--- title: Create a suppression rule description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Security Monitoring --- # Create a suppression rule{% #create-a-suppression-rule %} Copy pageCopied {% tab title="v2" %} | Datadog site | API endpoint | | ----------------- | ---------------------------------------------------------------------------------------- | | ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions | | ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/suppressions | | app.datadoghq.eu | POST https://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions | | app.ddog-gov.com | POST https://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions | | us2.ddog-gov.com | POST https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions | | app.datadoghq.com | POST https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions | | us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions | | us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions | ### Overview Create a new suppression rule. OAuth apps require the `security_monitoring_suppressions_write` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#security-monitoring) to access this endpoint. ### Request #### Body Data (required) The definition of the new suppression rule. {% tab title="Model" %} | Parent field | Field | Type | Description | | ------------ | ---------------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | data [*required*] | object | Object for a single suppression rule. | | data | attributes [*required*] | object | Object containing the attributes of the suppression rule to be created. | | attributes | data_exclusion_query | string | An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule. | | attributes | description | string | A description for the suppression rule. | | attributes | enabled [*required*] | boolean | Whether the suppression rule is enabled. | | attributes | expiration_date | int64 | A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. | | attributes | name [*required*] | string | The name of the suppression rule. | | attributes | rule_query [*required*] | string | The rule query of the suppression rule, with the same syntax as the search bar for detection rules. | | attributes | start_date | int64 | A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals. | | attributes | suppression_query | string | The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer. | | attributes | tags | [string] | List of tags associated with the suppression rule. | | data | type [*required*] | enum | The type of the resource. The value should always be `suppressions`. Allowed enum values: `suppressions` | {% /tab %} {% tab title="Example" %} ##### ```json { "data": { "attributes": { "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "start_date": 1637493071000, "expiration_date": 1638443471000, "name": "Example-Security-Monitoring", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low", "tags": [ "technique:T1110-brute-force", "source:cloudtrail" ] }, "type": "suppressions" } } ``` ##### ```json { "data": { "attributes": { "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "start_date": 1637493071000, "expiration_date": 1638443471000, "name": "Example-Security-Monitoring", "rule_query": "type:log_detection source:cloudtrail", "data_exclusion_query": "account_id:12345" }, "type": "suppressions" } } ``` {% /tab %} ### Response {% tab title="200" %} OK {% tab title="Model" %} Response object containing a single suppression rule. | Parent field | Field | Type | Description | | ------------ | -------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | data | object | The suppression rule's properties. | | data | attributes | object | The attributes of the suppression rule. | | attributes | creation_date | int64 | A Unix millisecond timestamp given the creation date of the suppression rule. | | attributes | creator | object | A user. | | creator | handle | string | The handle of the user. | | creator | name | string | The name of the user. | | attributes | data_exclusion_query | string | An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule. | | attributes | description | string | A description for the suppression rule. | | attributes | editable | boolean | Whether the suppression rule is editable. | | attributes | enabled | boolean | Whether the suppression rule is enabled. | | attributes | expiration_date | int64 | A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. | | attributes | name | string | The name of the suppression rule. | | attributes | rule_query | string | The rule query of the suppression rule, with the same syntax as the search bar for detection rules. | | attributes | start_date | int64 | A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals. | | attributes | suppression_query | string | The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer. | | attributes | tags | [string] | List of tags associated with the suppression rule. | | attributes | update_date | int64 | A Unix millisecond timestamp given the update date of the suppression rule. | | attributes | updater | object | A user. | | updater | handle | string | The handle of the user. | | updater | name | string | The name of the user. | | attributes | version | int32 | The version of the suppression rule; it starts at 1, and is incremented at each update. | | data | id | string | The ID of the suppression rule. | | data | type | enum | The type of the resource. The value should always be `suppressions`. Allowed enum values: `suppressions` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "creation_date": "integer", "creator": { "handle": "john.doe@datadoghq.com", "name": "John Doe" }, "data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "editable": true, "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "start_date": 1703187336000, "suppression_query": "env:staging status:low", "tags": [ "technique:T1110-brute-force", "source:cloudtrail" ], "update_date": "integer", "updater": { "handle": "john.doe@datadoghq.com", "name": "John Doe" }, "version": 42 }, "id": "3dd-0uc-h1s", "type": "suppressions" } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Not Authorized {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="409" %} Conflict {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "start_date": 1703187336000, "suppression_query": "env:staging status:low", "tags": [ "technique:T1110-brute-force", "source:cloudtrail" ] }, "type": "suppressions" } } EOF ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "start_date": 1703187336000, "suppression_query": "env:staging