CSM Threats

Cloud Security Management Threats (CSM Threats) monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. See Cloud Security Management Threats for more information on setting up CSM Threats.

GET https://api.ap1.datadoghq.com/api/v2/security/cloud_workload/policy/downloadhttps://api.datadoghq.eu/api/v2/security/cloud_workload/policy/downloadhttps://api.ddog-gov.com/api/v2/security/cloud_workload/policy/downloadhttps://api.datadoghq.com/api/v2/security/cloud_workload/policy/downloadhttps://api.us3.datadoghq.com/api/v2/security/cloud_workload/policy/downloadhttps://api.us5.datadoghq.com/api/v2/security/cloud_workload/policy/download

Présentation

The download endpoint generates a Cloud Workload Security policy file from your currently active Cloud Workload Security rules, and downloads them as a .policy file. This file can then be deployed to your Agents to update the policy running in your environment.

Réponse

OK

Expand All

Champ

Type

Description

No response body

{}

Not Authorized

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/cloud_workload/policy/download" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/policy/downloadhttps://api.datadoghq.eu/api/v2/remote_config/products/cws/policy/downloadhttps://api.ddog-gov.com/api/v2/remote_config/products/cws/policy/downloadhttps://api.datadoghq.com/api/v2/remote_config/products/cws/policy/downloadhttps://api.us3.datadoghq.com/api/v2/remote_config/products/cws/policy/downloadhttps://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy/download

Présentation

The download endpoint generates a CSM Threats policy file from your currently active CSM Threats rules, and downloads them as a .policy file. This file can then be deployed to your Agents to update the policy running in your environment.

Réponse

OK

Expand All

Champ

Type

Description

No response body

{}

Not Authorized

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy/download" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}

Présentation

Get the details of a specific Agent rule.

Arguments

Paramètres du chemin

Nom

Type

Description

agent_rule_id [required]

string

The ID of the Agent rule.

Réponse

OK

Response object that includes an Agent rule.

Expand All

Champ

Type

Description

data

object

Object for a single Agent rule.

attributes

object

A Cloud Workload Security Agent rule returned by the API.

actions

[object]

The array of actions the rule can perform if triggered.

filter

string

SECL expression used to target the container to apply the action on

kill

object

Kill system call applied on the container matching the rule

signal

string

Supported signals for the kill system call.

agentConstraint

string

The version of the agent.

category

string

The category of the Agent rule.

creationAuthorUuId

string

The ID of the user who created the rule.

creationDate

int64

When the Agent rule was created, timestamp in milliseconds.

creator

object

The attributes of the user who created the Agent rule.

handle

string

The handle of the user.

name

string

The name of the user.

defaultRule

boolean

Whether the rule is included by default.

description

string

The description of the Agent rule.

enabled

boolean

Whether the Agent rule is enabled.

expression

string

The SECL expression of the Agent rule.

filters

[string]

The platforms the Agent rule is supported on.

name

string

The name of the Agent rule.

updateAuthorUuId

string

The ID of the user who updated the rule.

updateDate

int64

Timestamp in milliseconds when the Agent rule was last updated.

updatedAt

int64

When the Agent rule was last updated, timestamp in milliseconds.

updater

object

The attributes of the user who last updated the Agent rule.

handle

string

The handle of the user.

name

string

The name of the user.

version

int64

The version of the Agent rule.

id

string

The ID of the Agent rule.

type

enum

The type of the resource. The value should always be agent_rule. Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "actions": [
        {
          "filter": "string",
          "kill": {
            "signal": "string"
          }
        }
      ],
      "agentConstraint": "string",
      "category": "Process Activity",
      "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "creationDate": 1624366480320,
      "creator": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "defaultRule": false,
      "description": "My Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \\\"sh\\\"",
      "filters": [],
      "name": "my_agent_rule",
      "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "updateDate": 1624366480320,
      "updatedAt": 1624366480320,
      "updater": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "version": 23
    },
    "id": "3dd-0uc-h1s",
    "type": "agent_rule"
  }
}

Not Authorized

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code

                  # Path parameters
export agent_rule_id="3b5-v82-ns6"
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/${agent_rule_id}" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}

Présentation

Get the details of a specific Cloud Security Management Threats Agent rule.

