Security Monitoring

Create and manage your security rules, signals, filters, and more. See the Datadog Security page for more information.

POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressionshttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressionshttps://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions

Overview

Create a new suppression rule.

OAuth apps require the security_monitoring_suppressions_write authorization scope to access this endpoint.

Request

Body Data (required)

The definition of the new suppression rule.

Expand All

Field

Type

Description

data [required]

object

Object for a single suppression rule.

attributes [required]

object

Object containing the attributes of the suppression rule to be created.

data_exclusion_query

string

An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

description

string

A description for the suppression rule.

enabled [required]

boolean

Whether the suppression rule is enabled.

expiration_date

int64

A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

name [required]

string

The name of the suppression rule.

rule_query [required]

string

The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

suppression_query

string

The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer.

type [required]

enum

The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

default: suppressions

{
  "data": {
    "attributes": {
      "description": "This rule suppresses low-severity signals in staging environments.",
      "enabled": true,
      "expiration_date": 1638443471000,
      "name": "Example-Security-Monitoring",
      "rule_query": "type:log_detection source:cloudtrail",
      "suppression_query": "env:staging status:low"
    },
    "type": "suppressions"
  }
}
{
  "data": {
    "attributes": {
      "description": "This rule suppresses low-severity signals in staging environments.",
      "enabled": true,
      "expiration_date": 1638443471000,
      "name": "Example-Security-Monitoring",
      "rule_query": "type:log_detection source:cloudtrail",
      "data_exclusion_query": "account_id:12345"
    },
    "type": "suppressions"
  }
}

Response

OK

Response object containing a single suppression rule.

Expand All

Field

Type

Description

data

object

The suppression rule's properties.

attributes

object

The attributes of the suppression rule.

creation_date

int64

A Unix millisecond timestamp given the creation date of the suppression rule.

creator

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

data_exclusion_query

string

An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

description

string

A description for the suppression rule.

editable

boolean

Whether the suppression rule is editable.

enabled

boolean

Whether the suppression rule is enabled.

expiration_date

int64

A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

name

string

The name of the suppression rule.

rule_query

string

The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

suppression_query

string

The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.

update_date

int64

A Unix millisecond timestamp given the update date of the suppression rule.

updater

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

version

int32

The version of the suppression rule; it starts at 1, and is incremented at each update.

id

string

The ID of the suppression rule.

type

enum

The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

default: suppressions

{
  "data": {
    "attributes": {
      "creation_date": "integer",
      "creator": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "data_exclusion_query": "source:cloudtrail account_id:12345",
      "description": "This rule suppresses low-severity signals in staging environments.",
      "editable": true,
      "enabled": true,
      "expiration_date": 1703187336000,
      "name": "Custom suppression",
      "rule_query": "type:log_detection source:cloudtrail",
      "suppression_query": "env:staging status:low",
      "update_date": "integer",
      "updater": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "version": 42
    },
    "id": "3dd-0uc-h1s",
    "type": "suppressions"
  }
}

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Conflict

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                          # Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1638443471000, "name": "Example-Security-Monitoring", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low" }, "type": "suppressions" } } EOF
                          # Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1638443471000, "name": "Example-Security-Monitoring", "rule_query": "type:log_detection source:cloudtrail", "data_exclusion_query": "account_id:12345" }, "type": "suppressions" } } EOF
// Create a suppression rule returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityMonitoringSuppressionCreateRequest{
		Data: datadogV2.SecurityMonitoringSuppressionCreateData{
			Attributes: datadogV2.SecurityMonitoringSuppressionCreateAttributes{
				Description:      datadog.PtrString("This rule suppresses low-severity signals in staging environments."),
				Enabled:          true,
				ExpirationDate:   datadog.PtrInt64(1638443471000),
				Name:             "Example-Security-Monitoring",
				RuleQuery:        "type:log_detection source:cloudtrail",
				SuppressionQuery: datadog.PtrString("env:staging status:low"),
			},
			Type: datadogV2.SECURITYMONITORINGSUPPRESSIONTYPE_SUPPRESSIONS,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateSecurityMonitoringSuppression(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`:\n%s\n", responseContent)
}
// Create a suppression rule with an exclusion query returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityMonitoringSuppressionCreateRequest{
		Data: datadogV2.SecurityMonitoringSuppressionCreateData{
			Attributes: datadogV2.SecurityMonitoringSuppressionCreateAttributes{
				Description:        datadog.PtrString("This rule suppresses low-severity signals in staging environments."),
				Enabled:            true,
				ExpirationDate:     datadog.PtrInt64(1638443471000),
				Name:               "Example-Security-Monitoring",
				RuleQuery:          "type:log_detection source:cloudtrail",
				DataExclusionQuery: datadog.PtrString("account_id:12345"),
			},
			Type: datadogV2.SECURITYMONITORINGSUPPRESSIONTYPE_SUPPRESSIONS,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateSecurityMonitoringSuppression(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Create a suppression rule returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionType;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringSuppressionCreateRequest body =
        new SecurityMonitoringSuppressionCreateRequest()
            .data(
                new SecurityMonitoringSuppressionCreateData()
                    .attributes(
                        new SecurityMonitoringSuppressionCreateAttributes()
                            .description(
                                "This rule suppresses low-severity signals in staging"
                                    + " environments.")
                            .enabled(true)
                            .expirationDate(1638443471000L)
                            .name("Example-Security-Monitoring")
                            .ruleQuery("type:log_detection source:cloudtrail")
                            .suppressionQuery("env:staging status:low"))
                    .type(SecurityMonitoringSuppressionType.SUPPRESSIONS));

