Cloud Security Management Threats (CSM Threats) monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. See Cloud Security Management Threats for more information on setting up CSM Threats.
The download endpoint generates a Cloud Workload Security policy file from your currently active
Cloud Workload Security rules, and downloads them as a .policy file. This file can then be deployed to
your Agents to update the policy running in your environment.
This endpoint requires the security_monitoring_cws_agent_rules_read permission.
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
/**
* Get the latest Cloud Workload Security policy returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);apiInstance.downloadCloudWorkloadPolicyFile().then((data: client.HttpFile)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
The download endpoint generates a CSM Threats policy file from your currently active
CSM Threats rules, and downloads them as a .policy file. This file can then be deployed to
your Agents to update the policy running in your environment.
# Get the latest CSM Threats policy returns "OK" responserequire"datadog_api_client"api_instance=DatadogAPIClient::V2::CSMThreatsAPI.newpapi_instance.download_csm_threats_policy()
// Get the latest CSM Threats policy returns "OK" response
packagemainimport("context""fmt""io/ioutil""os""github.com/DataDog/datadog-api-client-go/v2/api/datadog""github.com/DataDog/datadog-api-client-go/v2/api/datadogV2")funcmain(){ctx:=datadog.NewDefaultContext(context.Background())configuration:=datadog.NewConfiguration()apiClient:=datadog.NewAPIClient(configuration)api:=datadogV2.NewCSMThreatsApi(apiClient)resp,r,err:=api.DownloadCSMThreatsPolicy(ctx)iferr!=nil{fmt.Fprintf(os.Stderr,"Error when calling `CSMThreatsApi.DownloadCSMThreatsPolicy`: %v\n",err)fmt.Fprintf(os.Stderr,"Full HTTP response: %v\n",r)}responseContent,_:=ioutil.ReadAll(resp)fmt.Fprintf(os.Stdout,"Response from `CSMThreatsApi.DownloadCSMThreatsPolicy`:\n%s\n",responseContent)}
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
/**
* Get the latest CSM Threats policy returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);apiInstance.downloadCSMThreatsPolicy().then((data: client.HttpFile)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
"""
Get a Cloud Workload Security Agent rule returns "OK" response
"""fromosimportenvironfromdatadog_api_clientimportApiClient,Configurationfromdatadog_api_client.v2.api.csm_threats_apiimportCSMThreatsApi# there is a valid "agent_rule" in the systemAGENT_RULE_DATA_ID=environ["AGENT_RULE_DATA_ID"]configuration=Configuration()withApiClient(configuration)asapi_client:api_instance=CSMThreatsApi(api_client)response=api_instance.get_cloud_workload_security_agent_rule(agent_rule_id=AGENT_RULE_DATA_ID,)print(response)
# Get a Cloud Workload Security Agent rule returns "OK" responserequire"datadog_api_client"api_instance=DatadogAPIClient::V2::CSMThreatsAPI.new# there is a valid "agent_rule" in the systemAGENT_RULE_DATA_ID=ENV["AGENT_RULE_DATA_ID"]papi_instance.get_cloud_workload_security_agent_rule(AGENT_RULE_DATA_ID)
// Get a Cloud Workload Security Agent rule returns "OK" response
usedatadog_api_client::datadog;usedatadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;#[tokio::main]asyncfnmain(){// there is a valid "agent_rule" in the system
letagent_rule_data_id=std::env::var("AGENT_RULE_DATA_ID").unwrap();letconfiguration=datadog::Configuration::new();letapi=CSMThreatsAPI::with_config(configuration);letresp=api.get_cloud_workload_security_agent_rule(agent_rule_data_id.clone()).await;ifletOk(value)=resp{println!("{:#?}",value);}else{println!("{:#?}",resp.unwrap_err());}}
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
// Get a Cloud Workload Security Agent rule returns "OK" response