Arguments

Paramètres du chemin

Nom

Type

Description

agent_rule_id [required]

string

The ID of the Agent rule.

Réponse

OK

Response object that includes an Agent rule.

Expand All

Champ

Type

Description

data

object

Object for a single Agent rule.

attributes

object

A Cloud Workload Security Agent rule returned by the API.

actions

[object]

The array of actions the rule can perform if triggered.

filter

string

SECL expression used to target the container to apply the action on

kill

object

Kill system call applied on the container matching the rule

signal

string

Supported signals for the kill system call.

agentConstraint

string

The version of the agent.

category

string

The category of the Agent rule.

creationAuthorUuId

string

The ID of the user who created the rule.

creationDate

int64

When the Agent rule was created, timestamp in milliseconds.

creator

object

The attributes of the user who created the Agent rule.

handle

string

The handle of the user.

name

string

The name of the user.

defaultRule

boolean

Whether the rule is included by default.

description

string

The description of the Agent rule.

enabled

boolean

Whether the Agent rule is enabled.

expression

string

The SECL expression of the Agent rule.

filters

[string]

The platforms the Agent rule is supported on.

name

string

The name of the Agent rule.

updateAuthorUuId

string

The ID of the user who updated the rule.

updateDate

int64

Timestamp in milliseconds when the Agent rule was last updated.

updatedAt

int64

When the Agent rule was last updated, timestamp in milliseconds.

updater

object

The attributes of the user who last updated the Agent rule.

handle

string

The handle of the user.

name

string

The name of the user.

version

int64

The version of the Agent rule.

id

string

The ID of the Agent rule.

type

enum

The type of the resource. The value should always be agent_rule. Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "actions": [
        {
          "filter": "string",
          "kill": {
            "signal": "string"
          }
        }
      ],
      "agentConstraint": "string",
      "category": "Process Activity",
      "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "creationDate": 1624366480320,
      "creator": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "defaultRule": false,
      "description": "My Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \\\"sh\\\"",
      "filters": [],
      "name": "my_agent_rule",
      "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "updateDate": 1624366480320,
      "updatedAt": 1624366480320,
      "updater": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "version": 23
    },
    "id": "3dd-0uc-h1s",
    "type": "agent_rule"
  }
}

Not Authorized

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code

                  # Path parameters
export agent_rule_id="3b5-v82-ns6"
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/${agent_rule_id}" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules

Présentation

Get the list of Agent rules.

Réponse

OK

Response object that includes a list of Agent rule.

Expand All

Champ

Type

Description

data

[object]

A list of Agent rules objects.

attributes

object

A Cloud Workload Security Agent rule returned by the API.

actions

[object]

The array of actions the rule can perform if triggered.

filter

string

SECL expression used to target the container to apply the action on

kill

object

Kill system call applied on the container matching the rule

signal

string

Supported signals for the kill system call.

agentConstraint

string

The version of the agent.

category

string

The category of the Agent rule.

creationAuthorUuId

string

The ID of the user who created the rule.

creationDate

int64

When the Agent rule was created, timestamp in milliseconds.

creator

object

The attributes of the user who created the Agent rule.

handle

string

The handle of the user.

name

string

The name of the user.

defaultRule

boolean

Whether the rule is included by default.

description

string

The description of the Agent rule.

enabled

boolean

Whether the Agent rule is enabled.

expression

string

The SECL expression of the Agent rule.

filters

[string]

The platforms the Agent rule is supported on.

name

string

The name of the Agent rule.

updateAuthorUuId

string

The ID of the user who updated the rule.

updateDate

int64

Timestamp in milliseconds when the Agent rule was last updated.

updatedAt

int64

When the Agent rule was last updated, timestamp in milliseconds.

updater

object

The attributes of the user who last updated the Agent rule.

handle

string

The handle of the user.

name

string

The name of the user.

version

int64

The version of the Agent rule.

id

string

The ID of the Agent rule.

