Language

日本語 English Français 한국어 Español

Datadog Site

Site help
US1 US3 US5 EU AP1 AP2 US1-FED US2-FED

セキュリティモニタリング

セキュリティ ルール、シグナル、フィルターなどを作成および管理します。詳細については、Datadog Security ページをご覧ください。

Change the triage state of a security signal

PATCH https://api.ap1.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/statehttps://api.ap2.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/statehttps://api.datadoghq.eu/api/v1/security_analytics/signals/{signal_id}/statehttps://api.ddog-gov.com/api/v1/security_analytics/signals/{signal_id}/statehttps://api.us2.ddog-gov.com/api/v1/security_analytics/signals/{signal_id}/statehttps://api.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/statehttps://api.us3.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/statehttps://api.us5.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/state

概要

セキュリティシグナルのトリアージ状態を変更します。 This endpoint requires the security_monitoring_signals_write permission.

引数

パスパラメーター

名前

種類

説明

signal_id [required]

string

The ID of the signal.

リクエスト

Body Data (required)

シグナルの更新を記述する属性。

Expand All

フィールド

種類

説明

archiveComment

string

Optional comment to explain why a signal is being archived.

archiveReason

enum

Reason why a signal has been archived. Allowed enum values: none,false_positive,testing_or_maintenance,investigated_case_opened,true_positive_benign,true_positive_malicious,other

state [required]

enum

The new triage state of the signal. Allowed enum values: open,archived,under_review

version

int64

Version of the updated signal. If server side version is higher, update will be rejected.

{
  "archiveReason": "none",
  "state": "open"
}

応答

OK

Updated signal data following a successfully performed update.

Expand All

フィールド

種類

説明

status

string

Status of the response.

{
  "status": "string"
}

Bad Request

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Forbidden

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

コード例

                          ## default
# 

# Path parameters
export signal_id="CHANGE_ME"
# Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v1/security_analytics/signals/${signal_id}/state" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "archiveReason": "none",
  "state": "open",
  "version": 0
}
EOF

                        
// Change the triage state of a security signal returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV1"
)

func main() {
	body := datadogV1.SignalStateUpdateRequest{
		ArchiveReason: datadogV1.SIGNALARCHIVEREASON_NONE.Ptr(),
		State:         datadogV1.SIGNALTRIAGESTATE_OPEN,
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV1.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.EditSecurityMonitoringSignalState(ctx, "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.EditSecurityMonitoringSignalState`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.EditSecurityMonitoringSignalState`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Change the triage state of a security signal returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v1.api.SecurityMonitoringApi;
import com.datadog.api.client.v1.model.SignalArchiveReason;
import com.datadog.api.client.v1.model.SignalStateUpdateRequest;
import com.datadog.api.client.v1.model.SignalTriageState;
import com.datadog.api.client.v1.model.SuccessfulSignalUpdateResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SignalStateUpdateRequest body =
        new SignalStateUpdateRequest()
            .archiveReason(SignalArchiveReason.NONE)
            .state(SignalTriageState.OPEN);

    try {
      SuccessfulSignalUpdateResponse result =
          apiInstance.editSecurityMonitoringSignalState(
              "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#editSecurityMonitoringSignalState");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
"""
Change the triage state of a security signal returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v1.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v1.model.signal_archive_reason import SignalArchiveReason
from datadog_api_client.v1.model.signal_state_update_request import SignalStateUpdateRequest
from datadog_api_client.v1.model.signal_triage_state import SignalTriageState

body = SignalStateUpdateRequest(
    archive_reason=SignalArchiveReason.NONE,
    state=SignalTriageState.OPEN,
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.edit_security_monitoring_signal_state(
        signal_id="AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body=body
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Change the triage state of a security signal returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V1::SecurityMonitoringAPI.new

body = DatadogAPIClient::V1::SignalStateUpdateRequest.new({
  archive_reason: DatadogAPIClient::V1::SignalArchiveReason::NONE,
  state: DatadogAPIClient::V1::SignalTriageState::OPEN,
})
p api_instance.edit_security_monitoring_signal_state("AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
// Change the triage state of a security signal returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV1::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV1::model::SignalArchiveReason;
use datadog_api_client::datadogV1::model::SignalStateUpdateRequest;
use datadog_api_client::datadogV1::model::SignalTriageState;

#[tokio::main]
async fn main() {
    let body = SignalStateUpdateRequest::new(SignalTriageState::OPEN)
        .archive_reason(SignalArchiveReason::NONE);
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .edit_security_monitoring_signal_state(
            "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE".to_string(),
            body,
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run
/**
 * Change the triage state of a security signal returns "OK" response
 */

import { client, v1 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v1.SecurityMonitoringApi(configuration);

const params: v1.SecurityMonitoringApiEditSecurityMonitoringSignalStateRequest =
  {
    body: {
      archiveReason: "none",
      state: "open",
    },
    signalId: "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE",
  };

apiInstance
  .editSecurityMonitoringSignalState(params)
  .then((data: v1.SuccessfulSignalUpdateResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

PATCH https://api.ap1.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/statehttps://api.ap2.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/statehttps://api.datadoghq.eu/api/v2/security_monitoring/signals/{signal_id}/statehttps://api.ddog-gov.com/api/v2/security_monitoring/signals/{signal_id}/statehttps://api.us2.ddog-gov.com/api/v2/security_monitoring/signals/{signal_id}/statehttps://api.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/statehttps://api.us3.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/statehttps://api.us5.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/state

概要

セキュリティシグナルのトリアージ状態を変更します。 This endpoint requires the security_monitoring_signals_write permission.

引数

パスパラメーター

名前

種類

説明

signal_id [required]

string

The ID of the signal.

リクエスト

Body Data (required)

シグナルの更新を記述する属性。

Expand All

フィールド

種類

説明

data [required]

object

Data containing the patch for changing the state of a signal.

attributes [required]

object

Attributes describing the change of state of a security signal.

archive_comment

string

Optional comment to display on archived signals.

archive_reason

enum

Reason a signal is archived. Allowed enum values: none,false_positive,testing_or_maintenance,remediated,investigated_case_opened,true_positive_benign,true_positive_malicious,other

state [required]

enum

The new triage state of the signal. Allowed enum values: open,archived,under_review

version

int64

Version of the updated signal. If server side version is higher, update will be rejected.

id

The unique ID of the security signal.

type

enum

The type of event. Allowed enum values: signal_metadata

default: signal_metadata

{
  "data": {
    "attributes": {
      "archive_reason": "none",
      "state": "open"
    }
  }
}

応答

OK

The response returned after all triage operations, containing the updated signal triage data.

Expand All

フィールド

種類

説明

data [required]

object

Data containing the updated triage attributes of the signal.

attributes

object

Attributes describing a triage state update operation over a security signal.

archive_comment

string

Optional comment to display on archived signals.

archive_comment_timestamp

int64

Timestamp of the last edit to the comment.

archive_comment_user

object

Object representing a given user entity.

handle

string

The handle for this user account.

icon

string

Gravatar icon associated to the user.

id

int64

Numerical ID assigned by Datadog to this user account.

name

string

The name for this user account.

uuid [required]

string

UUID assigned by Datadog to this user account.

archive_reason

enum

Reason a signal is archived. Allowed enum values: none,false_positive,testing_or_maintenance,remediated,investigated_case_opened,true_positive_benign,true_positive_malicious,other

assignee [required]

object

Object representing a given user entity.

handle

string

The handle for this user account.

icon

string

Gravatar icon associated to the user.

id

int64

Numerical ID assigned by Datadog to this user account.

name

string

The name for this user account.

uuid [required]

string

UUID assigned by Datadog to this user account.

incident_ids [required]

[integer]

Array of incidents that are associated with this signal.

state [required]

enum

The new triage state of the signal. Allowed enum values: open,archived,under_review

state_update_timestamp

int64

Timestamp of the last update to the signal state.

state_update_user

object

Object representing a given user entity.

handle

string

The handle for this user account.

icon

string

Gravatar icon associated to the user.

id

int64

Numerical ID assigned by Datadog to this user account.

name

string

The name for this user account.

uuid [required]

string

UUID assigned by Datadog to this user account.

id

string

The unique ID of the security signal.

type

enum

The type of event. Allowed enum values: signal_metadata

default: signal_metadata

{
  "data": {
    "attributes": {
      "archive_comment": "string",
      "archive_comment_timestamp": "integer",
      "archive_comment_user": {
        "handle": "string",
        "icon": "/path/to/matching/gravatar/icon",
        "id": "integer",
        "name": "string",
        "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
      },
      "archive_reason": "string",
      "assignee": {
        "handle": "string",
        "icon": "/path/to/matching/gravatar/icon",
        "id": "integer",
        "name": "string",
        "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
      },
      "incident_ids": [
        2066
      ],
      "state": "open",
      "state_update_timestamp": "integer",
      "state_update_user": {
        "handle": "string",
        "icon": "/path/to/matching/gravatar/icon",
        "id": "integer",
        "name": "string",
        "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
      }
    },
    "id": "string",
    "type": "signal_metadata"
  }
}

Bad Request

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

コード例

                          ## default
# 

# Path parameters
export signal_id="CHANGE_ME"
# Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/signals/${signal_id}/state" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "archive_reason": "none",
      "state": "archived"
    },
    "type": "signal_metadata"
  }
}
EOF

                        
// Change the triage state of a security signal returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityMonitoringSignalStateUpdateRequest{
		Data: datadogV2.SecurityMonitoringSignalStateUpdateData{
			Attributes: datadogV2.SecurityMonitoringSignalStateUpdateAttributes{
				ArchiveReason: datadogV2.SECURITYMONITORINGSIGNALARCHIVEREASON_NONE.Ptr(),
				State:         datadogV2.SECURITYMONITORINGSIGNALSTATE_OPEN,
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.EditSecurityMonitoringSignalState(ctx, "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.EditSecurityMonitoringSignalState`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.EditSecurityMonitoringSignalState`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Change the triage state of a security signal returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalArchiveReason;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalState;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalStateUpdateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalStateUpdateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalStateUpdateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalTriageUpdateResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringSignalStateUpdateRequest body =
        new SecurityMonitoringSignalStateUpdateRequest()
            .data(
                new SecurityMonitoringSignalStateUpdateData()
                    .attributes(
                        new SecurityMonitoringSignalStateUpdateAttributes()
                            .archiveReason(SecurityMonitoringSignalArchiveReason.NONE)
                            .state(SecurityMonitoringSignalState.OPEN)));

    try {
      SecurityMonitoringSignalTriageUpdateResponse result =
          apiInstance.editSecurityMonitoringSignalState(
              "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#editSecurityMonitoringSignalState");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
"""
Change the triage state of a security signal returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_signal_archive_reason import SecurityMonitoringSignalArchiveReason
from datadog_api_client.v2.model.security_monitoring_signal_state import SecurityMonitoringSignalState
from datadog_api_client.v2.model.security_monitoring_signal_state_update_attributes import (
    SecurityMonitoringSignalStateUpdateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_signal_state_update_data import (
    SecurityMonitoringSignalStateUpdateData,
)
from datadog_api_client.v2.model.security_monitoring_signal_state_update_request import (
    SecurityMonitoringSignalStateUpdateRequest,
)

body = SecurityMonitoringSignalStateUpdateRequest(
    data=SecurityMonitoringSignalStateUpdateData(
        attributes=SecurityMonitoringSignalStateUpdateAttributes(
            archive_reason=SecurityMonitoringSignalArchiveReason.NONE,
            state=SecurityMonitoringSignalState.OPEN,
        ),
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.edit_security_monitoring_signal_state(
        signal_id="AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body=body
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Change the triage state of a security signal returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringSignalStateUpdateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringSignalStateUpdateData.new({
    attributes: DatadogAPIClient::V2::SecurityMonitoringSignalStateUpdateAttributes.new({
      archive_reason: DatadogAPIClient::V2::SecurityMonitoringSignalArchiveReason::NONE,
      state: DatadogAPIClient::V2::SecurityMonitoringSignalState::OPEN,
    }),
  }),
})
p api_instance.edit_security_monitoring_signal_state("AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Change the triage state of a security signal returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringSignalArchiveReason;
use datadog_api_client::datadogV2::model::SecurityMonitoringSignalState;
use datadog_api_client::datadogV2::model::SecurityMonitoringSignalStateUpdateAttributes;
use datadog_api_client::datadogV2::model::SecurityMonitoringSignalStateUpdateData;
use datadog_api_client::datadogV2::model::SecurityMonitoringSignalStateUpdateRequest;

#[tokio::main]
async fn main() {
    let body = SecurityMonitoringSignalStateUpdateRequest::new(
        SecurityMonitoringSignalStateUpdateData::new(
            SecurityMonitoringSignalStateUpdateAttributes::new(SecurityMonitoringSignalState::OPEN)
                .archive_reason(SecurityMonitoringSignalArchiveReason::NONE),
        ),
    );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .edit_security_monitoring_signal_state(
            "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE".to_string(),
            body,
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
/**
 * Change the triage state of a security signal returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiEditSecurityMonitoringSignalStateRequest =
  {
    body: {
      data: {
        attributes: {
          archiveReason: "none",
          state: "open",
        },
      },
    },
    signalId: "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE",
  };

apiInstance
  .editSecurityMonitoringSignalState(params)
  .then((data: v2.SecurityMonitoringSignalTriageUpdateResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

List findings

Note: This endpoint uses the legacy security findings data model and is planned for deprecation. Use the search security findings endpoint, which is based on the new security findings schema, to search security findings. If you have any feedback, contact Datadog support.

GET https://api.ap1.datadoghq.com/api/v2/posture_management/findingshttps://api.ap2.datadoghq.com/api/v2/posture_management/findingshttps://api.datadoghq.eu/api/v2/posture_management/findingshttps://api.ddog-gov.com/api/v2/posture_management/findingshttps://api.us2.ddog-gov.com/api/v2/posture_management/findingshttps://api.datadoghq.com/api/v2/posture_management/findingshttps://api.us3.datadoghq.com/api/v2/posture_management/findingshttps://api.us5.datadoghq.com/api/v2/posture_management/findings

概要

Get a list of findings. These include both misconfigurations and identity risks.

Note: To filter and return only identity risks, add the following query parameter: ?filter[tags]=dd_rule_type:ciem

Filtering

Filters can be applied by appending query parameters to the URL.

  • Using a single filter: ?filter[attribute_key]=attribute_value
  • Chaining filters: ?filter[attribute_key]=attribute_value&filter[attribute_key]=attribute_value...
  • Filtering on tags: ?filter[tags]=tag_key:tag_value&filter[tags]=tag_key_2:tag_value_2

Here, attribute_key can be any of the filter keys described further below.

Query parameters of type integer support comparison operators (>, >=, <, <=). This is particularly useful when filtering by evaluation_changed_at or resource_discovery_timestamp. For example: ?filter[evaluation_changed_at]=>20123123121.

You can also use the negation operator on strings. For example, use filter[resource_type]=-aws* to filter for any non-AWS resources.

The operator must come after the equal sign. For example, to filter with the >= operator, add the operator after the equal sign: filter[evaluation_changed_at]=>=1678809373257.

Query parameters must be only among the documented ones and with values of correct types. Duplicated query parameters (e.g. filter[status]=low&filter[status]=info) are not allowed.

Additional extension fields

Additional extension fields are available for some findings.

The data is available when you include the query parameter ?detailed_findings=true in the request.

The following fields are available for findings:

  • external_id: The resource external ID related to the finding.
  • description: The description and remediation steps for the finding.
  • datadog_link: The Datadog relative link for the finding.
  • ip_addresses: The list of private IP addresses for the resource related to the finding.

Response

The response includes an array of finding objects, pagination metadata, and a count of items that match the query.

Each finding object contains the following:

  • The finding ID that can be used in a GetFinding request to retrieve the full finding details.
  • Core attributes, including status, evaluation, high-level resource details, muted state, and rule details.
  • evaluation_changed_at and resource_discovery_date time stamps.
  • An array of associated tags.

OAuth apps require the security_monitoring_findings_read authorization scope to access this endpoint.

引数

クエリ文字列

名前

種類

説明

page[limit]

integer

Limit the number of findings returned. Must be <= 1000.

snapshot_timestamp

integer

Return findings for a given snapshot of time (Unix ms).

page[cursor]

string

Return the next page of findings pointed to by the cursor.

filter[tags]

string

Return findings that have these associated tags (repeatable).

filter[evaluation_changed_at]

string

Return findings that have changed from pass to fail or vice versa on a specified date (Unix ms) or date range (using comparison operators).

filter[muted]

boolean

Set to true to return findings that are muted. Set to false to return unmuted findings.

filter[rule_id]

string

Return findings for the specified rule ID.

filter[rule_name]

string

Return findings for the specified rule.

filter[resource_type]

string

Return only findings for the specified resource type.

filter[@resource_id]

string

Return only findings for the specified resource id.

filter[discovery_timestamp]

string

Return findings that were found on a specified date (Unix ms) or date range (using comparison operators).

filter[evaluation]

enum

Return only pass or fail findings.
Allowed enum values: pass, fail

filter[status]

enum

Return only findings with the specified status.
Allowed enum values: critical, high, medium, low, info

filter[vulnerability_type]

array

Return findings that match the selected vulnerability types (repeatable).

detailed_findings

boolean

Return additional fields for some findings.

応答

OK

The expected response schema when listing findings.

Expand All

フィールド

種類

説明

data [required]

[object]

Array of findings.

attributes

object

The JSON:API attributes of the finding.

datadog_link

string

The Datadog relative link for this finding.

description

string

The description and remediation steps for this finding.

evaluation

enum

The evaluation of the finding. Allowed enum values: pass,fail

evaluation_changed_at

int64

The date on which the evaluation for this finding changed (Unix ms).

external_id

string

The cloud-based ID for the resource related to the finding.

mute

object

Information about the mute status of this finding.

description

string

Additional information about the reason why this finding is muted or unmuted.

expiration_date

int64

The expiration date of the mute or unmute action (Unix ms).

muted

boolean

Whether this finding is muted or unmuted.

reason

enum

The reason why this finding is muted or unmuted. Allowed enum values: PENDING_FIX,FALSE_POSITIVE,ACCEPTED_RISK,NO_PENDING_FIX,HUMAN_ERROR,NO_LONGER_ACCEPTED_RISK,OTHER

start_date

int64

The start of the mute period.

uuid

string

The ID of the user who muted or unmuted this finding.

resource

string

The resource name of this finding.

resource_discovery_date

int64

The date on which the resource was discovered (Unix ms).

resource_type

string

The resource type of this finding.

rule

object

The rule that triggered this finding.

id

string

The ID of the rule that triggered this finding.

name

string

The name of the rule that triggered this finding.

status

enum

The status of the finding. Allowed enum values: critical,high,medium,low,info

tags

[string]

The tags associated with this finding.

vulnerability_type

enum

The vulnerability type of the finding. Allowed enum values: misconfiguration,attack_path,identity_risk,api_security

id

string

The unique ID for this finding.

type

enum

The JSON:API type for findings. Allowed enum values: finding

default: finding

meta [required]

object

Metadata for pagination.

page

object

Pagination and findings count information.

cursor

string

The cursor used to paginate requests.

total_filtered_count

int64

The total count of findings after the filter has been applied.

snapshot_timestamp

int64

The point in time corresponding to the listed findings.

{
  "data": [
    {
      "attributes": {
        "datadog_link": "/security/compliance?panels=cpfinding%7Cevent%7CruleId%3Adef-000-u5t%7CresourceId%3Ae8c9ab7c52ebd7bf2fdb4db641082d7d%7CtabId%3Aoverview",
        "description": "## Remediation\n\n1. In the console, go to **Storage Account**.\n2. For each Storage Account, navigate to **Data Protection**.\n3. Select **Set soft delete enabled** and enter the number of days to retain soft deleted data.",
        "evaluation": "pass",
        "evaluation_changed_at": 1678721573794,
        "external_id": "arn:aws:s3:::my-example-bucket",
        "mute": {
          "description": "To be resolved later",
          "expiration_date": 1778721573794,
          "muted": true,
          "reason": "ACCEPTED_RISK",
          "start_date": 1678721573794,
          "uuid": "e51c9744-d158-11ec-ad23-da7ad0900002"
        },
        "resource": "my_resource_name",
        "resource_discovery_date": 1678721573794,
        "resource_type": "azure_storage_account",
        "rule": {
          "id": "dv2-jzf-41i",
          "name": "Soft delete is enabled for Azure Storage"
        },
        "status": "critical",
        "tags": [
          "cloud_provider:aws",
          "myTag:myValue"
        ],
        "vulnerability_type": "misconfiguration"
      },
      "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
      "type": "finding"
    }
  ],
  "meta": {
    "page": {
      "cursor": "eyJhZnRlciI6IkFRQUFBWWJiaEJXQS1OY1dqUUFBQUFCQldXSmlhRUpYUVVGQlJFSktkbTlDTUdaWFRVbDNRVUUiLCJ2YWx1ZXMiOlsiY3JpdGljYWwiXX0=",
      "total_filtered_count": 213
    },
    "snapshot_timestamp": 1678721573794
  }
}

Bad Request: The server cannot process the request due to invalid syntax in the request.

API error response.

Expand All

フィールド

種類

説明

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

meta

object

Non-standard meta-information about the error

source

object

References to the source of the error.

header

string

A string indicating the name of a single request header which caused the error.

parameter

string

A string indicating which URI query parameter caused the error.

pointer

string

A JSON pointer to the value in the request document that caused the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Forbidden: Access denied

API error response.

Expand All

フィールド

種類

説明

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

meta

object

Non-standard meta-information about the error

source

object

References to the source of the error.

header

string

A string indicating the name of a single request header which caused the error.

parameter

string

A string indicating which URI query parameter caused the error.

pointer

string

A JSON pointer to the value in the request document that caused the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Not Found: The requested finding cannot be found.

API error response.

Expand All

フィールド

種類

説明

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

meta

object

Non-standard meta-information about the error

source

object

References to the source of the error.

header

string

A string indicating the name of a single request header which caused the error.

parameter

string

A string indicating which URI query parameter caused the error.

pointer

string

A JSON pointer to the value in the request document that caused the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Too many requests: The rate limit set by the API has been exceeded.

API error response.

Expand All

フィールド

種類

説明

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

meta

object

Non-standard meta-information about the error

source

object

References to the source of the error.

header

string

A string indicating the name of a single request header which caused the error.

parameter

string

A string indicating which URI query parameter caused the error.

pointer

string

A JSON pointer to the value in the request document that caused the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

コード例

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/posture_management/findings" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

                
"""
List findings returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
configuration.unstable_operations["list_findings"] = True
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.list_findings()

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# List findings returns "OK" response

require "datadog_api_client"
DatadogAPIClient.configure do |config|
  config.unstable_operations["v2.list_findings".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.list_findings()

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// List findings returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	configuration.SetUnstableOperationEnabled("v2.ListFindings", true)
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.ListFindings(ctx, *datadogV2.NewListFindingsOptionalParameters())

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ListFindings`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.ListFindings`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// List findings returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.ListFindingsResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    defaultClient.setUnstableOperationEnabled("v2.listFindings", true);
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      ListFindingsResponse result = apiInstance.listFindings();
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#listFindings");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
// List findings returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::ListFindingsOptionalParams;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    let mut configuration = datadog::Configuration::new();
    configuration.set_unstable_operation_enabled("v2.ListFindings", true);
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .list_findings(ListFindingsOptionalParams::default())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
/**
 * List findings returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
configuration.unstableOperations["v2.listFindings"] = true;
const apiInstance = new v2.SecurityMonitoringApi(configuration);

apiInstance
  .listFindings()
  .then((data: v2.ListFindingsResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

Add a security signal to an incident

PATCH https://api.ap1.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/add_to_incidenthttps://api.ap2.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/add_to_incidenthttps://api.datadoghq.eu/api/v1/security_analytics/signals/{signal_id}/add_to_incidenthttps://api.ddog-gov.com/api/v1/security_analytics/signals/{signal_id}/add_to_incidenthttps://api.us2.ddog-gov.com/api/v1/security_analytics/signals/{signal_id}/add_to_incidenthttps://api.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/add_to_incidenthttps://api.us3.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/add_to_incidenthttps://api.us5.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/add_to_incident

概要

インシデントにセキュリティシグナルを追加します。これにより、シグナルエクスプローラー内でインシデント別にシグナルを検索したり、インシデントタイムライン上でシグナルを表示したりすることが可能になります。 This endpoint requires the security_monitoring_signals_write permission.

引数

パスパラメーター

名前

種類

説明

signal_id [required]

string

The ID of the signal.

リクエスト

Body Data (required)

シグナルの更新を記述する属性。

Expand All

フィールド

種類

説明

add_to_signal_timeline

boolean

Whether to post the signal on the incident timeline.

incident_id [required]

int64

Public ID attribute of the incident to which the signal will be added.

version

int64

Version of the updated signal. If server side version is higher, update will be rejected.

{
  "incident_id": 2609
}

応答

OK

Updated signal data following a successfully performed update.

Expand All

フィールド

種類

説明

status

string

Status of the response.

{
  "status": "string"
}

Bad Request

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Forbidden

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

コード例

                          ## default
# 

# Path parameters
export signal_id="CHANGE_ME"
# Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v1/security_analytics/signals/${signal_id}/add_to_incident" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "incident_id": 2066,
  "version": 0
}
EOF

                        
// Add a security signal to an incident returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV1"
)

func main() {
	body := datadogV1.AddSignalToIncidentRequest{
		IncidentId: 2609,
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV1.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.AddSecurityMonitoringSignalToIncident(ctx, "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.AddSecurityMonitoringSignalToIncident`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.AddSecurityMonitoringSignalToIncident`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Add a security signal to an incident returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v1.api.SecurityMonitoringApi;
import com.datadog.api.client.v1.model.AddSignalToIncidentRequest;
import com.datadog.api.client.v1.model.SuccessfulSignalUpdateResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    AddSignalToIncidentRequest body = new AddSignalToIncidentRequest().incidentId(2609L);

    try {
      SuccessfulSignalUpdateResponse result =
          apiInstance.addSecurityMonitoringSignalToIncident(
              "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#addSecurityMonitoringSignalToIncident");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
"""
Add a security signal to an incident returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v1.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v1.model.add_signal_to_incident_request import AddSignalToIncidentRequest

body = AddSignalToIncidentRequest(
    incident_id=2609,
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.add_security_monitoring_signal_to_incident(
        signal_id="AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body=body
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Add a security signal to an incident returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V1::SecurityMonitoringAPI.new

body = DatadogAPIClient::V1::AddSignalToIncidentRequest.new({
  incident_id: 2609,
})
p api_instance.add_security_monitoring_signal_to_incident("AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
// Add a security signal to an incident returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV1::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV1::model::AddSignalToIncidentRequest;

#[tokio::main]
async fn main() {
    let body = AddSignalToIncidentRequest::new(2609);
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .add_security_monitoring_signal_to_incident(
            "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE".to_string(),
            body,
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run
/**
 * Add a security signal to an incident returns "OK" response
 */

import { client, v1 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v1.SecurityMonitoringApi(configuration);

const params: v1.SecurityMonitoringApiAddSecurityMonitoringSignalToIncidentRequest =
  {
    body: {
      incidentId: 2609,
    },
    signalId: "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE",
  };

apiInstance
  .addSecurityMonitoringSignalToIncident(params)
  .then((data: v1.SuccessfulSignalUpdateResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

Mute or unmute a batch of findings

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

PATCH https://api.ap1.datadoghq.com/api/v2/posture_management/findingshttps://api.ap2.datadoghq.com/api/v2/posture_management/findingshttps://api.datadoghq.eu/api/v2/posture_management/findingshttps://api.ddog-gov.com/api/v2/posture_management/findingshttps://api.us2.ddog-gov.com/api/v2/posture_management/findingshttps://api.datadoghq.com/api/v2/posture_management/findingshttps://api.us3.datadoghq.com/api/v2/posture_management/findingshttps://api.us5.datadoghq.com/api/v2/posture_management/findings

概要

Mute or unmute findings. This endpoint requires any of the following permissions:

  • security_monitoring_findings_write
  • appsec_vm_write

    • リクエスト

    Body Data (required)

    Attributes

    All findings are updated with the same attributes. The request body must include at least two attributes: muted and reason. The allowed reasons depend on whether the finding is being muted or unmuted:

    • To mute a finding: PENDING_FIX, FALSE_POSITIVE, ACCEPTED_RISK, OTHER.
    • To unmute a finding : NO_PENDING_FIX, HUMAN_ERROR, NO_LONGER_ACCEPTED_RISK, OTHER.

    Meta

    The request body must include a list of the finding IDs to be updated.

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    Data object containing the new bulk mute properties of the finding.

    attributes [required]

    object

    The mute properties to be updated.

    mute [required]

    object

    Object containing the new mute properties of the findings.

    description

    string

    Additional information about the reason why those findings are muted or unmuted. This field has a maximum limit of 280 characters.

    expiration_date

    int64

    The expiration date of the mute or unmute action (Unix ms). It must be set to a value greater than the current timestamp. If this field is not provided, the finding will be muted or unmuted indefinitely, which is equivalent to setting the expiration date to 9999999999999.

    muted [required]

    boolean

    Whether those findings should be muted or unmuted.

    reason [required]

    enum

    The reason why this finding is muted or unmuted. Allowed enum values: PENDING_FIX,FALSE_POSITIVE,ACCEPTED_RISK,NO_PENDING_FIX,HUMAN_ERROR,NO_LONGER_ACCEPTED_RISK,OTHER

    id [required]

    string

    UUID to identify the request

    meta [required]

    object

    Meta object containing the findings to be updated.

    findings

    [object]

    Array of findings.

    finding_id

    string

    The unique ID for this finding.

    type [required]

    enum

    The JSON:API type for findings. Allowed enum values: finding

    default: finding

    {
  "data": {
    "attributes": {
      "mute": {
        "expiration_date": 1778721573794,
        "muted": true,
        "reason": "ACCEPTED_RISK"
      }
    },
    "id": "dbe5f567-192b-4404-b908-29b70e1c9f76",
    "meta": {
      "findings": [
        {
          "finding_id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw=="
        }
      ]
    },
    "type": "finding"
  }
}

    応答

    OK

    The expected response schema.

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    Data object containing the ID of the request that was updated.

    id

    string

    UUID used to identify the request

    type

    enum

    The JSON:API type for findings. Allowed enum values: finding

    default: finding

    {
  "data": {
    "id": "93bfeb70-af47-424d-908a-948d3f08e37f",
    "type": "finding"
  }
}

    Bad Request: The server cannot process the request due to invalid syntax in the request.

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [object]

    A list of errors.

    detail

    string

    A human-readable explanation specific to this occurrence of the error.

    meta

    object

    Non-standard meta-information about the error

    source

    object

    References to the source of the error.

    header

    string

    A string indicating the name of a single request header which caused the error.

    parameter

    string

    A string indicating which URI query parameter caused the error.

    pointer

    string

    A JSON pointer to the value in the request document that caused the error.

    status

    string

    Status code of the response.

    title

    string

    Short human-readable summary of the error.

    {
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

    Forbidden: Access denied

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [object]

    A list of errors.

    detail

    string

    A human-readable explanation specific to this occurrence of the error.

    meta

    object

    Non-standard meta-information about the error

    source

    object

    References to the source of the error.

    header

    string

    A string indicating the name of a single request header which caused the error.

    parameter

    string

    A string indicating which URI query parameter caused the error.

    pointer

    string

    A JSON pointer to the value in the request document that caused the error.

    status

    string

    Status code of the response.

    title

    string

    Short human-readable summary of the error.

    {
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

    Not Found: The requested finding cannot be found.

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [object]

    A list of errors.

    detail

    string

    A human-readable explanation specific to this occurrence of the error.

    meta

    object

    Non-standard meta-information about the error

    source

    object

    References to the source of the error.

    header

    string

    A string indicating the name of a single request header which caused the error.

    parameter

    string

    A string indicating which URI query parameter caused the error.

    pointer

    string

    A JSON pointer to the value in the request document that caused the error.

    status

    string

    Status code of the response.

    title

    string

    Short human-readable summary of the error.

    {
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

    Invalid Request: The server understands the request syntax but cannot process it due to invalid data.

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [object]

    A list of errors.

    detail

    string

    A human-readable explanation specific to this occurrence of the error.

    meta

    object

    Non-standard meta-information about the error

    source

    object

    References to the source of the error.

    header

    string

    A string indicating the name of a single request header which caused the error.

    parameter

    string

    A string indicating which URI query parameter caused the error.

    pointer

    string

    A JSON pointer to the value in the request document that caused the error.

    status

    string

    Status code of the response.

    title

    string

    Short human-readable summary of the error.

    {
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

    Too many requests: The rate limit set by the API has been exceeded.

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [object]

    A list of errors.

    detail

    string

    A human-readable explanation specific to this occurrence of the error.

    meta

    object

    Non-standard meta-information about the error

    source

    object

    References to the source of the error.

    header

    string

    A string indicating the name of a single request header which caused the error.

    parameter

    string

    A string indicating which URI query parameter caused the error.

    pointer

    string

    A JSON pointer to the value in the request document that caused the error.

    status

    string

    Status code of the response.

    title

    string

    Short human-readable summary of the error.

