This page is not yet available in Spanish. We are working on its translation. If you have any questions or feedback about our current translation project, feel free to reach out to us!
CSM Threats
Cloud Security Management Threats (CSM Threats) monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. See Cloud Security Management Threats for more information on setting up CSM Threats.
The download endpoint generates a Cloud Workload Security policy file from your currently active
Cloud Workload Security rules, and downloads them as a .policy file. This file can then be deployed to
your Agents to update the policy running in your environment.
This endpoint requires the security_monitoring_cws_agent_rules_read permission.
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
/**
* Get the latest Cloud Workload Security policy returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);apiInstance.downloadCloudWorkloadPolicyFile().then((data: client.HttpFile)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
The download endpoint generates a CSM Threats policy file from your currently active
CSM Threats rules, and downloads them as a .policy file. This file can then be deployed to
your Agents to update the policy running in your environment.
# Get the latest CSM Threats policy returns "OK" responserequire"datadog_api_client"api_instance=DatadogAPIClient::V2::CSMThreatsAPI.newpapi_instance.download_csm_threats_policy()
// Get the latest CSM Threats policy returns "OK" response
packagemainimport("context""fmt""io/ioutil""os""github.com/DataDog/datadog-api-client-go/v2/api/datadog""github.com/DataDog/datadog-api-client-go/v2/api/datadogV2")funcmain(){ctx:=datadog.NewDefaultContext(context.Background())configuration:=datadog.NewConfiguration()apiClient:=datadog.NewAPIClient(configuration)api:=datadogV2.NewCSMThreatsApi(apiClient)resp,r,err:=api.DownloadCSMThreatsPolicy(ctx)iferr!=nil{fmt.Fprintf(os.Stderr,"Error when calling `CSMThreatsApi.DownloadCSMThreatsPolicy`: %v\n",err)fmt.Fprintf(os.Stderr,"Full HTTP response: %v\n",r)}responseContent,_:=ioutil.ReadAll(resp)fmt.Fprintf(os.Stdout,"Response from `CSMThreatsApi.DownloadCSMThreatsPolicy`:\n%s\n",responseContent)}
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
/**
* Get the latest CSM Threats policy returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);apiInstance.downloadCSMThreatsPolicy().then((data: client.HttpFile)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
"""
Get a Cloud Workload Security Agent rule returns "OK" response
"""fromosimportenvironfromdatadog_api_clientimportApiClient,Configurationfromdatadog_api_client.v2.api.csm_threats_apiimportCSMThreatsApi# there is a valid "agent_rule" in the systemAGENT_RULE_DATA_ID=environ["AGENT_RULE_DATA_ID"]configuration=Configuration()withApiClient(configuration)asapi_client:api_instance=CSMThreatsApi(api_client)response=api_instance.get_cloud_workload_security_agent_rule(agent_rule_id=AGENT_RULE_DATA_ID,)print(response)
# Get a Cloud Workload Security Agent rule returns "OK" responserequire"datadog_api_client"api_instance=DatadogAPIClient::V2::CSMThreatsAPI.new# there is a valid "agent_rule" in the systemAGENT_RULE_DATA_ID=ENV["AGENT_RULE_DATA_ID"]papi_instance.get_cloud_workload_security_agent_rule(AGENT_RULE_DATA_ID)
// Get a Cloud Workload Security Agent rule returns "OK" response
usedatadog_api_client::datadog;usedatadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;#[tokio::main]asyncfnmain(){// there is a valid "agent_rule" in the system
letagent_rule_data_id=std::env::var("AGENT_RULE_DATA_ID").unwrap();letconfiguration=datadog::Configuration::new();letapi=CSMThreatsAPI::with_config(configuration);letresp=api.get_cloud_workload_security_agent_rule(agent_rule_data_id.clone()).await;ifletOk(value)=resp{println!("{:#?}",value);}else{println!("{:#?}",resp.unwrap_err());}}
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
