---
title: Get entities related to a signal
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > API Reference > Security Monitoring
---

# Get entities related to a signal{% #get-entities-related-to-a-signal %}
Copy pageCopied
{% tab title="v2" %}
**Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
| Datadog site      | API endpoint                                                                              |
| ----------------- | ----------------------------------------------------------------------------------------- |
| ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/entities |
| ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/entities |
| app.datadoghq.eu  | GET https://api.datadoghq.eu/api/v2/security_monitoring/signals/{signal_id}/entities      |
| app.ddog-gov.com  | GET https://api.ddog-gov.com/api/v2/security_monitoring/signals/{signal_id}/entities      |
| us2.ddog-gov.com  | GET https://api.us2.ddog-gov.com/api/v2/security_monitoring/signals/{signal_id}/entities  |
| app.datadoghq.com | GET https://api.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/entities     |
| us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/entities |
| us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/entities |

### Overview

Get the list of entities related to a security signal, captured at the signal's timestamp. This endpoint requires the `security_monitoring_signals_read` permission.

OAuth apps require the `security_monitoring_signals_read` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#security-monitoring) to access this endpoint.



### Arguments

#### Path Parameters

| Name                        | Type   | Description           |
| --------------------------- | ------ | --------------------- |
| signal_id [*required*] | string | The ID of the signal. |

#### Query Strings

| Name  | Type    | Description                               |
| ----- | ------- | ----------------------------------------- |
| limit | integer | The maximum number of entities to return. |

### Response

{% tab title="200" %}
OK
{% tab title="Model" %}
Response containing entities related to a security signal.

| Parent field | Field                        | Type     | Description                                                                                                                             |
| ------------ | ---------------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------- |
|              | data [*required*]       | object   | Entities related to a security signal.                                                                                                  |
| data         | attributes [*required*] | object   | Attributes containing the entities related to the signal.                                                                               |
| attributes   | identities [*required*] | [object] | The identity entities related to the signal. Each item is a free-form object describing an identity (for example, a user or principal). |
| data         | id [*required*]         | string   | The signal ID the entities are associated with.                                                                                         |
| data         | type [*required*]       | enum     | The type of the resource. The value should always be `entities`. Allowed enum values: `entities`                                        |

{% /tab %}

{% tab title="Example" %}

```json
{
  "data": {
    "attributes": {
      "identities": [
        []
      ]
    },
    "id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA",
    "type": "entities"
  }
}
```

{% /tab %}

{% /tab %}

{% tab title="400" %}
Bad Request
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="403" %}
Not Authorized
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="404" %}
Not Found
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="429" %}
Too many requests
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

### Code Example

##### 
                  \# Path parameters export signal_id="CHANGE_ME" \# Curl command curl -X GET "https://api.datadoghq.com/api/v2/security_monitoring/signals/${signal_id}/entities" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" 
                
{% /tab %}