Language

日本語 English Français

Site

Site help
US US3 US5 EU US1-FED

セキュリティモニタリング

信号を生成し、生成された信号を一覧表示するための検出ルール。

Add a security signal to an incident

PATCH https://api.datadoghq.eu/api/v1/security_analytics/signals/{signal_id}/add_to_incidenthttps://api.ddog-gov.com/api/v1/security_analytics/signals/{signal_id}/add_to_incidenthttps://api.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/add_to_incidenthttps://api.us3.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/add_to_incidenthttps://api.us5.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/add_to_incident

概要

インシデントにセキュリティシグナルを追加します。これにより、シグナルエクスプローラー内でインシデント別にシグナルを検索したり、インシデントタイムライン上でシグナルを表示したりすることが可能になります。

引数

パスパラメーター

名前

種類

説明

signal_id [required]

string

The ID of the signal.

リクエスト

Body Data (required)

シグナルの更新を記述する属性。

Expand All

フィールド

種類

説明

add_to_signal_timeline

boolean

Whether to post the signal on the incident timeline.

incident_id [required]

int64

Public ID attribute of the incident to which the signal will be added.

version

int64

Version of the updated signal. If server side version is higher, update will be rejected.

{
  "incident_id": 2609
}

応答

OK

Updated signal data following a successfully performed update.

Expand All

フィールド

種類

説明

status

string

Status of the response.

{
  "status": "string"
}

Bad Request

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Forbidden

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

コード例

  
  # Path parameters
export signal_id="CHANGE_ME"
# Curl command
curl -X PATCH "https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v1/security_analytics/signals/${signal_id}/add_to_incident" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "incident_id": 2609
}
EOF


  
                        
// Add a security signal to an incident returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV1"
)

func main() {
	body := datadogV1.AddSignalToIncidentRequest{
		IncidentId: 2609,
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV1.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.AddSecurityMonitoringSignalToIncident(ctx, "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.AddSecurityMonitoringSignalToIncident`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.AddSecurityMonitoringSignalToIncident`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Add a security signal to an incident returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v1.api.SecurityMonitoringApi;
import com.datadog.api.client.v1.model.AddSignalToIncidentRequest;
import com.datadog.api.client.v1.model.SuccessfulSignalUpdateResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    AddSignalToIncidentRequest body = new AddSignalToIncidentRequest().incidentId(2609L);

    try {
      SuccessfulSignalUpdateResponse result =
          apiInstance.addSecurityMonitoringSignalToIncident(
              "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#addSecurityMonitoringSignalToIncident");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
"""
Add a security signal to an incident returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v1.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v1.model.add_signal_to_incident_request import AddSignalToIncidentRequest

body = AddSignalToIncidentRequest(
    incident_id=2609,
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.add_security_monitoring_signal_to_incident(
        signal_id="AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body=body
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Add a security signal to an incident returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V1::SecurityMonitoringAPI.new

body = DatadogAPIClient::V1::AddSignalToIncidentRequest.new({
  incident_id: 2609,
})
p api_instance.add_security_monitoring_signal_to_incident("AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
/**
 * Add a security signal to an incident returns "OK" response
 */

import { client, v1 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v1.SecurityMonitoringApi(configuration);

const params: v1.SecurityMonitoringApiAddSecurityMonitoringSignalToIncidentRequest =
  {
    body: {
      incidentId: 2609,
    },
    signalId: "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE",
  };

apiInstance
  .addSecurityMonitoringSignalToIncident(params)
  .then((data: v1.SuccessfulSignalUpdateResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

Change the triage state of a security signal

PATCH https://api.datadoghq.eu/api/v1/security_analytics/signals/{signal_id}/statehttps://api.ddog-gov.com/api/v1/security_analytics/signals/{signal_id}/statehttps://api.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/statehttps://api.us3.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/statehttps://api.us5.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/state

概要

セキュリティシグナルのトリアージ状態を変更します。

引数

パスパラメーター

名前

種類

説明

signal_id [required]

string

The ID of the signal.

リクエスト

Body Data (required)

シグナルの更新を記述する属性。

Expand All

フィールド

種類

説明

archiveComment

string

Optional comment to explain why a signal is being archived.

archiveReason

enum

Reason why a signal has been archived. Allowed enum values: none,false_positive,testing_or_maintenance,other

state [required]

enum

The new triage state of the signal. Allowed enum values: open,archived,under_review

version

int64

Version of the updated signal. If server side version is higher, update will be rejected.

{
  "archiveReason": "none",
  "state": "open"
}

応答

OK

Updated signal data following a successfully performed update.

Expand All

フィールド

種類

説明

status

string

Status of the response.

{
  "status": "string"
}

Bad Request

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Forbidden

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

コード例

  
  # Path parameters
export signal_id="CHANGE_ME"
# Curl command
curl -X PATCH "https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v1/security_analytics/signals/${signal_id}/state" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "archiveReason": "none",
  "state": "open"
}
EOF


  
                        