    {
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

    コード例

                              ## default
# 

    # Curl command
    curl -X PATCH "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/posture_management/findings" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "mute": {
        "expiration_date": 1778721573794,
        "muted": true,
        "reason": "ACCEPTED_RISK"
      }
    },
    "id": "dbe5f567-192b-4404-b908-29b70e1c9f76",
    "meta": {
      "findings": [
        {
          "finding_id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw=="
        }
      ]
    },
    "type": "finding"
  }
}
EOF
    
                        
    // Mute or unmute a batch of findings returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.BulkMuteFindingsRequest{
		Data: datadogV2.BulkMuteFindingsRequestData{
			Attributes: datadogV2.BulkMuteFindingsRequestAttributes{
				Mute: datadogV2.BulkMuteFindingsRequestProperties{
					ExpirationDate: datadog.PtrInt64(1778721573794),
					Muted:          true,
					Reason:         datadogV2.FINDINGMUTEREASON_ACCEPTED_RISK,
				},
			},
			Id: "dbe5f567-192b-4404-b908-29b70e1c9f76",
			Meta: datadogV2.BulkMuteFindingsRequestMeta{
				Findings: []datadogV2.BulkMuteFindingsRequestMetaFindings{
					{
						FindingId: datadog.PtrString("ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw=="),
					},
				},
			},
			Type: datadogV2.FINDINGTYPE_FINDING,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	configuration.SetUnstableOperationEnabled("v2.MuteFindings", true)
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.MuteFindings(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.MuteFindings`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.MuteFindings`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Mute or unmute a batch of findings returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequest;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestAttributes;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestData;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestMeta;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestMetaFindings;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestProperties;
import com.datadog.api.client.v2.model.BulkMuteFindingsResponse;
import com.datadog.api.client.v2.model.FindingMuteReason;
import com.datadog.api.client.v2.model.FindingType;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    defaultClient.setUnstableOperationEnabled("v2.muteFindings", true);
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    BulkMuteFindingsRequest body =
        new BulkMuteFindingsRequest()
            .data(
                new BulkMuteFindingsRequestData()
                    .attributes(
                        new BulkMuteFindingsRequestAttributes()
                            .mute(
                                new BulkMuteFindingsRequestProperties()
                                    .expirationDate(1778721573794L)
                                    .muted(true)
                                    .reason(FindingMuteReason.ACCEPTED_RISK)))
                    .id("dbe5f567-192b-4404-b908-29b70e1c9f76")
                    .meta(
                        new BulkMuteFindingsRequestMeta()
                            .findings(
                                Collections.singletonList(
                                    new BulkMuteFindingsRequestMetaFindings()
                                        .findingId(
                                            "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw=="))))
                    .type(FindingType.FINDING));

    try {
      BulkMuteFindingsResponse result = apiInstance.muteFindings(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#muteFindings");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Mute or unmute a batch of findings returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.bulk_mute_findings_request import BulkMuteFindingsRequest
from datadog_api_client.v2.model.bulk_mute_findings_request_attributes import BulkMuteFindingsRequestAttributes
from datadog_api_client.v2.model.bulk_mute_findings_request_data import BulkMuteFindingsRequestData
from datadog_api_client.v2.model.bulk_mute_findings_request_meta import BulkMuteFindingsRequestMeta
from datadog_api_client.v2.model.bulk_mute_findings_request_meta_findings import BulkMuteFindingsRequestMetaFindings
from datadog_api_client.v2.model.bulk_mute_findings_request_properties import BulkMuteFindingsRequestProperties
from datadog_api_client.v2.model.finding_mute_reason import FindingMuteReason
from datadog_api_client.v2.model.finding_type import FindingType

body = BulkMuteFindingsRequest(
    data=BulkMuteFindingsRequestData(
        attributes=BulkMuteFindingsRequestAttributes(
            mute=BulkMuteFindingsRequestProperties(
                expiration_date=1778721573794,
                muted=True,
                reason=FindingMuteReason.ACCEPTED_RISK,
            ),
        ),
        id="dbe5f567-192b-4404-b908-29b70e1c9f76",
        meta=BulkMuteFindingsRequestMeta(
            findings=[
                BulkMuteFindingsRequestMetaFindings(
                    finding_id="ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
                ),
            ],
        ),
        type=FindingType.FINDING,
    ),
)

configuration = Configuration()
configuration.unstable_operations["mute_findings"] = True
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.mute_findings(body=body)

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Mute or unmute a batch of findings returns "OK" response

require "datadog_api_client"
DatadogAPIClient.configure do |config|
  config.unstable_operations["v2.mute_findings".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::BulkMuteFindingsRequest.new({
  data: DatadogAPIClient::V2::BulkMuteFindingsRequestData.new({
    attributes: DatadogAPIClient::V2::BulkMuteFindingsRequestAttributes.new({
      mute: DatadogAPIClient::V2::BulkMuteFindingsRequestProperties.new({
        expiration_date: 1778721573794,
        muted: true,
        reason: DatadogAPIClient::V2::FindingMuteReason::ACCEPTED_RISK,
      }),
    }),
    id: "dbe5f567-192b-4404-b908-29b70e1c9f76",
    meta: DatadogAPIClient::V2::BulkMuteFindingsRequestMeta.new({
      findings: [
        DatadogAPIClient::V2::BulkMuteFindingsRequestMetaFindings.new({
          finding_id: "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
        }),
      ],
    }),
    type: DatadogAPIClient::V2::FindingType::FINDING,
  }),
})
p api_instance.mute_findings(body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Mute or unmute a batch of findings returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::BulkMuteFindingsRequest;
use datadog_api_client::datadogV2::model::BulkMuteFindingsRequestAttributes;
use datadog_api_client::datadogV2::model::BulkMuteFindingsRequestData;
use datadog_api_client::datadogV2::model::BulkMuteFindingsRequestMeta;
use datadog_api_client::datadogV2::model::BulkMuteFindingsRequestMetaFindings;
use datadog_api_client::datadogV2::model::BulkMuteFindingsRequestProperties;
use datadog_api_client::datadogV2::model::FindingMuteReason;
use datadog_api_client::datadogV2::model::FindingType;

#[tokio::main]
async fn main() {
    let body = BulkMuteFindingsRequest::new(BulkMuteFindingsRequestData::new(
        BulkMuteFindingsRequestAttributes::new(
            BulkMuteFindingsRequestProperties::new(true, FindingMuteReason::ACCEPTED_RISK)
                .expiration_date(1778721573794),
        ),
        "dbe5f567-192b-4404-b908-29b70e1c9f76".to_string(),
        BulkMuteFindingsRequestMeta::new()
            .findings(vec![BulkMuteFindingsRequestMetaFindings::new().finding_id(
                "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==".to_string(),
            )]),
        FindingType::FINDING,
    ));
    let mut configuration = datadog::Configuration::new();
    configuration.set_unstable_operation_enabled("v2.MuteFindings", true);
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.mute_findings(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Mute or unmute a batch of findings returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
configuration.unstableOperations["v2.muteFindings"] = true;
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiMuteFindingsRequest = {
  body: {
    data: {
      attributes: {
        mute: {
          expirationDate: 1778721573794,
          muted: true,
          reason: "ACCEPTED_RISK",
        },
      },
      id: "dbe5f567-192b-4404-b908-29b70e1c9f76",
      meta: {
        findings: [
          {
            findingId: "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
          },
        ],
      },
      type: "finding",
    },
  },
};

apiInstance
  .muteFindings(params)
  .then((data: v2.BulkMuteFindingsResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Get a finding

    Note: This endpoint uses the legacy security findings data model and is planned for deprecation. Use the search security findings endpoint, which is based on the new security findings schema, to search security findings. If you have any feedback, contact Datadog support.

    GET https://api.ap1.datadoghq.com/api/v2/posture_management/findings/{finding_id}https://api.ap2.datadoghq.com/api/v2/posture_management/findings/{finding_id}https://api.datadoghq.eu/api/v2/posture_management/findings/{finding_id}https://api.ddog-gov.com/api/v2/posture_management/findings/{finding_id}https://api.us2.ddog-gov.com/api/v2/posture_management/findings/{finding_id}https://api.datadoghq.com/api/v2/posture_management/findings/{finding_id}https://api.us3.datadoghq.com/api/v2/posture_management/findings/{finding_id}https://api.us5.datadoghq.com/api/v2/posture_management/findings/{finding_id}

    概要

    Returns a single finding with message and resource configuration.

    OAuth apps require the security_monitoring_findings_read authorization scope to access this endpoint.

    引数

    パスパラメーター

    名前

    種類

    説明

    finding_id [required]

    string

    The ID of the finding.

    クエリ文字列

    名前

    種類

    説明

    snapshot_timestamp

    integer

    Return the finding for a given snapshot of time (Unix ms).

    応答

    OK

    The expected response schema when getting a finding.

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    A single finding with with message and resource configuration.

    attributes

    object

    The JSON:API attributes of the detailed finding.

    evaluation

    enum

    The evaluation of the finding. Allowed enum values: pass,fail

    evaluation_changed_at

    int64

    The date on which the evaluation for this finding changed (Unix ms).

    message

    string

    The remediation message for this finding.

    mute

    object

    Information about the mute status of this finding.

    description

    string

    Additional information about the reason why this finding is muted or unmuted.

    expiration_date

    int64

    The expiration date of the mute or unmute action (Unix ms).

    muted

    boolean

    Whether this finding is muted or unmuted.

    reason

    enum

    The reason why this finding is muted or unmuted. Allowed enum values: PENDING_FIX,FALSE_POSITIVE,ACCEPTED_RISK,NO_PENDING_FIX,HUMAN_ERROR,NO_LONGER_ACCEPTED_RISK,OTHER

    start_date

    int64

    The start of the mute period.

    uuid

    string

    The ID of the user who muted or unmuted this finding.

    resource

    string

    The resource name of this finding.

    resource_configuration

    object

    The resource configuration for this finding.

    resource_discovery_date

    int64

    The date on which the resource was discovered (Unix ms).

    resource_type

    string

    The resource type of this finding.

    rule

    object

    The rule that triggered this finding.

    id

    string

    The ID of the rule that triggered this finding.

    name

    string

    The name of the rule that triggered this finding.

    status

    enum

    The status of the finding. Allowed enum values: critical,high,medium,low,info

    tags

    [string]

    The tags associated with this finding.

    id

    string

    The unique ID for this finding.

    type

    enum

    The JSON:API type for findings that have the message and resource configuration. Allowed enum values: detailed_finding

    default: detailed_finding

    {
  "data": {
    "attributes": {
      "evaluation": "pass",
      "evaluation_changed_at": 1678721573794,
      "message": "## Remediation\n\n### From the console\n\n1. Go to Storage Account\n2. For each Storage Account, navigate to Data Protection\n3. Select Set soft delete enabled and enter the number of days to retain soft deleted data.",
      "mute": {
        "description": "To be resolved later",
        "expiration_date": 1778721573794,
        "muted": true,
        "reason": "ACCEPTED_RISK",
        "start_date": 1678721573794,
        "uuid": "e51c9744-d158-11ec-ad23-da7ad0900002"
      },
      "resource": "my_resource_name",
      "resource_configuration": {},
      "resource_discovery_date": 1678721573794,
      "resource_type": "azure_storage_account",
      "rule": {
        "id": "dv2-jzf-41i",
        "name": "Soft delete is enabled for Azure Storage"
      },
      "status": "critical",
      "tags": [
        "cloud_provider:aws",
        "myTag:myValue"
      ]
    },
    "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
    "type": "detailed_finding"
  }
}

    Bad Request: The server cannot process the request due to invalid syntax in the request.

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [object]

    A list of errors.

    detail

    string

    A human-readable explanation specific to this occurrence of the error.

    meta

    object

    Non-standard meta-information about the error

    source

    object

    References to the source of the error.

    header

    string

    A string indicating the name of a single request header which caused the error.

    parameter

    string

    A string indicating which URI query parameter caused the error.

    pointer

    string

    A JSON pointer to the value in the request document that caused the error.

    status

    string

    Status code of the response.

    title

    string

    Short human-readable summary of the error.

    {
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

    Forbidden: Access denied

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [object]

    A list of errors.

    detail

    string

    A human-readable explanation specific to this occurrence of the error.

    meta

    object

    Non-standard meta-information about the error

    source

    object

    References to the source of the error.

    header

    string

    A string indicating the name of a single request header which caused the error.

    parameter

    string

    A string indicating which URI query parameter caused the error.

    pointer

    string

    A JSON pointer to the value in the request document that caused the error.

    status

    string

    Status code of the response.

    title

    string

    Short human-readable summary of the error.

    {
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

    Not Found: The requested finding cannot be found.

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [object]

    A list of errors.

    detail

    string

    A human-readable explanation specific to this occurrence of the error.

    meta

    object

    Non-standard meta-information about the error

    source

    object

    References to the source of the error.

    header

    string

    A string indicating the name of a single request header which caused the error.

    parameter

    string

    A string indicating which URI query parameter caused the error.

    pointer

    string

    A JSON pointer to the value in the request document that caused the error.

    status

    string

    Status code of the response.

    title

    string

    Short human-readable summary of the error.

    {
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

    Too many requests: The rate limit set by the API has been exceeded.

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [object]

    A list of errors.

    detail

    string

    A human-readable explanation specific to this occurrence of the error.

    meta

    object

    Non-standard meta-information about the error

    source

    object

    References to the source of the error.

    header

    string

    A string indicating the name of a single request header which caused the error.

    parameter

    string

    A string indicating which URI query parameter caused the error.

    pointer

    string

    A JSON pointer to the value in the request document that caused the error.

    status

    string

    Status code of the response.

    title

    string

    Short human-readable summary of the error.

    {
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

    コード例

                      # Path parameters
    export finding_id="CHANGE_ME"
    # Curl command
    curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/posture_management/findings/${finding_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Get a finding returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
configuration.unstable_operations["get_finding"] = True
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_finding(
        finding_id="AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz",
    )

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Get a finding returns "OK" response

require "datadog_api_client"
DatadogAPIClient.configure do |config|
  config.unstable_operations["v2.get_finding".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.get_finding("AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz")

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Get a finding returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	configuration.SetUnstableOperationEnabled("v2.GetFinding", true)
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetFinding(ctx, "AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz", *datadogV2.NewGetFindingOptionalParameters())

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetFinding`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetFinding`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Get a finding returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.GetFindingResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    defaultClient.setUnstableOperationEnabled("v2.getFinding", true);
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      GetFindingResponse result =
          apiInstance.getFinding(
              "AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz");
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#getFinding");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Get a finding returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::GetFindingOptionalParams;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    let mut configuration = datadog::Configuration::new();
    configuration.set_unstable_operation_enabled("v2.GetFinding", true);
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp =
        api
            .get_finding(
                "AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz".to_string(),
                GetFindingOptionalParams::default(),
            )
            .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Get a finding returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
configuration.unstableOperations["v2.getFinding"] = true;
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiGetFindingRequest = {
  findingId:
    "AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz",
};

apiInstance
  .getFinding(params)
  .then((data: v2.GetFindingResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Modify the triage assignee of a security signal

    PATCH https://api.ap1.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/assigneehttps://api.ap2.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/assigneehttps://api.datadoghq.eu/api/v1/security_analytics/signals/{signal_id}/assigneehttps://api.ddog-gov.com/api/v1/security_analytics/signals/{signal_id}/assigneehttps://api.us2.ddog-gov.com/api/v1/security_analytics/signals/{signal_id}/assigneehttps://api.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/assigneehttps://api.us3.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/assigneehttps://api.us5.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/assignee

    概要

    セキュリティシグナルのトリアージアサインメントを変更します。 This endpoint requires the security_monitoring_signals_write permission.

    引数

    パスパラメーター

    名前

    種類

    説明

    signal_id [required]

    string

    The ID of the signal.

    リクエスト

    Body Data (required)

    シグナルの更新を記述する属性。

    Expand All

    フィールド

    種類

    説明

    assignee [required]

    string

    The UUID of the user being assigned. Use empty string to return signal to unassigned.

    version

    int64

    Version of the updated signal. If server side version is higher, update will be rejected.

    {
  "assignee": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
}

    応答

    OK

    Updated signal data following a successfully performed update.

    Expand All

    フィールド

    種類

    説明

    status

    string

    Status of the response.

    {
  "status": "string"
}

    Bad Request

    Error response object.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    Array of errors returned by the API.

    {
  "errors": [
    "Bad Request"
  ]
}

    Forbidden

    Error response object.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    Array of errors returned by the API.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    Error response object.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    Array of errors returned by the API.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    Error response object.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    Array of errors returned by the API.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Path parameters
    export signal_id="CHANGE_ME"
    # Curl command
    curl -X PATCH "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v1/security_analytics/signals/${signal_id}/assignee" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "assignee": "773b045d-ccf8-4808-bd3b-955ef6a8c940",
  "version": 0
}
EOF
    
                        
    // Modify the triage assignee of a security signal returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV1"
)

func main() {
	body := datadogV1.SignalAssigneeUpdateRequest{
		Assignee: "773b045d-ccf8-4808-bd3b-955ef6a8c940",
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV1.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.EditSecurityMonitoringSignalAssignee(ctx, "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.EditSecurityMonitoringSignalAssignee`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.EditSecurityMonitoringSignalAssignee`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
    // Modify the triage assignee of a security signal returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v1.api.SecurityMonitoringApi;
import com.datadog.api.client.v1.model.SignalAssigneeUpdateRequest;
import com.datadog.api.client.v1.model.SuccessfulSignalUpdateResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SignalAssigneeUpdateRequest body =
        new SignalAssigneeUpdateRequest().assignee("773b045d-ccf8-4808-bd3b-955ef6a8c940");

    try {
      SuccessfulSignalUpdateResponse result =
          apiInstance.editSecurityMonitoringSignalAssignee(
              "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#editSecurityMonitoringSignalAssignee");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
    """
Modify the triage assignee of a security signal returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v1.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v1.model.signal_assignee_update_request import SignalAssigneeUpdateRequest

body = SignalAssigneeUpdateRequest(
    assignee="773b045d-ccf8-4808-bd3b-955ef6a8c940",
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.edit_security_monitoring_signal_assignee(
        signal_id="AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body=body
    )

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
    # Modify the triage assignee of a security signal returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V1::SecurityMonitoringAPI.new

body = DatadogAPIClient::V1::SignalAssigneeUpdateRequest.new({
  assignee: "773b045d-ccf8-4808-bd3b-955ef6a8c940",
})
p api_instance.edit_security_monitoring_signal_assignee("AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
    // Modify the triage assignee of a security signal returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV1::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV1::model::SignalAssigneeUpdateRequest;

#[tokio::main]
async fn main() {
    let body = SignalAssigneeUpdateRequest::new("773b045d-ccf8-4808-bd3b-955ef6a8c940".to_string());
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .edit_security_monitoring_signal_assignee(
            "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE".to_string(),
            body,
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run
    /**
 * Modify the triage assignee of a security signal returns "OK" response
 */

import { client, v1 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v1.SecurityMonitoringApi(configuration);

const params: v1.SecurityMonitoringApiEditSecurityMonitoringSignalAssigneeRequest =
  {
    body: {
      assignee: "773b045d-ccf8-4808-bd3b-955ef6a8c940",
    },
    signalId: "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE",
  };

apiInstance
  .editSecurityMonitoringSignalAssignee(params)
  .then((data: v1.SuccessfulSignalUpdateResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

    PATCH https://api.ap1.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/assigneehttps://api.ap2.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/assigneehttps://api.datadoghq.eu/api/v2/security_monitoring/signals/{signal_id}/assigneehttps://api.ddog-gov.com/api/v2/security_monitoring/signals/{signal_id}/assigneehttps://api.us2.ddog-gov.com/api/v2/security_monitoring/signals/{signal_id}/assigneehttps://api.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/assigneehttps://api.us3.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/assigneehttps://api.us5.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/assignee

    概要

    セキュリティシグナルのトリアージアサインメントを変更します。 This endpoint requires the security_monitoring_signals_write permission.

    引数

    パスパラメーター

    名前

    種類

    説明

    signal_id [required]

    string

    The ID of the signal.

    リクエスト

    Body Data (required)

    シグナルの更新を記述する属性。

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    Data containing the patch for changing the assignee of a signal.

    attributes [required]

    object

    Attributes describing the new assignee of a security signal.

    assignee [required]

    object

    Object representing a given user entity.

    handle

    string

    The handle for this user account.

    icon

    string

    Gravatar icon associated to the user.

    id

    int64

    Numerical ID assigned by Datadog to this user account.

    name

    string

    The name for this user account.

    uuid [required]

    string

    UUID assigned by Datadog to this user account.

    version

    int64

    Version of the updated signal. If server side version is higher, update will be rejected.

    {
  "data": {
    "attributes": {
      "assignee": {
        "uuid": ""
      }
    }
  }
}

    応答

    OK

    The response returned after all triage operations, containing the updated signal triage data.

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    Data containing the updated triage attributes of the signal.

    attributes

    object

    Attributes describing a triage state update operation over a security signal.

    archive_comment

    string

    Optional comment to display on archived signals.

    archive_comment_timestamp

    int64

    Timestamp of the last edit to the comment.

    archive_comment_user

    object

    Object representing a given user entity.

    handle

    string

    The handle for this user account.

    icon

    string

    Gravatar icon associated to the user.

    id

    int64

    Numerical ID assigned by Datadog to this user account.

    name

    string

    The name for this user account.

    uuid [required]

    string

    UUID assigned by Datadog to this user account.

    archive_reason

    enum

    Reason a signal is archived. Allowed enum values: none,false_positive,testing_or_maintenance,remediated,investigated_case_opened,true_positive_benign,true_positive_malicious,other

    assignee [required]

    object

    Object representing a given user entity.

    handle

    string

    The handle for this user account.

    icon

    string

    Gravatar icon associated to the user.

    id

    int64

    Numerical ID assigned by Datadog to this user account.

    name

    string

    The name for this user account.

    uuid [required]

    string

    UUID assigned by Datadog to this user account.

    incident_ids [required]

    [integer]

    Array of incidents that are associated with this signal.

    state [required]

    enum

    The new triage state of the signal. Allowed enum values: open,archived,under_review

    state_update_timestamp

    int64

    Timestamp of the last update to the signal state.

    state_update_user

    object

    Object representing a given user entity.

    handle

    string

    The handle for this user account.

    icon

    string

    Gravatar icon associated to the user.

    id

    int64

    Numerical ID assigned by Datadog to this user account.

    name

    string

    The name for this user account.

    uuid [required]

    string

    UUID assigned by Datadog to this user account.

    id

    string

    The unique ID of the security signal.

    type

    enum

    The type of event. Allowed enum values: signal_metadata

    default: signal_metadata

    {
  "data": {
    "attributes": {
      "archive_comment": "string",
      "archive_comment_timestamp": "integer",
      "archive_comment_user": {
        "handle": "string",
        "icon": "/path/to/matching/gravatar/icon",
        "id": "integer",
        "name": "string",
        "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
      },
      "archive_reason": "string",
      "assignee": {
        "handle": "string",
        "icon": "/path/to/matching/gravatar/icon",
        "id": "integer",
        "name": "string",
        "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
      },
      "incident_ids": [
        2066
      ],
      "state": "open",
      "state_update_timestamp": "integer",
      "state_update_user": {
        "handle": "string",
        "icon": "/path/to/matching/gravatar/icon",
        "id": "integer",
        "name": "string",
        "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
      }
    },
    "id": "string",
    "type": "signal_metadata"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Path parameters
    export signal_id="CHANGE_ME"
    # Curl command
    curl -X PATCH "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/signals/${signal_id}/assignee" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "assignee": {
        "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
      }
    }
  }
}
EOF
    
                        
    // Modify the triage assignee of a security signal returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityMonitoringSignalAssigneeUpdateRequest{
		Data: datadogV2.SecurityMonitoringSignalAssigneeUpdateData{
			Attributes: datadogV2.SecurityMonitoringSignalAssigneeUpdateAttributes{
				Assignee: datadogV2.SecurityMonitoringTriageUser{
					Uuid: "",
				},
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.EditSecurityMonitoringSignalAssignee(ctx, "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.EditSecurityMonitoringSignalAssignee`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.EditSecurityMonitoringSignalAssignee`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Modify the triage assignee of a security signal returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalAssigneeUpdateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalAssigneeUpdateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalAssigneeUpdateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalTriageUpdateResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringTriageUser;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringSignalAssigneeUpdateRequest body =
        new SecurityMonitoringSignalAssigneeUpdateRequest()
            .data(
                new SecurityMonitoringSignalAssigneeUpdateData()
                    .attributes(
                        new SecurityMonitoringSignalAssigneeUpdateAttributes()
                            .assignee(new SecurityMonitoringTriageUser().uuid(""))));

    try {
      SecurityMonitoringSignalTriageUpdateResponse result =
          apiInstance.editSecurityMonitoringSignalAssignee(
              "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#editSecurityMonitoringSignalAssignee");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Modify the triage assignee of a security signal returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_signal_assignee_update_attributes import (
    SecurityMonitoringSignalAssigneeUpdateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_signal_assignee_update_data import (
    SecurityMonitoringSignalAssigneeUpdateData,
)
from datadog_api_client.v2.model.security_monitoring_signal_assignee_update_request import (
    SecurityMonitoringSignalAssigneeUpdateRequest,
)
from datadog_api_client.v2.model.security_monitoring_triage_user import SecurityMonitoringTriageUser

body = SecurityMonitoringSignalAssigneeUpdateRequest(
    data=SecurityMonitoringSignalAssigneeUpdateData(
        attributes=SecurityMonitoringSignalAssigneeUpdateAttributes(
            assignee=SecurityMonitoringTriageUser(
                uuid="",
            ),
        ),
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.edit_security_monitoring_signal_assignee(
        signal_id="AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body=body
    )

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Modify the triage assignee of a security signal returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringSignalAssigneeUpdateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringSignalAssigneeUpdateData.new({
    attributes: DatadogAPIClient::V2::SecurityMonitoringSignalAssigneeUpdateAttributes.new({
      assignee: DatadogAPIClient::V2::SecurityMonitoringTriageUser.new({
        uuid: "",
      }),
    }),
  }),
})
p api_instance.edit_security_monitoring_signal_assignee("AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Modify the triage assignee of a security signal returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringSignalAssigneeUpdateAttributes;
use datadog_api_client::datadogV2::model::SecurityMonitoringSignalAssigneeUpdateData;
use datadog_api_client::datadogV2::model::SecurityMonitoringSignalAssigneeUpdateRequest;
use datadog_api_client::datadogV2::model::SecurityMonitoringTriageUser;

#[tokio::main]
async fn main() {
    let body = SecurityMonitoringSignalAssigneeUpdateRequest::new(
        SecurityMonitoringSignalAssigneeUpdateData::new(
            SecurityMonitoringSignalAssigneeUpdateAttributes::new(
                SecurityMonitoringTriageUser::new("".to_string()),
            ),
        ),
    );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .edit_security_monitoring_signal_assignee(
            "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE".to_string(),
            body,
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Modify the triage assignee of a security signal returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiEditSecurityMonitoringSignalAssigneeRequest =
  {
    body: {
      data: {
        attributes: {
          assignee: {
            uuid: "",
          },
        },
      },
    },
    signalId: "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE",
  };

apiInstance
  .editSecurityMonitoringSignalAssignee(params)
  .then((data: v2.SecurityMonitoringSignalTriageUpdateResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Get the list of vulnerability notification rules

    GET https://api.ap1.datadoghq.com/api/v2/security/vulnerabilities/notification_ruleshttps://api.ap2.datadoghq.com/api/v2/security/vulnerabilities/notification_ruleshttps://api.datadoghq.eu/api/v2/security/vulnerabilities/notification_ruleshttps://api.ddog-gov.com/api/v2/security/vulnerabilities/notification_ruleshttps://api.us2.ddog-gov.com/api/v2/security/vulnerabilities/notification_ruleshttps://api.datadoghq.com/api/v2/security/vulnerabilities/notification_ruleshttps://api.us3.datadoghq.com/api/v2/security/vulnerabilities/notification_ruleshttps://api.us5.datadoghq.com/api/v2/security/vulnerabilities/notification_rules

    概要

    Returns the list of notification rules for security vulnerabilities. This endpoint requires the security_monitoring_notification_profiles_read permission.

    応答

    The list of notification rules.

    Expand All

    フィールド

    種類

    説明

    data

    [object]

    attributes [required]

    object

    Attributes of the notification rule.

    created_at [required]

    int64

    Date as Unix timestamp in milliseconds.

    created_by [required]

    object

    User creating or modifying a rule.

    handle

    string

    The user handle.

    name

    string

    The user name.

    enabled [required]

    boolean

    Field used to enable or disable the rule.

    modified_at [required]

    int64

    Date as Unix timestamp in milliseconds.

    modified_by [required]

    object

    User creating or modifying a rule.

    handle

    string

    The user handle.

    name

    string

    The user name.

    name [required]

    string

    Name of the notification rule.

    selectors [required]

    object

    Selectors are used to filter security issues for which notifications should be generated. Users can specify rule severities, rule types, a query to filter security issues on tags and attributes, and the trigger source. Only the trigger_source field is required.

    query

    string

    The query is composed of one or several key:value pairs, which can be used to filter security issues on tags and attributes.

    rule_types

    [string]

    Security rule types used as filters in security rules.

    severities

    [string]

    The security rules severities to consider.

    trigger_source [required]

    enum

    The type of security issues on which the rule applies. Notification rules based on security signals need to use the trigger source "security_signals", while notification rules based on security vulnerabilities need to use the trigger source "security_findings". Allowed enum values: security_findings,security_signals

    targets [required]

    [string]

    List of recipients to notify when a notification rule is triggered. Many different target types are supported, such as email addresses, Slack channels, and PagerDuty services. The appropriate integrations need to be properly configured to send notifications to the specified targets.

    time_aggregation

    int64

    Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. Results are aggregated over a selected time frame using a rolling window, which updates with each new evaluation. Notifications are only sent for new issues discovered during the window. Time aggregation is only available for vulnerability-based notification rules. When omitted or set to 0, no aggregation is done.

    version [required]

    int64

    Version of the notification rule. It is updated when the rule is modified.

    id [required]

    string

    The ID of a notification rule.

    type [required]

    enum

    The rule type associated to notification rules. Allowed enum values: notification_rules

    {
  "data": [
    {
      "attributes": {
        "created_at": 1722439510282,
        "created_by": {
          "handle": "john.doe@domain.com",
          "name": "John Doe"
        },
        "enabled": true,
        "modified_at": 1722439510282,
        "modified_by": {
          "handle": "john.doe@domain.com",
          "name": "John Doe"
        },
        "name": "Rule 1",
        "selectors": {
          "query": "(source:production_service OR env:prod)",
          "rule_types": [
            "misconfiguration",
            "attack_path"
          ],
          "severities": [
            "critical"
          ],
          "trigger_source": "security_findings"
        },
        "targets": [
          "@john.doe@email.com"
        ],
        "time_aggregation": 86400,
        "version": 1
      },
      "id": "aaa-bbb-ccc",
      "type": "notification_rules"
    }
  ]
}

    Forbidden

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Curl command
    curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/vulnerabilities/notification_rules" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Get the list of vulnerability notification rules returns "The list of notification rules." response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_vulnerability_notification_rules()

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Get the list of vulnerability notification rules returns "The list of notification rules." response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.get_vulnerability_notification_rules()

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Get the list of vulnerability notification rules returns "The list of notification rules." response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetVulnerabilityNotificationRules(ctx)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetVulnerabilityNotificationRules`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetVulnerabilityNotificationRules`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Get the list of vulnerability notification rules returns "The list of notification rules."
// response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      apiInstance.getVulnerabilityNotificationRules();
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#getVulnerabilityNotificationRules");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Get the list of vulnerability notification rules returns "The list of
// notification rules." response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.get_vulnerability_notification_rules().await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Get the list of vulnerability notification rules returns "The list of notification rules." response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

apiInstance
  .getVulnerabilityNotificationRules()
  .then((data: any) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Create a new vulnerability-based notification rule

    POST https://api.ap1.datadoghq.com/api/v2/security/vulnerabilities/notification_ruleshttps://api.ap2.datadoghq.com/api/v2/security/vulnerabilities/notification_ruleshttps://api.datadoghq.eu/api/v2/security/vulnerabilities/notification_ruleshttps://api.ddog-gov.com/api/v2/security/vulnerabilities/notification_ruleshttps://api.us2.ddog-gov.com/api/v2/security/vulnerabilities/notification_ruleshttps://api.datadoghq.com/api/v2/security/vulnerabilities/notification_ruleshttps://api.us3.datadoghq.com/api/v2/security/vulnerabilities/notification_ruleshttps://api.us5.datadoghq.com/api/v2/security/vulnerabilities/notification_rules

    概要

    Create a new notification rule for security vulnerabilities and return the created rule. This endpoint requires the security_monitoring_notification_profiles_write permission.

    リクエスト

    Body Data (required)

    The body of the create notification rule request is composed of the rule type and the rule attributes: the rule name, the selectors, the notification targets, and the rule enabled status.

