Language

English Français 日本語 한국어 Español

Datadog Site

Site help
US1 US3 US5 EU AP1 AP2 US1-FED US2-FED

List Scanning Groups

GET https://api.ap1.datadoghq.com/api/v2/sensitive-data-scanner/confighttps://api.ap2.datadoghq.com/api/v2/sensitive-data-scanner/confighttps://api.datadoghq.eu/api/v2/sensitive-data-scanner/confighttps://api.ddog-gov.com/api/v2/sensitive-data-scanner/confighttps://api.us2.ddog-gov.com/api/v2/sensitive-data-scanner/confighttps://api.datadoghq.com/api/v2/sensitive-data-scanner/confighttps://api.us3.datadoghq.com/api/v2/sensitive-data-scanner/confighttps://api.us5.datadoghq.com/api/v2/sensitive-data-scanner/config

Overview

List all the Scanning groups in your organization. This endpoint requires the data_scanner_read permission.

Response

OK

Get all groups response.

Expand All

Field

Type

Description

data

object

Response data related to the scanning groups.

attributes

object

Attributes of the Sensitive Data configuration.

id

string

ID of the configuration.

relationships

object

Relationships of the configuration.

groups

object

List of groups, ordered.

data

[object]

List of groups. The order is important.

id

string

ID of the group.

type

enum

Sensitive Data Scanner group type. Allowed enum values: sensitive_data_scanner_group

default: sensitive_data_scanner_group

type

enum

Sensitive Data Scanner configuration type. Allowed enum values: sensitive_data_scanner_configuration

default: sensitive_data_scanner_configuration

included

[ <oneOf>]

Included objects from relationships.

Option 1

object

A Scanning Rule included item.

attributes

object

Attributes of the Sensitive Data Scanner rule.

description

string

Description of the rule.

excluded_namespaces

[string]

Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.

included_keyword_configuration

object

Object defining a set of keywords and a number of characters that help reduce noise. You can provide a list of keywords you would like to check within a defined proximity of the matching pattern. If any of the keywords are found within the proximity check, the match is kept. If none are found, the match is discarded.

character_count [required]

int64

The number of characters behind a match detected by Sensitive Data Scanner to look for the keywords defined. character_count should be greater than the maximum length of a keyword defined for a rule.

keywords [required]

[string]

Keyword list that will be checked during scanning in order to validate a match. The number of keywords in the list must be less than or equal to 30.

use_recommended_keywords

boolean

Should the rule use the underlying standard pattern keyword configuration. If set to true, the rule must be tied to a standard pattern. If set to false, the specified keywords and character_count are applied.

is_enabled

boolean

Whether or not the rule is enabled.

name

string

Name of the rule.

namespaces

[string]

Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.

pattern

string

Not included if there is a relationship to a standard pattern.

priority

int64

Integer from 1 (high) to 5 (low) indicating rule issue severity.

suppressions

object

Object describing the suppressions for a rule. There are three types of suppressions, starts_with, ends_with, and exact_match. Suppressed matches are not obfuscated, counted in metrics, or displayed in the Findings page.

ends_with

[string]

List of strings to use for suppression of matches ending with these strings.

exact_match

[string]

List of strings to use for suppression of matches exactly matching these strings.

starts_with

[string]

List of strings to use for suppression of matches starting with these strings.

tags

[string]

List of tags.

text_replacement

object

Object describing how the scanned event will be replaced.

number_of_chars

int64

Required if type == 'partial_replacement_from_beginning' or 'partial_replacement_from_end'. It must be > 0.

replacement_string

string

Required if type == 'replacement_string'.

should_save_match

boolean

Only valid when type == replacement_string. When enabled, matches can be unmasked in logs by users with ‘Data Scanner Unmask’ permission. As a security best practice, avoid masking for highly-sensitive, long-lived data.

type

enum

Type of the replacement text. None means no replacement. hash means the data will be stubbed. replacement_string means that one can chose a text to replace the data. partial_replacement_from_beginning allows a user to partially replace the data from the beginning, and partial_replacement_from_end on the other hand, allows to replace data from the end. Allowed enum values: none,hash,replacement_string,partial_replacement_from_beginning,partial_replacement_from_end

default: none

id

string

ID of the rule.

relationships

object

Relationships of a scanning rule.

group

object

A scanning group data.

data

object

A scanning group.

id

string

ID of the group.

type

enum

Sensitive Data Scanner group type. Allowed enum values: sensitive_data_scanner_group

default: sensitive_data_scanner_group

standard_pattern

object

A standard pattern.

data

object

Data containing the standard pattern id.

id

string

ID of the standard pattern.

type

enum

Sensitive Data Scanner standard pattern type. Allowed enum values: sensitive_data_scanner_standard_pattern

default: sensitive_data_scanner_standard_pattern

type

enum

Sensitive Data Scanner rule type. Allowed enum values: sensitive_data_scanner_rule

default: sensitive_data_scanner_rule

Option 2

object

A Scanning Group included item.

attributes

object

Attributes of the Sensitive Data Scanner group.

