      - type
+      - tenant_id
+      - client_id
+      - data_collection_endpoint
+      - data_collection_rule_id
+      - stream_name
+      type: object
+    CustomDestinationResponseForwardDestinationMicrosoftSentinelType:
+      default: microsoft_sentinel
+      description: Type of the Microsoft Sentinel destination.
+      enum:
+      - microsoft_sentinel
+      example: microsoft_sentinel
+      type: string
+      x-enum-varnames:
+      - MICROSOFT_SENTINEL
     CustomDestinationResponseForwardDestinationSplunk:
       description: The Splunk HTTP Event Collector (HEC) destination.
       properties:

cassettes/v2/Logs-Custom-Destinations_2771509030/Create-a-Microsoft-Sentinel-custom-destination-returns-OK-response_2471486703/frozen.json

@@ -0,0 +1 @@
+"2025-06-20T08:10:33.243Z"

cassettes/v2/Logs-Custom-Destinations_2771509030/Create-a-Microsoft-Sentinel-custom-destination-returns-OK-response_2471486703/recording.har

@@ -0,0 +1,109 @@
+{
+  "log": {
+    "_recordingName": "Logs Custom Destinations/Create a Microsoft Sentinel custom destination returns \"OK\" response",
+    "creator": {
+      "comment": "persister:fs",
+      "name": "Polly.JS",
+      "version": "6.0.5"
+    },
+    "entries": [
+      {
+        "_id": "42a16876edd11fd1384e5ef1ae5323d6",
+        "_order": 0,
+        "cache": {},
+        "request": {
+          "bodySize": 572,
+          "cookies": [],
+          "headers": [
+            {
+              "_fromType": "array",
+              "name": "accept",
+              "value": "application/json"
+            },
+            {
+              "_fromType": "array",
+              "name": "content-type",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 593,
+          "httpVersion": "HTTP/1.1",
+          "method": "POST",
+          "postData": {
+            "mimeType": "application/json",
+            "params": [],
+            "text": "{\"data\":{\"attributes\":{\"enabled\":false,\"forward_tags\":false,\"forward_tags_restriction_list\":[\"datacenter\",\"host\"],\"forward_tags_restriction_list_type\":\"ALLOW_LIST\",\"forwarder_destination\":{\"client_id\":\"9a2f4d83-2b5e-429e-a35a-2b3c4182db71\",\"data_collection_endpoint\":\"https://my-dce-5kyl.eastus-1.ingest.monitor.azure.com\",\"data_collection_rule_id\":\"dcr-000a00a000a00000a000000aa000a0aa\",\"stream_name\":\"Custom-MyTable\",\"tenant_id\":\"f3c9a8a1-4c2e-4d2e-b911-9f3c28c3c8b2\",\"type\":\"microsoft_sentinel\"},\"name\":\"Nginx logs\",\"query\":\"source:nginx\"},\"type\":\"custom_destination\"}}"
+          },
+          "queryString": [],
+          "url": "https://api.datadoghq.com/api/v2/logs/config/custom-destinations"
+        },
+        "response": {
+          "bodySize": 617,
+          "content": {
+            "mimeType": "application/json",
+            "size": 617,
+            "text": "{\"data\":{\"id\":\"171ee4b7-e07f-43ca-85a5-23f762c161a7\",\"attributes\":{\"name\":\"Nginx logs\",\"query\":\"source:nginx\",\"enabled\":false,\"forwarder_destination\":{\"tenant_id\":\"f3c9a8a1-4c2e-4d2e-b911-9f3c28c3c8b2\",\"client_id\":\"9a2f4d83-2b5e-429e-a35a-2b3c4182db71\",\"data_collection_endpoint\":\"https://my-dce-5kyl.eastus-1.ingest.monitor.azure.com\",\"data_collection_rule_id\":\"dcr-000a00a000a00000a000000aa000a0aa\",\"stream_name\":\"Custom-MyTable\",\"type\":\"microsoft_sentinel\"},\"forward_tags_restriction_list_type\":\"ALLOW_LIST\",\"forward_tags_restriction_list\":[\"datacenter\",\"host\"],\"forward_tags\":false},\"type\":\"custom_destination\"}}\n"
+          },
+          "cookies": [],
+          "headers": [
+            {
+              "name": "content-type",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 713,
+          "httpVersion": "HTTP/1.1",
+          "redirectURL": "",
+          "status": 200,
+          "statusText": "OK"
+        },
+        "startedDateTime": "2025-06-20T08:10:33.665Z",
+        "time": 390
+      },
+      {
+        "_id": "72747df2f798a86224387187f85ee17d",
+        "_order": 0,
+        "cache": {},
+        "request": {
+          "bodySize": 0,
+          "cookies": [],
+          "headers": [
+            {
+              "_fromType": "array",
+              "name": "accept",
+              "value": "*/*"
+            }
+          ],
+          "headersSize": 566,
+          "httpVersion": "HTTP/1.1",
+          "method": "DELETE",
+          "queryString": [],
+          "url": "https://api.datadoghq.com/api/v2/logs/config/custom-destinations/171ee4b7-e07f-43ca-85a5-23f762c161a7"
+        },
+        "response": {
+          "bodySize": 0,
+          "content": {
+            "mimeType": "text/html; charset=utf-8",
+            "size": 0
+          },
+          "cookies": [],
+          "headers": [
+            {
+              "name": "content-type",
+              "value": "text/html; charset=utf-8"
+            }
+          ],
+          "headersSize": 700,
+          "httpVersion": "HTTP/1.1",
+          "redirectURL": "",
+          "status": 204,
+          "statusText": "No Content"
+        },
+        "startedDateTime": "2025-06-20T08:10:34.069Z",
+        "time": 388
+      }
+    ],
+    "pages": [],
+    "version": "1.2"
+  }
+}