// Get a Cloud Workload Security Agent rule returns "OK" response
packagemainimport("context""encoding/json""fmt""os""github.com/DataDog/datadog-api-client-go/v2/api/datadog""github.com/DataDog/datadog-api-client-go/v2/api/datadogV2")funcmain(){// there is a valid "agent_rule" in the system
AgentRuleDataID:=os.Getenv("AGENT_RULE_DATA_ID")ctx:=datadog.NewDefaultContext(context.Background())configuration:=datadog.NewConfiguration()apiClient:=datadog.NewAPIClient(configuration)api:=datadogV2.NewCSMThreatsApi(apiClient)resp,r,err:=api.GetCloudWorkloadSecurityAgentRule(ctx,AgentRuleDataID)iferr!=nil{fmt.Fprintf(os.Stderr,"Error when calling `CSMThreatsApi.GetCloudWorkloadSecurityAgentRule`: %v\n",err)fmt.Fprintf(os.Stderr,"Full HTTP response: %v\n",r)}responseContent,_:=json.MarshalIndent(resp,""," ")fmt.Fprintf(os.Stdout,"Response from `CSMThreatsApi.GetCloudWorkloadSecurityAgentRule`:\n%s\n",responseContent)}
// Get a Cloud Workload Security Agent rule returns "OK" responseimportcom.datadog.api.client.ApiClient;importcom.datadog.api.client.ApiException;importcom.datadog.api.client.v2.api.CsmThreatsApi;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleResponse;publicclassExample{publicstaticvoidmain(String[]args){ApiClientdefaultClient=ApiClient.getDefaultApiClient();CsmThreatsApiapiInstance=newCsmThreatsApi(defaultClient);// there is a valid "agent_rule" in the systemStringAGENT_RULE_DATA_ID=System.getenv("AGENT_RULE_DATA_ID");try{CloudWorkloadSecurityAgentRuleResponseresult=apiInstance.getCloudWorkloadSecurityAgentRule(AGENT_RULE_DATA_ID);System.out.println(result);}catch(ApiExceptione){System.err.println("Exception when calling CsmThreatsApi#getCloudWorkloadSecurityAgentRule");System.err.println("Status code: "+e.getCode());System.err.println("Reason: "+e.getResponseBody());System.err.println("Response headers: "+e.getResponseHeaders());e.printStackTrace();}}}
/**
* Get a Cloud Workload Security Agent rule returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);// there is a valid "agent_rule" in the system
constAGENT_RULE_DATA_ID=process.env.AGENT_RULE_DATA_IDasstring;constparams: v2.CSMThreatsApiGetCloudWorkloadSecurityAgentRuleRequest={agentRuleId: AGENT_RULE_DATA_ID,};apiInstance.getCloudWorkloadSecurityAgentRule(params).then((data: v2.CloudWorkloadSecurityAgentRuleResponse)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
"""
Get a CSM Threats Agent rule returns "OK" response
"""fromosimportenvironfromdatadog_api_clientimportApiClient,Configurationfromdatadog_api_client.v2.api.csm_threats_apiimportCSMThreatsApi# there is a valid "agent_rule_rc" in the systemAGENT_RULE_DATA_ID=environ["AGENT_RULE_DATA_ID"]configuration=Configuration()withApiClient(configuration)asapi_client:api_instance=CSMThreatsApi(api_client)response=api_instance.get_csm_threats_agent_rule(agent_rule_id=AGENT_RULE_DATA_ID,)print(response)
# Get a CSM Threats Agent rule returns "OK" responserequire"datadog_api_client"api_instance=DatadogAPIClient::V2::CSMThreatsAPI.new# there is a valid "agent_rule_rc" in the systemAGENT_RULE_DATA_ID=ENV["AGENT_RULE_DATA_ID"]papi_instance.get_csm_threats_agent_rule(AGENT_RULE_DATA_ID)
// Get a CSM Threats Agent rule returns "OK" response
packagemainimport("context""encoding/json""fmt""os""github.com/DataDog/datadog-api-client-go/v2/api/datadog""github.com/DataDog/datadog-api-client-go/v2/api/datadogV2")funcmain(){// there is a valid "agent_rule_rc" in the system
AgentRuleDataID:=os.Getenv("AGENT_RULE_DATA_ID")ctx:=datadog.NewDefaultContext(context.Background())configuration:=datadog.NewConfiguration()apiClient:=datadog.NewAPIClient(configuration)api:=datadogV2.NewCSMThreatsApi(apiClient)resp,r,err:=api.GetCSMThreatsAgentRule(ctx,AgentRuleDataID)iferr!=nil{fmt.Fprintf(os.Stderr,"Error when calling `CSMThreatsApi.GetCSMThreatsAgentRule`: %v\n",err)fmt.Fprintf(os.Stderr,"Full HTTP response: %v\n",r)}responseContent,_:=json.MarshalIndent(resp,""," ")fmt.Fprintf(os.Stdout,"Response from `CSMThreatsApi.GetCSMThreatsAgentRule`:\n%s\n",responseContent)}
