--- title: Update a security filter description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Security Monitoring --- # Update a security filter{% #update-a-security-filter %} Copy pageCopied {% tab title="v2" %} | Datadog site | API endpoint | | ----------------- | ------------------------------------------------------------------------------------------------------------------ | | ap1.datadoghq.com | PATCH https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id} | | ap2.datadoghq.com | PATCH https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id} | | app.datadoghq.eu | PATCH https://api.datadoghq.eu/api/v2/security_monitoring/configuration/security_filters/{security_filter_id} | | app.ddog-gov.com | PATCH https://api.ddog-gov.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id} | | us2.ddog-gov.com | PATCH https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id} | | app.datadoghq.com | PATCH https://api.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id} | | us3.datadoghq.com | PATCH https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id} | | us5.datadoghq.com | PATCH https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id} | ### Overview Update a specific security filter. Returns the security filter object when the request is successful. This endpoint requires the `security_monitoring_filters_write` permission. OAuth apps require the `security_monitoring_filters_write` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#security-monitoring) to access this endpoint. ### Arguments #### Path Parameters | Name | Type | Description | | ------------------------------------ | ------ | ------------------------------ | | security_filter_id [*required*] | string | The ID of the security filter. | ### Request #### Body Data (required) New definition of the security filter. {% tab title="Model" %} | Parent field | Field | Type | Description | | ----------------- | ---------------------------- | -------- | ---------------------------------------------------------------------------------------------------------------- | | | data [*required*] | object | The new security filter properties. | | data | attributes [*required*] | object | The security filters properties to be updated. | | attributes | exclusion_filters | [object] | Exclusion filters to exclude some logs from the security filter. | | exclusion_filters | name [*required*] | string | Exclusion filter name. | | exclusion_filters | query [*required*] | string | Exclusion filter query. Logs that match this query are excluded from the security filter. | | attributes | filtered_data_type | enum | The filtered data type. Allowed enum values: `logs` | | attributes | is_enabled | boolean | Whether the security filter is enabled. | | attributes | name | string | The name of the security filter. | | attributes | query | string | The query of the security filter. | | attributes | version | int32 | The version of the security filter to update. | | data | type [*required*] | enum | The type of the resource. The value should always be `security_filters`. Allowed enum values: `security_filters` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "exclusion_filters": [], "filtered_data_type": "logs", "is_enabled": true, "name": "Example-Security-Monitoring", "query": "service:ExampleSecurityMonitoring", "version": 1 }, "type": "security_filters" } } ``` {% /tab %} ### Response {% tab title="200" %} OK {% tab title="Model" %} Response object which includes a single security filter. | Parent field | Field | Type | Description | | ----------------- | ------------------ | -------- | ---------------------------------------------------------------------------------------------------------------- | | | data | object | The security filter's properties. | | data | attributes | object | The object describing a security filter. | | attributes | exclusion_filters | [object] | The list of exclusion filters applied in this security filter. | | exclusion_filters | name | string | The exclusion filter name. | | exclusion_filters | query | string | The exclusion filter query. | | attributes | filtered_data_type | enum | The filtered data type. Allowed enum values: `logs` | | attributes | is_builtin | boolean | Whether the security filter is the built-in filter. | | attributes | is_enabled | boolean | Whether the security filter is enabled. | | attributes | name | string | The security filter name. | | attributes | query | string | The security filter query. Logs accepted by this query will be accepted by this filter. | | attributes | version | int32 | The version of the security filter. | | data | id | string | The ID of the security filter. | | data | type | enum | The type of the resource. The value should always be `security_filters`. Allowed enum values: `security_filters` | | | meta | object | Optional metadata associated to the response. | | meta | warning | string | A warning message. | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "exclusion_filters": [ { "name": "Exclude staging", "query": "source:staging" } ], "filtered_data_type": "logs", "is_builtin": false, "is_enabled": false, "name": "Custom security filter", "query": "service:api", "version": 1 }, "id": "3dd-0uc-h1s", "type": "security_filters" }, "meta": { "warning": "All the security filters are disabled. As a result, no logs are being analyzed." } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Not Authorized {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="404" %} Not Found {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="409" %} Concurrent Modification {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Path parameters export security_filter_id="CHANGE_ME" \# Curl command curl -X PATCH "https://api.