Language

English Français 日本語 한국어 Español

Datadog Site

Site help
US1 US3 US5 EU AP1 AP2 US1-FED US2-FED

Create a critical asset

copy Copy pageCopied

POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/critical_assetshttps://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/critical_assetshttps://api.datadoghq.eu/api/v2/security_monitoring/configuration/critical_assetshttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/critical_assetshttps://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/critical_assetshttps://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assetshttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/critical_assetshttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets

Overview

Create a new critical asset.

OAuth apps require the security_monitoring_critical_assets_write authorization scope to access this endpoint.

Request

Body Data (required)

The definition of the new critical asset.

Expand All

Field

Type

Description

data [required]

object

Object for a single critical asset.

attributes [required]

object

Object containing the attributes of the critical asset to be created.

enabled

boolean

Whether the critical asset is enabled. Defaults to true if not specified.

default: true

query [required]

string

The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer.

rule_query [required]

string

The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to.

severity [required]

enum

Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased, or the severity can be left unchanged (no-op). Allowed enum values: info,low,medium,high,critical,increase,decrease,no-op

tags

[string]

List of tags associated with the critical asset.

type [required]

enum

The type of the resource. The value should always be critical_assets. Allowed enum values: critical_assets

default: critical_assets

{
  "data": {
    "type": "critical_assets",
    "attributes": {
      "query": "host:examplesecuritymonitoring",
      "rule_query": "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail",
      "severity": "decrease",
      "tags": [
        "team:security",
        "env:test"
      ]
    }
  }
}

Response

OK

Response object containing a single critical asset.

Expand All

Field

Type

Description

data

object

The critical asset's properties.

attributes

object

The attributes of the critical asset.

creation_author_id

int64

ID of user who created the critical asset.

creation_date

int64

A Unix millisecond timestamp given the creation date of the critical asset.

creator

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

enabled

boolean

Whether the critical asset is enabled.

query

string

The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer.

rule_query

string

The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to.

severity

enum

Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased, or the severity can be left unchanged (no-op). Allowed enum values: info,low,medium,high,critical,increase,decrease,no-op

tags

[string]

List of tags associated with the critical asset.

update_author_id

int64

ID of user who updated the critical asset.

update_date

int64

A Unix millisecond timestamp given the update date of the critical asset.

updater

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

version

int32

The version of the critical asset; it starts at 1, and is incremented at each update.

id

string

The ID of the critical asset.

type

enum

The type of the resource. The value should always be critical_assets. Allowed enum values: critical_assets

default: critical_assets

{
  "data": {
    "attributes": {
      "creation_author_id": 367742,
      "creation_date": "integer",
      "creator": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "enabled": true,
      "query": "security:monitoring",
      "rule_query": "type:log_detection source:cloudtrail",
      "severity": "increase",
      "tags": [
        "team:database",
        "source:cloudtrail"
      ],
      "update_author_id": 367743,
      "update_date": "integer",
      "updater": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "version": 2
    },
    "id": "4e2435a5-6670-4b8f-baff-46083cd1c250",
    "type": "critical_assets"
  }
}

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Conflict

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                          ## default
# 

# Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "enabled": true,
      "query": "security:monitoring",
      "rule_query": "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail",
      "severity": "increase",
      "tags": [
        "team:database",
        "source:cloudtrail"
      ]
    },
    "type": "critical_assets"
  }
}
EOF