// Get a CSM Threats Agent rule returns "OK" responseimportcom.datadog.api.client.ApiClient;importcom.datadog.api.client.ApiException;importcom.datadog.api.client.v2.api.CsmThreatsApi;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleResponse;publicclassExample{publicstaticvoidmain(String[]args){ApiClientdefaultClient=ApiClient.getDefaultApiClient();CsmThreatsApiapiInstance=newCsmThreatsApi(defaultClient);// there is a valid "agent_rule_rc" in the systemStringAGENT_RULE_DATA_ID=System.getenv("AGENT_RULE_DATA_ID");try{CloudWorkloadSecurityAgentRuleResponseresult=apiInstance.getCSMThreatsAgentRule(AGENT_RULE_DATA_ID);System.out.println(result);}catch(ApiExceptione){System.err.println("Exception when calling CsmThreatsApi#getCSMThreatsAgentRule");System.err.println("Status code: "+e.getCode());System.err.println("Reason: "+e.getResponseBody());System.err.println("Response headers: "+e.getResponseHeaders());e.printStackTrace();}}}
// Get a CSM Threats Agent rule returns "OK" response
usedatadog_api_client::datadog;usedatadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;#[tokio::main]asyncfnmain(){// there is a valid "agent_rule_rc" in the system
letagent_rule_data_id=std::env::var("AGENT_RULE_DATA_ID").unwrap();letconfiguration=datadog::Configuration::new();letapi=CSMThreatsAPI::with_config(configuration);letresp=api.get_csm_threats_agent_rule(agent_rule_data_id.clone()).await;ifletOk(value)=resp{println!("{:#?}",value);}else{println!("{:#?}",resp.unwrap_err());}}
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
/**
* Get a CSM Threats Agent rule returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);// there is a valid "agent_rule_rc" in the system
constAGENT_RULE_DATA_ID=process.env.AGENT_RULE_DATA_IDasstring;constparams: v2.CSMThreatsApiGetCSMThreatsAgentRuleRequest={agentRuleId: AGENT_RULE_DATA_ID,};apiInstance.getCSMThreatsAgentRule(params).then((data: v2.CloudWorkloadSecurityAgentRuleResponse)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
/**
* Get all Cloud Workload Security Agent rules returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);apiInstance.listCloudWorkloadSecurityAgentRules().then((data: v2.CloudWorkloadSecurityAgentRulesListResponse)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
# Get all CSM Threats Agent rules returns "OK" responserequire"datadog_api_client"api_instance=DatadogAPIClient::V2::CSMThreatsAPI.newpapi_instance.list_csm_threats_agent_rules()
/**
* Get all CSM Threats Agent rules returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);apiInstance.listCSMThreatsAgentRules().then((data: v2.CloudWorkloadSecurityAgentRulesListResponse)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
/**
* Create a Cloud Workload Security Agent rule returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);constparams: v2.CSMThreatsApiCreateCloudWorkloadSecurityAgentRuleRequest={body:{data:{attributes:{description:"Test Agent rule",enabled: true,expression:`exec.file.name == "sh"`,name:"examplecsmthreat",},type:"agent_rule",},},};apiInstance.createCloudWorkloadSecurityAgentRule(params).then((data: v2.CloudWorkloadSecurityAgentRuleResponse)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
/**
* Create a CSM Threats Agent rule returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);constparams: v2.CSMThreatsApiCreateCSMThreatsAgentRuleRequest={body:{data:{attributes:{description:"My Agent rule",enabled: true,expression:`exec.file.name == "sh"`,filters:[`os == "linux"`],name:"examplecsmthreat",},type:"agent_rule",},},};apiInstance.createCSMThreatsAgentRule(params).then((data: v2.CloudWorkloadSecurityAgentRuleResponse)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
Update a specific Agent rule.
Returns the Agent rule object when the request is successful.
This endpoint requires the security_monitoring_cws_agent_rules_write permission.
