---
title: Assign or unassign security findings
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > API Reference > Security Monitoring
---

> For the complete documentation index, see [llms.txt](https://docs.datadoghq.com/llms.txt).

# Assign or unassign security findings{% #assign-or-unassign-security-findings %}
Copy pageCopied
{% tab title="v2" %}
**Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
| Datadog site      | API endpoint                                                          |
| ----------------- | --------------------------------------------------------------------- |
| ap1.datadoghq.com | PATCH https://api.ap1.datadoghq.com/api/v2/security/findings/assignee |
| ap2.datadoghq.com | PATCH https://api.ap2.datadoghq.com/api/v2/security/findings/assignee |
| app.datadoghq.eu  | PATCH https://api.datadoghq.eu/api/v2/security/findings/assignee      |
| app.ddog-gov.com  | PATCH https://api.ddog-gov.com/api/v2/security/findings/assignee      |
| us2.ddog-gov.com  | PATCH https://api.us2.ddog-gov.com/api/v2/security/findings/assignee  |
| uk1.datadoghq.com | PATCH https://api.uk1.datadoghq.com/api/v2/security/findings/assignee |
| app.datadoghq.com | PATCH https://api.datadoghq.com/api/v2/security/findings/assignee     |
| us3.datadoghq.com | PATCH https://api.us3.datadoghq.com/api/v2/security/findings/assignee |
| us5.datadoghq.com | PATCH https://api.us5.datadoghq.com/api/v2/security/findings/assignee |

### Overview

Assign or unassign security findings. You can assign up to 100 security findings per request. Set `assignee_id` to the unique identifier of the Datadog user you want to assign the findings to. Omit `assignee_id` (or set it to `null`) to unassign the findings. Per-finding warnings and failures are returned in the response `meta` object. This endpoint requires any of the following permissions:
`security_monitoring_findings_write``appsec_vm_write` 


### Request

#### Body Data (required)



{% tab title="Model" %}

| Parent field  | Field                           | Type     | Description                                                                                                                                    |
| ------------- | ------------------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------- |
|               | data [*required*]          | object   | Data of the assignee request.                                                                                                                  |
| data          | attributes                      | object   | Attributes of the assignee request.                                                                                                            |
| attributes    | assignee_id                     | string   | Unique identifier of the Datadog user to assign the security findings to. If this field is not provided, the security findings are unassigned. |
| data          | id                              | string   | Unique identifier of the assignee request.                                                                                                     |
| data          | relationships [*required*] | object   | Relationships of the assignee request.                                                                                                         |
| relationships | findings [*required*]      | object   | Security findings to assign or unassign.                                                                                                       |
| findings      | data                            | [object] | Array of security finding data objects.                                                                                                        |
| data          | id [*required*]            | string   | Unique identifier of the security finding.                                                                                                     |
| data          | type [*required*]          | enum     | Security findings resource type. Allowed enum values: `findings`                                                                               |
| data          | type [*required*]          | enum     | Assignee resource type. Allowed enum values: `assignee`                                                                                        |

{% /tab %}

{% tab title="Example" %}

```json
{
  "data": {
    "attributes": {
      "assignee_id": "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0"
    },
    "id": "00000000-0000-0000-0000-000000000001",
    "relationships": {
      "findings": {
        "data": [
          {
            "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
            "type": "findings"
          }
        ]
      }
    },
    "type": "assignee"
  }
}
```

{% /tab %}

### Response

{% tab title="202" %}
Accepted
{% tab title="Model" %}
Response for the assign or unassign request.

