Get suggested actions for a signal

v2 (latest)

GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/suggested_actionshttps://api.ap2.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/suggested_actionshttps://api.datadoghq.eu/api/v2/security_monitoring/signals/{signal_id}/suggested_actionshttps://api.ddog-gov.com/api/v2/security_monitoring/signals/{signal_id}/suggested_actionshttps://api.us2.ddog-gov.com/api/v2/security_monitoring/signals/{signal_id}/suggested_actionshttps://api.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/suggested_actionshttps://api.us3.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/suggested_actionshttps://api.us5.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/suggested_actions

Overview

Get the list of suggested actions for a given security signal. This endpoint requires all of the following permissions:

security_monitoring_rules_read

security_monitoring_signals_read

OAuth apps require the security_monitoring_rules_read, security_monitoring_signals_read authorization scope to access this endpoint.

Arguments

Path Parameters

Name

Type

Description

signal_id [required]

string

The ID of the signal.

Response

Expand All

Field

Type

Description

data [required]

[object]

List of suggested actions for a security signal.

{
  "data": [
    {
      "attributes": {
        "name": "Cloudtrail events for user ARN",
        "query_filter": "source:cloudtrail @userIdentity.arn:\"foo\"",
        "template_variables": {
          "<any-key>": []
        },
        "title": "Monitor Okta logs to track system access and unusual activity",
        "url": "/logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22"
      },
      "id": "w00-t10-992",
      "type": "investigation_log_queries"
    }
  ]
}

Response with suggested actions for a security signal.

Expand All

Field

Type

Description

data [required]

[object]

List of suggested actions for a security signal.

{
  "data": [
    {
      "attributes": {
        "name": "Cloudtrail events for user ARN",
        "query_filter": "source:cloudtrail @userIdentity.arn:\"foo\"",
        "template_variables": {
          "<any-key>": []
        },
        "title": "Monitor Okta logs to track system access and unusual activity",
        "url": "/logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22"
      },
      "id": "w00-t10-992",
      "type": "investigation_log_queries"
    }
  ]
}

Not Authorized

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                  # Path parameters
export signal_id="CHANGE_ME"
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/signals/${signal_id}/suggested_actions" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

                

"""
Get suggested actions for a signal returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_suggested_actions_matching_signal(
        signal_id="AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE",
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"

# Get suggested actions for a signal returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.get_suggested_actions_matching_signal("AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE")

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"

// Get suggested actions for a signal returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetSuggestedActionsMatchingSignal(ctx, "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE")

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetSuggestedActionsMatchingSignal`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetSuggestedActionsMatchingSignal`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"

// Get suggested actions for a signal returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalSuggestedActionsResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      SecurityMonitoringSignalSuggestedActionsResponse result =
          apiInstance.getSuggestedActionsMatchingSignal(
              "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE");
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#getSuggestedActionsMatchingSignal");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"

// Get suggested actions for a signal returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .get_suggested_actions_matching_signal(
            "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE".to_string(),
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run

/**
 * Get suggested actions for a signal returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiGetSuggestedActionsMatchingSignalRequest =
  {
    signalId: "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE",
  };

apiInstance
  .getSuggestedActionsMatchingSignal(params)
  .then((data: v2.SecurityMonitoringSignalSuggestedActionsResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

Get suggested actions for a signal

Overview

Arguments

Path Parameters

Response

Code Example

Get suggested actions for a signal

Get suggested actions for a signal

Instructions

Get suggested actions for a signal

Instructions

Get suggested actions for a signal

Instructions

Get suggested actions for a signal

Instructions

Get suggested actions for a signal

Instructions

Get suggested actions for a signal

Instructions

How can I help you today?