--- title: Add a security signal to an incident description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Security Monitoring --- # Add a security signal to an incident{% #add-a-security-signal-to-an-incident %} Copy pageCopied {% tab title="v1" %} | Datadog site | API endpoint | | ----------------- | ------------------------------------------------------------------------------------------------- | | ap1.datadoghq.com | PATCH https://api.ap1.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/add_to_incident | | ap2.datadoghq.com | PATCH https://api.ap2.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/add_to_incident | | app.datadoghq.eu | PATCH https://api.datadoghq.eu/api/v1/security_analytics/signals/{signal_id}/add_to_incident | | app.ddog-gov.com | PATCH https://api.ddog-gov.com/api/v1/security_analytics/signals/{signal_id}/add_to_incident | | us2.ddog-gov.com | PATCH https://api.us2.ddog-gov.com/api/v1/security_analytics/signals/{signal_id}/add_to_incident | | app.datadoghq.com | PATCH https://api.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/add_to_incident | | us3.datadoghq.com | PATCH https://api.us3.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/add_to_incident | | us5.datadoghq.com | PATCH https://api.us5.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/add_to_incident | ### Overview Add a security signal to an incident. This makes it possible to search for signals by incident within the signal explorer and to view the signals on the incident timeline. This endpoint requires the `security_monitoring_signals_write` permission. ### Arguments #### Path Parameters | Name | Type | Description | | --------------------------- | ------ | --------------------- | | signal_id [*required*] | string | The ID of the signal. | ### Request #### Body Data (required) Attributes describing the signal update. {% tab title="Model" %} | Field | Type | Description | | ----------------------------- | ------- | ----------------------------------------------------------------------------------------- | | add_to_signal_timeline | boolean | Whether to post the signal on the incident timeline. | | incident_id [*required*] | int64 | Public ID attribute of the incident to which the signal will be added. | | version | int64 | Version of the updated signal. If server side version is higher, update will be rejected. | {% /tab %} {% tab title="Example" %} ```json { "incident_id": 2609 } ``` {% /tab %} ### Response {% tab title="200" %} OK {% tab title="Model" %} Updated signal data following a successfully performed update. | Field | Type | Description | | ------ | ------ | ----------------------- | | status | string | Status of the response. | {% /tab %} {% tab title="Example" %} ```json { "status": "string" } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} Error response object. | Field | Type | Description | | ------------------------ | -------- | ------------------------------------ | | errors [*required*] | [string] | Array of errors returned by the API. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Forbidden {% tab title="Model" %} Error response object. | Field | Type | Description | | ------------------------ | -------- | ------------------------------------ | | errors [*required*] | [string] | Array of errors returned by the API. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="404" %} Not Found {% tab title="Model" %} Error response object. | Field | Type | Description | | ------------------------ | -------- | ------------------------------------ | | errors [*required*] | [string] | Array of errors returned by the API. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} Error response object. | Field | Type | Description | | ------------------------ | -------- | ------------------------------------ | | errors [*required*] | [string] | Array of errors returned by the API. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Path parameters export signal_id="CHANGE_ME" \# Curl command curl -X PATCH "https://api.datadoghq.com/api/v1/security_analytics/signals/${signal_id}/add_to_incident" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "incident_id": 2066, "version": 0 } EOF ##### ```go // Add a security signal to an incident returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV1" ) func main() { body := datadogV1.AddSignalToIncidentRequest{ IncidentId: 2609, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV1.NewSecurityMonitoringApi(apiClient) resp, r, err := api.AddSecurityMonitoringSignalToIncident(ctx, "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.AddSecurityMonitoringSignalToIncident`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.AddSecurityMonitoringSignalToIncident`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Add a security signal to an incident returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v1.api.SecurityMonitoringApi; import com.datadog.api.client.v1.model.AddSignalToIncidentRequest; import com.datadog.api.client.v1.model.SuccessfulSignalUpdateResponse; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); AddSignalToIncidentRequest body = new AddSignalToIncidentRequest().incidentId(2609L); try { SuccessfulSignalUpdateResponse result = apiInstance.addSecurityMonitoringSignalToIncident( "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body); System.out.println(result); } catch (ApiException e) { System.err.println( "Exception when calling SecurityMonitoringApi#addSecurityMonitoringSignalToIncident"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```python """ Add a security signal to an incident returns "OK" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v1.api.security_monitoring_api import SecurityMonitoringApi from datadog_api_client.v1.model.add_signal_to_incident_request import AddSignalToIncidentRequest body = AddSignalToIncidentRequest( incident_id=2609, ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) response = api_instance.add_security_monitoring_signal_to_incident( signal_id="AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body=body ) print(response) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Add a security signal to an incident returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V1::SecurityMonitoringAPI.new body = DatadogAPIClient::V1::AddSignalToIncidentRequest.new({ incident_id: 2609, }) p api_instance.add_security_monitoring_signal_to_incident("AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```rust // Add a security signal to an incident returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV1::api_security_monitoring::SecurityMonitoringAPI; use datadog_api_client::datadogV1::model::AddSignalToIncidentRequest; #[tokio::main] async fn main() { let body = AddSignalToIncidentRequest::new(2609); let configuration = datadog::Configuration::new(); let api = SecurityMonitoringAPI::with_config(configuration); let resp = api .add_security_monitoring_signal_to_incident( "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE".to_string(), body, ) .await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Add a security signal to an incident returns "OK" response */ import { client, v1 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v1.SecurityMonitoringApi(configuration); const params: v1.SecurityMonitoringApiAddSecurityMonitoringSignalToIncidentRequest = { body: { incidentId: 2609, }, signalId: "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", }; apiInstance .addSecurityMonitoringSignalToIncident(params) .then((data: v1.SuccessfulSignalUpdateResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}