POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/security_filters https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/security_filters https://api.datadoghq.eu/api/v2/security_monitoring/configuration/security_filters https://api.ddog-gov.com/api/v2/security_monitoring/configuration/security_filters https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/security_filters https://api.datadoghq.com/api/v2/security_monitoring/configuration/security_filters https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/security_filters https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters
Overview
Create a security filter.
See the security filter guide
for more examples.
This endpoint requires the
security_monitoring_filters_write permission.
OAuth apps require the security_monitoring_filters_write authorization scope to access this endpoint.
Request Body Data (required) The definition of the new security filter.
Expand All
Object for a single security filter.
Object containing the attributes of the security filter to be created.
required ]
Exclusion filters to exclude some logs from the security filter.
Exclusion filter query. Logs that match this query are excluded from the security filter.
filtered_data_type [required ]
The filtered data type.
Allowed enum values: logs
Whether the security filter is enabled.
The name of the security filter.
The query of the security filter.
The type of the resource. The value should always be security_filters.
Allowed enum values: security_filters
default: security_filters
{
"data" : {
"attributes" : {
"exclusion_filters" : [
{
"name" : "Exclude staging" ,
"query" : "source:staging"
}
],
"filtered_data_type" : "logs" ,
"is_enabled" : true ,
"name" : "Example-Security-Monitoring" ,
"query" : "service:ExampleSecurityMonitoring"
},
"type" : "security_filters"
}
} Response OK
Response object which includes a single security filter.
Expand All
The security filter's properties.
The object describing a security filter.
The list of exclusion filters applied in this security filter.
The exclusion filter name.
The exclusion filter query.
The filtered data type.
Allowed enum values: logs
Whether the security filter is the built-in filter.
Whether the security filter is enabled.
The security filter name.
The security filter query. Logs accepted by this query will be accepted by this filter.
The version of the security filter.
The ID of the security filter.
The type of the resource. The value should always be security_filters.
Allowed enum values: security_filters
default: security_filters
Optional metadata associated to the response.
{
"data" : {
"attributes" : {
"exclusion_filters" : [
{
"name" : "Exclude staging" ,
"query" : "source:staging"
}
],
"filtered_data_type" : "logs" ,
"is_builtin" : false ,
"is_enabled" : false ,
"name" : "Custom security filter" ,
"query" : "service:api" ,
"version" : 1
},
"id" : "3dd-0uc-h1s" ,
"type" : "security_filters"
},
"meta" : {
"warning" : "All the security filters are disabled. As a result, no logs are being analyzed."
}
} Bad Request
{
"errors" : [
"Bad Request"
]
} Not Authorized
{
"errors" : [
"Bad Request"
]
} Conflict
{
"errors" : [
"Bad Request"
]
} Too many requests
{
"errors" : [
"Bad Request"
]
} Code Example Copy
## default
#
# Curl command curl -X POST "https://api.ap1.datadoghq.com "https://api.ap2.datadoghq.com "https://api.datadoghq.eu "https://api.ddog-gov.com "https://api.us2.ddog-gov.com "https://api.datadoghq.com "https://api.us3.datadoghq.com "https://api.us5.datadoghq.com /api/v2/security_monitoring/configuration/security_filters " \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY} " \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY} " \
-d @- << EOF
{
"data": {
"attributes": {
"exclusion_filters": [
{
"name": "Exclude staging",
"query": "source:staging"
}
],
"filtered_data_type": "logs",
"is_enabled": true,
"name": "Custom security filter",
"query": "service:api"
},
"type": "security_filters"
}
}
EOF
// Create a security filter returns "OK" response
package main
import (
"context"
"encoding/json"
"fmt"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main () {
body := datadogV2 . SecurityFilterCreateRequest {
Data : datadogV2 . SecurityFilterCreateData {
Attributes : datadogV2 . SecurityFilterCreateAttributes {
ExclusionFilters : [] datadogV2 . SecurityFilterExclusionFilter {
{
Name : "Exclude staging" ,
Query : "source:staging" ,
},
},
FilteredDataType : datadogV2 . SECURITYFILTERFILTEREDDATATYPE_LOGS ,
IsEnabled : true ,
Name : "Example-Security-Monitoring" ,