    try {
      SecurityMonitoringSuppressionResponse result =
          apiInstance.createSecurityMonitoringSuppression(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#createSecurityMonitoringSuppression");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}
// Create a suppression rule with an exclusion query returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionType;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringSuppressionCreateRequest body =
        new SecurityMonitoringSuppressionCreateRequest()
            .data(
                new SecurityMonitoringSuppressionCreateData()
                    .attributes(
                        new SecurityMonitoringSuppressionCreateAttributes()
                            .description(
                                "This rule suppresses low-severity signals in staging"
                                    + " environments.")
                            .enabled(true)
                            .expirationDate(1638443471000L)
                            .name("Example-Security-Monitoring")
                            .ruleQuery("type:log_detection source:cloudtrail")
                            .dataExclusionQuery("account_id:12345"))
                    .type(SecurityMonitoringSuppressionType.SUPPRESSIONS));

    try {
      SecurityMonitoringSuppressionResponse result =
          apiInstance.createSecurityMonitoringSuppression(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#createSecurityMonitoringSuppression");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
"""
Create a suppression rule returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_suppression_create_attributes import (
    SecurityMonitoringSuppressionCreateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_suppression_create_data import (
    SecurityMonitoringSuppressionCreateData,
)
from datadog_api_client.v2.model.security_monitoring_suppression_create_request import (
    SecurityMonitoringSuppressionCreateRequest,
)
from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType

body = SecurityMonitoringSuppressionCreateRequest(
    data=SecurityMonitoringSuppressionCreateData(
        attributes=SecurityMonitoringSuppressionCreateAttributes(
            description="This rule suppresses low-severity signals in staging environments.",
            enabled=True,
            expiration_date=1638443471000,
            name="Example-Security-Monitoring",
            rule_query="type:log_detection source:cloudtrail",
            suppression_query="env:staging status:low",
        ),
        type=SecurityMonitoringSuppressionType.SUPPRESSIONS,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_security_monitoring_suppression(body=body)

    print(response)
"""
Create a suppression rule with an exclusion query returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_suppression_create_attributes import (
    SecurityMonitoringSuppressionCreateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_suppression_create_data import (
    SecurityMonitoringSuppressionCreateData,
)
from datadog_api_client.v2.model.security_monitoring_suppression_create_request import (
    SecurityMonitoringSuppressionCreateRequest,
)
from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType

body = SecurityMonitoringSuppressionCreateRequest(
    data=SecurityMonitoringSuppressionCreateData(
        attributes=SecurityMonitoringSuppressionCreateAttributes(
            description="This rule suppresses low-severity signals in staging environments.",
            enabled=True,
            expiration_date=1638443471000,
            name="Example-Security-Monitoring",
            rule_query="type:log_detection source:cloudtrail",
            data_exclusion_query="account_id:12345",
        ),
        type=SecurityMonitoringSuppressionType.SUPPRESSIONS,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_security_monitoring_suppression(body=body)

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Create a suppression rule returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateData.new({
    attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateAttributes.new({
      description: "This rule suppresses low-severity signals in staging environments.",
      enabled: true,
      expiration_date: 1638443471000,
      name: "Example-Security-Monitoring",
      rule_query: "type:log_detection source:cloudtrail",
      suppression_query: "env:staging status:low",
    }),
    type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS,
  }),
})
p api_instance.create_security_monitoring_suppression(body)
# Create a suppression rule with an exclusion query returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateData.new({
    attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateAttributes.new({
      description: "This rule suppresses low-severity signals in staging environments.",
      enabled: true,
      expiration_date: 1638443471000,
      name: "Example-Security-Monitoring",
      rule_query: "type:log_detection source:cloudtrail",
      data_exclusion_query: "account_id:12345",
    }),
    type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS,
  }),
})
p api_instance.create_security_monitoring_suppression(body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Create a suppression rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateAttributes;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateData;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateRequest;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionType;

#[tokio::main]
async fn main() {
    let body = SecurityMonitoringSuppressionCreateRequest::new(
        SecurityMonitoringSuppressionCreateData::new(
            SecurityMonitoringSuppressionCreateAttributes::new(
                true,
                "Example-Security-Monitoring".to_string(),
                "type:log_detection source:cloudtrail".to_string(),
            )
            .description(
                "This rule suppresses low-severity signals in staging environments.".to_string(),
            )
            .expiration_date(1638443471000)
            .suppression_query("env:staging status:low".to_string()),
            SecurityMonitoringSuppressionType::SUPPRESSIONS,
        ),
    );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_security_monitoring_suppression(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}
// Create a suppression rule with an exclusion query returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateAttributes;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateData;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateRequest;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionType;

#[tokio::main]
async fn main() {
    let body = SecurityMonitoringSuppressionCreateRequest::new(
        SecurityMonitoringSuppressionCreateData::new(
            SecurityMonitoringSuppressionCreateAttributes::new(
                true,
                "Example-Security-Monitoring".to_string(),
                "type:log_detection source:cloudtrail".to_string(),
            )
            .data_exclusion_query("account_id:12345".to_string())
            .description(
                "This rule suppresses low-severity signals in staging environments.".to_string(),
            )
            .expiration_date(1638443471000),
            SecurityMonitoringSuppressionType::SUPPRESSIONS,
        ),
    );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_security_monitoring_suppression(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
/**
 * Create a suppression rule returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateSecurityMonitoringSuppressionRequest =
  {
    body: {
      data: {
        attributes: {
          description:
            "This rule suppresses low-severity signals in staging environments.",
          enabled: true,
          expirationDate: 1638443471000,
          name: "Example-Security-Monitoring",
          ruleQuery: "type:log_detection source:cloudtrail",
          suppressionQuery: "env:staging status:low",
        },
        type: "suppressions",
      },
    },
  };

apiInstance
  .createSecurityMonitoringSuppression(params)
  .then((data: v2.SecurityMonitoringSuppressionResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));
/**
 * Create a suppression rule with an exclusion query returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateSecurityMonitoringSuppressionRequest =
  {
    body: {
      data: {
        attributes: {
          description:
            "This rule suppresses low-severity signals in staging environments.",
          enabled: true,
          expirationDate: 1638443471000,
          name: "Example-Security-Monitoring",
          ruleQuery: "type:log_detection source:cloudtrail",
          dataExclusionQuery: "account_id:12345",
        },
        type: "suppressions",
      },
    },
  };

apiInstance
  .createSecurityMonitoringSuppression(params)
  .then((data: v2.SecurityMonitoringSuppressionResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

DELETE https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}

Overview

Delete a specific suppression rule.

