--- title: Detach security findings from their case description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Security Monitoring --- # Detach security findings from their case{% #detach-security-findings-from-their-case %} Copy pageCopied {% tab title="v2" %} | Datadog site | API endpoint | | ----------------- | ------------------------------------------------------------------- | | ap1.datadoghq.com | DELETE https://api.ap1.datadoghq.com/api/v2/security/findings/cases | | ap2.datadoghq.com | DELETE https://api.ap2.datadoghq.com/api/v2/security/findings/cases | | app.datadoghq.eu | DELETE https://api.datadoghq.eu/api/v2/security/findings/cases | | app.ddog-gov.com | DELETE https://api.ddog-gov.com/api/v2/security/findings/cases | | us2.ddog-gov.com | DELETE https://api.us2.ddog-gov.com/api/v2/security/findings/cases | | app.datadoghq.com | DELETE https://api.datadoghq.com/api/v2/security/findings/cases | | us3.datadoghq.com | DELETE https://api.us3.datadoghq.com/api/v2/security/findings/cases | | us5.datadoghq.com | DELETE https://api.us5.datadoghq.com/api/v2/security/findings/cases | ### Overview Detach security findings from their case. This operation dissociates security findings from their associated cases without deleting the cases themselves. You can detach security findings from multiple different cases in a single request, with a limit of 50 security findings per request. Security findings that are not currently attached to any case will be ignored. This endpoint requires any of the following permissions: `security_monitoring_findings_write``appsec_vm_write` ### Request #### Body Data (required) {% tab title="Model" %} | Parent field | Field | Type | Description | | ------------- | -------------------------- | -------- | ---------------------------------------------------------------- | | | data | object | Data for detaching security findings from their case. | | data | relationships | object | Relationships detaching security findings from their case. | | relationships | findings [*required*] | object | Security findings to detach from their case. | | findings | data | [object] | Array of security finding data objects. | | data | id [*required*] | string | Unique identifier of the security finding. | | data | type [*required*] | enum | Security findings resource type. Allowed enum values: `findings` | | data | type [*required*] | enum | Cases resource type. Allowed enum values: `cases` | {% /tab %} {% tab title="Example" %} ```json { "data": { "relationships": { "findings": { "data": [ { "id": "YzM2MTFjYzcyNmY0Zjg4MTAxZmRlNjQ1MWU1ZGQwYzR-YzI5NzE5Y2Y4MzU4ZjliNzhkNjYxNTY0ODIzZDQ2YTM=", "type": "findings" } ] } }, "type": "cases" } } ``` {% /tab %} ### Response {% tab title="204" %} No Content {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="404" %} Not Found {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Curl command curl -X DELETE "https://api.datadoghq.com/api/v2/security/findings/cases" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "relationships": { "findings": { "data": [ { "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==", "type": "findings" } ] } }, "type": "cases" } } EOF ##### ```go // Detach security findings from their case returns "No Content" response package main import ( "context" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { body := datadogV2.DetachCaseRequest{ Data: &datadogV2.DetachCaseRequestData{ Relationships: &datadogV2.DetachCaseRequestDataRelationships{ Findings: datadogV2.Findings{ Data: []datadogV2.FindingData{ { Id: "YzM2MTFjYzcyNmY0Zjg4MTAxZmRlNjQ1MWU1ZGQwYzR-YzI5NzE5Y2Y4MzU4ZjliNzhkNjYxNTY0ODIzZDQ2YTM=", Type: datadogV2.FINDINGDATATYPE_FINDINGS, }, }, }, }, Type: datadogV2.CASEDATATYPE_CASES, }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewSecurityMonitoringApi(apiClient) r, err := api.DetachCase(ctx, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.DetachCase`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Detach security findings from their case returns "No Content" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.SecurityMonitoringApi; import com.datadog.api.client.v2.model.CaseDataType; import com.datadog.api.client.v2.model.DetachCaseRequest; import com.datadog.api.client.v2.model.DetachCaseRequestData; import com.datadog.api.client.v2.model.DetachCaseRequestDataRelationships; import