--- title: Update a critical asset description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Security Monitoring --- # Update a critical asset{% #update-a-critical-asset %} Copy pageCopied {% tab title="v2" %} | Datadog site | API endpoint | | ----------------- | ---------------------------------------------------------------------------------------------------------------- | | ap1.datadoghq.com | PATCH https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id} | | ap2.datadoghq.com | PATCH https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id} | | app.datadoghq.eu | PATCH https://api.datadoghq.eu/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id} | | app.ddog-gov.com | PATCH https://api.ddog-gov.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id} | | us2.ddog-gov.com | PATCH https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id} | | app.datadoghq.com | PATCH https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id} | | us3.datadoghq.com | PATCH https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id} | | us5.datadoghq.com | PATCH https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id} | ### Overview Update a specific critical asset. OAuth apps require the `security_monitoring_critical_assets_write` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#security-monitoring) to access this endpoint. ### Arguments #### Path Parameters | Name | Type | Description | | ----------------------------------- | ------ | ----------------------------- | | critical_asset_id [*required*] | string | The ID of the critical asset. | ### Request #### Body Data (required) New definition of the critical asset. Supports partial updates. {% tab title="Model" %} | Parent field | Field | Type | Description | | ------------ | ---------------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | data [*required*] | object | The new critical asset properties; partial updates are supported. | | data | attributes [*required*] | object | The critical asset properties to be updated. | | attributes | enabled | boolean | Whether the critical asset is enabled. | | attributes | query | string | The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer. | | attributes | rule_query | string | The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to. | | attributes | severity | enum | Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased, or the severity can be left unchanged (no-op). Allowed enum values: `info,low,medium,high,critical,increase,decrease,no-op` | | attributes | tags | [string] | List of tags associated with the critical asset. | | attributes | version | int32 | The version of the critical asset being updated. Used for optimistic locking to prevent concurrent modifications. | | data | type [*required*] | enum | The type of the resource. The value should always be `critical_assets`. Allowed enum values: `critical_assets` | {% /tab %} {% tab title="Example" %} ```json { "data": { "type": "critical_assets", "attributes": { "enabled": false, "query": "no:alert", "rule_query": "type:(log_detection OR signal_correlation OR workload_security OR application_security) ruleId:djg-ktx-ipq", "severity": "decrease", "tags": [ "env:production" ], "version": 1 } } } ``` {% /tab %} ### Response {% tab title="200" %} OK {% tab title="Model" %} Response object containing a single critical asset. | Parent field | Field | Type | Description | | ------------ | ------------------ | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | data | object | The critical asset's properties. | | data | attributes | object | The attributes of the critical asset. | | attributes | creation_author_id | int64 | ID of user who created the critical asset. | | attributes | creation_date | int64 | A Unix millisecond timestamp given the creation date of the critical asset. | | attributes | creator | object | A user. | | creator | handle | string | The handle of the user. | | creator | name | string | The name of the user. | | attributes | enabled | boolean | Whether the critical asset is enabled. | | attributes | query | string | The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer. | | attributes | rule_query | string | The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to. | | attributes | severity | enum | Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased, or the severity can be left unchanged (no-op). Allowed enum values: `info,low,medium,high,critical,increase,decrease,no-op` | | attributes | tags | [string] | List of tags associated with the critical asset. | | attributes | update_author_id | int64 | ID of user who updated the critical asset. | | attributes | update_date | int64 | A Unix millisecond timestamp given the update date of the critical