    Expand All

    フィールド

    種類

    説明

    data

    object

    Data of the notification rule create request: the rule type, and the rule attributes. All fields are required.

    attributes [required]

    object

    Attributes of the notification rule create request.

    enabled

    boolean

    Field used to enable or disable the rule.

    name [required]

    string

    Name of the notification rule.

    selectors [required]

    object

    Selectors are used to filter security issues for which notifications should be generated. Users can specify rule severities, rule types, a query to filter security issues on tags and attributes, and the trigger source. Only the trigger_source field is required.

    query

    string

    The query is composed of one or several key:value pairs, which can be used to filter security issues on tags and attributes.

    rule_types

    [string]

    Security rule types used as filters in security rules.

    severities

    [string]

    The security rules severities to consider.

    trigger_source [required]

    enum

    The type of security issues on which the rule applies. Notification rules based on security signals need to use the trigger source "security_signals", while notification rules based on security vulnerabilities need to use the trigger source "security_findings". Allowed enum values: security_findings,security_signals

    targets [required]

    [string]

    List of recipients to notify when a notification rule is triggered. Many different target types are supported, such as email addresses, Slack channels, and PagerDuty services. The appropriate integrations need to be properly configured to send notifications to the specified targets.

    time_aggregation

    int64

    Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. Results are aggregated over a selected time frame using a rolling window, which updates with each new evaluation. Notifications are only sent for new issues discovered during the window. Time aggregation is only available for vulnerability-based notification rules. When omitted or set to 0, no aggregation is done.

    type [required]

    enum

    The rule type associated to notification rules. Allowed enum values: notification_rules

    {
  "data": {
    "attributes": {
      "enabled": true,
      "name": "Rule 1",
      "selectors": {
        "query": "(source:production_service OR env:prod)",
        "rule_types": [
          "misconfiguration",
          "attack_path"
        ],
        "severities": [
          "critical"
        ],
        "trigger_source": "security_findings"
      },
      "targets": [
        "@john.doe@email.com"
      ],
      "time_aggregation": 86400
    },
    "type": "notification_rules"
  }
}
    {
  "data": {
    "attributes": {
      "enabled": true,
      "name": "Example-Security-Monitoring",
      "selectors": {
        "query": "(source:production_service OR env:prod)",
        "rule_types": [
          "sast_vulnerability",
          "secret_vulnerability"
        ],
        "severities": [
          "critical"
        ],
        "trigger_source": "security_findings"
      },
      "targets": [
        "@john.doe@email.com"
      ],
      "time_aggregation": 86400
    },
    "type": "notification_rules"
  }
}

    応答

    Successfully created the notification rule.

    Response object which includes a notification rule.

    Expand All

    フィールド

    種類

    説明

    data

    object

    Notification rules allow full control over notifications generated by the various Datadog security products. They allow users to define the conditions under which a notification should be generated (based on rule severities, rule types, rule tags, and so on), and the targets to notify. A notification rule is composed of a rule ID, a rule type, and the rule attributes. All fields are required.

    attributes [required]

    object

    Attributes of the notification rule.

    created_at [required]

    int64

    Date as Unix timestamp in milliseconds.

    created_by [required]

    object

    User creating or modifying a rule.

    handle

    string

    The user handle.

    name

    string

    The user name.

    enabled [required]

    boolean

    Field used to enable or disable the rule.

    modified_at [required]

    int64

    Date as Unix timestamp in milliseconds.

    modified_by [required]

    object

    User creating or modifying a rule.

    handle

    string

    The user handle.

    name

    string

    The user name.

    name [required]

    string

    Name of the notification rule.

    selectors [required]

    object

    Selectors are used to filter security issues for which notifications should be generated. Users can specify rule severities, rule types, a query to filter security issues on tags and attributes, and the trigger source. Only the trigger_source field is required.

    query

    string

    The query is composed of one or several key:value pairs, which can be used to filter security issues on tags and attributes.

    rule_types

    [string]

    Security rule types used as filters in security rules.

    severities

    [string]

    The security rules severities to consider.

    trigger_source [required]

    enum

    The type of security issues on which the rule applies. Notification rules based on security signals need to use the trigger source "security_signals", while notification rules based on security vulnerabilities need to use the trigger source "security_findings". Allowed enum values: security_findings,security_signals

    targets [required]

    [string]

    List of recipients to notify when a notification rule is triggered. Many different target types are supported, such as email addresses, Slack channels, and PagerDuty services. The appropriate integrations need to be properly configured to send notifications to the specified targets.

    time_aggregation

    int64

    Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. Results are aggregated over a selected time frame using a rolling window, which updates with each new evaluation. Notifications are only sent for new issues discovered during the window. Time aggregation is only available for vulnerability-based notification rules. When omitted or set to 0, no aggregation is done.

    version [required]

    int64

    Version of the notification rule. It is updated when the rule is modified.

    id [required]

    string

    The ID of a notification rule.

    type [required]

    enum

    The rule type associated to notification rules. Allowed enum values: notification_rules

    {
  "data": {
    "attributes": {
      "created_at": 1722439510282,
      "created_by": {
        "handle": "john.doe@domain.com",
        "name": "John Doe"
      },
      "enabled": true,
      "modified_at": 1722439510282,
      "modified_by": {
        "handle": "john.doe@domain.com",
        "name": "John Doe"
      },
      "name": "Rule 1",
      "selectors": {
        "query": "(source:production_service OR env:prod)",
        "rule_types": [
          "misconfiguration",
          "attack_path"
        ],
        "severities": [
          "critical"
        ],
        "trigger_source": "security_findings"
      },
      "targets": [
        "@john.doe@email.com"
      ],
      "time_aggregation": 86400,
      "version": 1
    },
    "id": "aaa-bbb-ccc",
    "type": "notification_rules"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Forbidden

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Curl command
    curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/vulnerabilities/notification_rules" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "enabled": true,
      "name": "Rule 1",
      "selectors": {
        "query": "(source:production_service OR env:prod)",
        "rule_types": [
          "misconfiguration",
          "attack_path"
        ],
        "severities": [
          "critical"
        ],
        "trigger_source": "security_findings"
      },
      "targets": [
        "@john.doe@email.com"
      ],
      "time_aggregation": 86400
    },
    "type": "notification_rules"
  }
}
EOF
    
                        
                              ## default
# 

    # Curl command
    curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/vulnerabilities/notification_rules" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "enabled": true,
      "name": "Rule 1",
      "selectors": {
        "query": "(source:production_service OR env:prod)",
        "rule_types": [
          "misconfiguration",
          "attack_path"
        ],
        "severities": [
          "critical"
        ],
        "trigger_source": "security_findings"
      },
      "targets": [
        "@john.doe@email.com"
      ],
      "time_aggregation": 86400
    },
    "type": "notification_rules"
  }
}
EOF
    
                        
    // Create a new vulnerability-based notification rule returns "Successfully created the notification rule." response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.CreateNotificationRuleParameters{
		Data: &datadogV2.CreateNotificationRuleParametersData{
			Attributes: datadogV2.CreateNotificationRuleParametersDataAttributes{
				Enabled: datadog.PtrBool(true),
				Name:    "Rule 1",
				Selectors: datadogV2.Selectors{
					Query: datadog.PtrString("(source:production_service OR env:prod)"),
					RuleTypes: []datadogV2.RuleTypesItems{
						datadogV2.RULETYPESITEMS_MISCONFIGURATION,
						datadogV2.RULETYPESITEMS_ATTACK_PATH,
					},
					Severities: []datadogV2.RuleSeverity{
						datadogV2.RULESEVERITY_CRITICAL,
					},
					TriggerSource: datadogV2.TRIGGERSOURCE_SECURITY_FINDINGS,
				},
				Targets: []string{
					"@john.doe@email.com",
				},
				TimeAggregation: datadog.PtrInt64(86400),
			},
			Type: datadogV2.NOTIFICATIONRULESTYPE_NOTIFICATION_RULES,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateVulnerabilityNotificationRule(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateVulnerabilityNotificationRule`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateVulnerabilityNotificationRule`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Create a new vulnerability-based notification rule returns "Successfully created the notification
// rule." response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.CreateNotificationRuleParameters;
import com.datadog.api.client.v2.model.CreateNotificationRuleParametersData;
import com.datadog.api.client.v2.model.CreateNotificationRuleParametersDataAttributes;
import com.datadog.api.client.v2.model.NotificationRuleResponse;
import com.datadog.api.client.v2.model.NotificationRulesType;
import com.datadog.api.client.v2.model.RuleSeverity;
import com.datadog.api.client.v2.model.RuleTypesItems;
import com.datadog.api.client.v2.model.Selectors;
import com.datadog.api.client.v2.model.TriggerSource;
import java.util.Arrays;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    CreateNotificationRuleParameters body =
        new CreateNotificationRuleParameters()
            .data(
                new CreateNotificationRuleParametersData()
                    .attributes(
                        new CreateNotificationRuleParametersDataAttributes()
                            .enabled(true)
                            .name("Rule 1")
                            .selectors(
                                new Selectors()
                                    .query("(source:production_service OR env:prod)")
                                    .ruleTypes(
                                        Arrays.asList(
                                            RuleTypesItems.MISCONFIGURATION,
                                            RuleTypesItems.ATTACK_PATH))
                                    .severities(Collections.singletonList(RuleSeverity.CRITICAL))
                                    .triggerSource(TriggerSource.SECURITY_FINDINGS))
                            .targets(Collections.singletonList("@john.doe@email.com"))
                            .timeAggregation(86400L))
                    .type(NotificationRulesType.NOTIFICATION_RULES));

    try {
      NotificationRuleResponse result = apiInstance.createVulnerabilityNotificationRule(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#createVulnerabilityNotificationRule");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Create a new vulnerability-based notification rule returns "Successfully created the notification rule." response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.create_notification_rule_parameters import CreateNotificationRuleParameters
from datadog_api_client.v2.model.create_notification_rule_parameters_data import CreateNotificationRuleParametersData
from datadog_api_client.v2.model.create_notification_rule_parameters_data_attributes import (
    CreateNotificationRuleParametersDataAttributes,
)
from datadog_api_client.v2.model.notification_rules_type import NotificationRulesType
from datadog_api_client.v2.model.rule_severity import RuleSeverity
from datadog_api_client.v2.model.rule_types_items import RuleTypesItems
from datadog_api_client.v2.model.selectors import Selectors
from datadog_api_client.v2.model.trigger_source import TriggerSource

body = CreateNotificationRuleParameters(
    data=CreateNotificationRuleParametersData(
        attributes=CreateNotificationRuleParametersDataAttributes(
            enabled=True,
            name="Rule 1",
            selectors=Selectors(
                query="(source:production_service OR env:prod)",
                rule_types=[
                    RuleTypesItems.MISCONFIGURATION,
                    RuleTypesItems.ATTACK_PATH,
                ],
                severities=[
                    RuleSeverity.CRITICAL,
                ],
                trigger_source=TriggerSource.SECURITY_FINDINGS,
            ),
            targets=[
                "@john.doe@email.com",
            ],
            time_aggregation=86400,
        ),
        type=NotificationRulesType.NOTIFICATION_RULES,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_vulnerability_notification_rule(body=body)

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Create a new vulnerability-based notification rule returns "Successfully created the notification rule." response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::CreateNotificationRuleParameters.new({
  data: DatadogAPIClient::V2::CreateNotificationRuleParametersData.new({
    attributes: DatadogAPIClient::V2::CreateNotificationRuleParametersDataAttributes.new({
      enabled: true,
      name: "Rule 1",
      selectors: DatadogAPIClient::V2::Selectors.new({
        query: "(source:production_service OR env:prod)",
        rule_types: [
          DatadogAPIClient::V2::RuleTypesItems::MISCONFIGURATION,
          DatadogAPIClient::V2::RuleTypesItems::ATTACK_PATH,
        ],
        severities: [
          DatadogAPIClient::V2::RuleSeverity::CRITICAL,
        ],
        trigger_source: DatadogAPIClient::V2::TriggerSource::SECURITY_FINDINGS,
      }),
      targets: [
        "@john.doe@email.com",
      ],
      time_aggregation: 86400,
    }),
    type: DatadogAPIClient::V2::NotificationRulesType::NOTIFICATION_RULES,
  }),
})
p api_instance.create_vulnerability_notification_rule(body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Create a new vulnerability-based notification rule returns "Successfully
// created the notification rule." response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::CreateNotificationRuleParameters;
use datadog_api_client::datadogV2::model::CreateNotificationRuleParametersData;
use datadog_api_client::datadogV2::model::CreateNotificationRuleParametersDataAttributes;
use datadog_api_client::datadogV2::model::NotificationRulesType;
use datadog_api_client::datadogV2::model::RuleSeverity;
use datadog_api_client::datadogV2::model::RuleTypesItems;
use datadog_api_client::datadogV2::model::Selectors;
use datadog_api_client::datadogV2::model::TriggerSource;

#[tokio::main]
async fn main() {
    let body =
        CreateNotificationRuleParameters::new().data(CreateNotificationRuleParametersData::new(
            CreateNotificationRuleParametersDataAttributes::new(
                "Rule 1".to_string(),
                Selectors::new(TriggerSource::SECURITY_FINDINGS)
                    .query("(source:production_service OR env:prod)".to_string())
                    .rule_types(vec![
                        RuleTypesItems::MISCONFIGURATION,
                        RuleTypesItems::ATTACK_PATH,
                    ])
                    .severities(vec![RuleSeverity::CRITICAL]),
                vec!["@john.doe@email.com".to_string()],
            )
            .enabled(true)
            .time_aggregation(86400),
            NotificationRulesType::NOTIFICATION_RULES,
        ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_vulnerability_notification_rule(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Create a new vulnerability-based notification rule returns "Successfully created the notification rule." response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateVulnerabilityNotificationRuleRequest =
  {
    body: {
      data: {
        attributes: {
          enabled: true,
          name: "Rule 1",
          selectors: {
            query: "(source:production_service OR env:prod)",
            ruleTypes: ["misconfiguration", "attack_path"],
            severities: ["critical"],
            triggerSource: "security_findings",
          },
          targets: ["@john.doe@email.com"],
          timeAggregation: 86400,
        },
        type: "notification_rules",
      },
    },
  };

apiInstance
  .createVulnerabilityNotificationRule(params)
  .then((data: v2.NotificationRuleResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Get details of a vulnerability notification rule

    GET https://api.ap1.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/{id}https://api.ap2.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/{id}https://api.datadoghq.eu/api/v2/security/vulnerabilities/notification_rules/{id}https://api.ddog-gov.com/api/v2/security/vulnerabilities/notification_rules/{id}https://api.us2.ddog-gov.com/api/v2/security/vulnerabilities/notification_rules/{id}https://api.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/{id}https://api.us3.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/{id}https://api.us5.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/{id}

    概要

    Get the details of a notification rule for security vulnerabilities. This endpoint requires the security_monitoring_notification_profiles_read permission.

    引数

    パスパラメーター

    名前

    種類

    説明

    id [required]

    string

    ID of the notification rule.

    応答

    Notification rule details.

    Response object which includes a notification rule.

    Expand All

    フィールド

    種類

    説明

    data

    object

    Notification rules allow full control over notifications generated by the various Datadog security products. They allow users to define the conditions under which a notification should be generated (based on rule severities, rule types, rule tags, and so on), and the targets to notify. A notification rule is composed of a rule ID, a rule type, and the rule attributes. All fields are required.

    attributes [required]

    object

    Attributes of the notification rule.

    created_at [required]

    int64

    Date as Unix timestamp in milliseconds.

    created_by [required]

    object

    User creating or modifying a rule.

    handle

    string

    The user handle.

    name

    string

    The user name.

    enabled [required]

    boolean

    Field used to enable or disable the rule.

    modified_at [required]

    int64

    Date as Unix timestamp in milliseconds.

    modified_by [required]

    object

    User creating or modifying a rule.

    handle

    string

    The user handle.

    name

    string

    The user name.

    name [required]

    string

    Name of the notification rule.

    selectors [required]

    object

    Selectors are used to filter security issues for which notifications should be generated. Users can specify rule severities, rule types, a query to filter security issues on tags and attributes, and the trigger source. Only the trigger_source field is required.

    query

    string

    The query is composed of one or several key:value pairs, which can be used to filter security issues on tags and attributes.

    rule_types

    [string]

    Security rule types used as filters in security rules.

    severities

    [string]

    The security rules severities to consider.

    trigger_source [required]

    enum

    The type of security issues on which the rule applies. Notification rules based on security signals need to use the trigger source "security_signals", while notification rules based on security vulnerabilities need to use the trigger source "security_findings". Allowed enum values: security_findings,security_signals

    targets [required]

    [string]

    List of recipients to notify when a notification rule is triggered. Many different target types are supported, such as email addresses, Slack channels, and PagerDuty services. The appropriate integrations need to be properly configured to send notifications to the specified targets.

    time_aggregation

    int64

    Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. Results are aggregated over a selected time frame using a rolling window, which updates with each new evaluation. Notifications are only sent for new issues discovered during the window. Time aggregation is only available for vulnerability-based notification rules. When omitted or set to 0, no aggregation is done.

    version [required]

    int64

    Version of the notification rule. It is updated when the rule is modified.

    id [required]

    string

    The ID of a notification rule.

    type [required]

    enum

    The rule type associated to notification rules. Allowed enum values: notification_rules

    {
  "data": {
    "attributes": {
      "created_at": 1722439510282,
      "created_by": {
        "handle": "john.doe@domain.com",
        "name": "John Doe"
      },
      "enabled": true,
      "modified_at": 1722439510282,
      "modified_by": {
        "handle": "john.doe@domain.com",
        "name": "John Doe"
      },
      "name": "Rule 1",
      "selectors": {
        "query": "(source:production_service OR env:prod)",
        "rule_types": [
          "misconfiguration",
          "attack_path"
        ],
        "severities": [
          "critical"
        ],
        "trigger_source": "security_findings"
      },
      "targets": [
        "@john.doe@email.com"
      ],
      "time_aggregation": 86400,
      "version": 1
    },
    "id": "aaa-bbb-ccc",
    "type": "notification_rules"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Forbidden

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Path parameters
    export id="CHANGE_ME"
    # Curl command
    curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/${id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Get details of a vulnerability notification rule returns "Notification rule details." response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

# there is a valid "valid_vulnerability_notification_rule" in the system
VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID = environ["VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID"]

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_vulnerability_notification_rule(
        id=VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID,
    )

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Get details of a vulnerability notification rule returns "Notification rule details." response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "valid_vulnerability_notification_rule" in the system
VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID = ENV["VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID"]
p api_instance.get_vulnerability_notification_rule(VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Get details of a vulnerability notification rule returns "Notification rule details." response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "valid_vulnerability_notification_rule" in the system
	ValidVulnerabilityNotificationRuleDataID := os.Getenv("VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID")

	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetVulnerabilityNotificationRule(ctx, ValidVulnerabilityNotificationRuleDataID)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetVulnerabilityNotificationRule`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetVulnerabilityNotificationRule`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Get details of a vulnerability notification rule returns "Notification rule details." response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.NotificationRuleResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "valid_vulnerability_notification_rule" in the system
    String VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID =
        System.getenv("VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID");

    try {
      NotificationRuleResponse result =
          apiInstance.getVulnerabilityNotificationRule(
              VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#getVulnerabilityNotificationRule");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Get details of a vulnerability notification rule returns "Notification rule
// details." response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    // there is a valid "valid_vulnerability_notification_rule" in the system
    let valid_vulnerability_notification_rule_data_id =
        std::env::var("VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .get_vulnerability_notification_rule(valid_vulnerability_notification_rule_data_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Get details of a vulnerability notification rule returns "Notification rule details." response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "valid_vulnerability_notification_rule" in the system
const VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID = process.env
  .VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID as string;

const params: v2.SecurityMonitoringApiGetVulnerabilityNotificationRuleRequest =
  {
    id: VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID,
  };

apiInstance
  .getVulnerabilityNotificationRule(params)
  .then((data: v2.NotificationRuleResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Delete a vulnerability-based notification rule

    DELETE https://api.ap1.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/{id}https://api.ap2.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/{id}https://api.datadoghq.eu/api/v2/security/vulnerabilities/notification_rules/{id}https://api.ddog-gov.com/api/v2/security/vulnerabilities/notification_rules/{id}https://api.us2.ddog-gov.com/api/v2/security/vulnerabilities/notification_rules/{id}https://api.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/{id}https://api.us3.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/{id}https://api.us5.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/{id}

    概要

    Delete a notification rule for security vulnerabilities. This endpoint requires the security_monitoring_notification_profiles_write permission.

    引数

    パスパラメーター

    名前

    種類

    説明

    id [required]

    string

    ID of the notification rule.

    応答

    Rule successfully deleted.

    Forbidden

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Path parameters
    export id="CHANGE_ME"
    # Curl command
    curl -X DELETE "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/${id}" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Delete a vulnerability-based notification rule returns "Rule successfully deleted." response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

# there is a valid "valid_vulnerability_notification_rule" in the system
VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID = environ["VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID"]

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    api_instance.delete_vulnerability_notification_rule(
        id=VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID,
    )

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Delete a vulnerability-based notification rule returns "Rule successfully deleted." response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "valid_vulnerability_notification_rule" in the system
VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID = ENV["VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID"]
api_instance.delete_vulnerability_notification_rule(VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Delete a vulnerability-based notification rule returns "Rule successfully deleted." response

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "valid_vulnerability_notification_rule" in the system
	ValidVulnerabilityNotificationRuleDataID := os.Getenv("VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID")

	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	r, err := api.DeleteVulnerabilityNotificationRule(ctx, ValidVulnerabilityNotificationRuleDataID)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.DeleteVulnerabilityNotificationRule`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Delete a vulnerability-based notification rule returns "Rule successfully deleted." response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "valid_vulnerability_notification_rule" in the system
    String VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID =
        System.getenv("VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID");

    try {
      apiInstance.deleteVulnerabilityNotificationRule(
          VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#deleteVulnerabilityNotificationRule");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Delete a vulnerability-based notification rule returns "Rule successfully
// deleted." response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    // there is a valid "valid_vulnerability_notification_rule" in the system
    let valid_vulnerability_notification_rule_data_id =
        std::env::var("VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .delete_vulnerability_notification_rule(
            valid_vulnerability_notification_rule_data_id.clone(),
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Delete a vulnerability-based notification rule returns "Rule successfully deleted." response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "valid_vulnerability_notification_rule" in the system
const VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID = process.env
  .VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID as string;

const params: v2.SecurityMonitoringApiDeleteVulnerabilityNotificationRuleRequest =
  {
    id: VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID,
  };

apiInstance
  .deleteVulnerabilityNotificationRule(params)
  .then((data: any) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Patch a vulnerability-based notification rule

    PATCH https://api.ap1.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/{id}https://api.ap2.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/{id}https://api.datadoghq.eu/api/v2/security/vulnerabilities/notification_rules/{id}https://api.ddog-gov.com/api/v2/security/vulnerabilities/notification_rules/{id}https://api.us2.ddog-gov.com/api/v2/security/vulnerabilities/notification_rules/{id}https://api.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/{id}https://api.us3.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/{id}https://api.us5.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/{id}

    概要

    Partially update the notification rule. All fields are optional; if a field is not provided, it is not updated. This endpoint requires the security_monitoring_notification_profiles_write permission.

    引数

    パスパラメーター

    名前

    種類

    説明

    id [required]

    string

    ID of the notification rule.

    リクエスト

    Body Data (required)

    Expand All

    フィールド

    種類

    説明

    data

    object

    Data of the notification rule patch request: the rule ID, the rule type, and the rule attributes. All fields are required.

    attributes [required]

    object

    Attributes of the notification rule patch request. It is required to update the version of the rule when patching it.

    enabled

    boolean

    Field used to enable or disable the rule.

    name

    string

    Name of the notification rule.

    selectors

    object

    Selectors are used to filter security issues for which notifications should be generated. Users can specify rule severities, rule types, a query to filter security issues on tags and attributes, and the trigger source. Only the trigger_source field is required.

    query

    string

    The query is composed of one or several key:value pairs, which can be used to filter security issues on tags and attributes.

    rule_types

    [string]

    Security rule types used as filters in security rules.

    severities

    [string]

    The security rules severities to consider.

    trigger_source [required]

    enum

    The type of security issues on which the rule applies. Notification rules based on security signals need to use the trigger source "security_signals", while notification rules based on security vulnerabilities need to use the trigger source "security_findings". Allowed enum values: security_findings,security_signals

    targets

    [string]

    List of recipients to notify when a notification rule is triggered. Many different target types are supported, such as email addresses, Slack channels, and PagerDuty services. The appropriate integrations need to be properly configured to send notifications to the specified targets.

    time_aggregation

    int64

    Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. Results are aggregated over a selected time frame using a rolling window, which updates with each new evaluation. Notifications are only sent for new issues discovered during the window. Time aggregation is only available for vulnerability-based notification rules. When omitted or set to 0, no aggregation is done.

    version

    int64

    Version of the notification rule. It is updated when the rule is modified.

    id [required]

    string

    The ID of a notification rule.

    type [required]

    enum

    The rule type associated to notification rules. Allowed enum values: notification_rules

    {
  "data": {
    "attributes": {
      "enabled": true,
      "name": "Rule 1",
      "selectors": {
        "query": "(source:production_service OR env:prod)",
        "rule_types": [
          "misconfiguration",
          "attack_path"
        ],
        "severities": [
          "critical"
        ],
        "trigger_source": "security_findings"
      },
      "targets": [
        "@john.doe@email.com"
      ],
      "time_aggregation": 86400,
      "version": 1
    },
    "id": "aaa-bbb-ccc",
    "type": "notification_rules"
  }
}

    応答

    Notification rule successfully patched.

    Response object which includes a notification rule.

    Expand All

    フィールド

    種類

    説明

    data

    object

    Notification rules allow full control over notifications generated by the various Datadog security products. They allow users to define the conditions under which a notification should be generated (based on rule severities, rule types, rule tags, and so on), and the targets to notify. A notification rule is composed of a rule ID, a rule type, and the rule attributes. All fields are required.

    attributes [required]

    object

    Attributes of the notification rule.

    created_at [required]

    int64

    Date as Unix timestamp in milliseconds.

    created_by [required]

    object

    User creating or modifying a rule.

    handle

    string

    The user handle.

    name

    string

    The user name.

    enabled [required]

    boolean

    Field used to enable or disable the rule.

    modified_at [required]

    int64

    Date as Unix timestamp in milliseconds.

    modified_by [required]

    object

    User creating or modifying a rule.

    handle

    string

    The user handle.

    name

    string

    The user name.

    name [required]

    string

    Name of the notification rule.

    selectors [required]

    object

    Selectors are used to filter security issues for which notifications should be generated. Users can specify rule severities, rule types, a query to filter security issues on tags and attributes, and the trigger source. Only the trigger_source field is required.

    query

    string

    The query is composed of one or several key:value pairs, which can be used to filter security issues on tags and attributes.

    rule_types

    [string]

    Security rule types used as filters in security rules.

    severities

    [string]

    The security rules severities to consider.

    trigger_source [required]

    enum

    The type of security issues on which the rule applies. Notification rules based on security signals need to use the trigger source "security_signals", while notification rules based on security vulnerabilities need to use the trigger source "security_findings". Allowed enum values: security_findings,security_signals

    targets [required]

    [string]

    List of recipients to notify when a notification rule is triggered. Many different target types are supported, such as email addresses, Slack channels, and PagerDuty services. The appropriate integrations need to be properly configured to send notifications to the specified targets.

    time_aggregation

    int64

    Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. Results are aggregated over a selected time frame using a rolling window, which updates with each new evaluation. Notifications are only sent for new issues discovered during the window. Time aggregation is only available for vulnerability-based notification rules. When omitted or set to 0, no aggregation is done.

    version [required]

    int64

    Version of the notification rule. It is updated when the rule is modified.

    id [required]

    string

    The ID of a notification rule.

    type [required]

    enum

    The rule type associated to notification rules. Allowed enum values: notification_rules

    {
  "data": {
    "attributes": {
      "created_at": 1722439510282,
      "created_by": {
        "handle": "john.doe@domain.com",
        "name": "John Doe"
      },
      "enabled": true,
      "modified_at": 1722439510282,
      "modified_by": {
        "handle": "john.doe@domain.com",
        "name": "John Doe"
      },
      "name": "Rule 1",
      "selectors": {
        "query": "(source:production_service OR env:prod)",
        "rule_types": [
          "misconfiguration",
          "attack_path"
        ],
        "severities": [
          "critical"
        ],
        "trigger_source": "security_findings"
      },
      "targets": [
        "@john.doe@email.com"
      ],
      "time_aggregation": 86400,
      "version": 1
    },
    "id": "aaa-bbb-ccc",
    "type": "notification_rules"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Forbidden

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    The server cannot process the request because it contains invalid data.

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [object]

    A list of errors.

    detail

    string

    A human-readable explanation specific to this occurrence of the error.

    meta

    object

    Non-standard meta-information about the error

    source

    object

    References to the source of the error.

    header

    string

    A string indicating the name of a single request header which caused the error.

    parameter

    string

    A string indicating which URI query parameter caused the error.

    pointer

    string

    A JSON pointer to the value in the request document that caused the error.

    status

    string

    Status code of the response.

    title

    string

    Short human-readable summary of the error.

    {
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Path parameters
    export id="CHANGE_ME"
    # Curl command
    curl -X PATCH "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/${id}" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "enabled": true,
      "name": "Rule 1",
      "selectors": {
        "query": "(source:production_service OR env:prod)",
        "rule_types": [
          "misconfiguration",
          "attack_path"
        ],
        "severities": [
          "critical"
        ],
        "trigger_source": "security_findings"
      },
      "targets": [
        "@john.doe@email.com"
      ],
      "time_aggregation": 86400,
      "version": 1
    },
    "id": "aaa-bbb-ccc",
    "type": "notification_rules"
  }
}
EOF
    
                        
    // Patch a vulnerability-based notification rule returns "Notification rule successfully patched." response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "valid_vulnerability_notification_rule" in the system
	ValidVulnerabilityNotificationRuleDataID := os.Getenv("VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID")

	body := datadogV2.PatchNotificationRuleParameters{
		Data: &datadogV2.PatchNotificationRuleParametersData{
			Attributes: datadogV2.PatchNotificationRuleParametersDataAttributes{
				Enabled: datadog.PtrBool(true),
				Name:    datadog.PtrString("Rule 1"),
				Selectors: &datadogV2.Selectors{
					Query: datadog.PtrString("(source:production_service OR env:prod)"),
					RuleTypes: []datadogV2.RuleTypesItems{
						datadogV2.RULETYPESITEMS_MISCONFIGURATION,
						datadogV2.RULETYPESITEMS_ATTACK_PATH,
					},
					Severities: []datadogV2.RuleSeverity{
						datadogV2.RULESEVERITY_CRITICAL,
					},
					TriggerSource: datadogV2.TRIGGERSOURCE_SECURITY_FINDINGS,
				},
				Targets: []string{
					"@john.doe@email.com",
				},
				TimeAggregation: datadog.PtrInt64(86400),
				Version:         datadog.PtrInt64(1),
			},
			Id:   ValidVulnerabilityNotificationRuleDataID,
			Type: datadogV2.NOTIFICATIONRULESTYPE_NOTIFICATION_RULES,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.PatchVulnerabilityNotificationRule(ctx, ValidVulnerabilityNotificationRuleDataID, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.PatchVulnerabilityNotificationRule`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.PatchVulnerabilityNotificationRule`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Patch a vulnerability-based notification rule returns "Notification rule successfully patched."
// response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.NotificationRuleResponse;
import com.datadog.api.client.v2.model.NotificationRulesType;
import com.datadog.api.client.v2.model.PatchNotificationRuleParameters;
import com.datadog.api.client.v2.model.PatchNotificationRuleParametersData;
import com.datadog.api.client.v2.model.PatchNotificationRuleParametersDataAttributes;
import com.datadog.api.client.v2.model.RuleSeverity;
import com.datadog.api.client.v2.model.RuleTypesItems;
import com.datadog.api.client.v2.model.Selectors;
import com.datadog.api.client.v2.model.TriggerSource;
import java.util.Arrays;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "valid_vulnerability_notification_rule" in the system
    String VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID =
        System.getenv("VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID");

    PatchNotificationRuleParameters body =
        new PatchNotificationRuleParameters()
            .data(
                new PatchNotificationRuleParametersData()
                    .attributes(
                        new PatchNotificationRuleParametersDataAttributes()
                            .enabled(true)
                            .name("Rule 1")
                            .selectors(
                                new Selectors()
                                    .query("(source:production_service OR env:prod)")
                                    .ruleTypes(
                                        Arrays.asList(
                                            RuleTypesItems.MISCONFIGURATION,
                                            RuleTypesItems.ATTACK_PATH))
                                    .severities(Collections.singletonList(RuleSeverity.CRITICAL))
                                    .triggerSource(TriggerSource.SECURITY_FINDINGS))
                            .targets(Collections.singletonList("@john.doe@email.com"))
                            .timeAggregation(86400L)
                            .version(1L))
                    .id(VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID)
                    .type(NotificationRulesType.NOTIFICATION_RULES));

    try {
      NotificationRuleResponse result =
          apiInstance.patchVulnerabilityNotificationRule(
              VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID, body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#patchVulnerabilityNotificationRule");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Patch a vulnerability-based notification rule returns "Notification rule successfully patched." response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.notification_rules_type import NotificationRulesType
from datadog_api_client.v2.model.patch_notification_rule_parameters import PatchNotificationRuleParameters
from datadog_api_client.v2.model.patch_notification_rule_parameters_data import PatchNotificationRuleParametersData
from datadog_api_client.v2.model.patch_notification_rule_parameters_data_attributes import (
    PatchNotificationRuleParametersDataAttributes,
)
from datadog_api_client.v2.model.rule_severity import RuleSeverity
from datadog_api_client.v2.model.rule_types_items import RuleTypesItems
from datadog_api_client.v2.model.selectors import Selectors
from datadog_api_client.v2.model.trigger_source import TriggerSource

# there is a valid "valid_vulnerability_notification_rule" in the system
VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID = environ["VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID"]

body = PatchNotificationRuleParameters(
    data=PatchNotificationRuleParametersData(
        attributes=PatchNotificationRuleParametersDataAttributes(
            enabled=True,
            name="Rule 1",
            selectors=Selectors(
                query="(source:production_service OR env:prod)",
                rule_types=[
                    RuleTypesItems.MISCONFIGURATION,
                    RuleTypesItems.ATTACK_PATH,
                ],
                severities=[
                    RuleSeverity.CRITICAL,
                ],
                trigger_source=TriggerSource.SECURITY_FINDINGS,
            ),
            targets=[
                "@john.doe@email.com",
            ],
            time_aggregation=86400,
            version=1,
        ),
        id=VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID,
        type=NotificationRulesType.NOTIFICATION_RULES,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.patch_vulnerability_notification_rule(
        id=VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID, body=body
    )

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Patch a vulnerability-based notification rule returns "Notification rule successfully patched." response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "valid_vulnerability_notification_rule" in the system
VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID = ENV["VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID"]

body = DatadogAPIClient::V2::PatchNotificationRuleParameters.new({
  data: DatadogAPIClient::V2::PatchNotificationRuleParametersData.new({
    attributes: DatadogAPIClient::V2::PatchNotificationRuleParametersDataAttributes.new({
      enabled: true,
      name: "Rule 1",
      selectors: DatadogAPIClient::V2::Selectors.new({
        query: "(source:production_service OR env:prod)",
        rule_types: [
          DatadogAPIClient::V2::RuleTypesItems::MISCONFIGURATION,
          DatadogAPIClient::V2::RuleTypesItems::ATTACK_PATH,
        ],
        severities: [
          DatadogAPIClient::V2::RuleSeverity::CRITICAL,
        ],
        trigger_source: DatadogAPIClient::V2::TriggerSource::SECURITY_FINDINGS,
      }),
      targets: [
        "@john.doe@email.com",
      ],
      time_aggregation: 86400,
      version: 1,
    }),
    id: VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID,
    type: DatadogAPIClient::V2::NotificationRulesType::NOTIFICATION_RULES,
  }),
})
p api_instance.patch_vulnerability_notification_rule(VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID, body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Patch a vulnerability-based notification rule returns "Notification rule
// successfully patched." response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::NotificationRulesType;
use datadog_api_client::datadogV2::model::PatchNotificationRuleParameters;
use datadog_api_client::datadogV2::model::PatchNotificationRuleParametersData;
use datadog_api_client::datadogV2::model::PatchNotificationRuleParametersDataAttributes;
use datadog_api_client::datadogV2::model::RuleSeverity;
use datadog_api_client::datadogV2::model::RuleTypesItems;
use datadog_api_client::datadogV2::model::Selectors;
use datadog_api_client::datadogV2::model::TriggerSource;

#[tokio::main]
async fn main() {
    // there is a valid "valid_vulnerability_notification_rule" in the system
    let valid_vulnerability_notification_rule_data_id =
        std::env::var("VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID").unwrap();
    let body =
        PatchNotificationRuleParameters::new().data(PatchNotificationRuleParametersData::new(
            PatchNotificationRuleParametersDataAttributes::new()
                .enabled(true)
                .name("Rule 1".to_string())
                .selectors(
                    Selectors::new(TriggerSource::SECURITY_FINDINGS)
                        .query("(source:production_service OR env:prod)".to_string())
                        .rule_types(vec![
                            RuleTypesItems::MISCONFIGURATION,
                            RuleTypesItems::ATTACK_PATH,
                        ])
                        .severities(vec![RuleSeverity::CRITICAL]),
                )
                .targets(vec!["@john.doe@email.com".to_string()])
                .time_aggregation(86400)
                .version(1),
            valid_vulnerability_notification_rule_data_id.clone(),
            NotificationRulesType::NOTIFICATION_RULES,
        ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .patch_vulnerability_notification_rule(
            valid_vulnerability_notification_rule_data_id.clone(),
            body,
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Patch a vulnerability-based notification rule returns "Notification rule successfully patched." response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "valid_vulnerability_notification_rule" in the system
const VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID = process.env
  .VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID as string;

const params: v2.SecurityMonitoringApiPatchVulnerabilityNotificationRuleRequest =
  {
    body: {
      data: {
        attributes: {
          enabled: true,
          name: "Rule 1",
          selectors: {
            query: "(source:production_service OR env:prod)",
            ruleTypes: ["misconfiguration", "attack_path"],
            severities: ["critical"],
            triggerSource: "security_findings",
          },
          targets: ["@john.doe@email.com"],
          timeAggregation: 86400,
          version: 1,
        },
        id: VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID,
        type: "notification_rules",
      },
    },
    id: VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID,
  };

apiInstance
  .patchVulnerabilityNotificationRule(params)
  .then((data: v2.NotificationRuleResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Get the list of signal-based notification rules

    GET https://api.ap1.datadoghq.com/api/v2/security/signals/notification_ruleshttps://api.ap2.datadoghq.com/api/v2/security/signals/notification_ruleshttps://api.datadoghq.eu/api/v2/security/signals/notification_ruleshttps://api.ddog-gov.com/api/v2/security/signals/notification_ruleshttps://api.us2.ddog-gov.com/api/v2/security/signals/notification_ruleshttps://api.datadoghq.com/api/v2/security/signals/notification_ruleshttps://api.us3.datadoghq.com/api/v2/security/signals/notification_ruleshttps://api.us5.datadoghq.com/api/v2/security/signals/notification_rules

    概要

    Returns the list of notification rules for security signals. This endpoint requires the security_monitoring_notification_profiles_read permission.