type

enum

The type of the resource. The value should always be agent_rule. Allowed enum values: agent_rule

default: agent_rule

{
  "data": [
    {
      "attributes": {
        "actions": [
          {
            "filter": "string",
            "kill": {
              "signal": "string"
            }
          }
        ],
        "agentConstraint": "string",
        "category": "Process Activity",
        "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
        "creationDate": 1624366480320,
        "creator": {
          "handle": "datadog.user@example.com",
          "name": "Datadog User"
        },
        "defaultRule": false,
        "description": "My Agent rule",
        "enabled": true,
        "expression": "exec.file.name == \\\"sh\\\"",
        "filters": [],
        "name": "my_agent_rule",
        "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
        "updateDate": 1624366480320,
        "updatedAt": 1624366480320,
        "updater": {
          "handle": "datadog.user@example.com",
          "name": "Datadog User"
        },
        "version": 23
      },
      "id": "3dd-0uc-h1s",
      "type": "agent_rule"
    }
  ]
}

Not Authorized

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_ruleshttps://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.datadoghq.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules

Présentation

Get the list of Cloud Security Management Threats Agent rules.

Réponse

OK

Response object that includes a list of Agent rule.

Expand All

Champ

Type

Description

data

[object]

A list of Agent rules objects.

attributes

object

A Cloud Workload Security Agent rule returned by the API.

actions

[object]

The array of actions the rule can perform if triggered.

filter

string

SECL expression used to target the container to apply the action on

kill

object

Kill system call applied on the container matching the rule

signal

string

Supported signals for the kill system call.

agentConstraint

string

The version of the agent.

category

string

The category of the Agent rule.

creationAuthorUuId

string

The ID of the user who created the rule.

creationDate

int64

When the Agent rule was created, timestamp in milliseconds.

creator

object

The attributes of the user who created the Agent rule.

handle

string

The handle of the user.

name

string

The name of the user.

defaultRule

boolean

Whether the rule is included by default.

description

string

The description of the Agent rule.

enabled

boolean

Whether the Agent rule is enabled.

expression

string

The SECL expression of the Agent rule.

filters

[string]

The platforms the Agent rule is supported on.

name

string

The name of the Agent rule.

updateAuthorUuId

string

The ID of the user who updated the rule.

updateDate

int64

Timestamp in milliseconds when the Agent rule was last updated.

updatedAt

int64

When the Agent rule was last updated, timestamp in milliseconds.

updater

object

The attributes of the user who last updated the Agent rule.

handle

string

The handle of the user.

name

string

The name of the user.

version

int64

The version of the Agent rule.

id

string

The ID of the Agent rule.

type

enum

The type of the resource. The value should always be agent_rule. Allowed enum values: agent_rule

default: agent_rule

{
  "data": [
    {
      "attributes": {
        "actions": [
          {
            "filter": "string",
            "kill": {
              "signal": "string"
            }
          }
        ],
        "agentConstraint": "string",
        "category": "Process Activity",
        "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
        "creationDate": 1624366480320,
        "creator": {
          "handle": "datadog.user@example.com",
          "name": "Datadog User"
        },
        "defaultRule": false,
        "description": "My Agent rule",
        "enabled": true,
        "expression": "exec.file.name == \\\"sh\\\"",
        "filters": [],
        "name": "my_agent_rule",
        "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
        "updateDate": 1624366480320,
        "updatedAt": 1624366480320,
        "updater": {
          "handle": "datadog.user@example.com",
          "name": "Datadog User"
        },
        "version": 23
      },
      "id": "3dd-0uc-h1s",
      "type": "agent_rule"
    }
  ]
}

Not Authorized

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules

Présentation

Create a new Agent rule with the given parameters.

Requête

Body Data (required)

The definition of the new Agent rule.

Expand All

Champ

Type

Description

data [required]

object

Object for a single Agent rule.

attributes [required]

object

Create a new Cloud Workload Security Agent rule.

description

string

The description of the Agent rule.

enabled

boolean

Whether the Agent rule is enabled.

expression [required]

string

The SECL expression of the Agent rule.

name [required]

string

The name of the Agent rule.

type [required]

enum

The type of the resource. The value should always be agent_rule. Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "description": "Test Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \"sh\"",
      "name": "examplecsmthreat"
    },
    "type": "agent_rule"
  }
}

Réponse

OK

Response object that includes an Agent rule.

