DataDog · api-clients-generation-pipeline · May 29, 2026 · May 28, 2026
@@ -76194,6 +76194,53 @@ components:
       required:
         - status
       type: object
+    SecurityMonitoringRuleConvertBulkAttributes:
+      description: Attributes for bulk converting security monitoring rules to Terraform.
+      properties:
+        ruleIds:
+          description: "List of rule IDs to convert. Each rule will be included in the resulting ZIP file\nas a separate Terraform file."
+          example:
+            - def-000-u7q
+            - def-000-7dd
+          items:
+            description: A rule ID to include in the bulk convert.
+            type: string
+          minItems: 1
+          type: array
+      required:
+        - ruleIds
+      type: object
+    SecurityMonitoringRuleConvertBulkData:
+      description: Data for bulk converting security monitoring rules to Terraform.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/SecurityMonitoringRuleConvertBulkAttributes"
+        id:
+          description: Request ID.
+          example: convert_bulk
+          type: string
+        type:
+          $ref: "#/components/schemas/SecurityMonitoringRuleConvertBulkDataType"
+      required:
+        - attributes
+        - type
+      type: object
+    SecurityMonitoringRuleConvertBulkDataType:
+      description: The type of the resource.
+      enum:
+        - security_monitoring_rules_convert_bulk
+      example: security_monitoring_rules_convert_bulk
+      type: string
+      x-enum-varnames:
+        - SECURITY_MONITORING_RULES_CONVERT_BULK
+    SecurityMonitoringRuleConvertBulkPayload:
+      description: Payload for bulk converting security monitoring rules to Terraform.
+      properties:
+        data:
+          $ref: "#/components/schemas/SecurityMonitoringRuleConvertBulkData"
+      required:
+        - data
+      type: object
     SecurityMonitoringRuleConvertPayload:
       description: Convert a rule from JSON to Terraform.
       oneOf:
@@ -153576,6 +153623,63 @@ paths:
         operator: OR
         permissions:
           - security_monitoring_rules_write
+  /api/v2/security_monitoring/rules/convert/bulk:
+    post:
+      description: |-
+        Convert a list of existing security monitoring rules to Terraform for the Datadog provider
+        resource `datadog_security_monitoring_rule`. Returns a ZIP archive containing one Terraform
+        file per rule. You can convert rules for the following types:
+        - App and API Protection
+        - Cloud SIEM (log detection and signal correlation)
+        - Workload Protection
+      operationId: BulkConvertExistingSecurityMonitoringRules
+      requestBody:
+        content:
+          "application/json":
+            examples:
+              default:
+                value:
+                  data:
+                    attributes:
+                      ruleIds:
+                        - def-000-u7q
+                        - def-000-7dd
+                    id: convert_bulk
+                    type: security_monitoring_rules_convert_bulk
+            schema:
+              $ref: "#/components/schemas/SecurityMonitoringRuleConvertBulkPayload"
+        required: true
+      responses:
+        "200":
+          content:
+            application/zip:
+              examples:
+                default:
+                  value: "<binary zip data>"
+              schema:
+                format: binary
+                type: string
+          description: OK
+        "400":
+          $ref: "#/components/responses/BadRequestResponse"
+        "403":
+          $ref: "#/components/responses/NotAuthorizedResponse"
+        "404":
+          $ref: "#/components/responses/NotFoundResponse"
+        "429":
+          $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_rules_read
+      summary: Bulk convert rules to Terraform
+      tags: ["Security Monitoring"]
+      x-codegen-request-body-name: body
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_rules_read
   /api/v2/security_monitoring/rules/test:
     post:
       description: |-

@@ -0,0 +1,18 @@
+# Bulk convert rules to Terraform returns "OK" response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::SecurityMonitoringRuleConvertBulkPayload.new({
+  data: DatadogAPIClient::V2::SecurityMonitoringRuleConvertBulkData.new({
+    attributes: DatadogAPIClient::V2::SecurityMonitoringRuleConvertBulkAttributes.new({
+      rule_ids: [
+        "def-000-u7q",
+        "def-000-7dd",
+      ],
+    }),
+    id: "convert_bulk",
+    type: DatadogAPIClient::V2::SecurityMonitoringRuleConvertBulkDataType::SECURITY_MONITORING_RULES_CONVERT_BULK,
+  }),
+})
+p api_instance.bulk_convert_existing_security_monitoring_rules(body)
@@ -2271,6 +2271,9 @@
     "v2.ConvertSecurityMonitoringRuleFromJSONToTerraform" => {
             "body" => "SecurityMonitoringRuleConvertPayload",
     },
+    "v2.BulkConvertExistingSecurityMonitoringRules" => {
+            "body" => "SecurityMonitoringRuleConvertBulkPayload",
+    },
     "v2.TestSecurityMonitoringRule" => {
             "body" => "SecurityMonitoringRuleTestRequest",
     },

@@ -115,6 +115,27 @@ Feature: Security Monitoring
     And the response "data.attributes.insights" has item with field "resource_id" with value "ZGZhMDI3ZjdjMDM3YjJmNzcxNTlhZGMwMjdmZWNiNTZ-MTVlYTNmYWU3NjNlOTNlYTE2YjM4N2JmZmI4Yjk5N2Y="
     And the response "data.attributes.insights" has item with field "resource_id" with value "MmUzMzZkODQ2YTI3NDU0OTk4NDk3NzhkOTY5YjU2Zjh-YWJjZGI1ODI4OTYzNWM3ZmUwZTBlOWRkYTRiMGUyOGQ="
 