// Update a Cloud Workload Security Agent rule returns "OK" response
packagemainimport("context""encoding/json""fmt""os""github.com/DataDog/datadog-api-client-go/v2/api/datadog""github.com/DataDog/datadog-api-client-go/v2/api/datadogV2")funcmain(){// there is a valid "agent_rule" in the system
AgentRuleDataID:=os.Getenv("AGENT_RULE_DATA_ID")body:=datadogV2.CloudWorkloadSecurityAgentRuleUpdateRequest{Data:datadogV2.CloudWorkloadSecurityAgentRuleUpdateData{Attributes:datadogV2.CloudWorkloadSecurityAgentRuleUpdateAttributes{Description:datadog.PtrString("Test Agent rule"),Enabled:datadog.PtrBool(true),Expression:datadog.PtrString(`exec.file.name == "sh"`),},Type:datadogV2.CLOUDWORKLOADSECURITYAGENTRULETYPE_AGENT_RULE,Id:datadog.PtrString(AgentRuleDataID),},}ctx:=datadog.NewDefaultContext(context.Background())configuration:=datadog.NewConfiguration()apiClient:=datadog.NewAPIClient(configuration)api:=datadogV2.NewCSMThreatsApi(apiClient)resp,r,err:=api.UpdateCloudWorkloadSecurityAgentRule(ctx,AgentRuleDataID,body)iferr!=nil{fmt.Fprintf(os.Stderr,"Error when calling `CSMThreatsApi.UpdateCloudWorkloadSecurityAgentRule`: %v\n",err)fmt.Fprintf(os.Stderr,"Full HTTP response: %v\n",r)}responseContent,_:=json.MarshalIndent(resp,""," ")fmt.Fprintf(os.Stdout,"Response from `CSMThreatsApi.UpdateCloudWorkloadSecurityAgentRule`:\n%s\n",responseContent)}
// Update a Cloud Workload Security Agent rule returns "OK" responseimportcom.datadog.api.client.ApiClient;importcom.datadog.api.client.ApiException;importcom.datadog.api.client.v2.api.CsmThreatsApi;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleResponse;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleType;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleUpdateAttributes;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleUpdateData;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleUpdateRequest;publicclassExample{publicstaticvoidmain(String[]args){ApiClientdefaultClient=ApiClient.getDefaultApiClient();CsmThreatsApiapiInstance=newCsmThreatsApi(defaultClient);// there is a valid "agent_rule" in the systemStringAGENT_RULE_DATA_ID=System.getenv("AGENT_RULE_DATA_ID");CloudWorkloadSecurityAgentRuleUpdateRequestbody=newCloudWorkloadSecurityAgentRuleUpdateRequest().data(newCloudWorkloadSecurityAgentRuleUpdateData().attributes(newCloudWorkloadSecurityAgentRuleUpdateAttributes().description("Test Agent rule").enabled(true).expression("""
exec.file.name == "sh"
""")).type(CloudWorkloadSecurityAgentRuleType.AGENT_RULE).id(AGENT_RULE_DATA_ID));try{CloudWorkloadSecurityAgentRuleResponseresult=apiInstance.updateCloudWorkloadSecurityAgentRule(AGENT_RULE_DATA_ID,body);System.out.println(result);}catch(ApiExceptione){System.err.println("Exception when calling CsmThreatsApi#updateCloudWorkloadSecurityAgentRule");System.err.println("Status code: "+e.getCode());System.err.println("Reason: "+e.getResponseBody());System.err.println("Response headers: "+e.getResponseHeaders());e.printStackTrace();}}}
"""
Update a Cloud Workload Security Agent rule returns "OK" response
"""fromosimportenvironfromdatadog_api_clientimportApiClient,Configurationfromdatadog_api_client.v2.api.csm_threats_apiimportCSMThreatsApifromdatadog_api_client.v2.model.cloud_workload_security_agent_rule_typeimportCloudWorkloadSecurityAgentRuleTypefromdatadog_api_client.v2.model.cloud_workload_security_agent_rule_update_attributesimport(CloudWorkloadSecurityAgentRuleUpdateAttributes,)fromdatadog_api_client.v2.model.cloud_workload_security_agent_rule_update_dataimport(CloudWorkloadSecurityAgentRuleUpdateData,)fromdatadog_api_client.v2.model.cloud_workload_security_agent_rule_update_requestimport(CloudWorkloadSecurityAgentRuleUpdateRequest,)# there is a valid "agent_rule" in the systemAGENT_RULE_DATA_ID=environ["AGENT_RULE_DATA_ID"]body=CloudWorkloadSecurityAgentRuleUpdateRequest(data=CloudWorkloadSecurityAgentRuleUpdateData(attributes=CloudWorkloadSecurityAgentRuleUpdateAttributes(description="Test Agent rule",enabled=True,expression='exec.file.name == "sh"',),type=CloudWorkloadSecurityAgentRuleType.AGENT_RULE,id=AGENT_RULE_DATA_ID,),)configuration=Configuration()withApiClient(configuration)asapi_client:api_instance=CSMThreatsApi(api_client)response=api_instance.update_cloud_workload_security_agent_rule(agent_rule_id=AGENT_RULE_DATA_ID,body=body)print(response)