packagemainimport("context""encoding/json""fmt""os""github.com/DataDog/datadog-api-client-go/v2/api/datadog""github.com/DataDog/datadog-api-client-go/v2/api/datadogV2")funcmain(){// there is a valid "agent_rule" in the system
AgentRuleDataID:=os.Getenv("AGENT_RULE_DATA_ID")ctx:=datadog.NewDefaultContext(context.Background())configuration:=datadog.NewConfiguration()apiClient:=datadog.NewAPIClient(configuration)api:=datadogV2.NewCSMThreatsApi(apiClient)resp,r,err:=api.GetCloudWorkloadSecurityAgentRule(ctx,AgentRuleDataID)iferr!=nil{fmt.Fprintf(os.Stderr,"Error when calling `CSMThreatsApi.GetCloudWorkloadSecurityAgentRule`: %v\n",err)fmt.Fprintf(os.Stderr,"Full HTTP response: %v\n",r)}responseContent,_:=json.MarshalIndent(resp,""," ")fmt.Fprintf(os.Stdout,"Response from `CSMThreatsApi.GetCloudWorkloadSecurityAgentRule`:\n%s\n",responseContent)}
// Get a Cloud Workload Security Agent rule returns "OK" responseimportcom.datadog.api.client.ApiClient;importcom.datadog.api.client.ApiException;importcom.datadog.api.client.v2.api.CsmThreatsApi;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleResponse;publicclassExample{publicstaticvoidmain(String[]args){ApiClientdefaultClient=ApiClient.getDefaultApiClient();CsmThreatsApiapiInstance=newCsmThreatsApi(defaultClient);// there is a valid "agent_rule" in the systemStringAGENT_RULE_DATA_ID=System.getenv("AGENT_RULE_DATA_ID");try{CloudWorkloadSecurityAgentRuleResponseresult=apiInstance.getCloudWorkloadSecurityAgentRule(AGENT_RULE_DATA_ID);System.out.println(result);}catch(ApiExceptione){System.err.println("Exception when calling CsmThreatsApi#getCloudWorkloadSecurityAgentRule");System.err.println("Status code: "+e.getCode());System.err.println("Reason: "+e.getResponseBody());System.err.println("Response headers: "+e.getResponseHeaders());e.printStackTrace();}}}
/**
* Get a Cloud Workload Security Agent rule returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);// there is a valid "agent_rule" in the system
constAGENT_RULE_DATA_ID=process.env.AGENT_RULE_DATA_IDasstring;constparams: v2.CSMThreatsApiGetCloudWorkloadSecurityAgentRuleRequest={agentRuleId: AGENT_RULE_DATA_ID,};apiInstance.getCloudWorkloadSecurityAgentRule(params).then((data: v2.CloudWorkloadSecurityAgentRuleResponse)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
"""
Get a CSM Threats Agent rule returns "OK" response
"""fromosimportenvironfromdatadog_api_clientimportApiClient,Configurationfromdatadog_api_client.v2.api.csm_threats_apiimportCSMThreatsApi# there is a valid "agent_rule_rc" in the systemAGENT_RULE_DATA_ID=environ["AGENT_RULE_DATA_ID"]configuration=Configuration()withApiClient(configuration)asapi_client:api_instance=CSMThreatsApi(api_client)response=api_instance.get_csm_threats_agent_rule(agent_rule_id=AGENT_RULE_DATA_ID,)print(response)
# Get a CSM Threats Agent rule returns "OK" responserequire"datadog_api_client"api_instance=DatadogAPIClient::V2::CSMThreatsAPI.new# there is a valid "agent_rule_rc" in the systemAGENT_RULE_DATA_ID=ENV["AGENT_RULE_DATA_ID"]papi_instance.get_csm_threats_agent_rule(AGENT_RULE_DATA_ID)
// Get a CSM Threats Agent rule returns "OK" response
packagemainimport("context""encoding/json""fmt""os""github.com/DataDog/datadog-api-client-go/v2/api/datadog""github.com/DataDog/datadog-api-client-go/v2/api/datadogV2")funcmain(){// there is a valid "agent_rule_rc" in the system
AgentRuleDataID:=os.Getenv("AGENT_RULE_DATA_ID")ctx:=datadog.NewDefaultContext(context.Background())configuration:=datadog.NewConfiguration()apiClient:=datadog.NewAPIClient(configuration)api:=datadogV2.NewCSMThreatsApi(apiClient)resp,r,err:=api.GetCSMThreatsAgentRule(ctx,AgentRuleDataID)iferr!=nil{fmt.Fprintf(os.Stderr,"Error when calling `CSMThreatsApi.GetCSMThreatsAgentRule`: %v\n",err)fmt.Fprintf(os.Stderr,"Full HTTP response: %v\n",r)}responseContent,_:=json.MarshalIndent(resp,""," ")fmt.Fprintf(os.Stdout,"Response from `CSMThreatsApi.GetCSMThreatsAgentRule`:\n%s\n",responseContent)}