    応答

    The list of notification rules.

    Expand All

    フィールド

    種類

    説明

    data

    [object]

    attributes [required]

    object

    Attributes of the notification rule.

    created_at [required]

    int64

    Date as Unix timestamp in milliseconds.

    created_by [required]

    object

    User creating or modifying a rule.

    handle

    string

    The user handle.

    name

    string

    The user name.

    enabled [required]

    boolean

    Field used to enable or disable the rule.

    modified_at [required]

    int64

    Date as Unix timestamp in milliseconds.

    modified_by [required]

    object

    User creating or modifying a rule.

    handle

    string

    The user handle.

    name

    string

    The user name.

    name [required]

    string

    Name of the notification rule.

    selectors [required]

    object

    Selectors are used to filter security issues for which notifications should be generated. Users can specify rule severities, rule types, a query to filter security issues on tags and attributes, and the trigger source. Only the trigger_source field is required.

    query

    string

    The query is composed of one or several key:value pairs, which can be used to filter security issues on tags and attributes.

    rule_types

    [string]

    Security rule types used as filters in security rules.

    severities

    [string]

    The security rules severities to consider.

    trigger_source [required]

    enum

    The type of security issues on which the rule applies. Notification rules based on security signals need to use the trigger source "security_signals", while notification rules based on security vulnerabilities need to use the trigger source "security_findings". Allowed enum values: security_findings,security_signals

    targets [required]

    [string]

    List of recipients to notify when a notification rule is triggered. Many different target types are supported, such as email addresses, Slack channels, and PagerDuty services. The appropriate integrations need to be properly configured to send notifications to the specified targets.

    time_aggregation

    int64

    Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. Results are aggregated over a selected time frame using a rolling window, which updates with each new evaluation. Notifications are only sent for new issues discovered during the window. Time aggregation is only available for vulnerability-based notification rules. When omitted or set to 0, no aggregation is done.

    version [required]

    int64

    Version of the notification rule. It is updated when the rule is modified.

    id [required]

    string

    The ID of a notification rule.

    type [required]

    enum

    The rule type associated to notification rules. Allowed enum values: notification_rules

    {
  "data": [
    {
      "attributes": {
        "created_at": 1722439510282,
        "created_by": {
          "handle": "john.doe@domain.com",
          "name": "John Doe"
        },
        "enabled": true,
        "modified_at": 1722439510282,
        "modified_by": {
          "handle": "john.doe@domain.com",
          "name": "John Doe"
        },
        "name": "Rule 1",
        "selectors": {
          "query": "(source:production_service OR env:prod)",
          "rule_types": [
            "misconfiguration",
            "attack_path"
          ],
          "severities": [
            "critical"
          ],
          "trigger_source": "security_findings"
        },
        "targets": [
          "@john.doe@email.com"
        ],
        "time_aggregation": 86400,
        "version": 1
      },
      "id": "aaa-bbb-ccc",
      "type": "notification_rules"
    }
  ]
}

    Forbidden

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Curl command
    curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/signals/notification_rules" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Get the list of signal-based notification rules returns "The list of notification rules." response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_signal_notification_rules()

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Get the list of signal-based notification rules returns "The list of notification rules." response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.get_signal_notification_rules()

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Get the list of signal-based notification rules returns "The list of notification rules." response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetSignalNotificationRules(ctx)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetSignalNotificationRules`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetSignalNotificationRules`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Get the list of signal-based notification rules returns "The list of notification rules."
// response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      apiInstance.getSignalNotificationRules();
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#getSignalNotificationRules");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Get the list of signal-based notification rules returns "The list of
// notification rules." response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.get_signal_notification_rules().await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Get the list of signal-based notification rules returns "The list of notification rules." response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

apiInstance
  .getSignalNotificationRules()
  .then((data: any) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Create a new signal-based notification rule

    POST https://api.ap1.datadoghq.com/api/v2/security/signals/notification_ruleshttps://api.ap2.datadoghq.com/api/v2/security/signals/notification_ruleshttps://api.datadoghq.eu/api/v2/security/signals/notification_ruleshttps://api.ddog-gov.com/api/v2/security/signals/notification_ruleshttps://api.us2.ddog-gov.com/api/v2/security/signals/notification_ruleshttps://api.datadoghq.com/api/v2/security/signals/notification_ruleshttps://api.us3.datadoghq.com/api/v2/security/signals/notification_ruleshttps://api.us5.datadoghq.com/api/v2/security/signals/notification_rules

    概要

    Create a new notification rule for security signals and return the created rule. This endpoint requires the security_monitoring_notification_profiles_write permission.

    リクエスト

    Body Data (required)

    The body of the create notification rule request is composed of the rule type and the rule attributes: the rule name, the selectors, the notification targets, and the rule enabled status.

    Expand All

    フィールド

    種類

    説明

    data

    object

    Data of the notification rule create request: the rule type, and the rule attributes. All fields are required.

    attributes [required]

    object

    Attributes of the notification rule create request.

    enabled

    boolean

    Field used to enable or disable the rule.

    name [required]

    string

    Name of the notification rule.

    selectors [required]

    object

    Selectors are used to filter security issues for which notifications should be generated. Users can specify rule severities, rule types, a query to filter security issues on tags and attributes, and the trigger source. Only the trigger_source field is required.

    query

    string

    The query is composed of one or several key:value pairs, which can be used to filter security issues on tags and attributes.

    rule_types

    [string]

    Security rule types used as filters in security rules.

    severities

    [string]

    The security rules severities to consider.

    trigger_source [required]

    enum

    The type of security issues on which the rule applies. Notification rules based on security signals need to use the trigger source "security_signals", while notification rules based on security vulnerabilities need to use the trigger source "security_findings". Allowed enum values: security_findings,security_signals

    targets [required]

    [string]

    List of recipients to notify when a notification rule is triggered. Many different target types are supported, such as email addresses, Slack channels, and PagerDuty services. The appropriate integrations need to be properly configured to send notifications to the specified targets.

    time_aggregation

    int64

    Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. Results are aggregated over a selected time frame using a rolling window, which updates with each new evaluation. Notifications are only sent for new issues discovered during the window. Time aggregation is only available for vulnerability-based notification rules. When omitted or set to 0, no aggregation is done.

    type [required]

    enum

    The rule type associated to notification rules. Allowed enum values: notification_rules

    {
  "data": {
    "attributes": {
      "enabled": true,
      "name": "Rule 1",
      "selectors": {
        "query": "(source:production_service OR env:prod)",
        "rule_types": [
          "misconfiguration",
          "attack_path"
        ],
        "severities": [
          "critical"
        ],
        "trigger_source": "security_findings"
      },
      "targets": [
        "@john.doe@email.com"
      ],
      "time_aggregation": 86400
    },
    "type": "notification_rules"
  }
}

    応答

    Successfully created the notification rule.

    Response object which includes a notification rule.

    Expand All

    フィールド

    種類

    説明

    data

    object

    Notification rules allow full control over notifications generated by the various Datadog security products. They allow users to define the conditions under which a notification should be generated (based on rule severities, rule types, rule tags, and so on), and the targets to notify. A notification rule is composed of a rule ID, a rule type, and the rule attributes. All fields are required.

    attributes [required]

    object

    Attributes of the notification rule.

    created_at [required]

    int64

    Date as Unix timestamp in milliseconds.

    created_by [required]

    object

    User creating or modifying a rule.

    handle

    string

    The user handle.

    name

    string

    The user name.

    enabled [required]

    boolean

    Field used to enable or disable the rule.

    modified_at [required]

    int64

    Date as Unix timestamp in milliseconds.

    modified_by [required]

    object

    User creating or modifying a rule.

    handle

    string

    The user handle.

    name

    string

    The user name.

    name [required]

    string

    Name of the notification rule.

    selectors [required]

    object

    Selectors are used to filter security issues for which notifications should be generated. Users can specify rule severities, rule types, a query to filter security issues on tags and attributes, and the trigger source. Only the trigger_source field is required.

    query

    string

    The query is composed of one or several key:value pairs, which can be used to filter security issues on tags and attributes.

    rule_types

    [string]

    Security rule types used as filters in security rules.

    severities

    [string]

    The security rules severities to consider.

    trigger_source [required]

    enum

    The type of security issues on which the rule applies. Notification rules based on security signals need to use the trigger source "security_signals", while notification rules based on security vulnerabilities need to use the trigger source "security_findings". Allowed enum values: security_findings,security_signals

    targets [required]

    [string]

    List of recipients to notify when a notification rule is triggered. Many different target types are supported, such as email addresses, Slack channels, and PagerDuty services. The appropriate integrations need to be properly configured to send notifications to the specified targets.

    time_aggregation

    int64

    Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. Results are aggregated over a selected time frame using a rolling window, which updates with each new evaluation. Notifications are only sent for new issues discovered during the window. Time aggregation is only available for vulnerability-based notification rules. When omitted or set to 0, no aggregation is done.

    version [required]

    int64

    Version of the notification rule. It is updated when the rule is modified.

    id [required]

    string

    The ID of a notification rule.

    type [required]

    enum

    The rule type associated to notification rules. Allowed enum values: notification_rules

    {
  "data": {
    "attributes": {
      "created_at": 1722439510282,
      "created_by": {
        "handle": "john.doe@domain.com",
        "name": "John Doe"
      },
      "enabled": true,
      "modified_at": 1722439510282,
      "modified_by": {
        "handle": "john.doe@domain.com",
        "name": "John Doe"
      },
      "name": "Rule 1",
      "selectors": {
        "query": "(source:production_service OR env:prod)",
        "rule_types": [
          "misconfiguration",
          "attack_path"
        ],
        "severities": [
          "critical"
        ],
        "trigger_source": "security_findings"
      },
      "targets": [
        "@john.doe@email.com"
      ],
      "time_aggregation": 86400,
      "version": 1
    },
    "id": "aaa-bbb-ccc",
    "type": "notification_rules"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Forbidden

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Curl command
    curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/signals/notification_rules" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "enabled": true,
      "name": "Rule 1",
      "selectors": {
        "query": "(source:production_service OR env:prod)",
        "rule_types": [
          "misconfiguration",
          "attack_path"
        ],
        "severities": [
          "critical"
        ],
        "trigger_source": "security_findings"
      },
      "targets": [
        "@john.doe@email.com"
      ],
      "time_aggregation": 86400
    },
    "type": "notification_rules"
  }
}
EOF
    
                        
    // Create a new signal-based notification rule returns "Successfully created the notification rule." response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.CreateNotificationRuleParameters{
		Data: &datadogV2.CreateNotificationRuleParametersData{
			Attributes: datadogV2.CreateNotificationRuleParametersDataAttributes{
				Enabled: datadog.PtrBool(true),
				Name:    "Rule 1",
				Selectors: datadogV2.Selectors{
					Query: datadog.PtrString("(source:production_service OR env:prod)"),
					RuleTypes: []datadogV2.RuleTypesItems{
						datadogV2.RULETYPESITEMS_MISCONFIGURATION,
						datadogV2.RULETYPESITEMS_ATTACK_PATH,
					},
					Severities: []datadogV2.RuleSeverity{
						datadogV2.RULESEVERITY_CRITICAL,
					},
					TriggerSource: datadogV2.TRIGGERSOURCE_SECURITY_FINDINGS,
				},
				Targets: []string{
					"@john.doe@email.com",
				},
				TimeAggregation: datadog.PtrInt64(86400),
			},
			Type: datadogV2.NOTIFICATIONRULESTYPE_NOTIFICATION_RULES,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateSignalNotificationRule(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSignalNotificationRule`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSignalNotificationRule`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Create a new signal-based notification rule returns "Successfully created the notification rule."
// response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.CreateNotificationRuleParameters;
import com.datadog.api.client.v2.model.CreateNotificationRuleParametersData;
import com.datadog.api.client.v2.model.CreateNotificationRuleParametersDataAttributes;
import com.datadog.api.client.v2.model.NotificationRuleResponse;
import com.datadog.api.client.v2.model.NotificationRulesType;
import com.datadog.api.client.v2.model.RuleSeverity;
import com.datadog.api.client.v2.model.RuleTypesItems;
import com.datadog.api.client.v2.model.Selectors;
import com.datadog.api.client.v2.model.TriggerSource;
import java.util.Arrays;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    CreateNotificationRuleParameters body =
        new CreateNotificationRuleParameters()
            .data(
                new CreateNotificationRuleParametersData()
                    .attributes(
                        new CreateNotificationRuleParametersDataAttributes()
                            .enabled(true)
                            .name("Rule 1")
                            .selectors(
                                new Selectors()
                                    .query("(source:production_service OR env:prod)")
                                    .ruleTypes(
                                        Arrays.asList(
                                            RuleTypesItems.MISCONFIGURATION,
                                            RuleTypesItems.ATTACK_PATH))
                                    .severities(Collections.singletonList(RuleSeverity.CRITICAL))
                                    .triggerSource(TriggerSource.SECURITY_FINDINGS))
                            .targets(Collections.singletonList("@john.doe@email.com"))
                            .timeAggregation(86400L))
                    .type(NotificationRulesType.NOTIFICATION_RULES));

    try {
      NotificationRuleResponse result = apiInstance.createSignalNotificationRule(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#createSignalNotificationRule");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Create a new signal-based notification rule returns "Successfully created the notification rule." response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.create_notification_rule_parameters import CreateNotificationRuleParameters
from datadog_api_client.v2.model.create_notification_rule_parameters_data import CreateNotificationRuleParametersData
from datadog_api_client.v2.model.create_notification_rule_parameters_data_attributes import (
    CreateNotificationRuleParametersDataAttributes,
)
from datadog_api_client.v2.model.notification_rules_type import NotificationRulesType
from datadog_api_client.v2.model.rule_severity import RuleSeverity
from datadog_api_client.v2.model.rule_types_items import RuleTypesItems
from datadog_api_client.v2.model.selectors import Selectors
from datadog_api_client.v2.model.trigger_source import TriggerSource

body = CreateNotificationRuleParameters(
    data=CreateNotificationRuleParametersData(
        attributes=CreateNotificationRuleParametersDataAttributes(
            enabled=True,
            name="Rule 1",
            selectors=Selectors(
                query="(source:production_service OR env:prod)",
                rule_types=[
                    RuleTypesItems.MISCONFIGURATION,
                    RuleTypesItems.ATTACK_PATH,
                ],
                severities=[
                    RuleSeverity.CRITICAL,
                ],
                trigger_source=TriggerSource.SECURITY_FINDINGS,
            ),
            targets=[
                "@john.doe@email.com",
            ],
            time_aggregation=86400,
        ),
        type=NotificationRulesType.NOTIFICATION_RULES,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_signal_notification_rule(body=body)

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Create a new signal-based notification rule returns "Successfully created the notification rule." response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::CreateNotificationRuleParameters.new({
  data: DatadogAPIClient::V2::CreateNotificationRuleParametersData.new({
    attributes: DatadogAPIClient::V2::CreateNotificationRuleParametersDataAttributes.new({
      enabled: true,
      name: "Rule 1",
      selectors: DatadogAPIClient::V2::Selectors.new({
        query: "(source:production_service OR env:prod)",
        rule_types: [
          DatadogAPIClient::V2::RuleTypesItems::MISCONFIGURATION,
          DatadogAPIClient::V2::RuleTypesItems::ATTACK_PATH,
        ],
        severities: [
          DatadogAPIClient::V2::RuleSeverity::CRITICAL,
        ],
        trigger_source: DatadogAPIClient::V2::TriggerSource::SECURITY_FINDINGS,
      }),
      targets: [
        "@john.doe@email.com",
      ],
      time_aggregation: 86400,
    }),
    type: DatadogAPIClient::V2::NotificationRulesType::NOTIFICATION_RULES,
  }),
})
p api_instance.create_signal_notification_rule(body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Create a new signal-based notification rule returns "Successfully created the
// notification rule." response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::CreateNotificationRuleParameters;
use datadog_api_client::datadogV2::model::CreateNotificationRuleParametersData;
use datadog_api_client::datadogV2::model::CreateNotificationRuleParametersDataAttributes;
use datadog_api_client::datadogV2::model::NotificationRulesType;
use datadog_api_client::datadogV2::model::RuleSeverity;
use datadog_api_client::datadogV2::model::RuleTypesItems;
use datadog_api_client::datadogV2::model::Selectors;
use datadog_api_client::datadogV2::model::TriggerSource;

#[tokio::main]
async fn main() {
    let body =
        CreateNotificationRuleParameters::new().data(CreateNotificationRuleParametersData::new(
            CreateNotificationRuleParametersDataAttributes::new(
                "Rule 1".to_string(),
                Selectors::new(TriggerSource::SECURITY_FINDINGS)
                    .query("(source:production_service OR env:prod)".to_string())
                    .rule_types(vec![
                        RuleTypesItems::MISCONFIGURATION,
                        RuleTypesItems::ATTACK_PATH,
                    ])
                    .severities(vec![RuleSeverity::CRITICAL]),
                vec!["@john.doe@email.com".to_string()],
            )
            .enabled(true)
            .time_aggregation(86400),
            NotificationRulesType::NOTIFICATION_RULES,
        ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_signal_notification_rule(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Create a new signal-based notification rule returns "Successfully created the notification rule." response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateSignalNotificationRuleRequest = {
  body: {
    data: {
      attributes: {
        enabled: true,
        name: "Rule 1",
        selectors: {
          query: "(source:production_service OR env:prod)",
          ruleTypes: ["misconfiguration", "attack_path"],
          severities: ["critical"],
          triggerSource: "security_findings",
        },
        targets: ["@john.doe@email.com"],
        timeAggregation: 86400,
      },
      type: "notification_rules",
    },
  },
};

apiInstance
  .createSignalNotificationRule(params)
  .then((data: v2.NotificationRuleResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Get details of a signal-based notification rule

    GET https://api.ap1.datadoghq.com/api/v2/security/signals/notification_rules/{id}https://api.ap2.datadoghq.com/api/v2/security/signals/notification_rules/{id}https://api.datadoghq.eu/api/v2/security/signals/notification_rules/{id}https://api.ddog-gov.com/api/v2/security/signals/notification_rules/{id}https://api.us2.ddog-gov.com/api/v2/security/signals/notification_rules/{id}https://api.datadoghq.com/api/v2/security/signals/notification_rules/{id}https://api.us3.datadoghq.com/api/v2/security/signals/notification_rules/{id}https://api.us5.datadoghq.com/api/v2/security/signals/notification_rules/{id}

    概要

    Get the details of a notification rule for security signals. This endpoint requires the security_monitoring_notification_profiles_read permission.

    引数

    パスパラメーター

    名前

    種類

    説明

    id [required]

    string

    ID of the notification rule.

    応答

    Notification rule details.

    Response object which includes a notification rule.

    Expand All

    フィールド

    種類

    説明

    data

    object

    Notification rules allow full control over notifications generated by the various Datadog security products. They allow users to define the conditions under which a notification should be generated (based on rule severities, rule types, rule tags, and so on), and the targets to notify. A notification rule is composed of a rule ID, a rule type, and the rule attributes. All fields are required.

    attributes [required]

    object

    Attributes of the notification rule.

    created_at [required]

    int64

    Date as Unix timestamp in milliseconds.

    created_by [required]

    object

    User creating or modifying a rule.

    handle

    string

    The user handle.

    name

    string

    The user name.

    enabled [required]

    boolean

    Field used to enable or disable the rule.

    modified_at [required]

    int64

    Date as Unix timestamp in milliseconds.

    modified_by [required]

    object

    User creating or modifying a rule.

    handle

    string

    The user handle.

    name

    string

    The user name.

    name [required]

    string

    Name of the notification rule.

    selectors [required]

    object

    Selectors are used to filter security issues for which notifications should be generated. Users can specify rule severities, rule types, a query to filter security issues on tags and attributes, and the trigger source. Only the trigger_source field is required.

    query

    string

    The query is composed of one or several key:value pairs, which can be used to filter security issues on tags and attributes.

    rule_types

    [string]

    Security rule types used as filters in security rules.

    severities

    [string]

    The security rules severities to consider.

    trigger_source [required]

    enum

    The type of security issues on which the rule applies. Notification rules based on security signals need to use the trigger source "security_signals", while notification rules based on security vulnerabilities need to use the trigger source "security_findings". Allowed enum values: security_findings,security_signals

    targets [required]

    [string]

    List of recipients to notify when a notification rule is triggered. Many different target types are supported, such as email addresses, Slack channels, and PagerDuty services. The appropriate integrations need to be properly configured to send notifications to the specified targets.

    time_aggregation

    int64

    Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. Results are aggregated over a selected time frame using a rolling window, which updates with each new evaluation. Notifications are only sent for new issues discovered during the window. Time aggregation is only available for vulnerability-based notification rules. When omitted or set to 0, no aggregation is done.

    version [required]

    int64

    Version of the notification rule. It is updated when the rule is modified.

    id [required]

    string

    The ID of a notification rule.

    type [required]

    enum

    The rule type associated to notification rules. Allowed enum values: notification_rules

    {
  "data": {
    "attributes": {
      "created_at": 1722439510282,
      "created_by": {
        "handle": "john.doe@domain.com",
        "name": "John Doe"
      },
      "enabled": true,
      "modified_at": 1722439510282,
      "modified_by": {
        "handle": "john.doe@domain.com",
        "name": "John Doe"
      },
      "name": "Rule 1",
      "selectors": {
        "query": "(source:production_service OR env:prod)",
        "rule_types": [
          "misconfiguration",
          "attack_path"
        ],
        "severities": [
          "critical"
        ],
        "trigger_source": "security_findings"
      },
      "targets": [
        "@john.doe@email.com"
      ],
      "time_aggregation": 86400,
      "version": 1
    },
    "id": "aaa-bbb-ccc",
    "type": "notification_rules"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Forbidden

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Path parameters
    export id="CHANGE_ME"
    # Curl command
    curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/signals/notification_rules/${id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Get details of a signal-based notification rule returns "Notification rule details." response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

# there is a valid "valid_signal_notification_rule" in the system
VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID = environ["VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID"]

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_signal_notification_rule(
        id=VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID,
    )

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Get details of a signal-based notification rule returns "Notification rule details." response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "valid_signal_notification_rule" in the system
VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID = ENV["VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID"]
p api_instance.get_signal_notification_rule(VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Get details of a signal-based notification rule returns "Notification rule details." response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "valid_signal_notification_rule" in the system
	ValidSignalNotificationRuleDataID := os.Getenv("VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID")

	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetSignalNotificationRule(ctx, ValidSignalNotificationRuleDataID)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetSignalNotificationRule`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetSignalNotificationRule`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Get details of a signal-based notification rule returns "Notification rule details." response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.NotificationRuleResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "valid_signal_notification_rule" in the system
    String VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID =
        System.getenv("VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID");

    try {
      NotificationRuleResponse result =
          apiInstance.getSignalNotificationRule(VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#getSignalNotificationRule");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Get details of a signal-based notification rule returns "Notification rule
// details." response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    // there is a valid "valid_signal_notification_rule" in the system
    let valid_signal_notification_rule_data_id =
        std::env::var("VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .get_signal_notification_rule(valid_signal_notification_rule_data_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Get details of a signal-based notification rule returns "Notification rule details." response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "valid_signal_notification_rule" in the system
const VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID = process.env
  .VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID as string;

const params: v2.SecurityMonitoringApiGetSignalNotificationRuleRequest = {
  id: VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID,
};

apiInstance
  .getSignalNotificationRule(params)
  .then((data: v2.NotificationRuleResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Delete a signal-based notification rule

    DELETE https://api.ap1.datadoghq.com/api/v2/security/signals/notification_rules/{id}https://api.ap2.datadoghq.com/api/v2/security/signals/notification_rules/{id}https://api.datadoghq.eu/api/v2/security/signals/notification_rules/{id}https://api.ddog-gov.com/api/v2/security/signals/notification_rules/{id}https://api.us2.ddog-gov.com/api/v2/security/signals/notification_rules/{id}https://api.datadoghq.com/api/v2/security/signals/notification_rules/{id}https://api.us3.datadoghq.com/api/v2/security/signals/notification_rules/{id}https://api.us5.datadoghq.com/api/v2/security/signals/notification_rules/{id}

    概要

    Delete a notification rule for security signals. This endpoint requires the security_monitoring_notification_profiles_write permission.

    引数

    パスパラメーター

    名前

    種類

    説明

    id [required]

    string

    ID of the notification rule.

    応答

    Rule successfully deleted.

    Forbidden

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Path parameters
    export id="CHANGE_ME"
    # Curl command
    curl -X DELETE "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/signals/notification_rules/${id}" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Delete a signal-based notification rule returns "Rule successfully deleted." response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

# there is a valid "valid_signal_notification_rule" in the system
VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID = environ["VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID"]

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    api_instance.delete_signal_notification_rule(
        id=VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID,
    )

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Delete a signal-based notification rule returns "Rule successfully deleted." response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "valid_signal_notification_rule" in the system
VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID = ENV["VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID"]
api_instance.delete_signal_notification_rule(VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Delete a signal-based notification rule returns "Rule successfully deleted." response

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "valid_signal_notification_rule" in the system
	ValidSignalNotificationRuleDataID := os.Getenv("VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID")

	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	r, err := api.DeleteSignalNotificationRule(ctx, ValidSignalNotificationRuleDataID)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.DeleteSignalNotificationRule`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Delete a signal-based notification rule returns "Rule successfully deleted." response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "valid_signal_notification_rule" in the system
    String VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID =
        System.getenv("VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID");

    try {
      apiInstance.deleteSignalNotificationRule(VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#deleteSignalNotificationRule");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Delete a signal-based notification rule returns "Rule successfully deleted."
// response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    // there is a valid "valid_signal_notification_rule" in the system
    let valid_signal_notification_rule_data_id =
        std::env::var("VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .delete_signal_notification_rule(valid_signal_notification_rule_data_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Delete a signal-based notification rule returns "Rule successfully deleted." response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "valid_signal_notification_rule" in the system
const VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID = process.env
  .VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID as string;

const params: v2.SecurityMonitoringApiDeleteSignalNotificationRuleRequest = {
  id: VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID,
};

apiInstance
  .deleteSignalNotificationRule(params)
  .then((data: any) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Patch a signal-based notification rule

    PATCH https://api.ap1.datadoghq.com/api/v2/security/signals/notification_rules/{id}https://api.ap2.datadoghq.com/api/v2/security/signals/notification_rules/{id}https://api.datadoghq.eu/api/v2/security/signals/notification_rules/{id}https://api.ddog-gov.com/api/v2/security/signals/notification_rules/{id}https://api.us2.ddog-gov.com/api/v2/security/signals/notification_rules/{id}https://api.datadoghq.com/api/v2/security/signals/notification_rules/{id}https://api.us3.datadoghq.com/api/v2/security/signals/notification_rules/{id}https://api.us5.datadoghq.com/api/v2/security/signals/notification_rules/{id}

    概要

    Partially update the notification rule. All fields are optional; if a field is not provided, it is not updated. This endpoint requires the security_monitoring_notification_profiles_write permission.

    引数

    パスパラメーター

    名前

    種類

    説明

    id [required]

    string

    ID of the notification rule.

    リクエスト

    Body Data (required)

    Expand All

    フィールド

    種類

    説明

    data

    object

    Data of the notification rule patch request: the rule ID, the rule type, and the rule attributes. All fields are required.

    attributes [required]

    object

    Attributes of the notification rule patch request. It is required to update the version of the rule when patching it.

    enabled

    boolean

    Field used to enable or disable the rule.

    name

    string

    Name of the notification rule.

    selectors

    object

    Selectors are used to filter security issues for which notifications should be generated. Users can specify rule severities, rule types, a query to filter security issues on tags and attributes, and the trigger source. Only the trigger_source field is required.

    query

    string

    The query is composed of one or several key:value pairs, which can be used to filter security issues on tags and attributes.

    rule_types

    [string]

    Security rule types used as filters in security rules.

    severities

    [string]

    The security rules severities to consider.

    trigger_source [required]

    enum

    The type of security issues on which the rule applies. Notification rules based on security signals need to use the trigger source "security_signals", while notification rules based on security vulnerabilities need to use the trigger source "security_findings". Allowed enum values: security_findings,security_signals

    targets

    [string]

    List of recipients to notify when a notification rule is triggered. Many different target types are supported, such as email addresses, Slack channels, and PagerDuty services. The appropriate integrations need to be properly configured to send notifications to the specified targets.

    time_aggregation

    int64

    Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. Results are aggregated over a selected time frame using a rolling window, which updates with each new evaluation. Notifications are only sent for new issues discovered during the window. Time aggregation is only available for vulnerability-based notification rules. When omitted or set to 0, no aggregation is done.

    version

    int64

    Version of the notification rule. It is updated when the rule is modified.

    id [required]

    string

    The ID of a notification rule.

    type [required]

    enum

    The rule type associated to notification rules. Allowed enum values: notification_rules

    {
  "data": {
    "attributes": {
      "enabled": true,
      "name": "Rule 1",
      "selectors": {
        "query": "(source:production_service OR env:prod)",
        "rule_types": [
          "misconfiguration",
          "attack_path"
        ],
        "severities": [
          "critical"
        ],
        "trigger_source": "security_findings"
      },
      "targets": [
        "@john.doe@email.com"
      ],
      "time_aggregation": 86400,
      "version": 1
    },
    "id": "aaa-bbb-ccc",
    "type": "notification_rules"
  }
}

    応答

    Notification rule successfully patched.

