--- title: Bulk export security monitoring rules description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Security Monitoring --- # Bulk export security monitoring rules{% #bulk-export-security-monitoring-rules %} Copy pageCopied {% tab title="v2" %} | Datadog site | API endpoint | | ----------------- | ------------------------------------------------------------------------------- | | ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/rules/bulk_export | | ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/security_monitoring/rules/bulk_export | | app.datadoghq.eu | POST https://api.datadoghq.eu/api/v2/security_monitoring/rules/bulk_export | | app.ddog-gov.com | POST https://api.ddog-gov.com/api/v2/security_monitoring/rules/bulk_export | | us2.ddog-gov.com | POST https://api.us2.ddog-gov.com/api/v2/security_monitoring/rules/bulk_export | | app.datadoghq.com | POST https://api.datadoghq.com/api/v2/security_monitoring/rules/bulk_export | | us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/security_monitoring/rules/bulk_export | | us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/security_monitoring/rules/bulk_export | ### Overview Export a list of security monitoring rules as a ZIP file containing JSON rule definitions. The endpoint accepts a list of rule IDs and returns a ZIP archive where each rule is saved as a separate JSON file named after the rule. This endpoint requires the `security_monitoring_rules_read` permission. OAuth apps require the `security_monitoring_rules_read` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#security-monitoring) to access this endpoint. ### Request #### Body Data (required) {% tab title="Model" %} | Parent field | Field | Type | Description | | ------------ | ---------------------------- | -------- | --------------------------------------------------------------------------------------------------------- | | | data [*required*] | object | Data for bulk exporting security monitoring rules. | | data | attributes [*required*] | object | Attributes for bulk exporting security monitoring rules. | | attributes | ruleIds [*required*] | [string] | List of rule IDs to export. Each rule will be included in the resulting ZIP file as a separate JSON file. | | data | id | string | Request ID. | | data | type [*required*] | enum | The type of the resource. Allowed enum values: `security_monitoring_rules_bulk_export` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "ruleIds": [ "string" ] }, "type": "security_monitoring_rules_bulk_export" } } ``` {% /tab %} ### Response {% tab title="200" %} OK {% tab title="Model" %} | Field | Type | Description | | ----- | ---- | ----------- | {% /tab %} {% tab title="Example" %} ```json {} ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Not Authorized {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="404" %} Not Found {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/security_monitoring/rules/bulk_export" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "ruleIds": [ "def-000-u7q", "def-000-7dd" ] }, "id": "bulk_export", "type": "security_monitoring_rules_bulk_export" } } EOF ##### ```go // Bulk export security monitoring rules returns "OK" response package main import ( "context" "fmt" "io/ioutil" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { // there is a valid "security_rule" in the system SecurityRuleID := os.Getenv("SECURITY_RULE_ID") body := datadogV2.SecurityMonitoringRuleBulkExportPayload{ Data: datadogV2.SecurityMonitoringRuleBulkExportData{ Attributes: datadogV2.SecurityMonitoringRuleBulkExportAttributes{ RuleIds: []string{ SecurityRuleID, }, }, Type: datadogV2.SECURITYMONITORINGRULEBULKEXPORTDATATYPE_SECURITY_MONITORING_RULES_BULK_EXPORT, }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewSecurityMonitoringApi(apiClient) resp, r, err := api.BulkExportSecurityMonitoringRules(ctx, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.BulkExportSecurityMonitoringRules`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := ioutil.ReadAll(resp) fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.BulkExportSecurityMonitoringRules`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Bulk export security monitoring rules returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.SecurityMonitoringApi; import com.datadog.api.client.v2.model.SecurityMonitoringRuleBulkExportAttributes; import com.datadog.api.client.v2.model.SecurityMonitoringRuleBulkExportData; import com.datadog.api.client.v2.model.SecurityMonitoringRuleBulkExportDataType; import