--- title: Get all suppression rules description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Security Monitoring --- # Get all suppression rules{% #get-all-suppression-rules %} Copy pageCopied {% tab title="v2" %} | Datadog site | API endpoint | | ----------------- | --------------------------------------------------------------------------------------- | | ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions | | ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/suppressions | | app.datadoghq.eu | GET https://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions | | app.ddog-gov.com | GET https://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions | | us2.ddog-gov.com | GET https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions | | app.datadoghq.com | GET https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions | | us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions | | us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions | ### Overview Get the list of all suppression rules. OAuth apps require the `security_monitoring_suppressions_read` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#security-monitoring) to access this endpoint. ### Arguments #### Query Strings | Name | Type | Description | | ------------ | ------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | query | string | Query string. | | sort | enum | Attribute used to sort the list of suppression rules. Prefix with `-` to sort in descending order. Allowed enum values: `name, start_date, expiration_date, update_date, enabled, -name, -start_date, -expiration_date, -update_date, -creation_date` | | page[size] | integer | Size for a given page. Use `-1` to return all items. | | page[number] | integer | Specific page number to return. | ### Response {% tab title="200" %} OK {% tab title="Model" %} Response object containing the available suppression rules with pagination metadata. | Parent field | Field | Type | Description | | ------------ | -------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | data | [object] | A list of suppressions objects. | | data | attributes | object | The attributes of the suppression rule. | | attributes | creation_date | int64 | A Unix millisecond timestamp given the creation date of the suppression rule. | | attributes | creator | object | A user. | | creator | handle | string | The handle of the user. | | creator | name | string | The name of the user. | | attributes | data_exclusion_query | string | An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule. | | attributes | description | string | A description for the suppression rule. | | attributes | editable | boolean | Whether the suppression rule is editable. | | attributes | enabled | boolean | Whether the suppression rule is enabled. | | attributes | expiration_date | int64 | A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. | | attributes | name | string | The name of the suppression rule. | | attributes | rule_query | string | The rule query of the suppression rule, with the same syntax as the search bar for detection rules. | | attributes | start_date | int64 | A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals. | | attributes | suppression_query | string | The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer. | | attributes | tags | [string] | List of tags associated with the suppression rule. | | attributes | update_date | int64 | A Unix millisecond timestamp given the update date of the suppression rule. | | attributes | updater | object | A user. | | updater | handle | string | The handle of the user. | | updater | name | string | The name of the user. | | attributes | version | int32 | The version of the suppression rule; it starts at 1, and is incremented at each update. | | data | id | string | The ID of the suppression rule. | | data | type | enum | The type of the resource. The value should always be `suppressions`. Allowed enum values: `suppressions` | | | meta | object | Metadata for the suppression list response. | | meta | page | object | Pagination metadata. | | page | pageNumber | int64 | Current page number. | | page | pageSize | int64 | Current page size. | | page | totalCount | int64 | Total count of suppressions. | {% /tab %} {% tab title="Example" %} ```json { "data": [ { "attributes": { "creation_date": "integer", "creator": { "handle": "john.doe@datadoghq.com", "name": "John Doe" }, "data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "editable": true, "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "start_date": 1703187336000, "suppression_query": "env:staging status:low", "tags": [ "technique:T1110-brute-force", "source:cloudtrail" ], "update_date": "integer", "updater": { "handle": "john.doe@datadoghq.com", "name": "John Doe" }, "version": 42 }, "id": "3dd-0uc-h1s", "type": "suppressions" } ], "meta": { "page": { "pageNumber": 0, "pageSize": 2, "totalCount": 2 } } } ``` {% /tab %} {% /tab %} {% tab title="403" %} Not Authorized {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \# Curl command curl -X GET "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" ##### ```python """ Get all suppression rules returns "OK" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) response = api_instance.list_security_monitoring_suppressions() print(response) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Get all suppression rules returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new p api_instance.list_security_monitoring_suppressions() ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```go // Get all suppression rules returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewSecurityMonitoringApi(apiClient) resp, r, err := api.ListSecurityMonitoringSuppressions(ctx, *datadogV2.NewListSecurityMonitoringSuppressionsOptionalParameters()) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ListSecurityMonitoringSuppressions`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.ListSecurityMonitoringSuppressions`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Get all suppression rules returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.SecurityMonitoringApi; import com.datadog.api.client.v2.model.SecurityMonitoringPaginatedSuppressionsResponse; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); try { SecurityMonitoringPaginatedSuppressionsResponse result = apiInstance.listSecurityMonitoringSuppressions(); System.out.println(result); } catch (ApiException e) { System.err.println( "Exception when calling SecurityMonitoringApi#listSecurityMonitoringSuppressions"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```rust // Get all suppression rules returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_security_monitoring::ListSecurityMonitoringSuppressionsOptionalParams; use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI; #[tokio::main] async fn main() { let configuration = datadog::Configuration::new(); let api = SecurityMonitoringAPI::with_config(configuration); let resp = api .list_security_monitoring_suppressions( ListSecurityMonitoringSuppressionsOptionalParams::default(), ) .await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Get all suppression rules returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.SecurityMonitoringApi(configuration); apiInstance .listSecurityMonitoringSuppressions() .then((data: v2.SecurityMonitoringPaginatedSuppressionsResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}