PATCH https://api.ap1.datadoghq.com/api/v2/security_monitoring/signals/bulk/update https://api.ap2.datadoghq.com/api/v2/security_monitoring/signals/bulk/update https://api.datadoghq.eu/api/v2/security_monitoring/signals/bulk/update https://api.ddog-gov.com/api/v2/security_monitoring/signals/bulk/update https://api.us2.ddog-gov.com/api/v2/security_monitoring/signals/bulk/update https://api.datadoghq.com/api/v2/security_monitoring/signals/bulk/update https://api.us3.datadoghq.com/api/v2/security_monitoring/signals/bulk/update https://api.us5.datadoghq.com/api/v2/security_monitoring/signals/bulk/update
Overview Update the triage state or assignee of multiple security signals at once.
The maximum number of signals that can be updated in a single request is 199.
This endpoint requires the security_monitoring_signals_write permission.
Request Body Data (required) Attributes describing the signal updates.
Expand All
An array of signal updates.
Attributes for updating the triage state or assignee of a security signal.
Optional comment to display on archived signals.
Reason a signal is archived.
Allowed enum values: none,false_positive,testing_or_maintenance,remediated,investigated_case_opened,true_positive_benign,true_positive_malicious,other
Object representing a given user entity.
The handle for this user account.
Gravatar icon associated to the user.
Numerical ID assigned by Datadog to this user account.
The name for this user account.
UUID assigned by Datadog to this user account.
The new triage state of the signal.
Allowed enum values: open,archived,under_review
Version of the updated signal. If server side version is higher, update will be rejected.
The unique ID of the security signal.
The type of event.
Allowed enum values: signal
default: signal
{
"data" : [
{
"attributes" : {
"archive_comment" : "string" ,
"archive_reason" : "string" ,
"assignee" : {
"handle" : "string" ,
"id" : "integer" ,
"name" : "string" ,
"uuid" : "773b045d-ccf8-4808-bd3b-955ef6a8c940"
},
"state" : "open" ,
"version" : "integer"
},
"id" : "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA" ,
"type" : "signal"
}
]
} Response OK
Response for a bulk triage update of security signals.
Expand All
The result payload of a bulk signal triage update.
The number of signals updated.
The list of updated signals.
Triage attributes of a security signal returned in a bulk update response.
Optional comment to display on archived signals.
archive_comment_timestamp
Timestamp of the last edit to the archive comment.
Object representing a given user entity.
The handle for this user account.
Gravatar icon associated to the user.
Numerical ID assigned by Datadog to this user account.
The name for this user account.
UUID assigned by Datadog to this user account.
Reason a signal is archived.
Allowed enum values: none,false_positive,testing_or_maintenance,remediated,investigated_case_opened,true_positive_benign,true_positive_malicious,other
Object representing a given user entity.
The handle for this user account.
Gravatar icon associated to the user.
Numerical ID assigned by Datadog to this user account.
The name for this user account.
UUID assigned by Datadog to this user account.
The unique ID of the security signal.
Array of incidents that are associated with this signal.
The new triage state of the signal.
Allowed enum values: open,archived,under_review
Timestamp of the last state update.
Object representing a given user entity.
The handle for this user account.
Gravatar icon associated to the user.
Numerical ID assigned by Datadog to this user account.
The name for this user account.
UUID assigned by Datadog to this user account.
The unique ID of the security signal.
The status of the bulk operation.
The type of the response.
{
"result" : {
"count" : 2 ,
"events" : [
{
"event" : {
"archive_comment" : "string" ,
"archive_comment_timestamp" : "integer" ,
"archive_comment_user" : {
"handle" : "string" ,
"icon" : "/path/to/matching/gravatar/icon" ,
"id" : "integer" ,
"name" : "string" ,
"uuid" : "773b045d-ccf8-4808-bd3b-955ef6a8c940"
},
"archive_reason" : "string" ,
"assignee" : {
"handle" : "string" ,
"icon" : "/path/to/matching/gravatar/icon" ,
"id" : "integer" ,
"name" : "string" ,
"uuid" : "773b045d-ccf8-4808-bd3b-955ef6a8c940"
},
"id" : "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA" ,
"incident_ids" : [
2066
],
"state" : "open" ,
"state_update_timestamp" : "integer" ,
"state_update_user" : {
"handle" : "string" ,
"icon" : "/path/to/matching/gravatar/icon" ,
"id" : "integer" ,
"name" : "string" ,
"uuid" : "773b045d-ccf8-4808-bd3b-955ef6a8c940"
}
},
"id" : "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA"
}
]
},
"status" : "done" ,
"type" : "status"
} Bad Request
API error response.