    Response object which includes a notification rule.

    Expand All

    フィールド

    種類

    説明

    data

    object

    Notification rules allow full control over notifications generated by the various Datadog security products. They allow users to define the conditions under which a notification should be generated (based on rule severities, rule types, rule tags, and so on), and the targets to notify. A notification rule is composed of a rule ID, a rule type, and the rule attributes. All fields are required.

    attributes [required]

    object

    Attributes of the notification rule.

    created_at [required]

    int64

    Date as Unix timestamp in milliseconds.

    created_by [required]

    object

    User creating or modifying a rule.

    handle

    string

    The user handle.

    name

    string

    The user name.

    enabled [required]

    boolean

    Field used to enable or disable the rule.

    modified_at [required]

    int64

    Date as Unix timestamp in milliseconds.

    modified_by [required]

    object

    User creating or modifying a rule.

    handle

    string

    The user handle.

    name

    string

    The user name.

    name [required]

    string

    Name of the notification rule.

    selectors [required]

    object

    Selectors are used to filter security issues for which notifications should be generated. Users can specify rule severities, rule types, a query to filter security issues on tags and attributes, and the trigger source. Only the trigger_source field is required.

    query

    string

    The query is composed of one or several key:value pairs, which can be used to filter security issues on tags and attributes.

    rule_types

    [string]

    Security rule types used as filters in security rules.

    severities

    [string]

    The security rules severities to consider.

    trigger_source [required]

    enum

    The type of security issues on which the rule applies. Notification rules based on security signals need to use the trigger source "security_signals", while notification rules based on security vulnerabilities need to use the trigger source "security_findings". Allowed enum values: security_findings,security_signals

    targets [required]

    [string]

    List of recipients to notify when a notification rule is triggered. Many different target types are supported, such as email addresses, Slack channels, and PagerDuty services. The appropriate integrations need to be properly configured to send notifications to the specified targets.

    time_aggregation

    int64

    Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. Results are aggregated over a selected time frame using a rolling window, which updates with each new evaluation. Notifications are only sent for new issues discovered during the window. Time aggregation is only available for vulnerability-based notification rules. When omitted or set to 0, no aggregation is done.

    version [required]

    int64

    Version of the notification rule. It is updated when the rule is modified.

    id [required]

    string

    The ID of a notification rule.

    type [required]

    enum

    The rule type associated to notification rules. Allowed enum values: notification_rules

    {
  "data": {
    "attributes": {
      "created_at": 1722439510282,
      "created_by": {
        "handle": "john.doe@domain.com",
        "name": "John Doe"
      },
      "enabled": true,
      "modified_at": 1722439510282,
      "modified_by": {
        "handle": "john.doe@domain.com",
        "name": "John Doe"
      },
      "name": "Rule 1",
      "selectors": {
        "query": "(source:production_service OR env:prod)",
        "rule_types": [
          "misconfiguration",
          "attack_path"
        ],
        "severities": [
          "critical"
        ],
        "trigger_source": "security_findings"
      },
      "targets": [
        "@john.doe@email.com"
      ],
      "time_aggregation": 86400,
      "version": 1
    },
    "id": "aaa-bbb-ccc",
    "type": "notification_rules"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Forbidden

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    The server cannot process the request because it contains invalid data.

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [object]

    A list of errors.

    detail

    string

    A human-readable explanation specific to this occurrence of the error.

    meta

    object

    Non-standard meta-information about the error

    source

    object

    References to the source of the error.

    header

    string

    A string indicating the name of a single request header which caused the error.

    parameter

    string

    A string indicating which URI query parameter caused the error.

    pointer

    string

    A JSON pointer to the value in the request document that caused the error.

    status

    string

    Status code of the response.

    title

    string

    Short human-readable summary of the error.

    {
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Path parameters
    export id="CHANGE_ME"
    # Curl command
    curl -X PATCH "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/signals/notification_rules/${id}" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "enabled": true,
      "name": "Rule 1",
      "selectors": {
        "query": "(source:production_service OR env:prod)",
        "rule_types": [
          "misconfiguration",
          "attack_path"
        ],
        "severities": [
          "critical"
        ],
        "trigger_source": "security_findings"
      },
      "targets": [
        "@john.doe@email.com"
      ],
      "time_aggregation": 86400,
      "version": 1
    },
    "id": "aaa-bbb-ccc",
    "type": "notification_rules"
  }
}
EOF
    
                        
    // Patch a signal-based notification rule returns "Notification rule successfully patched." response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "valid_signal_notification_rule" in the system
	ValidSignalNotificationRuleDataID := os.Getenv("VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID")

	body := datadogV2.PatchNotificationRuleParameters{
		Data: &datadogV2.PatchNotificationRuleParametersData{
			Attributes: datadogV2.PatchNotificationRuleParametersDataAttributes{
				Enabled: datadog.PtrBool(true),
				Name:    datadog.PtrString("Rule 1"),
				Selectors: &datadogV2.Selectors{
					Query: datadog.PtrString("(source:production_service OR env:prod)"),
					RuleTypes: []datadogV2.RuleTypesItems{
						datadogV2.RULETYPESITEMS_MISCONFIGURATION,
						datadogV2.RULETYPESITEMS_ATTACK_PATH,
					},
					Severities: []datadogV2.RuleSeverity{
						datadogV2.RULESEVERITY_CRITICAL,
					},
					TriggerSource: datadogV2.TRIGGERSOURCE_SECURITY_FINDINGS,
				},
				Targets: []string{
					"@john.doe@email.com",
				},
				TimeAggregation: datadog.PtrInt64(86400),
				Version:         datadog.PtrInt64(1),
			},
			Id:   ValidSignalNotificationRuleDataID,
			Type: datadogV2.NOTIFICATIONRULESTYPE_NOTIFICATION_RULES,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.PatchSignalNotificationRule(ctx, ValidSignalNotificationRuleDataID, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.PatchSignalNotificationRule`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.PatchSignalNotificationRule`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Patch a signal-based notification rule returns "Notification rule successfully patched." response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.NotificationRuleResponse;
import com.datadog.api.client.v2.model.NotificationRulesType;
import com.datadog.api.client.v2.model.PatchNotificationRuleParameters;
import com.datadog.api.client.v2.model.PatchNotificationRuleParametersData;
import com.datadog.api.client.v2.model.PatchNotificationRuleParametersDataAttributes;
import com.datadog.api.client.v2.model.RuleSeverity;
import com.datadog.api.client.v2.model.RuleTypesItems;
import com.datadog.api.client.v2.model.Selectors;
import com.datadog.api.client.v2.model.TriggerSource;
import java.util.Arrays;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "valid_signal_notification_rule" in the system
    String VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID =
        System.getenv("VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID");

    PatchNotificationRuleParameters body =
        new PatchNotificationRuleParameters()
            .data(
                new PatchNotificationRuleParametersData()
                    .attributes(
                        new PatchNotificationRuleParametersDataAttributes()
                            .enabled(true)
                            .name("Rule 1")
                            .selectors(
                                new Selectors()
                                    .query("(source:production_service OR env:prod)")
                                    .ruleTypes(
                                        Arrays.asList(
                                            RuleTypesItems.MISCONFIGURATION,
                                            RuleTypesItems.ATTACK_PATH))
                                    .severities(Collections.singletonList(RuleSeverity.CRITICAL))
                                    .triggerSource(TriggerSource.SECURITY_FINDINGS))
                            .targets(Collections.singletonList("@john.doe@email.com"))
                            .timeAggregation(86400L)
                            .version(1L))
                    .id(VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID)
                    .type(NotificationRulesType.NOTIFICATION_RULES));

    try {
      NotificationRuleResponse result =
          apiInstance.patchSignalNotificationRule(VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID, body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#patchSignalNotificationRule");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Patch a signal-based notification rule returns "Notification rule successfully patched." response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.notification_rules_type import NotificationRulesType
from datadog_api_client.v2.model.patch_notification_rule_parameters import PatchNotificationRuleParameters
from datadog_api_client.v2.model.patch_notification_rule_parameters_data import PatchNotificationRuleParametersData
from datadog_api_client.v2.model.patch_notification_rule_parameters_data_attributes import (
    PatchNotificationRuleParametersDataAttributes,
)
from datadog_api_client.v2.model.rule_severity import RuleSeverity
from datadog_api_client.v2.model.rule_types_items import RuleTypesItems
from datadog_api_client.v2.model.selectors import Selectors
from datadog_api_client.v2.model.trigger_source import TriggerSource

# there is a valid "valid_signal_notification_rule" in the system
VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID = environ["VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID"]

body = PatchNotificationRuleParameters(
    data=PatchNotificationRuleParametersData(
        attributes=PatchNotificationRuleParametersDataAttributes(
            enabled=True,
            name="Rule 1",
            selectors=Selectors(
                query="(source:production_service OR env:prod)",
                rule_types=[
                    RuleTypesItems.MISCONFIGURATION,
                    RuleTypesItems.ATTACK_PATH,
                ],
                severities=[
                    RuleSeverity.CRITICAL,
                ],
                trigger_source=TriggerSource.SECURITY_FINDINGS,
            ),
            targets=[
                "@john.doe@email.com",
            ],
            time_aggregation=86400,
            version=1,
        ),
        id=VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID,
        type=NotificationRulesType.NOTIFICATION_RULES,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.patch_signal_notification_rule(id=VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID, body=body)

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Patch a signal-based notification rule returns "Notification rule successfully patched." response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "valid_signal_notification_rule" in the system
VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID = ENV["VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID"]

body = DatadogAPIClient::V2::PatchNotificationRuleParameters.new({
  data: DatadogAPIClient::V2::PatchNotificationRuleParametersData.new({
    attributes: DatadogAPIClient::V2::PatchNotificationRuleParametersDataAttributes.new({
      enabled: true,
      name: "Rule 1",
      selectors: DatadogAPIClient::V2::Selectors.new({
        query: "(source:production_service OR env:prod)",
        rule_types: [
          DatadogAPIClient::V2::RuleTypesItems::MISCONFIGURATION,
          DatadogAPIClient::V2::RuleTypesItems::ATTACK_PATH,
        ],
        severities: [
          DatadogAPIClient::V2::RuleSeverity::CRITICAL,
        ],
        trigger_source: DatadogAPIClient::V2::TriggerSource::SECURITY_FINDINGS,
      }),
      targets: [
        "@john.doe@email.com",
      ],
      time_aggregation: 86400,
      version: 1,
    }),
    id: VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID,
    type: DatadogAPIClient::V2::NotificationRulesType::NOTIFICATION_RULES,
  }),
})
p api_instance.patch_signal_notification_rule(VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID, body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Patch a signal-based notification rule returns "Notification rule successfully
// patched." response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::NotificationRulesType;
use datadog_api_client::datadogV2::model::PatchNotificationRuleParameters;
use datadog_api_client::datadogV2::model::PatchNotificationRuleParametersData;
use datadog_api_client::datadogV2::model::PatchNotificationRuleParametersDataAttributes;
use datadog_api_client::datadogV2::model::RuleSeverity;
use datadog_api_client::datadogV2::model::RuleTypesItems;
use datadog_api_client::datadogV2::model::Selectors;
use datadog_api_client::datadogV2::model::TriggerSource;

#[tokio::main]
async fn main() {
    // there is a valid "valid_signal_notification_rule" in the system
    let valid_signal_notification_rule_data_id =
        std::env::var("VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID").unwrap();
    let body =
        PatchNotificationRuleParameters::new().data(PatchNotificationRuleParametersData::new(
            PatchNotificationRuleParametersDataAttributes::new()
                .enabled(true)
                .name("Rule 1".to_string())
                .selectors(
                    Selectors::new(TriggerSource::SECURITY_FINDINGS)
                        .query("(source:production_service OR env:prod)".to_string())
                        .rule_types(vec![
                            RuleTypesItems::MISCONFIGURATION,
                            RuleTypesItems::ATTACK_PATH,
                        ])
                        .severities(vec![RuleSeverity::CRITICAL]),
                )
                .targets(vec!["@john.doe@email.com".to_string()])
                .time_aggregation(86400)
                .version(1),
            valid_signal_notification_rule_data_id.clone(),
            NotificationRulesType::NOTIFICATION_RULES,
        ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .patch_signal_notification_rule(valid_signal_notification_rule_data_id.clone(), body)
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Patch a signal-based notification rule returns "Notification rule successfully patched." response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "valid_signal_notification_rule" in the system
const VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID = process.env
  .VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID as string;

const params: v2.SecurityMonitoringApiPatchSignalNotificationRuleRequest = {
  body: {
    data: {
      attributes: {
        enabled: true,
        name: "Rule 1",
        selectors: {
          query: "(source:production_service OR env:prod)",
          ruleTypes: ["misconfiguration", "attack_path"],
          severities: ["critical"],
          triggerSource: "security_findings",
        },
        targets: ["@john.doe@email.com"],
        timeAggregation: 86400,
        version: 1,
      },
      id: VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID,
      type: "notification_rules",
    },
  },
  id: VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID,
};

apiInstance
  .patchSignalNotificationRule(params)
  .then((data: v2.NotificationRuleResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    List security findings

    GET https://api.ap1.datadoghq.com/api/v2/security/findingshttps://api.ap2.datadoghq.com/api/v2/security/findingshttps://api.datadoghq.eu/api/v2/security/findingshttps://api.ddog-gov.com/api/v2/security/findingshttps://api.us2.ddog-gov.com/api/v2/security/findingshttps://api.datadoghq.com/api/v2/security/findingshttps://api.us3.datadoghq.com/api/v2/security/findingshttps://api.us5.datadoghq.com/api/v2/security/findings

    概要

    Get a list of security findings that match a search query. See the schema for security findings.

    Query Syntax

    This endpoint uses the logs query syntax. Findings attributes (living in the attributes.attributes. namespace) are prefixed by @ when queried. Tags are queried without a prefix.

    Example: @severity:(critical OR high) @status:open team:platform

    This endpoint requires any of the following permissions:
  • security_monitoring_findings_read
  • appsec_vm_read

    • OAuth apps require the security_monitoring_findings_read authorization scope to access this endpoint.

    引数

    クエリ文字列

    名前

    種類

    説明

    filter[query]

    string

    The search query following log search syntax.

    page[cursor]

    string

    Get the next page of results with a cursor provided in the previous query.

    page[limit]

    integer

    The maximum number of findings in the response.

    sort

    enum

    Sorts by @detection_changed_at.
    Allowed enum values: @detection_changed_at, -@detection_changed_at

    応答

    OK

    The expected response schema when listing security findings.

    Expand All

    フィールド

    種類

    説明

    data

    [object]

    Array of security findings matching the search query.

    attributes

    object

    The JSON object containing all attributes of the security finding.

    attributes

    object

    The custom attributes of the security finding.

    tags

    [string]

    List of tags associated with the security finding.

    timestamp

    int64

    The Unix timestamp at which the detection changed for the resource. Same value as @detection_changed_at.

    id

    string

    The unique ID of the security finding.

    type

    enum

    The type of the security finding resource. Allowed enum values: finding

    default: finding

    links

    object

    Links for pagination.

    next

    string

    Link for the next page of results. Note that paginated requests can also be made using the POST endpoint.

    meta

    object

    Metadata about the response.

    elapsed

    int64

    The time elapsed in milliseconds.

    page

    object

    Pagination information.

    after

    string

    The cursor used to get the next page of results.

    request_id

    string

    The identifier of the request.

    status

    enum

    The status of the response. Allowed enum values: done,timeout

    {
  "data": [
    {
      "attributes": {
        "attributes": {
          "severity": "high",
          "status": "open"
        },
        "tags": [
          "team:platform",
          "env:prod"
        ],
        "timestamp": 1765901760
      },
      "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
      "type": "finding"
    }
  ],
  "links": {
    "next": "https://app.datadoghq.com/api/v2/security/findings?page[cursor]=eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ==\u0026page[limit]=25"
  },
  "meta": {
    "elapsed": 548,
    "page": {
      "after": "eyJhZnRlciI6IkFRQUFBWWJiaEJXQS1OY1dqUUFBQUFCQldXSmlhRUpYUVVGQlJFSktkbTlDTUdaWFRVbDNRVUUiLCJ2YWx1ZXMiOlsiY3JpdGljYWwiXX0="
    },
    "request_id": "pddv1ChZwVlMxMUdYRFRMQ1lyb3B4MGNYbFlnIi0KHQu35LDbucx",
    "status": "done"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Forbidden

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Curl command
    curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/findings" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
List security findings returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.list_security_findings()

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # List security findings returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.list_security_findings()

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // List security findings returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.ListSecurityFindings(ctx, *datadogV2.NewListSecurityFindingsOptionalParameters())

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ListSecurityFindings`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.ListSecurityFindings`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // List security findings returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.ListSecurityFindingsResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      ListSecurityFindingsResponse result = apiInstance.listSecurityFindings();
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#listSecurityFindings");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // List security findings returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::ListSecurityFindingsOptionalParams;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .list_security_findings(ListSecurityFindingsOptionalParams::default())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * List security findings returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

apiInstance
  .listSecurityFindings()
  .then((data: v2.ListSecurityFindingsResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Search security findings

    POST https://api.ap1.datadoghq.com/api/v2/security/findings/searchhttps://api.ap2.datadoghq.com/api/v2/security/findings/searchhttps://api.datadoghq.eu/api/v2/security/findings/searchhttps://api.ddog-gov.com/api/v2/security/findings/searchhttps://api.us2.ddog-gov.com/api/v2/security/findings/searchhttps://api.datadoghq.com/api/v2/security/findings/searchhttps://api.us3.datadoghq.com/api/v2/security/findings/searchhttps://api.us5.datadoghq.com/api/v2/security/findings/search

    概要

    Get a list of security findings that match a search query. See the schema for security findings.

    Query Syntax

    The API uses the logs query syntax. Findings attributes (living in the attributes.attributes. namespace) are prefixed by @ when queried. Tags are queried without a prefix.

    Example: @severity:(critical OR high) @status:open team:platform

    This endpoint requires any of the following permissions:
  • security_monitoring_findings_read
  • appsec_vm_read

    • OAuth apps require the security_monitoring_findings_read authorization scope to access this endpoint.

    リクエスト

    Body Data (required)

    Expand All

    フィールド

    種類

    説明

    data

    object

    Request data for searching security findings.

    attributes

    object

    Request attributes for searching security findings.

    filter

    string

    The search query following log search syntax.

    default: *

    page

    object

    Pagination attributes for the search request.

    cursor

    string

    Get the next page of results with a cursor provided in the previous query.

    limit

    int64

    The maximum number of security findings in the response.

    default: 10

    sort

    enum

    The sort parameters when querying security findings. Allowed enum values: @detection_changed_at,-@detection_changed_at

    default: -@detection_changed_at

    {
  "data": {
    "attributes": {
      "filter": "@severity:(critical OR high)"
    }
  }
}
    {
  "data": {
    "attributes": {
      "filter": "@severity:(critical OR high)",
      "page": {
        "limit": 1
      }
    }
  }
}

    応答

    OK

    The expected response schema when listing security findings.

    Expand All

    フィールド

    種類

    説明

    data

    [object]

    Array of security findings matching the search query.

    attributes

    object

    The JSON object containing all attributes of the security finding.

    attributes

    object

    The custom attributes of the security finding.

    tags

    [string]

    List of tags associated with the security finding.

    timestamp

    int64

    The Unix timestamp at which the detection changed for the resource. Same value as @detection_changed_at.

    id

    string

    The unique ID of the security finding.

    type

    enum

    The type of the security finding resource. Allowed enum values: finding

    default: finding

    links

    object

    Links for pagination.

    next

    string

    Link for the next page of results. Note that paginated requests can also be made using the POST endpoint.

    meta

    object

    Metadata about the response.

    elapsed

    int64

    The time elapsed in milliseconds.

    page

    object

    Pagination information.

    after

    string

    The cursor used to get the next page of results.

    request_id

    string

    The identifier of the request.

    status

    enum

    The status of the response. Allowed enum values: done,timeout

    {
  "data": [
    {
      "attributes": {
        "attributes": {
          "severity": "high",
          "status": "open"
        },
        "tags": [
          "team:platform",
          "env:prod"
        ],
        "timestamp": 1765901760
      },
      "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
      "type": "finding"
    }
  ],
  "links": {
    "next": "https://app.datadoghq.com/api/v2/security/findings?page[cursor]=eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ==\u0026page[limit]=25"
  },
  "meta": {
    "elapsed": 548,
    "page": {
      "after": "eyJhZnRlciI6IkFRQUFBWWJiaEJXQS1OY1dqUUFBQUFCQldXSmlhRUpYUVVGQlJFSktkbTlDTUdaWFRVbDNRVUUiLCJ2YWx1ZXMiOlsiY3JpdGljYWwiXX0="
    },
    "request_id": "pddv1ChZwVlMxMUdYRFRMQ1lyb3B4MGNYbFlnIi0KHQu35LDbucx",
    "status": "done"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Forbidden

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Curl command
    curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/findings/search" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "filter": "@severity:(critical OR high) @status:open team:platform",
      "page": {
        "cursor": "eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ==",
        "limit": 25
      },
      "sort": "@detection_changed_at"
    }
  }
}
EOF
    
                        
                              ## default
# 

    # Curl command
    curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/findings/search" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "filter": "@severity:(critical OR high) @status:open team:platform",
      "page": {
        "cursor": "eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ==",
        "limit": 25
      },
      "sort": "@detection_changed_at"
    }
  }
}
EOF
    
                        
    // Search security findings returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityFindingsSearchRequest{
		Data: &datadogV2.SecurityFindingsSearchRequestData{
			Attributes: &datadogV2.SecurityFindingsSearchRequestDataAttributes{
				Filter: datadog.PtrString("@severity:(critical OR high)"),
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.SearchSecurityFindings(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.SearchSecurityFindings`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.SearchSecurityFindings`:\n%s\n", responseContent)
}

    // Search security findings returns "OK" response with pagination

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityFindingsSearchRequest{
		Data: &datadogV2.SecurityFindingsSearchRequestData{
			Attributes: &datadogV2.SecurityFindingsSearchRequestDataAttributes{
				Filter: datadog.PtrString("@severity:(critical OR high)"),
				Page: &datadogV2.SecurityFindingsSearchRequestPage{
					Limit: datadog.PtrInt64(1),
				},
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.SearchSecurityFindings(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.SearchSecurityFindings`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.SearchSecurityFindings`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Search security findings returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.ListSecurityFindingsResponse;
import com.datadog.api.client.v2.model.SecurityFindingsSearchRequest;
import com.datadog.api.client.v2.model.SecurityFindingsSearchRequestData;
import com.datadog.api.client.v2.model.SecurityFindingsSearchRequestDataAttributes;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityFindingsSearchRequest body =
        new SecurityFindingsSearchRequest()
            .data(
                new SecurityFindingsSearchRequestData()
                    .attributes(
                        new SecurityFindingsSearchRequestDataAttributes()
                            .filter("@severity:(critical OR high)")));

    try {
      ListSecurityFindingsResponse result = apiInstance.searchSecurityFindings(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#searchSecurityFindings");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    // Search security findings returns "OK" response with pagination

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.ListSecurityFindingsResponse;
import com.datadog.api.client.v2.model.SecurityFindingsSearchRequest;
import com.datadog.api.client.v2.model.SecurityFindingsSearchRequestData;
import com.datadog.api.client.v2.model.SecurityFindingsSearchRequestDataAttributes;
import com.datadog.api.client.v2.model.SecurityFindingsSearchRequestPage;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityFindingsSearchRequest body =
        new SecurityFindingsSearchRequest()
            .data(
                new SecurityFindingsSearchRequestData()
                    .attributes(
                        new SecurityFindingsSearchRequestDataAttributes()
                            .filter("@severity:(critical OR high)")
                            .page(new SecurityFindingsSearchRequestPage().limit(1L))));

    try {
      ListSecurityFindingsResponse result = apiInstance.searchSecurityFindings(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#searchSecurityFindings");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Search security findings returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_findings_search_request import SecurityFindingsSearchRequest
from datadog_api_client.v2.model.security_findings_search_request_data import SecurityFindingsSearchRequestData
from datadog_api_client.v2.model.security_findings_search_request_data_attributes import (
    SecurityFindingsSearchRequestDataAttributes,
)

body = SecurityFindingsSearchRequest(
    data=SecurityFindingsSearchRequestData(
        attributes=SecurityFindingsSearchRequestDataAttributes(
            filter="@severity:(critical OR high)",
        ),
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.search_security_findings(body=body)

    print(response)

    """
Search security findings returns "OK" response with pagination
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_findings_search_request import SecurityFindingsSearchRequest
from datadog_api_client.v2.model.security_findings_search_request_data import SecurityFindingsSearchRequestData
from datadog_api_client.v2.model.security_findings_search_request_data_attributes import (
    SecurityFindingsSearchRequestDataAttributes,
)
from datadog_api_client.v2.model.security_findings_search_request_page import SecurityFindingsSearchRequestPage

body = SecurityFindingsSearchRequest(
    data=SecurityFindingsSearchRequestData(
        attributes=SecurityFindingsSearchRequestDataAttributes(
            filter="@severity:(critical OR high)",
            page=SecurityFindingsSearchRequestPage(
                limit=1,
            ),
        ),
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.search_security_findings(body=body)

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Search security findings returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityFindingsSearchRequest.new({
  data: DatadogAPIClient::V2::SecurityFindingsSearchRequestData.new({
    attributes: DatadogAPIClient::V2::SecurityFindingsSearchRequestDataAttributes.new({
      filter: "@severity:(critical OR high)",
    }),
  }),
})
p api_instance.search_security_findings(body)

    # Search security findings returns "OK" response with pagination

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityFindingsSearchRequest.new({
  data: DatadogAPIClient::V2::SecurityFindingsSearchRequestData.new({
    attributes: DatadogAPIClient::V2::SecurityFindingsSearchRequestDataAttributes.new({
      filter: "@severity:(critical OR high)",
      page: DatadogAPIClient::V2::SecurityFindingsSearchRequestPage.new({
        limit: 1,
      }),
    }),
  }),
})
p api_instance.search_security_findings(body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Search security findings returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityFindingsSearchRequest;
use datadog_api_client::datadogV2::model::SecurityFindingsSearchRequestData;
use datadog_api_client::datadogV2::model::SecurityFindingsSearchRequestDataAttributes;

#[tokio::main]
async fn main() {
    let body = SecurityFindingsSearchRequest::new().data(
        SecurityFindingsSearchRequestData::new().attributes(
            SecurityFindingsSearchRequestDataAttributes::new()
                .filter("@severity:(critical OR high)".to_string()),
        ),
    );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.search_security_findings(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    // Search security findings returns "OK" response with pagination
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityFindingsSearchRequest;
use datadog_api_client::datadogV2::model::SecurityFindingsSearchRequestData;
use datadog_api_client::datadogV2::model::SecurityFindingsSearchRequestDataAttributes;
use datadog_api_client::datadogV2::model::SecurityFindingsSearchRequestPage;

#[tokio::main]
async fn main() {
    let body = SecurityFindingsSearchRequest::new().data(
        SecurityFindingsSearchRequestData::new().attributes(
            SecurityFindingsSearchRequestDataAttributes::new()
                .filter("@severity:(critical OR high)".to_string())
                .page(SecurityFindingsSearchRequestPage::new().limit(1)),
        ),
    );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.search_security_findings(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Search security findings returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiSearchSecurityFindingsRequest = {
  body: {
    data: {
      attributes: {
        filter: "@severity:(critical OR high)",
      },
    },
  },
};

apiInstance
  .searchSecurityFindings(params)
  .then((data: v2.ListSecurityFindingsResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    /**
 * Search security findings returns "OK" response with pagination
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiSearchSecurityFindingsRequest = {
  body: {
    data: {
      attributes: {
        filter: "@severity:(critical OR high)",
        page: {
          limit: 1,
        },
      },
    },
  },
};

apiInstance
  .searchSecurityFindings(params)
  .then((data: v2.ListSecurityFindingsResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Create cases for security findings

    POST https://api.ap1.datadoghq.com/api/v2/security/findings/caseshttps://api.ap2.datadoghq.com/api/v2/security/findings/caseshttps://api.datadoghq.eu/api/v2/security/findings/caseshttps://api.ddog-gov.com/api/v2/security/findings/caseshttps://api.us2.ddog-gov.com/api/v2/security/findings/caseshttps://api.datadoghq.com/api/v2/security/findings/caseshttps://api.us3.datadoghq.com/api/v2/security/findings/caseshttps://api.us5.datadoghq.com/api/v2/security/findings/cases

    概要

    Create cases for security findings. You can create up to 50 cases per request and associate up to 50 security findings per case. Security findings that are already attached to another case will be detached from their previous case and attached to the newly created case. This endpoint requires any of the following permissions:

  • security_monitoring_findings_write
  • appsec_vm_write

    • リクエスト

    Body Data (required)

    Expand All

    フィールド

    種類

    説明

    data [required]

    [object]

    Array of case creation request data objects.

    attributes

    object

    Attributes of the case to create.

    assignee_id

    string

    Unique identifier of the user assigned to the case.

    description

    string

    Description of the case. If not provided, the description will be automatically generated.

    priority

    enum

    Priority of the case. If not provided, the priority will be automatically set to "NOT_DEFINED". Allowed enum values: NOT_DEFINED,P1,P2,P3,P4,P5

    default: NOT_DEFINED

    title

    string

    Title of the case. If not provided, the title will be automatically generated.

    relationships

    object

    Relationships of the case to create.

    findings [required]

    object

    Security findings to create a case for.

    data

    [object]

    Array of security finding data objects.

    id [required]

    string

    Unique identifier of the security finding.

    type [required]

    enum

    Security findings resource type. Allowed enum values: findings

    default: findings

    project [required]

    object

    Case management project in which the case will be created.

    data [required]

    object

    Data object representing a case management project.

    id [required]

    string

    Unique identifier of the case management project.

    type [required]

    enum

    Projects resource type. Allowed enum values: projects

    default: projects

    type [required]

    enum

    Cases resource type. Allowed enum values: cases

    default: cases

    {
  "data": [
    {
      "attributes": {
        "title": "A title",
        "description": "A description"
      },
      "relationships": {
        "findings": {
          "data": [
            {
              "id": "YjdhNDM3N2QyNTFjYmUwYTY3NDdhMTg0YTk2Yjg5MDl-ZjNmMzAwOTFkZDNhNGQzYzI0MzgxNTk4MjRjZmE2NzE=",
              "type": "findings"
            }
          ]
        },
        "project": {
          "data": {
            "id": "959a6f71-bac8-4027-b1d3-2264f569296f",
            "type": "projects"
          }
        }
      },
      "type": "cases"
    }
  ]
}
    {
  "data": [
    {
      "attributes": {
        "title": "A title",
        "description": "A description"
      },
      "relationships": {
        "findings": {
          "data": [
            {
              "id": "ZTd5LWNuYi1seWV-aS0wMjI2NGZjZjRmZWQ5ODMyMg==",
              "type": "findings"
            },
            {
              "id": "c2FuLXhyaS1kZnN-aS0wODM3MjVhMTM2MDExNzNkOQ==",
              "type": "findings"
            }
          ]
        },
        "project": {
          "data": {
            "id": "959a6f71-bac8-4027-b1d3-2264f569296f",
            "type": "projects"
          }
        }
      },
      "type": "cases"
    }
  ]
}
    {
  "data": [
    {
      "attributes": {
        "title": "A title",
        "description": "A description"
      },
      "relationships": {
        "findings": {
          "data": [
            {
              "id": "YjdhNDM3N2QyNTFjYmUwYTY3NDdhMTg0YTk2Yjg5MDl-ZjNmMzAwOTFkZDNhNGQzYzI0MzgxNTk4MjRjZmE2NzE=",
              "type": "findings"
            }
          ]
        },
        "project": {
          "data": {
            "id": "959a6f71-bac8-4027-b1d3-2264f569296f",
            "type": "projects"
          }
        }
      },
      "type": "cases"
    },
    {
      "attributes": {
        "title": "A title",
        "description": "A description"
      },
      "relationships": {
        "findings": {
          "data": [
            {
              "id": "OGRlMDIwYzk4MjFmZTZiNTQwMzk2ZjUxNzg0MDc0NjR-MTk3Yjk4MDI4ZDQ4YzI2ZGZiMWJmMTNhNDEwZGZkYWI=",
              "type": "findings"
            }
          ]
        },
        "project": {
          "data": {
            "id": "959a6f71-bac8-4027-b1d3-2264f569296f",
            "type": "projects"
          }
        }
      },
      "type": "cases"
    }
  ]
}

    応答

    Created

    List of case responses.

    Expand All

    フィールド

    種類

    説明

    data [required]

    [object]

    Array of case response data objects.

    attributes

    object

    Attributes of the case.

    archived_at

    date-time

    Timestamp of when the case was archived.

    assigned_to

    object

    User assigned to the case.

    data [required]

    object

    Relationship to user object.

    id [required]

    string

    A unique identifier that represents the user.

    type [required]

    enum

    Users resource type. Allowed enum values: users

    default: users

    attributes

    object

    Custom attributes associated with the case as key-value pairs where values are string arrays.