// Change the triage state of a security signal returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV1"
)

func main() {
	body := datadogV1.SignalStateUpdateRequest{
		ArchiveReason: datadogV1.SIGNALARCHIVEREASON_NONE.Ptr(),
		State:         datadogV1.SIGNALTRIAGESTATE_OPEN,
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV1.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.EditSecurityMonitoringSignalState(ctx, "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.EditSecurityMonitoringSignalState`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.EditSecurityMonitoringSignalState`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Change the triage state of a security signal returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v1.api.SecurityMonitoringApi;
import com.datadog.api.client.v1.model.SignalArchiveReason;
import com.datadog.api.client.v1.model.SignalStateUpdateRequest;
import com.datadog.api.client.v1.model.SignalTriageState;
import com.datadog.api.client.v1.model.SuccessfulSignalUpdateResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SignalStateUpdateRequest body =
        new SignalStateUpdateRequest()
            .archiveReason(SignalArchiveReason.NONE)
            .state(SignalTriageState.OPEN);

    try {
      SuccessfulSignalUpdateResponse result =
          apiInstance.editSecurityMonitoringSignalState(
              "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#editSecurityMonitoringSignalState");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
"""
Change the triage state of a security signal returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v1.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v1.model.signal_archive_reason import SignalArchiveReason
from datadog_api_client.v1.model.signal_state_update_request import SignalStateUpdateRequest
from datadog_api_client.v1.model.signal_triage_state import SignalTriageState

body = SignalStateUpdateRequest(
    archive_reason=SignalArchiveReason.NONE,
    state=SignalTriageState.OPEN,
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.edit_security_monitoring_signal_state(
        signal_id="AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body=body
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Change the triage state of a security signal returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V1::SecurityMonitoringAPI.new

body = DatadogAPIClient::V1::SignalStateUpdateRequest.new({
  archive_reason: DatadogAPIClient::V1::SignalArchiveReason::NONE,
  state: DatadogAPIClient::V1::SignalTriageState::OPEN,
})
p api_instance.edit_security_monitoring_signal_state("AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
/**
 * Change the triage state of a security signal returns "OK" response
 */

import { client, v1 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v1.SecurityMonitoringApi(configuration);

const params: v1.SecurityMonitoringApiEditSecurityMonitoringSignalStateRequest =
  {
    body: {
      archiveReason: "none",
      state: "open",
    },
    signalId: "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE",
  };

apiInstance
  .editSecurityMonitoringSignalState(params)
  .then((data: v1.SuccessfulSignalUpdateResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

PATCH https://api.datadoghq.eu/api/v2/security_monitoring/signals/{signal_id}/statehttps://api.ddog-gov.com/api/v2/security_monitoring/signals/{signal_id}/statehttps://api.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/statehttps://api.us3.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/statehttps://api.us5.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/state

概要

セキュリティシグナルのトリアージ状態を変更します。

引数

パスパラメーター

名前

種類

説明

signal_id [required]

string

The ID of the signal.

リクエスト

Body Data (required)

シグナルの更新を記述する属性。

Expand All

フィールド

種類

説明

data [required]

object

Data containing the patch for changing the state of a signal.

attributes [required]

object

Attributes describing the change of state of a security signal.

archive_comment

string

Optional comment to display on archived signals.

archive_reason

enum

Reason a signal is archived. Allowed enum values: none,false_positive,testing_or_maintenance,other

state [required]

enum

The new triage state of the signal. Allowed enum values: open,archived,under_review

version

int64

Version of the updated signal. If server side version is higher, update will be rejected.

{
  "data": {
    "attributes": {
      "archive_reason": "none",
      "state": "open"
    }
  }
}

応答

OK

The response returned after all triage operations, containing the updated signal triage data.

Expand All

フィールド

種類

説明

data [required]

object

Data containing the updated triage attributes of the signal.

attributes

object

Attributes describing a triage state update operation over a security signal.

archive_comment

string

Optional comment to display on archived signals.

archive_comment_timestamp

int64

Timestamp of the last edit to the comment.

archive_comment_user

object

Object representing a given user entity.

handle

string

The handle for this user account.

id

int64

Numerical ID assigned by Datadog to this user account.

name

string

The name for this user account.

uuid [required]

string

UUID assigned by Datadog to this user account.

archive_reason

enum

Reason a signal is archived. Allowed enum values: none,false_positive,testing_or_maintenance,other

assignee [required]

object

Object representing a given user entity.

handle

string

The handle for this user account.

id

int64

Numerical ID assigned by Datadog to this user account.

name

string

The name for this user account.

uuid [required]

string

UUID assigned by Datadog to this user account.

incident_ids [required]

[integer]

Array of incidents that are associated with this signal.

state [required]

enum

The new triage state of the signal. Allowed enum values: open,archived,under_review

state_update_timestamp

int64

Timestamp of the last update to the signal state.

state_update_user

object

Object representing a given user entity.

handle

string

The handle for this user account.

id

int64

Numerical ID assigned by Datadog to this user account.

name

string

The name for this user account.

uuid [required]

string

UUID assigned by Datadog to this user account.

{
  "data": {
    "attributes": {
      "archive_comment": "string",
      "archive_comment_timestamp": "integer",
      "archive_comment_user": {
        "handle": "string",
        "id": "integer",
        "name": "string",
        "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
      },
      "archive_reason": "string",
      "assignee": {
        "handle": "string",
        "id": "integer",
        "name": "string",
        "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
      },
      "incident_ids": [],
      "state": "string",
      "state_update_timestamp": "integer",
      "state_update_user": {
        "handle": "string",
        "id": "integer",
        "name": "string",
        "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
      }
    }
  }
}

Bad Request

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Forbidden

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

コード例

  
  # Path parameters
export signal_id="CHANGE_ME"
# Curl command
curl -X PATCH "https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/signals/${signal_id}/state" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "archive_reason": "none",
      "state": "open"
    }
  }
}
EOF


  
                        