// Get a CSM Threats Agent rule returns "OK" responseimportcom.datadog.api.client.ApiClient;importcom.datadog.api.client.ApiException;importcom.datadog.api.client.v2.api.CsmThreatsApi;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleResponse;publicclassExample{publicstaticvoidmain(String[]args){ApiClientdefaultClient=ApiClient.getDefaultApiClient();CsmThreatsApiapiInstance=newCsmThreatsApi(defaultClient);// there is a valid "agent_rule_rc" in the systemStringAGENT_RULE_DATA_ID=System.getenv("AGENT_RULE_DATA_ID");try{CloudWorkloadSecurityAgentRuleResponseresult=apiInstance.getCSMThreatsAgentRule(AGENT_RULE_DATA_ID);System.out.println(result);}catch(ApiExceptione){System.err.println("Exception when calling CsmThreatsApi#getCSMThreatsAgentRule");System.err.println("Status code: "+e.getCode());System.err.println("Reason: "+e.getResponseBody());System.err.println("Response headers: "+e.getResponseHeaders());e.printStackTrace();}}}
// Get a CSM Threats Agent rule returns "OK" response
usedatadog_api_client::datadog;usedatadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;#[tokio::main]asyncfnmain(){// there is a valid "agent_rule_rc" in the system
letagent_rule_data_id=std::env::var("AGENT_RULE_DATA_ID").unwrap();letconfiguration=datadog::Configuration::new();letapi=CSMThreatsAPI::with_config(configuration);letresp=api.get_csm_threats_agent_rule(agent_rule_data_id.clone()).await;ifletOk(value)=resp{println!("{:#?}",value);}else{println!("{:#?}",resp.unwrap_err());}}
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
/**
* Get a CSM Threats Agent rule returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);// there is a valid "agent_rule_rc" in the system
constAGENT_RULE_DATA_ID=process.env.AGENT_RULE_DATA_IDasstring;constparams: v2.CSMThreatsApiGetCSMThreatsAgentRuleRequest={agentRuleId: AGENT_RULE_DATA_ID,};apiInstance.getCSMThreatsAgentRule(params).then((data: v2.CloudWorkloadSecurityAgentRuleResponse)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
/**
* Get all Cloud Workload Security Agent rules returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);apiInstance.listCloudWorkloadSecurityAgentRules().then((data: v2.CloudWorkloadSecurityAgentRulesListResponse)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
# Get all CSM Threats Agent rules returns "OK" responserequire"datadog_api_client"api_instance=DatadogAPIClient::V2::CSMThreatsAPI.newpapi_instance.list_csm_threats_agent_rules()
/**
* Get all CSM Threats Agent rules returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);apiInstance.listCSMThreatsAgentRules().then((data: v2.CloudWorkloadSecurityAgentRulesListResponse)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
/**
* Create a Cloud Workload Security Agent rule returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);constparams: v2.CSMThreatsApiCreateCloudWorkloadSecurityAgentRuleRequest={body:{data:{attributes:{description:"Test Agent rule",enabled: true,expression:`exec.file.name == "sh"`,name:"examplecsmthreat",},type:"agent_rule",},},};apiInstance.createCloudWorkloadSecurityAgentRule(params).then((data: v2.CloudWorkloadSecurityAgentRuleResponse)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
/**
* Create a CSM Threats Agent rule returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);constparams: v2.CSMThreatsApiCreateCSMThreatsAgentRuleRequest={body:{data:{attributes:{description:"My Agent rule",enabled: true,expression:`exec.file.name == "sh"`,filters:[`os == "linux"`],name:"examplecsmthreat",},type:"agent_rule",},},};apiInstance.createCSMThreatsAgentRule(params).then((data: v2.CloudWorkloadSecurityAgentRuleResponse)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));
Update a specific Agent rule.