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/${security_filter_id}" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "exclusion_filters": [], "filtered_data_type": "logs", "is_enabled": true, "name": "Custom security filter", "query": "service:api", "version": 1 }, "type": "security_filters" } } EOF ##### ```go // Update a security filter returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { // there is a valid "security_filter" in the system SecurityFilterDataID := os.Getenv("SECURITY_FILTER_DATA_ID") body := datadogV2.SecurityFilterUpdateRequest{ Data: datadogV2.SecurityFilterUpdateData{ Attributes: datadogV2.SecurityFilterUpdateAttributes{ ExclusionFilters: []datadogV2.SecurityFilterExclusionFilter{}, FilteredDataType: datadogV2.SECURITYFILTERFILTEREDDATATYPE_LOGS.Ptr(), IsEnabled: datadog.PtrBool(true), Name: datadog.PtrString("Example-Security-Monitoring"), Query: datadog.PtrString("service:ExampleSecurityMonitoring"), Version: datadog.PtrInt32(1), }, Type: datadogV2.SECURITYFILTERTYPE_SECURITY_FILTERS, }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewSecurityMonitoringApi(apiClient) resp, r, err := api.UpdateSecurityFilter(ctx, SecurityFilterDataID, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.UpdateSecurityFilter`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.UpdateSecurityFilter`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Update a security filter returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.SecurityMonitoringApi; import com.datadog.api.client.v2.model.SecurityFilterFilteredDataType; import com.datadog.api.client.v2.model.SecurityFilterResponse; import com.datadog.api.client.v2.model.SecurityFilterType; import com.datadog.api.client.v2.model.SecurityFilterUpdateAttributes; import com.datadog.api.client.v2.model.SecurityFilterUpdateData; import com.datadog.api.client.v2.model.SecurityFilterUpdateRequest; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); // there is a valid "security_filter" in the system String SECURITY_FILTER_DATA_ID = System.getenv("SECURITY_FILTER_DATA_ID"); SecurityFilterUpdateRequest body = new SecurityFilterUpdateRequest() .data( new SecurityFilterUpdateData() .attributes( new SecurityFilterUpdateAttributes() .filteredDataType(SecurityFilterFilteredDataType.LOGS) .isEnabled(true) .name("Example-Security-Monitoring") .query("service:ExampleSecurityMonitoring") .version(1)) .type(SecurityFilterType.SECURITY_FILTERS)); try { SecurityFilterResponse result = apiInstance.updateSecurityFilter(SECURITY_FILTER_DATA_ID, body); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling SecurityMonitoringApi#updateSecurityFilter"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```python """ Update a security filter returns "OK" response """ from os import environ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi from datadog_api_client.v2.model.security_filter_filtered_data_type import SecurityFilterFilteredDataType from datadog_api_client.v2.model.security_filter_type import SecurityFilterType from datadog_api_client.v2.model.security_filter_update_attributes import SecurityFilterUpdateAttributes from datadog_api_client.v2.model.security_filter_update_data import SecurityFilterUpdateData from datadog_api_client.v2.model.security_filter_update_request import SecurityFilterUpdateRequest # there is a valid "security_filter" in the system SECURITY_FILTER_DATA_ID = environ["SECURITY_FILTER_DATA_ID"] body = SecurityFilterUpdateRequest( data=SecurityFilterUpdateData( attributes=SecurityFilterUpdateAttributes( exclusion_filters=[], filtered_data_type=SecurityFilterFilteredDataType.LOGS, is_enabled=True, name="Example-Security-Monitoring", query="service:ExampleSecurityMonitoring", version=1, ), type=SecurityFilterType.SECURITY_FILTERS, ), ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) response = api_instance.update_security_filter(security_filter_id=SECURITY_FILTER_DATA_ID, body=body) print(response) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Update a security filter returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new # there is a valid "security_filter" in the system SECURITY_FILTER_DATA_ID = ENV["SECURITY_FILTER_DATA_ID"] body = DatadogAPIClient::V2::SecurityFilterUpdateRequest.new({ data: DatadogAPIClient::V2::SecurityFilterUpdateData.new({ attributes: DatadogAPIClient::V2::SecurityFilterUpdateAttributes.new({ exclusion_filters: [], filtered_data_type: DatadogAPIClient::V2::SecurityFilterFilteredDataType::LOGS, is_enabled: true, name: "Example-Security-Monitoring", query: "service:ExampleSecurityMonitoring", version: 1, }), type: DatadogAPIClient::V2::SecurityFilterType::SECURITY_FILTERS, }), }) p api_instance.update_security_filter(SECURITY_FILTER_DATA_ID, body) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```rust // Update a security filter returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI; use datadog_api_client::datadogV2::model::SecurityFilterFilteredDataType; use datadog_api_client::datadogV2::model::SecurityFilterType; use datadog_api_client::datadogV2::model::SecurityFilterUpdateAttributes; use datadog_api_client::datadogV2::model::SecurityFilterUpdateData; use datadog_api_client::datadogV2::model::SecurityFilterUpdateRequest; #[tokio::main] async fn main() { // there is a valid "security_filter" in the system let security_filter_data_id = std::env::var("SECURITY_FILTER_DATA_ID").unwrap(); let body = SecurityFilterUpdateRequest::new(SecurityFilterUpdateData::new( SecurityFilterUpdateAttributes::new() .exclusion_filters(vec![]) .filtered_data_type(SecurityFilterFilteredDataType::LOGS) .is_enabled(true) .name("Example-Security-Monitoring".to_string()) .query("service:ExampleSecurityMonitoring".to_string()) .version(1), SecurityFilterType::SECURITY_FILTERS, )); let configuration = datadog::Configuration::new(); let api = SecurityMonitoringAPI::with_config(configuration); let resp = api .update_security_filter(security_filter_data_id.clone(), body) .await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Update a security filter returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.SecurityMonitoringApi(configuration); // there is a valid "security_filter" in the system const SECURITY_FILTER_DATA_ID = process.env.SECURITY_FILTER_DATA_ID as string; const params: v2.SecurityMonitoringApiUpdateSecurityFilterRequest = { body: { data: { attributes: { exclusionFilters: [], filteredDataType: "logs", isEnabled: true, name: "Example-Security-Monitoring", query: "service:ExampleSecurityMonitoring", version: 1, }, type: "security_filters", }, }, securityFilterId: SECURITY_FILTER_DATA_ID, }; apiInstance .updateSecurityFilter(params) .then((data: v2.SecurityFilterResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}