Expand All

Champ

Type

Description

data

object

Object for a single Agent rule.

attributes

object

A Cloud Workload Security Agent rule returned by the API.

actions

[object]

The array of actions the rule can perform if triggered.

filter

string

SECL expression used to target the container to apply the action on

kill

object

Kill system call applied on the container matching the rule

signal

string

Supported signals for the kill system call.

agentConstraint

string

The version of the agent.

category

string

The category of the Agent rule.

creationAuthorUuId

string

The ID of the user who created the rule.

creationDate

int64

When the Agent rule was created, timestamp in milliseconds.

creator

object

The attributes of the user who created the Agent rule.

handle

string

The handle of the user.

name

string

The name of the user.

defaultRule

boolean

Whether the rule is included by default.

description

string

The description of the Agent rule.

enabled

boolean

Whether the Agent rule is enabled.

expression

string

The SECL expression of the Agent rule.

filters

[string]

The platforms the Agent rule is supported on.

name

string

The name of the Agent rule.

updateAuthorUuId

string

The ID of the user who updated the rule.

updateDate

int64

Timestamp in milliseconds when the Agent rule was last updated.

updatedAt

int64

When the Agent rule was last updated, timestamp in milliseconds.

updater

object

The attributes of the user who last updated the Agent rule.

handle

string

The handle of the user.

name

string

The name of the user.

version

int64

The version of the Agent rule.

id

string

The ID of the Agent rule.

type

enum

The type of the resource. The value should always be agent_rule. Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "actions": [
        {
          "filter": "string",
          "kill": {
            "signal": "string"
          }
        }
      ],
      "agentConstraint": "string",
      "category": "Process Activity",
      "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "creationDate": 1624366480320,
      "creator": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "defaultRule": false,
      "description": "My Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \\\"sh\\\"",
      "filters": [],
      "name": "my_agent_rule",
      "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "updateDate": 1624366480320,
      "updatedAt": 1624366480320,
      "updater": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "version": 23
    },
    "id": "3dd-0uc-h1s",
    "type": "agent_rule"
  }
}

Bad Request

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Conflict

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code

                          # Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "description": "Test Agent rule", "enabled": true, "expression": "exec.file.name == \"sh\"", "name": "examplecsmthreat" }, "type": "agent_rule" } } EOF

POST https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_ruleshttps://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.datadoghq.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules

Présentation

Create a new Cloud Security Management Threats Agent rule with the given parameters.

Requête

Body Data (required)

The definition of the new Agent rule.

Expand All

Champ

Type

Description

data [required]

object

Object for a single Agent rule.

attributes [required]

object

Create a new Cloud Workload Security Agent rule.

description

string

The description of the Agent rule.

enabled

boolean

Whether the Agent rule is enabled.

expression [required]

string

The SECL expression of the Agent rule.

name [required]

string

The name of the Agent rule.

type [required]

enum

The type of the resource. The value should always be agent_rule. Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "description": "My Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \"sh\"",
      "name": "examplecsmthreat"
    },
    "type": "agent_rule"
  }
}

Réponse

OK

Response object that includes an Agent rule.

Expand All

Champ

Type

Description

data

object

Object for a single Agent rule.

attributes

object

A Cloud Workload Security Agent rule returned by the API.

actions

[object]

The array of actions the rule can perform if triggered.

filter

string

SECL expression used to target the container to apply the action on

kill

object

Kill system call applied on the container matching the rule

signal

string

Supported signals for the kill system call.

agentConstraint

string

The version of the agent.

category

string

The category of the Agent rule.

creationAuthorUuId

string

The ID of the user who created the rule.

creationDate

int64

When the Agent rule was created, timestamp in milliseconds.

creator

object

The attributes of the user who created the Agent rule.

handle

string

The handle of the user.

name

string

The name of the user.

defaultRule

boolean

Whether the rule is included by default.

description

string

The description of the Agent rule.

enabled

boolean

Whether the Agent rule is enabled.

expression

string

The SECL expression of the Agent rule.

filters

[string]

The platforms the Agent rule is supported on.

name

string

The name of the Agent rule.

updateAuthorUuId

string

The ID of the user who updated the rule.

updateDate

int64

Timestamp in milliseconds when the Agent rule was last updated.

updatedAt

int64

When the Agent rule was last updated, timestamp in milliseconds.