Returns the Agent rule object when the request is successful.
This endpoint requires the security_monitoring_cws_agent_rules_write permission.
// Update a Cloud Workload Security Agent rule returns "OK" response
packagemainimport("context""encoding/json""fmt""os""github.com/DataDog/datadog-api-client-go/v2/api/datadog""github.com/DataDog/datadog-api-client-go/v2/api/datadogV2")funcmain(){// there is a valid "agent_rule" in the system
AgentRuleDataID:=os.Getenv("AGENT_RULE_DATA_ID")body:=datadogV2.CloudWorkloadSecurityAgentRuleUpdateRequest{Data:datadogV2.CloudWorkloadSecurityAgentRuleUpdateData{Attributes:datadogV2.CloudWorkloadSecurityAgentRuleUpdateAttributes{Description:datadog.PtrString("Test Agent rule"),Enabled:datadog.PtrBool(true),Expression:datadog.PtrString(`exec.file.name == "sh"`),},Type:datadogV2.CLOUDWORKLOADSECURITYAGENTRULETYPE_AGENT_RULE,Id:datadog.PtrString(AgentRuleDataID),},}ctx:=datadog.NewDefaultContext(context.Background())configuration:=datadog.NewConfiguration()apiClient:=datadog.NewAPIClient(configuration)api:=datadogV2.NewCSMThreatsApi(apiClient)resp,r,err:=api.UpdateCloudWorkloadSecurityAgentRule(ctx,AgentRuleDataID,body)iferr!=nil{fmt.Fprintf(os.Stderr,"Error when calling `CSMThreatsApi.UpdateCloudWorkloadSecurityAgentRule`: %v\n",err)fmt.Fprintf(os.Stderr,"Full HTTP response: %v\n",r)}responseContent,_:=json.MarshalIndent(resp,""," ")fmt.Fprintf(os.Stdout,"Response from `CSMThreatsApi.UpdateCloudWorkloadSecurityAgentRule`:\n%s\n",responseContent)}
// Update a Cloud Workload Security Agent rule returns "OK" responseimportcom.datadog.api.client.ApiClient;importcom.datadog.api.client.ApiException;importcom.datadog.api.client.v2.api.CsmThreatsApi;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleResponse;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleType;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleUpdateAttributes;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleUpdateData;importcom.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleUpdateRequest;publicclassExample{publicstaticvoidmain(String[]args){ApiClientdefaultClient=ApiClient.getDefaultApiClient();CsmThreatsApiapiInstance=newCsmThreatsApi(defaultClient);// there is a valid "agent_rule" in the systemStringAGENT_RULE_DATA_ID=System.getenv("AGENT_RULE_DATA_ID");CloudWorkloadSecurityAgentRuleUpdateRequestbody=newCloudWorkloadSecurityAgentRuleUpdateRequest().data(newCloudWorkloadSecurityAgentRuleUpdateData().attributes(newCloudWorkloadSecurityAgentRuleUpdateAttributes().description("Test Agent rule").enabled(true).expression("""
exec.file.name == "sh"
""")).type(CloudWorkloadSecurityAgentRuleType.AGENT_RULE).id(AGENT_RULE_DATA_ID));try{CloudWorkloadSecurityAgentRuleResponseresult=apiInstance.updateCloudWorkloadSecurityAgentRule(AGENT_RULE_DATA_ID,body);System.out.println(result);}catch(ApiExceptione){System.err.println("Exception when calling CsmThreatsApi#updateCloudWorkloadSecurityAgentRule");System.err.println("Status code: "+e.getCode());System.err.println("Reason: "+e.getResponseBody());System.err.println("Response headers: "+e.getResponseHeaders());e.printStackTrace();}}}
"""
Update a Cloud Workload Security Agent rule returns "OK" response