// Change the triage state of a security signal returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityMonitoringSignalStateUpdateRequest{
		Data: datadogV2.SecurityMonitoringSignalStateUpdateData{
			Attributes: datadogV2.SecurityMonitoringSignalStateUpdateAttributes{
				ArchiveReason: datadogV2.SECURITYMONITORINGSIGNALARCHIVEREASON_NONE.Ptr(),
				State:         datadogV2.SECURITYMONITORINGSIGNALSTATE_OPEN,
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.EditSecurityMonitoringSignalState(ctx, "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.EditSecurityMonitoringSignalState`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.EditSecurityMonitoringSignalState`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Change the triage state of a security signal returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalArchiveReason;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalState;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalStateUpdateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalStateUpdateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalStateUpdateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalTriageUpdateResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringSignalStateUpdateRequest body =
        new SecurityMonitoringSignalStateUpdateRequest()
            .data(
                new SecurityMonitoringSignalStateUpdateData()
                    .attributes(
                        new SecurityMonitoringSignalStateUpdateAttributes()
                            .archiveReason(SecurityMonitoringSignalArchiveReason.NONE)
                            .state(SecurityMonitoringSignalState.OPEN)));

    try {
      SecurityMonitoringSignalTriageUpdateResponse result =
          apiInstance.editSecurityMonitoringSignalState(
              "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#editSecurityMonitoringSignalState");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
"""
Change the triage state of a security signal returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_signal_archive_reason import SecurityMonitoringSignalArchiveReason
from datadog_api_client.v2.model.security_monitoring_signal_state import SecurityMonitoringSignalState
from datadog_api_client.v2.model.security_monitoring_signal_state_update_attributes import (
    SecurityMonitoringSignalStateUpdateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_signal_state_update_data import (
    SecurityMonitoringSignalStateUpdateData,
)
from datadog_api_client.v2.model.security_monitoring_signal_state_update_request import (
    SecurityMonitoringSignalStateUpdateRequest,
)

body = SecurityMonitoringSignalStateUpdateRequest(
    data=SecurityMonitoringSignalStateUpdateData(
        attributes=SecurityMonitoringSignalStateUpdateAttributes(
            archive_reason=SecurityMonitoringSignalArchiveReason.NONE,
            state=SecurityMonitoringSignalState.OPEN,
        ),
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.edit_security_monitoring_signal_state(
        signal_id="AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body=body
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Change the triage state of a security signal returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringSignalStateUpdateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringSignalStateUpdateData.new({
    attributes: DatadogAPIClient::V2::SecurityMonitoringSignalStateUpdateAttributes.new({
      archive_reason: DatadogAPIClient::V2::SecurityMonitoringSignalArchiveReason::NONE,
      state: DatadogAPIClient::V2::SecurityMonitoringSignalState::OPEN,
    }),
  }),
})
p api_instance.edit_security_monitoring_signal_state("AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
/**
 * Change the triage state of a security signal returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiEditSecurityMonitoringSignalStateRequest =
  {
    body: {
      data: {
        attributes: {
          archiveReason: "none",
          state: "open",
        },
      },
    },
    signalId: "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE",
  };

apiInstance
  .editSecurityMonitoringSignalState(params)
  .then((data: v2.SecurityMonitoringSignalTriageUpdateResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

Create a security filter

POST https://api.datadoghq.eu/api/v2/security_monitoring/configuration/security_filtershttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/security_filtershttps://api.datadoghq.com/api/v2/security_monitoring/configuration/security_filtershttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/security_filtershttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters

概要

Create a security filter.

See the security filter guide for more examples.

This endpoint requires the security_monitoring_filters_write authorization scope.

リクエスト

Body Data (required)

The definition of the new security filter.

Expand All

フィールド

種類

説明

data [required]

object

Object for a single security filter.

attributes [required]

object

Object containing the attributes of the security filter to be created.

exclusion_filters [required]

[object]

Exclusion filters to exclude some logs from the security filter.

name [required]

string

Exclusion filter name.

query [required]

string

Exclusion filter query. Logs that match this query are excluded from the security filter.

filtered_data_type [required]

enum

The filtered data type. Allowed enum values: logs

is_enabled [required]

boolean

Whether the security filter is enabled.

name [required]

string

The name of the security filter.

query [required]

string

The query of the security filter.

type [required]

enum

The type of the resource. The value should always be security_filters. Allowed enum values: security_filters

{
  "data": {
    "attributes": {
      "exclusion_filters": [
        {
          "name": "Exclude staging",
          "query": "source:staging"
        }
      ],
      "filtered_data_type": "logs",
      "is_enabled": true,
      "name": "Example-Create_a_security_filter_returns_OK_response",
      "query": "service:ExampleCreateasecurityfilterreturnsOKresponse"
    },
    "type": "security_filters"
  }
}

応答

OK

Response object which includes a single security filter.

Expand All

フィールド

種類

説明

data

object

The security filter's properties.

attributes

object

The object describing a security filter.

exclusion_filters

[object]

The list of exclusion filters applied in this security filter.

name

string

The exclusion filter name.

query

string

The exclusion filter query.

filtered_data_type

enum

The filtered data type. Allowed enum values: logs

is_builtin

boolean

Whether the security filter is the built-in filter.

is_enabled

boolean

Whether the security filter is enabled.

name

string

The security filter name.

query

string

The security filter query. Logs accepted by this query will be accepted by this filter.

version

int32

The version of the security filter.

id

string

The ID of the security filter.

type

enum

The type of the resource. The value should always be security_filters. Allowed enum values: security_filters

meta

object

Optional metadata associated to the response.

warning

string

A warning message.