# Update a Cloud Workload Security Agent rule returns "OK" responserequire"datadog_api_client"api_instance=DatadogAPIClient::V2::CSMThreatsAPI.new# there is a valid "agent_rule" in the systemAGENT_RULE_DATA_ID=ENV["AGENT_RULE_DATA_ID"]body=DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateRequest.new({data:DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateData.new({attributes:DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateAttributes.new({description:"Test Agent rule",enabled:true,expression:'exec.file.name == "sh"',}),type:DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleType::AGENT_RULE,id:AGENT_RULE_DATA_ID,}),})papi_instance.update_cloud_workload_security_agent_rule(AGENT_RULE_DATA_ID,body)
// Update a Cloud Workload Security Agent rule returns "OK" response
usedatadog_api_client::datadog;usedatadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;usedatadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleType;usedatadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleUpdateAttributes;usedatadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleUpdateData;usedatadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleUpdateRequest;#[tokio::main]asyncfnmain(){// there is a valid "agent_rule" in the system
letagent_rule_data_id=std::env::var("AGENT_RULE_DATA_ID").unwrap();letbody=CloudWorkloadSecurityAgentRuleUpdateRequest::new(CloudWorkloadSecurityAgentRuleUpdateData::new(CloudWorkloadSecurityAgentRuleUpdateAttributes::new().description("Test Agent rule".to_string()).enabled(true).expression(r#"exec.file.name == "sh""#.to_string()),CloudWorkloadSecurityAgentRuleType::AGENT_RULE,).id(agent_rule_data_id.clone()),);letconfiguration=datadog::Configuration::new();letapi=CSMThreatsAPI::with_config(configuration);letresp=api.update_cloud_workload_security_agent_rule(agent_rule_data_id.clone(),body).await;ifletOk(value)=resp{println!("{:#?}",value);}else{println!("{:#?}",resp.unwrap_err());}}
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
/**
* Update a Cloud Workload Security Agent rule returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);// there is a valid "agent_rule" in the system
constAGENT_RULE_DATA_ID=process.env.AGENT_RULE_DATA_IDasstring;constparams: v2.CSMThreatsApiUpdateCloudWorkloadSecurityAgentRuleRequest={body:{data:{attributes:{description:"Test Agent rule",enabled: true,expression:`exec.file.name == "sh"`,},type:"agent_rule",id: AGENT_RULE_DATA_ID,},},agentRuleId: AGENT_RULE_DATA_ID,};apiInstance.updateCloudWorkloadSecurityAgentRule(params).then((data: v2.CloudWorkloadSecurityAgentRuleResponse)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
// Update a CSM Threats Agent rule returns "OK" response
packagemainimport("context""encoding/json""fmt""os""github.com/DataDog/datadog-api-client-go/v2/api/datadog""github.com/DataDog/datadog-api-client-go/v2/api/datadogV2")funcmain(){// there is a valid "agent_rule_rc" in the system
AgentRuleDataID:=os.Getenv("AGENT_RULE_DATA_ID")body:=datadogV2.CloudWorkloadSecurityAgentRuleUpdateRequest{Data:datadogV2.CloudWorkloadSecurityAgentRuleUpdateData{Attributes:datadogV2.CloudWorkloadSecurityAgentRuleUpdateAttributes{Description:datadog.PtrString("Test Agent rule"),Enabled:datadog.PtrBool(true),Expression:datadog.PtrString(`exec.file.name == "sh"`),},Type:datadogV2.CLOUDWORKLOADSECURITYAGENTRULETYPE_AGENT_RULE,Id:datadog.PtrString(AgentRuleDataID),},}ctx:=datadog.NewDefaultContext(context.Background())configuration:=datadog.NewConfiguration()apiClient:=datadog.NewAPIClient(configuration)api:=datadogV2.NewCSMThreatsApi(apiClient)resp,r,err:=api.UpdateCSMThreatsAgentRule(ctx,AgentRuleDataID,body)iferr!=nil{fmt.Fprintf(os.Stderr,"Error when calling `CSMThreatsApi.UpdateCSMThreatsAgentRule`: %v\n",err)fmt.Fprintf(os.Stderr,"Full HTTP response: %v\n",r)}responseContent,_:=json.MarshalIndent(resp,""," ")fmt.Fprintf(os.Stdout,"Response from `CSMThreatsApi.UpdateCSMThreatsAgentRule`:\n%s\n",responseContent)}
