--- title: Assign or unassign security findings description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Security Monitoring --- # Assign or unassign security findings{% #assign-or-unassign-security-findings %} Copy pageCopied {% tab title="v2" %} **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). | Datadog site | API endpoint | | ----------------- | --------------------------------------------------------------------- | | ap1.datadoghq.com | PATCH https://api.ap1.datadoghq.com/api/v2/security/findings/assignee | | ap2.datadoghq.com | PATCH https://api.ap2.datadoghq.com/api/v2/security/findings/assignee | | app.datadoghq.eu | PATCH https://api.datadoghq.eu/api/v2/security/findings/assignee | | app.ddog-gov.com | PATCH https://api.ddog-gov.com/api/v2/security/findings/assignee | | us2.ddog-gov.com | PATCH https://api.us2.ddog-gov.com/api/v2/security/findings/assignee | | app.datadoghq.com | PATCH https://api.datadoghq.com/api/v2/security/findings/assignee | | us3.datadoghq.com | PATCH https://api.us3.datadoghq.com/api/v2/security/findings/assignee | | us5.datadoghq.com | PATCH https://api.us5.datadoghq.com/api/v2/security/findings/assignee | ### Overview Assign or unassign security findings. You can assign up to 100 security findings per request. Set `assignee_id` to the unique identifier of the Datadog user you want to assign the findings to. Omit `assignee_id` (or set it to `null`) to unassign the findings. Per-finding warnings and failures are returned in the response `meta` object. This endpoint requires any of the following permissions: `security_monitoring_findings_write``appsec_vm_write` ### Request #### Body Data (required) {% tab title="Model" %} | Parent field | Field | Type | Description | | ------------- | ------------------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | | | data [*required*] | object | Data of the assignee request. | | data | attributes | object | Attributes of the assignee request. | | attributes | assignee_id | string | Unique identifier of the Datadog user to assign the security findings to. If this field is not provided, the security findings are unassigned. | | data | id | string | Unique identifier of the assignee request. | | data | relationships [*required*] | object | Relationships of the assignee request. | | relationships | findings [*required*] | object | Security findings to assign or unassign. | | findings | data | [object] | Array of security finding data objects. | | data | id [*required*] | string | Unique identifier of the security finding. | | data | type [*required*] | enum | Security findings resource type. Allowed enum values: `findings` | | data | type [*required*] | enum | Assignee resource type. Allowed enum values: `assignee` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "assignee_id": "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0" }, "id": "00000000-0000-0000-0000-000000000001", "relationships": { "findings": { "data": [ { "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==", "type": "findings" } ] } }, "type": "assignee" } } ``` {% /tab %} ### Response {% tab title="202" %} Accepted {% tab title="Model" %} Response for the assign or unassign request. | Parent field | Field | Type | Description | | ------------ | ---------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------- | | | data [*required*] | object | Data of the assignee response. | | data | attributes [*required*] | object | Attributes of the assignee response. | | attributes | assignee_id | string | Unique identifier of the Datadog user assigned to the security findings. Omitted when the findings were unassigned. | | data | id [*required*] | string | Unique identifier of the assignee request. | | data | type [*required*] | enum | Assignee resource type. Allowed enum values: `assignee` | | | meta | object | Per-finding warnings and failures produced while processing the bulk assignee request. | | meta | failures | [object] | Findings that could not be assigned or unassigned. | | failures | detail [*required*] | string | Human-readable explanation of the outcome. | | failures | finding_id [*required*] | string | Unique identifier of the security finding. | | failures | status [*required*] | int32 | HTTP-like status code describing the outcome for this finding. | | failures | title [*required*] | string | Short label describing the outcome for this finding. | | meta | warnings | [object] | Findings for which the assignment succeeded but a non-critical error occurred during processing. | | warnings | detail [*required*] | string | Human-readable explanation of the outcome. | | warnings | finding_id [*required*] | string | Unique identifier of the security finding. | | warnings | status [*required*] | int32 | HTTP-like status code describing the outcome for this finding. | | warnings | title [*required*] | string | Short label describing the outcome for this finding. | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "assignee_id": "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0" }, "id": "00000000-0000-0000-0000-000000000001", "type": "assignee" }, "meta": { "failures": [ { "detail": "failed to update finding assignee", "finding_id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==", "status": 500, "title": "Internal Server Error" } ], "warnings": [ { "detail": "failed to update finding assignee", "finding_id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==", "status": 500, "title": "Internal Server Error" } ] } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="404" %} Not Found {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Curl command curl -X PATCH "https://api.datadoghq.com/api/v2/security/findings/assignee" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "assignee_id": "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0" }, "id": "00000000-0000-0000-0000-000000000001", "relationships": { "findings": { "data": [ { "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==", "type": "findings" } ] } }, "type": "assignee" } } EOF {% /tab %}