OAuth apps require the security_monitoring_suppressions_write authorization scope to access this endpoint.

Arguments

Path Parameters

Name

Type

Description

suppression_id [required]

string

The ID of the suppression rule

Response

OK

Not Authorized

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                  # Path parameters
export suppression_id="CHANGE_ME"
# Curl command
curl -X DELETE "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/${suppression_id}" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
Delete a suppression rule returns "OK" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = environ["SUPPRESSION_DATA_ID"]

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    api_instance.delete_security_monitoring_suppression(
        suppression_id=SUPPRESSION_DATA_ID,
    )

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Delete a suppression rule returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = ENV["SUPPRESSION_DATA_ID"]
api_instance.delete_security_monitoring_suppression(SUPPRESSION_DATA_ID)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Delete a suppression rule returns "OK" response

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "suppression" in the system
	SuppressionDataID := os.Getenv("SUPPRESSION_DATA_ID")

	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	r, err := api.DeleteSecurityMonitoringSuppression(ctx, SuppressionDataID)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.DeleteSecurityMonitoringSuppression`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Delete a suppression rule returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "suppression" in the system
    String SUPPRESSION_DATA_ID = System.getenv("SUPPRESSION_DATA_ID");

    try {
      apiInstance.deleteSecurityMonitoringSuppression(SUPPRESSION_DATA_ID);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#deleteSecurityMonitoringSuppression");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
// Delete a suppression rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    // there is a valid "suppression" in the system
    let suppression_data_id = std::env::var("SUPPRESSION_DATA_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .delete_security_monitoring_suppression(suppression_data_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
/**
 * Delete a suppression rule returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "suppression" in the system
const SUPPRESSION_DATA_ID = process.env.SUPPRESSION_DATA_ID as string;

const params: v2.SecurityMonitoringApiDeleteSecurityMonitoringSuppressionRequest =
  {
    suppressionId: SUPPRESSION_DATA_ID,
  };

apiInstance
  .deleteSecurityMonitoringSuppression(params)
  .then((data: any) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}

Overview

Get the details of a specific suppression rule.

OAuth apps require the security_monitoring_suppressions_read authorization scope to access this endpoint.

Arguments

Path Parameters

Name

Type

Description

suppression_id [required]

string

The ID of the suppression rule

Response

OK

Response object containing a single suppression rule.

Expand All

Field

Type

Description

data

object

The suppression rule's properties.

attributes

object

The attributes of the suppression rule.

creation_date

int64

A Unix millisecond timestamp given the creation date of the suppression rule.

creator

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

data_exclusion_query

string

An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

description

string

A description for the suppression rule.

editable

boolean

Whether the suppression rule is editable.

enabled

boolean

Whether the suppression rule is enabled.

expiration_date

int64

A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

name

string

The name of the suppression rule.

rule_query

string

The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

suppression_query

string

The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.

update_date

int64

A Unix millisecond timestamp given the update date of the suppression rule.

updater

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

version

int32

The version of the suppression rule; it starts at 1, and is incremented at each update.

id

string

The ID of the suppression rule.

type

enum

The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

default: suppressions

{
  "data": {
    "attributes": {
      "creation_date": "integer",
      "creator": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "data_exclusion_query": "source:cloudtrail account_id:12345",
      "description": "This rule suppresses low-severity signals in staging environments.",
      "editable": true,
      "enabled": true,
      "expiration_date": 1703187336000,
      "name": "Custom suppression",
      "rule_query": "type:log_detection source:cloudtrail",
      "suppression_query": "env:staging status:low",
      "update_date": "integer",
      "updater": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "version": 42
    },
    "id": "3dd-0uc-h1s",
    "type": "suppressions"
  }
}

Not Authorized

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                  # Path parameters
export suppression_id="CHANGE_ME"
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/${suppression_id}" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
Get a suppression rule returns "OK" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = environ["SUPPRESSION_DATA_ID"]

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_security_monitoring_suppression(
        suppression_id=SUPPRESSION_DATA_ID,
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Get a suppression rule returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = ENV["SUPPRESSION_DATA_ID"]
p api_instance.get_security_monitoring_suppression(SUPPRESSION_DATA_ID)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Get a suppression rule returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "suppression" in the system
	SuppressionDataID := os.Getenv("SUPPRESSION_DATA_ID")

	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetSecurityMonitoringSuppression(ctx, SuppressionDataID)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetSecurityMonitoringSuppression`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetSecurityMonitoringSuppression`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Get a suppression rule returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "suppression" in the system
    String SUPPRESSION_DATA_ID = System.getenv("SUPPRESSION_DATA_ID");

    try {
      SecurityMonitoringSuppressionResponse result =
          apiInstance.getSecurityMonitoringSuppression(SUPPRESSION_DATA_ID);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#getSecurityMonitoringSuppression");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
// Get a suppression rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    // there is a valid "suppression" in the system
    let suppression_data_id = std::env::var("SUPPRESSION_DATA_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .get_security_monitoring_suppression(suppression_data_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
/**
 * Get a suppression rule returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "suppression" in the system
const SUPPRESSION_DATA_ID = process.env.SUPPRESSION_DATA_ID as string;

const params: v2.SecurityMonitoringApiGetSecurityMonitoringSuppressionRequest =
  {
    suppressionId: SUPPRESSION_DATA_ID,
  };

apiInstance
  .getSecurityMonitoringSuppression(params)
  .then((data: v2.SecurityMonitoringSuppressionResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressionshttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressionshttps://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions

Overview

Get the list of all suppression rules.