Expand All
A human-readable explanation specific to this occurrence of the error.
Non-standard meta-information about the error
References to the source of the error.
A string indicating the name of a single request header which caused the error.
A string indicating which URI query parameter caused the error.
A JSON pointer to the value in the request document that caused the error.
Status code of the response.
Short human-readable summary of the error.
{
"errors" : [
{
"detail" : "Missing required attribute in body" ,
"meta" : {},
"source" : {
"header" : "Authorization" ,
"parameter" : "limit" ,
"pointer" : "/data/attributes/title"
},
"status" : "400" ,
"title" : "Bad Request"
}
]
} Forbidden
API error response.
Expand All
A human-readable explanation specific to this occurrence of the error.
Non-standard meta-information about the error
References to the source of the error.
A string indicating the name of a single request header which caused the error.
A string indicating which URI query parameter caused the error.
A JSON pointer to the value in the request document that caused the error.
Status code of the response.
Short human-readable summary of the error.
{
"errors" : [
{
"detail" : "Missing required attribute in body" ,
"meta" : {},
"source" : {
"header" : "Authorization" ,
"parameter" : "limit" ,
"pointer" : "/data/attributes/title"
},
"status" : "400" ,
"title" : "Bad Request"
}
]
} Too many requests
{
"errors" : [
"Bad Request"
]
} Code Example Copy
## default
#
# Curl command curl -X PATCH "https://api.ap1.datadoghq.com "https://api.ap2.datadoghq.com "https://api.datadoghq.eu "https://api.ddog-gov.com "https://api.us2.ddog-gov.com "https://api.datadoghq.com "https://api.us3.datadoghq.com "https://api.us5.datadoghq.com /api/v2/security_monitoring/signals/bulk/update " \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY} " \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY} " \
-d @- << EOF
{
"data": [
{
"attributes": {
"archive_reason": "none",
"state": "archived"
},
"id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA",
"type": "signal"
}
]
}
EOF
"""
Bulk update security signals returns "OK" response
"""
from datadog_api_client import ApiClient , Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_signal_archive_reason import SecurityMonitoringSignalArchiveReason
from datadog_api_client.v2.model.security_monitoring_signal_state import SecurityMonitoringSignalState
from datadog_api_client.v2.model.security_monitoring_signal_type import SecurityMonitoringSignalType
from datadog_api_client.v2.model.security_monitoring_signal_update_attributes import (
SecurityMonitoringSignalUpdateAttributes ,
)
from datadog_api_client.v2.model.security_monitoring_signals_bulk_update_data import (
SecurityMonitoringSignalsBulkUpdateData ,
)
from datadog_api_client.v2.model.security_monitoring_signals_bulk_update_request import (
SecurityMonitoringSignalsBulkUpdateRequest ,
)
from datadog_api_client.v2.model.security_monitoring_triage_user import SecurityMonitoringTriageUser
body = SecurityMonitoringSignalsBulkUpdateRequest (
data = [
SecurityMonitoringSignalsBulkUpdateData (
attributes = SecurityMonitoringSignalUpdateAttributes (
archive_reason = SecurityMonitoringSignalArchiveReason . NONE ,
assignee = SecurityMonitoringTriageUser (
uuid = "773b045d-ccf8-4808-bd3b-955ef6a8c940" ,
),
state = SecurityMonitoringSignalState . OPEN ,
),
id = "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA" ,
type = SecurityMonitoringSignalType . SIGNAL ,
),
],
)
configuration = Configuration ()
with ApiClient ( configuration ) as api_client :
api_instance = SecurityMonitoringApi ( api_client )
response = api_instance . bulk_edit_security_monitoring_signals ( body = body )
print ( response )
Instructions First install the library and its dependencies and then save the example to example.py and run following commands:
DD_SITE = "datadoghq.com us3.datadoghq.com us5.datadoghq.com datadoghq.eu ap1.datadoghq.com ap2.datadoghq.com ddog-gov.com us2.ddog-gov.com " DD_API_KEY = "<DD_API_KEY>" DD_APP_KEY = "<DD_APP_KEY>" python3 "example.py"
# Bulk update security signals returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient :: V2 :: SecurityMonitoringAPI . new
body = DatadogAPIClient :: V2 :: SecurityMonitoringSignalsBulkUpdateRequest . new ({