status:low", "tags": [ "technique:T1110-brute-force", "source:cloudtrail" ] }, "type": "suppressions" } } EOF ##### ```go // Create a suppression rule returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { body := datadogV2.SecurityMonitoringSuppressionCreateRequest{ Data: datadogV2.SecurityMonitoringSuppressionCreateData{ Attributes: datadogV2.SecurityMonitoringSuppressionCreateAttributes{ Description: datadog.PtrString("This rule suppresses low-severity signals in staging environments."), Enabled: true, StartDate: datadog.PtrInt64(1637493071000), ExpirationDate: datadog.PtrInt64(1638443471000), Name: "Example-Security-Monitoring", RuleQuery: "type:log_detection source:cloudtrail", SuppressionQuery: datadog.PtrString("env:staging status:low"), Tags: []string{ "technique:T1110-brute-force", "source:cloudtrail", }, }, Type: datadogV2.SECURITYMONITORINGSUPPRESSIONTYPE_SUPPRESSIONS, }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewSecurityMonitoringApi(apiClient) resp, r, err := api.CreateSecurityMonitoringSuppression(ctx, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`:\n%s\n", responseContent) } ``` ##### ```go // Create a suppression rule with an exclusion query returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { body := datadogV2.SecurityMonitoringSuppressionCreateRequest{ Data: datadogV2.SecurityMonitoringSuppressionCreateData{ Attributes: datadogV2.SecurityMonitoringSuppressionCreateAttributes{ Description: datadog.PtrString("This rule suppresses low-severity signals in staging environments."), Enabled: true, StartDate: datadog.PtrInt64(1637493071000), ExpirationDate: datadog.PtrInt64(1638443471000), Name: "Example-Security-Monitoring", RuleQuery: "type:log_detection source:cloudtrail", DataExclusionQuery: datadog.PtrString("account_id:12345"), }, Type: datadogV2.SECURITYMONITORINGSUPPRESSIONTYPE_SUPPRESSIONS, }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewSecurityMonitoringApi(apiClient) resp, r, err := api.CreateSecurityMonitoringSuppression(ctx, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Create a suppression rule returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.SecurityMonitoringApi; import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateAttributes; import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateData; import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateRequest; import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse; import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionType; import java.util.Arrays; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); SecurityMonitoringSuppressionCreateRequest body = new SecurityMonitoringSuppressionCreateRequest() .data( new SecurityMonitoringSuppressionCreateData() .attributes( new SecurityMonitoringSuppressionCreateAttributes() .description( "This rule suppresses low-severity signals in staging" + " environments.") .enabled(true) .startDate(1637493071000L) .expirationDate(1638443471000L) .name("Example-Security-Monitoring") .ruleQuery("type:log_detection source:cloudtrail") .suppressionQuery("env:staging status:low") .tags( Arrays.asList("technique:T1110-brute-force", "source:cloudtrail"))) .type(SecurityMonitoringSuppressionType.SUPPRESSIONS)); try { SecurityMonitoringSuppressionResponse result = apiInstance.createSecurityMonitoringSuppression(body); System.out.println(result); } catch (ApiException e) { System.err.println( "Exception when calling SecurityMonitoringApi#createSecurityMonitoringSuppression"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` ##### ```java // Create a suppression rule with an exclusion query returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.SecurityMonitoringApi; import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateAttributes; import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateData; import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateRequest; import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse; import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionType; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); SecurityMonitoringSuppressionCreateRequest body = new SecurityMonitoringSuppressionCreateRequest() .data( new SecurityMonitoringSuppressionCreateData() .attributes( new SecurityMonitoringSuppressionCreateAttributes() .description( "This rule suppresses low-severity signals in staging" + " environments.") .enabled(true) .startDate(1637493071000L) .expirationDate(1638443471000L) .name("Example-Security-Monitoring") .ruleQuery("type:log_detection source:cloudtrail") .dataExclusionQuery("account_id:12345")) .type(SecurityMonitoringSuppressionType.SUPPRESSIONS)); try { SecurityMonitoringSuppressionResponse result = apiInstance.createSecurityMonitoringSuppression(body); System.out.println(result); } catch (ApiException e) { System.err.println( "Exception when calling SecurityMonitoringApi#createSecurityMonitoringSuppression"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```python """ Create a suppression rule returns "OK" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi from datadog_api_client.v2.model.security_monitoring_suppression_create_attributes import ( SecurityMonitoringSuppressionCreateAttributes, ) from datadog_api_client.v2.model.security_monitoring_suppression_create_data import ( SecurityMonitoringSuppressionCreateData, ) from datadog_api_client.v2.model.security_monitoring_suppression_create_request import ( SecurityMonitoringSuppressionCreateRequest, ) from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType body = SecurityMonitoringSuppressionCreateRequest( data=SecurityMonitoringSuppressionCreateData( attributes=SecurityMonitoringSuppressionCreateAttributes( description="This rule suppresses low-severity signals in staging environments.", enabled=True, start_date=1637493071000, expiration_date=1638443471000, name="Example-Security-Monitoring", rule_query="type:log_detection source:cloudtrail", suppression_query="env:staging status:low", tags=[ "technique:T1110-brute-force", "source:cloudtrail", ], ), type=SecurityMonitoringSuppressionType.SUPPRESSIONS, ), ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) response = api_instance.create_security_monitoring_suppression(body=body) print(response) ``` ##### ```python """ Create a suppression rule with an exclusion query returns "OK" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi from datadog_api_client.v2.model.security_monitoring_suppression_create_attributes import ( SecurityMonitoringSuppressionCreateAttributes, ) from