Query : "service:ExampleSecurityMonitoring" ,
},
Type : datadogV2 . SECURITYFILTERTYPE_SECURITY_FILTERS ,
},
}
ctx := datadog . NewDefaultContext ( context . Background ())
configuration := datadog . NewConfiguration ()
apiClient := datadog . NewAPIClient ( configuration )
api := datadogV2 . NewSecurityMonitoringApi ( apiClient )
resp , r , err := api . CreateSecurityFilter ( ctx , body )
if err != nil {
fmt . Fprintf ( os . Stderr , "Error when calling `SecurityMonitoringApi.CreateSecurityFilter`: %v\n" , err )
fmt . Fprintf ( os . Stderr , "Full HTTP response: %v\n" , r )
}
responseContent , _ := json . MarshalIndent ( resp , "" , " " )
fmt . Fprintf ( os . Stdout , "Response from `SecurityMonitoringApi.CreateSecurityFilter`:\n%s\n" , responseContent )
}
Instructions First install the library and its dependencies and then save the example to main.go and run following commands:
DD_SITE = "datadoghq.com us3.datadoghq.com us5.datadoghq.com datadoghq.eu ap1.datadoghq.com ap2.datadoghq.com ddog-gov.com us2.ddog-gov.com " DD_API_KEY = "<DD_API_KEY>" DD_APP_KEY = "<DD_APP_KEY>" go run "main.go"
// Create a security filter returns "OK" response
import com.datadog.api.client.ApiClient ;
import com.datadog.api.client.ApiException ;
import com.datadog.api.client.v2.api.SecurityMonitoringApi ;
import com.datadog.api.client.v2.model.SecurityFilterCreateAttributes ;
import com.datadog.api.client.v2.model.SecurityFilterCreateData ;
import com.datadog.api.client.v2.model.SecurityFilterCreateRequest ;
import com.datadog.api.client.v2.model.SecurityFilterExclusionFilter ;
import com.datadog.api.client.v2.model.SecurityFilterFilteredDataType ;
import com.datadog.api.client.v2.model.SecurityFilterResponse ;
import com.datadog.api.client.v2.model.SecurityFilterType ;
import java.util.Collections ;
public class Example {
public static void main ( String [] args ) {
ApiClient defaultClient = ApiClient . getDefaultApiClient ();
SecurityMonitoringApi apiInstance = new SecurityMonitoringApi ( defaultClient );
SecurityFilterCreateRequest body =
new SecurityFilterCreateRequest ()
. data (
new SecurityFilterCreateData ()
. attributes (
new SecurityFilterCreateAttributes ()
. exclusionFilters (
Collections . singletonList (
new SecurityFilterExclusionFilter ()
. name ( "Exclude staging" )
. query ( "source:staging" )))
. filteredDataType ( SecurityFilterFilteredDataType . LOGS )
. isEnabled ( true )
. name ( "Example-Security-Monitoring" )
. query ( "service:ExampleSecurityMonitoring" ))
. type ( SecurityFilterType . SECURITY_FILTERS ));
try {
SecurityFilterResponse result = apiInstance . createSecurityFilter ( body );
System . out . println ( result );
} catch ( ApiException e ) {
System . err . println ( "Exception when calling SecurityMonitoringApi#createSecurityFilter" );
System . err . println ( "Status code: " + e . getCode ());
System . err . println ( "Reason: " + e . getResponseBody ());
System . err . println ( "Response headers: " + e . getResponseHeaders ());
e . printStackTrace ();
}
}
}
Instructions First install the library and its dependencies and then save the example to Example.java and run following commands:
DD_SITE = "datadoghq.com us3.datadoghq.com us5.datadoghq.com datadoghq.eu ap1.datadoghq.com ap2.datadoghq.com ddog-gov.com us2.ddog-gov.com " DD_API_KEY = "<DD_API_KEY>" DD_APP_KEY = "<DD_APP_KEY>" java "Example.java"
"""
Create a security filter returns "OK" response
"""
from datadog_api_client import ApiClient , Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_filter_create_attributes import SecurityFilterCreateAttributes
from datadog_api_client.v2.model.security_filter_create_data import SecurityFilterCreateData
from datadog_api_client.v2.model.security_filter_create_request import SecurityFilterCreateRequest
from datadog_api_client.v2.model.security_filter_exclusion_filter import SecurityFilterExclusionFilter
from datadog_api_client.v2.model.security_filter_filtered_data_type import SecurityFilterFilteredDataType
from datadog_api_client.v2.model.security_filter_type import SecurityFilterType
body = SecurityFilterCreateRequest (
data = SecurityFilterCreateData (
attributes = SecurityFilterCreateAttributes (
exclusion_filters = [
SecurityFilterExclusionFilter (
name = "Exclude staging" ,
query = "source:staging" ,
),
],
filtered_data_type = SecurityFilterFilteredDataType . LOGS ,
is_enabled = True ,
name = "Example-Security-Monitoring" ,
query = "service:ExampleSecurityMonitoring" ,
),
type = SecurityFilterType . SECURITY_FILTERS ,
),
)
configuration = Configuration ()