"""fromosimportenvironfromdatadog_api_clientimportApiClient,Configurationfromdatadog_api_client.v2.api.csm_threats_apiimportCSMThreatsApifromdatadog_api_client.v2.model.cloud_workload_security_agent_rule_typeimportCloudWorkloadSecurityAgentRuleTypefromdatadog_api_client.v2.model.cloud_workload_security_agent_rule_update_attributesimport(CloudWorkloadSecurityAgentRuleUpdateAttributes,)fromdatadog_api_client.v2.model.cloud_workload_security_agent_rule_update_dataimport(CloudWorkloadSecurityAgentRuleUpdateData,)fromdatadog_api_client.v2.model.cloud_workload_security_agent_rule_update_requestimport(CloudWorkloadSecurityAgentRuleUpdateRequest,)# there is a valid "agent_rule" in the systemAGENT_RULE_DATA_ID=environ["AGENT_RULE_DATA_ID"]body=CloudWorkloadSecurityAgentRuleUpdateRequest(data=CloudWorkloadSecurityAgentRuleUpdateData(attributes=CloudWorkloadSecurityAgentRuleUpdateAttributes(description="Test Agent rule",enabled=True,expression='exec.file.name == "sh"',),type=CloudWorkloadSecurityAgentRuleType.AGENT_RULE,id=AGENT_RULE_DATA_ID,),)configuration=Configuration()withApiClient(configuration)asapi_client:api_instance=CSMThreatsApi(api_client)response=api_instance.update_cloud_workload_security_agent_rule(agent_rule_id=AGENT_RULE_DATA_ID,body=body)print(response)
# Update a Cloud Workload Security Agent rule returns "OK" responserequire"datadog_api_client"api_instance=DatadogAPIClient::V2::CSMThreatsAPI.new# there is a valid "agent_rule" in the systemAGENT_RULE_DATA_ID=ENV["AGENT_RULE_DATA_ID"]body=DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateRequest.new({data:DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateData.new({attributes:DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateAttributes.new({description:"Test Agent rule",enabled:true,expression:'exec.file.name == "sh"',}),type:DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleType::AGENT_RULE,id:AGENT_RULE_DATA_ID,}),})papi_instance.update_cloud_workload_security_agent_rule(AGENT_RULE_DATA_ID,body)
// Update a Cloud Workload Security Agent rule returns "OK" response
usedatadog_api_client::datadog;usedatadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;usedatadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleType;usedatadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleUpdateAttributes;usedatadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleUpdateData;usedatadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleUpdateRequest;#[tokio::main]asyncfnmain(){// there is a valid "agent_rule" in the system
letagent_rule_data_id=std::env::var("AGENT_RULE_DATA_ID").unwrap();letbody=CloudWorkloadSecurityAgentRuleUpdateRequest::new(CloudWorkloadSecurityAgentRuleUpdateData::new(CloudWorkloadSecurityAgentRuleUpdateAttributes::new().description("Test Agent rule".to_string()).enabled(true).expression(r#"exec.file.name == "sh""#.to_string()),CloudWorkloadSecurityAgentRuleType::AGENT_RULE,).id(agent_rule_data_id.clone()),);letconfiguration=datadog::Configuration::new();letapi=CSMThreatsAPI::with_config(configuration);letresp=api.update_cloud_workload_security_agent_rule(agent_rule_data_id.clone(),body).await;ifletOk(value)=resp{println!("{:#?}",value);}else{println!("{:#?}",resp.unwrap_err());}}
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com"DD_API_KEY="<API-KEY>"DD_APP_KEY="<APP-KEY>"cargo run
/**
* Update a Cloud Workload Security Agent rule returns "OK" response
*/import{client,v2}from"@datadog/datadog-api-client";constconfiguration=client.createConfiguration();constapiInstance=newv2.CSMThreatsApi(configuration);// there is a valid "agent_rule" in the system
constAGENT_RULE_DATA_ID=process.env.AGENT_RULE_DATA_IDasstring;constparams: v2.CSMThreatsApiUpdateCloudWorkloadSecurityAgentRuleRequest={body:{data:{attributes:{description:"Test Agent rule",enabled: true,expression:`exec.file.name == "sh"`,},type:"agent_rule",id: AGENT_RULE_DATA_ID,},},agentRuleId: AGENT_RULE_DATA_ID,};apiInstance.updateCloudWorkloadSecurityAgentRule(params).then((data: v2.CloudWorkloadSecurityAgentRuleResponse)=>{console.log("API called successfully. Returned data: "+JSON.stringify(data));}).catch((error: any)=>console.error(error));