--- title: Create Scanning Rule description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Sensitive Data Scanner --- # Create Scanning Rule{% #create-scanning-rule %} {% tab title="v2" %} | Datadog site | API endpoint | | ----------------- | ----------------------------------------------------------------------------- | | ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/sensitive-data-scanner/config/rules | | ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/sensitive-data-scanner/config/rules | | app.datadoghq.eu | POST https://api.datadoghq.eu/api/v2/sensitive-data-scanner/config/rules | | app.ddog-gov.com | POST https://api.ddog-gov.com/api/v2/sensitive-data-scanner/config/rules | | us2.ddog-gov.com | POST https://api.us2.ddog-gov.com/api/v2/sensitive-data-scanner/config/rules | | app.datadoghq.com | POST https://api.datadoghq.com/api/v2/sensitive-data-scanner/config/rules | | us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/sensitive-data-scanner/config/rules | | us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/sensitive-data-scanner/config/rules | ### Overview Create a scanning rule in a sensitive data scanner group, ordered last. The posted rule MUST include a group relationship. It MUST include either a standard_pattern relationship or a regex attribute, but not both. If included_attributes is empty or missing, we will scan all attributes except excluded_attributes. If both are missing, we will scan the whole event. This endpoint requires the `data_scanner_write` permission. ### Request #### Body Data (required) {% tab title="Model" %} | Parent field | Field | Type | Description | | ------------------------------ | --------------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | data [*required*] | object | Data related to the creation of a rule. | | data | attributes [*required*] | object | Attributes of the Sensitive Data Scanner rule. | | attributes | description | string | Description of the rule. | | attributes | excluded_namespaces | [string] | Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array. | | attributes | included_keyword_configuration | object | Object defining a set of keywords and a number of characters that help reduce noise. You can provide a list of keywords you would like to check within a defined proximity of the matching pattern. If any of the keywords are found within the proximity check, the match is kept. If none are found, the match is discarded. | | included_keyword_configuration | character_count [*required*] | int64 | The number of characters behind a match detected by Sensitive Data Scanner to look for the keywords defined. `character_count` should be greater than the maximum length of a keyword defined for a rule. | | included_keyword_configuration | keywords [*required*] | [string] | Keyword list that will be checked during scanning in order to validate a match. The number of keywords in the list must be less than or equal to 30. | | included_keyword_configuration | use_recommended_keywords | boolean | Should the rule use the underlying standard pattern keyword configuration. If set to `true`, the rule must be tied to a standard pattern. If set to `false`, the specified keywords and `character_count` are applied. | | attributes | is_enabled | boolean | Whether or not the rule is enabled. | | attributes | name | string | Name of the rule. | | attributes | namespaces | [string] | Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned. | | attributes | pattern | string | Not included if there is a relationship to a standard pattern. | | attributes | priority | int64 | Integer from 1 (high) to 5 (low) indicating rule issue severity. | | attributes | suppressions | object | Object describing the suppressions for a rule. There are three types of suppressions, `starts_with`, `ends_with`, and `exact_match`. Suppressed matches are not obfuscated, counted in metrics, or displayed in the Findings page. | | suppressions | ends_with | [string] | List of strings to use for suppression of matches ending with these strings. | | suppressions | exact_match | [string] | List of strings to use for suppression of matches exactly matching these strings. | | suppressions | starts_with | [string] | List of strings to use for suppression of matches starting with these strings. | | attributes | tags | [string] | List of tags. | | attributes | text_replacement | object | Object describing how the scanned event will be replaced. | | text_replacement | number_of_chars | int64 | Required if type == 'partial_replacement_from_beginning' or 'partial_replacement_from_end'. It must be > 0. | | text_replacement | replacement_string | string | Required if type == 'replacement_string'. | | text_replacement | should_save_match | boolean | Only valid when type == `replacement_string`. When enabled, matches can be unmasked in logs by users with 'Data Scanner Unmask' permission. As a security best practice, avoid masking for highly-sensitive, long-lived data. | | text_replacement | type | enum | Type of the replacement text. None means no replacement. hash means the data will be stubbed. replacement_string means that one can chose a text to replace the data. partial_replacement_from_beginning allows a user to partially replace the data from the beginning, and partial_replacement_from_end on the other hand, allows to replace data from the end. Allowed enum values: `none,hash,replacement_string,partial_replacement_from_beginning,partial_replacement_from_end` | | data | relationships [*required*] | object | Relationships of a scanning rule. | | relationships | group | object | A scanning group data. | | group | data | object | A scanning group. | | data | id | string | ID of the group. | | data | type | enum | Sensitive Data Scanner group type. Allowed enum values: `sensitive_data_scanner_group` | | relationships | standard_pattern | object | A standard pattern. | | standard_pattern | data | object | Data containing the standard pattern id. | | data | id | string | ID of the standard pattern. | | data | type | enum | Sensitive Data Scanner standard pattern type. Allowed enum values: `sensitive_data_scanner_standard_pattern` | | data | type [*required*] | enum | Sensitive Data Scanner rule type. Allowed enum values: `sensitive_data_scanner_rule` | | | meta [*required*] | object | Meta payload containing information about the API. | | meta | version | int64 | Version of the API (optional). | {% /tab %} {% tab title="Example" %} ##### ```json { "meta": {}, "data": { "type": "sensitive_data_scanner_rule", "attributes": { "name": "Example-Sensitive-Data-Scanner", "pattern": "pattern", "namespaces": [ "admin" ], "excluded_namespaces": [ "admin.name" ], "text_replacement": { "type": "none" }, "tags": [ "sensitive_data:true" ], "is_enabled": true, "priority": 1, "included_keyword_configuration": { "keywords": [ "credit card" ], "character_count": 35 } }, "relationships": { "group": { "data": { "type": "sensitive_data_scanner_group", "id": "string" } } } } } ``` ##### ```json { "meta": {}, "data": { "type": "sensitive_data_scanner_rule", "attributes": { "name": "Example-Sensitive-Data-Scanner", "pattern": "pattern", "text_replacement": { "type": "replacement_string", "replacement_string": "REDACTED", "should_save_match": true }, "tags": [ "sensitive_data:true" ], "is_enabled": true, "priority": 1 }, "relationships": { "group": { "data": { "type": "sensitive_data_scanner_group", "id": "string" } } } } } ``` {% /tab %} ### Response {% tab title="201" %} OK {% tab title="Model" %} Create rule response. | Parent field | Field | Type | Description | | ------------------------------ | --------------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | data | object | Response data related to the creation of a rule. | | data | attributes | object | Attributes of the Sensitive Data Scanner rule. | | attributes | description | string | Description of the rule. | | attributes | excluded_namespaces | [string] | Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array. | | attributes | included_keyword_configuration | object | Object defining a set of keywords and a number of characters that help reduce noise. You can provide a list of keywords you would like to check within a defined proximity of the matching pattern. If any of the keywords are found within the proximity check, the match is kept. If none are found, the match is discarded. | | included_keyword_configuration | character_count [*required*] | int64 | The number of characters behind a match detected by Sensitive Data Scanner to look for the keywords defined. `character_count` should be greater than the maximum length of a keyword defined for a rule. | | included_keyword_configuration | keywords [*required*] | [string] | Keyword list that will be checked during scanning in order to validate a match. The number of keywords in the list must be less than or equal to 30. | | included_keyword_configuration | use_recommended_keywords | boolean | Should the rule use the underlying standard pattern keyword configuration. If set to `true`, the rule must be tied to a standard pattern. If set to `false`, the specified keywords and `character_count` are applied. | | attributes | is_enabled | boolean | Whether or not the rule is enabled. | | attributes | name | string | Name of the rule. | | attributes | namespaces | [string] | Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned. | | attributes | pattern | string | Not included if there is a relationship to a standard