// Update a CSM Threats Agent rule returns "OK" responseimportcom.datadog.api.client.ApiClient;importcom.datadog.api.client.ApiException;importcom.datadog.api.client.v2.api.CsmThreatsApi;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleResponse;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleType;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleUpdateAttributes;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleUpdateData;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleUpdateRequest;publicclassExample{publicstaticvoidmain(String[]args){ApiClientdefaultClient=ApiClient.getDefaultApiClient();CsmThreatsApiapiInstance=newCsmThreatsApi(defaultClient);// there is a valid "agent_rule_rc" in the systemStringAGENT_RULE_DATA_ID=System.getenv("AGENT_RULE_DATA_ID");CloudWorkloadSecurityAgentRuleUpdateRequestbody=newCloudWorkloadSecurityAgentRuleUpdateRequest().data(newCloudWorkloadSecurityAgentRuleUpdateData().attributes(newCloudWorkloadSecurityAgentRuleUpdateAttributes().description("Test Agent rule").enabled(true).expression("""
exec.file.name == "sh"
""")).type(CloudWorkloadSecurityAgentRuleType.AGENT_RULE).id(AGENT_RULE_DATA_ID));try{CloudWorkloadSecurityAgentRuleResponseresult=apiInstance.updateCSMThreatsAgentRule(AGENT_RULE_DATA_ID,body);System.out.println(result);}catch(ApiExceptione){System.err.println("Exception when calling CsmThreatsApi#updateCSMThreatsAgentRule");System.err.println("Status code: "+e.getCode());System.err.println("Reason: "+e.getResponseBody());System.err.println("Response headers: "+e.getResponseHeaders());e.printStackTrace();}}}
"""
Update a CSM Threats Agent rule returns "OK" response
"""fromosimportenvironfromdatadog_api_clientimportApiClient,Configurationfromdatadog_api_client.v2.api.csm_threats_apiimportCSMThreatsApifromdatadog_api_client.v2.model.cloud_workload_security_agent_rule_typeimportCloudWorkloadSecurityAgentRuleTypefromdatadog_api_client.v2.model.cloud_workload_security_agent_rule_update_attributesimport(CloudWorkloadSecurityAgentRuleUpdateAttributes,)fromdatadog_api_client.v2.model.cloud_workload_security_agent_rule_update_dataimport(CloudWorkloadSecurityAgentRuleUpdateData,)fromdatadog_api_client.v2.model.cloud_workload_security_agent_rule_update_requestimport(CloudWorkloadSecurityAgentRuleUpdateRequest,)# there is a valid "agent_rule_rc" in the systemAGENT_RULE_DATA_ID=environ["AGENT_RULE_DATA_ID"]body=CloudWorkloadSecurityAgentRuleUpdateRequest(data=CloudWorkloadSecurityAgentRuleUpdateData(attributes=CloudWorkloadSecurityAgentRuleUpdateAttributes(description="Test Agent rule",enabled=True,expression='exec.file.name == "sh"',),type=CloudWorkloadSecurityAgentRuleType.AGENT_RULE,id=AGENT_RULE_DATA_ID,),)configuration=Configuration()withApiClient(configuration)asapi_client:api_instance=CSMThreatsApi(api_client)response=api_instance.update_csm_threats_agent_rule(agent_rule_id=AGENT_RULE_DATA_ID,body=body)print(response)
# Update a CSM Threats Agent rule returns "OK" responserequire"datadog_api_client"api_instance=DatadogAPIClient::V2::CSMThreatsAPI.new# there is a valid "agent_rule_rc" in the systemAGENT_RULE_DATA_ID=ENV["AGENT_RULE_DATA_ID"]body=DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateRequest.new({data:DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateData.new({attributes:DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateAttributes.new({description:"Test Agent rule",enabled:true,expression:'exec.file.name == "sh"',}),type:DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleType::AGENT_RULE,id:AGENT_RULE_DATA_ID,}),})papi_instance.update_csm_threats_agent_rule(AGENT_RULE_DATA_ID,body)
// Update a CSM Threats Agent rule returns "OK" response
usedatadog_api_client::datadog;usedatadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;usedatadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleType;usedatadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleUpdateAttributes;usedatadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleUpdateData;usedatadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleUpdateRequest;#[tokio::main]asyncfnmain(){// there is a valid "agent_rule_rc" in the system