com.datadog.api.client.v2.model.SecurityMonitoringRuleBulkExportPayload; import java.io.File; import java.util.Collections; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); // there is a valid "security_rule" in the system String SECURITY_RULE_ID = System.getenv("SECURITY_RULE_ID"); SecurityMonitoringRuleBulkExportPayload body = new SecurityMonitoringRuleBulkExportPayload() .data( new SecurityMonitoringRuleBulkExportData() .attributes( new SecurityMonitoringRuleBulkExportAttributes() .ruleIds(Collections.singletonList(SECURITY_RULE_ID))) .type( SecurityMonitoringRuleBulkExportDataType .SECURITY_MONITORING_RULES_BULK_EXPORT)); try { File result = apiInstance.bulkExportSecurityMonitoringRules(body); System.out.println(result); } catch (ApiException e) { System.err.println( "Exception when calling SecurityMonitoringApi#bulkExportSecurityMonitoringRules"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```python """ Bulk export security monitoring rules returns "OK" response """ from os import environ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi from datadog_api_client.v2.model.security_monitoring_rule_bulk_export_attributes import ( SecurityMonitoringRuleBulkExportAttributes, ) from datadog_api_client.v2.model.security_monitoring_rule_bulk_export_data import SecurityMonitoringRuleBulkExportData from datadog_api_client.v2.model.security_monitoring_rule_bulk_export_data_type import ( SecurityMonitoringRuleBulkExportDataType, ) from datadog_api_client.v2.model.security_monitoring_rule_bulk_export_payload import ( SecurityMonitoringRuleBulkExportPayload, ) # there is a valid "security_rule" in the system SECURITY_RULE_ID = environ["SECURITY_RULE_ID"] body = SecurityMonitoringRuleBulkExportPayload( data=SecurityMonitoringRuleBulkExportData( attributes=SecurityMonitoringRuleBulkExportAttributes( rule_ids=[ SECURITY_RULE_ID, ], ), type=SecurityMonitoringRuleBulkExportDataType.SECURITY_MONITORING_RULES_BULK_EXPORT, ), ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) response = api_instance.bulk_export_security_monitoring_rules(body=body) print(response.read()) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Bulk export security monitoring rules returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new # there is a valid "security_rule" in the system SECURITY_RULE_ID = ENV["SECURITY_RULE_ID"] body = DatadogAPIClient::V2::SecurityMonitoringRuleBulkExportPayload.new({ data: DatadogAPIClient::V2::SecurityMonitoringRuleBulkExportData.new({ attributes: DatadogAPIClient::V2::SecurityMonitoringRuleBulkExportAttributes.new({ rule_ids: [ SECURITY_RULE_ID, ], }), type: DatadogAPIClient::V2::SecurityMonitoringRuleBulkExportDataType::SECURITY_MONITORING_RULES_BULK_EXPORT, }), }) p api_instance.bulk_export_security_monitoring_rules(body) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```rust // Bulk export security monitoring rules returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI; use datadog_api_client::datadogV2::model::SecurityMonitoringRuleBulkExportAttributes; use datadog_api_client::datadogV2::model::SecurityMonitoringRuleBulkExportData; use datadog_api_client::datadogV2::model::SecurityMonitoringRuleBulkExportDataType; use datadog_api_client::datadogV2::model::SecurityMonitoringRuleBulkExportPayload; #[tokio::main] async fn main() { // there is a valid "security_rule" in the system let security_rule_id = std::env::var("SECURITY_RULE_ID").unwrap(); let body = SecurityMonitoringRuleBulkExportPayload::new(SecurityMonitoringRuleBulkExportData::new( SecurityMonitoringRuleBulkExportAttributes::new(vec![security_rule_id.clone()]), SecurityMonitoringRuleBulkExportDataType::SECURITY_MONITORING_RULES_BULK_EXPORT, )); let configuration = datadog::Configuration::new(); let api = SecurityMonitoringAPI::with_config(configuration); let resp = api.bulk_export_security_monitoring_rules(body).await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Bulk export security monitoring rules returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.SecurityMonitoringApi(configuration); // there is a valid "security_rule" in the system const SECURITY_RULE_ID = process.env.SECURITY_RULE_ID as string; const params: v2.SecurityMonitoringApiBulkExportSecurityMonitoringRulesRequest = { body: { data: { attributes: { ruleIds: [SECURITY_RULE_ID], }, type: "security_monitoring_rules_bulk_export", }, }, }; apiInstance .bulkExportSecurityMonitoringRules(params) .then((data: client.HttpFile) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}