pattern. | | attributes | priority | int64 | Integer from 1 (high) to 5 (low) indicating rule issue severity. | | attributes | suppressions | object | Object describing the suppressions for a rule. There are three types of suppressions, `starts_with`, `ends_with`, and `exact_match`. Suppressed matches are not obfuscated, counted in metrics, or displayed in the Findings page. | | suppressions | ends_with | [string] | List of strings to use for suppression of matches ending with these strings. | | suppressions | exact_match | [string] | List of strings to use for suppression of matches exactly matching these strings. | | suppressions | starts_with | [string] | List of strings to use for suppression of matches starting with these strings. | | attributes | tags | [string] | List of tags. | | attributes | text_replacement | object | Object describing how the scanned event will be replaced. | | text_replacement | number_of_chars | int64 | Required if type == 'partial_replacement_from_beginning' or 'partial_replacement_from_end'. It must be > 0. | | text_replacement | replacement_string | string | Required if type == 'replacement_string'. | | text_replacement | should_save_match | boolean | Only valid when type == `replacement_string`. When enabled, matches can be unmasked in logs by users with 'Data Scanner Unmask' permission. As a security best practice, avoid masking for highly-sensitive, long-lived data. | | text_replacement | type | enum | Type of the replacement text. None means no replacement. hash means the data will be stubbed. replacement_string means that one can chose a text to replace the data. partial_replacement_from_beginning allows a user to partially replace the data from the beginning, and partial_replacement_from_end on the other hand, allows to replace data from the end. Allowed enum values: `none,hash,replacement_string,partial_replacement_from_beginning,partial_replacement_from_end` | | data | id | string | ID of the rule. | | data | relationships | object | Relationships of a scanning rule. | | relationships | group | object | A scanning group data. | | group | data | object | A scanning group. | | data | id | string | ID of the group. | | data | type | enum | Sensitive Data Scanner group type. Allowed enum values: `sensitive_data_scanner_group` | | relationships | standard_pattern | object | A standard pattern. | | standard_pattern | data | object | Data containing the standard pattern id. | | data | id | string | ID of the standard pattern. | | data | type | enum | Sensitive Data Scanner standard pattern type. Allowed enum values: `sensitive_data_scanner_standard_pattern` | | data | type | enum | Sensitive Data Scanner rule type. Allowed enum values: `sensitive_data_scanner_rule` | | | meta | object | Meta payload containing information about the API. | | meta | version | int64 | Version of the API (optional). | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "description": "string", "excluded_namespaces": [ "admin.name" ], "included_keyword_configuration": { "character_count": 30, "keywords": [ "email", "address", "login" ], "use_recommended_keywords": false }, "is_enabled": false, "name": "string", "namespaces": [ "admin" ], "pattern": "string", "priority": "integer", "suppressions": { "ends_with": [ "@example.com", "another.example.com" ], "exact_match": [ "admin@example.com", "user@example.com" ], "starts_with": [ "admin", "user" ] }, "tags": [], "text_replacement": { "number_of_chars": "integer", "replacement_string": "string", "should_save_match": false, "type": "string" } }, "id": "string", "relationships": { "group": { "data": { "id": "string", "type": "sensitive_data_scanner_group" } }, "standard_pattern": { "data": { "id": "string", "type": "sensitive_data_scanner_standard_pattern" } } }, "type": "sensitive_data_scanner_rule" }, "meta": { "version": 0 } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Authentication Error {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/sensitive-data-scanner/config/rules" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "excluded_namespaces": [ "admin.name" ], "included_keyword_configuration": { "character_count": 30, "keywords": [ "email", "address", "login" ] }, "is_enabled": true, "namespaces": [ "admin" ], "suppressions": { "ends_with": [ "@example.com", "another.example.com" ], "exact_match": [ "admin@example.com", "user@example.com" ], "starts_with": [ "admin", "user" ] }, "tags": [ "sensitive_data:true" ], "text_replacement": { "type": "none" } }, "relationships": { "group": { "data": { "type": "sensitive_data_scanner_group" } }, "standard_pattern": { "data": { "type": "sensitive_data_scanner_standard_pattern" } } }, "type": "sensitive_data_scanner_rule" }, "meta": { "version": 0 } } EOF ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/sensitive-data-scanner/config/rules" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "excluded_namespaces": [ "admin.name" ], "included_keyword_configuration": { "character_count": 30, "keywords": [ "email", "address", "login" ] }, "is_enabled": true, "namespaces": [ "admin" ], "suppressions": { "ends_with": [ "@example.com", "another.example.com" ], "exact_match": [ "admin@example.com", "user@example.com" ], "starts_with": [ "admin", "user" ] }, "tags": [ "sensitive_data:true" ], "text_replacement": { "type": "none" } }, "relationships": { "group": { "data": { "type": "sensitive_data_scanner_group" } }, "standard_pattern": { "data": { "type": "sensitive_data_scanner_standard_pattern" } } }, "type": "sensitive_data_scanner_rule" }, "meta": { "version": 0 } } EOF ##### ```go // Create Scanning Rule returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { // there is a valid "scanning_group" in the system GroupDataID := os.Getenv("GROUP_DATA_ID") body := datadogV2.SensitiveDataScannerRuleCreateRequest{ Meta: datadogV2.SensitiveDataScannerMetaVersionOnly{}, Data: datadogV2.SensitiveDataScannerRuleCreate{ Type: datadogV2.SENSITIVEDATASCANNERRULETYPE_SENSITIVE_DATA_SCANNER_RULE, Attributes: datadogV2.SensitiveDataScannerRuleAttributes{ Name: datadog.PtrString("Example-Sensitive-Data-Scanner"), Pattern: datadog.PtrString("pattern"), Namespaces: []string{ "admin", }, ExcludedNamespaces: []string{ "admin.name", }, TextReplacement: &datadogV2.SensitiveDataScannerTextReplacement{ Type: datadogV2.SENSITIVEDATASCANNERTEXTREPLACEMENTTYPE_NONE.Ptr(), }, Tags: []string{ "sensitive_data:true", }, IsEnabled: datadog.PtrBool(true), Priority: datadog.PtrInt64(1), IncludedKeywordConfiguration: &datadogV2.SensitiveDataScannerIncludedKeywordConfiguration{ Keywords: []string{ "credit card", }, CharacterCount: 35, }, }, Relationships: datadogV2.SensitiveDataScannerRuleRelationships{ Group: &datadogV2.SensitiveDataScannerGroupData{ Data: &datadogV2.SensitiveDataScannerGroup{ Type: datadogV2.SENSITIVEDATASCANNERGROUPTYPE_SENSITIVE_DATA_SCANNER_GROUP.Ptr(), Id: datadog.PtrString(GroupDataID), }, }, }, }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewSensitiveDataScannerApi(apiClient) resp, r, err := api.CreateScanningRule(ctx, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `SensitiveDataScannerApi.CreateScanningRule`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `SensitiveDataScannerApi.CreateScanningRule`:\n%s\n", responseContent) } ``` ##### ```go // Create Scanning Rule with should_save_match returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { // there is a valid "scanning_group" in the system GroupDataID := os.Getenv("GROUP_DATA_ID") body := datadogV2.SensitiveDataScannerRuleCreateRequest{ Meta: datadogV2.SensitiveDataScannerMetaVersionOnly{}, Data: datadogV2.SensitiveDataScannerRuleCreate{ Type: datadogV2.SENSITIVEDATASCANNERRULETYPE_SENSITIVE_DATA_SCANNER_RULE, Attributes: datadogV2.SensitiveDataScannerRuleAttributes{ Name: datadog.PtrString("Example-Sensitive-Data-Scanner"), Pattern: datadog.PtrString("pattern"), TextReplacement: &datadogV2.SensitiveDataScannerTextReplacement{ Type: datadogV2.SENSITIVEDATASCANNERTEXTREPLACEMENTTYPE_REPLACEMENT_STRING.Ptr(), ReplacementString: datadog.PtrString("REDACTED"), ShouldSaveMatch: datadog.PtrBool(true), }, Tags: []string{ "sensitive_data:true", }, IsEnabled: datadog.PtrBool(true), Priority: datadog.PtrInt64(1), }, Relationships: datadogV2.SensitiveDataScannerRuleRelationships{ Group: &datadogV2.SensitiveDataScannerGroupData{ Data: &datadogV2.SensitiveDataScannerGroup{ Type: datadogV2.SENSITIVEDATASCANNERGROUPTYPE_SENSITIVE_DATA_SCANNER_GROUP.Ptr(), Id: datadog.PtrString(GroupDataID), }, }, }, }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewSensitiveDataScannerApi(apiClient) resp, r, err := api.CreateScanningRule(ctx, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `SensitiveDataScannerApi.CreateScanningRule`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `SensitiveDataScannerApi.CreateScanningRule`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Create Scanning Rule returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.SensitiveDataScannerApi; import com.datadog.api.client.v2.model.SensitiveDataScannerCreateRuleResponse; import com.datadog.api.client.v2.model.SensitiveDataScannerGroup; import com.datadog.api.client.v2.model.SensitiveDataScannerGroupData; import com.datadog.api.client.v2.model.SensitiveDataScannerGroupType; import com.datadog.api.client.v2.model.SensitiveDataScannerIncludedKeywordConfiguration; import com.datadog.api.client.v2.model.SensitiveDataScannerMetaVersionOnly; import com.datadog.api.client.v2.model.SensitiveDataScannerRuleAttributes; import