Language

English Français 日本語 한국어 Español

Datadog Site

Site help
US1 US3 US5 EU AP1 AP2 US1-FED US2-FED

List datasets

Note: This endpoint is in preview and is subject to change. If you have any feedback, contact Datadog support.

GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/datasetshttps://api.ap2.datadoghq.com/api/v2/security_monitoring/datasetshttps://api.datadoghq.eu/api/v2/security_monitoring/datasetshttps://api.ddog-gov.com/api/v2/security_monitoring/datasetshttps://api.us2.ddog-gov.com/api/v2/security_monitoring/datasetshttps://api.datadoghq.com/api/v2/security_monitoring/datasetshttps://api.us3.datadoghq.com/api/v2/security_monitoring/datasetshttps://api.us5.datadoghq.com/api/v2/security_monitoring/datasets

Overview

List all Cloud SIEM datasets available to the organization, including both customer-defined datasets and Datadog out-of-the-box datasets. This endpoint requires any of the following permissions:

  • security_monitoring_rules_read
  • security_monitoring_dataset_read

    • OAuth apps require the security_monitoring_rules_read authorization scope to access this endpoint.

    Arguments

    Query Strings

    Name

    Type

    Description

    page[size]

    integer

    Size for a given page. The maximum allowed value is 100.

    page[number]

    integer

    Specific page number to return.

    sort

    string

    Attribute used to sort datasets. Prefix with - to sort in descending order.

    filter[query]

    string

    A search query to filter datasets by name or description.

    Response

    OK

    Response containing a paginated list of Cloud SIEM datasets.

    Expand All

    Field

    Type

    Description

    data [required]

    [object]

    A list of dataset data items.

    attributes [required]

    object

    The attributes of a Cloud SIEM dataset.

    createdAt [required]

    string

    The creation timestamp of the dataset, in ISO 8601 format.

    createdByHandle [required]

    string

    The Datadog handle of the user who created the dataset.

    createdByName [required]

    string

    The display name of the user who created the dataset.

    definition [required]

    object

    The definition of the dataset. The shape depends on the value of data_source. Use reference_table or managed_resource for a referential dataset, or one of the event platform sources (for example logs, audit, events, spans, rum) for an event platform dataset.

    columns

    [object]

    For event platform datasets, the list of columns exposed by the dataset.

    column [required]

    string

    The name of the column.

    type [required]

    string

    The type of the column value.

    data_source [required]

    string

    The data source backing this dataset definition.

    indexes

    [string]

    For event platform datasets, the list of indexes to query.

    name [required]

    string

    The unique name of the dataset. Must start with a lowercase letter and contain only lowercase letters, digits, and underscores (max 255 characters).

    query_filter

    string

    For referential datasets, an optional filter expression applied to the table.

    search

    object

    The search clause applied to an event platform dataset.

    query [required]

    string

    The search query expression.

    storage

    string

    Storage tier the dataset reads from. Applies to event platform datasets.

    table_name

    string

    For referential datasets, the name of the underlying table.

    time_window

    object

    An optional time window that overrides the default query time range.

    from

    int64

    Inclusive start of the time window, in milliseconds since the Unix epoch.

    to

    int64

    Exclusive end of the time window, in milliseconds since the Unix epoch.

    description [required]

    string

    The description of the dataset.

    id [required]

    string

    The UUID of the dataset.

    isDefault [required]

    boolean

    Whether the dataset is an out-of-the-box dataset provided by Datadog.

    isDeprecated [required]

    boolean

    Whether the dataset is marked as deprecated.

    modifiedAt [required]

    string

    The timestamp of the last modification of the dataset, in ISO 8601 format.

    name [required]

    string

    The unique name of the dataset.

    updatedByHandle [required]

    string

    The Datadog handle of the user who last updated the dataset.

    updatedByName [required]

    string

    The display name of the user who last updated the dataset.

    version [required]

    int64

    The current version of the dataset.

    id [required]

    string

    The UUID of the dataset.

    type [required]

    enum

    The type of resource for a dataset response. Allowed enum values: dataset

    meta [required]

    object

    Metadata returned with a list of datasets.

    totalCount [required]

    int64

    The total number of datasets matching the request, across all pages.

    {
  "data": [
    {
      "attributes": {
        "createdAt": "2025-03-20T10:00:00Z",
        "createdByHandle": "bruce.lee",
        "createdByName": "Bruce Lee",
        "definition": {
          "columns": [
            {
              "column": "message",
              "type": "string"
            }
          ],
          "data_source": "logs",
          "indexes": [],
          "name": "sample_dataset",
          "query_filter": "status = 'active'",
          "search": {
            "query": "*"
          },
          "storage": "hot",
          "table_name": "my_reference_table",
          "time_window": {
            "from": 1700000000000,
            "to": 1700003600000
          }
        },
        "description": "A sample dataset used for detection rules.",
        "id": "123e4567-e89b-12d3-a456-426614174000",
        "isDefault": false,
        "isDeprecated": false,
        "modifiedAt": "2025-03-20T10:00:00Z",
        "name": "sample_dataset",
        "updatedByHandle": "bruce.lee",
        "updatedByName": "Bruce Lee",
        "version": 1
      },
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "type": "dataset"
    }
  ],
  "meta": {
    "totalCount": 1
  }
}

    Bad Request

    API error response.

    Expand All

    Field

    Type

    Description

    errors [required]

    [object]

    A list of errors.

    detail

    string

    A human-readable explanation specific to this occurrence of the error.

    meta

    object

    Non-standard meta-information about the error

    source

    object

    References to the source of the error.

    header

    string

    A string indicating the name of a single request header which caused the error.

    parameter

    string

    A string indicating which URI query parameter caused the error.

    pointer

    string

    A JSON pointer to the value in the request document that caused the error.

    status

    string

    Status code of the response.

    title

    string

    Short human-readable summary of the error.

    {
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

    Forbidden

    API error response.

    Expand All

    Field

    Type

    Description

    errors [required]

    [object]

    A list of errors.

    detail

    string

    A human-readable explanation specific to this occurrence of the error.

    meta

    object

    Non-standard meta-information about the error

    source

    object

    References to the source of the error.

    header

    string

    A string indicating the name of a single request header which caused the error.

    parameter

    string

    A string indicating which URI query parameter caused the error.

    pointer

    string

    A JSON pointer to the value in the request document that caused the error.

    status

    string

    Status code of the response.

    title

    string

    Short human-readable summary of the error.

    {
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

    Too many requests

    API error response.

    Expand All

    Field

    Type

    Description

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Code Example

                      # Curl command
    curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/datasets" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"