OAuth apps require the security_monitoring_suppressions_read authorization scope to access this endpoint.

Response

OK

Response object containing the available suppression rules.

Expand All

Field

Type

Description

data

[object]

A list of suppressions objects.

attributes

object

The attributes of the suppression rule.

creation_date

int64

A Unix millisecond timestamp given the creation date of the suppression rule.

creator

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

data_exclusion_query

string

An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

description

string

A description for the suppression rule.

editable

boolean

Whether the suppression rule is editable.

enabled

boolean

Whether the suppression rule is enabled.

expiration_date

int64

A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

name

string

The name of the suppression rule.

rule_query

string

The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

suppression_query

string

The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.

update_date

int64

A Unix millisecond timestamp given the update date of the suppression rule.

updater

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

version

int32

The version of the suppression rule; it starts at 1, and is incremented at each update.

id

string

The ID of the suppression rule.

type

enum

The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

default: suppressions

{
  "data": [
    {
      "attributes": {
        "creation_date": "integer",
        "creator": {
          "handle": "john.doe@datadoghq.com",
          "name": "John Doe"
        },
        "data_exclusion_query": "source:cloudtrail account_id:12345",
        "description": "This rule suppresses low-severity signals in staging environments.",
        "editable": true,
        "enabled": true,
        "expiration_date": 1703187336000,
        "name": "Custom suppression",
        "rule_query": "type:log_detection source:cloudtrail",
        "suppression_query": "env:staging status:low",
        "update_date": "integer",
        "updater": {
          "handle": "john.doe@datadoghq.com",
          "name": "John Doe"
        },
        "version": 42
      },
      "id": "3dd-0uc-h1s",
      "type": "suppressions"
    }
  ]
}

Not Authorized

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
Get all suppression rules returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.list_security_monitoring_suppressions()

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Get all suppression rules returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.list_security_monitoring_suppressions()

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Get all suppression rules returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.ListSecurityMonitoringSuppressions(ctx)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ListSecurityMonitoringSuppressions`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.ListSecurityMonitoringSuppressions`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Get all suppression rules returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionsResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      SecurityMonitoringSuppressionsResponse result =
          apiInstance.listSecurityMonitoringSuppressions();
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#listSecurityMonitoringSuppressions");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
// Get all suppression rules returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.list_security_monitoring_suppressions().await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
/**
 * Get all suppression rules returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

apiInstance
  .listSecurityMonitoringSuppressions()
  .then((data: v2.SecurityMonitoringSuppressionsResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

PATCH https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}

Overview

Update a specific suppression rule.

OAuth apps require the security_monitoring_suppressions_write authorization scope to access this endpoint.

Arguments

Path Parameters

Name

Type

Description

suppression_id [required]

string

The ID of the suppression rule

Request

Body Data (required)

New definition of the suppression rule. Supports partial updates.

Expand All

Field

Type

Description

data [required]

object

The new suppression properties; partial updates are supported.

attributes [required]

object

The suppression rule properties to be updated.

data_exclusion_query

string

An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

description

string

A description for the suppression rule.

enabled

boolean

Whether the suppression rule is enabled.

expiration_date

int64

A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. If unset, the expiration date of the suppression rule is left untouched. If set to null, the expiration date is removed.

name

string

The name of the suppression rule.

rule_query

string

The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

suppression_query

string

The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.

version

int32

The current version of the suppression. This is optional, but it can help prevent concurrent modifications.

type [required]

enum

The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

default: suppressions

{
  "data": {
    "attributes": {
      "suppression_query": "env:staging status:low"
    },
    "type": "suppressions"
  }
}

Response

OK

Response object containing a single suppression rule.

Expand All

Field

Type

Description

data

object

The suppression rule's properties.

attributes

object

The attributes of the suppression rule.

creation_date

int64

A Unix millisecond timestamp given the creation date of the suppression rule.

creator

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

data_exclusion_query

string

An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

description

string

A description for the suppression rule.

editable

boolean

Whether the suppression rule is editable.

enabled

boolean

Whether the suppression rule is enabled.

expiration_date

int64

A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

name

string

The name of the suppression rule.

rule_query

string

The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

suppression_query

string

The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.

update_date

int64

A Unix millisecond timestamp given the update date of the suppression rule.

updater

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

version

int32

The version of the suppression rule; it starts at 1, and is incremented at each update.

id

string

The ID of the suppression rule.

type

enum

The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

default: suppressions

{
  "data": {
    "attributes": {
      "creation_date": "integer",
      "creator": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "data_exclusion_query": "source:cloudtrail account_id:12345",
      "description": "This rule suppresses low-severity signals in staging environments.",
      "editable": true,
      "enabled": true,
      "expiration_date": 1703187336000,
      "name": "Custom suppression",
      "rule_query": "type:log_detection source:cloudtrail",
      "suppression_query": "env:staging status:low",
      "update_date": "integer",
      "updater": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "version": 42
    },
    "id": "3dd-0uc-h1s",
    "type": "suppressions"
  }
}