com.datadog.api.client.v2.model.SensitiveDataScannerRuleCreate; import com.datadog.api.client.v2.model.SensitiveDataScannerRuleCreateRequest; import com.datadog.api.client.v2.model.SensitiveDataScannerRuleRelationships; import com.datadog.api.client.v2.model.SensitiveDataScannerRuleType; import com.datadog.api.client.v2.model.SensitiveDataScannerTextReplacement; import com.datadog.api.client.v2.model.SensitiveDataScannerTextReplacementType; import java.util.Collections; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); SensitiveDataScannerApi apiInstance = new SensitiveDataScannerApi(defaultClient); // there is a valid "scanning_group" in the system String GROUP_DATA_ID = System.getenv("GROUP_DATA_ID"); SensitiveDataScannerRuleCreateRequest body = new SensitiveDataScannerRuleCreateRequest() .meta(new SensitiveDataScannerMetaVersionOnly()) .data( new SensitiveDataScannerRuleCreate() .type(SensitiveDataScannerRuleType.SENSITIVE_DATA_SCANNER_RULE) .attributes( new SensitiveDataScannerRuleAttributes() .name("Example-Sensitive-Data-Scanner") .pattern("pattern") .namespaces(Collections.singletonList("admin")) .excludedNamespaces(Collections.singletonList("admin.name")) .textReplacement( new SensitiveDataScannerTextReplacement() .type(SensitiveDataScannerTextReplacementType.NONE)) .tags(Collections.singletonList("sensitive_data:true")) .isEnabled(true) .priority(1L) .includedKeywordConfiguration( new SensitiveDataScannerIncludedKeywordConfiguration() .keywords(Collections.singletonList("credit card")) .characterCount(35L))) .relationships( new SensitiveDataScannerRuleRelationships() .group( new SensitiveDataScannerGroupData() .data( new SensitiveDataScannerGroup() .type( SensitiveDataScannerGroupType .SENSITIVE_DATA_SCANNER_GROUP) .id(GROUP_DATA_ID))))); try { SensitiveDataScannerCreateRuleResponse result = apiInstance.createScanningRule(body); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling SensitiveDataScannerApi#createScanningRule"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` ##### ```java // Create Scanning Rule with should_save_match returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.SensitiveDataScannerApi; import com.datadog.api.client.v2.model.SensitiveDataScannerCreateRuleResponse; import com.datadog.api.client.v2.model.SensitiveDataScannerGroup; import com.datadog.api.client.v2.model.SensitiveDataScannerGroupData; import com.datadog.api.client.v2.model.SensitiveDataScannerGroupType; import com.datadog.api.client.v2.model.SensitiveDataScannerMetaVersionOnly; import com.datadog.api.client.v2.model.SensitiveDataScannerRuleAttributes; import com.datadog.api.client.v2.model.SensitiveDataScannerRuleCreate; import com.datadog.api.client.v2.model.SensitiveDataScannerRuleCreateRequest; import com.datadog.api.client.v2.model.SensitiveDataScannerRuleRelationships; import com.datadog.api.client.v2.model.SensitiveDataScannerRuleType; import com.datadog.api.client.v2.model.SensitiveDataScannerTextReplacement; import com.datadog.api.client.v2.model.SensitiveDataScannerTextReplacementType; import java.util.Collections; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); SensitiveDataScannerApi apiInstance = new SensitiveDataScannerApi(defaultClient); // there is a valid "scanning_group" in the system String GROUP_DATA_ID = System.getenv("GROUP_DATA_ID"); SensitiveDataScannerRuleCreateRequest body = new SensitiveDataScannerRuleCreateRequest() .meta(new SensitiveDataScannerMetaVersionOnly()) .data( new SensitiveDataScannerRuleCreate() .type(SensitiveDataScannerRuleType.SENSITIVE_DATA_SCANNER_RULE) .attributes( new SensitiveDataScannerRuleAttributes() .name("Example-Sensitive-Data-Scanner") .pattern("pattern") .textReplacement( new SensitiveDataScannerTextReplacement() .type( SensitiveDataScannerTextReplacementType.REPLACEMENT_STRING) .replacementString("REDACTED") .shouldSaveMatch(true)) .tags(Collections.singletonList("sensitive_data:true")) .isEnabled(true) .priority(1L)) .relationships( new SensitiveDataScannerRuleRelationships() .group( new SensitiveDataScannerGroupData() .data( new SensitiveDataScannerGroup() .type( SensitiveDataScannerGroupType .SENSITIVE_DATA_SCANNER_GROUP) .id(GROUP_DATA_ID))))); try { SensitiveDataScannerCreateRuleResponse result = apiInstance.createScanningRule(body); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling SensitiveDataScannerApi#createScanningRule"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```python """ Create Scanning Rule returns "OK" response """ from os import environ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.sensitive_data_scanner_api import SensitiveDataScannerApi from datadog_api_client.v2.model.sensitive_data_scanner_group import