--- title: List hist signals description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Security Monitoring --- # List hist signals{% #list-hist-signals %} Copy pageCopied {% tab title="v2" %} **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. | Datadog site | API endpoint | | ----------------- | ------------------------------------------------------------------------------- | | ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/siem-historical-detections/histsignals | | ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/siem-historical-detections/histsignals | | app.datadoghq.eu | GET https://api.datadoghq.eu/api/v2/siem-historical-detections/histsignals | | app.ddog-gov.com | GET https://api.ddog-gov.com/api/v2/siem-historical-detections/histsignals | | us2.ddog-gov.com | GET https://api.us2.ddog-gov.com/api/v2/siem-historical-detections/histsignals | | app.datadoghq.com | GET https://api.datadoghq.com/api/v2/siem-historical-detections/histsignals | | us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/siem-historical-detections/histsignals | | us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/siem-historical-detections/histsignals | ### Overview List hist signals. This endpoint requires the `security_monitoring_signals_read` permission. OAuth apps require the `security_monitoring_signals_read` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#security-monitoring) to access this endpoint. ### Arguments #### Query Strings | Name | Type | Description | | ------------- | ------- | ------------------------------------------------------------------------------------------ | | filter[query] | string | The search query for security signals. | | filter[from] | string | The minimum timestamp for requested security signals. | | filter[to] | string | The maximum timestamp for requested security signals. | | sort | enum | The order of the security signals in results. Allowed enum values: `timestamp, -timestamp` | | page[cursor] | string | A list of results using the cursor provided in the previous query. | | page[limit] | integer | The maximum number of security signals in the response. | ### Response {% tab title="200" %} OK {% tab title="Model" %} The response object with all security signals matching the request and pagination information. | Parent field | Field | Type | Description | | ------------ | ---------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------- | | | data | [object] | An array of security signals matching the request. | | data | attributes | object | The object containing all signal attributes and their associated values. | | attributes | custom | object | A JSON object of attributes in the security signal. | | attributes | message | string | The message in the security signal defined by the rule that generated the signal. | | attributes | tags | [string] | An array of tags associated with the security signal. | | attributes | timestamp | date-time | The timestamp of the security signal. | | data | id | string | The unique ID of the security signal. | | data | type | enum | The type of event. Allowed enum values: `signal` | | | links | object | Links attributes. | | links | next | string | The link for the next set of results. **Note**: The request can also be made using the POST endpoint. | | | meta | object | Meta attributes. | | meta | page | object | Paging attributes. | | page | after | string | The cursor used to get the next results, if any. To make the next request, use the same parameters with the addition of the `page[cursor]`. | {% /tab %} {% tab title="Example" %} ```json { "data": [ { "attributes": { "custom": { "workflow": { "first_seen": "2020-06-23T14:46:01.000Z", "last_seen": "2020-06-23T14:46:49.000Z", "rule": { "id": "0f5-e0c-805", "name": "Brute Force Attack Grouped By User", "version": 12 } } }, "message": "Detect Account Take Over (ATO) through brute force attempts", "tags": [ "security:attack", "technique:T1110-brute-force" ], "timestamp": "2019-01-02T09:42:36.320Z" }, "id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA", "type": "signal" } ], "links": { "next": "https://app.datadoghq.com/api/v2/security_monitoring/signals?filter[query]=foo\u0026page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" }, "meta": { "page": { "after": "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==" } } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Not Authorized {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="404" %} Not Found {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \# Curl command curl -X GET "https://api.datadoghq.com/api/v2/siem-historical-detections/histsignals" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" ##### ```python """ List hist signals returns "OK" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi configuration = Configuration() configuration.unstable_operations["list_security_monitoring_histsignals"] = True with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) response = api_instance.list_security_monitoring_histsignals() print(response) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # List hist signals returns "OK" response require "datadog_api_client" DatadogAPIClient.configure do |config| config.unstable_operations["v2.list_security_monitoring_histsignals".to_sym] = true end api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new p api_instance.list_security_monitoring_histsignals() ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```go // List hist signals returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() configuration.SetUnstableOperationEnabled("v2.ListSecurityMonitoringHistsignals", true) apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewSecurityMonitoringApi(apiClient) resp, r, err := api.ListSecurityMonitoringHistsignals(ctx, *datadogV2.NewListSecurityMonitoringHistsignalsOptionalParameters()) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ListSecurityMonitoringHistsignals`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.ListSecurityMonitoringHistsignals`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // List hist signals returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.SecurityMonitoringApi; import com.datadog.api.client.v2.model.SecurityMonitoringSignalsListResponse; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); defaultClient.setUnstableOperationEnabled("v2.listSecurityMonitoringHistsignals", true); SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); try { SecurityMonitoringSignalsListResponse result = apiInstance.listSecurityMonitoringHistsignals(); System.out.println(result); } catch (ApiException e) { System.err.println( "Exception when calling SecurityMonitoringApi#listSecurityMonitoringHistsignals"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```rust // List hist signals returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_security_monitoring::ListSecurityMonitoringHistsignalsOptionalParams; use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI; #[tokio::main] async fn main() { let mut configuration = datadog::Configuration::new(); configuration.set_unstable_operation_enabled("v2.ListSecurityMonitoringHistsignals", true); let api = SecurityMonitoringAPI::with_config(configuration); let resp = api .list_security_monitoring_histsignals( ListSecurityMonitoringHistsignalsOptionalParams::default(), ) .await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * List hist signals returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); configuration.unstableOperations["v2.listSecurityMonitoringHistsignals"] = true; const apiInstance = new v2.SecurityMonitoringApi(configuration); apiInstance .listSecurityMonitoringHistsignals() .then((data: v2.SecurityMonitoringSignalsListResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}