--- title: Create a Workload Protection policy description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > CSM Threats --- # Create a Workload Protection policy{% #create-a-workload-protection-policy %} Copy pageCopied {% tab title="v2" %} | Datadog site | API endpoint | | ----------------- | --------------------------------------------------------------------------- | | ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/policy | | ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/remote_config/products/cws/policy | | app.datadoghq.eu | POST https://api.datadoghq.eu/api/v2/remote_config/products/cws/policy | | app.ddog-gov.com | POST https://api.ddog-gov.com/api/v2/remote_config/products/cws/policy | | us2.ddog-gov.com | POST https://api.us2.ddog-gov.com/api/v2/remote_config/products/cws/policy | | app.datadoghq.com | POST https://api.datadoghq.com/api/v2/remote_config/products/cws/policy | | us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/policy | | us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy | ### Overview Create a new Workload Protection policy with the given parameters. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below. ### Request #### Body Data (required) The definition of the new Agent policy {% tab title="Model" %} | Parent field | Field | Type | Description | | ------------ | ---------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------- | | | data [*required*] | object | Object for a single Agent rule | | data | attributes [*required*] | object | Create a new Cloud Workload Security Agent policy | | attributes | description | string | The description of the policy | | attributes | enabled | boolean | Whether the policy is enabled | | attributes | hostTags | [string] | The host tags defining where this policy is deployed | | attributes | hostTagsLists | [array] | The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR | | attributes | name [*required*] | string | The name of the policy | | data | type [*required*] | enum | The type of the resource, must always be `policy` Allowed enum values: `policy` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "description": "My agent policy", "enabled": true, "hostTagsLists": [ [ "env:test" ] ], "name": "my_agent_policy_2" }, "type": "policy" } } ``` {% /tab %} ### Response {% tab title="200" %} OK {% tab title="Model" %} Response object that includes an Agent policy | Parent field | Field | Type | Description | | ------------ | -------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------- | | | data | object | Object for a single Agent policy | | data | attributes | object | A Cloud Workload Security Agent policy returned by the API | | attributes | blockingRulesCount | int32 | The number of rules with the blocking feature in this policy | | attributes | datadogManaged | boolean | Whether the policy is managed by Datadog | | attributes | description | string | The description of the policy | | attributes | disabledRulesCount | int32 | The number of rules that are disabled in this policy | | attributes | enabled | boolean | Whether the Agent policy is enabled | | attributes | hostTags | [string] | The host tags defining where this policy is deployed | | attributes | hostTagsLists | [array] | The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR | | attributes | monitoringRulesCount | int32 | The number of rules in the monitoring state in this policy | | attributes | name | string | The name of the policy | | attributes | pinned | boolean | Whether the policy is pinned | | attributes | policyType | string | The type of the policy | | attributes | policyVersion | string | The version of the policy | | attributes | priority | int64 | The priority of the policy | | attributes | ruleCount | int32 | The number of rules in this policy | | attributes | updateDate | int64 | Timestamp in milliseconds when the policy was last updated | | attributes | updatedAt | int64 | When the policy was last updated, timestamp in milliseconds | | attributes | updater | object | The attributes of the user who last updated the policy | | updater | handle | string | The handle of the user | | updater | name | string | The name of the user | | attributes | versions | [object] | The versions of the policy | | versions | date | string | The date and time the version was created | | versions | name | string | The version of the policy | | data | id | string | The ID of the Agent policy | | data | type | enum | The type of the resource, must always be `policy` Allowed enum values: `policy` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "blockingRulesCount": 100, "datadogManaged": false, "description": "My agent policy", "disabledRulesCount": 100, "enabled": true, "hostTags": [], "hostTagsLists": [], "monitoringRulesCount": 100, "name": "my_agent_policy", "pinned": false, "policyType": "policy", "policyVersion": "1", "priority": 10, "ruleCount": 100, "updateDate": 1624366480320, "updatedAt": 1624366480320, "updater": { "handle": "datadog.user@example.com", "name": "Datadog User" }, "versions": [ { "date": "string", "name": "1.47.0-rc2" } ] }, "id": "6517fcc1-cec7-4394-a655-8d6e9d085255", "type": "policy" } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Not Authorized {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="409" %} Conflict {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/remote_config/products/cws/policy" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "description": "My agent policy", "enabled": true, "hostTagsLists": [ [ "env:test" ] ], "name": "my_agent_policy" }, "type": "policy" } } EOF ##### ```go // Create a Workload Protection policy returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { body := datadogV2.CloudWorkloadSecurityAgentPolicyCreateRequest{ Data: datadogV2.CloudWorkloadSecurityAgentPolicyCreateData{ Attributes: datadogV2.CloudWorkloadSecurityAgentPolicyCreateAttributes{ Description: datadog.PtrString("My agent policy"), Enabled: datadog.PtrBool(true), HostTagsLists: [][]string{ { "env:test", }, }, Name: "my_agent_policy_2", }, Type: datadogV2.CLOUDWORKLOADSECURITYAGENTPOLICYTYPE_POLICY, }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewCSMThreatsApi(apiClient) resp, r, err := api.CreateCSMThreatsAgentPolicy(ctx, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `CSMThreatsApi.CreateCSMThreatsAgentPolicy`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `CSMThreatsApi.CreateCSMThreatsAgentPolicy`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Create a Workload Protection policy returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.CsmThreatsApi; import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentPolicyCreateAttributes; import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentPolicyCreateData; import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentPolicyCreateRequest; import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentPolicyResponse; import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentPolicyType; import java.util.Collections; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); CsmThreatsApi apiInstance = new CsmThreatsApi(defaultClient); CloudWorkloadSecurityAgentPolicyCreateRequest body = new CloudWorkloadSecurityAgentPolicyCreateRequest() .data( new CloudWorkloadSecurityAgentPolicyCreateData() .attributes( new CloudWorkloadSecurityAgentPolicyCreateAttributes() .description("My agent policy") .enabled(true) .hostTagsLists( Collections.singletonList(Collections.singletonList("env:test"))) .name("my_agent_policy_2")) .type(CloudWorkloadSecurityAgentPolicyType.POLICY)); try { CloudWorkloadSecurityAgentPolicyResponse result = apiInstance.createCSMThreatsAgentPolicy(body); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling CsmThreatsApi#createCSMThreatsAgentPolicy"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```python """ Create a Workload Protection policy returns "OK" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.csm_threats_api import CSMThreatsApi from datadog_api_client.v2.model.cloud_workload_security_agent_policy_create_attributes import ( CloudWorkloadSecurityAgentPolicyCreateAttributes, ) from datadog_api_client.v2.model.cloud_workload_security_agent_policy_create_data import ( CloudWorkloadSecurityAgentPolicyCreateData, ) from datadog_api_client.v2.model.cloud_workload_security_agent_policy_create_request import ( CloudWorkloadSecurityAgentPolicyCreateRequest, ) from datadog_api_client.v2.model.cloud_workload_security_agent_policy_type import CloudWorkloadSecurityAgentPolicyType body = CloudWorkloadSecurityAgentPolicyCreateRequest( data=CloudWorkloadSecurityAgentPolicyCreateData( attributes=CloudWorkloadSecurityAgentPolicyCreateAttributes( description="My agent policy", enabled=True, host_tags_lists=[ [ "env:test", ], ], name="my_agent_policy_2", ), type=CloudWorkloadSecurityAgentPolicyType.POLICY, ), ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = CSMThreatsApi(api_client) response = api_instance.create_csm_threats_agent_policy(body=body) print(response) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Create a Workload Protection policy returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V2::CSMThreatsAPI.new body = DatadogAPIClient::V2::CloudWorkloadSecurityAgentPolicyCreateRequest.new({ data: DatadogAPIClient::V2::CloudWorkloadSecurityAgentPolicyCreateData.new({ attributes: DatadogAPIClient::V2::CloudWorkloadSecurityAgentPolicyCreateAttributes.new({ description: "My agent policy", enabled: true, host_tags_lists: [ [ "env:test", ], ], name: "my_agent_policy_2", }), type: DatadogAPIClient::V2::CloudWorkloadSecurityAgentPolicyType::POLICY, }), }) p api_instance.create_csm_threats_agent_policy(body) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```rust // Create a Workload Protection policy returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI; use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentPolicyCreateAttributes; use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentPolicyCreateData; use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentPolicyCreateRequest; use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentPolicyType; #[tokio::main] async fn main() { let body = CloudWorkloadSecurityAgentPolicyCreateRequest::new( CloudWorkloadSecurityAgentPolicyCreateData::new( CloudWorkloadSecurityAgentPolicyCreateAttributes::new("my_agent_policy_2".to_string()) .description("My agent policy".to_string()) .enabled(true) .host_tags_lists(vec![vec!["env:test".to_string()]]), CloudWorkloadSecurityAgentPolicyType::POLICY, ), ); let configuration = datadog::Configuration::new(); let api = CSMThreatsAPI::with_config(configuration); let resp = api.create_csm_threats_agent_policy(body).await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Create a Workload Protection policy returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.CSMThreatsApi(configuration); const params: v2.CSMThreatsApiCreateCSMThreatsAgentPolicyRequest = { body: { data: { attributes: { description: "My agent policy", enabled: true, hostTagsLists: [["env:test"]], name: "my_agent_policy_2", }, type: "policy", }, }, }; apiInstance .createCSMThreatsAgentPolicy(params) .then((data: v2.CloudWorkloadSecurityAgentPolicyResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}