SensitiveDataScannerGroup from datadog_api_client.v2.model.sensitive_data_scanner_group_data import SensitiveDataScannerGroupData from datadog_api_client.v2.model.sensitive_data_scanner_group_type import SensitiveDataScannerGroupType from datadog_api_client.v2.model.sensitive_data_scanner_included_keyword_configuration import ( SensitiveDataScannerIncludedKeywordConfiguration, ) from datadog_api_client.v2.model.sensitive_data_scanner_meta_version_only import SensitiveDataScannerMetaVersionOnly from datadog_api_client.v2.model.sensitive_data_scanner_rule_attributes import SensitiveDataScannerRuleAttributes from datadog_api_client.v2.model.sensitive_data_scanner_rule_create import SensitiveDataScannerRuleCreate from datadog_api_client.v2.model.sensitive_data_scanner_rule_create_request import SensitiveDataScannerRuleCreateRequest from datadog_api_client.v2.model.sensitive_data_scanner_rule_relationships import SensitiveDataScannerRuleRelationships from datadog_api_client.v2.model.sensitive_data_scanner_rule_type import SensitiveDataScannerRuleType from datadog_api_client.v2.model.sensitive_data_scanner_text_replacement import SensitiveDataScannerTextReplacement from datadog_api_client.v2.model.sensitive_data_scanner_text_replacement_type import ( SensitiveDataScannerTextReplacementType, ) # there is a valid "scanning_group" in the system GROUP_DATA_ID = environ["GROUP_DATA_ID"] body = SensitiveDataScannerRuleCreateRequest( meta=SensitiveDataScannerMetaVersionOnly(), data=SensitiveDataScannerRuleCreate( type=SensitiveDataScannerRuleType.SENSITIVE_DATA_SCANNER_RULE, attributes=SensitiveDataScannerRuleAttributes( name="Example-Sensitive-Data-Scanner", pattern="pattern", namespaces=[ "admin", ], excluded_namespaces=[ "admin.name", ], text_replacement=SensitiveDataScannerTextReplacement( type=SensitiveDataScannerTextReplacementType.NONE, ), tags=[ "sensitive_data:true", ], is_enabled=True, priority=1, included_keyword_configuration=SensitiveDataScannerIncludedKeywordConfiguration( keywords=[ "credit card", ], character_count=35, ), ), relationships=SensitiveDataScannerRuleRelationships( group=SensitiveDataScannerGroupData( data=SensitiveDataScannerGroup( type=SensitiveDataScannerGroupType.SENSITIVE_DATA_SCANNER_GROUP, id=GROUP_DATA_ID, ), ), ), ), ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = SensitiveDataScannerApi(api_client) response = api_instance.create_scanning_rule(body=body) print(response) ``` ##### ```python """ Create Scanning Rule with should_save_match returns "OK" response """ from os import environ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.sensitive_data_scanner_api import SensitiveDataScannerApi from datadog_api_client.v2.model.sensitive_data_scanner_group import SensitiveDataScannerGroup from datadog_api_client.v2.model.sensitive_data_scanner_group_data import SensitiveDataScannerGroupData from datadog_api_client.v2.model.sensitive_data_scanner_group_type import SensitiveDataScannerGroupType from datadog_api_client.v2.model.sensitive_data_scanner_meta_version_only import SensitiveDataScannerMetaVersionOnly from datadog_api_client.v2.model.sensitive_data_scanner_rule_attributes import SensitiveDataScannerRuleAttributes from datadog_api_client.v2.model.sensitive_data_scanner_rule_create import SensitiveDataScannerRuleCreate from datadog_api_client.v2.model.sensitive_data_scanner_rule_create_request import SensitiveDataScannerRuleCreateRequest from datadog_api_client.v2.model.sensitive_data_scanner_rule_relationships import SensitiveDataScannerRuleRelationships from datadog_api_client.v2.model.sensitive_data_scanner_rule_type import SensitiveDataScannerRuleType from datadog_api_client.v2.model.sensitive_data_scanner_text_replacement import SensitiveDataScannerTextReplacement from datadog_api_client.v2.model.sensitive_data_scanner_text_replacement_type import ( SensitiveDataScannerTextReplacementType, ) # there is a valid "scanning_group" in the system GROUP_DATA_ID = environ["GROUP_DATA_ID"] body = SensitiveDataScannerRuleCreateRequest( meta=SensitiveDataScannerMetaVersionOnly(), data=SensitiveDataScannerRuleCreate( type=SensitiveDataScannerRuleType.SENSITIVE_DATA_SCANNER_RULE, attributes=SensitiveDataScannerRuleAttributes( name="Example-Sensitive-Data-Scanner", pattern="pattern", text_replacement=SensitiveDataScannerTextReplacement( type=SensitiveDataScannerTextReplacementType.REPLACEMENT_STRING, replacement_string="REDACTED", should_save_match=True, ), tags=[ "sensitive_data:true", ], is_enabled=True, priority=1, ), relationships=SensitiveDataScannerRuleRelationships( group=SensitiveDataScannerGroupData( data=SensitiveDataScannerGroup( type=SensitiveDataScannerGroupType.SENSITIVE_DATA_SCANNER_GROUP, id=GROUP_DATA_ID, ), ), ), ), ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = SensitiveDataScannerApi(api_client) response = api_instance.create_scanning_rule(body=body) print(response) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Create Scanning Rule returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V2::SensitiveDataScannerAPI.new # there is a valid "scanning_group" in the system GROUP_DATA_ID = ENV["GROUP_DATA_ID"] body = DatadogAPIClient::V2::SensitiveDataScannerRuleCreateRequest.new({ meta: DatadogAPIClient::V2::SensitiveDataScannerMetaVersionOnly.new({}), data: DatadogAPIClient::V2::SensitiveDataScannerRuleCreate.new({ type: DatadogAPIClient::V2::SensitiveDataScannerRuleType::SENSITIVE_DATA_SCANNER_RULE, attributes: DatadogAPIClient::V2::SensitiveDataScannerRuleAttributes.new({ name: "Example-Sensitive-Data-Scanner", pattern: "pattern", namespaces: [ "admin", ], excluded_namespaces: [ "admin.name", ], text_replacement: DatadogAPIClient::V2::SensitiveDataScannerTextReplacement.new({ type: DatadogAPIClient::V2::SensitiveDataScannerTextReplacementType::NONE, }), tags: [ "sensitive_data:true", ], is_enabled: true, priority: 1, included_keyword_configuration: DatadogAPIClient::V2::SensitiveDataScannerIncludedKeywordConfiguration.new({ keywords: [ "credit card", ], character_count: 35, }), }), relationships: DatadogAPIClient::V2::SensitiveDataScannerRuleRelationships.new({ group: DatadogAPIClient::V2::SensitiveDataScannerGroupData.new({ data: DatadogAPIClient::V2::SensitiveDataScannerGroup.new({ type: DatadogAPIClient::V2::SensitiveDataScannerGroupType::SENSITIVE_DATA_SCANNER_GROUP, id: GROUP_DATA_ID, }), }), }), }), }) p api_instance.create_scanning_rule(body) ``` ##### ```ruby # Create Scanning Rule with should_save_match returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V2::SensitiveDataScannerAPI.new # there is a valid "scanning_group" in the system GROUP_DATA_ID = ENV["GROUP_DATA_ID"] body = DatadogAPIClient::V2::SensitiveDataScannerRuleCreateRequest.new({ meta: DatadogAPIClient::V2::SensitiveDataScannerMetaVersionOnly.new({}), data: DatadogAPIClient::V2::SensitiveDataScannerRuleCreate.new({ type: DatadogAPIClient::V2::SensitiveDataScannerRuleType::SENSITIVE_DATA_SCANNER_RULE, attributes: DatadogAPIClient::V2::SensitiveDataScannerRuleAttributes.new({ name: "Example-Sensitive-Data-Scanner", pattern: "pattern", text_replacement: DatadogAPIClient::V2::SensitiveDataScannerTextReplacement.new({ type: DatadogAPIClient::V2::SensitiveDataScannerTextReplacementType::REPLACEMENT_STRING, replacement_string: "REDACTED", should_save_match: true, }), tags: [ "sensitive_data:true", ], is_enabled: true, priority: 1, }), relationships: DatadogAPIClient::V2::SensitiveDataScannerRuleRelationships.new({ group: DatadogAPIClient::V2::SensitiveDataScannerGroupData.new({ data: DatadogAPIClient::V2::SensitiveDataScannerGroup.new({ type: DatadogAPIClient::V2::SensitiveDataScannerGroupType::SENSITIVE_DATA_SCANNER_GROUP, id: GROUP_DATA_ID, }), }), }), }), }) p api_instance.create_scanning_rule(body) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```rust // Create Scanning Rule returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_sensitive_data_scanner::SensitiveDataScannerAPI; use datadog_api_client::datadogV2::model::SensitiveDataScannerGroup; use datadog_api_client::datadogV2::model::SensitiveDataScannerGroupData; use datadog_api_client::datadogV2::model::SensitiveDataScannerGroupType; use datadog_api_client::datadogV2::model::SensitiveDataScannerIncludedKeywordConfiguration; use datadog_api_client::datadogV2::model::SensitiveDataScannerMetaVersionOnly; use datadog_api_client::datadogV2::model::SensitiveDataScannerRuleAttributes; use datadog_api_client::datadogV2::model::SensitiveDataScannerRuleCreate; use datadog_api_client::datadogV2::model::SensitiveDataScannerRuleCreateRequest; use datadog_api_client::datadogV2::model::SensitiveDataScannerRuleRelationships; use datadog_api_client::datadogV2::model::SensitiveDataScannerRuleType; use datadog_api_client::datadogV2::model::SensitiveDataScannerTextReplacement; use datadog_api_client::datadogV2::model::SensitiveDataScannerTextReplacementType; #[tokio::main] async fn main() { // there is a valid "scanning_group" in the system let group_data_id = std::env::var("GROUP_DATA_ID").unwrap(); let body = SensitiveDataScannerRuleCreateRequest::new( SensitiveDataScannerRuleCreate::new( SensitiveDataScannerRuleAttributes::new() .excluded_namespaces(vec!["admin.name".to_string()]) .included_keyword_configuration( SensitiveDataScannerIncludedKeywordConfiguration::new( 35, vec!["credit card".to_string()], ), ) .is_enabled(true) .name("Example-Sensitive-Data-Scanner".to_string()) .namespaces(vec!["admin".to_string()]) .pattern("pattern".to_string()) .priority(1) .tags(vec!