{
  "data": {
    "attributes": {
      "exclusion_filters": [
        {
          "name": "Exclude staging",
          "query": "source:staging"
        }
      ],
      "filtered_data_type": "logs",
      "is_builtin": false,
      "is_enabled": false,
      "name": "Custom security filter",
      "query": "service:api",
      "version": 1
    },
    "id": "3dd-0uc-h1s",
    "type": "security_filters"
  },
  "meta": {
    "warning": "All the security filters are disabled. As a result, no logs are being analyzed."
  }
}

Bad Request

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Conflict

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

コード例

  
  # Curl command
curl -X POST "https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "exclusion_filters": [
        {
          "name": "Exclude staging",
          "query": "source:staging"
        }
      ],
      "filtered_data_type": "logs",
      "is_enabled": true,
      "name": "Example-Create_a_security_filter_returns_OK_response",
      "query": "service:ExampleCreateasecurityfilterreturnsOKresponse"
    },
    "type": "security_filters"
  }
}
EOF


  
                        
// Create a security filter returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityFilterCreateRequest{
		Data: datadogV2.SecurityFilterCreateData{
			Attributes: datadogV2.SecurityFilterCreateAttributes{
				ExclusionFilters: []datadogV2.SecurityFilterExclusionFilter{
					{
						Name:  "Exclude staging",
						Query: "source:staging",
					},
				},
				FilteredDataType: datadogV2.SECURITYFILTERFILTEREDDATATYPE_LOGS,
				IsEnabled:        true,
				Name:             "Example-Create_a_security_filter_returns_OK_response",
				Query:            "service:ExampleCreateasecurityfilterreturnsOKresponse",
			},
			Type: datadogV2.SECURITYFILTERTYPE_SECURITY_FILTERS,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateSecurityFilter(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSecurityFilter`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSecurityFilter`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Create a security filter returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityFilterCreateAttributes;
import com.datadog.api.client.v2.model.SecurityFilterCreateData;
import com.datadog.api.client.v2.model.SecurityFilterCreateRequest;
import com.datadog.api.client.v2.model.SecurityFilterExclusionFilter;
import com.datadog.api.client.v2.model.SecurityFilterFilteredDataType;
import com.datadog.api.client.v2.model.SecurityFilterResponse;
import com.datadog.api.client.v2.model.SecurityFilterType;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityFilterCreateRequest body =
        new SecurityFilterCreateRequest()
            .data(
                new SecurityFilterCreateData()
                    .attributes(
                        new SecurityFilterCreateAttributes()
                            .exclusionFilters(
                                Collections.singletonList(
                                    new SecurityFilterExclusionFilter()
                                        .name("Exclude staging")
                                        .query("source:staging")))
                            .filteredDataType(SecurityFilterFilteredDataType.LOGS)
                            .isEnabled(true)
                            .name("Example-Create_a_security_filter_returns_OK_response")
                            .query("service:ExampleCreateasecurityfilterreturnsOKresponse"))
                    .type(SecurityFilterType.SECURITY_FILTERS));

    try {
      SecurityFilterResponse result = apiInstance.createSecurityFilter(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#createSecurityFilter");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
"""
Create a security filter returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_filter_create_attributes import SecurityFilterCreateAttributes
from datadog_api_client.v2.model.security_filter_create_data import SecurityFilterCreateData
from datadog_api_client.v2.model.security_filter_create_request import SecurityFilterCreateRequest
from datadog_api_client.v2.model.security_filter_exclusion_filter import SecurityFilterExclusionFilter
from datadog_api_client.v2.model.security_filter_filtered_data_type import SecurityFilterFilteredDataType
from datadog_api_client.v2.model.security_filter_type import SecurityFilterType

body = SecurityFilterCreateRequest(
    data=SecurityFilterCreateData(
        attributes=SecurityFilterCreateAttributes(
            exclusion_filters=[
                SecurityFilterExclusionFilter(
                    name="Exclude staging",
                    query="source:staging",
                ),
            ],
            filtered_data_type=SecurityFilterFilteredDataType.LOGS,
            is_enabled=True,
            name="Example-Create_a_security_filter_returns_OK_response",
            query="service:ExampleCreateasecurityfilterreturnsOKresponse",
        ),
        type=SecurityFilterType.SECURITY_FILTERS,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_security_filter(body=body)

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Create a security filter returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityFilterCreateRequest.new({
  data: DatadogAPIClient::V2::SecurityFilterCreateData.new({
    attributes: DatadogAPIClient::V2::SecurityFilterCreateAttributes.new({
      exclusion_filters: [
        DatadogAPIClient::V2::SecurityFilterExclusionFilter.new({
          name: "Exclude staging",
          query: "source:staging",
        }),
      ],
      filtered_data_type: DatadogAPIClient::V2::SecurityFilterFilteredDataType::LOGS,
      is_enabled: true,
      name: "Example-Create_a_security_filter_returns_OK_response",
      query: "service:ExampleCreateasecurityfilterreturnsOKresponse",
    }),
    type: DatadogAPIClient::V2::SecurityFilterType::SECURITY_FILTERS,
  }),
})
p api_instance.create_security_filter(body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
/**
 * Create a security filter returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateSecurityFilterRequest = {
  body: {
    data: {
      attributes: {
        exclusionFilters: [
          {
            name: "Exclude staging",
            query: "source:staging",
          },
        ],
        filteredDataType: "logs",
        isEnabled: true,
        name: "Example-Create_a_security_filter_returns_OK_response",
        query: "service:ExampleCreateasecurityfilterreturnsOKresponse",
      },
      type: "security_filters",
    },
  },
};

apiInstance
  .createSecurityFilter(params)
  .then((data: v2.SecurityFilterResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

Delete a security filter

DELETE https://api.datadoghq.eu/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}

概要

Delete a specific security filter. This endpoint requires the security_monitoring_filters_write authorization scope.

引数

パスパラメーター

名前

種類

説明

security_filter_id [required]

string

The ID of the security filter.