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Concurrent Modification

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                          # Path parameters
export suppression_id="CHANGE_ME"
# Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/${suppression_id}" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "suppression_query": "env:staging status:low" }, "type": "suppressions" } } EOF
// Update a suppression rule returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "suppression" in the system
	SuppressionDataID := os.Getenv("SUPPRESSION_DATA_ID")

	body := datadogV2.SecurityMonitoringSuppressionUpdateRequest{
		Data: datadogV2.SecurityMonitoringSuppressionUpdateData{
			Attributes: datadogV2.SecurityMonitoringSuppressionUpdateAttributes{
				SuppressionQuery: datadog.PtrString("env:staging status:low"),
			},
			Type: datadogV2.SECURITYMONITORINGSUPPRESSIONTYPE_SUPPRESSIONS,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.UpdateSecurityMonitoringSuppression(ctx, SuppressionDataID, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.UpdateSecurityMonitoringSuppression`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.UpdateSecurityMonitoringSuppression`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Update a suppression rule returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionType;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionUpdateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionUpdateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionUpdateRequest;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "suppression" in the system
    String SUPPRESSION_DATA_ID = System.getenv("SUPPRESSION_DATA_ID");

    SecurityMonitoringSuppressionUpdateRequest body =
        new SecurityMonitoringSuppressionUpdateRequest()
            .data(
                new SecurityMonitoringSuppressionUpdateData()
                    .attributes(
                        new SecurityMonitoringSuppressionUpdateAttributes()
                            .suppressionQuery("env:staging status:low"))
                    .type(SecurityMonitoringSuppressionType.SUPPRESSIONS));

    try {
      SecurityMonitoringSuppressionResponse result =
          apiInstance.updateSecurityMonitoringSuppression(SUPPRESSION_DATA_ID, body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#updateSecurityMonitoringSuppression");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
"""
Update a suppression rule returns "OK" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType
from datadog_api_client.v2.model.security_monitoring_suppression_update_attributes import (
    SecurityMonitoringSuppressionUpdateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_suppression_update_data import (
    SecurityMonitoringSuppressionUpdateData,
)
from datadog_api_client.v2.model.security_monitoring_suppression_update_request import (
    SecurityMonitoringSuppressionUpdateRequest,
)

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = environ["SUPPRESSION_DATA_ID"]

body = SecurityMonitoringSuppressionUpdateRequest(
    data=SecurityMonitoringSuppressionUpdateData(
        attributes=SecurityMonitoringSuppressionUpdateAttributes(
            suppression_query="env:staging status:low",
        ),
        type=SecurityMonitoringSuppressionType.SUPPRESSIONS,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.update_security_monitoring_suppression(suppression_id=SUPPRESSION_DATA_ID, body=body)

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Update a suppression rule returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = ENV["SUPPRESSION_DATA_ID"]

body = DatadogAPIClient::V2::SecurityMonitoringSuppressionUpdateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringSuppressionUpdateData.new({
    attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionUpdateAttributes.new({
      suppression_query: "env:staging status:low",
    }),
    type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS,
  }),
})
p api_instance.update_security_monitoring_suppression(SUPPRESSION_DATA_ID, body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Update a suppression rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionType;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionUpdateAttributes;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionUpdateData;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionUpdateRequest;

#[tokio::main]
async fn main() {
    // there is a valid "suppression" in the system
    let suppression_data_id = std::env::var("SUPPRESSION_DATA_ID").unwrap();
    let body = SecurityMonitoringSuppressionUpdateRequest::new(
        SecurityMonitoringSuppressionUpdateData::new(
            SecurityMonitoringSuppressionUpdateAttributes::new()
                .suppression_query("env:staging status:low".to_string()),
            SecurityMonitoringSuppressionType::SUPPRESSIONS,
        ),
    );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .update_security_monitoring_suppression(suppression_data_id.clone(), body)
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
/**
 * Update a suppression rule returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "suppression" in the system
const SUPPRESSION_DATA_ID = process.env.SUPPRESSION_DATA_ID as string;

const params: v2.SecurityMonitoringApiUpdateSecurityMonitoringSuppressionRequest =
  {
    body: {
      data: {
        attributes: {
          suppressionQuery: "env:staging status:low",
        },
        type: "suppressions",
      },
    },
    suppressionId: SUPPRESSION_DATA_ID,
  };

apiInstance
  .updateSecurityMonitoringSuppression(params)
  .then((data: v2.SecurityMonitoringSuppressionResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

GET https://api.ap1.datadoghq.com/api/v2/posture_management/findingshttps://api.datadoghq.eu/api/v2/posture_management/findingshttps://api.ddog-gov.com/api/v2/posture_management/findingshttps://api.datadoghq.com/api/v2/posture_management/findingshttps://api.us3.datadoghq.com/api/v2/posture_management/findingshttps://api.us5.datadoghq.com/api/v2/posture_management/findings

Overview

Get a list of findings. These include both misconfigurations and identity risks.

Note: To filter and return only identity risks, add the following query parameter: ?filter[tags]=dd_rule_type:ciem

Filtering

Filters can be applied by appending query parameters to the URL.

  • Using a single filter: ?filter[attribute_key]=attribute_value
  • Chaining filters: ?filter[attribute_key]=attribute_value&filter[attribute_key]=attribute_value...
  • Filtering on tags: ?filter[tags]=tag_key:tag_value&filter[tags]=tag_key_2:tag_value_2

Here, attribute_key can be any of the filter keys described further below.

Query parameters of type integer support comparison operators (>, >=, <, <=). This is particularly useful when filtering by evaluation_changed_at or resource_discovery_timestamp. For example: ?filter[evaluation_changed_at]=>20123123121.

You can also use the negation operator on strings. For example, use filter[resource_type]=-aws* to filter for any non-AWS resources.

The operator must come after the equal sign. For example, to filter with the >= operator, add the operator after the equal sign: filter[evaluation_changed_at]=>=1678809373257.

Query parameters must be only among the documented ones and with values of correct types. Duplicated query parameters (e.g. filter[status]=low&filter[status]=info) are not allowed.

Response

The response includes an array of finding objects, pagination metadata, and a count of items that match the query.

Each finding object contains the following:

  • The finding ID that can be used in a GetFinding request to retrieve the full finding details.
  • Core attributes, including status, evaluation, high-level resource details, muted state, and rule details.
  • evaluation_changed_at and resource_discovery_date time stamps.
  • An array of associated tags.