["sensitive_data:true".to_string()]) .text_replacement( SensitiveDataScannerTextReplacement::new() .type_(SensitiveDataScannerTextReplacementType::NONE), ), SensitiveDataScannerRuleRelationships::new().group( SensitiveDataScannerGroupData::new().data( SensitiveDataScannerGroup::new() .id(group_data_id.clone()) .type_(SensitiveDataScannerGroupType::SENSITIVE_DATA_SCANNER_GROUP), ), ), SensitiveDataScannerRuleType::SENSITIVE_DATA_SCANNER_RULE, ), SensitiveDataScannerMetaVersionOnly::new(), ); let configuration = datadog::Configuration::new(); let api = SensitiveDataScannerAPI::with_config(configuration); let resp = api.create_scanning_rule(body).await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` ##### ```rust // Create Scanning Rule with should_save_match returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_sensitive_data_scanner::SensitiveDataScannerAPI; use datadog_api_client::datadogV2::model::SensitiveDataScannerGroup; use datadog_api_client::datadogV2::model::SensitiveDataScannerGroupData; use datadog_api_client::datadogV2::model::SensitiveDataScannerGroupType; use datadog_api_client::datadogV2::model::SensitiveDataScannerMetaVersionOnly; use datadog_api_client::datadogV2::model::SensitiveDataScannerRuleAttributes; use datadog_api_client::datadogV2::model::SensitiveDataScannerRuleCreate; use datadog_api_client::datadogV2::model::SensitiveDataScannerRuleCreateRequest; use datadog_api_client::datadogV2::model::SensitiveDataScannerRuleRelationships; use datadog_api_client::datadogV2::model::SensitiveDataScannerRuleType; use datadog_api_client::datadogV2::model::SensitiveDataScannerTextReplacement; use datadog_api_client::datadogV2::model::SensitiveDataScannerTextReplacementType; #[tokio::main] async fn main() { // there is a valid "scanning_group" in the system let group_data_id = std::env::var("GROUP_DATA_ID").unwrap(); let body = SensitiveDataScannerRuleCreateRequest::new( SensitiveDataScannerRuleCreate::new( SensitiveDataScannerRuleAttributes::new() .is_enabled(true) .name("Example-Sensitive-Data-Scanner".to_string()) .pattern("pattern".to_string()) .priority(1) .tags(vec!["sensitive_data:true".to_string()]) .text_replacement( SensitiveDataScannerTextReplacement::new() .replacement_string("REDACTED".to_string()) .should_save_match(true) .type_(SensitiveDataScannerTextReplacementType::REPLACEMENT_STRING), ), SensitiveDataScannerRuleRelationships::new().group( SensitiveDataScannerGroupData::new().data( SensitiveDataScannerGroup::new() .id(group_data_id.clone()) .type_(SensitiveDataScannerGroupType::SENSITIVE_DATA_SCANNER_GROUP), ), ), SensitiveDataScannerRuleType::SENSITIVE_DATA_SCANNER_RULE, ), SensitiveDataScannerMetaVersionOnly::new(), ); let configuration = datadog::Configuration::new(); let api = SensitiveDataScannerAPI::with_config(configuration); let resp = api.create_scanning_rule(body).await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Create Scanning Rule returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.SensitiveDataScannerApi(configuration); // there is a valid "scanning_group" in the system const GROUP_DATA_ID = process.env.GROUP_DATA_ID as string; const params: v2.SensitiveDataScannerApiCreateScanningRuleRequest = { body: { meta: {}, data: { type: "sensitive_data_scanner_rule", attributes: { name: "Example-Sensitive-Data-Scanner", pattern: "pattern", namespaces: ["admin"], excludedNamespaces: ["admin.name"], textReplacement: { type: "none", }, tags: ["sensitive_data:true"], isEnabled: true, priority: 1, includedKeywordConfiguration: { keywords: ["credit card"], characterCount: 35, }, }, relationships: { group: { data: { type: "sensitive_data_scanner_group", id: GROUP_DATA_ID, }, }, }, }, }, }; apiInstance .createScanningRule(params) .then((data: v2.SensitiveDataScannerCreateRuleResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` ##### ```typescript /** * Create Scanning Rule with should_save_match returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.SensitiveDataScannerApi(configuration); // there is a valid "scanning_group" in the system const GROUP_DATA_ID = process.env.GROUP_DATA_ID as string; const params: v2.SensitiveDataScannerApiCreateScanningRuleRequest = { body: { meta: {}, data: { type: "sensitive_data_scanner_rule", attributes: { name: "Example-Sensitive-Data-Scanner", pattern: "pattern", textReplacement: { type: "replacement_string", replacementString: "REDACTED", shouldSaveMatch: true, }, tags: ["sensitive_data:true"], isEnabled: true, priority: 1, }, relationships: { group: { data: { type: "sensitive_data_scanner_group", id: GROUP_DATA_ID, }, }, }, }, }, }; apiInstance .createScanningRule(params) .then((data: v2.SensitiveDataScannerCreateRuleResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}