letagent_rule_data_id=std::env::var("AGENT_RULE_DATA_ID").unwrap();letbody=CloudWorkloadSecurityAgentRuleUpdateRequest::new(CloudWorkloadSecurityAgentRuleUpdateData::new(CloudWorkloadSecurityAgentRuleUpdateAttributes::new().description("Test Agent rule".to_string()).enabled(true).expression(r#"exec.file.name == "sh""#.to_string()),CloudWorkloadSecurityAgentRuleType::AGENT_RULE,).id(agent_rule_data_id.clone()),);letconfiguration=datadog::Configuration::new();letapi=CSMThreatsAPI::with_config(configuration);letresp=api.update_csm_threats_agent_rule(agent_rule_data_id.clone(),body).await;ifletOk(value)=resp{println!("{:#?}",value);}else{println!("{:#?}",resp.unwrap_err());}}
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
/**
* Update a CSM Threats Agent rule returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);// there is a valid "agent_rule_rc" in the system
constAGENT_RULE_DATA_ID=process.env.AGENT_RULE_DATA_IDasstring;constparams: v2.CSMThreatsApiUpdateCSMThreatsAgentRuleRequest={body:{data:{attributes:{description:"Test Agent rule",enabled: true,expression:`exec.file.name == "sh"`,},type:"agent_rule",id: AGENT_RULE_DATA_ID,},},agentRuleId: AGENT_RULE_DATA_ID,};apiInstance.updateCSMThreatsAgentRule(params).then((data: v2.CloudWorkloadSecurityAgentRuleResponse)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
"""
Delete a Cloud Workload Security Agent rule returns "OK" response
"""fromosimportenvironfromdatadog_api_clientimportApiClient,Configurationfromdatadog_api_client.v2.api.csm_threats_apiimportCSMThreatsApi# there is a valid "agent_rule" in the systemAGENT_RULE_DATA_ID=environ["AGENT_RULE_DATA_ID"]configuration=Configuration()withApiClient(configuration)asapi_client:api_instance=CSMThreatsApi(api_client)api_instance.delete_cloud_workload_security_agent_rule(agent_rule_id=AGENT_RULE_DATA_ID,)
# Delete a Cloud Workload Security Agent rule returns "OK" responserequire"datadog_api_client"api_instance=DatadogAPIClient::V2::CSMThreatsAPI.new# there is a valid "agent_rule" in the systemAGENT_RULE_DATA_ID=ENV["AGENT_RULE_DATA_ID"]api_instance.delete_cloud_workload_security_agent_rule(AGENT_RULE_DATA_ID)
// Delete a Cloud Workload Security Agent rule returns "OK" response
packagemainimport("context""fmt""os""github.com/DataDog/datadog-api-client-go/v2/api/datadog""github.com/DataDog/datadog-api-client-go/v2/api/datadogV2")funcmain(){// there is a valid "agent_rule" in the system
AgentRuleDataID:=os.Getenv("AGENT_RULE_DATA_ID")ctx:=datadog.NewDefaultContext(context.Background())configuration:=datadog.NewConfiguration()apiClient:=datadog.NewAPIClient(configuration)api:=datadogV2.NewCSMThreatsApi(apiClient)r,err:=api.DeleteCloudWorkloadSecurityAgentRule(ctx,AgentRuleDataID)iferr!=nil{fmt.Fprintf(os.Stderr,"Error when calling `CSMThreatsApi.DeleteCloudWorkloadSecurityAgentRule`: %v\n",err)fmt.Fprintf(os.Stderr,"Full HTTP response: %v\n",r)}}
// Delete a Cloud Workload Security Agent rule returns "OK" responseimportcom.datadog.api.client.ApiClient;importcom.datadog.api.client.ApiException;importcom.datadog.api.client.v2.api.CsmThreatsApi;publicclassExample{publicstaticvoidmain(String[]args){ApiClientdefaultClient=ApiClient.getDefaultApiClient();CsmThreatsApiapiInstance=newCsmThreatsApi(defaultClient);// there is a valid "agent_rule" in the systemStringAGENT_RULE_DATA_ID=System.getenv("AGENT_RULE_DATA_ID");try{apiInstance.deleteCloudWorkloadSecurityAgentRule(AGENT_RULE_DATA_ID);}catch(ApiExceptione){System.err.println("Exception when calling CsmThreatsApi#deleteCloudWorkloadSecurityAgentRule");System.err.println("Status code: "+e.getCode());System.err.println("Reason: "+e.getResponseBody());System.err.println("Response headers: "+e.getResponseHeaders());e.printStackTrace();}}}
// Delete a Cloud Workload Security Agent rule returns "OK" response
usedatadog_api_client::datadog;usedatadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;#[tokio::main]asyncfnmain(){// there is a valid "agent_rule" in the system
