Language

English Français 日本語 한국어 Español

Datadog Site

Site help
US1 US3 US5 EU AP1 AP2 US1-FED US2-FED

Get a dataset

copy Copy pageCopied

Note: This endpoint is in preview and is subject to change. If you have any feedback, contact Datadog support.

GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/datasets/{dataset_id}https://api.ap2.datadoghq.com/api/v2/security_monitoring/datasets/{dataset_id}https://api.datadoghq.eu/api/v2/security_monitoring/datasets/{dataset_id}https://api.ddog-gov.com/api/v2/security_monitoring/datasets/{dataset_id}https://api.us2.ddog-gov.com/api/v2/security_monitoring/datasets/{dataset_id}https://api.datadoghq.com/api/v2/security_monitoring/datasets/{dataset_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/datasets/{dataset_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/datasets/{dataset_id}

Overview

Get the current version of a Cloud SIEM dataset by ID. This endpoint requires any of the following permissions:

  • security_monitoring_rules_read
  • security_monitoring_dataset_read

    • OAuth apps require the security_monitoring_rules_read authorization scope to access this endpoint.

    Arguments

    Path Parameters

    Name

    Type

    Description

    dataset_id [required]

    string

    The UUID of the dataset.

    Response

    OK

    Response containing a single Cloud SIEM dataset.

    Expand All

    Field

    Type

    Description

    data [required]

    object

    The data wrapper of a dataset response.

    attributes [required]

    object

    The attributes of a Cloud SIEM dataset.

    createdAt [required]

    string

    The creation timestamp of the dataset, in ISO 8601 format.

    createdByHandle [required]

    string

    The Datadog handle of the user who created the dataset.

    createdByName [required]

    string

    The display name of the user who created the dataset.

    definition [required]

    object

    The definition of the dataset. The shape depends on the value of data_source. Use reference_table or managed_resource for a referential dataset, or one of the event platform sources (for example logs, audit, events, spans, rum) for an event platform dataset.

    columns

    [object]

    For event platform datasets, the list of columns exposed by the dataset.

    column [required]

    string

    The name of the column.

    type [required]

    string

    The type of the column value.

    data_source [required]

    string

    The data source backing this dataset definition.

    indexes

    [string]

    For event platform datasets, the list of indexes to query.

    name [required]

    string

    The unique name of the dataset. Must start with a lowercase letter and contain only lowercase letters, digits, and underscores (max 255 characters).

    query_filter

    string

    For referential datasets, an optional filter expression applied to the table.

    search

    object

    The search clause applied to an event platform dataset.

    query [required]

    string

    The search query expression.

    storage

    string

    Storage tier the dataset reads from. Applies to event platform datasets.

    table_name

    string

    For referential datasets, the name of the underlying table.

    time_window

    object

    An optional time window that overrides the default query time range.

    from

    int64

    Inclusive start of the time window, in milliseconds since the Unix epoch.

    to

    int64

    Exclusive end of the time window, in milliseconds since the Unix epoch.

    description [required]

    string

    The description of the dataset.

    id [required]

    string

    The UUID of the dataset.

    isDefault [required]

    boolean

    Whether the dataset is an out-of-the-box dataset provided by Datadog.

    isDeprecated [required]

    boolean

    Whether the dataset is marked as deprecated.

    modifiedAt [required]

    string

    The timestamp of the last modification of the dataset, in ISO 8601 format.

    name [required]

    string

    The unique name of the dataset.

    updatedByHandle [required]

    string

    The Datadog handle of the user who last updated the dataset.

    updatedByName [required]

    string

    The display name of the user who last updated the dataset.

    version [required]

    int64

    The current version of the dataset.

    id [required]

    string

    The UUID of the dataset.

    type [required]

    enum

    The type of resource for a dataset response. Allowed enum values: dataset

    {
  "data": {
    "attributes": {
      "createdAt": "2025-03-20T10:00:00Z",
      "createdByHandle": "bruce.lee",
      "createdByName": "Bruce Lee",
      "definition": {
        "columns": [
          {
            "column": "message",
            "type": "string"
          }
        ],
        "data_source": "logs",
        "indexes": [],
        "name": "sample_dataset",
        "query_filter": "status = 'active'",
        "search": {
          "query": "*"
        },
        "storage": "hot",
        "table_name": "my_reference_table",
        "time_window": {
          "from": 1700000000000,
          "to": 1700003600000
        }
      },
      "description": "A sample dataset used for detection rules.",
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "isDefault": false,
      "isDeprecated": false,
      "modifiedAt": "2025-03-20T10:00:00Z",
      "name": "sample_dataset",
      "updatedByHandle": "bruce.lee",
      "updatedByName": "Bruce Lee",
      "version": 1
    },
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "type": "dataset"
  }
}

    Bad Request

    API error response.

    Expand All

    Field

    Type

    Description

    errors [required]

    [object]

    A list of errors.

    detail

    string

    A human-readable explanation specific to this occurrence of the error.

    meta

    object

    Non-standard meta-information about the error

    source

    object

    References to the source of the error.

    header

    string

    A string indicating the name of a single request header which caused the error.

    parameter

    string

    A string indicating which URI query parameter caused the error.

    pointer

    string

    A JSON pointer to the value in the request document that caused the error.

    status

    string

    Status code of the response.

    title

    string

    Short human-readable summary of the error.

    {
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

    Forbidden

    API error response.

    Expand All

    Field

    Type

    Description

    errors [required]

    [object]

    A list of errors.

    detail

    string

    A human-readable explanation specific to this occurrence of the error.

    meta

    object

    Non-standard meta-information about the error

    source

    object

    References to the source of the error.

    header

    string

    A string indicating the name of a single request header which caused the error.

    parameter

    string

    A string indicating which URI query parameter caused the error.

    pointer

    string

    A JSON pointer to the value in the request document that caused the error.

    status

    string

    Status code of the response.

    title

    string

    Short human-readable summary of the error.

    {
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

    Not Found

    API error response.

    Expand All

    Field

    Type

    Description

    errors [required]

    [object]

    A list of errors.

    detail

    string

    A human-readable explanation specific to this occurrence of the error.

    meta

    object

    Non-standard meta-information about the error

    source

    object

    References to the source of the error.

    header

    string

    A string indicating the name of a single request header which caused the error.

    parameter

    string

    A string indicating which URI query parameter caused the error.

    pointer

    string

    A JSON pointer to the value in the request document that caused the error.

    status

    string

    Status code of the response.

    title

    string

    Short human-readable summary of the error.

    {
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

    Too many requests

    API error response.

    Expand All

    Field

    Type

    Description

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Code Example

                      # Path parameters
    export dataset_id="123e4567-e89b-12d3-a456-426614174000"
    # Curl command
    curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/datasets/${dataset_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"