応答

OK

Not Authorized

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

コード例


# Path parameters
export security_filter_id="CHANGE_ME"
# Curl command
curl -X DELETE "https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/${security_filter_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"



           
// Delete a security filter returns "No Content" response

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "security_filter" in the system
	SecurityFilterDataID := os.Getenv("SECURITY_FILTER_DATA_ID")

	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	r, err := api.DeleteSecurityFilter(ctx, SecurityFilterDataID)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.DeleteSecurityFilter`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Delete a security filter returns "No Content" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "security_filter" in the system
    String SECURITY_FILTER_DATA_ID = System.getenv("SECURITY_FILTER_DATA_ID");

    try {
      apiInstance.deleteSecurityFilter(SECURITY_FILTER_DATA_ID);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#deleteSecurityFilter");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
"""
Delete a security filter returns "No Content" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

# there is a valid "security_filter" in the system
SECURITY_FILTER_DATA_ID = environ["SECURITY_FILTER_DATA_ID"]

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    api_instance.delete_security_filter(
        security_filter_id=SECURITY_FILTER_DATA_ID,
    )

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Delete a security filter returns "No Content" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "security_filter" in the system
SECURITY_FILTER_DATA_ID = ENV["SECURITY_FILTER_DATA_ID"]
api_instance.delete_security_filter(SECURITY_FILTER_DATA_ID)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
/**
 * Delete a security filter returns "No Content" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "security_filter" in the system
const SECURITY_FILTER_DATA_ID = process.env.SECURITY_FILTER_DATA_ID as string;

const params: v2.SecurityMonitoringApiDeleteSecurityFilterRequest = {
  securityFilterId: SECURITY_FILTER_DATA_ID,
};

apiInstance
  .deleteSecurityFilter(params)
  .then((data: any) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

Get a security filter

GET https://api.datadoghq.eu/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}

概要

Get the details of a specific security filter.

See the security filter guide for more examples.

This endpoint requires the security_monitoring_filters_read authorization scope.

引数

パスパラメーター

名前

種類

説明

security_filter_id [required]

string

The ID of the security filter.

応答

OK

Response object which includes a single security filter.

Expand All

フィールド

種類

説明

data

object

The security filter's properties.

attributes

object

The object describing a security filter.

exclusion_filters

[object]

The list of exclusion filters applied in this security filter.

name

string

The exclusion filter name.

query

string

The exclusion filter query.

filtered_data_type

enum

The filtered data type. Allowed enum values: logs

is_builtin

boolean

Whether the security filter is the built-in filter.

is_enabled

boolean

Whether the security filter is enabled.

name

string

The security filter name.

query

string

The security filter query. Logs accepted by this query will be accepted by this filter.

version

int32

The version of the security filter.

id

string

The ID of the security filter.

type

enum

The type of the resource. The value should always be security_filters. Allowed enum values: security_filters

meta

object

Optional metadata associated to the response.

warning

string

A warning message.

{
  "data": {
    "attributes": {
      "exclusion_filters": [
        {
          "name": "Exclude staging",
          "query": "source:staging"
        }
      ],
      "filtered_data_type": "logs",
      "is_builtin": false,
      "is_enabled": false,
      "name": "Custom security filter",
      "query": "service:api",
      "version": 1
    },
    "id": "3dd-0uc-h1s",
    "type": "security_filters"
  },
  "meta": {
    "warning": "All the security filters are disabled. As a result, no logs are being analyzed."
  }
}

Not Authorized

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

コード例


# Path parameters
export security_filter_id="CHANGE_ME"
# Curl command
curl -X GET "https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/${security_filter_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"



           
// Get a security filter returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "security_filter" in the system
	SecurityFilterDataID := os.Getenv("SECURITY_FILTER_DATA_ID")

	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetSecurityFilter(ctx, SecurityFilterDataID)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetSecurityFilter`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetSecurityFilter`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Get a security filter returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityFilterResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "security_filter" in the system
    String SECURITY_FILTER_DATA_ID = System.getenv("SECURITY_FILTER_DATA_ID");

    try {
      SecurityFilterResponse result = apiInstance.getSecurityFilter(SECURITY_FILTER_DATA_ID);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#getSecurityFilter");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
"""
Get a security filter returns "OK" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

# there is a valid "security_filter" in the system
SECURITY_FILTER_DATA_ID = environ["SECURITY_FILTER_DATA_ID"]

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_security_filter(
        security_filter_id=SECURITY_FILTER_DATA_ID,
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Get a security filter returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "security_filter" in the system
SECURITY_FILTER_DATA_ID = ENV["SECURITY_FILTER_DATA_ID"]
p api_instance.get_security_filter(SECURITY_FILTER_DATA_ID)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
/**
 * Get a security filter returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "security_filter" in the system
const SECURITY_FILTER_DATA_ID = process.env.SECURITY_FILTER_DATA_ID as string;

const params: v2.SecurityMonitoringApiGetSecurityFilterRequest = {
  securityFilterId: SECURITY_FILTER_DATA_ID,
};

apiInstance
  .getSecurityFilter(params)
  .then((data: v2.SecurityFilterResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

Get a signal's details

GET https://api.datadoghq.eu/api/v2/security_monitoring/signals/{signal_id}https://api.ddog-gov.com/api/v2/security_monitoring/signals/{signal_id}https://api.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}

概要

Get a signal’s details. This endpoint requires the security_monitoring_rules_read authorization scope.

引数

パスパラメーター

名前

種類

説明

signal_id [required]

string

The ID of the signal.

応答

OK

Object description of a security signal.