letagent_rule_data_id=std::env::var("AGENT_RULE_DATA_ID").unwrap();letconfiguration=datadog::Configuration::new();letapi=CSMThreatsAPI::with_config(configuration);letresp=api.delete_cloud_workload_security_agent_rule(agent_rule_data_id.clone()).await;ifletOk(value)=resp{println!("{:#?}",value);}else{println!("{:#?}",resp.unwrap_err());}}
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
/**
* Delete a Cloud Workload Security Agent rule returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);// there is a valid "agent_rule" in the system
constAGENT_RULE_DATA_ID=process.env.AGENT_RULE_DATA_IDasstring;constparams: v2.CSMThreatsApiDeleteCloudWorkloadSecurityAgentRuleRequest={agentRuleId: AGENT_RULE_DATA_ID,};apiInstance.deleteCloudWorkloadSecurityAgentRule(params).then((data: any)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
"""
Delete a CSM Threats Agent rule returns "OK" response
"""fromosimportenvironfromdatadog_api_clientimportApiClient,Configurationfromdatadog_api_client.v2.api.csm_threats_apiimportCSMThreatsApi# there is a valid "agent_rule_rc" in the systemAGENT_RULE_DATA_ID=environ["AGENT_RULE_DATA_ID"]configuration=Configuration()withApiClient(configuration)asapi_client:api_instance=CSMThreatsApi(api_client)api_instance.delete_csm_threats_agent_rule(agent_rule_id=AGENT_RULE_DATA_ID,)
# Delete a CSM Threats Agent rule returns "OK" responserequire"datadog_api_client"api_instance=DatadogAPIClient::V2::CSMThreatsAPI.new# there is a valid "agent_rule_rc" in the systemAGENT_RULE_DATA_ID=ENV["AGENT_RULE_DATA_ID"]api_instance.delete_csm_threats_agent_rule(AGENT_RULE_DATA_ID)
// Delete a CSM Threats Agent rule returns "OK" response
packagemainimport("context""fmt""os""github.com/DataDog/datadog-api-client-go/v2/api/datadog""github.com/DataDog/datadog-api-client-go/v2/api/datadogV2")funcmain(){// there is a valid "agent_rule_rc" in the system
AgentRuleDataID:=os.Getenv("AGENT_RULE_DATA_ID")ctx:=datadog.NewDefaultContext(context.Background())configuration:=datadog.NewConfiguration()apiClient:=datadog.NewAPIClient(configuration)api:=datadogV2.NewCSMThreatsApi(apiClient)r,err:=api.DeleteCSMThreatsAgentRule(ctx,AgentRuleDataID)iferr!=nil{fmt.Fprintf(os.Stderr,"Error when calling `CSMThreatsApi.DeleteCSMThreatsAgentRule`: %v\n",err)fmt.Fprintf(os.Stderr,"Full HTTP response: %v\n",r)}}
// Delete a CSM Threats Agent rule returns "OK" responseimportcom.datadog.api.client.ApiClient;importcom.datadog.api.client.ApiException;importcom.datadog.api.client.v2.api.CsmThreatsApi;publicclassExample{publicstaticvoidmain(String[]args){ApiClientdefaultClient=ApiClient.getDefaultApiClient();CsmThreatsApiapiInstance=newCsmThreatsApi(defaultClient);// there is a valid "agent_rule_rc" in the systemStringAGENT_RULE_DATA_ID=System.getenv("AGENT_RULE_DATA_ID");try{apiInstance.deleteCSMThreatsAgentRule(AGENT_RULE_DATA_ID);}catch(ApiExceptione){System.err.println("Exception when calling CsmThreatsApi#deleteCSMThreatsAgentRule");System.err.println("Status code: "+e.getCode());System.err.println("Reason: "+e.getResponseBody());System.err.println("Response headers: "+e.getResponseHeaders());e.printStackTrace();}}}
// Delete a CSM Threats Agent rule returns "OK" response
usedatadog_api_client::datadog;usedatadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;#[tokio::main]asyncfnmain(){// there is a valid "agent_rule_rc" in the system
letagent_rule_data_id=std::env::var("AGENT_RULE_DATA_ID").unwrap();letconfiguration=datadog::Configuration::new();letapi=CSMThreatsAPI::with_config(configuration);letresp=api.delete_csm_threats_agent_rule(agent_rule_data_id.clone()).await;ifletOk(value)=resp{println!("{:#?}",value);}else{println!("{:#?}",resp.unwrap_err());}}
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
/**
* Delete a CSM Threats Agent rule returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);// there is a valid "agent_rule_rc" in the system
constAGENT_RULE_DATA_ID=process.env.AGENT_RULE_DATA_IDasstring;constparams: v2.CSMThreatsApiDeleteCSMThreatsAgentRuleRequest={agentRuleId: AGENT_RULE_DATA_ID,};apiInstance.deleteCSMThreatsAgentRule(params).then((data: any)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));