OAuth apps require the security_monitoring_findings_read authorization scope to access this endpoint.

Arguments

Query Strings

Name

Type

Description

page[limit]

integer

Limit the number of findings returned. Must be <= 1000.

snapshot_timestamp

integer

Return findings for a given snapshot of time (Unix ms).

page[cursor]

string

Return the next page of findings pointed to by the cursor.

filter[tags]

string

Return findings that have these associated tags (repeatable).

filter[evaluation_changed_at]

string

Return findings that have changed from pass to fail or vice versa on a specified date (Unix ms) or date range (using comparison operators).

filter[muted]

boolean

Set to true to return findings that are muted. Set to false to return unmuted findings.

filter[rule_id]

string

Return findings for the specified rule ID.

filter[rule_name]

string

Return findings for the specified rule.

filter[resource_type]

string

Return only findings for the specified resource type.

filter[discovery_timestamp]

string

Return findings that were found on a specified date (Unix ms) or date range (using comparison operators).

filter[evaluation]

enum

Return only pass or fail findings.
Allowed enum values: pass, fail

filter[status]

enum

Return only findings with the specified status.
Allowed enum values: critical, high, medium, low, info

filter[vulnerability_type]

array

Return findings that match the selected vulnerability types (repeatable).

Response

OK

The expected response schema when listing findings.

Expand All

Field

Type

Description

data [required]

[object]

Array of findings.

attributes

object

The JSON:API attributes of the finding.

evaluation

enum

The evaluation of the finding. Allowed enum values: pass,fail

evaluation_changed_at

int64

The date on which the evaluation for this finding changed (Unix ms).

mute

object

Information about the mute status of this finding.

description

string

Additional information about the reason why this finding is muted or unmuted.

expiration_date

int64

The expiration date of the mute or unmute action (Unix ms).

muted

boolean

Whether this finding is muted or unmuted.

reason

enum

The reason why this finding is muted or unmuted. Allowed enum values: PENDING_FIX,FALSE_POSITIVE,ACCEPTED_RISK,NO_PENDING_FIX,HUMAN_ERROR,NO_LONGER_ACCEPTED_RISK,OTHER

start_date

int64

The start of the mute period.

uuid

string

The ID of the user who muted or unmuted this finding.

resource

string

The resource name of this finding.

resource_discovery_date

int64

The date on which the resource was discovered (Unix ms).

resource_type

string

The resource type of this finding.

rule

object

The rule that triggered this finding.

id

string

The ID of the rule that triggered this finding.

name

string

The name of the rule that triggered this finding.

status

enum

The status of the finding. Allowed enum values: critical,high,medium,low,info

tags

[string]

The tags associated with this finding.

vulnerability_type

enum

The vulnerability type of the finding. Allowed enum values: misconfiguration,attack_path,identity_risk,api_security

id

string

The unique ID for this finding.

type

enum

The JSON:API type for findings. Allowed enum values: finding

default: finding

meta [required]

object

Metadata for pagination.

page

object

Pagination and findings count information.

cursor

string

The cursor used to paginate requests.

total_filtered_count

int64

The total count of findings after the filter has been applied.

snapshot_timestamp

int64

The point in time corresponding to the listed findings.

{
  "data": [
    {
      "attributes": {
        "evaluation": "pass",
        "evaluation_changed_at": 1678721573794,
        "mute": {
          "description": "To be resolved later",
          "expiration_date": 1778721573794,
          "muted": true,
          "reason": "ACCEPTED_RISK",
          "start_date": 1678721573794,
          "uuid": "e51c9744-d158-11ec-ad23-da7ad0900002"
        },
        "resource": "my_resource_name",
        "resource_discovery_date": 1678721573794,
        "resource_type": "azure_storage_account",
        "rule": {
          "id": "dv2-jzf-41i",
          "name": "Soft delete is enabled for Azure Storage"
        },
        "status": "critical",
        "tags": [
          "cloud_provider:aws",
          "myTag:myValue"
        ],
        "vulnerability_type": "misconfiguration"
      },
      "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
      "type": "finding"
    }
  ],
  "meta": {
    "page": {
      "cursor": "eyJhZnRlciI6IkFRQUFBWWJiaEJXQS1OY1dqUUFBQUFCQldXSmlhRUpYUVVGQlJFSktkbTlDTUdaWFRVbDNRVUUiLCJ2YWx1ZXMiOlsiY3JpdGljYWwiXX0=",
      "total_filtered_count": 213
    },
    "snapshot_timestamp": 1678721573794
  }
}

Bad Request: The server cannot process the request due to invalid syntax in the request.

API error response.

Expand All

Field

Type

Description

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Forbidden: Access denied

API error response.

Expand All

Field

Type

Description

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Not Found: The requested finding cannot be found.

API error response.

Expand All

Field

Type

Description

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Too many requests: The rate limit set by the API has been exceeded.

API error response.

