Language

English Français 日本語 한국어 Español

Datadog Site

Site help
US1 US3 US5 EU AP1 AP2 US1-FED US2-FED

Convert a job result to a signal

Note: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.

POST https://api.ap1.datadoghq.com/api/v2/siem-historical-detections/jobs/signal_converthttps://api.ap2.datadoghq.com/api/v2/siem-historical-detections/jobs/signal_converthttps://api.datadoghq.eu/api/v2/siem-historical-detections/jobs/signal_converthttps://api.ddog-gov.com/api/v2/siem-historical-detections/jobs/signal_converthttps://api.us2.ddog-gov.com/api/v2/siem-historical-detections/jobs/signal_converthttps://api.datadoghq.com/api/v2/siem-historical-detections/jobs/signal_converthttps://api.us3.datadoghq.com/api/v2/siem-historical-detections/jobs/signal_converthttps://api.us5.datadoghq.com/api/v2/siem-historical-detections/jobs/signal_convert

Overview

Convert a job result to a signal. This endpoint requires the security_monitoring_signals_write permission.

Request

Body Data (required)

Expand All

Field

Type

Description

data

object

Data for converting historical job results to signals.

attributes

object

Attributes for converting historical job results to signals.

jobResultIds [required]

[string]

Job result IDs.

notifications [required]

[string]

Notifications sent.

signalMessage [required]

string

Message of generated signals.

signalSeverity [required]

enum

Severity of the Security Signal. Allowed enum values: info,low,medium,high,critical

type

enum

Type of payload. Allowed enum values: historicalDetectionsJobResultSignalConversion

{
  "data": {
    "attributes": {
      "jobResultIds": [
        ""
      ],
      "notifications": [
        ""
      ],
      "signalMessage": "A large number of failed login attempts.",
      "signalSeverity": "critical"
    },
    "type": "string"
  }
}

Response

OK

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Concurrent Modification

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                  ## default
# 

# Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/siem-historical-detections/jobs/signal_convert" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "jobResultIds": [
        ""
      ],
      "notifications": [
        ""
      ],
      "signalMessage": "A large number of failed login attempts.",
      "signalSeverity": "critical"
    },
    "type": "historicalDetectionsJobResultSignalConversion"
  }
}
EOF

                
"""
Convert a job result to a signal returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.convert_job_results_to_signals_attributes import ConvertJobResultsToSignalsAttributes
from datadog_api_client.v2.model.convert_job_results_to_signals_data import ConvertJobResultsToSignalsData
from datadog_api_client.v2.model.convert_job_results_to_signals_data_type import ConvertJobResultsToSignalsDataType
from datadog_api_client.v2.model.convert_job_results_to_signals_request import ConvertJobResultsToSignalsRequest
from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity

body = ConvertJobResultsToSignalsRequest(
    data=ConvertJobResultsToSignalsData(
        attributes=ConvertJobResultsToSignalsAttributes(
            job_result_ids=[
                "",
            ],
            notifications=[
                "",
            ],
            signal_message="A large number of failed login attempts.",
            signal_severity=SecurityMonitoringRuleSeverity.CRITICAL,
        ),
        type=ConvertJobResultsToSignalsDataType.HISTORICALDETECTIONSJOBRESULTSIGNALCONVERSION,
    ),
)

configuration = Configuration()
configuration.unstable_operations["convert_job_result_to_signal"] = True
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    api_instance.convert_job_result_to_signal(body=body)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Convert a job result to a signal returns "OK" response

require "datadog_api_client"
DatadogAPIClient.configure do |config|
  config.unstable_operations["v2.convert_job_result_to_signal".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::ConvertJobResultsToSignalsRequest.new({
  data: DatadogAPIClient::V2::ConvertJobResultsToSignalsData.new({
    attributes: DatadogAPIClient::V2::ConvertJobResultsToSignalsAttributes.new({
      job_result_ids: [
        "",
      ],
      notifications: [
        "",
      ],
      signal_message: "A large number of failed login attempts.",
      signal_severity: DatadogAPIClient::V2::SecurityMonitoringRuleSeverity::CRITICAL,
    }),
    type: DatadogAPIClient::V2::ConvertJobResultsToSignalsDataType::HISTORICALDETECTIONSJOBRESULTSIGNALCONVERSION,
  }),
})
api_instance.convert_job_result_to_signal(body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
// Convert a job result to a signal returns "OK" response