data : [
DatadogAPIClient :: V2 :: SecurityMonitoringSignalsBulkUpdateData . new ({
attributes : DatadogAPIClient :: V2 :: SecurityMonitoringSignalUpdateAttributes . new ({
archive_reason : DatadogAPIClient :: V2 :: SecurityMonitoringSignalArchiveReason :: NONE ,
assignee : DatadogAPIClient :: V2 :: SecurityMonitoringTriageUser . new ({
uuid : "773b045d-ccf8-4808-bd3b-955ef6a8c940" ,
}),
state : DatadogAPIClient :: V2 :: SecurityMonitoringSignalState :: OPEN ,
}),
id : "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA" ,
type : DatadogAPIClient :: V2 :: SecurityMonitoringSignalType :: SIGNAL ,
}),
] ,
})
p api_instance . bulk_edit_security_monitoring_signals ( body )
Instructions First install the library and its dependencies and then save the example to example.rb and run following commands:
DD_SITE = "datadoghq.com us3.datadoghq.com us5.datadoghq.com datadoghq.eu ap1.datadoghq.com ap2.datadoghq.com ddog-gov.com us2.ddog-gov.com " DD_API_KEY = "<DD_API_KEY>" DD_APP_KEY = "<DD_APP_KEY>" rb "example.rb"
// Bulk update security signals returns "OK" response
package main
import (
"context"
"encoding/json"
"fmt"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main () {
body := datadogV2 . SecurityMonitoringSignalsBulkUpdateRequest {
Data : [] datadogV2 . SecurityMonitoringSignalsBulkUpdateData {
{
Attributes : datadogV2 . SecurityMonitoringSignalUpdateAttributes {
ArchiveReason : datadogV2 . SECURITYMONITORINGSIGNALARCHIVEREASON_NONE . Ptr (),
Assignee : & datadogV2 . SecurityMonitoringTriageUser {
Uuid : "773b045d-ccf8-4808-bd3b-955ef6a8c940" ,
},
State : datadogV2 . SECURITYMONITORINGSIGNALSTATE_OPEN . Ptr (),
},
Id : "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA" ,
Type : datadogV2 . SECURITYMONITORINGSIGNALTYPE_SIGNAL . Ptr (),
},
},
}
ctx := datadog . NewDefaultContext ( context . Background ())
configuration := datadog . NewConfiguration ()
apiClient := datadog . NewAPIClient ( configuration )
api := datadogV2 . NewSecurityMonitoringApi ( apiClient )
resp , r , err := api . BulkEditSecurityMonitoringSignals ( ctx , body )
if err != nil {
fmt . Fprintf ( os . Stderr , "Error when calling `SecurityMonitoringApi.BulkEditSecurityMonitoringSignals`: %v\n" , err )
fmt . Fprintf ( os . Stderr , "Full HTTP response: %v\n" , r )
}
responseContent , _ := json . MarshalIndent ( resp , "" , " " )
fmt . Fprintf ( os . Stdout , "Response from `SecurityMonitoringApi.BulkEditSecurityMonitoringSignals`:\n%s\n" , responseContent )
}
Instructions First install the library and its dependencies and then save the example to main.go and run following commands:
DD_SITE = "datadoghq.com us3.datadoghq.com us5.datadoghq.com datadoghq.eu ap1.datadoghq.com ap2.datadoghq.com ddog-gov.com us2.ddog-gov.com " DD_API_KEY = "<DD_API_KEY>" DD_APP_KEY = "<DD_APP_KEY>" go run "main.go"
// Bulk update security signals returns "OK" response
import com.datadog.api.client.ApiClient ;
import com.datadog.api.client.ApiException ;
import com.datadog.api.client.v2.api.SecurityMonitoringApi ;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalArchiveReason ;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalState ;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalType ;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalUpdateAttributes ;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalsBulkTriageUpdateResponse ;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalsBulkUpdateData ;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalsBulkUpdateRequest ;
import com.datadog.api.client.v2.model.SecurityMonitoringTriageUser ;
import java.util.Collections ;
public class Example {
public static void main ( String [] args ) {
ApiClient defaultClient = ApiClient . getDefaultApiClient ();
SecurityMonitoringApi apiInstance = new SecurityMonitoringApi ( defaultClient );
SecurityMonitoringSignalsBulkUpdateRequest body =
new SecurityMonitoringSignalsBulkUpdateRequest ()
. data (
Collections . singletonList (
new SecurityMonitoringSignalsBulkUpdateData ()
. attributes (
new SecurityMonitoringSignalUpdateAttributes ()
. archiveReason ( SecurityMonitoringSignalArchiveReason . NONE )
. assignee (
new SecurityMonitoringTriageUser ()