datadog_api_client.v2.model.security_monitoring_suppression_create_data import ( SecurityMonitoringSuppressionCreateData, ) from datadog_api_client.v2.model.security_monitoring_suppression_create_request import ( SecurityMonitoringSuppressionCreateRequest, ) from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType body = SecurityMonitoringSuppressionCreateRequest( data=SecurityMonitoringSuppressionCreateData( attributes=SecurityMonitoringSuppressionCreateAttributes( description="This rule suppresses low-severity signals in staging environments.", enabled=True, start_date=1637493071000, expiration_date=1638443471000, name="Example-Security-Monitoring", rule_query="type:log_detection source:cloudtrail", data_exclusion_query="account_id:12345", ), type=SecurityMonitoringSuppressionType.SUPPRESSIONS, ), ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) response = api_instance.create_security_monitoring_suppression(body=body) print(response) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Create a suppression rule returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new body = DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateRequest.new({ data: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateData.new({ attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateAttributes.new({ description: "This rule suppresses low-severity signals in staging environments.", enabled: true, start_date: 1637493071000, expiration_date: 1638443471000, name: "Example-Security-Monitoring", rule_query: "type:log_detection source:cloudtrail", suppression_query: "env:staging status:low", tags: [ "technique:T1110-brute-force", "source:cloudtrail", ], }), type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS, }), }) p api_instance.create_security_monitoring_suppression(body) ``` ##### ```ruby # Create a suppression rule with an exclusion query returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new body = DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateRequest.new({ data: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateData.new({ attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateAttributes.new({ description: "This rule suppresses low-severity signals in staging environments.", enabled: true, start_date: 1637493071000, expiration_date: 1638443471000, name: "Example-Security-Monitoring", rule_query: "type:log_detection source:cloudtrail", data_exclusion_query: "account_id:12345", }), type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS, }), }) p api_instance.create_security_monitoring_suppression(body) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```rust // Create a suppression rule returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI; use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateAttributes; use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateData; use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateRequest; use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionType; #[tokio::main] async fn main() { let body = SecurityMonitoringSuppressionCreateRequest::new( SecurityMonitoringSuppressionCreateData::new( SecurityMonitoringSuppressionCreateAttributes::new( true, "Example-Security-Monitoring".to_string(), "type:log_detection source:cloudtrail".to_string(), ) .description( "This rule suppresses low-severity signals in staging environments.".to_string(), ) .expiration_date(1638443471000) .start_date(1637493071000) .suppression_query("env:staging status:low".to_string()) .tags(vec![ "technique:T1110-brute-force".to_string(), "source:cloudtrail".to_string(), ]), SecurityMonitoringSuppressionType::SUPPRESSIONS, ), ); let configuration = datadog::Configuration::new(); let api = SecurityMonitoringAPI::with_config(configuration); let resp = api.create_security_monitoring_suppression(body).await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` ##### ```rust // Create a suppression rule with an exclusion query returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI; use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateAttributes; use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateData; use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateRequest; use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionType; #[tokio::main] async fn main() { let body = SecurityMonitoringSuppressionCreateRequest::new( SecurityMonitoringSuppressionCreateData::new( SecurityMonitoringSuppressionCreateAttributes::new( true, "Example-Security-Monitoring".to_string(), "type:log_detection source:cloudtrail".to_string(), ) .data_exclusion_query("account_id:12345".to_string()) .description( "This rule suppresses low-severity signals in staging environments.".to_string(), ) .expiration_date(1638443471000) .start_date(1637493071000), SecurityMonitoringSuppressionType::SUPPRESSIONS, ), ); let configuration = datadog::Configuration::new(); let api = SecurityMonitoringAPI::with_config(configuration); let resp = api.create_security_monitoring_suppression(body).await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Create a suppression rule returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.SecurityMonitoringApi(configuration); const params: v2.SecurityMonitoringApiCreateSecurityMonitoringSuppressionRequest = { body: { data: { attributes: { description: "This rule suppresses low-severity signals in staging environments.", enabled: true, startDate: 1637493071000, expirationDate: 1638443471000, name: "Example-Security-Monitoring", ruleQuery: "type:log_detection source:cloudtrail", suppressionQuery: "env:staging status:low", tags: ["technique:T1110-brute-force", "source:cloudtrail"], }, type: "suppressions", }, }, }; apiInstance .createSecurityMonitoringSuppression(params) .then((data: v2.SecurityMonitoringSuppressionResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` ##### ```typescript /** * Create a suppression rule with an exclusion query returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.SecurityMonitoringApi(configuration); const params: v2.SecurityMonitoringApiCreateSecurityMonitoringSuppressionRequest = { body: { data: { attributes: { description: "This rule suppresses low-severity signals in staging environments.", enabled: true, startDate: 1637493071000, expirationDate: 1638443471000, name: "Example-Security-Monitoring", ruleQuery: "type:log_detection source:cloudtrail", dataExclusionQuery: "account_id:12345", }, type: "suppressions", }, }, }; apiInstance .createSecurityMonitoringSuppression(params) .then((data: v2.SecurityMonitoringSuppressionResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}