com.datadog.api.client.v2.model.FindingData; import com.datadog.api.client.v2.model.FindingDataType; import com.datadog.api.client.v2.model.Findings; import java.util.Collections; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); DetachCaseRequest body = new DetachCaseRequest() .data( new DetachCaseRequestData() .relationships( new DetachCaseRequestDataRelationships() .findings( new Findings() .data( Collections.singletonList( new FindingData() .id( "YzM2MTFjYzcyNmY0Zjg4MTAxZmRlNjQ1MWU1ZGQwYzR-YzI5NzE5Y2Y4MzU4ZjliNzhkNjYxNTY0ODIzZDQ2YTM=") .type(FindingDataType.FINDINGS))))) .type(CaseDataType.CASES)); try { apiInstance.detachCase(body); } catch (ApiException e) { System.err.println("Exception when calling SecurityMonitoringApi#detachCase"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```python """ Detach security findings from their case returns "No Content" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi from datadog_api_client.v2.model.case_data_type import CaseDataType from datadog_api_client.v2.model.detach_case_request import DetachCaseRequest from datadog_api_client.v2.model.detach_case_request_data import DetachCaseRequestData from datadog_api_client.v2.model.detach_case_request_data_relationships import DetachCaseRequestDataRelationships from datadog_api_client.v2.model.finding_data import FindingData from datadog_api_client.v2.model.finding_data_type import FindingDataType from datadog_api_client.v2.model.findings import Findings body = DetachCaseRequest( data=DetachCaseRequestData( relationships=DetachCaseRequestDataRelationships( findings=Findings( data=[ FindingData( id="YzM2MTFjYzcyNmY0Zjg4MTAxZmRlNjQ1MWU1ZGQwYzR-YzI5NzE5Y2Y4MzU4ZjliNzhkNjYxNTY0ODIzZDQ2YTM=", type=FindingDataType.FINDINGS, ), ], ), ), type=CaseDataType.CASES, ), ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) api_instance.detach_case(body=body) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Detach security findings from their case returns "No Content" response require "datadog_api_client" api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new body = DatadogAPIClient::V2::DetachCaseRequest.new({ data: DatadogAPIClient::V2::DetachCaseRequestData.new({ relationships: DatadogAPIClient::V2::DetachCaseRequestDataRelationships.new({ findings: DatadogAPIClient::V2::Findings.new({ data: [ DatadogAPIClient::V2::FindingData.new({ id: "YzM2MTFjYzcyNmY0Zjg4MTAxZmRlNjQ1MWU1ZGQwYzR-YzI5NzE5Y2Y4MzU4ZjliNzhkNjYxNTY0ODIzZDQ2YTM=", type: DatadogAPIClient::V2::FindingDataType::FINDINGS, }), ], }), }), type: DatadogAPIClient::V2::CaseDataType::CASES, }), }) api_instance.detach_case(body) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```rust // Detach security findings from their case returns "No Content" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI; use datadog_api_client::datadogV2::model::CaseDataType; use datadog_api_client::datadogV2::model::DetachCaseRequest; use datadog_api_client::datadogV2::model::DetachCaseRequestData; use datadog_api_client::datadogV2::model::DetachCaseRequestDataRelationships; use datadog_api_client::datadogV2::model::FindingData; use datadog_api_client::datadogV2::model::FindingDataType; use datadog_api_client::datadogV2::model::Findings; #[tokio::main] async fn main() { let body = DetachCaseRequest ::new().data( DetachCaseRequestData::new( CaseDataType::CASES, ).relationships( DetachCaseRequestDataRelationships::new( Findings ::new().data( vec![ FindingData::new( "YzM2MTFjYzcyNmY0Zjg4MTAxZmRlNjQ1MWU1ZGQwYzR-YzI5NzE5Y2Y4MzU4ZjliNzhkNjYxNTY0ODIzZDQ2YTM=".to_string(), FindingDataType::FINDINGS, ) ], ), ), ), ); let configuration = datadog::Configuration::new(); let api = SecurityMonitoringAPI::with_config(configuration); let resp = api.detach_case(body).await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Detach security findings from their case returns "No Content" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.SecurityMonitoringApi(configuration); const params: v2.SecurityMonitoringApiDetachCaseRequest = { body: { data: { relationships: { findings: { data: [ { id: "YzM2MTFjYzcyNmY0Zjg4MTAxZmRlNjQ1MWU1ZGQwYzR-YzI5NzE5Y2Y4MzU4ZjliNzhkNjYxNTY0ODIzZDQ2YTM=", type: "findings", }, ], }, }, type: "cases", }, }, }; apiInstance .detachCase(params) .then((data: any) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}