Expand All

Field

Type

Description

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Code Example

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/posture_management/findings" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
List findings returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
configuration.unstable_operations["list_findings"] = True
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.list_findings()

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# List findings returns "OK" response

require "datadog_api_client"
DatadogAPIClient.configure do |config|
  config.unstable_operations["v2.list_findings".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.list_findings()

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// List findings returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	configuration.SetUnstableOperationEnabled("v2.ListFindings", true)
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.ListFindings(ctx, *datadogV2.NewListFindingsOptionalParameters())

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ListFindings`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.ListFindings`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// List findings returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.ListFindingsResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    defaultClient.setUnstableOperationEnabled("v2.listFindings", true);
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      ListFindingsResponse result = apiInstance.listFindings();
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#listFindings");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
// List findings returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::ListFindingsOptionalParams;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    let mut configuration = datadog::Configuration::new();
    configuration.set_unstable_operation_enabled("v2.ListFindings", true);
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .list_findings(ListFindingsOptionalParams::default())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
/**
 * List findings returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
configuration.unstableOperations["v2.listFindings"] = true;
const apiInstance = new v2.SecurityMonitoringApi(configuration);

apiInstance
  .listFindings()
  .then((data: v2.ListFindingsResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

GET https://api.ap1.datadoghq.com/api/v2/posture_management/findings/{finding_id}https://api.datadoghq.eu/api/v2/posture_management/findings/{finding_id}https://api.ddog-gov.com/api/v2/posture_management/findings/{finding_id}https://api.datadoghq.com/api/v2/posture_management/findings/{finding_id}https://api.us3.datadoghq.com/api/v2/posture_management/findings/{finding_id}https://api.us5.datadoghq.com/api/v2/posture_management/findings/{finding_id}

Overview

Returns a single finding with message and resource configuration.

OAuth apps require the security_monitoring_findings_read authorization scope to access this endpoint.

Arguments

Path Parameters

Name

Type

Description

finding_id [required]

string

The ID of the finding.

Query Strings

Name

Type

Description

snapshot_timestamp

integer

Return the finding for a given snapshot of time (Unix ms).

Response

OK

The expected response schema when getting a finding.

Expand All

Field

Type

Description

data [required]

object

A single finding with with message and resource configuration.

attributes

object

The JSON:API attributes of the detailed finding.

evaluation

enum

The evaluation of the finding. Allowed enum values: pass,fail

evaluation_changed_at

int64

The date on which the evaluation for this finding changed (Unix ms).

message

string

The remediation message for this finding.

mute

object

Information about the mute status of this finding.

description

string

Additional information about the reason why this finding is muted or unmuted.

expiration_date

int64

The expiration date of the mute or unmute action (Unix ms).

muted

boolean

Whether this finding is muted or unmuted.

reason

enum

The reason why this finding is muted or unmuted. Allowed enum values: PENDING_FIX,FALSE_POSITIVE,ACCEPTED_RISK,NO_PENDING_FIX,HUMAN_ERROR,NO_LONGER_ACCEPTED_RISK,OTHER

start_date

int64

The start of the mute period.

uuid

string

The ID of the user who muted or unmuted this finding.

resource

string

The resource name of this finding.

resource_configuration

object

The resource configuration for this finding.

resource_discovery_date

int64

The date on which the resource was discovered (Unix ms).

resource_type

string

The resource type of this finding.

rule

object

The rule that triggered this finding.

id

string

The ID of the rule that triggered this finding.

name

string

The name of the rule that triggered this finding.

status

enum

The status of the finding. Allowed enum values: critical,high,medium,low,info

tags

[string]

The tags associated with this finding.

id

string

The unique ID for this finding.

type

enum

The JSON:API type for findings that have the message and resource configuration. Allowed enum values: detailed_finding

default: detailed_finding

{
  "data": {
    "attributes": {
      "evaluation": "pass",
      "evaluation_changed_at": 1678721573794,
      "message": "## Remediation\n\n### From the console\n\n1. Go to Storage Account\n2. For each Storage Account, navigate to Data Protection\n3. Select Set soft delete enabled and enter the number of days to retain soft deleted data.",
      "mute": {
        "description": "To be resolved later",
        "expiration_date": 1778721573794,
        "muted": true,
        "reason": "ACCEPTED_RISK",
        "start_date": 1678721573794,
        "uuid": "e51c9744-d158-11ec-ad23-da7ad0900002"
      },
      "resource": "my_resource_name",
      "resource_configuration": {},
      "resource_discovery_date": 1678721573794,
      "resource_type": "azure_storage_account",
      "rule": {
        "id": "dv2-jzf-41i",
        "name": "Soft delete is enabled for Azure Storage"
      },
      "status": "critical",
      "tags": [
        "cloud_provider:aws",
        "myTag:myValue"
      ]
    },
    "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
    "type": "detailed_finding"
  }
}

Bad Request: The server cannot process the request due to invalid syntax in the request.

API error response.

Expand All

Field

Type

Description

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Forbidden: Access denied

API error response.

Expand All

Field

Type

Description

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Not Found: The requested finding cannot be found.

API error response.

Expand All

Field

Type

Description

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Too many requests: The rate limit set by the API has been exceeded.

API error response.

Expand All

Field

Type

Description

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Code Example

                  # Path parameters
export finding_id="CHANGE_ME"
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/posture_management/findings/${finding_id}" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
Get a finding returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
configuration.unstable_operations["get_finding"] = True
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_finding(
        finding_id="AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz",
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Get a finding returns "OK" response

require "datadog_api_client"
DatadogAPIClient.configure do |config|
  config.unstable_operations["v2.get_finding".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.get_finding("AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz")

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Get a finding returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	configuration.SetUnstableOperationEnabled("v2.GetFinding", true)
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetFinding(ctx, "AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz", *datadogV2.NewGetFindingOptionalParameters())

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetFinding`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetFinding`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Get a finding returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.GetFindingResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    defaultClient.setUnstableOperationEnabled("v2.getFinding", true);
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      GetFindingResponse result =
          apiInstance.getFinding(
              "AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz");
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#getFinding");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
// Get a finding returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::GetFindingOptionalParams;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    let mut configuration = datadog::Configuration::new();
    configuration.set_unstable_operation_enabled("v2.GetFinding", true);
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp =
        api
            .get_finding(
                "AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz".to_string(),
                GetFindingOptionalParams::default(),
            )
            .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
/**
 * Get a finding returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
configuration.unstableOperations["v2.getFinding"] = true;
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiGetFindingRequest = {
  findingId:
    "AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz",
};

apiInstance
  .getFinding(params)
  .then((data: v2.GetFindingResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

PATCH https://api.ap1.datadoghq.com/api/v2/posture_management/findingshttps://api.datadoghq.eu/api/v2/posture_management/findingshttps://api.ddog-gov.com/api/v2/posture_management/findingshttps://api.datadoghq.com/api/v2/posture_management/findingshttps://api.us3.datadoghq.com/api/v2/posture_management/findingshttps://api.us5.datadoghq.com/api/v2/posture_management/findings

Overview

Mute or unmute findings.