+  @generated @skip @team:DataDog/k9-cloud-siem
+  Scenario: Bulk convert rules to Terraform returns "Bad Request" response
+    Given new "BulkConvertExistingSecurityMonitoringRules" request
+    And body with value {"data": {"attributes": {"ruleIds": ["def-000-u7q", "def-000-7dd"]}, "id": "convert_bulk", "type": "security_monitoring_rules_convert_bulk"}}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/k9-cloud-siem
+  Scenario: Bulk convert rules to Terraform returns "Not Found" response
+    Given new "BulkConvertExistingSecurityMonitoringRules" request
+    And body with value {"data": {"attributes": {"ruleIds": ["def-000-u7q", "def-000-7dd"]}, "id": "convert_bulk", "type": "security_monitoring_rules_convert_bulk"}}
+    When the request is sent
+    Then the response status is 404 Not Found
+
+  @generated @skip @team:DataDog/k9-cloud-siem
+  Scenario: Bulk convert rules to Terraform returns "OK" response
+    Given new "BulkConvertExistingSecurityMonitoringRules" request
+    And body with value {"data": {"attributes": {"ruleIds": ["def-000-u7q", "def-000-7dd"]}, "id": "convert_bulk", "type": "security_monitoring_rules_convert_bulk"}}
+    When the request is sent
+    Then the response status is 200 OK
+
   @generated @skip @team:DataDog/k9-cloud-siem
   Scenario: Bulk delete security monitoring rules returns "Bad Request" response
     Given new "BulkDeleteSecurityMonitoringRules" request

@@ -6688,6 +6688,12 @@
       "type": "idempotent"
     }
   },
+  "BulkConvertExistingSecurityMonitoringRules": {
+    "tag": "Security Monitoring",
+    "undo": {
+      "type": "safe"
+    }
+  },
   "TestSecurityMonitoringRule": {
     "tag": "Security Monitoring",
     "undo": {

@@ -5825,6 +5825,10 @@ def overrides
           "v2.security_monitoring_rule_case_action_options_flagged_ip_type" => "SecurityMonitoringRuleCaseActionOptionsFlaggedIPType",
           "v2.security_monitoring_rule_case_action_type" => "SecurityMonitoringRuleCaseActionType",
           "v2.security_monitoring_rule_case_create" => "SecurityMonitoringRuleCaseCreate",
+          "v2.security_monitoring_rule_convert_bulk_attributes" => "SecurityMonitoringRuleConvertBulkAttributes",
+          "v2.security_monitoring_rule_convert_bulk_data" => "SecurityMonitoringRuleConvertBulkData",
+          "v2.security_monitoring_rule_convert_bulk_data_type" => "SecurityMonitoringRuleConvertBulkDataType",
+          "v2.security_monitoring_rule_convert_bulk_payload" => "SecurityMonitoringRuleConvertBulkPayload",
           "v2.security_monitoring_rule_convert_payload" => "SecurityMonitoringRuleConvertPayload",
           "v2.security_monitoring_rule_convert_response" => "SecurityMonitoringRuleConvertResponse",
           "v2.security_monitoring_rule_create_payload" => "SecurityMonitoringRuleCreatePayload",

@@ -311,6 +311,78 @@ def batch_get_security_monitoring_dataset_dependencies_with_http_info(body, opts
       return data, status_code, headers
     end
 
+    # Bulk convert rules to Terraform.
+    #
+    # @see #bulk_convert_existing_security_monitoring_rules_with_http_info
+    def bulk_convert_existing_security_monitoring_rules(body, opts = {})
+      data, _status_code, _headers = bulk_convert_existing_security_monitoring_rules_with_http_info(body, opts)
+      data
+    end
+
+    # Bulk convert rules to Terraform.
+    #
+    # Convert a list of existing security monitoring rules to Terraform for the Datadog provider
+    # resource `datadog_security_monitoring_rule`. Returns a ZIP archive containing one Terraform
+    # file per rule. You can convert rules for the following types:
+    # - App and API Protection
+    # - Cloud SIEM (log detection and signal correlation)
+    # - Workload Protection
+    #
+    # @param body [SecurityMonitoringRuleConvertBulkPayload] 
+    # @param opts [Hash] the optional parameters
+    # @return [Array<(File, Integer, Hash)>] File data, response status code and response headers
+    def bulk_convert_existing_security_monitoring_rules_with_http_info(body, opts = {})
+
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.bulk_convert_existing_security_monitoring_rules ...'
+      end
+      # verify the required parameter 'body' is set
+      if @api_client.config.client_side_validation && body.nil?
+        fail ArgumentError, "Missing the required parameter 'body' when calling SecurityMonitoringAPI.bulk_convert_existing_security_monitoring_rules"
+      end
+      # resource path
+      local_var_path = '/api/v2/security_monitoring/rules/convert/bulk'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/zip', 'application/json'])
+      # HTTP header 'Content-Type'
+      header_params['Content-Type'] = @api_client.select_header_content_type(['application/json'])
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body] || @api_client.object_to_http_body(body)
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'File'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ]
+
+      new_options = opts.merge(
+        :operation => :bulk_convert_existing_security_monitoring_rules,
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type,
+        :api_version => "V2"
+      )
+
+      data, status_code, headers = @api_client.call_api(Net::HTTP::Post, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: SecurityMonitoringAPI#bulk_convert_existing_security_monitoring_rules\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
     # Bulk subscribe to sample log generation.
     #
     # @see #bulk_create_sample_log_generation_subscriptions_with_http_info