                        
// Create a critical asset returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityMonitoringCriticalAssetCreateRequest{
		Data: datadogV2.SecurityMonitoringCriticalAssetCreateData{
			Type: datadogV2.SECURITYMONITORINGCRITICALASSETTYPE_CRITICAL_ASSETS,
			Attributes: datadogV2.SecurityMonitoringCriticalAssetCreateAttributes{
				Query:     "host:examplesecuritymonitoring",
				RuleQuery: "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail",
				Severity:  datadogV2.SECURITYMONITORINGCRITICALASSETSEVERITY_DECREASE,
				Tags: []string{
					"team:security",
					"env:test",
				},
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateSecurityMonitoringCriticalAsset(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSecurityMonitoringCriticalAsset`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSecurityMonitoringCriticalAsset`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Create a critical asset returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetCreateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetCreateData;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetCreateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetSeverity;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetType;
import java.util.Arrays;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringCriticalAssetCreateRequest body =
        new SecurityMonitoringCriticalAssetCreateRequest()
            .data(
                new SecurityMonitoringCriticalAssetCreateData()
                    .type(SecurityMonitoringCriticalAssetType.CRITICAL_ASSETS)
                    .attributes(
                        new SecurityMonitoringCriticalAssetCreateAttributes()
                            .query("host:examplesecuritymonitoring")
                            .ruleQuery(
                                "type:(log_detection OR signal_correlation OR workload_security OR"
                                    + " application_security) source:cloudtrail")
                            .severity(SecurityMonitoringCriticalAssetSeverity.DECREASE)
                            .tags(Arrays.asList("team:security", "env:test"))));

    try {
      SecurityMonitoringCriticalAssetResponse result =
          apiInstance.createSecurityMonitoringCriticalAsset(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#createSecurityMonitoringCriticalAsset");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
"""
Create a critical asset returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_critical_asset_create_attributes import (
    SecurityMonitoringCriticalAssetCreateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_critical_asset_create_data import (
    SecurityMonitoringCriticalAssetCreateData,
)
from datadog_api_client.v2.model.security_monitoring_critical_asset_create_request import (
    SecurityMonitoringCriticalAssetCreateRequest,
)
from datadog_api_client.v2.model.security_monitoring_critical_asset_severity import (
    SecurityMonitoringCriticalAssetSeverity,
)
from datadog_api_client.v2.model.security_monitoring_critical_asset_type import SecurityMonitoringCriticalAssetType

body = SecurityMonitoringCriticalAssetCreateRequest(
    data=SecurityMonitoringCriticalAssetCreateData(
        type=SecurityMonitoringCriticalAssetType.CRITICAL_ASSETS,
        attributes=SecurityMonitoringCriticalAssetCreateAttributes(
            query="host:examplesecuritymonitoring",
            rule_query="type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail",
            severity=SecurityMonitoringCriticalAssetSeverity.DECREASE,
            tags=[
                "team:security",
                "env:test",
            ],
        ),
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_security_monitoring_critical_asset(body=body)

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Create a critical asset returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringCriticalAssetCreateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringCriticalAssetCreateData.new({
    type: DatadogAPIClient::V2::SecurityMonitoringCriticalAssetType::CRITICAL_ASSETS,
    attributes: DatadogAPIClient::V2::SecurityMonitoringCriticalAssetCreateAttributes.new({
      query: "host:examplesecuritymonitoring",
      rule_query: "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail",
      severity: DatadogAPIClient::V2::SecurityMonitoringCriticalAssetSeverity::DECREASE,
      tags: [
        "team:security",
        "env:test",
      ],
    }),
  }),
})
p api_instance.create_security_monitoring_critical_asset(body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Create a critical asset returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetCreateAttributes;
use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetCreateData;
use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetCreateRequest;
use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetSeverity;
use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetType;

#[tokio::main]
async fn main() {
    let body =
        SecurityMonitoringCriticalAssetCreateRequest::new(
            SecurityMonitoringCriticalAssetCreateData::new(
                SecurityMonitoringCriticalAssetCreateAttributes::new(
                    "host:examplesecuritymonitoring".to_string(),
                    "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail".to_string(),
                    SecurityMonitoringCriticalAssetSeverity::DECREASE,
                ).tags(vec!["team:security".to_string(), "env:test".to_string()]),
                SecurityMonitoringCriticalAssetType::CRITICAL_ASSETS,
            ),
        );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_security_monitoring_critical_asset(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
/**
 * Create a critical asset returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateSecurityMonitoringCriticalAssetRequest =
  {
    body: {
      data: {
        type: "critical_assets",
        attributes: {
          query: "host:examplesecuritymonitoring",
          ruleQuery:
            "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail",
          severity: "decrease",
          tags: ["team:security", "env:test"],
        },
      },
    },
  };

apiInstance
  .createSecurityMonitoringCriticalAsset(params)
  .then((data: v2.SecurityMonitoringCriticalAssetResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"