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.ConvertJobResultsToSignalsRequest{
		Data: &datadogV2.ConvertJobResultsToSignalsData{
			Attributes: &datadogV2.ConvertJobResultsToSignalsAttributes{
				JobResultIds: []string{
					"",
				},
				Notifications: []string{
					"",
				},
				SignalMessage:  "A large number of failed login attempts.",
				SignalSeverity: datadogV2.SECURITYMONITORINGRULESEVERITY_CRITICAL,
			},
			Type: datadogV2.CONVERTJOBRESULTSTOSIGNALSDATATYPE_HISTORICALDETECTIONSJOBRESULTSIGNALCONVERSION.Ptr(),
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	configuration.SetUnstableOperationEnabled("v2.ConvertJobResultToSignal", true)
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	r, err := api.ConvertJobResultToSignal(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ConvertJobResultToSignal`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Convert a job result to a signal returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.ConvertJobResultsToSignalsAttributes;
import com.datadog.api.client.v2.model.ConvertJobResultsToSignalsData;
import com.datadog.api.client.v2.model.ConvertJobResultsToSignalsDataType;
import com.datadog.api.client.v2.model.ConvertJobResultsToSignalsRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleSeverity;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    defaultClient.setUnstableOperationEnabled("v2.convertJobResultToSignal", true);
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    ConvertJobResultsToSignalsRequest body =
        new ConvertJobResultsToSignalsRequest()
            .data(
                new ConvertJobResultsToSignalsData()
                    .attributes(
                        new ConvertJobResultsToSignalsAttributes()
                            .jobResultIds(Collections.singletonList(""))
                            .notifications(Collections.singletonList(""))
                            .signalMessage("A large number of failed login attempts.")
                            .signalSeverity(SecurityMonitoringRuleSeverity.CRITICAL))
                    .type(
                        ConvertJobResultsToSignalsDataType
                            .HISTORICALDETECTIONSJOBRESULTSIGNALCONVERSION));

    try {
      apiInstance.convertJobResultToSignal(body);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#convertJobResultToSignal");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
// Convert a job result to a signal returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::ConvertJobResultsToSignalsAttributes;
use datadog_api_client::datadogV2::model::ConvertJobResultsToSignalsData;
use datadog_api_client::datadogV2::model::ConvertJobResultsToSignalsDataType;
use datadog_api_client::datadogV2::model::ConvertJobResultsToSignalsRequest;
use datadog_api_client::datadogV2::model::SecurityMonitoringRuleSeverity;

#[tokio::main]
async fn main() {
    let body = ConvertJobResultsToSignalsRequest::new().data(
        ConvertJobResultsToSignalsData::new()
            .attributes(ConvertJobResultsToSignalsAttributes::new(
                vec!["".to_string()],
                vec!["".to_string()],
                "A large number of failed login attempts.".to_string(),
                SecurityMonitoringRuleSeverity::CRITICAL,
            ))
            .type_(
                ConvertJobResultsToSignalsDataType::HISTORICALDETECTIONSJOBRESULTSIGNALCONVERSION,
            ),
    );
    let mut configuration = datadog::Configuration::new();
    configuration.set_unstable_operation_enabled("v2.ConvertJobResultToSignal", true);
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.convert_job_result_to_signal(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run
/**
 * Convert a job result to a signal returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
configuration.unstableOperations["v2.convertJobResultToSignal"] = true;
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiConvertJobResultToSignalRequest = {
  body: {
    data: {
      attributes: {
        jobResultIds: [""],
        notifications: [""],
        signalMessage: "A large number of failed login attempts.",
        signalSeverity: "critical",
      },
      type: "historicalDetectionsJobResultSignalConversion",
    },
  },
};

apiInstance
  .convertJobResultToSignal(params)
  .then((data: any) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"