    <any-key>

    [string]

    closed_at

    date-time

    Timestamp of when the case was closed.

    created_at

    date-time

    Timestamp of when the case was created.

    creation_source

    string

    Source of the case creation.

    description

    string

    Description of the case.

    due_date

    string

    Due date of the case.

    insights

    [object]

    Insights of the case.

    ref

    string

    Reference of the insight.

    resource_id

    string

    Unique identifier of the resource. For example, the unique identifier of a security finding.

    type

    string

    Type of the resource. For example, the type of a security finding is "SECURITY_FINDING".

    jira_issue

    object

    Jira issue associated with the case.

    error_message

    string

    Error message if the Jira issue creation failed.

    result

    object

    Result of the Jira issue creation.

    account_id

    string

    Account ID of the Jira issue.

    issue_id

    string

    Unique identifier of the Jira issue.

    issue_key

    string

    Key of the Jira issue.

    issue_url

    string

    URL of the Jira issue.

    status

    string

    Status of the Jira issue creation. Can be "COMPLETED" if the Jira issue was created successfully, or "FAILED" if the Jira issue creation failed.

    key

    string

    Key of the case.

    modified_at

    date-time

    Timestamp of when the case was last modified.

    priority

    string

    Priority of the case.

    status

    string

    Status of the case.

    status_group

    string

    Status group of the case.

    status_name

    string

    Status name of the case.

    title

    string

    Title of the case.

    type

    string

    Type of the case. For security cases, this is always "SECURITY".

    id

    string

    Unique identifier of the case.

    relationships

    object

    Relationships of the case.

    created_by

    object

    User who created the case.

    data [required]

    object

    Relationship to user object.

    id [required]

    string

    A unique identifier that represents the user.

    type [required]

    enum

    Users resource type. Allowed enum values: users

    default: users

    modified_by

    object

    User who last modified the case.

    data [required]

    object

    Relationship to user object.

    id [required]

    string

    A unique identifier that represents the user.

    type [required]

    enum

    Users resource type. Allowed enum values: users

    default: users

    project

    object

    Project in which the case was created.

    data [required]

    object

    Data object representing a case management project.

    id [required]

    string

    Unique identifier of the case management project.

    type [required]

    enum

    Projects resource type. Allowed enum values: projects

    default: projects

    type [required]

    enum

    Cases resource type. Allowed enum values: cases

    default: cases

    {
  "data": [
    {
      "attributes": {
        "archived_at": "2025-01-01T00:00:00.000Z",
        "assigned_to": {
          "data": {
            "id": "00000000-0000-0000-2345-000000000000",
            "type": "users"
          }
        },
        "attributes": {
          "<any-key>": []
        },
        "closed_at": "2025-01-01T00:00:00.000Z",
        "created_at": "2025-01-01T00:00:00.000Z",
        "creation_source": "CS_SECURITY_FINDING",
        "description": "A description of the case.",
        "due_date": "2025-01-01",
        "insights": [
          {
            "ref": "/security/appsec/vm/library/vulnerability/dfa027f7c037b2f77159adc027fecb56?detection=static",
            "resource_id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
            "type": "SECURITY_FINDING"
          }
        ],
        "jira_issue": {
          "error_message": "{\"errorMessages\":[\"An error occured.\"],\"errors\":{}}",
          "result": {
            "account_id": "463a8631-680e-455c-bfd3-3ed04d326eb7",
            "issue_id": "2871276",
            "issue_key": "PROJ-123",
            "issue_url": "https://domain.atlassian.net/browse/PROJ-123"
          },
          "status": "COMPLETED"
        },
        "key": "PROJ-123",
        "modified_at": "2025-01-01T00:00:00.000Z",
        "priority": "P4",
        "status": "OPEN",
        "status_group": "SG_OPEN",
        "status_name": "Open",
        "title": "A title for the case.",
        "type": "SECURITY"
      },
      "id": "c1234567-89ab-cdef-0123-456789abcdef",
      "relationships": {
        "created_by": {
          "data": {
            "id": "00000000-0000-0000-2345-000000000000",
            "type": "users"
          }
        },
        "modified_by": {
          "data": {
            "id": "00000000-0000-0000-2345-000000000000",
            "type": "users"
          }
        },
        "project": {
          "data": {
            "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001",
            "type": "projects"
          }
        }
      },
      "type": "cases"
    }
  ]
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Curl command
    curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/findings/cases" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": [
    {
      "attributes": {
        "assignee_id": "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0",
        "description": "A description of the case.",
        "priority": "NOT_DEFINED",
        "title": "A title for the case."
      },
      "relationships": {
        "findings": {
          "data": [
            {
              "id": "YjdhNDM3N2QyNTFjYmUwYTY3NDdhMTg0YTk2Yjg5MDl-ZjNmMzAwOTFkZDNhNGQzYzI0MzgxNTk4MjRjZmE2NzE=",
              "type": "findings"
            }
          ]
        },
        "project": {
          "data": {
            "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001"
          }
        }
      },
      "type": "cases"
    }
  ]
}
EOF
    
                        
                              ## default
# 

    # Curl command
    curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/findings/cases" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": [
    {
      "attributes": {
        "assignee_id": "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0",
        "description": "A description of the case.",
        "priority": "NOT_DEFINED",
        "title": "A title for the case."
      },
      "relationships": {
        "findings": {
          "data": [
            {
              "id": "YjdhNDM3N2QyNTFjYmUwYTY3NDdhMTg0YTk2Yjg5MDl-ZjNmMzAwOTFkZDNhNGQzYzI0MzgxNTk4MjRjZmE2NzE=",
              "type": "findings"
            }
          ]
        },
        "project": {
          "data": {
            "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001"
          }
        }
      },
      "type": "cases"
    }
  ]
}
EOF
    
                        
                              ## default
# 

    # Curl command
    curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/findings/cases" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": [
    {
      "attributes": {
        "assignee_id": "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0",
        "description": "A description of the case.",
        "priority": "NOT_DEFINED",
        "title": "A title for the case."
      },
      "relationships": {
        "findings": {
          "data": [
            {
              "id": "YjdhNDM3N2QyNTFjYmUwYTY3NDdhMTg0YTk2Yjg5MDl-ZjNmMzAwOTFkZDNhNGQzYzI0MzgxNTk4MjRjZmE2NzE=",
              "type": "findings"
            }
          ]
        },
        "project": {
          "data": {
            "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001"
          }
        }
      },
      "type": "cases"
    }
  ]
}
EOF
    
                        
    // Create case for security finding returns "Created" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.CreateCaseRequestArray{
		Data: []datadogV2.CreateCaseRequestData{
			{
				Attributes: &datadogV2.CreateCaseRequestDataAttributes{
					Title:       datadog.PtrString("A title"),
					Description: datadog.PtrString("A description"),
				},
				Relationships: &datadogV2.CreateCaseRequestDataRelationships{
					Findings: datadogV2.Findings{
						Data: []datadogV2.FindingData{
							{
								Id:   "YjdhNDM3N2QyNTFjYmUwYTY3NDdhMTg0YTk2Yjg5MDl-ZjNmMzAwOTFkZDNhNGQzYzI0MzgxNTk4MjRjZmE2NzE=",
								Type: datadogV2.FINDINGDATATYPE_FINDINGS,
							},
						},
					},
					Project: datadogV2.CaseManagementProject{
						Data: datadogV2.CaseManagementProjectData{
							Id:   "959a6f71-bac8-4027-b1d3-2264f569296f",
							Type: datadogV2.CASEMANAGEMENTPROJECTDATATYPE_PROJECTS,
						},
					},
				},
				Type: datadogV2.CASEDATATYPE_CASES,
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateCases(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateCases`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateCases`:\n%s\n", responseContent)
}

    // Create case for security findings returns "Created" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.CreateCaseRequestArray{
		Data: []datadogV2.CreateCaseRequestData{
			{
				Attributes: &datadogV2.CreateCaseRequestDataAttributes{
					Title:       datadog.PtrString("A title"),
					Description: datadog.PtrString("A description"),
				},
				Relationships: &datadogV2.CreateCaseRequestDataRelationships{
					Findings: datadogV2.Findings{
						Data: []datadogV2.FindingData{
							{
								Id:   "ZTd5LWNuYi1seWV-aS0wMjI2NGZjZjRmZWQ5ODMyMg==",
								Type: datadogV2.FINDINGDATATYPE_FINDINGS,
							},
							{
								Id:   "c2FuLXhyaS1kZnN-aS0wODM3MjVhMTM2MDExNzNkOQ==",
								Type: datadogV2.FINDINGDATATYPE_FINDINGS,
							},
						},
					},
					Project: datadogV2.CaseManagementProject{
						Data: datadogV2.CaseManagementProjectData{
							Id:   "959a6f71-bac8-4027-b1d3-2264f569296f",
							Type: datadogV2.CASEMANAGEMENTPROJECTDATATYPE_PROJECTS,
						},
					},
				},
				Type: datadogV2.CASEDATATYPE_CASES,
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateCases(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateCases`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateCases`:\n%s\n", responseContent)
}

    // Create cases for security findings returns "Created" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.CreateCaseRequestArray{
		Data: []datadogV2.CreateCaseRequestData{
			{
				Attributes: &datadogV2.CreateCaseRequestDataAttributes{
					Title:       datadog.PtrString("A title"),
					Description: datadog.PtrString("A description"),
				},
				Relationships: &datadogV2.CreateCaseRequestDataRelationships{
					Findings: datadogV2.Findings{
						Data: []datadogV2.FindingData{
							{
								Id:   "YjdhNDM3N2QyNTFjYmUwYTY3NDdhMTg0YTk2Yjg5MDl-ZjNmMzAwOTFkZDNhNGQzYzI0MzgxNTk4MjRjZmE2NzE=",
								Type: datadogV2.FINDINGDATATYPE_FINDINGS,
							},
						},
					},
					Project: datadogV2.CaseManagementProject{
						Data: datadogV2.CaseManagementProjectData{
							Id:   "959a6f71-bac8-4027-b1d3-2264f569296f",
							Type: datadogV2.CASEMANAGEMENTPROJECTDATATYPE_PROJECTS,
						},
					},
				},
				Type: datadogV2.CASEDATATYPE_CASES,
			},
			{
				Attributes: &datadogV2.CreateCaseRequestDataAttributes{
					Title:       datadog.PtrString("A title"),
					Description: datadog.PtrString("A description"),
				},
				Relationships: &datadogV2.CreateCaseRequestDataRelationships{
					Findings: datadogV2.Findings{
						Data: []datadogV2.FindingData{
							{
								Id:   "OGRlMDIwYzk4MjFmZTZiNTQwMzk2ZjUxNzg0MDc0NjR-MTk3Yjk4MDI4ZDQ4YzI2ZGZiMWJmMTNhNDEwZGZkYWI=",
								Type: datadogV2.FINDINGDATATYPE_FINDINGS,
							},
						},
					},
					Project: datadogV2.CaseManagementProject{
						Data: datadogV2.CaseManagementProjectData{
							Id:   "959a6f71-bac8-4027-b1d3-2264f569296f",
							Type: datadogV2.CASEMANAGEMENTPROJECTDATATYPE_PROJECTS,
						},
					},
				},
				Type: datadogV2.CASEDATATYPE_CASES,
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateCases(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateCases`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateCases`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Create case for security finding returns "Created" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.CaseDataType;
import com.datadog.api.client.v2.model.CaseManagementProject;
import com.datadog.api.client.v2.model.CaseManagementProjectData;
import com.datadog.api.client.v2.model.CaseManagementProjectDataType;
import com.datadog.api.client.v2.model.CreateCaseRequestArray;
import com.datadog.api.client.v2.model.CreateCaseRequestData;
import com.datadog.api.client.v2.model.CreateCaseRequestDataAttributes;
import com.datadog.api.client.v2.model.CreateCaseRequestDataRelationships;
import com.datadog.api.client.v2.model.FindingCaseResponseArray;
import com.datadog.api.client.v2.model.FindingData;
import com.datadog.api.client.v2.model.FindingDataType;
import com.datadog.api.client.v2.model.Findings;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    CreateCaseRequestArray body =
        new CreateCaseRequestArray()
            .data(
                Collections.singletonList(
                    new CreateCaseRequestData()
                        .attributes(
                            new CreateCaseRequestDataAttributes()
                                .title("A title")
                                .description("A description"))
                        .relationships(
                            new CreateCaseRequestDataRelationships()
                                .findings(
                                    new Findings()
                                        .data(
                                            Collections.singletonList(
                                                new FindingData()
                                                    .id(
                                                        "YjdhNDM3N2QyNTFjYmUwYTY3NDdhMTg0YTk2Yjg5MDl-ZjNmMzAwOTFkZDNhNGQzYzI0MzgxNTk4MjRjZmE2NzE=")
                                                    .type(FindingDataType.FINDINGS))))
                                .project(
                                    new CaseManagementProject()
                                        .data(
                                            new CaseManagementProjectData()
                                                .id("959a6f71-bac8-4027-b1d3-2264f569296f")
                                                .type(CaseManagementProjectDataType.PROJECTS))))
                        .type(CaseDataType.CASES)));

    try {
      FindingCaseResponseArray result = apiInstance.createCases(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#createCases");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    // Create case for security findings returns "Created" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.CaseDataType;
import com.datadog.api.client.v2.model.CaseManagementProject;
import com.datadog.api.client.v2.model.CaseManagementProjectData;
import com.datadog.api.client.v2.model.CaseManagementProjectDataType;
import com.datadog.api.client.v2.model.CreateCaseRequestArray;
import com.datadog.api.client.v2.model.CreateCaseRequestData;
import com.datadog.api.client.v2.model.CreateCaseRequestDataAttributes;
import com.datadog.api.client.v2.model.CreateCaseRequestDataRelationships;
import com.datadog.api.client.v2.model.FindingCaseResponseArray;
import com.datadog.api.client.v2.model.FindingData;
import com.datadog.api.client.v2.model.FindingDataType;
import com.datadog.api.client.v2.model.Findings;
import java.util.Arrays;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    CreateCaseRequestArray body =
        new CreateCaseRequestArray()
            .data(
                Collections.singletonList(
                    new CreateCaseRequestData()
                        .attributes(
                            new CreateCaseRequestDataAttributes()
                                .title("A title")
                                .description("A description"))
                        .relationships(
                            new CreateCaseRequestDataRelationships()
                                .findings(
                                    new Findings()
                                        .data(
                                            Arrays.asList(
                                                new FindingData()
                                                    .id(
                                                        "ZTd5LWNuYi1seWV-aS0wMjI2NGZjZjRmZWQ5ODMyMg==")
                                                    .type(FindingDataType.FINDINGS),
                                                new FindingData()
                                                    .id(
                                                        "c2FuLXhyaS1kZnN-aS0wODM3MjVhMTM2MDExNzNkOQ==")
                                                    .type(FindingDataType.FINDINGS))))
                                .project(
                                    new CaseManagementProject()
                                        .data(
                                            new CaseManagementProjectData()
                                                .id("959a6f71-bac8-4027-b1d3-2264f569296f")
                                                .type(CaseManagementProjectDataType.PROJECTS))))
                        .type(CaseDataType.CASES)));

    try {
      FindingCaseResponseArray result = apiInstance.createCases(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#createCases");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    // Create cases for security findings returns "Created" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.CaseDataType;
import com.datadog.api.client.v2.model.CaseManagementProject;
import com.datadog.api.client.v2.model.CaseManagementProjectData;
import com.datadog.api.client.v2.model.CaseManagementProjectDataType;
import com.datadog.api.client.v2.model.CreateCaseRequestArray;
import com.datadog.api.client.v2.model.CreateCaseRequestData;
import com.datadog.api.client.v2.model.CreateCaseRequestDataAttributes;
import com.datadog.api.client.v2.model.CreateCaseRequestDataRelationships;
import com.datadog.api.client.v2.model.FindingCaseResponseArray;
import com.datadog.api.client.v2.model.FindingData;
import com.datadog.api.client.v2.model.FindingDataType;
import com.datadog.api.client.v2.model.Findings;
import java.util.Arrays;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    CreateCaseRequestArray body =
        new CreateCaseRequestArray()
            .data(
                Arrays.asList(
                    new CreateCaseRequestData()
                        .attributes(
                            new CreateCaseRequestDataAttributes()
                                .title("A title")
                                .description("A description"))
                        .relationships(
                            new CreateCaseRequestDataRelationships()
                                .findings(
                                    new Findings()
                                        .data(
                                            Collections.singletonList(
                                                new FindingData()
                                                    .id(
                                                        "YjdhNDM3N2QyNTFjYmUwYTY3NDdhMTg0YTk2Yjg5MDl-ZjNmMzAwOTFkZDNhNGQzYzI0MzgxNTk4MjRjZmE2NzE=")
                                                    .type(FindingDataType.FINDINGS))))
                                .project(
                                    new CaseManagementProject()
                                        .data(
                                            new CaseManagementProjectData()
                                                .id("959a6f71-bac8-4027-b1d3-2264f569296f")
                                                .type(CaseManagementProjectDataType.PROJECTS))))
                        .type(CaseDataType.CASES),
                    new CreateCaseRequestData()
                        .attributes(
                            new CreateCaseRequestDataAttributes()
                                .title("A title")
                                .description("A description"))
                        .relationships(
                            new CreateCaseRequestDataRelationships()
                                .findings(
                                    new Findings()
                                        .data(
                                            Collections.singletonList(
                                                new FindingData()
                                                    .id(
                                                        "OGRlMDIwYzk4MjFmZTZiNTQwMzk2ZjUxNzg0MDc0NjR-MTk3Yjk4MDI4ZDQ4YzI2ZGZiMWJmMTNhNDEwZGZkYWI=")
                                                    .type(FindingDataType.FINDINGS))))
                                .project(
                                    new CaseManagementProject()
                                        .data(
                                            new CaseManagementProjectData()
                                                .id("959a6f71-bac8-4027-b1d3-2264f569296f")
                                                .type(CaseManagementProjectDataType.PROJECTS))))
                        .type(CaseDataType.CASES)));

    try {
      FindingCaseResponseArray result = apiInstance.createCases(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#createCases");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Create case for security finding returns "Created" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.case_data_type import CaseDataType
from datadog_api_client.v2.model.case_management_project import CaseManagementProject
from datadog_api_client.v2.model.case_management_project_data import CaseManagementProjectData
from datadog_api_client.v2.model.case_management_project_data_type import CaseManagementProjectDataType
from datadog_api_client.v2.model.create_case_request_array import CreateCaseRequestArray
from datadog_api_client.v2.model.create_case_request_data import CreateCaseRequestData
from datadog_api_client.v2.model.create_case_request_data_attributes import CreateCaseRequestDataAttributes
from datadog_api_client.v2.model.create_case_request_data_relationships import CreateCaseRequestDataRelationships
from datadog_api_client.v2.model.finding_data import FindingData
from datadog_api_client.v2.model.finding_data_type import FindingDataType
from datadog_api_client.v2.model.findings import Findings

body = CreateCaseRequestArray(
    data=[
        CreateCaseRequestData(
            attributes=CreateCaseRequestDataAttributes(
                title="A title",
                description="A description",
            ),
            relationships=CreateCaseRequestDataRelationships(
                findings=Findings(
                    data=[
                        FindingData(
                            id="YjdhNDM3N2QyNTFjYmUwYTY3NDdhMTg0YTk2Yjg5MDl-ZjNmMzAwOTFkZDNhNGQzYzI0MzgxNTk4MjRjZmE2NzE=",
                            type=FindingDataType.FINDINGS,
                        ),
                    ],
                ),
                project=CaseManagementProject(
                    data=CaseManagementProjectData(
                        id="959a6f71-bac8-4027-b1d3-2264f569296f",
                        type=CaseManagementProjectDataType.PROJECTS,
                    ),
                ),
            ),
            type=CaseDataType.CASES,
        ),
    ],
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_cases(body=body)

    print(response)

    """
Create case for security findings returns "Created" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.case_data_type import CaseDataType
from datadog_api_client.v2.model.case_management_project import CaseManagementProject
from datadog_api_client.v2.model.case_management_project_data import CaseManagementProjectData
from datadog_api_client.v2.model.case_management_project_data_type import CaseManagementProjectDataType
from datadog_api_client.v2.model.create_case_request_array import CreateCaseRequestArray
from datadog_api_client.v2.model.create_case_request_data import CreateCaseRequestData
from datadog_api_client.v2.model.create_case_request_data_attributes import CreateCaseRequestDataAttributes
from datadog_api_client.v2.model.create_case_request_data_relationships import CreateCaseRequestDataRelationships
from datadog_api_client.v2.model.finding_data import FindingData
from datadog_api_client.v2.model.finding_data_type import FindingDataType
from datadog_api_client.v2.model.findings import Findings

body = CreateCaseRequestArray(
    data=[
        CreateCaseRequestData(
            attributes=CreateCaseRequestDataAttributes(
                title="A title",
                description="A description",
            ),
            relationships=CreateCaseRequestDataRelationships(
                findings=Findings(
                    data=[
                        FindingData(
                            id="ZTd5LWNuYi1seWV-aS0wMjI2NGZjZjRmZWQ5ODMyMg==",
                            type=FindingDataType.FINDINGS,
                        ),
                        FindingData(
                            id="c2FuLXhyaS1kZnN-aS0wODM3MjVhMTM2MDExNzNkOQ==",
                            type=FindingDataType.FINDINGS,
                        ),
                    ],
                ),
                project=CaseManagementProject(
                    data=CaseManagementProjectData(
                        id="959a6f71-bac8-4027-b1d3-2264f569296f",
                        type=CaseManagementProjectDataType.PROJECTS,
                    ),
                ),
            ),
            type=CaseDataType.CASES,
        ),
    ],
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_cases(body=body)

    print(response)

    """
Create cases for security findings returns "Created" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.case_data_type import CaseDataType
from datadog_api_client.v2.model.case_management_project import CaseManagementProject
from datadog_api_client.v2.model.case_management_project_data import CaseManagementProjectData
from datadog_api_client.v2.model.case_management_project_data_type import CaseManagementProjectDataType
from datadog_api_client.v2.model.create_case_request_array import CreateCaseRequestArray
from datadog_api_client.v2.model.create_case_request_data import CreateCaseRequestData
from datadog_api_client.v2.model.create_case_request_data_attributes import CreateCaseRequestDataAttributes
from datadog_api_client.v2.model.create_case_request_data_relationships import CreateCaseRequestDataRelationships
from datadog_api_client.v2.model.finding_data import FindingData
from datadog_api_client.v2.model.finding_data_type import FindingDataType
from datadog_api_client.v2.model.findings import Findings

body = CreateCaseRequestArray(
    data=[
        CreateCaseRequestData(
            attributes=CreateCaseRequestDataAttributes(
                title="A title",
                description="A description",
            ),
            relationships=CreateCaseRequestDataRelationships(
                findings=Findings(
                    data=[
                        FindingData(
                            id="YjdhNDM3N2QyNTFjYmUwYTY3NDdhMTg0YTk2Yjg5MDl-ZjNmMzAwOTFkZDNhNGQzYzI0MzgxNTk4MjRjZmE2NzE=",
                            type=FindingDataType.FINDINGS,
                        ),
                    ],
                ),
                project=CaseManagementProject(
                    data=CaseManagementProjectData(
                        id="959a6f71-bac8-4027-b1d3-2264f569296f",
                        type=CaseManagementProjectDataType.PROJECTS,
                    ),
                ),
            ),
            type=CaseDataType.CASES,
        ),
        CreateCaseRequestData(
            attributes=CreateCaseRequestDataAttributes(
                title="A title",
                description="A description",
            ),
            relationships=CreateCaseRequestDataRelationships(
                findings=Findings(
                    data=[
                        FindingData(
                            id="OGRlMDIwYzk4MjFmZTZiNTQwMzk2ZjUxNzg0MDc0NjR-MTk3Yjk4MDI4ZDQ4YzI2ZGZiMWJmMTNhNDEwZGZkYWI=",
                            type=FindingDataType.FINDINGS,
                        ),
                    ],
                ),
                project=CaseManagementProject(
                    data=CaseManagementProjectData(
                        id="959a6f71-bac8-4027-b1d3-2264f569296f",
                        type=CaseManagementProjectDataType.PROJECTS,
                    ),
                ),
            ),
            type=CaseDataType.CASES,
        ),
    ],
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_cases(body=body)

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Create case for security finding returns "Created" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::CreateCaseRequestArray.new({
  data: [
    DatadogAPIClient::V2::CreateCaseRequestData.new({
      attributes: DatadogAPIClient::V2::CreateCaseRequestDataAttributes.new({
        title: "A title",
        description: "A description",
      }),
      relationships: DatadogAPIClient::V2::CreateCaseRequestDataRelationships.new({
        findings: DatadogAPIClient::V2::Findings.new({
          data: [
            DatadogAPIClient::V2::FindingData.new({
              id: "YjdhNDM3N2QyNTFjYmUwYTY3NDdhMTg0YTk2Yjg5MDl-ZjNmMzAwOTFkZDNhNGQzYzI0MzgxNTk4MjRjZmE2NzE=",
              type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
            }),
          ],
        }),
        project: DatadogAPIClient::V2::CaseManagementProject.new({
          data: DatadogAPIClient::V2::CaseManagementProjectData.new({
            id: "959a6f71-bac8-4027-b1d3-2264f569296f",
            type: DatadogAPIClient::V2::CaseManagementProjectDataType::PROJECTS,
          }),
        }),
      }),
      type: DatadogAPIClient::V2::CaseDataType::CASES,
    }),
  ],
})
p api_instance.create_cases(body)

    # Create case for security findings returns "Created" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::CreateCaseRequestArray.new({
  data: [
    DatadogAPIClient::V2::CreateCaseRequestData.new({
      attributes: DatadogAPIClient::V2::CreateCaseRequestDataAttributes.new({
        title: "A title",
        description: "A description",
      }),
      relationships: DatadogAPIClient::V2::CreateCaseRequestDataRelationships.new({
        findings: DatadogAPIClient::V2::Findings.new({
          data: [
            DatadogAPIClient::V2::FindingData.new({
              id: "ZTd5LWNuYi1seWV-aS0wMjI2NGZjZjRmZWQ5ODMyMg==",
              type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
            }),
            DatadogAPIClient::V2::FindingData.new({
              id: "c2FuLXhyaS1kZnN-aS0wODM3MjVhMTM2MDExNzNkOQ==",
              type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
            }),
          ],
        }),
        project: DatadogAPIClient::V2::CaseManagementProject.new({
          data: DatadogAPIClient::V2::CaseManagementProjectData.new({
            id: "959a6f71-bac8-4027-b1d3-2264f569296f",
            type: DatadogAPIClient::V2::CaseManagementProjectDataType::PROJECTS,
          }),
        }),
      }),
      type: DatadogAPIClient::V2::CaseDataType::CASES,
    }),
  ],
})
p api_instance.create_cases(body)

    # Create cases for security findings returns "Created" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::CreateCaseRequestArray.new({
  data: [
    DatadogAPIClient::V2::CreateCaseRequestData.new({
      attributes: DatadogAPIClient::V2::CreateCaseRequestDataAttributes.new({
        title: "A title",
        description: "A description",
      }),
      relationships: DatadogAPIClient::V2::CreateCaseRequestDataRelationships.new({
        findings: DatadogAPIClient::V2::Findings.new({
          data: [
            DatadogAPIClient::V2::FindingData.new({
              id: "YjdhNDM3N2QyNTFjYmUwYTY3NDdhMTg0YTk2Yjg5MDl-ZjNmMzAwOTFkZDNhNGQzYzI0MzgxNTk4MjRjZmE2NzE=",
              type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
            }),
          ],
        }),
        project: DatadogAPIClient::V2::CaseManagementProject.new({
          data: DatadogAPIClient::V2::CaseManagementProjectData.new({
            id: "959a6f71-bac8-4027-b1d3-2264f569296f",
            type: DatadogAPIClient::V2::CaseManagementProjectDataType::PROJECTS,
          }),
        }),
      }),
      type: DatadogAPIClient::V2::CaseDataType::CASES,
    }),
    DatadogAPIClient::V2::CreateCaseRequestData.new({
      attributes: DatadogAPIClient::V2::CreateCaseRequestDataAttributes.new({
        title: "A title",
        description: "A description",
      }),
      relationships: DatadogAPIClient::V2::CreateCaseRequestDataRelationships.new({
        findings: DatadogAPIClient::V2::Findings.new({
          data: [
            DatadogAPIClient::V2::FindingData.new({
              id: "OGRlMDIwYzk4MjFmZTZiNTQwMzk2ZjUxNzg0MDc0NjR-MTk3Yjk4MDI4ZDQ4YzI2ZGZiMWJmMTNhNDEwZGZkYWI=",
              type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
            }),
          ],
        }),
        project: DatadogAPIClient::V2::CaseManagementProject.new({
          data: DatadogAPIClient::V2::CaseManagementProjectData.new({
            id: "959a6f71-bac8-4027-b1d3-2264f569296f",
            type: DatadogAPIClient::V2::CaseManagementProjectDataType::PROJECTS,
          }),
        }),
      }),
      type: DatadogAPIClient::V2::CaseDataType::CASES,
    }),
  ],
})
p api_instance.create_cases(body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Create case for security finding returns "Created" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::CaseDataType;
use datadog_api_client::datadogV2::model::CaseManagementProject;
use datadog_api_client::datadogV2::model::CaseManagementProjectData;
use datadog_api_client::datadogV2::model::CaseManagementProjectDataType;
use datadog_api_client::datadogV2::model::CreateCaseRequestArray;
use datadog_api_client::datadogV2::model::CreateCaseRequestData;
use datadog_api_client::datadogV2::model::CreateCaseRequestDataAttributes;
use datadog_api_client::datadogV2::model::CreateCaseRequestDataRelationships;
use datadog_api_client::datadogV2::model::FindingData;
use datadog_api_client::datadogV2::model::FindingDataType;
use datadog_api_client::datadogV2::model::Findings;

#[tokio::main]
async fn main() {
    let body =
        CreateCaseRequestArray::new(
            vec![
                CreateCaseRequestData::new(CaseDataType::CASES)
                    .attributes(
                        CreateCaseRequestDataAttributes::new()
                            .description("A description".to_string())
                            .title("A title".to_string()),
                    )
                    .relationships(
                        CreateCaseRequestDataRelationships::new(
                            Findings
                            ::new().data(
                                vec![
                                    FindingData::new(
                                        "YjdhNDM3N2QyNTFjYmUwYTY3NDdhMTg0YTk2Yjg5MDl-ZjNmMzAwOTFkZDNhNGQzYzI0MzgxNTk4MjRjZmE2NzE=".to_string(),
                                        FindingDataType::FINDINGS,
                                    )
                                ],
                            ),
                            CaseManagementProject::new(
                                CaseManagementProjectData::new(
                                    "959a6f71-bac8-4027-b1d3-2264f569296f".to_string(),
                                    CaseManagementProjectDataType::PROJECTS,
                                ),
                            ),
                        ),
                    )
            ],
        );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_cases(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    // Create case for security findings returns "Created" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::CaseDataType;
use datadog_api_client::datadogV2::model::CaseManagementProject;
use datadog_api_client::datadogV2::model::CaseManagementProjectData;
use datadog_api_client::datadogV2::model::CaseManagementProjectDataType;
use datadog_api_client::datadogV2::model::CreateCaseRequestArray;
use datadog_api_client::datadogV2::model::CreateCaseRequestData;
use datadog_api_client::datadogV2::model::CreateCaseRequestDataAttributes;
use datadog_api_client::datadogV2::model::CreateCaseRequestDataRelationships;
use datadog_api_client::datadogV2::model::FindingData;
use datadog_api_client::datadogV2::model::FindingDataType;
use datadog_api_client::datadogV2::model::Findings;

#[tokio::main]
async fn main() {
    let body = CreateCaseRequestArray::new(vec![CreateCaseRequestData::new(CaseDataType::CASES)
        .attributes(
            CreateCaseRequestDataAttributes::new()
                .description("A description".to_string())
                .title("A title".to_string()),
        )
        .relationships(CreateCaseRequestDataRelationships::new(
            Findings::new().data(vec![
                FindingData::new(
                    "ZTd5LWNuYi1seWV-aS0wMjI2NGZjZjRmZWQ5ODMyMg==".to_string(),
                    FindingDataType::FINDINGS,
                ),
                FindingData::new(
                    "c2FuLXhyaS1kZnN-aS0wODM3MjVhMTM2MDExNzNkOQ==".to_string(),
                    FindingDataType::FINDINGS,
                ),
            ]),
            CaseManagementProject::new(CaseManagementProjectData::new(
                "959a6f71-bac8-4027-b1d3-2264f569296f".to_string(),
                CaseManagementProjectDataType::PROJECTS,
            )),
        ))]);
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_cases(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    // Create cases for security findings returns "Created" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::CaseDataType;
use datadog_api_client::datadogV2::model::CaseManagementProject;
use datadog_api_client::datadogV2::model::CaseManagementProjectData;
use datadog_api_client::datadogV2::model::CaseManagementProjectDataType;
use datadog_api_client::datadogV2::model::CreateCaseRequestArray;
use datadog_api_client::datadogV2::model::CreateCaseRequestData;
use datadog_api_client::datadogV2::model::CreateCaseRequestDataAttributes;
use datadog_api_client::datadogV2::model::CreateCaseRequestDataRelationships;
use datadog_api_client::datadogV2::model::FindingData;
use datadog_api_client::datadogV2::model::FindingDataType;
use datadog_api_client::datadogV2::model::Findings;

