--- title: Get content pack states description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Security Monitoring --- # Get content pack states{% #get-content-pack-states %} Copy pageCopied {% tab title="v2" %} **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). | Datadog site | API endpoint | | ----------------- | --------------------------------------------------------------------------------- | | ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/content_packs/states | | ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/security_monitoring/content_packs/states | | app.datadoghq.eu | GET https://api.datadoghq.eu/api/v2/security_monitoring/content_packs/states | | app.ddog-gov.com | GET https://api.ddog-gov.com/api/v2/security_monitoring/content_packs/states | | us2.ddog-gov.com | GET https://api.us2.ddog-gov.com/api/v2/security_monitoring/content_packs/states | | app.datadoghq.com | GET https://api.datadoghq.com/api/v2/security_monitoring/content_packs/states | | us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/security_monitoring/content_packs/states | | us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/security_monitoring/content_packs/states | ### Overview Get the activation state, integration status, and log collection status for all Cloud SIEM content packs. This endpoint requires any of the following permissions: `security_monitoring_filters_read``logs_read_index_data` OAuth apps require the `security_monitoring_filters_read` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#security-monitoring) to access this endpoint. ### Response {% tab title="200" %} OK {% tab title="Model" %} Response containing content pack states. | Parent field | Field | Type | Description | | ------------ | --------------------------------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | | | data [*required*] | [object] | Array of content pack states. | | data | attributes [*required*] | object | Attributes of a content pack state | | attributes | cloud_siem_index_incorrect [*required*] | boolean | Whether the cloud SIEM index configuration is incorrect (only applies to certain pricing models) | | attributes | cp_activation [*required*] | enum | The activation status of a content pack. Allowed enum values: `never_activated,activated,deactivated` | | attributes | filters_configured_for_logs [*required*] | boolean | Whether filters (Security Filters or Index Query depending on the pricing model) are present and correctly configured to route logs into Cloud SIEM. | | attributes | integration_installed_status | enum | The installation status of the related integration. Allowed enum values: `installed,available,partially_installed,detected,error` | | attributes | logs_last_collected [*required*] | enum | Timestamp bucket indicating when logs were last collected. Allowed enum values: `not_seen,within_24_hours,within_24_to_72_hours,over_72h_to_30d,over_30d` | | attributes | logs_seen_from_any_index [*required*] | boolean | Whether logs for this content pack have been seen in any Datadog index within the last 72 hours. | | attributes | state [*required*] | enum | The current operational status of a content pack. Allowed enum values: `install,activate,initializing,active,warning,broken` | | data | id [*required*] | string | The content pack identifier. | | data | type [*required*] | enum | Type for content pack state object Allowed enum values: `content_pack_state` | | | meta [*required*] | object | Metadata for content pack states | | meta | cloud_siem_index_incorrect [*required*] | boolean | Whether the cloud SIEM index configuration is incorrect at the organization level | | meta | sku [*required*] | enum | The Cloud SIEM pricing model (SKU) for the organization. Allowed enum values: `per_gb_analyzed,per_event_in_siem_index_2023,add_on_2024` | {% /tab %} {% tab title="Example" %} ```json { "data": [ { "attributes": { "cloud_siem_index_incorrect": false, "cp_activation": "activated", "filters_configured_for_logs": true, "integration_installed_status": "installed", "logs_last_collected": "within_24_hours", "logs_seen_from_any_index": true, "state": "active" }, "id": "aws-cloudtrail", "type": "content_pack_state" } ], "meta": { "cloud_siem_index_incorrect": false, "sku": "add_on_2024" } } ``` {% /tab %} {% /tab %} {% tab title="403" %} Forbidden {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} {% tab title="404" %} Not Found {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \# Curl command curl -X GET "https://api.datadoghq.com/api/v2/security_monitoring/content_packs/states" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" ##### ```python """ Get content pack states returns "OK" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi configuration = Configuration() configuration.unstable_operations["get_content_packs_states"] = True with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) response = api_instance.get_content_packs_states() print(response) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Get content pack states returns "OK" response require "datadog_api_client" DatadogAPIClient.configure do |config| config.unstable_operations["v2.get_content_packs_states".to_sym] = true end api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new p api_instance.get_content_packs_states() ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```go // Get content pack states returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() configuration.SetUnstableOperationEnabled("v2.GetContentPacksStates", true) apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewSecurityMonitoringApi(apiClient) resp, r, err := api.GetContentPacksStates(ctx) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetContentPacksStates`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetContentPacksStates`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Get content pack states returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.SecurityMonitoringApi; import com.datadog.api.client.v2.model.SecurityMonitoringContentPackStatesResponse; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); defaultClient.setUnstableOperationEnabled("v2.getContentPacksStates", true); SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); try { SecurityMonitoringContentPackStatesResponse result = apiInstance.getContentPacksStates(); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling SecurityMonitoringApi#getContentPacksStates"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```rust // Get content pack states returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI; #[tokio::main] async fn main() { let mut configuration = datadog::Configuration::new(); configuration.set_unstable_operation_enabled("v2.GetContentPacksStates", true); let api = SecurityMonitoringAPI::with_config(configuration); let resp = api.get_content_packs_states().await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Get content pack states returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); configuration.unstableOperations["v2.getContentPacksStates"] = true; const apiInstance = new v2.SecurityMonitoringApi(configuration); apiInstance .getContentPacksStates() .then((data: v2.SecurityMonitoringContentPackStatesResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}