examples/v2/logs-custom-destinations/CreateLogsCustomDestination_1735989579.ts

@@ -0,0 +1,42 @@
+/**
+ * Create a Microsoft Sentinel custom destination returns "OK" response
+ */
+
+import { client, v2 } from "@datadog/datadog-api-client";
+
+const configuration = client.createConfiguration();
+const apiInstance = new v2.LogsCustomDestinationsApi(configuration);
+
+const params: v2.LogsCustomDestinationsApiCreateLogsCustomDestinationRequest = {
+  body: {
+    data: {
+      attributes: {
+        enabled: false,
+        forwardTags: false,
+        forwardTagsRestrictionList: ["datacenter", "host"],
+        forwardTagsRestrictionListType: "ALLOW_LIST",
+        forwarderDestination: {
+          type: "microsoft_sentinel",
+          tenantId: "f3c9a8a1-4c2e-4d2e-b911-9f3c28c3c8b2",
+          clientId: "9a2f4d83-2b5e-429e-a35a-2b3c4182db71",
+          dataCollectionEndpoint:
+            "https://my-dce-5kyl.eastus-1.ingest.monitor.azure.com",
+          dataCollectionRuleId: "dcr-000a00a000a00000a000000aa000a0aa",
+          streamName: "Custom-MyTable",
+        },
+        name: "Nginx logs",
+        query: "source:nginx",
+      },
+      type: "custom_destination",
+    },
+  },
+};
+
+apiInstance
+  .createLogsCustomDestination(params)
+  .then((data: v2.CustomDestinationResponse) => {
+    console.log(
+      "API called successfully. Returned data: " + JSON.stringify(data)
+    );
+  })
+  .catch((error: any) => console.error(error));

features/v2/logs_custom_destinations.feature

@@ -57,6 +57,29 @@ Feature: Logs Custom Destinations
     And the response "data.attributes.forward_tags_restriction_list" array contains value "host"
     And the response "data.attributes.forward_tags_restriction_list_type" is equal to "ALLOW_LIST"
 
+  @team:DataDog/logs-backend @team:DataDog/logs-forwarding
+  Scenario: Create a Microsoft Sentinel custom destination returns "OK" response
+    Given new "CreateLogsCustomDestination" request
+    And body with value {"data": {"attributes": {"enabled": false, "forward_tags": false, "forward_tags_restriction_list": ["datacenter", "host"], "forward_tags_restriction_list_type": "ALLOW_LIST", "forwarder_destination": {"type": "microsoft_sentinel", "tenant_id": "f3c9a8a1-4c2e-4d2e-b911-9f3c28c3c8b2", "client_id": "9a2f4d83-2b5e-429e-a35a-2b3c4182db71", "data_collection_endpoint": "https://my-dce-5kyl.eastus-1.ingest.monitor.azure.com", "data_collection_rule_id": "dcr-000a00a000a00000a000000aa000a0aa", "stream_name": "Custom-MyTable"}, "name": "Nginx logs", "query": "source:nginx"}, "type": "custom_destination"}}
+    When the request is sent
+    Then the response status is 200 OK
+    And the response "data.type" is equal to "custom_destination"
+    And the response "data" has field "id"
+    And the response "data.attributes.name" is equal to "Nginx logs"
+    And the response "data.attributes.query" is equal to "source:nginx"
+    And the response "data.attributes.forwarder_destination.type" is equal to "microsoft_sentinel"
+    And the response "data.attributes.forwarder_destination.tenant_id" is equal to "f3c9a8a1-4c2e-4d2e-b911-9f3c28c3c8b2"
+    And the response "data.attributes.forwarder_destination.client_id" is equal to "9a2f4d83-2b5e-429e-a35a-2b3c4182db71"
+    And the response "data.attributes.forwarder_destination.data_collection_endpoint" is equal to "https://my-dce-5kyl.eastus-1.ingest.monitor.azure.com"
+    And the response "data.attributes.forwarder_destination.data_collection_rule_id" is equal to "dcr-000a00a000a00000a000000aa000a0aa"
+    And the response "data.attributes.forwarder_destination.stream_name" is equal to "Custom-MyTable"
+    And the response "data.attributes.enabled" is false
+    And the response "data.attributes.forward_tags" is false
+    And the response "data.attributes.forward_tags_restriction_list" has length 2
+    And the response "data.attributes.forward_tags_restriction_list" array contains value "datacenter"
+    And the response "data.attributes.forward_tags_restriction_list" array contains value "host"
+    And the response "data.attributes.forward_tags_restriction_list_type" is equal to "ALLOW_LIST"
+
   @team:DataDog/logs-backend @team:DataDog/logs-forwarding
   Scenario: Create a Splunk custom destination returns "OK" response
     Given new "CreateLogsCustomDestination" request