Expand All

フィールド

種類

説明

attributes

object

The object containing all signal attributes and their associated values.

attributes

object

A JSON object of attributes in the security signal.

message

string

The message in the security signal defined by the rule that generated the signal.

tags

[string]

An array of tags associated with the security signal.

timestamp

date-time

The timestamp of the security signal.

id

string

The unique ID of the security signal.

type

enum

The type of event. Allowed enum values: signal

{
  "attributes": {
    "attributes": {
      "workflow": {
        "first_seen": "2020-06-23T14:46:01.000Z",
        "last_seen": "2020-06-23T14:46:49.000Z",
        "rule": {
          "id": "0f5-e0c-805",
          "name": "Brute Force Attack Grouped By User ",
          "version": 12
        }
      }
    },
    "message": "Detect Account Take Over (ATO) through brute force attempts",
    "tags": [
      "security:attack",
      "technique:T1110-brute-force"
    ],
    "timestamp": "2019-01-02T09:42:36.320Z"
  },
  "id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA",
  "type": "signal"
}

Not Found

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

コード例


# Path parameters
export signal_id="CHANGE_ME"
# Curl command
curl -X GET "https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/signals/${signal_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"



           
// Get a signal's details returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetSecurityMonitoringSignal(ctx, "AQAAAYNqUBVU4-rffwAAAABBWU5xVUJWVUFBQjJBd3ptMDdQUnF3QUE")

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetSecurityMonitoringSignal`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetSecurityMonitoringSignal`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Get a signal's details returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSignal;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      SecurityMonitoringSignal result =
          apiInstance.getSecurityMonitoringSignal(
              "AQAAAYNqUBVU4-rffwAAAABBWU5xVUJWVUFBQjJBd3ptMDdQUnF3QUE");
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#getSecurityMonitoringSignal");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
"""
Get a signal's details returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_security_monitoring_signal(
        signal_id="AQAAAYNqUBVU4-rffwAAAABBWU5xVUJWVUFBQjJBd3ptMDdQUnF3QUE",
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Get a signal's details returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.get_security_monitoring_signal("AQAAAYNqUBVU4-rffwAAAABBWU5xVUJWVUFBQjJBd3ptMDdQUnF3QUE")

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
/**
 * Get a signal's details returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiGetSecurityMonitoringSignalRequest = {
  signalId: "AQAAAYNqUBVU4-rffwAAAABBWU5xVUJWVUFBQjJBd3ptMDdQUnF3QUE",
};

apiInstance
  .getSecurityMonitoringSignal(params)
  .then((data: v2.SecurityMonitoringSignal) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

Get all security filters

GET https://api.datadoghq.eu/api/v2/security_monitoring/configuration/security_filtershttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/security_filtershttps://api.datadoghq.com/api/v2/security_monitoring/configuration/security_filtershttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/security_filtershttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters

概要

Get the list of configured security filters with their definitions. This endpoint requires the security_monitoring_filters_read authorization scope.

応答

OK

All the available security filters objects.

Expand All

フィールド

種類

説明

data

[object]

A list of security filters objects.

attributes

object

The object describing a security filter.

exclusion_filters

[object]

The list of exclusion filters applied in this security filter.

name

string

The exclusion filter name.

query

string

The exclusion filter query.

filtered_data_type

enum

The filtered data type. Allowed enum values: logs

is_builtin

boolean

Whether the security filter is the built-in filter.

is_enabled

boolean

Whether the security filter is enabled.

name

string

The security filter name.

query

string

The security filter query. Logs accepted by this query will be accepted by this filter.

version

int32

The version of the security filter.

id

string

The ID of the security filter.

type

enum

The type of the resource. The value should always be security_filters. Allowed enum values: security_filters

meta

object

Optional metadata associated to the response.

warning

string

A warning message.

{
  "data": [
    {
      "attributes": {
        "exclusion_filters": [
          {
            "name": "Exclude staging",
            "query": "source:staging"
          }
        ],
        "filtered_data_type": "logs",
        "is_builtin": false,
        "is_enabled": false,
        "name": "Custom security filter",
        "query": "service:api",
        "version": 1
      },
      "id": "3dd-0uc-h1s",
      "type": "security_filters"
    }
  ],
  "meta": {
    "warning": "All the security filters are disabled. As a result, no logs are being analyzed."
  }
}

Not Authorized

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

コード例


# Curl command
curl -X GET "https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"



           
// Get all security filters returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.ListSecurityFilters(ctx)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ListSecurityFilters`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.ListSecurityFilters`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Get all security filters returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityFiltersResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      SecurityFiltersResponse result = apiInstance.listSecurityFilters();
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#listSecurityFilters");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
"""
Get all security filters returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.list_security_filters()

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Get all security filters returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.list_security_filters()

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
/**
 * Get all security filters returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

apiInstance
  .listSecurityFilters()
  .then((data: v2.SecurityFiltersResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

Modify the triage assignee of a security signal

PATCH https://api.datadoghq.eu/api/v1/security_analytics/signals/{signal_id}/assigneehttps://api.ddog-gov.com/api/v1/security_analytics/signals/{signal_id}/assigneehttps://api.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/assigneehttps://api.us3.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/assigneehttps://api.us5.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/assignee

概要

セキュリティシグナルのトリアージアサインメントを変更します。

引数

パスパラメーター

名前

種類

説明

signal_id [required]

string

The ID of the signal.

リクエスト

Body Data (required)

シグナルの更新を記述する属性。

Expand All

フィールド

種類

説明

assignee [required]

string

The UUID of the user being assigned. Use empty string to return signal to unassigned.

version

int64

Version of the updated signal. If server side version is higher, update will be rejected.

{
  "assignee": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
}

応答

OK

Updated signal data following a successfully performed update.

Expand All

フィールド

種類

説明

status

string

Status of the response.