asset. | | attributes | updater | object | A user. | | updater | handle | string | The handle of the user. | | updater | name | string | The name of the user. | | attributes | version | int32 | The version of the critical asset; it starts at 1, and is incremented at each update. | | data | id | string | The ID of the critical asset. | | data | type | enum | The type of the resource. The value should always be `critical_assets`. Allowed enum values: `critical_assets` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "creation_author_id": 367742, "creation_date": "integer", "creator": { "handle": "john.doe@datadoghq.com", "name": "John Doe" }, "enabled": true, "query": "security:monitoring", "rule_query": "type:log_detection source:cloudtrail", "severity": "increase", "tags": [ "team:database", "source:cloudtrail" ], "update_author_id": 367743, "update_date": "integer", "updater": { "handle": "john.doe@datadoghq.com", "name": "John Doe" }, "version": 2 }, "id": "4e2435a5-6670-4b8f-baff-46083cd1c250", "type": "critical_assets" } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Not Authorized {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="404" %} Not Found {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="409" %} Concurrent Modification {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Path parameters export critical_asset_id="CHANGE_ME" \# Curl command curl -X PATCH "https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/${critical_asset_id}" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "enabled": true, "query": "security:monitoring", "rule_query": "type:log_detection source:cloudtrail", "severity": "increase", "tags": [ "technique:T1110-brute-force", "source:cloudtrail" ], "version": 1 }, "type": "critical_assets" } } EOF ##### ```go // Update a critical asset returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { // there is a valid "critical_asset" in the system CriticalAssetDataID := os.Getenv("CRITICAL_ASSET_DATA_ID") body := datadogV2.SecurityMonitoringCriticalAssetUpdateRequest{ Data: datadogV2.SecurityMonitoringCriticalAssetUpdateData{ Type: datadogV2.SECURITYMONITORINGCRITICALASSETTYPE_CRITICAL_ASSETS, Attributes: datadogV2.SecurityMonitoringCriticalAssetUpdateAttributes{ Enabled: datadog.PtrBool(false), Query: datadog.PtrString("no:alert"), RuleQuery: datadog.PtrString("type:(log_detection OR signal_correlation OR workload_security OR application_security) ruleId:djg-ktx-ipq"), Severity: datadogV2.SECURITYMONITORINGCRITICALASSETSEVERITY_DECREASE.Ptr(), Tags: []string{ "env:production", }, Version: datadog.PtrInt32(1), }, }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewSecurityMonitoringApi(apiClient) resp, r, err := api.UpdateSecurityMonitoringCriticalAsset(ctx, CriticalAssetDataID, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.UpdateSecurityMonitoringCriticalAsset`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.UpdateSecurityMonitoringCriticalAsset`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Update a critical asset returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.SecurityMonitoringApi; import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetResponse; import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetSeverity; import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetType; import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetUpdateAttributes; import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetUpdateData; import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetUpdateRequest; import java.util.Collections; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); // there is a valid "critical_asset" in the system String CRITICAL_ASSET_DATA_ID = System.getenv("CRITICAL_ASSET_DATA_ID"); SecurityMonitoringCriticalAssetUpdateRequest body = new SecurityMonitoringCriticalAssetUpdateRequest() .data( new SecurityMonitoringCriticalAssetUpdateData() .type(SecurityMonitoringCriticalAssetType.CRITICAL_ASSETS) .attributes( new SecurityMonitoringCriticalAssetUpdateAttributes() .enabled(false) .query("no:alert") .ruleQuery( "type:(log_detection OR signal_correlation OR workload_security OR" + " application_security) ruleId:djg-ktx-ipq") .severity(SecurityMonitoringCriticalAssetSeverity.DECREASE) .tags(Collections.singletonList("env:production")) .version(1))); try { SecurityMonitoringCriticalAssetResponse result = apiInstance.updateSecurityMonitoringCriticalAsset(CRITICAL_ASSET_DATA_ID, body); System.out.println(result); } catch (ApiException e) { System.err.println( "Exception when calling SecurityMonitoringApi#updateSecurityMonitoringCriticalAsset"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```python """ Update a critical asset returns "OK" response """ from os import environ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi from datadog_api_client.v2.model.security_monitoring_critical_asset_severity import ( SecurityMonitoringCriticalAssetSeverity, ) from datadog_api_client.v2.model.security_monitoring_critical_asset_type import SecurityMonitoringCriticalAssetType from datadog_api_client.v2.model.security_monitoring_critical_asset_update_attributes import ( SecurityMonitoringCriticalAssetUpdateAttributes, ) from datadog_api_client.v2.model.security_monitoring_critical_asset_update_data import ( SecurityMonitoringCriticalAssetUpdateData, ) from datadog_api_client.v2.model.security_monitoring_critical_asset_update_request import ( SecurityMonitoringCriticalAssetUpdateRequest, ) # there is a valid "critical_asset" in the system CRITICAL_ASSET_DATA_ID = environ["CRITICAL_ASSET_DATA_ID"] body = SecurityMonitoringCriticalAssetUpdateRequest( data=SecurityMonitoringCriticalAssetUpdateData( type=SecurityMonitoringCriticalAssetType.CRITICAL_ASSETS, attributes=SecurityMonitoringCriticalAssetUpdateAttributes( enabled=False, query="no:alert", rule_query="type:(log_detection OR signal_correlation OR workload_security OR application_security) ruleId:djg-ktx-ipq", severity=SecurityMonitoringCriticalAssetSeverity.DECREASE, tags=[ "env:production", ], version=1, ), ), ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) response = api_instance.update_security_monitoring_critical_asset( critical_asset_id=CRITICAL_ASSET_DATA_ID, body=body ) print(response) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Update a critical asset returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new # there is a valid "critical_asset" in the system CRITICAL_ASSET_DATA_ID = ENV["CRITICAL_ASSET_DATA_ID"] body = DatadogAPIClient::V2::SecurityMonitoringCriticalAssetUpdateRequest.new({ data: DatadogAPIClient::V2::SecurityMonitoringCriticalAssetUpdateData.new({ type: DatadogAPIClient::V2::SecurityMonitoringCriticalAssetType::CRITICAL_ASSETS, attributes: DatadogAPIClient::V2::SecurityMonitoringCriticalAssetUpdateAttributes.new({ enabled: false, query: "no:alert", rule_query: "type:(log_detection OR signal_correlation OR workload_security OR application_security) ruleId:djg-ktx-ipq", severity: DatadogAPIClient::V2::SecurityMonitoringCriticalAssetSeverity::DECREASE, tags: [ "env:production", ], version: 1, }), }), }) p api_instance.update_security_monitoring_critical_asset(CRITICAL_ASSET_DATA_ID, body) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```rust // Update a critical asset returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI; use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetSeverity; use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetType; use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetUpdateAttributes; use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetUpdateData; use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetUpdateRequest; #[tokio::main] async fn main() { // there is a valid "critical_asset" in the system let critical_asset_data_id = std::env::var("CRITICAL_ASSET_DATA_ID").unwrap(); let body = SecurityMonitoringCriticalAssetUpdateRequest::new( SecurityMonitoringCriticalAssetUpdateData::new( SecurityMonitoringCriticalAssetUpdateAttributes::new() .enabled(false) .query("no:alert".to_string()) .rule_query( "type:(log_detection OR signal_correlation OR workload_security OR application_security) ruleId:djg-ktx-ipq".to_string(), ) .severity(SecurityMonitoringCriticalAssetSeverity::DECREASE) .tags(vec!["env:production".to_string()]) .version(1), SecurityMonitoringCriticalAssetType::CRITICAL_ASSETS, ), ); let configuration = datadog::Configuration::new(); let api = SecurityMonitoringAPI::with_config(configuration); let resp = api .update_security_monitoring_critical_asset(critical_asset_data_id.clone(), body) .await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Update a critical asset returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.SecurityMonitoringApi(configuration); // there is a valid "critical_asset" in the system const CRITICAL_ASSET_DATA_ID = process.env.CRITICAL_ASSET_DATA_ID as string; const params: v2.SecurityMonitoringApiUpdateSecurityMonitoringCriticalAssetRequest = { body: { data: { type: "critical_assets", attributes: { enabled: false, query: "no:alert", ruleQuery: "type:(log_detection OR signal_correlation OR workload_security OR application_security) ruleId:djg-ktx-ipq", severity: "decrease", tags: ["env:production"], version: 1, }, }, }, criticalAssetId: CRITICAL_ASSET_DATA_ID, }; apiInstance .updateSecurityMonitoringCriticalAsset(params) .then((data: v2.SecurityMonitoringCriticalAssetResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}