#[tokio::main]
async fn main() {
    let body =
        CreateCaseRequestArray::new(
            vec![
                CreateCaseRequestData::new(CaseDataType::CASES)
                    .attributes(
                        CreateCaseRequestDataAttributes::new()
                            .description("A description".to_string())
                            .title("A title".to_string()),
                    )
                    .relationships(
                        CreateCaseRequestDataRelationships::new(
                            Findings
                            ::new().data(
                                vec![
                                    FindingData::new(
                                        "YjdhNDM3N2QyNTFjYmUwYTY3NDdhMTg0YTk2Yjg5MDl-ZjNmMzAwOTFkZDNhNGQzYzI0MzgxNTk4MjRjZmE2NzE=".to_string(),
                                        FindingDataType::FINDINGS,
                                    )
                                ],
                            ),
                            CaseManagementProject::new(
                                CaseManagementProjectData::new(
                                    "959a6f71-bac8-4027-b1d3-2264f569296f".to_string(),
                                    CaseManagementProjectDataType::PROJECTS,
                                ),
                            ),
                        ),
                    ),
                CreateCaseRequestData::new(CaseDataType::CASES)
                    .attributes(
                        CreateCaseRequestDataAttributes::new()
                            .description("A description".to_string())
                            .title("A title".to_string()),
                    )
                    .relationships(
                        CreateCaseRequestDataRelationships::new(
                            Findings
                            ::new().data(
                                vec![
                                    FindingData::new(
                                        "OGRlMDIwYzk4MjFmZTZiNTQwMzk2ZjUxNzg0MDc0NjR-MTk3Yjk4MDI4ZDQ4YzI2ZGZiMWJmMTNhNDEwZGZkYWI=".to_string(),
                                        FindingDataType::FINDINGS,
                                    )
                                ],
                            ),
                            CaseManagementProject::new(
                                CaseManagementProjectData::new(
                                    "959a6f71-bac8-4027-b1d3-2264f569296f".to_string(),
                                    CaseManagementProjectDataType::PROJECTS,
                                ),
                            ),
                        ),
                    )
            ],
        );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_cases(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Create case for security finding returns "Created" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateCasesRequest = {
  body: {
    data: [
      {
        attributes: {
          title: "A title",
          description: "A description",
        },
        relationships: {
          findings: {
            data: [
              {
                id: "YjdhNDM3N2QyNTFjYmUwYTY3NDdhMTg0YTk2Yjg5MDl-ZjNmMzAwOTFkZDNhNGQzYzI0MzgxNTk4MjRjZmE2NzE=",
                type: "findings",
              },
            ],
          },
          project: {
            data: {
              id: "959a6f71-bac8-4027-b1d3-2264f569296f",
              type: "projects",
            },
          },
        },
        type: "cases",
      },
    ],
  },
};

apiInstance
  .createCases(params)
  .then((data: v2.FindingCaseResponseArray) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    /**
 * Create case for security findings returns "Created" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateCasesRequest = {
  body: {
    data: [
      {
        attributes: {
          title: "A title",
          description: "A description",
        },
        relationships: {
          findings: {
            data: [
              {
                id: "ZTd5LWNuYi1seWV-aS0wMjI2NGZjZjRmZWQ5ODMyMg==",
                type: "findings",
              },
              {
                id: "c2FuLXhyaS1kZnN-aS0wODM3MjVhMTM2MDExNzNkOQ==",
                type: "findings",
              },
            ],
          },
          project: {
            data: {
              id: "959a6f71-bac8-4027-b1d3-2264f569296f",
              type: "projects",
            },
          },
        },
        type: "cases",
      },
    ],
  },
};

apiInstance
  .createCases(params)
  .then((data: v2.FindingCaseResponseArray) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    /**
 * Create cases for security findings returns "Created" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateCasesRequest = {
  body: {
    data: [
      {
        attributes: {
          title: "A title",
          description: "A description",
        },
        relationships: {
          findings: {
            data: [
              {
                id: "YjdhNDM3N2QyNTFjYmUwYTY3NDdhMTg0YTk2Yjg5MDl-ZjNmMzAwOTFkZDNhNGQzYzI0MzgxNTk4MjRjZmE2NzE=",
                type: "findings",
              },
            ],
          },
          project: {
            data: {
              id: "959a6f71-bac8-4027-b1d3-2264f569296f",
              type: "projects",
            },
          },
        },
        type: "cases",
      },
      {
        attributes: {
          title: "A title",
          description: "A description",
        },
        relationships: {
          findings: {
            data: [
              {
                id: "OGRlMDIwYzk4MjFmZTZiNTQwMzk2ZjUxNzg0MDc0NjR-MTk3Yjk4MDI4ZDQ4YzI2ZGZiMWJmMTNhNDEwZGZkYWI=",
                type: "findings",
              },
            ],
          },
          project: {
            data: {
              id: "959a6f71-bac8-4027-b1d3-2264f569296f",
              type: "projects",
            },
          },
        },
        type: "cases",
      },
    ],
  },
};

apiInstance
  .createCases(params)
  .then((data: v2.FindingCaseResponseArray) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Detach security findings from their case

    DELETE https://api.ap1.datadoghq.com/api/v2/security/findings/caseshttps://api.ap2.datadoghq.com/api/v2/security/findings/caseshttps://api.datadoghq.eu/api/v2/security/findings/caseshttps://api.ddog-gov.com/api/v2/security/findings/caseshttps://api.us2.ddog-gov.com/api/v2/security/findings/caseshttps://api.datadoghq.com/api/v2/security/findings/caseshttps://api.us3.datadoghq.com/api/v2/security/findings/caseshttps://api.us5.datadoghq.com/api/v2/security/findings/cases

    概要

    Detach security findings from their case. This operation dissociates security findings from their associated cases without deleting the cases themselves. You can detach security findings from multiple different cases in a single request, with a limit of 50 security findings per request. Security findings that are not currently attached to any case will be ignored. This endpoint requires any of the following permissions:

  • security_monitoring_findings_write
  • appsec_vm_write

    • リクエスト

    Body Data (required)

    Expand All

    フィールド

    種類

    説明

    data

    object

    Data for detaching security findings from their case.

    relationships

    object

    Relationships detaching security findings from their case.

    findings [required]

    object

    Security findings to detach from their case.

    data

    [object]

    Array of security finding data objects.

    id [required]

    string

    Unique identifier of the security finding.

    type [required]

    enum

    Security findings resource type. Allowed enum values: findings

    default: findings

    type [required]

    enum

    Cases resource type. Allowed enum values: cases

    default: cases

    {
  "data": {
    "relationships": {
      "findings": {
        "data": [
          {
            "id": "YzM2MTFjYzcyNmY0Zjg4MTAxZmRlNjQ1MWU1ZGQwYzR-YzI5NzE5Y2Y4MzU4ZjliNzhkNjYxNTY0ODIzZDQ2YTM=",
            "type": "findings"
          }
        ]
      }
    },
    "type": "cases"
  }
}

    応答

    No Content

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Curl command
    curl -X DELETE "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/findings/cases" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "relationships": {
      "findings": {
        "data": [
          {
            "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
            "type": "findings"
          }
        ]
      }
    },
    "type": "cases"
  }
}
EOF
    
                        
    // Detach security findings from their case returns "No Content" response

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.DetachCaseRequest{
		Data: &datadogV2.DetachCaseRequestData{
			Relationships: &datadogV2.DetachCaseRequestDataRelationships{
				Findings: datadogV2.Findings{
					Data: []datadogV2.FindingData{
						{
							Id:   "YzM2MTFjYzcyNmY0Zjg4MTAxZmRlNjQ1MWU1ZGQwYzR-YzI5NzE5Y2Y4MzU4ZjliNzhkNjYxNTY0ODIzZDQ2YTM=",
							Type: datadogV2.FINDINGDATATYPE_FINDINGS,
						},
					},
				},
			},
			Type: datadogV2.CASEDATATYPE_CASES,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	r, err := api.DetachCase(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.DetachCase`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Detach security findings from their case returns "No Content" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.CaseDataType;
import com.datadog.api.client.v2.model.DetachCaseRequest;
import com.datadog.api.client.v2.model.DetachCaseRequestData;
import com.datadog.api.client.v2.model.DetachCaseRequestDataRelationships;
import com.datadog.api.client.v2.model.FindingData;
import com.datadog.api.client.v2.model.FindingDataType;
import com.datadog.api.client.v2.model.Findings;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    DetachCaseRequest body =
        new DetachCaseRequest()
            .data(
                new DetachCaseRequestData()
                    .relationships(
                        new DetachCaseRequestDataRelationships()
                            .findings(
                                new Findings()
                                    .data(
                                        Collections.singletonList(
                                            new FindingData()
                                                .id(
                                                    "YzM2MTFjYzcyNmY0Zjg4MTAxZmRlNjQ1MWU1ZGQwYzR-YzI5NzE5Y2Y4MzU4ZjliNzhkNjYxNTY0ODIzZDQ2YTM=")
                                                .type(FindingDataType.FINDINGS)))))
                    .type(CaseDataType.CASES));

    try {
      apiInstance.detachCase(body);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#detachCase");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Detach security findings from their case returns "No Content" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.case_data_type import CaseDataType
from datadog_api_client.v2.model.detach_case_request import DetachCaseRequest
from datadog_api_client.v2.model.detach_case_request_data import DetachCaseRequestData
from datadog_api_client.v2.model.detach_case_request_data_relationships import DetachCaseRequestDataRelationships
from datadog_api_client.v2.model.finding_data import FindingData
from datadog_api_client.v2.model.finding_data_type import FindingDataType
from datadog_api_client.v2.model.findings import Findings

body = DetachCaseRequest(
    data=DetachCaseRequestData(
        relationships=DetachCaseRequestDataRelationships(
            findings=Findings(
                data=[
                    FindingData(
                        id="YzM2MTFjYzcyNmY0Zjg4MTAxZmRlNjQ1MWU1ZGQwYzR-YzI5NzE5Y2Y4MzU4ZjliNzhkNjYxNTY0ODIzZDQ2YTM=",
                        type=FindingDataType.FINDINGS,
                    ),
                ],
            ),
        ),
        type=CaseDataType.CASES,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    api_instance.detach_case(body=body)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Detach security findings from their case returns "No Content" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::DetachCaseRequest.new({
  data: DatadogAPIClient::V2::DetachCaseRequestData.new({
    relationships: DatadogAPIClient::V2::DetachCaseRequestDataRelationships.new({
      findings: DatadogAPIClient::V2::Findings.new({
        data: [
          DatadogAPIClient::V2::FindingData.new({
            id: "YzM2MTFjYzcyNmY0Zjg4MTAxZmRlNjQ1MWU1ZGQwYzR-YzI5NzE5Y2Y4MzU4ZjliNzhkNjYxNTY0ODIzZDQ2YTM=",
            type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
          }),
        ],
      }),
    }),
    type: DatadogAPIClient::V2::CaseDataType::CASES,
  }),
})
api_instance.detach_case(body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Detach security findings from their case returns "No Content" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::CaseDataType;
use datadog_api_client::datadogV2::model::DetachCaseRequest;
use datadog_api_client::datadogV2::model::DetachCaseRequestData;
use datadog_api_client::datadogV2::model::DetachCaseRequestDataRelationships;
use datadog_api_client::datadogV2::model::FindingData;
use datadog_api_client::datadogV2::model::FindingDataType;
use datadog_api_client::datadogV2::model::Findings;

#[tokio::main]
async fn main() {
    let body =
        DetachCaseRequest
        ::new().data(
            DetachCaseRequestData::new(
                CaseDataType::CASES,
            ).relationships(
                DetachCaseRequestDataRelationships::new(
                    Findings
                    ::new().data(
                        vec![
                            FindingData::new(
                                "YzM2MTFjYzcyNmY0Zjg4MTAxZmRlNjQ1MWU1ZGQwYzR-YzI5NzE5Y2Y4MzU4ZjliNzhkNjYxNTY0ODIzZDQ2YTM=".to_string(),
                                FindingDataType::FINDINGS,
                            )
                        ],
                    ),
                ),
            ),
        );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.detach_case(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Detach security findings from their case returns "No Content" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiDetachCaseRequest = {
  body: {
    data: {
      relationships: {
        findings: {
          data: [
            {
              id: "YzM2MTFjYzcyNmY0Zjg4MTAxZmRlNjQ1MWU1ZGQwYzR-YzI5NzE5Y2Y4MzU4ZjliNzhkNjYxNTY0ODIzZDQ2YTM=",
              type: "findings",
            },
          ],
        },
      },
      type: "cases",
    },
  },
};

apiInstance
  .detachCase(params)
  .then((data: any) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Attach security findings to a case

    PATCH https://api.ap1.datadoghq.com/api/v2/security/findings/cases/{case_id}https://api.ap2.datadoghq.com/api/v2/security/findings/cases/{case_id}https://api.datadoghq.eu/api/v2/security/findings/cases/{case_id}https://api.ddog-gov.com/api/v2/security/findings/cases/{case_id}https://api.us2.ddog-gov.com/api/v2/security/findings/cases/{case_id}https://api.datadoghq.com/api/v2/security/findings/cases/{case_id}https://api.us3.datadoghq.com/api/v2/security/findings/cases/{case_id}https://api.us5.datadoghq.com/api/v2/security/findings/cases/{case_id}

    概要

    Attach security findings to a case. You can attach up to 50 security findings per case. Security findings that are already attached to another case will be detached from their previous case and attached to the specified case. This endpoint requires any of the following permissions:

  • security_monitoring_findings_write
  • appsec_vm_write

    • 引数

    パスパラメーター

    名前

    種類

    説明

    case_id [required]

    string

    Unique identifier of the case to attach security findings to

    リクエスト

    Body Data (required)

    Expand All

    フィールド

    種類

    説明

    data

    object

    Data of the case to attach security findings to.

    id [required]

    string

    Unique identifier of the case.

    relationships

    object

    Relationships of the case to attach security findings to.

    findings [required]

    object

    Security findings to attach to the case.

    data

    [object]

    Array of security finding data objects.

    id [required]

    string

    Unique identifier of the security finding.

    type [required]

    enum

    Security findings resource type. Allowed enum values: findings

    default: findings

    type [required]

    enum

    Cases resource type. Allowed enum values: cases

    default: cases

    {
  "data": {
    "id": "7d16945b-baf8-411e-ab2a-20fe43af1ea3",
    "relationships": {
      "findings": {
        "data": [
          {
            "id": "ZGZhMDI3ZjdjMDM3YjJmNzcxNTlhZGMwMjdmZWNiNTZ-MTVlYTNmYWU3NjNlOTNlYTE2YjM4N2JmZmI4Yjk5N2Y=",
            "type": "findings"
          }
        ]
      }
    },
    "type": "cases"
  }
}
    {
  "data": {
    "id": "7d16945b-baf8-411e-ab2a-20fe43af1ea3",
    "relationships": {
      "findings": {
        "data": [
          {
            "id": "ZGZhMDI3ZjdjMDM3YjJmNzcxNTlhZGMwMjdmZWNiNTZ-MTVlYTNmYWU3NjNlOTNlYTE2YjM4N2JmZmI4Yjk5N2Y=",
            "type": "findings"
          },
          {
            "id": "MmUzMzZkODQ2YTI3NDU0OTk4NDk3NzhkOTY5YjU2Zjh-YWJjZGI1ODI4OTYzNWM3ZmUwZTBlOWRkYTRiMGUyOGQ=",
            "type": "findings"
          }
        ]
      }
    },
    "type": "cases"
  }
}

    応答

    OK

    Case response.

    Expand All

    フィールド

    種類

    説明

    data

    object

    Data of the case.

    attributes

    object

    Attributes of the case.

    archived_at

    date-time

    Timestamp of when the case was archived.

    assigned_to

    object

    User assigned to the case.

    data [required]

    object

    Relationship to user object.

    id [required]

    string

    A unique identifier that represents the user.

    type [required]

    enum

    Users resource type. Allowed enum values: users

    default: users

    attributes

    object

    Custom attributes associated with the case as key-value pairs where values are string arrays.

    <any-key>

    [string]

    closed_at

    date-time

    Timestamp of when the case was closed.

    created_at

    date-time

    Timestamp of when the case was created.

    creation_source

    string

    Source of the case creation.

    description

    string

    Description of the case.

    due_date

    string

    Due date of the case.

    insights

    [object]

    Insights of the case.

    ref

    string

    Reference of the insight.

    resource_id

    string

    Unique identifier of the resource. For example, the unique identifier of a security finding.

    type

    string

    Type of the resource. For example, the type of a security finding is "SECURITY_FINDING".

    jira_issue

    object

    Jira issue associated with the case.

    error_message

    string

    Error message if the Jira issue creation failed.

    result

    object

    Result of the Jira issue creation.

    account_id

    string

    Account ID of the Jira issue.

    issue_id

    string

    Unique identifier of the Jira issue.

    issue_key

    string

    Key of the Jira issue.

    issue_url

    string

    URL of the Jira issue.

    status

    string

    Status of the Jira issue creation. Can be "COMPLETED" if the Jira issue was created successfully, or "FAILED" if the Jira issue creation failed.

    key

    string

    Key of the case.

    modified_at

    date-time

    Timestamp of when the case was last modified.

    priority

    string

    Priority of the case.

    status

    string

    Status of the case.

    status_group

    string

    Status group of the case.

    status_name

    string

    Status name of the case.

    title

    string

    Title of the case.

    type

    string

    Type of the case. For security cases, this is always "SECURITY".

    id

    string

    Unique identifier of the case.

    relationships

    object

    Relationships of the case.

    created_by

    object

    User who created the case.

    data [required]

    object

    Relationship to user object.

    id [required]

    string

    A unique identifier that represents the user.

    type [required]

    enum

    Users resource type. Allowed enum values: users

    default: users

    modified_by

    object

    User who last modified the case.

    data [required]

    object

    Relationship to user object.

    id [required]

    string

    A unique identifier that represents the user.

    type [required]

    enum

    Users resource type. Allowed enum values: users

    default: users

    project

    object

    Project in which the case was created.

    data [required]

    object

    Data object representing a case management project.

    id [required]

    string

    Unique identifier of the case management project.

    type [required]

    enum

    Projects resource type. Allowed enum values: projects

    default: projects

    type [required]

    enum

    Cases resource type. Allowed enum values: cases

    default: cases

    {
  "data": {
    "attributes": {
      "archived_at": "2025-01-01T00:00:00.000Z",
      "assigned_to": {
        "data": {
          "id": "00000000-0000-0000-2345-000000000000",
          "type": "users"
        }
      },
      "attributes": {
        "<any-key>": []
      },
      "closed_at": "2025-01-01T00:00:00.000Z",
      "created_at": "2025-01-01T00:00:00.000Z",
      "creation_source": "CS_SECURITY_FINDING",
      "description": "A description of the case.",
      "due_date": "2025-01-01",
      "insights": [
        {
          "ref": "/security/appsec/vm/library/vulnerability/dfa027f7c037b2f77159adc027fecb56?detection=static",
          "resource_id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
          "type": "SECURITY_FINDING"
        }
      ],
      "jira_issue": {
        "error_message": "{\"errorMessages\":[\"An error occured.\"],\"errors\":{}}",
        "result": {
          "account_id": "463a8631-680e-455c-bfd3-3ed04d326eb7",
          "issue_id": "2871276",
          "issue_key": "PROJ-123",
          "issue_url": "https://domain.atlassian.net/browse/PROJ-123"
        },
        "status": "COMPLETED"
      },
      "key": "PROJ-123",
      "modified_at": "2025-01-01T00:00:00.000Z",
      "priority": "P4",
      "status": "OPEN",
      "status_group": "SG_OPEN",
      "status_name": "Open",
      "title": "A title for the case.",
      "type": "SECURITY"
    },
    "id": "c1234567-89ab-cdef-0123-456789abcdef",
    "relationships": {
      "created_by": {
        "data": {
          "id": "00000000-0000-0000-2345-000000000000",
          "type": "users"
        }
      },
      "modified_by": {
        "data": {
          "id": "00000000-0000-0000-2345-000000000000",
          "type": "users"
        }
      },
      "project": {
        "data": {
          "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001",
          "type": "projects"
        }
      }
    },
    "type": "cases"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Path parameters
    export case_id="CHANGE_ME"
    # Curl command
    curl -X PATCH "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/findings/cases/${case_id}" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "id": "c1234567-89ab-cdef-0123-456789abcdef",
    "relationships": {
      "findings": {
        "data": [
          {
            "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw=="
          }
        ]
      }
    },
    "type": "cases"
  }
}
EOF
    
                        
                              ## default
# 

    # Path parameters
    export case_id="CHANGE_ME"
    # Curl command
    curl -X PATCH "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/findings/cases/${case_id}" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "id": "c1234567-89ab-cdef-0123-456789abcdef",
    "relationships": {
      "findings": {
        "data": [
          {
            "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw=="
          }
        ]
      }
    },
    "type": "cases"
  }
}
EOF
    
                        
    // Attach security finding to a case returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.AttachCaseRequest{
		Data: &datadogV2.AttachCaseRequestData{
			Id: "7d16945b-baf8-411e-ab2a-20fe43af1ea3",
			Relationships: &datadogV2.AttachCaseRequestDataRelationships{
				Findings: datadogV2.Findings{
					Data: []datadogV2.FindingData{
						{
							Id:   "ZGZhMDI3ZjdjMDM3YjJmNzcxNTlhZGMwMjdmZWNiNTZ-MTVlYTNmYWU3NjNlOTNlYTE2YjM4N2JmZmI4Yjk5N2Y=",
							Type: datadogV2.FINDINGDATATYPE_FINDINGS,
						},
					},
				},
			},
			Type: datadogV2.CASEDATATYPE_CASES,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.AttachCase(ctx, "7d16945b-baf8-411e-ab2a-20fe43af1ea3", body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.AttachCase`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.AttachCase`:\n%s\n", responseContent)
}

    // Attach security findings to a case returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.AttachCaseRequest{
		Data: &datadogV2.AttachCaseRequestData{
			Id: "7d16945b-baf8-411e-ab2a-20fe43af1ea3",
			Relationships: &datadogV2.AttachCaseRequestDataRelationships{
				Findings: datadogV2.Findings{
					Data: []datadogV2.FindingData{
						{
							Id:   "ZGZhMDI3ZjdjMDM3YjJmNzcxNTlhZGMwMjdmZWNiNTZ-MTVlYTNmYWU3NjNlOTNlYTE2YjM4N2JmZmI4Yjk5N2Y=",
							Type: datadogV2.FINDINGDATATYPE_FINDINGS,
						},
						{
							Id:   "MmUzMzZkODQ2YTI3NDU0OTk4NDk3NzhkOTY5YjU2Zjh-YWJjZGI1ODI4OTYzNWM3ZmUwZTBlOWRkYTRiMGUyOGQ=",
							Type: datadogV2.FINDINGDATATYPE_FINDINGS,
						},
					},
				},
			},
			Type: datadogV2.CASEDATATYPE_CASES,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.AttachCase(ctx, "7d16945b-baf8-411e-ab2a-20fe43af1ea3", body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.AttachCase`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.AttachCase`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Attach security finding to a case returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.AttachCaseRequest;
import com.datadog.api.client.v2.model.AttachCaseRequestData;
import com.datadog.api.client.v2.model.AttachCaseRequestDataRelationships;
import com.datadog.api.client.v2.model.CaseDataType;
import com.datadog.api.client.v2.model.FindingCaseResponse;
import com.datadog.api.client.v2.model.FindingData;
import com.datadog.api.client.v2.model.FindingDataType;
import com.datadog.api.client.v2.model.Findings;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    AttachCaseRequest body =
        new AttachCaseRequest()
            .data(
                new AttachCaseRequestData()
                    .id("7d16945b-baf8-411e-ab2a-20fe43af1ea3")
                    .relationships(
                        new AttachCaseRequestDataRelationships()
                            .findings(
                                new Findings()
                                    .data(
                                        Collections.singletonList(
                                            new FindingData()
                                                .id(
                                                    "ZGZhMDI3ZjdjMDM3YjJmNzcxNTlhZGMwMjdmZWNiNTZ-MTVlYTNmYWU3NjNlOTNlYTE2YjM4N2JmZmI4Yjk5N2Y=")
                                                .type(FindingDataType.FINDINGS)))))
                    .type(CaseDataType.CASES));

    try {
      FindingCaseResponse result =
          apiInstance.attachCase("7d16945b-baf8-411e-ab2a-20fe43af1ea3", body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#attachCase");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    // Attach security findings to a case returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.AttachCaseRequest;
import com.datadog.api.client.v2.model.AttachCaseRequestData;
import com.datadog.api.client.v2.model.AttachCaseRequestDataRelationships;
import com.datadog.api.client.v2.model.CaseDataType;
import com.datadog.api.client.v2.model.FindingCaseResponse;
import com.datadog.api.client.v2.model.FindingData;
import com.datadog.api.client.v2.model.FindingDataType;
import com.datadog.api.client.v2.model.Findings;
import java.util.Arrays;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    AttachCaseRequest body =
        new AttachCaseRequest()
            .data(
                new AttachCaseRequestData()
                    .id("7d16945b-baf8-411e-ab2a-20fe43af1ea3")
                    .relationships(
                        new AttachCaseRequestDataRelationships()
                            .findings(
                                new Findings()
                                    .data(
                                        Arrays.asList(
                                            new FindingData()
                                                .id(
                                                    "ZGZhMDI3ZjdjMDM3YjJmNzcxNTlhZGMwMjdmZWNiNTZ-MTVlYTNmYWU3NjNlOTNlYTE2YjM4N2JmZmI4Yjk5N2Y=")
                                                .type(FindingDataType.FINDINGS),
                                            new FindingData()
                                                .id(
                                                    "MmUzMzZkODQ2YTI3NDU0OTk4NDk3NzhkOTY5YjU2Zjh-YWJjZGI1ODI4OTYzNWM3ZmUwZTBlOWRkYTRiMGUyOGQ=")
                                                .type(FindingDataType.FINDINGS)))))
                    .type(CaseDataType.CASES));

    try {
      FindingCaseResponse result =
          apiInstance.attachCase("7d16945b-baf8-411e-ab2a-20fe43af1ea3", body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#attachCase");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Attach security finding to a case returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.attach_case_request import AttachCaseRequest
from datadog_api_client.v2.model.attach_case_request_data import AttachCaseRequestData
from datadog_api_client.v2.model.attach_case_request_data_relationships import AttachCaseRequestDataRelationships
from datadog_api_client.v2.model.case_data_type import CaseDataType
from datadog_api_client.v2.model.finding_data import FindingData
from datadog_api_client.v2.model.finding_data_type import FindingDataType
from datadog_api_client.v2.model.findings import Findings

body = AttachCaseRequest(
    data=AttachCaseRequestData(
        id="7d16945b-baf8-411e-ab2a-20fe43af1ea3",
        relationships=AttachCaseRequestDataRelationships(
            findings=Findings(
                data=[
                    FindingData(
                        id="ZGZhMDI3ZjdjMDM3YjJmNzcxNTlhZGMwMjdmZWNiNTZ-MTVlYTNmYWU3NjNlOTNlYTE2YjM4N2JmZmI4Yjk5N2Y=",
                        type=FindingDataType.FINDINGS,
                    ),
                ],
            ),
        ),
        type=CaseDataType.CASES,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.attach_case(case_id="7d16945b-baf8-411e-ab2a-20fe43af1ea3", body=body)

    print(response)

    """
Attach security findings to a case returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.attach_case_request import AttachCaseRequest
from datadog_api_client.v2.model.attach_case_request_data import AttachCaseRequestData
from datadog_api_client.v2.model.attach_case_request_data_relationships import AttachCaseRequestDataRelationships
from datadog_api_client.v2.model.case_data_type import CaseDataType
from datadog_api_client.v2.model.finding_data import FindingData
from datadog_api_client.v2.model.finding_data_type import FindingDataType
from datadog_api_client.v2.model.findings import Findings

body = AttachCaseRequest(
    data=AttachCaseRequestData(
        id="7d16945b-baf8-411e-ab2a-20fe43af1ea3",
        relationships=AttachCaseRequestDataRelationships(
            findings=Findings(
                data=[
                    FindingData(
                        id="ZGZhMDI3ZjdjMDM3YjJmNzcxNTlhZGMwMjdmZWNiNTZ-MTVlYTNmYWU3NjNlOTNlYTE2YjM4N2JmZmI4Yjk5N2Y=",
                        type=FindingDataType.FINDINGS,
                    ),
                    FindingData(
                        id="MmUzMzZkODQ2YTI3NDU0OTk4NDk3NzhkOTY5YjU2Zjh-YWJjZGI1ODI4OTYzNWM3ZmUwZTBlOWRkYTRiMGUyOGQ=",
                        type=FindingDataType.FINDINGS,
                    ),
                ],
            ),
        ),
        type=CaseDataType.CASES,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.attach_case(case_id="7d16945b-baf8-411e-ab2a-20fe43af1ea3", body=body)

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Attach security finding to a case returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::AttachCaseRequest.new({
  data: DatadogAPIClient::V2::AttachCaseRequestData.new({
    id: "7d16945b-baf8-411e-ab2a-20fe43af1ea3",
    relationships: DatadogAPIClient::V2::AttachCaseRequestDataRelationships.new({
      findings: DatadogAPIClient::V2::Findings.new({
        data: [
          DatadogAPIClient::V2::FindingData.new({
            id: "ZGZhMDI3ZjdjMDM3YjJmNzcxNTlhZGMwMjdmZWNiNTZ-MTVlYTNmYWU3NjNlOTNlYTE2YjM4N2JmZmI4Yjk5N2Y=",
            type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
          }),
        ],
      }),
    }),
    type: DatadogAPIClient::V2::CaseDataType::CASES,
  }),
})
p api_instance.attach_case("7d16945b-baf8-411e-ab2a-20fe43af1ea3", body)

    # Attach security findings to a case returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::AttachCaseRequest.new({
  data: DatadogAPIClient::V2::AttachCaseRequestData.new({
    id: "7d16945b-baf8-411e-ab2a-20fe43af1ea3",
    relationships: DatadogAPIClient::V2::AttachCaseRequestDataRelationships.new({
      findings: DatadogAPIClient::V2::Findings.new({
        data: [
          DatadogAPIClient::V2::FindingData.new({
            id: "ZGZhMDI3ZjdjMDM3YjJmNzcxNTlhZGMwMjdmZWNiNTZ-MTVlYTNmYWU3NjNlOTNlYTE2YjM4N2JmZmI4Yjk5N2Y=",
            type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
          }),
          DatadogAPIClient::V2::FindingData.new({
            id: "MmUzMzZkODQ2YTI3NDU0OTk4NDk3NzhkOTY5YjU2Zjh-YWJjZGI1ODI4OTYzNWM3ZmUwZTBlOWRkYTRiMGUyOGQ=",
            type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
          }),
        ],
      }),
    }),
    type: DatadogAPIClient::V2::CaseDataType::CASES,
  }),
})
p api_instance.attach_case("7d16945b-baf8-411e-ab2a-20fe43af1ea3", body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Attach security finding to a case returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::AttachCaseRequest;
use datadog_api_client::datadogV2::model::AttachCaseRequestData;
use datadog_api_client::datadogV2::model::AttachCaseRequestDataRelationships;
use datadog_api_client::datadogV2::model::CaseDataType;
use datadog_api_client::datadogV2::model::FindingData;
use datadog_api_client::datadogV2::model::FindingDataType;
use datadog_api_client::datadogV2::model::Findings;

#[tokio::main]
async fn main() {
    let body =
        AttachCaseRequest
        ::new().data(
            AttachCaseRequestData::new(
                "7d16945b-baf8-411e-ab2a-20fe43af1ea3".to_string(),
                CaseDataType::CASES,
            ).relationships(
                AttachCaseRequestDataRelationships::new(
                    Findings
                    ::new().data(
                        vec![
                            FindingData::new(
                                "ZGZhMDI3ZjdjMDM3YjJmNzcxNTlhZGMwMjdmZWNiNTZ-MTVlYTNmYWU3NjNlOTNlYTE2YjM4N2JmZmI4Yjk5N2Y=".to_string(),
                                FindingDataType::FINDINGS,
                            )
                        ],
                    ),
                ),
            ),
        );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .attach_case("7d16945b-baf8-411e-ab2a-20fe43af1ea3".to_string(), body)
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    // Attach security findings to a case returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::AttachCaseRequest;
use datadog_api_client::datadogV2::model::AttachCaseRequestData;
use datadog_api_client::datadogV2::model::AttachCaseRequestDataRelationships;
use datadog_api_client::datadogV2::model::CaseDataType;
use datadog_api_client::datadogV2::model::FindingData;
use datadog_api_client::datadogV2::model::FindingDataType;
use datadog_api_client::datadogV2::model::Findings;

