Language

English Français 日本語 한국어 Español

Datadog Site

Site help
US1 US3 US5 EU AP1 AP2 US1-FED US2-FED

Update a critical asset

PATCH https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}

Overview

Update a specific critical asset.

OAuth apps require the security_monitoring_critical_assets_write authorization scope to access this endpoint.

Arguments

Path Parameters

Name

Type

Description

critical_asset_id [required]

string

The ID of the critical asset.

Request

Body Data (required)

New definition of the critical asset. Supports partial updates.

Expand All

Field

Type

Description

data [required]

object

The new critical asset properties; partial updates are supported.

attributes [required]

object

The critical asset properties to be updated.

enabled

boolean

Whether the critical asset is enabled.

query

string

The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer.

rule_query

string

The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to.

severity

enum

Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased, or the severity can be left unchanged (no-op). Allowed enum values: info,low,medium,high,critical,increase,decrease,no-op

tags

[string]

List of tags associated with the critical asset.

version

int32

The version of the critical asset being updated. Used for optimistic locking to prevent concurrent modifications.

type [required]

enum

The type of the resource. The value should always be critical_assets. Allowed enum values: critical_assets

default: critical_assets

{
  "data": {
    "type": "critical_assets",
    "attributes": {
      "enabled": false,
      "query": "no:alert",
      "rule_query": "type:(log_detection OR signal_correlation OR workload_security OR application_security) ruleId:djg-ktx-ipq",
      "severity": "decrease",
      "tags": [
        "env:production"
      ],
      "version": 1
    }
  }
}

Response

OK

Response object containing a single critical asset.

Expand All

Field

Type

Description

data

object

The critical asset's properties.

attributes

object

The attributes of the critical asset.

creation_author_id

int64

ID of user who created the critical asset.

creation_date

int64

A Unix millisecond timestamp given the creation date of the critical asset.

creator

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

enabled

boolean

Whether the critical asset is enabled.

query

string

The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer.

rule_query

string

The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to.

severity

enum

Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased, or the severity can be left unchanged (no-op). Allowed enum values: info,low,medium,high,critical,increase,decrease,no-op

tags

[string]

List of tags associated with the critical asset.

update_author_id

int64

ID of user who updated the critical asset.

update_date

int64

A Unix millisecond timestamp given the update date of the critical asset.

updater

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

version

int32

The version of the critical asset; it starts at 1, and is incremented at each update.

id

string

The ID of the critical asset.

type

enum

The type of the resource. The value should always be critical_assets. Allowed enum values: critical_assets

default: critical_assets

{
  "data": {
    "attributes": {
      "creation_author_id": 367742,
      "creation_date": "integer",
      "creator": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "enabled": true,
      "query": "security:monitoring",
      "rule_query": "type:log_detection source:cloudtrail",
      "severity": "increase",
      "tags": [
        "team:database",
        "source:cloudtrail"
      ],
      "update_author_id": 367743,
      "update_date": "integer",
      "updater": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "version": 2
    },
    "id": "4e2435a5-6670-4b8f-baff-46083cd1c250",
    "type": "critical_assets"
  }
}

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Concurrent Modification

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                          ## default
# 

# Path parameters
export critical_asset_id="CHANGE_ME"
# Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/${critical_asset_id}" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "enabled": true,
      "query": "security:monitoring",
      "rule_query": "type:log_detection source:cloudtrail",
      "severity": "increase",
      "tags": [
        "technique:T1110-brute-force",
        "source:cloudtrail"
      ],
      "version": 1
    },
    "type": "critical_assets"
  }
}
EOF

                        
// Update a critical asset returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "critical_asset" in the system
	CriticalAssetDataID := os.Getenv("CRITICAL_ASSET_DATA_ID")

	body := datadogV2.SecurityMonitoringCriticalAssetUpdateRequest{
		Data: datadogV2.SecurityMonitoringCriticalAssetUpdateData{
			Type: datadogV2.SECURITYMONITORINGCRITICALASSETTYPE_CRITICAL_ASSETS,
			Attributes: datadogV2.SecurityMonitoringCriticalAssetUpdateAttributes{
				Enabled:   datadog.PtrBool(false),
				Query:     datadog.PtrString("no:alert"),
				RuleQuery: datadog.PtrString("type:(log_detection OR signal_correlation OR workload_security OR application_security) ruleId:djg-ktx-ipq"),
				Severity:  datadogV2.SECURITYMONITORINGCRITICALASSETSEVERITY_DECREASE.Ptr(),
				Tags: []string{
					"env:production",
				},
				Version: datadog.PtrInt32(1),
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.UpdateSecurityMonitoringCriticalAsset(ctx, CriticalAssetDataID, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.UpdateSecurityMonitoringCriticalAsset`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.UpdateSecurityMonitoringCriticalAsset`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Update a critical asset returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetSeverity;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetType;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetUpdateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetUpdateData;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetUpdateRequest;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "critical_asset" in the system
    String CRITICAL_ASSET_DATA_ID = System.getenv("CRITICAL_ASSET_DATA_ID");

