Language

English Français 日本語 한국어 Español

Datadog Site

Site help
US1 US3 US5 EU AP1 AP2 US1-FED US2-FED

Bulk update triage assignee of security signals

PATCH https://api.ap1.datadoghq.com/api/v2/security_monitoring/signals/bulk/assigneehttps://api.ap2.datadoghq.com/api/v2/security_monitoring/signals/bulk/assigneehttps://api.datadoghq.eu/api/v2/security_monitoring/signals/bulk/assigneehttps://api.ddog-gov.com/api/v2/security_monitoring/signals/bulk/assigneehttps://api.us2.ddog-gov.com/api/v2/security_monitoring/signals/bulk/assigneehttps://api.datadoghq.com/api/v2/security_monitoring/signals/bulk/assigneehttps://api.us3.datadoghq.com/api/v2/security_monitoring/signals/bulk/assigneehttps://api.us5.datadoghq.com/api/v2/security_monitoring/signals/bulk/assignee

Overview

Change the triage assignees of multiple security signals at once. The maximum number of signals that can be updated in a single request is 199. This endpoint requires the security_monitoring_signals_write permission.

Request

Body Data (required)

Attributes describing the signal assignee updates.

Expand All

Field

Type

Description

data [required]

[object]

An array of signal assignee updates.

attributes [required]

object

Attributes describing the new assignees for a bulk signal update.

assignee [required]

string

UUID of the user to assign to the signal. Use an empty string to unassign.

version

int64

Version of the updated signal. If server side version is higher, update will be rejected.

id [required]

string

The unique ID of the security signal.

type

enum

The type of event. Allowed enum values: signal

default: signal

{
  "data": [
    {
      "attributes": {
        "assignee": "773b045d-ccf8-4808-bd3b-955ef6a8c940",
        "version": "integer"
      },
      "id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA",
      "type": "signal"
    }
  ]
}

Response

OK

Response for a bulk triage update of security signals.

Expand All

Field

Type

Description

result [required]

object

The result payload of a bulk signal triage update.

count [required]

int64

The number of signals updated.

events [required]

[object]

The list of updated signals.

event [required]

object

Triage attributes of a security signal returned in a bulk update response.

archive_comment

string

Optional comment to display on archived signals.

archive_comment_timestamp

int64

Timestamp of the last edit to the archive comment.

archive_comment_user

object

Object representing a given user entity.

handle

string

The handle for this user account.

icon

string

Gravatar icon associated to the user.

id

int64

Numerical ID assigned by Datadog to this user account.

name

string

The name for this user account.

uuid [required]

string

UUID assigned by Datadog to this user account.

archive_reason

enum

Reason a signal is archived. Allowed enum values: none,false_positive,testing_or_maintenance,remediated,investigated_case_opened,true_positive_benign,true_positive_malicious,other

assignee [required]

object

Object representing a given user entity.

handle

string

The handle for this user account.

icon

string

Gravatar icon associated to the user.

id

int64

Numerical ID assigned by Datadog to this user account.

name

string

The name for this user account.

uuid [required]

string

UUID assigned by Datadog to this user account.

id [required]

string

The unique ID of the security signal.

incident_ids [required]

[integer]

Array of incidents that are associated with this signal.

state [required]

enum

The new triage state of the signal. Allowed enum values: open,archived,under_review

state_update_timestamp

int64

Timestamp of the last state update.

state_update_user

object

Object representing a given user entity.

handle

string

The handle for this user account.

icon

string

Gravatar icon associated to the user.

id

int64

Numerical ID assigned by Datadog to this user account.

name

string

The name for this user account.

uuid [required]

string

UUID assigned by Datadog to this user account.

id [required]

string

The unique ID of the security signal.

status [required]

string

The status of the bulk operation.

type [required]

string

The type of the response.

{
  "result": {
    "count": 2,
    "events": [
      {
        "event": {
          "archive_comment": "string",
          "archive_comment_timestamp": "integer",
          "archive_comment_user": {
            "handle": "string",
            "icon": "/path/to/matching/gravatar/icon",
            "id": "integer",
            "name": "string",
            "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
          },
          "archive_reason": "string",
          "assignee": {
            "handle": "string",
            "icon": "/path/to/matching/gravatar/icon",
            "id": "integer",
            "name": "string",
            "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
          },
          "id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA",
          "incident_ids": [
            2066
          ],
          "state": "open",
          "state_update_timestamp": "integer",
          "state_update_user": {
            "handle": "string",
            "icon": "/path/to/matching/gravatar/icon",
            "id": "integer",
            "name": "string",
            "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
          }
        },
        "id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA"
      }
    ]
  },
  "status": "done",
  "type": "status"
}

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

meta

object

Non-standard meta-information about the error

source

object

References to the source of the error.

header

string

A string indicating the name of a single request header which caused the error.

parameter

string

A string indicating which URI query parameter caused the error.

pointer

string

A JSON pointer to the value in the request document that caused the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Forbidden

API error response.

