Subscribe to sample log generation

v2 (latest)

Note: This endpoint is in preview and is subject to change. If you have any feedback, contact Datadog support.

POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptionshttps://api.ap2.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptionshttps://api.datadoghq.eu/api/v2/security_monitoring/sample_log_generation/subscriptionshttps://api.ddog-gov.com/api/v2/security_monitoring/sample_log_generation/subscriptionshttps://api.us2.ddog-gov.com/api/v2/security_monitoring/sample_log_generation/subscriptionshttps://api.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptionshttps://api.us3.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptionshttps://api.us5.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions

Overview

Subscribe to sample log generation for a Cloud SIEM content pack. Sample logs for the requested content pack are injected into the Logs platform for the duration of the subscription, so detection rules can be exercised without onboarding the underlying integration first.

Availability: this endpoint is restricted to Cloud SIEM trial organizations on an eligible pricing model. Non-trial orgs receive 403 Forbidden, the feature flag may also reject requests with 400 Bad Request, and legacy pricing tiers receive a response with status: not_available.

This endpoint requires any of the following permissions:

security_monitoring_filters_write

logs_modify_indexes

OAuth apps require the security_monitoring_filters_write, logs_modify_indexes authorization scope to access this endpoint.

Request

Body Data (required)

The content pack to subscribe to and the desired duration of the subscription.

Expand All

Field

Type

Description

data [required]

object

The subscription request body.

{
  "data": {
    "attributes": {
      "content_pack_id": "aws-cloudtrail",
      "duration": "3d"
    },
    "type": "subscription_requests"
  }
}

Response

Response containing a single sample log generation subscription.

Expand All

Field

Type

Description

data [required]

object

A sample log generation subscription.

{
  "data": {
    "attributes": {
      "content_pack_id": "aws-cloudtrail",
      "created_at": "2026-05-08T20:02:13.77481Z",
      "expires_at": "2026-05-11T20:02:13.77481Z",
      "is_active": true,
      "status": "subscribed"
    },
    "id": "789",
    "type": "subscriptions"
  }
}

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                  ## default
# 

# Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "content_pack_id": "aws-cloudtrail",
      "duration": "3d"
    },
    "type": "subscription_requests"
  }
}
EOF

                

Subscribe to sample log generation

Overview

Request

Body Data (required)

Response

Code Example

Subscribe to sample log generation

How can I help you today?