Cloud SIEM - Add instantaneousBaseline feature parameter. (#33204)

Co-authored-by: ci.datadog-api-spec <[email protected]>

Author: api-clients-generation-pipeline[bot]

content/en/api/v2/security-monitoring/examples.json

@@ -0,0 +1,47 @@
+{
+  "cases": [
+    {
+      "name": "",
+      "status": "info",
+      "notifications": []
+    }
+  ],
+  "hasExtendedTitle": true,
+  "isEnabled": true,
+  "message": "My security monitoring rule",
+  "name": "My security monitoring rule",
+  "options": {
+    "evaluationWindow": 0,
+    "keepAlive": 300,
+    "maxSignalDuration": 600,
+    "detectionMethod": "new_value",
+    "newValueOptions": {
+      "forgetAfter": 7,
+      "instantaneousBaseline": true,
+      "learningDuration": 1,
+      "learningThreshold": 0,
+      "learningMethod": "duration"
+    }
+  },
+  "queries": [
+    {
+      "query": "source:source_here",
+      "groupByFields": [
+        "@userIdentity.assumed_role"
+      ],
+      "distinctFields": [],
+      "metric": "name",
+      "metrics": [
+        "name"
+      ],
+      "aggregation": "new_value",
+      "name": "",
+      "dataSource": "logs"
+    }
+  ],
+  "tags": [
+    "env:prod",
+    "team:security"
+  ],
+  "type": "log_detection"
+}

content/en/api/v2/security-monitoring/request.ValidateSecurityMonitoringRule_2609327779.json

@@ -1687,6 +1687,11 @@
       "suffix": "",
       "description": "Validate a detection rule returns \"OK\" response"
     },
+    {
+      "group": "security_monitoring",
+      "suffix": "_2609327779",
+      "description": "Validate a detection rule with detection method 'new_value' with enabled feature 'instantaneousBaseline' returns \"OK\" response"
+    },
     {
       "group": "security_monitoring",
       "suffix": "_4152369508",

data/api/v2/CodeExamples.json

@@ -47830,6 +47830,8 @@ components:
       properties:
         forgetAfter:
           $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsForgetAfter'
+        instantaneousBaseline:
+          $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsInstantaneousBaseline'
         learningDuration:
           $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsLearningDuration'
         learningMethod:
@@ -47855,6 +47857,13 @@ components:
       - TWO_WEEKS
       - THREE_WEEKS
       - FOUR_WEEKS
+    SecurityMonitoringRuleNewValueOptionsInstantaneousBaseline:
+      description: When set to true, Datadog uses previous values that fall within
+        the defined learning window to construct the baseline, enabling the system
+        to establish an accurate baseline more rapidly rather than relying solely
+        on gradual learning over time.
+      example: false
+      type: boolean
     SecurityMonitoringRuleNewValueOptionsLearningDuration:
       default: 0
       description: 'The duration in days during which values are learned, and after