updater

object

The attributes of the user who last updated the Agent rule.

handle

string

The handle of the user.

name

string

The name of the user.

version

int64

The version of the Agent rule.

id

string

The ID of the Agent rule.

type

enum

The type of the resource. The value should always be agent_rule. Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "actions": [
        {
          "filter": "string",
          "kill": {
            "signal": "string"
          }
        }
      ],
      "agentConstraint": "string",
      "category": "Process Activity",
      "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "creationDate": 1624366480320,
      "creator": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "defaultRule": false,
      "description": "My Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \\\"sh\\\"",
      "filters": [],
      "name": "my_agent_rule",
      "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "updateDate": 1624366480320,
      "updatedAt": 1624366480320,
      "updater": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "version": 23
    },
    "id": "3dd-0uc-h1s",
    "type": "agent_rule"
  }
}

Bad Request

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Conflict

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code

                          # Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "description": "My Agent rule", "enabled": true, "expression": "exec.file.name == \"sh\"", "name": "examplecsmthreat" }, "type": "agent_rule" } } EOF

PATCH https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}

Présentation

Update a specific Agent rule. Returns the Agent rule object when the request is successful.

Arguments

Paramètres du chemin

Nom

Type

Description

agent_rule_id [required]

string

The ID of the Agent rule.

Requête

Body Data (required)

New definition of the Agent rule.

Expand All

Champ

Type

Description

data [required]

object

Object for a single Agent rule.

attributes [required]

object

Update an existing Cloud Workload Security Agent rule.

description

string

The description of the Agent rule.

enabled

boolean

Whether the Agent rule is enabled.

expression

string

The SECL expression of the Agent rule.

id

string

The ID of the agent rule.

type [required]

enum

The type of the resource. The value should always be agent_rule. Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "description": "Test Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \"sh\""
    },
    "type": "agent_rule"
  }
}

Réponse

OK

Response object that includes an Agent rule.

Expand All

Champ

Type

Description

data

object

Object for a single Agent rule.

attributes

object

A Cloud Workload Security Agent rule returned by the API.

actions

[object]

The array of actions the rule can perform if triggered.

filter

string

SECL expression used to target the container to apply the action on

kill

object

Kill system call applied on the container matching the rule

signal

string

Supported signals for the kill system call.

agentConstraint

string

The version of the agent.

category

string

The category of the Agent rule.

creationAuthorUuId

string

The ID of the user who created the rule.

creationDate

int64

When the Agent rule was created, timestamp in milliseconds.

creator

object

The attributes of the user who created the Agent rule.

handle

string

The handle of the user.

name

string

The name of the user.

defaultRule

boolean

Whether the rule is included by default.

description

string

The description of the Agent rule.

enabled

boolean

Whether the Agent rule is enabled.

expression

string

The SECL expression of the Agent rule.

filters

[string]

The platforms the Agent rule is supported on.

name

string

The name of the Agent rule.

updateAuthorUuId

string

The ID of the user who updated the rule.

updateDate

int64

Timestamp in milliseconds when the Agent rule was last updated.

updatedAt

int64

When the Agent rule was last updated, timestamp in milliseconds.

updater

object

The attributes of the user who last updated the Agent rule.

handle

string

The handle of the user.

name

string

The name of the user.

version

int64

The version of the Agent rule.

id

string

The ID of the Agent rule.

type

enum

The type of the resource. The value should always be agent_rule. Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "actions": [
        {
          "filter": "string",
          "kill": {
            "signal": "string"
          }
        }
      ],
      "agentConstraint": "string",
      "category": "Process Activity",
      "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "creationDate": 1624366480320,
      "creator": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "defaultRule": false,
      "description": "My Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \\\"sh\\\"",
      "filters": [],
      "name": "my_agent_rule",
      "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "updateDate": 1624366480320,
      "updatedAt": 1624366480320,
      "updater": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "version": 23
    },
    "id": "3dd-0uc-h1s",
    "type": "agent_rule"
  }
}

Bad Request

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Concurrent Modification

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code

                          # Path parameters
export agent_rule_id="3b5-v82-ns6"
# Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/${agent_rule_id}" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "description": "Test Agent rule", "enabled": true, "expression": "exec.file.name == \"sh\"" }, "type": "agent_rule" } } EOF

PATCH https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}

Présentation

Update a specific Cloud Security Management Threats Agent rule. Returns the Agent rule object when the request is successful.