{
  "status": "string"
}

Bad Request

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Forbidden

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

コード例

  
  # Path parameters
export signal_id="CHANGE_ME"
# Curl command
curl -X PATCH "https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v1/security_analytics/signals/${signal_id}/assignee" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "assignee": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
}
EOF


  
                        
// Modify the triage assignee of a security signal returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV1"
)

func main() {
	body := datadogV1.SignalAssigneeUpdateRequest{
		Assignee: "773b045d-ccf8-4808-bd3b-955ef6a8c940",
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV1.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.EditSecurityMonitoringSignalAssignee(ctx, "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.EditSecurityMonitoringSignalAssignee`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.EditSecurityMonitoringSignalAssignee`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Modify the triage assignee of a security signal returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v1.api.SecurityMonitoringApi;
import com.datadog.api.client.v1.model.SignalAssigneeUpdateRequest;
import com.datadog.api.client.v1.model.SuccessfulSignalUpdateResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SignalAssigneeUpdateRequest body =
        new SignalAssigneeUpdateRequest().assignee("773b045d-ccf8-4808-bd3b-955ef6a8c940");

    try {
      SuccessfulSignalUpdateResponse result =
          apiInstance.editSecurityMonitoringSignalAssignee(
              "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#editSecurityMonitoringSignalAssignee");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
"""
Modify the triage assignee of a security signal returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v1.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v1.model.signal_assignee_update_request import SignalAssigneeUpdateRequest

body = SignalAssigneeUpdateRequest(
    assignee="773b045d-ccf8-4808-bd3b-955ef6a8c940",
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.edit_security_monitoring_signal_assignee(
        signal_id="AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body=body
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Modify the triage assignee of a security signal returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V1::SecurityMonitoringAPI.new

body = DatadogAPIClient::V1::SignalAssigneeUpdateRequest.new({
  assignee: "773b045d-ccf8-4808-bd3b-955ef6a8c940",
})
p api_instance.edit_security_monitoring_signal_assignee("AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
/**
 * Modify the triage assignee of a security signal returns "OK" response
 */

import { client, v1 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v1.SecurityMonitoringApi(configuration);

const params: v1.SecurityMonitoringApiEditSecurityMonitoringSignalAssigneeRequest =
  {
    body: {
      assignee: "773b045d-ccf8-4808-bd3b-955ef6a8c940",
    },
    signalId: "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE",
  };

apiInstance
  .editSecurityMonitoringSignalAssignee(params)
  .then((data: v1.SuccessfulSignalUpdateResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

PATCH https://api.datadoghq.eu/api/v2/security_monitoring/signals/{signal_id}/assigneehttps://api.ddog-gov.com/api/v2/security_monitoring/signals/{signal_id}/assigneehttps://api.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/assigneehttps://api.us3.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/assigneehttps://api.us5.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/assignee

概要

セキュリティシグナルのトリアージアサインメントを変更します。

引数

パスパラメーター

名前

種類

説明

signal_id [required]

string

The ID of the signal.

リクエスト

Body Data (required)

シグナルの更新を記述する属性。

Expand All

フィールド

種類

説明

data [required]

object

Data containing the patch for changing the assignee of a signal.

attributes [required]

object

Attributes describing the new assignee of a security signal.

assignee [required]

object

Object representing a given user entity.

handle

string

The handle for this user account.

id

int64

Numerical ID assigned by Datadog to this user account.

name

string

The name for this user account.

uuid [required]

string

UUID assigned by Datadog to this user account.

version

int64

Version of the updated signal. If server side version is higher, update will be rejected.

{
  "data": {
    "attributes": {
      "assignee": {
        "uuid": ""
      }
    }
  }
}

応答

OK

The response returned after all triage operations, containing the updated signal triage data.

Expand All

フィールド

種類

説明

data [required]

object

Data containing the updated triage attributes of the signal.

attributes

object

Attributes describing a triage state update operation over a security signal.

archive_comment

string

Optional comment to display on archived signals.

archive_comment_timestamp

int64

Timestamp of the last edit to the comment.

archive_comment_user

object

Object representing a given user entity.

handle

string

The handle for this user account.

id

int64

Numerical ID assigned by Datadog to this user account.

name

string

The name for this user account.

uuid [required]

string

UUID assigned by Datadog to this user account.

archive_reason

enum

Reason a signal is archived. Allowed enum values: none,false_positive,testing_or_maintenance,other

assignee [required]

object

Object representing a given user entity.

handle

string

The handle for this user account.

id

int64

Numerical ID assigned by Datadog to this user account.

name

string

The name for this user account.

uuid [required]

string

UUID assigned by Datadog to this user account.

incident_ids [required]

[integer]

Array of incidents that are associated with this signal.

state [required]

enum

The new triage state of the signal. Allowed enum values: open,archived,under_review

state_update_timestamp

int64

Timestamp of the last update to the signal state.

state_update_user

object

Object representing a given user entity.

handle

string

The handle for this user account.

id

int64

Numerical ID assigned by Datadog to this user account.

name

string

The name for this user account.

uuid [required]

string

UUID assigned by Datadog to this user account.

{
  "data": {
    "attributes": {
      "archive_comment": "string",
      "archive_comment_timestamp": "integer",
      "archive_comment_user": {
        "handle": "string",
        "id": "integer",
        "name": "string",
        "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
      },
      "archive_reason": "string",
      "assignee": {
        "handle": "string",
        "id": "integer",
        "name": "string",
        "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
      },
      "incident_ids": [],
      "state": "string",
      "state_update_timestamp": "integer",
      "state_update_user": {
        "handle": "string",
        "id": "integer",
        "name": "string",
        "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
      }
    }
  }
}

Bad Request

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Forbidden

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

コード例

  
  # Path parameters
export signal_id="CHANGE_ME"
# Curl command
curl -X PATCH "https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/signals/${signal_id}/assignee" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "assignee": {
        "uuid": ""
      }
    }
  }
}
EOF


  
                        