Expand All

Field

Type

Description

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

meta

object

Non-standard meta-information about the error

source

object

References to the source of the error.

header

string

A string indicating the name of a single request header which caused the error.

parameter

string

A string indicating which URI query parameter caused the error.

pointer

string

A JSON pointer to the value in the request document that caused the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                  ## default
# 

# Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/signals/bulk/assignee" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": [
    {
      "attributes": {
        "assignee": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
      },
      "id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA",
      "type": "signal"
    }
  ]
}
EOF

                
"""
Bulk update triage assignee of security signals returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_signal_type import SecurityMonitoringSignalType
from datadog_api_client.v2.model.security_monitoring_signals_bulk_assignee_update_attributes import (
    SecurityMonitoringSignalsBulkAssigneeUpdateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_signals_bulk_assignee_update_data import (
    SecurityMonitoringSignalsBulkAssigneeUpdateData,
)
from datadog_api_client.v2.model.security_monitoring_signals_bulk_assignee_update_request import (
    SecurityMonitoringSignalsBulkAssigneeUpdateRequest,
)

body = SecurityMonitoringSignalsBulkAssigneeUpdateRequest(
    data=[
        SecurityMonitoringSignalsBulkAssigneeUpdateData(
            attributes=SecurityMonitoringSignalsBulkAssigneeUpdateAttributes(
                assignee="773b045d-ccf8-4808-bd3b-955ef6a8c940",
            ),
            id="AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA",
            type=SecurityMonitoringSignalType.SIGNAL,
        ),
    ],
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.bulk_edit_security_monitoring_signals_assignee(body=body)

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Bulk update triage assignee of security signals returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringSignalsBulkAssigneeUpdateRequest.new({
  data: [
    DatadogAPIClient::V2::SecurityMonitoringSignalsBulkAssigneeUpdateData.new({
      attributes: DatadogAPIClient::V2::SecurityMonitoringSignalsBulkAssigneeUpdateAttributes.new({
        assignee: "773b045d-ccf8-4808-bd3b-955ef6a8c940",
      }),
      id: "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA",
      type: DatadogAPIClient::V2::SecurityMonitoringSignalType::SIGNAL,
    }),
  ],
})
p api_instance.bulk_edit_security_monitoring_signals_assignee(body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
// Bulk update triage assignee of security signals returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityMonitoringSignalsBulkAssigneeUpdateRequest{
		Data: []datadogV2.SecurityMonitoringSignalsBulkAssigneeUpdateData{
			{
				Attributes: datadogV2.SecurityMonitoringSignalsBulkAssigneeUpdateAttributes{
					Assignee: "773b045d-ccf8-4808-bd3b-955ef6a8c940",
				},
				Id:   "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA",
				Type: datadogV2.SECURITYMONITORINGSIGNALTYPE_SIGNAL.Ptr(),
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.BulkEditSecurityMonitoringSignalsAssignee(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.BulkEditSecurityMonitoringSignalsAssignee`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.BulkEditSecurityMonitoringSignalsAssignee`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Bulk update triage assignee of security signals returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalType;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalsBulkAssigneeUpdateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalsBulkAssigneeUpdateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalsBulkAssigneeUpdateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalsBulkTriageUpdateResponse;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringSignalsBulkAssigneeUpdateRequest body =
        new SecurityMonitoringSignalsBulkAssigneeUpdateRequest()
            .data(
                Collections.singletonList(
                    new SecurityMonitoringSignalsBulkAssigneeUpdateData()
                        .attributes(
                            new SecurityMonitoringSignalsBulkAssigneeUpdateAttributes()
                                .assignee("773b045d-ccf8-4808-bd3b-955ef6a8c940"))
                        .id("AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA")
                        .type(SecurityMonitoringSignalType.SIGNAL)));

    try {
      SecurityMonitoringSignalsBulkTriageUpdateResponse result =
          apiInstance.bulkEditSecurityMonitoringSignalsAssignee(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#bulkEditSecurityMonitoringSignalsAssignee");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
// Bulk update triage assignee of security signals returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringSignalType;
use datadog_api_client::datadogV2::model::SecurityMonitoringSignalsBulkAssigneeUpdateAttributes;
use datadog_api_client::datadogV2::model::SecurityMonitoringSignalsBulkAssigneeUpdateData;
use datadog_api_client::datadogV2::model::SecurityMonitoringSignalsBulkAssigneeUpdateRequest;

#[tokio::main]
async fn main() {
    let body = SecurityMonitoringSignalsBulkAssigneeUpdateRequest::new(vec![
        SecurityMonitoringSignalsBulkAssigneeUpdateData::new(
            SecurityMonitoringSignalsBulkAssigneeUpdateAttributes::new(
                "773b045d-ccf8-4808-bd3b-955ef6a8c940".to_string(),
            ),
            "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA".to_string(),
        )
        .type_(SecurityMonitoringSignalType::SIGNAL),
    ]);
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .bulk_edit_security_monitoring_signals_assignee(body)
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run
/**
 * Bulk update triage assignee of security signals returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiBulkEditSecurityMonitoringSignalsAssigneeRequest =
  {
    body: {
      data: [
        {
          attributes: {
            assignee: "773b045d-ccf8-4808-bd3b-955ef6a8c940",
          },
          id: "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA",
          type: "signal",
        },
      ],
    },
  };

apiInstance
  .bulkEditSecurityMonitoringSignalsAssignee(params)
  .then((data: v2.SecurityMonitoringSignalsBulkTriageUpdateResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"