--- title: Validate a suppression rule description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Security Monitoring --- # Validate a suppression rule{% #validate-a-suppression-rule %} Copy pageCopied {% tab title="v2" %} | Datadog site | API endpoint | | ----------------- | --------------------------------------------------------------------------------------------------- | | ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/validation | | ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/validation | | app.datadoghq.eu | POST https://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/validation | | app.ddog-gov.com | POST https://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/validation | | us2.ddog-gov.com | POST https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/validation | | app.datadoghq.com | POST https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/validation | | us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/validation | | us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/validation | ### Overview Validate a suppression rule. This endpoint requires the `security_monitoring_suppressions_write` permission. OAuth apps require the `security_monitoring_suppressions_write` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#security-monitoring) to access this endpoint. ### Request #### Body Data (required) {% tab title="Model" %} | Parent field | Field | Type | Description | | ------------ | ---------------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | data [*required*] | object | Object for a single suppression rule. | | data | attributes [*required*] | object | Object containing the attributes of the suppression rule to be created. | | attributes | data_exclusion_query | string | An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule. | | attributes | description | string | A description for the suppression rule. | | attributes | enabled [*required*] | boolean | Whether the suppression rule is enabled. | | attributes | expiration_date | int64 | A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. | | attributes | name [*required*] | string | The name of the suppression rule. | | attributes | rule_query [*required*] | string | The rule query of the suppression rule, with the same syntax as the search bar for detection rules. | | attributes | start_date | int64 | A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals. | | attributes | suppression_query | string | The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer. | | attributes | tags | [string] | List of tags associated with the suppression rule. | | data | type [*required*] | enum | The type of the resource. The value should always be `suppressions`. Allowed enum values: `suppressions` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail" }, "type": "suppressions" } } ``` {% /tab %} ### Response {% tab title="204" %} OK {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Not Authorized {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/validation" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "start_date": 1703187336000, "suppression_query": "env:staging status:low", "tags": [ "technique:T1110-brute-force", "source:cloudtrail" ] }, "type": "suppressions" } } EOF ##### ```go // Validate a suppression rule returns "OK" response package main import ( "context" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { body := datadogV2.SecurityMonitoringSuppressionCreateRequest{ Data: datadogV2.SecurityMonitoringSuppressionCreateData{ Attributes: datadogV2.SecurityMonitoringSuppressionCreateAttributes{ DataExclusionQuery: datadog.PtrString("source:cloudtrail account_id:12345"), Description: datadog.PtrString("This rule suppresses low-severity signals in staging environments."), Enabled: true, Name: "Custom suppression", RuleQuery: "type:log_detection source:cloudtrail", }, Type: datadogV2.SECURITYMONITORINGSUPPRESSIONTYPE_SUPPRESSIONS, }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewSecurityMonitoringApi(apiClient) r, err := api.ValidateSecurityMonitoringSuppression(ctx, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ValidateSecurityMonitoringSuppression`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Validate a suppression rule returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.SecurityMonitoringApi; import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateAttributes; import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateData; import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateRequest; import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionType; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); SecurityMonitoringSuppressionCreateRequest body = new SecurityMonitoringSuppressionCreateRequest() .data( new SecurityMonitoringSuppressionCreateData() .attributes( new SecurityMonitoringSuppressionCreateAttributes() .dataExclusionQuery("source:cloudtrail account_id:12345") .description( "This rule suppresses low-severity signals in staging" + " environments.") .enabled(true) .name("Custom suppression") .ruleQuery("type:log_detection source:cloudtrail")) .type(SecurityMonitoringSuppressionType.SUPPRESSIONS)); try { apiInstance.validateSecurityMonitoringSuppression(body); } catch (ApiException e) { System.err.println( "Exception when calling SecurityMonitoringApi#validateSecurityMonitoringSuppression"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```python """ Validate a suppression rule returns "OK" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi from datadog_api_client.v2.model.security_monitoring_suppression_create_attributes import ( SecurityMonitoringSuppressionCreateAttributes, ) from datadog_api_client.v2.model.security_monitoring_suppression_create_data import ( SecurityMonitoringSuppressionCreateData, ) from datadog_api_client.v2.model.security_monitoring_suppression_create_request import ( SecurityMonitoringSuppressionCreateRequest, ) from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType body = SecurityMonitoringSuppressionCreateRequest( data=SecurityMonitoringSuppressionCreateData( attributes=SecurityMonitoringSuppressionCreateAttributes( data_exclusion_query="source:cloudtrail account_id:12345", description="This rule suppresses low-severity signals in staging environments.", enabled=True, name="Custom suppression", rule_query="type:log_detection source:cloudtrail", ), type=SecurityMonitoringSuppressionType.SUPPRESSIONS, ), ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) api_instance.validate_security_monitoring_suppression(body=body) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Validate a suppression rule returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new body = DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateRequest.new({ data: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateData.new({ attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateAttributes.new({ data_exclusion_query: "source:cloudtrail account_id:12345", description: "This rule suppresses low-severity signals in staging environments.", enabled: true, name: "Custom suppression", rule_query: "type:log_detection source:cloudtrail", }), type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS, }), }) api_instance.validate_security_monitoring_suppression(body) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```rust // Validate a suppression rule returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI; use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateAttributes; use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateData; use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateRequest; use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionType; #[tokio::main] async fn main() { let body = SecurityMonitoringSuppressionCreateRequest::new( SecurityMonitoringSuppressionCreateData::new( SecurityMonitoringSuppressionCreateAttributes::new( true, "Custom suppression".to_string(), "type:log_detection source:cloudtrail".to_string(), ) .data_exclusion_query("source:cloudtrail account_id:12345".to_string()) .description( "This rule suppresses low-severity signals in staging environments.".to_string(), ), SecurityMonitoringSuppressionType::SUPPRESSIONS, ), ); let configuration = datadog::Configuration::new(); let api = SecurityMonitoringAPI::with_config(configuration); let resp = api.validate_security_monitoring_suppression(body).await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Validate a suppression rule returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.SecurityMonitoringApi(configuration); const params: v2.SecurityMonitoringApiValidateSecurityMonitoringSuppressionRequest = { body: { data: { attributes: { dataExclusionQuery: "source:cloudtrail account_id:12345", description: "This rule suppresses low-severity signals in staging environments.", enabled: true, name: "Custom suppression", ruleQuery: "type:log_detection source:cloudtrail", }, type: "suppressions", }, }, }; apiInstance .validateSecurityMonitoringSuppression(params) .then((data: any) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}