    SecurityMonitoringCriticalAssetUpdateRequest body =
        new SecurityMonitoringCriticalAssetUpdateRequest()
            .data(
                new SecurityMonitoringCriticalAssetUpdateData()
                    .type(SecurityMonitoringCriticalAssetType.CRITICAL_ASSETS)
                    .attributes(
                        new SecurityMonitoringCriticalAssetUpdateAttributes()
                            .enabled(false)
                            .query("no:alert")
                            .ruleQuery(
                                "type:(log_detection OR signal_correlation OR workload_security OR"
                                    + " application_security) ruleId:djg-ktx-ipq")
                            .severity(SecurityMonitoringCriticalAssetSeverity.DECREASE)
                            .tags(Collections.singletonList("env:production"))
                            .version(1)));

    try {
      SecurityMonitoringCriticalAssetResponse result =
          apiInstance.updateSecurityMonitoringCriticalAsset(CRITICAL_ASSET_DATA_ID, body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#updateSecurityMonitoringCriticalAsset");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
"""
Update a critical asset returns "OK" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_critical_asset_severity import (
    SecurityMonitoringCriticalAssetSeverity,
)
from datadog_api_client.v2.model.security_monitoring_critical_asset_type import SecurityMonitoringCriticalAssetType
from datadog_api_client.v2.model.security_monitoring_critical_asset_update_attributes import (
    SecurityMonitoringCriticalAssetUpdateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_critical_asset_update_data import (
    SecurityMonitoringCriticalAssetUpdateData,
)
from datadog_api_client.v2.model.security_monitoring_critical_asset_update_request import (
    SecurityMonitoringCriticalAssetUpdateRequest,
)

# there is a valid "critical_asset" in the system
CRITICAL_ASSET_DATA_ID = environ["CRITICAL_ASSET_DATA_ID"]

body = SecurityMonitoringCriticalAssetUpdateRequest(
    data=SecurityMonitoringCriticalAssetUpdateData(
        type=SecurityMonitoringCriticalAssetType.CRITICAL_ASSETS,
        attributes=SecurityMonitoringCriticalAssetUpdateAttributes(
            enabled=False,
            query="no:alert",
            rule_query="type:(log_detection OR signal_correlation OR workload_security OR application_security) ruleId:djg-ktx-ipq",
            severity=SecurityMonitoringCriticalAssetSeverity.DECREASE,
            tags=[
                "env:production",
            ],
            version=1,
        ),
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.update_security_monitoring_critical_asset(
        critical_asset_id=CRITICAL_ASSET_DATA_ID, body=body
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Update a critical asset returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "critical_asset" in the system
CRITICAL_ASSET_DATA_ID = ENV["CRITICAL_ASSET_DATA_ID"]

body = DatadogAPIClient::V2::SecurityMonitoringCriticalAssetUpdateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringCriticalAssetUpdateData.new({
    type: DatadogAPIClient::V2::SecurityMonitoringCriticalAssetType::CRITICAL_ASSETS,
    attributes: DatadogAPIClient::V2::SecurityMonitoringCriticalAssetUpdateAttributes.new({
      enabled: false,
      query: "no:alert",
      rule_query: "type:(log_detection OR signal_correlation OR workload_security OR application_security) ruleId:djg-ktx-ipq",
      severity: DatadogAPIClient::V2::SecurityMonitoringCriticalAssetSeverity::DECREASE,
      tags: [
        "env:production",
      ],
      version: 1,
    }),
  }),
})
p api_instance.update_security_monitoring_critical_asset(CRITICAL_ASSET_DATA_ID, body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Update a critical asset returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetSeverity;
use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetType;
use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetUpdateAttributes;
use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetUpdateData;
use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetUpdateRequest;

#[tokio::main]
async fn main() {
    // there is a valid "critical_asset" in the system
    let critical_asset_data_id = std::env::var("CRITICAL_ASSET_DATA_ID").unwrap();
    let body =
        SecurityMonitoringCriticalAssetUpdateRequest::new(
            SecurityMonitoringCriticalAssetUpdateData::new(
                SecurityMonitoringCriticalAssetUpdateAttributes::new()
                    .enabled(false)
                    .query("no:alert".to_string())
                    .rule_query(
                        "type:(log_detection OR signal_correlation OR workload_security OR application_security) ruleId:djg-ktx-ipq".to_string(),
                    )
                    .severity(SecurityMonitoringCriticalAssetSeverity::DECREASE)
                    .tags(vec!["env:production".to_string()])
                    .version(1),
                SecurityMonitoringCriticalAssetType::CRITICAL_ASSETS,
            ),
        );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .update_security_monitoring_critical_asset(critical_asset_data_id.clone(), body)
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
/**
 * Update a critical asset returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "critical_asset" in the system
const CRITICAL_ASSET_DATA_ID = process.env.CRITICAL_ASSET_DATA_ID as string;

const params: v2.SecurityMonitoringApiUpdateSecurityMonitoringCriticalAssetRequest =
  {
    body: {
      data: {
        type: "critical_assets",
        attributes: {
          enabled: false,
          query: "no:alert",
          ruleQuery:
            "type:(log_detection OR signal_correlation OR workload_security OR application_security) ruleId:djg-ktx-ipq",
          severity: "decrease",
          tags: ["env:production"],
          version: 1,
        },
      },
    },
    criticalAssetId: CRITICAL_ASSET_DATA_ID,
  };

apiInstance
  .updateSecurityMonitoringCriticalAsset(params)
  .then((data: v2.SecurityMonitoringCriticalAssetResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"