--- title: CSM Threats description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > CSM Threats --- # CSM Threats Workload Protection monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. See [Workload Protection](https://docs.datadoghq.com/security/workload_protection.md) for more information on setting up Workload Protection. **Note**: These endpoints are split based on whether you are using the US1-FED site or not. Please reference the specific resource for the site you are using. ## Get all Workload Protection agent rules →{% #get-all-workload-protection-agent-rules %} | Datadog site | API endpoint | | ----------------- | ------------------------------------------------------------------------------- | | ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_rules | | ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/remote_config/products/cws/agent_rules | | app.datadoghq.eu | GET https://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_rules | | app.ddog-gov.com | GET https://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_rules | | us2.ddog-gov.com | GET https://api.us2.ddog-gov.com/api/v2/remote_config/products/cws/agent_rules | | app.datadoghq.com | GET https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules | | us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_rules | | us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules | ## Get a Workload Protection agent rule →{% #get-a-workload-protection-agent-rule %} | Datadog site | API endpoint | | ----------------- | ----------------------------------------------------------------------------------------------- | | ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | app.datadoghq.eu | GET https://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | app.ddog-gov.com | GET https://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | us2.ddog-gov.com | GET https://api.us2.ddog-gov.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | app.datadoghq.com | GET https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | ## Create a Workload Protection agent rule →{% #create-a-workload-protection-agent-rule %} | Datadog site | API endpoint | | ----------------- | -------------------------------------------------------------------------------- | | ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_rules | | ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/remote_config/products/cws/agent_rules | | app.datadoghq.eu | POST https://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_rules | | app.ddog-gov.com | POST https://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_rules | | us2.ddog-gov.com | POST https://api.us2.ddog-gov.com/api/v2/remote_config/products/cws/agent_rules | | app.datadoghq.com | POST https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules | | us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_rules | | us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules | ## Update a Workload Protection agent rule →{% #update-a-workload-protection-agent-rule %} | Datadog site | API endpoint | | ----------------- | ------------------------------------------------------------------------------------------------- | | ap1.datadoghq.com | PATCH https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | ap2.datadoghq.com | PATCH https://api.ap2.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | app.datadoghq.eu | PATCH https://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | app.ddog-gov.com | PATCH https://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | us2.ddog-gov.com | PATCH https://api.us2.ddog-gov.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | app.datadoghq.com | PATCH https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | us3.datadoghq.com | PATCH https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | us5.datadoghq.com | PATCH https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | ## Delete a Workload Protection agent rule →{% #delete-a-workload-protection-agent-rule %} | Datadog site | API endpoint | | ----------------- | -------------------------------------------------------------------------------------------------- | | ap1.datadoghq.com | DELETE https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | ap2.datadoghq.com | DELETE https://api.ap2.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | app.datadoghq.eu | DELETE https://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | app.ddog-gov.com | DELETE https://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | us2.ddog-gov.com | DELETE https://api.us2.ddog-gov.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | app.datadoghq.com | DELETE https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | us3.datadoghq.com | DELETE https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | | us5.datadoghq.com | DELETE https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id} | ## Get all Workload Protection policies →{% #get-all-workload-protection-policies %} | Datadog site | API endpoint | | ----------------- | -------------------------------------------------------------------------- | | ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/policy | | ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/remote_config/products/cws/policy | | app.datadoghq.eu | GET https://api.datadoghq.eu/api/v2/remote_config/products/cws/policy | | app.ddog-gov.com | GET https://api.ddog-gov.com/api/v2/remote_config/products/cws/policy | | us2.ddog-gov.com | GET https://api.us2.ddog-gov.com/api/v2/remote_config/products/cws/policy | | app.datadoghq.com | GET https://api.datadoghq.com/api/v2/remote_config/products/cws/policy | | us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/policy | | us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy | ## Get a Workload Protection policy →{% #get-a-workload-protection-policy %} | Datadog site | API endpoint | | ----------------- | -------------------------------------------------------------------------------------- | | ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id} | | ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id} | | app.datadoghq.eu | GET https://api.datadoghq.eu/api/v2/remote_config/products/cws/policy/{policy_id} | | app.ddog-gov.com | GET https://api.ddog-gov.com/api/v2/remote_config/products/cws/policy/{policy_id} | | us2.ddog-gov.com | GET https://api.us2.ddog-gov.com/api/v2/remote_config/products/cws/policy/{policy_id} | | app.datadoghq.com | GET https://api.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id} | | us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id} | | us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id} | ## Create a Workload Protection policy →{% #create-a-workload-protection-policy %} | Datadog site | API endpoint | | ----------------- | --------------------------------------------------------------------------- | | ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/policy | | ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/remote_config/products/cws/policy | | app.datadoghq.eu | POST https://api.datadoghq.eu/api/v2/remote_config/products/cws/policy | | app.ddog-gov.com | POST https://api.ddog-gov.com/api/v2/remote_config/products/cws/policy | | us2.ddog-gov.com | POST https://api.us2.ddog-gov.com/api/v2/remote_config/products/cws/policy | | app.datadoghq.com | POST https://api.datadoghq.com/api/v2/remote_config/products/cws/policy | | us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/policy | | us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy | ## Update a Workload Protection policy →{% #update-a-workload-protection-policy %} | Datadog site | API endpoint | | ----------------- | ---------------------------------------------------------------------------------------- | | ap1.datadoghq.com | PATCH https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id} | | ap2.datadoghq.com | PATCH https://api.ap2.