packages/datadog-api-client-v2/index.ts

@@ -1329,6 +1329,8 @@ export { CustomDestinationForwardDestinationElasticsearch } from "./models/Custo
 export { CustomDestinationForwardDestinationElasticsearchType } from "./models/CustomDestinationForwardDestinationElasticsearchType";
 export { CustomDestinationForwardDestinationHttp } from "./models/CustomDestinationForwardDestinationHttp";
 export { CustomDestinationForwardDestinationHttpType } from "./models/CustomDestinationForwardDestinationHttpType";
+export { CustomDestinationForwardDestinationMicrosoftSentinel } from "./models/CustomDestinationForwardDestinationMicrosoftSentinel";
+export { CustomDestinationForwardDestinationMicrosoftSentinelType } from "./models/CustomDestinationForwardDestinationMicrosoftSentinelType";
 export { CustomDestinationForwardDestinationSplunk } from "./models/CustomDestinationForwardDestinationSplunk";
 export { CustomDestinationForwardDestinationSplunkType } from "./models/CustomDestinationForwardDestinationSplunkType";
 export { CustomDestinationHttpDestinationAuth } from "./models/CustomDestinationHttpDestinationAuth";
@@ -1344,6 +1346,8 @@ export { CustomDestinationResponseForwardDestinationElasticsearch } from "./mode
 export { CustomDestinationResponseForwardDestinationElasticsearchType } from "./models/CustomDestinationResponseForwardDestinationElasticsearchType";
 export { CustomDestinationResponseForwardDestinationHttp } from "./models/CustomDestinationResponseForwardDestinationHttp";
 export { CustomDestinationResponseForwardDestinationHttpType } from "./models/CustomDestinationResponseForwardDestinationHttpType";
+export { CustomDestinationResponseForwardDestinationMicrosoftSentinel } from "./models/CustomDestinationResponseForwardDestinationMicrosoftSentinel";
+export { CustomDestinationResponseForwardDestinationMicrosoftSentinelType } from "./models/CustomDestinationResponseForwardDestinationMicrosoftSentinelType";
 export { CustomDestinationResponseForwardDestinationSplunk } from "./models/CustomDestinationResponseForwardDestinationSplunk";
 export { CustomDestinationResponseForwardDestinationSplunkType } from "./models/CustomDestinationResponseForwardDestinationSplunkType";
 export { CustomDestinationResponseHttpDestinationAuth } from "./models/CustomDestinationResponseHttpDestinationAuth";

packages/datadog-api-client-v2/models/CustomDestinationForwardDestination.ts

@@ -5,6 +5,7 @@
  */
 import { CustomDestinationForwardDestinationElasticsearch } from "./CustomDestinationForwardDestinationElasticsearch";
 import { CustomDestinationForwardDestinationHttp } from "./CustomDestinationForwardDestinationHttp";
+import { CustomDestinationForwardDestinationMicrosoftSentinel } from "./CustomDestinationForwardDestinationMicrosoftSentinel";
 import { CustomDestinationForwardDestinationSplunk } from "./CustomDestinationForwardDestinationSplunk";
 
 import { UnparsedObject } from "../../datadog-api-client-common/util";
@@ -17,4 +18,5 @@ export type CustomDestinationForwardDestination =
   | CustomDestinationForwardDestinationHttp
   | CustomDestinationForwardDestinationSplunk
   | CustomDestinationForwardDestinationElasticsearch
+  | CustomDestinationForwardDestinationMicrosoftSentinel
   | UnparsedObject;