| Parent field | Field                        | Type     | Description                                                                                                         |
| ------------ | ---------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------- |
|              | data [*required*]       | object   | Data of the assignee response.                                                                                      |
| data         | attributes [*required*] | object   | Attributes of the assignee response.                                                                                |
| attributes   | assignee_id                  | string   | Unique identifier of the Datadog user assigned to the security findings. Omitted when the findings were unassigned. |
| data         | id [*required*]         | string   | Unique identifier of the assignee request.                                                                          |
| data         | type [*required*]       | enum     | Assignee resource type. Allowed enum values: `assignee`                                                             |
|              | meta                         | object   | Per-finding warnings and failures produced while processing the bulk assignee request.                              |
| meta         | failures                     | [object] | Findings that could not be assigned or unassigned.                                                                  |
| failures     | detail [*required*]     | string   | Human-readable explanation of the outcome.                                                                          |
| failures     | finding_id [*required*] | string   | Unique identifier of the security finding.                                                                          |
| failures     | status [*required*]     | int32    | HTTP-like status code describing the outcome for this finding.                                                      |
| failures     | title [*required*]      | string   | Short label describing the outcome for this finding.                                                                |
| meta         | warnings                     | [object] | Findings for which the assignment succeeded but a non-critical error occurred during processing.                    |
| warnings     | detail [*required*]     | string   | Human-readable explanation of the outcome.                                                                          |
| warnings     | finding_id [*required*] | string   | Unique identifier of the security finding.                                                                          |
| warnings     | status [*required*]     | int32    | HTTP-like status code describing the outcome for this finding.                                                      |
| warnings     | title [*required*]      | string   | Short label describing the outcome for this finding.                                                                |

{% /tab %}

{% tab title="Example" %}

```json
{
  "data": {
    "attributes": {
      "assignee_id": "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0"
    },
    "id": "00000000-0000-0000-0000-000000000001",
    "type": "assignee"
  },
  "meta": {
    "failures": [
      {
        "detail": "failed to update finding assignee",
        "finding_id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
        "status": 500,
        "title": "Internal Server Error"
      }
    ],
    "warnings": [
      {
        "detail": "failed to update finding assignee",
        "finding_id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
        "status": 500,
        "title": "Internal Server Error"
      }
    ]
  }
}
```

{% /tab %}

{% /tab %}

{% tab title="400" %}
Bad Request
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="404" %}
Not Found
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="429" %}
Too many requests
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

### Code Example

##### 
                  \## default
# 
 \# Curl command curl -X PATCH "https://api.datadoghq.com/api/v2/security/findings/assignee" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "assignee_id": "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0"
    },
    "id": "00000000-0000-0000-0000-000000000001",
    "relationships": {
      "findings": {
        "data": [
          {
            "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
            "type": "findings"
          }
        ]
      }
    },
    "type": "assignee"
  }
}
EOF 
                
##### 

```python
"""
Assign or unassign security findings returns "Accepted" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.assignee_data_type import AssigneeDataType
from datadog_api_client.v2.model.assignee_request import AssigneeRequest
from datadog_api_client.v2.model.assignee_request_data import AssigneeRequestData
from datadog_api_client.v2.model.assignee_request_data_attributes import AssigneeRequestDataAttributes
from datadog_api_client.v2.model.assignee_request_data_relationships import AssigneeRequestDataRelationships
from datadog_api_client.v2.model.finding_data import FindingData
from datadog_api_client.v2.model.finding_data_type import FindingDataType
from datadog_api_client.v2.model.findings import Findings

body = AssigneeRequest(
    data=AssigneeRequestData(
        attributes=AssigneeRequestDataAttributes(
            assignee_id="f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0",
        ),
        id="00000000-0000-0000-0000-000000000001",
        relationships=AssigneeRequestDataRelationships(
            findings=Findings(
                data=[
                    FindingData(
                        id="ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
                        type=FindingDataType.FINDINGS,
                    ),
                ],
            ),
        ),
        type=AssigneeDataType.ASSIGNEE,
    ),
)

configuration = Configuration()
configuration.unstable_operations["update_findings_assignee"] = True
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.update_findings_assignee(body=body)

    print(response)
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
##### 