// Modify the triage assignee of a security signal returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityMonitoringSignalAssigneeUpdateRequest{
		Data: datadogV2.SecurityMonitoringSignalAssigneeUpdateData{
			Attributes: datadogV2.SecurityMonitoringSignalAssigneeUpdateAttributes{
				Assignee: datadogV2.SecurityMonitoringTriageUser{
					Uuid: "",
				},
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.EditSecurityMonitoringSignalAssignee(ctx, "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.EditSecurityMonitoringSignalAssignee`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.EditSecurityMonitoringSignalAssignee`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Modify the triage assignee of a security signal returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalAssigneeUpdateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalAssigneeUpdateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalAssigneeUpdateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalTriageUpdateResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringTriageUser;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringSignalAssigneeUpdateRequest body =
        new SecurityMonitoringSignalAssigneeUpdateRequest()
            .data(
                new SecurityMonitoringSignalAssigneeUpdateData()
                    .attributes(
                        new SecurityMonitoringSignalAssigneeUpdateAttributes()
                            .assignee(new SecurityMonitoringTriageUser().uuid(""))));

    try {
      SecurityMonitoringSignalTriageUpdateResponse result =
          apiInstance.editSecurityMonitoringSignalAssignee(
              "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#editSecurityMonitoringSignalAssignee");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
"""
Modify the triage assignee of a security signal returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_signal_assignee_update_attributes import (
    SecurityMonitoringSignalAssigneeUpdateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_signal_assignee_update_data import (
    SecurityMonitoringSignalAssigneeUpdateData,
)
from datadog_api_client.v2.model.security_monitoring_signal_assignee_update_request import (
    SecurityMonitoringSignalAssigneeUpdateRequest,
)
from datadog_api_client.v2.model.security_monitoring_triage_user import SecurityMonitoringTriageUser

body = SecurityMonitoringSignalAssigneeUpdateRequest(
    data=SecurityMonitoringSignalAssigneeUpdateData(
        attributes=SecurityMonitoringSignalAssigneeUpdateAttributes(
            assignee=SecurityMonitoringTriageUser(
                uuid="",
            ),
        ),
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.edit_security_monitoring_signal_assignee(
        signal_id="AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body=body
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Modify the triage assignee of a security signal returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringSignalAssigneeUpdateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringSignalAssigneeUpdateData.new({
    attributes: DatadogAPIClient::V2::SecurityMonitoringSignalAssigneeUpdateAttributes.new({
      assignee: DatadogAPIClient::V2::SecurityMonitoringTriageUser.new({
        uuid: "",
      }),
    }),
  }),
})
p api_instance.edit_security_monitoring_signal_assignee("AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
/**
 * Modify the triage assignee of a security signal returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiEditSecurityMonitoringSignalAssigneeRequest =
  {
    body: {
      data: {
        attributes: {
          assignee: {
            uuid: "",
          },
        },
      },
    },
    signalId: "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE",
  };

apiInstance
  .editSecurityMonitoringSignalAssignee(params)
  .then((data: v2.SecurityMonitoringSignalTriageUpdateResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

Update a security filter

PATCH https://api.datadoghq.eu/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}

概要

Update a specific security filter. Returns the security filter object when the request is successful. This endpoint requires the security_monitoring_filters_write authorization scope.

引数

パスパラメーター

名前

種類

説明

security_filter_id [required]

string

The ID of the security filter.

リクエスト

Body Data (required)

New definition of the security filter.

Expand All

フィールド

種類

説明

data [required]

object

The new security filter properties.

attributes [required]

object

The security filters properties to be updated.

exclusion_filters

[object]

Exclusion filters to exclude some logs from the security filter.

name [required]

string

Exclusion filter name.

query [required]

string

Exclusion filter query. Logs that match this query are excluded from the security filter.

filtered_data_type

enum

The filtered data type. Allowed enum values: logs

is_enabled

boolean

Whether the security filter is enabled.

name

string

The name of the security filter.

query

string

The query of the security filter.

version

int32

The version of the security filter to update.

type [required]

enum

The type of the resource. The value should always be security_filters. Allowed enum values: security_filters

{
  "data": {
    "attributes": {
      "exclusion_filters": [],
      "filtered_data_type": "logs",
      "is_enabled": true,
      "name": "Example-Update_a_security_filter_returns_OK_response",
      "query": "service:ExampleUpdateasecurityfilterreturnsOKresponse",
      "version": 1
    },
    "type": "security_filters"
  }
}

応答

OK

Response object which includes a single security filter.

Expand All

フィールド

種類

説明

data

object

The security filter's properties.

attributes

object

The object describing a security filter.

exclusion_filters

[object]

The list of exclusion filters applied in this security filter.

name

string

The exclusion filter name.

query

string

The exclusion filter query.

filtered_data_type

enum

The filtered data type. Allowed enum values: logs

is_builtin

boolean

Whether the security filter is the built-in filter.

is_enabled

boolean

Whether the security filter is enabled.

name

string

The security filter name.

query

string

The security filter query. Logs accepted by this query will be accepted by this filter.

version

int32

The version of the security filter.

id

string

The ID of the security filter.

type

enum

The type of the resource. The value should always be security_filters. Allowed enum values: security_filters

meta

object

Optional metadata associated to the response.

warning

string

A warning message.

{
  "data": {
    "attributes": {
      "exclusion_filters": [
        {
          "name": "Exclude staging",
          "query": "source:staging"
        }
      ],
      "filtered_data_type": "logs",
      "is_builtin": false,
      "is_enabled": false,
      "name": "Custom security filter",
      "query": "service:api",
      "version": 1
    },
    "id": "3dd-0uc-h1s",
    "type": "security_filters"
  },
  "meta": {
    "warning": "All the security filters are disabled. As a result, no logs are being analyzed."
  }
}