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id} | | app.datadoghq.eu | PATCH https://api.datadoghq.eu/api/v2/remote_config/products/cws/policy/{policy_id} | | app.ddog-gov.com | PATCH https://api.ddog-gov.com/api/v2/remote_config/products/cws/policy/{policy_id} | | us2.ddog-gov.com | PATCH https://api.us2.ddog-gov.com/api/v2/remote_config/products/cws/policy/{policy_id} | | app.datadoghq.com | PATCH https://api.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id} | | us3.datadoghq.com | PATCH https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id} | | us5.datadoghq.com | PATCH https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id} | ## Delete a Workload Protection policy →{% #delete-a-workload-protection-policy %} | Datadog site | API endpoint | | ----------------- | ----------------------------------------------------------------------------------------- | | ap1.datadoghq.com | DELETE https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id} | | ap2.datadoghq.com | DELETE https://api.ap2.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id} | | app.datadoghq.eu | DELETE https://api.datadoghq.eu/api/v2/remote_config/products/cws/policy/{policy_id} | | app.ddog-gov.com | DELETE https://api.ddog-gov.com/api/v2/remote_config/products/cws/policy/{policy_id} | | us2.ddog-gov.com | DELETE https://api.us2.ddog-gov.com/api/v2/remote_config/products/cws/policy/{policy_id} | | app.datadoghq.com | DELETE https://api.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id} | | us3.datadoghq.com | DELETE https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id} | | us5.datadoghq.com | DELETE https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id} | ## Download the Workload Protection policy →{% #download-the-workload-protection-policy %} | Datadog site | API endpoint | | ----------------- | ----------------------------------------------------------------------------------- | | ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/policy/download | | ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/remote_config/products/cws/policy/download | | app.datadoghq.eu | GET https://api.datadoghq.eu/api/v2/remote_config/products/cws/policy/download | | app.ddog-gov.com | GET https://api.ddog-gov.com/api/v2/remote_config/products/cws/policy/download | | us2.ddog-gov.com | GET https://api.us2.ddog-gov.com/api/v2/remote_config/products/cws/policy/download | | app.datadoghq.com | GET https://api.datadoghq.com/api/v2/remote_config/products/cws/policy/download | | us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/policy/download | | us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy/download | ## Get all Workload Protection agent rules (US1-FED) →{% #get-all-workload-protection-agent-rules-us1-fed %} | Datadog site | API endpoint | | ----------------- | ------------------------------------------------------------------------------------------------ | | ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules | | ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules | | app.datadoghq.eu | GET https://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_rules | | app.ddog-gov.com | GET https://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_rules | | us2.ddog-gov.com | GET https://api.us2.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_rules | | app.datadoghq.com | GET https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules | | us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules | | us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules | ## Get a Workload Protection agent rule (US1-FED) →{% #get-a-workload-protection-agent-rule-us1-fed %} | Datadog site | API endpoint | | ----------------- | ---------------------------------------------------------------------------------------------------------------- | | ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | app.datadoghq.eu | GET https://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | app.ddog-gov.com | GET https://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | us2.ddog-gov.com | GET https://api.us2.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | app.datadoghq.com | GET https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | ## Create a Workload Protection agent rule (US1-FED) →{% #create-a-workload-protection-agent-rule-us1-fed %} | Datadog site | API endpoint | | ----------------- | ------------------------------------------------------------------------------------------------- | | ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules | | ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules | | app.datadoghq.eu | POST https://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_rules | | app.ddog-gov.com | POST https://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_rules | | us2.ddog-gov.com | POST https://api.us2.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_rules | | app.datadoghq.com | POST https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules | | us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules | | us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules | ## Update a Workload Protection agent rule (US1-FED) →{% #update-a-workload-protection-agent-rule-us1-fed %} | Datadog site | API endpoint | | ----------------- | ------------------------------------------------------------------------------------------------------------------ | | ap1.datadoghq.com | PATCH https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | ap2.datadoghq.com | PATCH https://api.ap2.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | app.datadoghq.eu | PATCH https://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | app.ddog-gov.com | PATCH https://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | us2.ddog-gov.com | PATCH https://api.us2.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | app.datadoghq.com | PATCH https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | us3.datadoghq.com | PATCH https://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | us5.datadoghq.com | PATCH https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | ## Delete a Workload Protection agent rule (US1-FED) →{% #delete-a-workload-protection-agent-rule-us1-fed %} | Datadog site | API endpoint | | ----------------- | ------------------------------------------------------------------------------------------------------------------- | | ap1.datadoghq.com | DELETE https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | ap2.datadoghq.com | DELETE https://api.ap2.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | app.datadoghq.eu | DELETE https://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | app.ddog-gov.com | DELETE https://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | us2.ddog-gov.com | DELETE https://api.us2.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | app.datadoghq.com | DELETE https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | us3.datadoghq.com | DELETE https://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | | us5.datadoghq.com | DELETE https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | ## Download the Workload Protection policy (US1-FED) →{% #download-the-workload-protection-policy-us1-fed %} | Datadog site | API endpoint | | ----------------- | -------------------------------------------------------------------------------- | | ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/security/cloud_workload/policy/download | | ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/security/cloud_workload/policy/download | | app.datadoghq.eu | GET https://api.datadoghq.eu/api/v2/security/cloud_workload/policy/download | | app.ddog-gov.com | GET https://api.ddog-gov.com/api/v2/security/cloud_workload/policy/download | | us2.ddog-gov.com | GET https://api.us2.ddog-gov.com/api/v2/security/cloud_workload/policy/download | | app.datadoghq.com | GET https://api.datadoghq.com/api/v2/security/cloud_workload/policy/download | | us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/security/cloud_workload/policy/download | | us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/security/cloud_workload/policy/download |