```ruby
# Assign or unassign security findings returns "Accepted" response

require "datadog_api_client"
DatadogAPIClient.configure do |config|
  config.unstable_operations["v2.update_findings_assignee".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::AssigneeRequest.new({
  data: DatadogAPIClient::V2::AssigneeRequestData.new({
    attributes: DatadogAPIClient::V2::AssigneeRequestDataAttributes.new({
      assignee_id: "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0",
    }),
    id: "00000000-0000-0000-0000-000000000001",
    relationships: DatadogAPIClient::V2::AssigneeRequestDataRelationships.new({
      findings: DatadogAPIClient::V2::Findings.new({
        data: [
          DatadogAPIClient::V2::FindingData.new({
            id: "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
            type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
          }),
        ],
      }),
    }),
    type: DatadogAPIClient::V2::AssigneeDataType::ASSIGNEE,
  }),
})
p api_instance.update_findings_assignee(body)
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
##### 

```go
// Assign or unassign security findings returns "Accepted" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.AssigneeRequest{
		Data: datadogV2.AssigneeRequestData{
			Attributes: &datadogV2.AssigneeRequestDataAttributes{
				AssigneeId: datadog.PtrString("f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0"),
			},
			Id: datadog.PtrString("00000000-0000-0000-0000-000000000001"),
			Relationships: datadogV2.AssigneeRequestDataRelationships{
				Findings: datadogV2.Findings{
					Data: []datadogV2.FindingData{
						{
							Id:   "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
							Type: datadogV2.FINDINGDATATYPE_FINDINGS,
						},
					},
				},
			},
			Type: datadogV2.ASSIGNEEDATATYPE_ASSIGNEE,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	configuration.SetUnstableOperationEnabled("v2.UpdateFindingsAssignee", true)
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.UpdateFindingsAssignee(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.UpdateFindingsAssignee`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.UpdateFindingsAssignee`:\n%s\n", responseContent)
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
##### 

```java
// Assign or unassign security findings returns "Accepted" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.AssigneeDataType;
import com.datadog.api.client.v2.model.AssigneeRequest;
import com.datadog.api.client.v2.model.AssigneeRequestData;
import com.datadog.api.client.v2.model.AssigneeRequestDataAttributes;
import com.datadog.api.client.v2.model.AssigneeRequestDataRelationships;
import com.datadog.api.client.v2.model.AssigneeResponse;
import com.datadog.api.client.v2.model.FindingData;
import com.datadog.api.client.v2.model.FindingDataType;
import com.datadog.api.client.v2.model.Findings;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    defaultClient.setUnstableOperationEnabled("v2.updateFindingsAssignee", true);
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    AssigneeRequest body =
        new AssigneeRequest()
            .data(
                new AssigneeRequestData()
                    .attributes(
                        new AssigneeRequestDataAttributes()
                            .assigneeId("f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0"))
                    .id("00000000-0000-0000-0000-000000000001")
                    .relationships(
                        new AssigneeRequestDataRelationships()
                            .findings(
                                new Findings()
                                    .data(
                                        Collections.singletonList(
                                            new FindingData()
                                                .id("ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==")
                                                .type(FindingDataType.FINDINGS)))))
                    .type(AssigneeDataType.ASSIGNEE));

    try {
      AssigneeResponse result = apiInstance.updateFindingsAssignee(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#updateFindingsAssignee");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
##### 

```rust
// Assign or unassign security findings returns "Accepted" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::AssigneeDataType;
use datadog_api_client::datadogV2::model::AssigneeRequest;
use datadog_api_client::datadogV2::model::AssigneeRequestData;
use datadog_api_client::datadogV2::model::AssigneeRequestDataAttributes;
use datadog_api_client::datadogV2::model::AssigneeRequestDataRelationships;
use datadog_api_client::datadogV2::model::FindingData;
use datadog_api_client::datadogV2::model::FindingDataType;
use datadog_api_client::datadogV2::model::Findings;

#[tokio::main]
async fn main() {
    let body = AssigneeRequest::new(
        AssigneeRequestData::new(
            AssigneeRequestDataRelationships::new(Findings::new().data(vec![FindingData::new(
                "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==".to_string(),
                FindingDataType::FINDINGS,
            )])),
            AssigneeDataType::ASSIGNEE,
        )
        .attributes(
            AssigneeRequestDataAttributes::new()
                .assignee_id("f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0".to_string()),
        )
        .id("00000000-0000-0000-0000-000000000001".to_string()),
    );
    let mut configuration = datadog::Configuration::new();
    configuration.set_unstable_operation_enabled("v2.UpdateFindingsAssignee", true);
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.update_findings_assignee(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
##### 

```typescript
/**
 * Assign or unassign security findings returns "Accepted" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
configuration.unstableOperations["v2.updateFindingsAssignee"] = true;
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiUpdateFindingsAssigneeRequest = {
  body: {
    data: {
      attributes: {
        assigneeId: "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0",
      },
      id: "00000000-0000-0000-0000-000000000001",
      relationships: {
        findings: {
          data: [
            {
              id: "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
              type: "findings",
            },
          ],
        },
      },
      type: "assignee",
    },
  },
};

apiInstance
  .updateFindingsAssignee(params)
  .then((data: v2.AssigneeResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"
{% /tab %}