description

string

Description of the group.

filter

object

Filter for the Scanning Group.

query

string

Query to filter the events.

is_enabled

boolean

Whether or not the group is enabled.

name

string

Name of the group.

product_list

[string]

List of products the scanning group applies.

samplings

[object]

List of sampling rates per product type.

product

enum

Datadog product onto which Sensitive Data Scanner can be activated. Allowed enum values: logs,rum,events,apm

default: logs

rate

double

Rate at which data in product type will be scanned, as a percentage.

id

string

ID of the group.

relationships

object

Relationships of the group.

configuration

object

A Sensitive Data Scanner configuration data.

data

object

A Sensitive Data Scanner configuration.

id

string

ID of the configuration.

type

enum

Sensitive Data Scanner configuration type. Allowed enum values: sensitive_data_scanner_configuration

default: sensitive_data_scanner_configuration

rules

object

Rules included in the group.

data

[object]

Rules included in the group. The order is important.

id

string

ID of the rule.

type

enum

Sensitive Data Scanner rule type. Allowed enum values: sensitive_data_scanner_rule

default: sensitive_data_scanner_rule

type

enum

Sensitive Data Scanner group type. Allowed enum values: sensitive_data_scanner_group

default: sensitive_data_scanner_group

meta

object

Meta response containing information about the API.

count_limit

int64

Maximum number of scanning rules allowed for the org.

group_count_limit

int64

Maximum number of scanning groups allowed for the org.

has_highlight_enabled

boolean

DEPRECATED: (Deprecated) Whether or not scanned events are highlighted in Logs or RUM for the org.

default: true

has_multi_pass_enabled

boolean

DEPRECATED: (Deprecated) Whether or not scanned events have multi-pass enabled.

is_pci_compliant

boolean

Whether or not the org is compliant to the payment card industry standard.

version

int64

Version of the API.

{
  "data": {
    "attributes": {},
    "id": "string",
    "relationships": {
      "groups": {
        "data": [
          {
            "id": "string",
            "type": "sensitive_data_scanner_group"
          }
        ]
      }
    },
    "type": "sensitive_data_scanner_configuration"
  },
  "included": [
    {
      "attributes": {
        "description": "string",
        "excluded_namespaces": [
          "admin.name"
        ],
        "included_keyword_configuration": {
          "character_count": 30,
          "keywords": [
            "email",
            "address",
            "login"
          ],
          "use_recommended_keywords": false
        },
        "is_enabled": false,
        "name": "string",
        "namespaces": [
          "admin"
        ],
        "pattern": "string",
        "priority": "integer",
        "suppressions": {
          "ends_with": [
            "@example.com",
            "another.example.com"
          ],
          "exact_match": [
            "admin@example.com",
            "user@example.com"
          ],
          "starts_with": [
            "admin",
            "user"
          ]
        },
        "tags": [],
        "text_replacement": {
          "number_of_chars": "integer",
          "replacement_string": "string",
          "should_save_match": false,
          "type": "string"
        }
      },
      "id": "string",
      "relationships": {
        "group": {
          "data": {
            "id": "string",
            "type": "sensitive_data_scanner_group"
          }
        },
        "standard_pattern": {
          "data": {
            "id": "string",
            "type": "sensitive_data_scanner_standard_pattern"
          }
        }
      },
      "type": "sensitive_data_scanner_rule"
    }
  ],
  "meta": {
    "count_limit": "integer",
    "group_count_limit": "integer",
    "has_highlight_enabled": false,
    "has_multi_pass_enabled": false,
    "is_pci_compliant": false,
    "version": 0
  }
}

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication Error

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/sensitive-data-scanner/config" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

                
"""
List Scanning Groups returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.sensitive_data_scanner_api import SensitiveDataScannerApi

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SensitiveDataScannerApi(api_client)
    response = api_instance.list_scanning_groups()

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# List Scanning Groups returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SensitiveDataScannerAPI.new
p api_instance.list_scanning_groups()

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
// List Scanning Groups returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSensitiveDataScannerApi(apiClient)
	resp, r, err := api.ListScanningGroups(ctx)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SensitiveDataScannerApi.ListScanningGroups`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SensitiveDataScannerApi.ListScanningGroups`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// List Scanning Groups returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SensitiveDataScannerApi;
import com.datadog.api.client.v2.model.SensitiveDataScannerGetConfigResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SensitiveDataScannerApi apiInstance = new SensitiveDataScannerApi(defaultClient);

    try {
      SensitiveDataScannerGetConfigResponse result = apiInstance.listScanningGroups();
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SensitiveDataScannerApi#listScanningGroups");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
// List Scanning Groups returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_sensitive_data_scanner::SensitiveDataScannerAPI;

#[tokio::main]
async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SensitiveDataScannerAPI::with_config(configuration);
    let resp = api.list_scanning_groups().await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run
/**
 * List Scanning Groups returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SensitiveDataScannerApi(configuration);

apiInstance
  .listScanningGroups()
  .then((data: v2.SensitiveDataScannerGetConfigResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"