. uuid ( "773b045d-ccf8-4808-bd3b-955ef6a8c940" ))
. state ( SecurityMonitoringSignalState . OPEN ))
. id ( "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA" )
. type ( SecurityMonitoringSignalType . SIGNAL )));
try {
SecurityMonitoringSignalsBulkTriageUpdateResponse result =
apiInstance . bulkEditSecurityMonitoringSignals ( body );
System . out . println ( result );
} catch ( ApiException e ) {
System . err . println (
"Exception when calling SecurityMonitoringApi#bulkEditSecurityMonitoringSignals" );
System . err . println ( "Status code: " + e . getCode ());
System . err . println ( "Reason: " + e . getResponseBody ());
System . err . println ( "Response headers: " + e . getResponseHeaders ());
e . printStackTrace ();
}
}
}
Instructions First install the library and its dependencies and then save the example to Example.java and run following commands:
DD_SITE = "datadoghq.com us3.datadoghq.com us5.datadoghq.com datadoghq.eu ap1.datadoghq.com ap2.datadoghq.com ddog-gov.com us2.ddog-gov.com " DD_API_KEY = "<DD_API_KEY>" DD_APP_KEY = "<DD_APP_KEY>" java "Example.java"
// Bulk update security signals returns "OK" response
use datadog_api_client ::datadog ;
use datadog_api_client ::datadogV2 ::api_security_monitoring ::SecurityMonitoringAPI ;
use datadog_api_client ::datadogV2 ::model ::SecurityMonitoringSignalArchiveReason ;
use datadog_api_client ::datadogV2 ::model ::SecurityMonitoringSignalState ;
use datadog_api_client ::datadogV2 ::model ::SecurityMonitoringSignalType ;
use datadog_api_client ::datadogV2 ::model ::SecurityMonitoringSignalUpdateAttributes ;
use datadog_api_client ::datadogV2 ::model ::SecurityMonitoringSignalsBulkUpdateData ;
use datadog_api_client ::datadogV2 ::model ::SecurityMonitoringSignalsBulkUpdateRequest ;
use datadog_api_client ::datadogV2 ::model ::SecurityMonitoringTriageUser ;
#[tokio::main]
async fn main () {
let body = SecurityMonitoringSignalsBulkUpdateRequest ::new ( vec! [
SecurityMonitoringSignalsBulkUpdateData ::new (
SecurityMonitoringSignalUpdateAttributes ::new ()
. archive_reason ( SecurityMonitoringSignalArchiveReason ::NONE )
. assignee ( SecurityMonitoringTriageUser ::new (
"773b045d-ccf8-4808-bd3b-955ef6a8c940" . to_string (),
))
. state ( SecurityMonitoringSignalState ::OPEN ),
"AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA" . to_string (),
)
. type_ ( SecurityMonitoringSignalType ::SIGNAL ),
]);
let configuration = datadog ::Configuration ::new ();
let api = SecurityMonitoringAPI ::with_config ( configuration );
let resp = api . bulk_edit_security_monitoring_signals ( body ). await ;
if let Ok ( value ) = resp {
println! ( " {:#?} " , value );
} else {
println! ( " {:#?} " , resp . unwrap_err ());
}
}
Instructions First install the library and its dependencies and then save the example to src/main.rs and run following commands:
DD_SITE = "datadoghq.com us3.datadoghq.com us5.datadoghq.com datadoghq.eu ap1.datadoghq.com ap2.datadoghq.com ddog-gov.com us2.ddog-gov.com " DD_API_KEY = "<DD_API_KEY>" DD_APP_KEY = "<DD_APP_KEY>" cargo run
/**
* Bulk update security signals returns "OK" response
*/
import { client , v2 } from "@datadog/datadog-api-client" ;
const configuration = client . createConfiguration ();
const apiInstance = new v2 . SecurityMonitoringApi ( configuration );
const params : v2.SecurityMonitoringApiBulkEditSecurityMonitoringSignalsRequest =
{
body : {
data : [
{
attributes : {
archiveReason : "none" ,
assignee : {
uuid : "773b045d-ccf8-4808-bd3b-955ef6a8c940" ,
},
state : "open" ,
},
id : "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA" ,
type : "signal" ,
},
],
},
};
apiInstance
. bulkEditSecurityMonitoringSignals ( params )
. then (( data : v2.SecurityMonitoringSignalsBulkTriageUpdateResponse ) => {
console . log (
"API called successfully. Returned data: " + JSON . stringify ( data )
);
})
. catch (( error : any ) => console . error ( error ));
Instructions First install the library and its dependencies and then save the example to example.ts and run following commands:
DD_SITE = "datadoghq.com us3.datadoghq.com us5.datadoghq.com datadoghq.eu ap1.datadoghq.com ap2.datadoghq.com ddog-gov.com us2.ddog-gov.com " DD_API_KEY = "<DD_API_KEY>" DD_APP_KEY = "<DD_APP_KEY>" tsc "example.ts"
