--- title: Compliance description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Compliance --- # Compliance Datadog Cloud Security Misconfigurations provides aggregated views of compliance rules and findings across your cloud resources, helping you assess posture against industry frameworks (such as HIPAA, SOC 2, ISO 27001) and custom frameworks. Learn more at [https://docs.datadoghq.com/security/cloud_security_management/misconfigurations/#maintain-compliance-with-industry-frameworks-and-benchmarks](https://docs.datadoghq.com/security/cloud_security_management/misconfigurations.md#maintain-compliance-with-industry-frameworks-and-benchmarks). ## Get the rule-based view of compliance findings{% #get-the-rule-based-view-of-compliance-findings %} {% tab title="v2" %} **Note**: This endpoint is in Preview and subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). | Datadog site | API endpoint | | ----------------- | ---------------------------------------------------------------------------- | | ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/compliance_findings/rule_based_view | | ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/compliance_findings/rule_based_view | | app.datadoghq.eu | GET https://api.datadoghq.eu/api/v2/compliance_findings/rule_based_view | | app.ddog-gov.com | GET https://api.ddog-gov.com/api/v2/compliance_findings/rule_based_view | | us2.ddog-gov.com | GET https://api.us2.ddog-gov.com/api/v2/compliance_findings/rule_based_view | | app.datadoghq.com | GET https://api.datadoghq.com/api/v2/compliance_findings/rule_based_view | | us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/compliance_findings/rule_based_view | | us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/compliance_findings/rule_based_view | ### Overview Get an aggregated view of compliance rules with their pass, fail, and muted finding counts. Supports filtering by compliance framework, framework version, and additional query filters. This endpoint requires the `security_monitoring_findings_read` permission. OAuth apps require the `security_monitoring_findings_read` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#compliance) to access this endpoint. ### Arguments #### Query Strings | Name | Type | Description | | ---------------------------------------- | ------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | to [*required*] | integer | Timestamp of the query end, in milliseconds since the Unix epoch. | | framework | string | Compliance framework handle to filter rules and findings by. | | version | string | Version of the compliance framework to filter rules and findings by. | | query_findings_without_framework_version | boolean | When `true`, returns findings without a `framework_version` tag. Used for findings from custom frameworks or those created before framework versioning was introduced. | | include_rules_without_findings | boolean | When `true`, includes rules in the response that have no associated findings. | | is_custom | boolean | Set to `true` when the requested `framework` is a custom framework. | | query | string | Additional event-platform filters applied to the underlying findings query. For example, `scored:true project_id:datadog-prod-us5`. | ### Response {% tab title="200" %} OK {% tab title="Model" %} Response containing an aggregated view of compliance rules with their finding statistics. | Parent field | Field | Type | Description | | --------------------- | --------------------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------ | | | data [*required*] | object | Data envelope for the rule-based view response. | | data | attributes [*required*] | object | Attributes of the rule-based view. | | attributes | count [*required*] | int64 | Total number of rules in the view. | | attributes | rules [*required*] | [object] | List of rules in the rule-based view. | | rules | compliance_frameworks [*required*] | [object] | List of compliance framework mappings associated with the rule. | | compliance_frameworks | control | string | Identifier of the control inside the requirement. | | compliance_frameworks | framework | string | Handle of the compliance framework. | | compliance_frameworks | is_default | boolean | Whether the framework is a Datadog default framework. `true` indicates a Datadog framework and `false` indicates a custom framework. | | compliance_frameworks | message | string | Optional message describing the framework mapping for the rule. | | compliance_frameworks | requirement | string | Name of the requirement that contains the control. | | compliance_frameworks | version | string | Version of the compliance framework. | | rules | enabled [*required*] | boolean | Whether the rule is enabled. | | rules | id [*required*] | string | Unique identifier of the rule. | | rules | name [*required*] | string | Human-readable name of the rule. | | rules | resourceAttributes [*required*] | [string] | List of resource attribute names exposed by the rule. | | rules | resourceCategory [*required*] | string | Resource category targeted by the rule. | | rules | resourceType [*required*] | string | Resource type targeted by the rule. | | rules | stats [*required*] | object | Counts of findings for the rule, grouped by their evaluation status. | | stats | fail [*required*] | int64 | Number of findings that failed evaluation. | | stats | muted [*required*] | int64 | Number of findings that have been muted. | | stats | pass [*required*] | int64 | Number of findings that passed evaluation. | | rules | status [*required*] | string | Severity associated with the rule (for example, `info`, `low`, `medium`, `high`, or `critical`). | | rules | tags [*required*] | [string] | List of tags attached to the rule. | | rules | type [*required*] | enum | The category of the security rule. Allowed enum values: `cloud_configuration,infrastructure_configuration,api_security` | | data | id [*required*] | string | Unique identifier of the rule-based view document. | | data | type [*required*] | enum | The type of the resource. The value should always be `rule_based_view`. Allowed enum values: `rule_based_view` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "count": 1, "rules": [ { "compliance_frameworks": [ { "control": "164.308-a-4-i", "framework": "hipaa", "is_default": true, "message": "", "requirement": "Information-Access-Management", "version": "1" } ], "enabled": true, "id": "qjx-udx-xo8", "name": "IAM roles should not allow untrusted GitHub Actions to assume them", "resourceAttributes": [ "instance_id" ], "resourceCategory": "identity", "resourceType": "aws_iam_role", "stats": { "fail": 0, "muted": 0, "pass": 3 }, "status": "critical", "tags": [ "security:compliance" ], "type": "cloud_configuration" } ] }, "id": "JSONAPI_USELESS_ID", "type": "rule_based_view" } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Not Authorized {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="503" %} Service Unavailable {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \# Required query argumentsexport to="1.739982278e+12"\# Curl commandcurl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/compliance_findings/rule_based_view?to=${to}" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" {% /tab %}