Selectors are used to filter security issues for which notifications should be generated.
Users can specify rule severities, rule types, a query to filter security issues on tags and attributes, and the trigger source.
Only the trigger_source field is required.
query
string
The query is composed of one or several key:value pairs, which can be used to filter security issues on tags and attributes.
rule_types
[string]
Security rule types used as filters in security rules.
severities
[string]
The security rules severities to consider.
trigger_source [required]
enum
The type of security issues on which the rule applies. Notification rules based on security signals need to use the trigger source "security_signals",
while notification rules based on security vulnerabilities need to use the trigger source "security_findings".
Allowed enum values: security_findings,security_signals
targets [required]
[string]
List of recipients to notify when a notification rule is triggered. Many different target types are supported,
such as email addresses, Slack channels, and PagerDuty services.
The appropriate integrations need to be properly configured to send notifications to the specified targets.
time_aggregation
int64
Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation.
Results are aggregated over a selected time frame using a rolling window, which updates with each new evaluation.
Notifications are only sent for new issues discovered during the window.
Time aggregation is only available for vulnerability-based notification rules. When omitted or set to 0, no aggregation
is done.
version [required]
int64
Version of the notification rule. It is updated when the rule is modified.
id [required]
string
The ID of a notification rule.
type [required]
enum
The rule type associated to notification rules.
Allowed enum values: notification_rules
{"data":[{"attributes":{"created_at":1722439510282,"created_by":{"handle":"john.doe@domain.com","name":"John Doe"},"enabled":true,"modified_at":1722439510282,"modified_by":{"handle":"john.doe@domain.com","name":"John Doe"},"name":"Rule 1","selectors":{"query":"(source:production_service OR env:prod)","rule_types":["misconfiguration","attack_path"],"severities":["critical"],"trigger_source":"security_findings"},"targets":["@john.doe@email.com"],"time_aggregation":86400,"version":1},"id":"aaa-bbb-ccc","type":"notification_rules"}]}
"""
Get the list of signal-based notification rules returns "The list of notification rules." response
"""fromdatadog_api_clientimportApiClient,Configurationfromdatadog_api_client.v2.api.security_monitoring_apiimportSecurityMonitoringApiconfiguration=Configuration()withApiClient(configuration)asapi_client:api_instance=SecurityMonitoringApi(api_client)response=api_instance.get_signal_notification_rules()print(response)
# Get the list of signal-based notification rules returns "The list of notification rules." responserequire"datadog_api_client"api_instance=DatadogAPIClient::V2::SecurityMonitoringAPI.newpapi_instance.get_signal_notification_rules()
// Get the list of signal-based notification rules returns "The list of notification rules." responsepackagemainimport("context""encoding/json""fmt""os""github.com/DataDog/datadog-api-client-go/v2/api/datadog""github.com/DataDog/datadog-api-client-go/v2/api/datadogV2")funcmain(){ctx:=datadog.NewDefaultContext(context.Background())configuration:=datadog.NewConfiguration()apiClient:=datadog.NewAPIClient(configuration)api:=datadogV2.NewSecurityMonitoringApi(apiClient)resp,r,err:=api.GetSignalNotificationRules(ctx)iferr!=nil{fmt.Fprintf(os.Stderr,"Error when calling `SecurityMonitoringApi.GetSignalNotificationRules`: %v\n",err)fmt.Fprintf(os.Stderr,"Full HTTP response: %v\n",r)}responseContent,_:=json.MarshalIndent(resp,""," ")fmt.Fprintf(os.Stdout,"Response from `SecurityMonitoringApi.GetSignalNotificationRules`:\n%s\n",responseContent)}
// Get the list of signal-based notification rules returns "The list of notification rules."// responseimportcom.datadog.api.client.ApiClient;importcom.datadog.api.client.ApiException;importcom.datadog.api.client.v2.api.SecurityMonitoringApi;publicclassExample{publicstaticvoidmain(String[]args){ApiClientdefaultClient=ApiClient.getDefaultApiClient();SecurityMonitoringApiapiInstance=newSecurityMonitoringApi(defaultClient);try{apiInstance.getSignalNotificationRules();}catch(ApiExceptione){System.err.println("Exception when calling SecurityMonitoringApi#getSignalNotificationRules");System.err.println("Status code: "+e.getCode());System.err.println("Reason: "+e.getResponseBody());System.err.println("Response headers: "+e.getResponseHeaders());e.printStackTrace();}}}
// Get the list of signal-based notification rules returns "The list of
// notification rules." response
usedatadog_api_client::datadog;usedatadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;#[tokio::main]asyncfnmain(){letconfiguration=datadog::Configuration::new();letapi=SecurityMonitoringAPI::with_config(configuration);letresp=api.get_signal_notification_rules().await;ifletOk(value)=resp{println!("{:#?}",value);}else{println!("{:#?}",resp.unwrap_err());}}
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com"DD_API_KEY="<DD_API_KEY>"DD_APP_KEY="<DD_APP_KEY>"cargo run
/**
* Get the list of signal-based notification rules returns "The list of notification rules." response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.SecurityMonitoringApi(configuration);apiInstance.getSignalNotificationRules().then((data: any)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