Arguments

Paramètres du chemin

Nom

Type

Description

agent_rule_id [required]

string

The ID of the Agent rule.

Requête

Body Data (required)

New definition of the Agent rule.

Expand All

Champ

Type

Description

data [required]

object

Object for a single Agent rule.

attributes [required]

object

Update an existing Cloud Workload Security Agent rule.

description

string

The description of the Agent rule.

enabled

boolean

Whether the Agent rule is enabled.

expression

string

The SECL expression of the Agent rule.

id

string

The ID of the agent rule.

type [required]

enum

The type of the resource. The value should always be agent_rule. Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "description": "Test Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \"sh\""
    },
    "type": "agent_rule",
    "id": "3dd-0uc-h1s"
  }
}

Réponse

OK

Response object that includes an Agent rule.

Expand All

Champ

Type

Description

data

object

Object for a single Agent rule.

attributes

object

A Cloud Workload Security Agent rule returned by the API.

actions

[object]

The array of actions the rule can perform if triggered.

filter

string

SECL expression used to target the container to apply the action on

kill

object

Kill system call applied on the container matching the rule

signal

string

Supported signals for the kill system call.

agentConstraint

string

The version of the agent.

category

string

The category of the Agent rule.

creationAuthorUuId

string

The ID of the user who created the rule.

creationDate

int64

When the Agent rule was created, timestamp in milliseconds.

creator

object

The attributes of the user who created the Agent rule.

handle

string

The handle of the user.

name

string

The name of the user.

defaultRule

boolean

Whether the rule is included by default.

description

string

The description of the Agent rule.

enabled

boolean

Whether the Agent rule is enabled.

expression

string

The SECL expression of the Agent rule.

filters

[string]

The platforms the Agent rule is supported on.

name

string

The name of the Agent rule.

updateAuthorUuId

string

The ID of the user who updated the rule.

updateDate

int64

Timestamp in milliseconds when the Agent rule was last updated.

updatedAt

int64

When the Agent rule was last updated, timestamp in milliseconds.

updater

object

The attributes of the user who last updated the Agent rule.

handle

string

The handle of the user.

name

string

The name of the user.

version

int64

The version of the Agent rule.

id

string

The ID of the Agent rule.

type

enum

The type of the resource. The value should always be agent_rule. Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "actions": [
        {
          "filter": "string",
          "kill": {
            "signal": "string"
          }
        }
      ],
      "agentConstraint": "string",
      "category": "Process Activity",
      "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "creationDate": 1624366480320,
      "creator": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "defaultRule": false,
      "description": "My Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \\\"sh\\\"",
      "filters": [],
      "name": "my_agent_rule",
      "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "updateDate": 1624366480320,
      "updatedAt": 1624366480320,
      "updater": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "version": 23
    },
    "id": "3dd-0uc-h1s",
    "type": "agent_rule"
  }
}

Bad Request

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Concurrent Modification

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code

                          # Path parameters
export agent_rule_id="3b5-v82-ns6"
# Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/${agent_rule_id}" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "description": "Test Agent rule", "enabled": true, "expression": "exec.file.name == \"sh\"" }, "type": "agent_rule", "id": "3dd-0uc-h1s" } } EOF

DELETE https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}

Présentation

Delete a specific Agent rule.

Arguments

Paramètres du chemin

Nom

Type

Description

agent_rule_id [required]

string

The ID of the Agent rule.

Réponse

OK

Not Authorized

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code

                  # Path parameters
export agent_rule_id="3b5-v82-ns6"
# Curl command
curl -X DELETE "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/${agent_rule_id}" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

DELETE https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}

Présentation

Delete a specific Cloud Security Management Threats Agent rule.

Arguments

Paramètres du chemin

Nom

Type

Description

agent_rule_id [required]

string

The ID of the Agent rule.

Réponse

OK

Not Authorized

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Champ

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Exemple de code

                  # Path parameters
export agent_rule_id="3b5-v82-ns6"
# Curl command
curl -X DELETE "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/${agent_rule_id}" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}"