Bulk export security monitoring rules

v2 (latest)

POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/rules/bulk_exporthttps://api.ap2.datadoghq.com/api/v2/security_monitoring/rules/bulk_exporthttps://api.datadoghq.eu/api/v2/security_monitoring/rules/bulk_exporthttps://api.ddog-gov.com/api/v2/security_monitoring/rules/bulk_exporthttps://api.us2.ddog-gov.com/api/v2/security_monitoring/rules/bulk_exporthttps://api.datadoghq.com/api/v2/security_monitoring/rules/bulk_exporthttps://api.us3.datadoghq.com/api/v2/security_monitoring/rules/bulk_exporthttps://api.us5.datadoghq.com/api/v2/security_monitoring/rules/bulk_export

Overview

Export a list of security monitoring rules as a ZIP file containing JSON rule definitions. The endpoint accepts a list of rule IDs and returns a ZIP archive where each rule is saved as a separate JSON file named after the rule. This endpoint requires the security_monitoring_rules_read permission.

OAuth apps require the security_monitoring_rules_read authorization scope to access this endpoint.

Request

Body Data (required)

Expand All

Field

Type

Description

data [required]

object

Data for bulk exporting security monitoring rules.

{
  "data": {
    "attributes": {
      "ruleIds": [
        "string"
      ]
    },
    "type": "security_monitoring_rules_bulk_export"
  }
}

Response

{}

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                          ## default
# 

# Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/rules/bulk_export" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "ruleIds": [
        "def-000-u7q",
        "def-000-7dd"
      ]
    },
    "id": "bulk_export",
    "type": "security_monitoring_rules_bulk_export"
  }
}
EOF

                        

// Bulk export security monitoring rules returns "OK" response

package main

import (
	"context"
	"fmt"
	"io/ioutil"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "security_rule" in the system
	SecurityRuleID := os.Getenv("SECURITY_RULE_ID")

	body := datadogV2.SecurityMonitoringRuleBulkExportPayload{
		Data: datadogV2.SecurityMonitoringRuleBulkExportData{
			Attributes: datadogV2.SecurityMonitoringRuleBulkExportAttributes{
				RuleIds: []string{
					SecurityRuleID,
				},
			},
			Type: datadogV2.SECURITYMONITORINGRULEBULKEXPORTDATATYPE_SECURITY_MONITORING_RULES_BULK_EXPORT,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.BulkExportSecurityMonitoringRules(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.BulkExportSecurityMonitoringRules`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := ioutil.ReadAll(resp)
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.BulkExportSecurityMonitoringRules`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"

// Bulk export security monitoring rules returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleBulkExportAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleBulkExportData;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleBulkExportDataType;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleBulkExportPayload;
import java.io.File;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "security_rule" in the system
    String SECURITY_RULE_ID = System.getenv("SECURITY_RULE_ID");

    SecurityMonitoringRuleBulkExportPayload body =
        new SecurityMonitoringRuleBulkExportPayload()
            .data(
                new SecurityMonitoringRuleBulkExportData()
                    .attributes(
                        new SecurityMonitoringRuleBulkExportAttributes()
                            .ruleIds(Collections.singletonList(SECURITY_RULE_ID)))
                    .type(
                        SecurityMonitoringRuleBulkExportDataType
                            .SECURITY_MONITORING_RULES_BULK_EXPORT));

    try {
      File result = apiInstance.bulkExportSecurityMonitoringRules(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#bulkExportSecurityMonitoringRules");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"

"""
Bulk export security monitoring rules returns "OK" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_rule_bulk_export_attributes import (
    SecurityMonitoringRuleBulkExportAttributes,
)
from datadog_api_client.v2.model.security_monitoring_rule_bulk_export_data import SecurityMonitoringRuleBulkExportData
from datadog_api_client.v2.model.security_monitoring_rule_bulk_export_data_type import (
    SecurityMonitoringRuleBulkExportDataType,
)
from datadog_api_client.v2.model.security_monitoring_rule_bulk_export_payload import (
    SecurityMonitoringRuleBulkExportPayload,
)

# there is a valid "security_rule" in the system
SECURITY_RULE_ID = environ["SECURITY_RULE_ID"]

body = SecurityMonitoringRuleBulkExportPayload(
    data=SecurityMonitoringRuleBulkExportData(
        attributes=SecurityMonitoringRuleBulkExportAttributes(
            rule_ids=[
                SECURITY_RULE_ID,
            ],
        ),
        type=SecurityMonitoringRuleBulkExportDataType.SECURITY_MONITORING_RULES_BULK_EXPORT,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.bulk_export_security_monitoring_rules(body=body)

    print(response.read())

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"

# Bulk export security monitoring rules returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "security_rule" in the system
SECURITY_RULE_ID = ENV["SECURITY_RULE_ID"]

body = DatadogAPIClient::V2::SecurityMonitoringRuleBulkExportPayload.new({
  data: DatadogAPIClient::V2::SecurityMonitoringRuleBulkExportData.new({
    attributes: DatadogAPIClient::V2::SecurityMonitoringRuleBulkExportAttributes.new({
      rule_ids: [
        SECURITY_RULE_ID,
      ],
    }),
    type: DatadogAPIClient::V2::SecurityMonitoringRuleBulkExportDataType::SECURITY_MONITORING_RULES_BULK_EXPORT,
  }),
})
p api_instance.bulk_export_security_monitoring_rules(body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"

// Bulk export security monitoring rules returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringRuleBulkExportAttributes;
use datadog_api_client::datadogV2::model::SecurityMonitoringRuleBulkExportData;
use datadog_api_client::datadogV2::model::SecurityMonitoringRuleBulkExportDataType;
use datadog_api_client::datadogV2::model::SecurityMonitoringRuleBulkExportPayload;

#[tokio::main]
async fn main() {
    // there is a valid "security_rule" in the system
    let security_rule_id = std::env::var("SECURITY_RULE_ID").unwrap();
    let body =
        SecurityMonitoringRuleBulkExportPayload::new(SecurityMonitoringRuleBulkExportData::new(
            SecurityMonitoringRuleBulkExportAttributes::new(vec![security_rule_id.clone()]),
            SecurityMonitoringRuleBulkExportDataType::SECURITY_MONITORING_RULES_BULK_EXPORT,
        ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.bulk_export_security_monitoring_rules(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run

/**
 * Bulk export security monitoring rules returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "security_rule" in the system
const SECURITY_RULE_ID = process.env.SECURITY_RULE_ID as string;

const params: v2.SecurityMonitoringApiBulkExportSecurityMonitoringRulesRequest =
  {
    body: {
      data: {
        attributes: {
          ruleIds: [SECURITY_RULE_ID],
        },
        type: "security_monitoring_rules_bulk_export",
      },
    },
  };

apiInstance
  .bulkExportSecurityMonitoringRules(params)
  .then((data: client.HttpFile) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

Bulk export security monitoring rules

Overview

Request

Body Data (required)

Response

Code Example

Bulk export security monitoring rules returns "OK" response

Bulk export security monitoring rules returns "OK" response

Instructions

Bulk export security monitoring rules returns "OK" response

Instructions

Bulk export security monitoring rules returns "OK" response

Instructions

Bulk export security monitoring rules returns "OK" response

Instructions

Bulk export security monitoring rules returns "OK" response

Instructions

Bulk export security monitoring rules returns "OK" response

Instructions

How can I help you today?