Request

Body Data (required)

Attributes

All findings are updated with the same attributes. The request body must include at least two attributes: muted and reason. The allowed reasons depend on whether the finding is being muted or unmuted:

  • To mute a finding: PENDING_FIX, FALSE_POSITIVE, ACCEPTED_RISK, OTHER.
  • To unmute a finding : NO_PENDING_FIX, HUMAN_ERROR, NO_LONGER_ACCEPTED_RISK, OTHER.

Meta

The request body must include a list of the finding IDs to be updated.

Expand All

Field

Type

Description

data [required]

object

Data object containing the new bulk mute properties of the finding.

attributes [required]

object

The mute properties to be updated.

mute [required]

object

Object containing the new mute properties of the findings.

description

string

Additional information about the reason why those findings are muted or unmuted. This field has a maximum limit of 280 characters.

expiration_date

int64

The expiration date of the mute or unmute action (Unix ms). It must be set to a value greater than the current timestamp. If this field is not provided, the finding will be muted or unmuted indefinitely, which is equivalent to setting the expiration date to 9999999999999.

muted [required]

boolean

Whether those findings should be muted or unmuted.

reason [required]

enum

The reason why this finding is muted or unmuted. Allowed enum values: PENDING_FIX,FALSE_POSITIVE,ACCEPTED_RISK,NO_PENDING_FIX,HUMAN_ERROR,NO_LONGER_ACCEPTED_RISK,OTHER

id [required]

string

UUID to identify the request

meta [required]

object

Meta object containing the findings to be updated.

findings

[object]

Array of findings.

finding_id

string

The unique ID for this finding.

type [required]

enum

The JSON:API type for findings. Allowed enum values: finding

default: finding

{
  "data": {
    "attributes": {
      "mute": {
        "expiration_date": 1778721573794,
        "muted": true,
        "reason": "ACCEPTED_RISK"
      }
    },
    "id": "dbe5f567-192b-4404-b908-29b70e1c9f76",
    "meta": {
      "findings": [
        {
          "finding_id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw=="
        }
      ]
    },
    "type": "finding"
  }
}

Response

OK

The expected response schema.

Expand All

Field

Type

Description

data [required]

object

Data object containing the ID of the request that was updated.

id

string

UUID used to identify the request

type

enum

The JSON:API type for findings. Allowed enum values: finding

default: finding

{
  "data": {
    "id": "93bfeb70-af47-424d-908a-948d3f08e37f",
    "type": "finding"
  }
}

Bad Request: The server cannot process the request due to invalid syntax in the request.

API error response.

Expand All

Field

Type

Description

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Forbidden: Access denied

API error response.

Expand All

Field

Type

Description

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Not Found: The requested finding cannot be found.

API error response.

Expand All

Field

Type

Description

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Invalid Request: The server understands the request syntax but cannot process it due to invalid data.

API error response.

Expand All

Field

Type

Description

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Too many requests: The rate limit set by the API has been exceeded.

API error response.

Expand All

Field

Type

Description

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Code Example

                          # Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/posture_management/findings" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "mute": { "expiration_date": 1778721573794, "muted": true, "reason": "ACCEPTED_RISK" } }, "id": "dbe5f567-192b-4404-b908-29b70e1c9f76", "meta": { "findings": [ { "finding_id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==" } ] }, "type": "finding" } } EOF
// Mute or unmute a batch of findings returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.BulkMuteFindingsRequest{
		Data: datadogV2.BulkMuteFindingsRequestData{
			Attributes: datadogV2.BulkMuteFindingsRequestAttributes{
				Mute: datadogV2.BulkMuteFindingsRequestProperties{
					ExpirationDate: datadog.PtrInt64(1778721573794),
					Muted:          true,
					Reason:         datadogV2.FINDINGMUTEREASON_ACCEPTED_RISK,
				},
			},
			Id: "dbe5f567-192b-4404-b908-29b70e1c9f76",
			Meta: datadogV2.BulkMuteFindingsRequestMeta{
				Findings: []datadogV2.BulkMuteFindingsRequestMetaFindings{
					{
						FindingId: datadog.PtrString("ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw=="),
					},
				},
			},
			Type: datadogV2.FINDINGTYPE_FINDING,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	configuration.SetUnstableOperationEnabled("v2.MuteFindings", true)
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.MuteFindings(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.MuteFindings`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.MuteFindings`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Mute or unmute a batch of findings returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequest;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestAttributes;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestData;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestMeta;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestMetaFindings;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestProperties;
import com.datadog.api.client.v2.model.BulkMuteFindingsResponse;
import com.datadog.api.client.v2.model.FindingMuteReason;
import com.datadog.api.client.v2.model.FindingType;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    defaultClient.setUnstableOperationEnabled("v2.muteFindings", true);
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    BulkMuteFindingsRequest body =
        new BulkMuteFindingsRequest()
            .data(
                new BulkMuteFindingsRequestData()
                    .attributes(
                        new BulkMuteFindingsRequestAttributes()
                            .mute(
                                new BulkMuteFindingsRequestProperties()
                                    .expirationDate(1778721573794L)
                                    .muted(true)
                                    .reason(FindingMuteReason.ACCEPTED_RISK)))
                    .id("dbe5f567-192b-4404-b908-29b70e1c9f76")
                    .meta(
                        new BulkMuteFindingsRequestMeta()
                            .findings(
                                Collections.singleton