with ApiClient ( configuration ) as api_client :
api_instance = SecurityMonitoringApi ( api_client )
response = api_instance . create_security_filter ( body = body )
print ( response )
Instructions First install the library and its dependencies and then save the example to example.py and run following commands:
DD_SITE = "datadoghq.com us3.datadoghq.com us5.datadoghq.com datadoghq.eu ap1.datadoghq.com ap2.datadoghq.com ddog-gov.com us2.ddog-gov.com " DD_API_KEY = "<DD_API_KEY>" DD_APP_KEY = "<DD_APP_KEY>" python3 "example.py"
# Create a security filter returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient :: V2 :: SecurityMonitoringAPI . new
body = DatadogAPIClient :: V2 :: SecurityFilterCreateRequest . new ({
data : DatadogAPIClient :: V2 :: SecurityFilterCreateData . new ({
attributes : DatadogAPIClient :: V2 :: SecurityFilterCreateAttributes . new ({
exclusion_filters : [
DatadogAPIClient :: V2 :: SecurityFilterExclusionFilter . new ({
name : "Exclude staging" ,
query : "source:staging" ,
}),
] ,
filtered_data_type : DatadogAPIClient :: V2 :: SecurityFilterFilteredDataType :: LOGS ,
is_enabled : true ,
name : "Example-Security-Monitoring" ,
query : "service:ExampleSecurityMonitoring" ,
}),
type : DatadogAPIClient :: V2 :: SecurityFilterType :: SECURITY_FILTERS ,
}),
})
p api_instance . create_security_filter ( body )
Instructions First install the library and its dependencies and then save the example to example.rb and run following commands:
DD_SITE = "datadoghq.com us3.datadoghq.com us5.datadoghq.com datadoghq.eu ap1.datadoghq.com ap2.datadoghq.com ddog-gov.com us2.ddog-gov.com " DD_API_KEY = "<DD_API_KEY>" DD_APP_KEY = "<DD_APP_KEY>" rb "example.rb"
// Create a security filter returns "OK" response
use datadog_api_client ::datadog ;
use datadog_api_client ::datadogV2 ::api_security_monitoring ::SecurityMonitoringAPI ;
use datadog_api_client ::datadogV2 ::model ::SecurityFilterCreateAttributes ;
use datadog_api_client ::datadogV2 ::model ::SecurityFilterCreateData ;
use datadog_api_client ::datadogV2 ::model ::SecurityFilterCreateRequest ;
use datadog_api_client ::datadogV2 ::model ::SecurityFilterExclusionFilter ;
use datadog_api_client ::datadogV2 ::model ::SecurityFilterFilteredDataType ;
use datadog_api_client ::datadogV2 ::model ::SecurityFilterType ;
#[tokio::main]
async fn main () {
let body = SecurityFilterCreateRequest ::new ( SecurityFilterCreateData ::new (
SecurityFilterCreateAttributes ::new (
vec! [ SecurityFilterExclusionFilter ::new (
"Exclude staging" . to_string (),
"source:staging" . to_string (),
)],
SecurityFilterFilteredDataType ::LOGS ,
true ,
"Example-Security-Monitoring" . to_string (),
"service:ExampleSecurityMonitoring" . to_string (),
),
SecurityFilterType ::SECURITY_FILTERS ,
));
let configuration = datadog ::Configuration ::new ();
let api = SecurityMonitoringAPI ::with_config ( configuration );
let resp = api . create_security_filter ( body ). await ;
if let Ok ( value ) = resp {
println! ( " {:#?} " , value );
} else {
println! ( " {:#?} " , resp . unwrap_err ());
}
}
Instructions First install the library and its dependencies and then save the example to src/main.rs and run following commands:
DD_SITE = "datadoghq.com us3.datadoghq.com us5.datadoghq.com datadoghq.eu ap1.datadoghq.com ap2.datadoghq.com ddog-gov.com us2.ddog-gov.com " DD_API_KEY = "<DD_API_KEY>" DD_APP_KEY = "<DD_APP_KEY>" cargo run
/**
* Create a security filter returns "OK" response
*/
import { client , v2 } from "@datadog/datadog-api-client" ;
const configuration = client . createConfiguration ();
const apiInstance = new v2 . SecurityMonitoringApi ( configuration );
const params : v2.SecurityMonitoringApiCreateSecurityFilterRequest = {
body : {
data : {
attributes : {
exclusionFilters : [
{
name : "Exclude staging" ,
query : "source:staging" ,
},
],
filteredDataType : "logs" ,
isEnabled : true ,
name : "Example-Security-Monitoring" ,
query : "service:ExampleSecurityMonitoring" ,
},
type : "security_filters" ,
},
},
};
apiInstance
. createSecurityFilter ( params )
. then (( data : v2.SecurityFilterResponse ) => {
console . log (
"API called successfully. Returned data: " + JSON . stringify ( data )
);
})
. catch (( error : any ) => console . error ( error ));
Instructions First install the library and its dependencies and then save the example to example.ts and run following commands:
DD_SITE = "datadoghq.com us3.datadoghq.com us5.datadoghq.com datadoghq.eu ap1.datadoghq.com ap2.datadoghq.com ddog-gov.com us2.ddog-gov.com " DD_API_KEY = "<DD_API_KEY>" DD_APP_KEY = "<DD_APP_KEY>" tsc "example.ts"