#[tokio::main]
async fn main() {
    let body =
        AttachCaseRequest
        ::new().data(
            AttachCaseRequestData::new(
                "7d16945b-baf8-411e-ab2a-20fe43af1ea3".to_string(),
                CaseDataType::CASES,
            ).relationships(
                AttachCaseRequestDataRelationships::new(
                    Findings
                    ::new().data(
                        vec![
                            FindingData::new(
                                "ZGZhMDI3ZjdjMDM3YjJmNzcxNTlhZGMwMjdmZWNiNTZ-MTVlYTNmYWU3NjNlOTNlYTE2YjM4N2JmZmI4Yjk5N2Y=".to_string(),
                                FindingDataType::FINDINGS,
                            ),
                            FindingData::new(
                                "MmUzMzZkODQ2YTI3NDU0OTk4NDk3NzhkOTY5YjU2Zjh-YWJjZGI1ODI4OTYzNWM3ZmUwZTBlOWRkYTRiMGUyOGQ=".to_string(),
                                FindingDataType::FINDINGS,
                            )
                        ],
                    ),
                ),
            ),
        );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .attach_case("7d16945b-baf8-411e-ab2a-20fe43af1ea3".to_string(), body)
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Attach security finding to a case returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiAttachCaseRequest = {
  body: {
    data: {
      id: "7d16945b-baf8-411e-ab2a-20fe43af1ea3",
      relationships: {
        findings: {
          data: [
            {
              id: "ZGZhMDI3ZjdjMDM3YjJmNzcxNTlhZGMwMjdmZWNiNTZ-MTVlYTNmYWU3NjNlOTNlYTE2YjM4N2JmZmI4Yjk5N2Y=",
              type: "findings",
            },
          ],
        },
      },
      type: "cases",
    },
  },
  caseId: "7d16945b-baf8-411e-ab2a-20fe43af1ea3",
};

apiInstance
  .attachCase(params)
  .then((data: v2.FindingCaseResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    /**
 * Attach security findings to a case returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiAttachCaseRequest = {
  body: {
    data: {
      id: "7d16945b-baf8-411e-ab2a-20fe43af1ea3",
      relationships: {
        findings: {
          data: [
            {
              id: "ZGZhMDI3ZjdjMDM3YjJmNzcxNTlhZGMwMjdmZWNiNTZ-MTVlYTNmYWU3NjNlOTNlYTE2YjM4N2JmZmI4Yjk5N2Y=",
              type: "findings",
            },
            {
              id: "MmUzMzZkODQ2YTI3NDU0OTk4NDk3NzhkOTY5YjU2Zjh-YWJjZGI1ODI4OTYzNWM3ZmUwZTBlOWRkYTRiMGUyOGQ=",
              type: "findings",
            },
          ],
        },
      },
      type: "cases",
    },
  },
  caseId: "7d16945b-baf8-411e-ab2a-20fe43af1ea3",
};

apiInstance
  .attachCase(params)
  .then((data: v2.FindingCaseResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Create Jira issues for security findings

    POST https://api.ap1.datadoghq.com/api/v2/security/findings/jira_issueshttps://api.ap2.datadoghq.com/api/v2/security/findings/jira_issueshttps://api.datadoghq.eu/api/v2/security/findings/jira_issueshttps://api.ddog-gov.com/api/v2/security/findings/jira_issueshttps://api.us2.ddog-gov.com/api/v2/security/findings/jira_issueshttps://api.datadoghq.com/api/v2/security/findings/jira_issueshttps://api.us3.datadoghq.com/api/v2/security/findings/jira_issueshttps://api.us5.datadoghq.com/api/v2/security/findings/jira_issues

    概要

    Create Jira issues for security findings. This operation creates a case in Datadog and a Jira issue linked to that case for bidirectional sync between Datadog and Jira. To configure the Jira integration, see Bidirectional ticket syncing with Jira. You can create up to 50 Jira issues per request and associate up to 50 security findings per Jira issue. Security findings that are already attached to another Jira issue will be detached from their previous Jira issue and attached to the newly created Jira issue. This endpoint requires any of the following permissions:

  • security_monitoring_findings_write
  • appsec_vm_write

    • リクエスト

    Body Data (required)

    Expand All

    フィールド

    種類

    説明

    data [required]

    [object]

    Array of Jira issue creation request data objects.

    attributes

    object

    Attributes of the Jira issue to create.

    assignee_id

    string

    Unique identifier of the Datadog user assigned to the Jira issue.

    description

    string

    Description of the Jira issue. If not provided, the description will be automatically generated.

    fields

    object

    Custom fields of the Jira issue to create. For the list of available fields, see Jira documentation.

    priority

    enum

    Datadog case priority mapped to the Jira issue priority. If not provided, the priority will be automatically set to "NOT_DEFINED". To configure the mapping, see Bidirectional ticket syncing with Jira. Allowed enum values: NOT_DEFINED,P1,P2,P3,P4,P5

    default: NOT_DEFINED

    title

    string

    Title of the Jira issue. If not provided, the title will be automatically generated.

    relationships

    object

    Relationships of the Jira issue to create.

    findings [required]

    object

    Security findings to create a Jira issue for.

    data

    [object]

    Array of security finding data objects.

    id [required]

    string

    Unique identifier of the security finding.

    type [required]

    enum

    Security findings resource type. Allowed enum values: findings

    default: findings

    project [required]

    object

    Case management project configured with the Jira integration. It is used to create the Jira issue. To configure the Jira integration, see Bidirectional ticket syncing with Jira.

    data [required]

    object

    Data object representing a case management project.

    id [required]

    string

    Unique identifier of the case management project.

    type [required]

    enum

    Projects resource type. Allowed enum values: projects

    default: projects

    type [required]

    enum

    Jira issues resource type. Allowed enum values: jira_issues

    default: jira_issues

    {
  "data": [
    {
      "attributes": {
        "title": "A title",
        "description": "A description"
      },
      "relationships": {
        "findings": {
          "data": [
            {
              "id": "YmNlZmJhYTcyMDU5ZDk0ZDhiNjRmNGI0NDk4MDdiNzN-MDJlMjg0NzNmYzJiODY2MzJkNjU0OTI4NmVhZTUyY2U=",
              "type": "findings"
            }
          ]
        },
        "project": {
          "data": {
            "id": "959a6f71-bac8-4027-b1d3-2264f569296f",
            "type": "projects"
          }
        }
      },
      "type": "jira_issues"
    }
  ]
}
    {
  "data": [
    {
      "attributes": {
        "title": "A title",
        "description": "A description"
      },
      "relationships": {
        "findings": {
          "data": [
            {
              "id": "a3ZoLXNjbS14eXV-aS0wNWY5MGYwMGE4NDg2ODdlOA==",
              "type": "findings"
            },
            {
              "id": "eWswLWJsdC1hZm5-aS0wMjRlYTgwMzVkZTU1MGIwYQ==",
              "type": "findings"
            }
          ]
        },
        "project": {
          "data": {
            "id": "959a6f71-bac8-4027-b1d3-2264f569296f",
            "type": "projects"
          }
        }
      },
      "type": "jira_issues"
    }
  ]
}
    {
  "data": [
    {
      "attributes": {
        "title": "A title",
        "description": "A description"
      },
      "relationships": {
        "findings": {
          "data": [
            {
              "id": "eWswLWJsdC1hZm5-aS0wMjRlYTgwMzVkZTU1MGIwYQ==",
              "type": "findings"
            }
          ]
        },
        "project": {
          "data": {
            "id": "959a6f71-bac8-4027-b1d3-2264f569296f",
            "type": "projects"
          }
        }
      },
      "type": "jira_issues"
    },
    {
      "attributes": {
        "title": "A title",
        "description": "A description"
      },
      "relationships": {
        "findings": {
          "data": [
            {
              "id": "a3ZoLXNjbS14eXV-aS0wNWY5MGYwMGE4NDg2ODdlOA==",
              "type": "findings"
            }
          ]
        },
        "project": {
          "data": {
            "id": "959a6f71-bac8-4027-b1d3-2264f569296f",
            "type": "projects"
          }
        }
      },
      "type": "jira_issues"
    }
  ]
}

    応答

    Created

    List of case responses.

    Expand All

    フィールド

    種類

    説明

    data [required]

    [object]

    Array of case response data objects.

    attributes

    object

    Attributes of the case.

    archived_at

    date-time

    Timestamp of when the case was archived.

    assigned_to

    object

    User assigned to the case.

    data [required]

    object

    Relationship to user object.

    id [required]

    string

    A unique identifier that represents the user.

    type [required]

    enum

    Users resource type. Allowed enum values: users

    default: users

    attributes

    object

    Custom attributes associated with the case as key-value pairs where values are string arrays.

    <any-key>

    [string]

    closed_at

    date-time

    Timestamp of when the case was closed.

    created_at

    date-time

    Timestamp of when the case was created.

    creation_source

    string

    Source of the case creation.

    description

    string

    Description of the case.

    due_date

    string

    Due date of the case.

    insights

    [object]

    Insights of the case.

    ref

    string

    Reference of the insight.

    resource_id

    string

    Unique identifier of the resource. For example, the unique identifier of a security finding.

    type

    string

    Type of the resource. For example, the type of a security finding is "SECURITY_FINDING".

    jira_issue

    object

    Jira issue associated with the case.

    error_message

    string

    Error message if the Jira issue creation failed.

    result

    object

    Result of the Jira issue creation.

    account_id

    string

    Account ID of the Jira issue.

    issue_id

    string

    Unique identifier of the Jira issue.

    issue_key

    string

    Key of the Jira issue.

    issue_url

    string

    URL of the Jira issue.

    status

    string

    Status of the Jira issue creation. Can be "COMPLETED" if the Jira issue was created successfully, or "FAILED" if the Jira issue creation failed.

    key

    string

    Key of the case.

    modified_at

    date-time

    Timestamp of when the case was last modified.

    priority

    string

    Priority of the case.

    status

    string

    Status of the case.

    status_group

    string

    Status group of the case.

    status_name

    string

    Status name of the case.

    title

    string

    Title of the case.

    type

    string

    Type of the case. For security cases, this is always "SECURITY".

    id

    string

    Unique identifier of the case.

    relationships

    object

    Relationships of the case.

    created_by

    object

    User who created the case.

    data [required]

    object

    Relationship to user object.

    id [required]

    string

    A unique identifier that represents the user.

    type [required]

    enum

    Users resource type. Allowed enum values: users

    default: users

    modified_by

    object

    User who last modified the case.

    data [required]

    object

    Relationship to user object.

    id [required]

    string

    A unique identifier that represents the user.

    type [required]

    enum

    Users resource type. Allowed enum values: users

    default: users

    project

    object

    Project in which the case was created.

    data [required]

    object

    Data object representing a case management project.

    id [required]

    string

    Unique identifier of the case management project.

    type [required]

    enum

    Projects resource type. Allowed enum values: projects

    default: projects

    type [required]

    enum

    Cases resource type. Allowed enum values: cases

    default: cases

    {
  "data": [
    {
      "attributes": {
        "archived_at": "2025-01-01T00:00:00.000Z",
        "assigned_to": {
          "data": {
            "id": "00000000-0000-0000-2345-000000000000",
            "type": "users"
          }
        },
        "attributes": {
          "<any-key>": []
        },
        "closed_at": "2025-01-01T00:00:00.000Z",
        "created_at": "2025-01-01T00:00:00.000Z",
        "creation_source": "CS_SECURITY_FINDING",
        "description": "A description of the case.",
        "due_date": "2025-01-01",
        "insights": [
          {
            "ref": "/security/appsec/vm/library/vulnerability/dfa027f7c037b2f77159adc027fecb56?detection=static",
            "resource_id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
            "type": "SECURITY_FINDING"
          }
        ],
        "jira_issue": {
          "error_message": "{\"errorMessages\":[\"An error occured.\"],\"errors\":{}}",
          "result": {
            "account_id": "463a8631-680e-455c-bfd3-3ed04d326eb7",
            "issue_id": "2871276",
            "issue_key": "PROJ-123",
            "issue_url": "https://domain.atlassian.net/browse/PROJ-123"
          },
          "status": "COMPLETED"
        },
        "key": "PROJ-123",
        "modified_at": "2025-01-01T00:00:00.000Z",
        "priority": "P4",
        "status": "OPEN",
        "status_group": "SG_OPEN",
        "status_name": "Open",
        "title": "A title for the case.",
        "type": "SECURITY"
      },
      "id": "c1234567-89ab-cdef-0123-456789abcdef",
      "relationships": {
        "created_by": {
          "data": {
            "id": "00000000-0000-0000-2345-000000000000",
            "type": "users"
          }
        },
        "modified_by": {
          "data": {
            "id": "00000000-0000-0000-2345-000000000000",
            "type": "users"
          }
        },
        "project": {
          "data": {
            "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001",
            "type": "projects"
          }
        }
      },
      "type": "cases"
    }
  ]
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Curl command
    curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/findings/jira_issues" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": [
    {
      "attributes": {
        "assignee_id": "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0",
        "description": "A description of the Jira issue.",
        "fields": {
          "key1": "value",
          "key2": [
            "value"
          ],
          "key3": {
            "key4": "value"
          }
        },
        "priority": "NOT_DEFINED",
        "title": "A title for the Jira issue."
      },
      "relationships": {
        "project": {
          "data": {
            "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001"
          }
        }
      },
      "type": "jira_issues"
    }
  ]
}
EOF
    
                        
                              ## default
# 

    # Curl command
    curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/findings/jira_issues" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": [
    {
      "attributes": {
        "assignee_id": "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0",
        "description": "A description of the Jira issue.",
        "fields": {
          "key1": "value",
          "key2": [
            "value"
          ],
          "key3": {
            "key4": "value"
          }
        },
        "priority": "NOT_DEFINED",
        "title": "A title for the Jira issue."
      },
      "relationships": {
        "project": {
          "data": {
            "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001"
          }
        }
      },
      "type": "jira_issues"
    }
  ]
}
EOF
    
                        
                              ## default
# 

    # Curl command
    curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/findings/jira_issues" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": [
    {
      "attributes": {
        "assignee_id": "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0",
        "description": "A description of the Jira issue.",
        "fields": {
          "key1": "value",
          "key2": [
            "value"
          ],
          "key3": {
            "key4": "value"
          }
        },
        "priority": "NOT_DEFINED",
        "title": "A title for the Jira issue."
      },
      "relationships": {
        "project": {
          "data": {
            "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001"
          }
        }
      },
      "type": "jira_issues"
    }
  ]
}
EOF
    
                        
    // Create Jira issue for security finding returns "Created" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.CreateJiraIssueRequestArray{
		Data: []datadogV2.CreateJiraIssueRequestData{
			{
				Attributes: &datadogV2.CreateJiraIssueRequestDataAttributes{
					Title:       datadog.PtrString("A title"),
					Description: datadog.PtrString("A description"),
				},
				Relationships: &datadogV2.CreateJiraIssueRequestDataRelationships{
					Findings: datadogV2.Findings{
						Data: []datadogV2.FindingData{
							{
								Id:   "YmNlZmJhYTcyMDU5ZDk0ZDhiNjRmNGI0NDk4MDdiNzN-MDJlMjg0NzNmYzJiODY2MzJkNjU0OTI4NmVhZTUyY2U=",
								Type: datadogV2.FINDINGDATATYPE_FINDINGS,
							},
						},
					},
					Project: datadogV2.CaseManagementProject{
						Data: datadogV2.CaseManagementProjectData{
							Id:   "959a6f71-bac8-4027-b1d3-2264f569296f",
							Type: datadogV2.CASEMANAGEMENTPROJECTDATATYPE_PROJECTS,
						},
					},
				},
				Type: datadogV2.JIRAISSUESDATATYPE_JIRA_ISSUES,
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateJiraIssues(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateJiraIssues`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateJiraIssues`:\n%s\n", responseContent)
}

    // Create Jira issue for security findings returns "Created" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.CreateJiraIssueRequestArray{
		Data: []datadogV2.CreateJiraIssueRequestData{
			{
				Attributes: &datadogV2.CreateJiraIssueRequestDataAttributes{
					Title:       datadog.PtrString("A title"),
					Description: datadog.PtrString("A description"),
				},
				Relationships: &datadogV2.CreateJiraIssueRequestDataRelationships{
					Findings: datadogV2.Findings{
						Data: []datadogV2.FindingData{
							{
								Id:   "a3ZoLXNjbS14eXV-aS0wNWY5MGYwMGE4NDg2ODdlOA==",
								Type: datadogV2.FINDINGDATATYPE_FINDINGS,
							},
							{
								Id:   "eWswLWJsdC1hZm5-aS0wMjRlYTgwMzVkZTU1MGIwYQ==",
								Type: datadogV2.FINDINGDATATYPE_FINDINGS,
							},
						},
					},
					Project: datadogV2.CaseManagementProject{
						Data: datadogV2.CaseManagementProjectData{
							Id:   "959a6f71-bac8-4027-b1d3-2264f569296f",
							Type: datadogV2.CASEMANAGEMENTPROJECTDATATYPE_PROJECTS,
						},
					},
				},
				Type: datadogV2.JIRAISSUESDATATYPE_JIRA_ISSUES,
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateJiraIssues(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateJiraIssues`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateJiraIssues`:\n%s\n", responseContent)
}

    // Create Jira issues for security findings returns "Created" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.CreateJiraIssueRequestArray{
		Data: []datadogV2.CreateJiraIssueRequestData{
			{
				Attributes: &datadogV2.CreateJiraIssueRequestDataAttributes{
					Title:       datadog.PtrString("A title"),
					Description: datadog.PtrString("A description"),
				},
				Relationships: &datadogV2.CreateJiraIssueRequestDataRelationships{
					Findings: datadogV2.Findings{
						Data: []datadogV2.FindingData{
							{
								Id:   "eWswLWJsdC1hZm5-aS0wMjRlYTgwMzVkZTU1MGIwYQ==",
								Type: datadogV2.FINDINGDATATYPE_FINDINGS,
							},
						},
					},
					Project: datadogV2.CaseManagementProject{
						Data: datadogV2.CaseManagementProjectData{
							Id:   "959a6f71-bac8-4027-b1d3-2264f569296f",
							Type: datadogV2.CASEMANAGEMENTPROJECTDATATYPE_PROJECTS,
						},
					},
				},
				Type: datadogV2.JIRAISSUESDATATYPE_JIRA_ISSUES,
			},
			{
				Attributes: &datadogV2.CreateJiraIssueRequestDataAttributes{
					Title:       datadog.PtrString("A title"),
					Description: datadog.PtrString("A description"),
				},
				Relationships: &datadogV2.CreateJiraIssueRequestDataRelationships{
					Findings: datadogV2.Findings{
						Data: []datadogV2.FindingData{
							{
								Id:   "a3ZoLXNjbS14eXV-aS0wNWY5MGYwMGE4NDg2ODdlOA==",
								Type: datadogV2.FINDINGDATATYPE_FINDINGS,
							},
						},
					},
					Project: datadogV2.CaseManagementProject{
						Data: datadogV2.CaseManagementProjectData{
							Id:   "959a6f71-bac8-4027-b1d3-2264f569296f",
							Type: datadogV2.CASEMANAGEMENTPROJECTDATATYPE_PROJECTS,
						},
					},
				},
				Type: datadogV2.JIRAISSUESDATATYPE_JIRA_ISSUES,
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateJiraIssues(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateJiraIssues`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateJiraIssues`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Create Jira issue for security finding returns "Created" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.CaseManagementProject;
import com.datadog.api.client.v2.model.CaseManagementProjectData;
import com.datadog.api.client.v2.model.CaseManagementProjectDataType;
import com.datadog.api.client.v2.model.CreateJiraIssueRequestArray;
import com.datadog.api.client.v2.model.CreateJiraIssueRequestData;
import com.datadog.api.client.v2.model.CreateJiraIssueRequestDataAttributes;
import com.datadog.api.client.v2.model.CreateJiraIssueRequestDataRelationships;
import com.datadog.api.client.v2.model.FindingCaseResponseArray;
import com.datadog.api.client.v2.model.FindingData;
import com.datadog.api.client.v2.model.FindingDataType;
import com.datadog.api.client.v2.model.Findings;
import com.datadog.api.client.v2.model.JiraIssuesDataType;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    CreateJiraIssueRequestArray body =
        new CreateJiraIssueRequestArray()
            .data(
                Collections.singletonList(
                    new CreateJiraIssueRequestData()
                        .attributes(
                            new CreateJiraIssueRequestDataAttributes()
                                .title("A title")
                                .description("A description"))
                        .relationships(
                            new CreateJiraIssueRequestDataRelationships()
                                .findings(
                                    new Findings()
                                        .data(
                                            Collections.singletonList(
                                                new FindingData()
                                                    .id(
                                                        "YmNlZmJhYTcyMDU5ZDk0ZDhiNjRmNGI0NDk4MDdiNzN-MDJlMjg0NzNmYzJiODY2MzJkNjU0OTI4NmVhZTUyY2U=")
                                                    .type(FindingDataType.FINDINGS))))
                                .project(
                                    new CaseManagementProject()
                                        .data(
                                            new CaseManagementProjectData()
                                                .id("959a6f71-bac8-4027-b1d3-2264f569296f")
                                                .type(CaseManagementProjectDataType.PROJECTS))))
                        .type(JiraIssuesDataType.JIRA_ISSUES)));

    try {
      FindingCaseResponseArray result = apiInstance.createJiraIssues(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#createJiraIssues");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    // Create Jira issue for security findings returns "Created" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.CaseManagementProject;
import com.datadog.api.client.v2.model.CaseManagementProjectData;
import com.datadog.api.client.v2.model.CaseManagementProjectDataType;
import com.datadog.api.client.v2.model.CreateJiraIssueRequestArray;
import com.datadog.api.client.v2.model.CreateJiraIssueRequestData;
import com.datadog.api.client.v2.model.CreateJiraIssueRequestDataAttributes;
import com.datadog.api.client.v2.model.CreateJiraIssueRequestDataRelationships;
import com.datadog.api.client.v2.model.FindingCaseResponseArray;
import com.datadog.api.client.v2.model.FindingData;
import com.datadog.api.client.v2.model.FindingDataType;
import com.datadog.api.client.v2.model.Findings;
import com.datadog.api.client.v2.model.JiraIssuesDataType;
import java.util.Arrays;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    CreateJiraIssueRequestArray body =
        new CreateJiraIssueRequestArray()
            .data(
                Collections.singletonList(
                    new CreateJiraIssueRequestData()
                        .attributes(
                            new CreateJiraIssueRequestDataAttributes()
                                .title("A title")
                                .description("A description"))
                        .relationships(
                            new CreateJiraIssueRequestDataRelationships()
                                .findings(
                                    new Findings()
                                        .data(
                                            Arrays.asList(
                                                new FindingData()
                                                    .id(
                                                        "a3ZoLXNjbS14eXV-aS0wNWY5MGYwMGE4NDg2ODdlOA==")
                                                    .type(FindingDataType.FINDINGS),
                                                new FindingData()
                                                    .id(
                                                        "eWswLWJsdC1hZm5-aS0wMjRlYTgwMzVkZTU1MGIwYQ==")
                                                    .type(FindingDataType.FINDINGS))))
                                .project(
                                    new CaseManagementProject()
                                        .data(
                                            new CaseManagementProjectData()
                                                .id("959a6f71-bac8-4027-b1d3-2264f569296f")
                                                .type(CaseManagementProjectDataType.PROJECTS))))
                        .type(JiraIssuesDataType.JIRA_ISSUES)));

    try {
      FindingCaseResponseArray result = apiInstance.createJiraIssues(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#createJiraIssues");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    // Create Jira issues for security findings returns "Created" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.CaseManagementProject;
import com.datadog.api.client.v2.model.CaseManagementProjectData;
import com.datadog.api.client.v2.model.CaseManagementProjectDataType;
import com.datadog.api.client.v2.model.CreateJiraIssueRequestArray;
import com.datadog.api.client.v2.model.CreateJiraIssueRequestData;
import com.datadog.api.client.v2.model.CreateJiraIssueRequestDataAttributes;
import com.datadog.api.client.v2.model.CreateJiraIssueRequestDataRelationships;
import com.datadog.api.client.v2.model.FindingCaseResponseArray;
import com.datadog.api.client.v2.model.FindingData;
import com.datadog.api.client.v2.model.FindingDataType;
import com.datadog.api.client.v2.model.Findings;
import com.datadog.api.client.v2.model.JiraIssuesDataType;
import java.util.Arrays;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    CreateJiraIssueRequestArray body =
        new CreateJiraIssueRequestArray()
            .data(
                Arrays.asList(
                    new CreateJiraIssueRequestData()
                        .attributes(
                            new CreateJiraIssueRequestDataAttributes()
                                .title("A title")
                                .description("A description"))
                        .relationships(
                            new CreateJiraIssueRequestDataRelationships()
                                .findings(
                                    new Findings()
                                        .data(
                                            Collections.singletonList(
                                                new FindingData()
                                                    .id(
                                                        "eWswLWJsdC1hZm5-aS0wMjRlYTgwMzVkZTU1MGIwYQ==")
                                                    .type(FindingDataType.FINDINGS))))
                                .project(
                                    new CaseManagementProject()
                                        .data(
                                            new CaseManagementProjectData()
                                                .id("959a6f71-bac8-4027-b1d3-2264f569296f")
                                                .type(CaseManagementProjectDataType.PROJECTS))))
                        .type(JiraIssuesDataType.JIRA_ISSUES),
                    new CreateJiraIssueRequestData()
                        .attributes(
                            new CreateJiraIssueRequestDataAttributes()
                                .title("A title")
                                .description("A description"))
                        .relationships(
                            new CreateJiraIssueRequestDataRelationships()
                                .findings(
                                    new Findings()
                                        .data(
                                            Collections.singletonList(
                                                new FindingData()
                                                    .id(
                                                        "a3ZoLXNjbS14eXV-aS0wNWY5MGYwMGE4NDg2ODdlOA==")
                                                    .type(FindingDataType.FINDINGS))))
                                .project(
                                    new CaseManagementProject()
                                        .data(
                                            new CaseManagementProjectData()
                                                .id("959a6f71-bac8-4027-b1d3-2264f569296f")
                                                .type(CaseManagementProjectDataType.PROJECTS))))
                        .type(JiraIssuesDataType.JIRA_ISSUES)));

    try {
      FindingCaseResponseArray result = apiInstance.createJiraIssues(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#createJiraIssues");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Create Jira issue for security finding returns "Created" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.case_management_project import CaseManagementProject
from datadog_api_client.v2.model.case_management_project_data import CaseManagementProjectData
from datadog_api_client.v2.model.case_management_project_data_type import CaseManagementProjectDataType
from datadog_api_client.v2.model.create_jira_issue_request_array import CreateJiraIssueRequestArray
from datadog_api_client.v2.model.create_jira_issue_request_data import CreateJiraIssueRequestData
from datadog_api_client.v2.model.create_jira_issue_request_data_attributes import CreateJiraIssueRequestDataAttributes
from datadog_api_client.v2.model.create_jira_issue_request_data_relationships import (
    CreateJiraIssueRequestDataRelationships,
)
from datadog_api_client.v2.model.finding_data import FindingData
from datadog_api_client.v2.model.finding_data_type import FindingDataType
from datadog_api_client.v2.model.findings import Findings
from datadog_api_client.v2.model.jira_issues_data_type import JiraIssuesDataType

body = CreateJiraIssueRequestArray(
    data=[
        CreateJiraIssueRequestData(
            attributes=CreateJiraIssueRequestDataAttributes(
                title="A title",
                description="A description",
            ),
            relationships=CreateJiraIssueRequestDataRelationships(
                findings=Findings(
                    data=[
                        FindingData(
                            id="YmNlZmJhYTcyMDU5ZDk0ZDhiNjRmNGI0NDk4MDdiNzN-MDJlMjg0NzNmYzJiODY2MzJkNjU0OTI4NmVhZTUyY2U=",
                            type=FindingDataType.FINDINGS,
                        ),
                    ],
                ),
                project=CaseManagementProject(
                    data=CaseManagementProjectData(
                        id="959a6f71-bac8-4027-b1d3-2264f569296f",
                        type=CaseManagementProjectDataType.PROJECTS,
                    ),
                ),
            ),
            type=JiraIssuesDataType.JIRA_ISSUES,
        ),
    ],
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_jira_issues(body=body)

    print(response)

    """
Create Jira issue for security findings returns "Created" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.case_management_project import CaseManagementProject
from datadog_api_client.v2.model.case_management_project_data import CaseManagementProjectData
from datadog_api_client.v2.model.case_management_project_data_type import CaseManagementProjectDataType
from datadog_api_client.v2.model.create_jira_issue_request_array import CreateJiraIssueRequestArray
from datadog_api_client.v2.model.create_jira_issue_request_data import CreateJiraIssueRequestData
from datadog_api_client.v2.model.create_jira_issue_request_data_attributes import CreateJiraIssueRequestDataAttributes
from datadog_api_client.v2.model.create_jira_issue_request_data_relationships import (
    CreateJiraIssueRequestDataRelationships,
)
from datadog_api_client.v2.model.finding_data import FindingData
from datadog_api_client.v2.model.finding_data_type import FindingDataType
from datadog_api_client.v2.model.findings import Findings
from datadog_api_client.v2.model.jira_issues_data_type import JiraIssuesDataType

body = CreateJiraIssueRequestArray(
    data=[
        CreateJiraIssueRequestData(
            attributes=CreateJiraIssueRequestDataAttributes(
                title="A title",
                description="A description",
            ),
            relationships=CreateJiraIssueRequestDataRelationships(
                findings=Findings(
                    data=[
                        FindingData(
                            id="a3ZoLXNjbS14eXV-aS0wNWY5MGYwMGE4NDg2ODdlOA==",
                            type=FindingDataType.FINDINGS,
                        ),
                        FindingData(
                            id="eWswLWJsdC1hZm5-aS0wMjRlYTgwMzVkZTU1MGIwYQ==",
                            type=FindingDataType.FINDINGS,
                        ),
                    ],
                ),
                project=CaseManagementProject(
                    data=CaseManagementProjectData(
                        id="959a6f71-bac8-4027-b1d3-2264f569296f",
                        type=CaseManagementProjectDataType.PROJECTS,
                    ),
                ),
            ),
            type=JiraIssuesDataType.JIRA_ISSUES,
        ),
    ],
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_jira_issues(body=body)

    print(response)

    """
Create Jira issues for security findings returns "Created" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.case_management_project import CaseManagementProject
from datadog_api_client.v2.model.case_management_project_data import CaseManagementProjectData
from datadog_api_client.v2.model.case_management_project_data_type import CaseManagementProjectDataType
from datadog_api_client.v2.model.create_jira_issue_request_array import CreateJiraIssueRequestArray
from datadog_api_client.v2.model.create_jira_issue_request_data import CreateJiraIssueRequestData
from datadog_api_client.v2.model.create_jira_issue_request_data_attributes import CreateJiraIssueRequestDataAttributes
from datadog_api_client.v2.model.create_jira_issue_request_data_relationships import (
    CreateJiraIssueRequestDataRelationships,
)
from datadog_api_client.v2.model.finding_data import FindingData
from datadog_api_client.v2.model.finding_data_type import FindingDataType
from datadog_api_client.v2.model.findings import Findings
from datadog_api_client.v2.model.jira_issues_data_type import JiraIssuesDataType

body = CreateJiraIssueRequestArray(
    data=[
        CreateJiraIssueRequestData(
            attributes=CreateJiraIssueRequestDataAttributes(
                title="A title",
                description="A description",
            ),
            relationships=CreateJiraIssueRequestDataRelationships(
                findings=Findings(
                    data=[
                        FindingData(
                            id="eWswLWJsdC1hZm5-aS0wMjRlYTgwMzVkZTU1MGIwYQ==",
                            type=FindingDataType.FINDINGS,
                        ),
                    ],
                ),
                project=CaseManagementProject(
                    data=CaseManagementProjectData(
                        id="959a6f71-bac8-4027-b1d3-2264f569296f",
                        type=CaseManagementProjectDataType.PROJECTS,
                    ),
                ),
            ),
            type=JiraIssuesDataType.JIRA_ISSUES,
        ),
        CreateJiraIssueRequestData(
            attributes=CreateJiraIssueRequestDataAttributes(
                title="A title",
                description="A description",
            ),
            relationships=CreateJiraIssueRequestDataRelationships(
                findings=Findings(
                    data=[
                        FindingData(
                            id="a3ZoLXNjbS14eXV-aS0wNWY5MGYwMGE4NDg2ODdlOA==",
                            type=FindingDataType.FINDINGS,
                        ),
                    ],
                ),
                project=CaseManagementProject(
                    data=CaseManagementProjectData(
                        id="959a6f71-bac8-4027-b1d3-2264f569296f",
                        type=CaseManagementProjectDataType.PROJECTS,
                    ),
                ),
            ),
            type=JiraIssuesDataType.JIRA_ISSUES,
        ),
    ],
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_jira_issues(body=body)

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Create Jira issue for security finding returns "Created" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::CreateJiraIssueRequestArray.new({
  data: [
    DatadogAPIClient::V2::CreateJiraIssueRequestData.new({
      attributes: DatadogAPIClient::V2::CreateJiraIssueRequestDataAttributes.new({
        title: "A title",
        description: "A description",
      }),
      relationships: DatadogAPIClient::V2::CreateJiraIssueRequestDataRelationships.new({
        findings: DatadogAPIClient::V2::Findings.new({
          data: [
            DatadogAPIClient::V2::FindingData.new({
              id: "YmNlZmJhYTcyMDU5ZDk0ZDhiNjRmNGI0NDk4MDdiNzN-MDJlMjg0NzNmYzJiODY2MzJkNjU0OTI4NmVhZTUyY2U=",
              type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
            }),
          ],
        }),
        project: DatadogAPIClient::V2::CaseManagementProject.new({
          data: DatadogAPIClient::V2::CaseManagementProjectData.new({
            id: "959a6f71-bac8-4027-b1d3-2264f569296f",
            type: DatadogAPIClient::V2::CaseManagementProjectDataType::PROJECTS,
          }),
        }),
      }),
      type: DatadogAPIClient::V2::JiraIssuesDataType::JIRA_ISSUES,
    }),
  ],
})
p api_instance.create_jira_issues(body)

    # Create Jira issue for security findings returns "Created" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::CreateJiraIssueRequestArray.new({
  data: [
    DatadogAPIClient::V2::CreateJiraIssueRequestData.new({
      attributes: DatadogAPIClient::V2::CreateJiraIssueRequestDataAttributes.new({
        title: "A title",
        description: "A description",
      }),
      relationships: DatadogAPIClient::V2::CreateJiraIssueRequestDataRelationships.new({
        findings: DatadogAPIClient::V2::Findings.new({
          data: [
            DatadogAPIClient::V2::FindingData.new({
              id: "a3ZoLXNjbS14eXV-aS0wNWY5MGYwMGE4NDg2ODdlOA==",
              type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
            }),
            DatadogAPIClient::V2::FindingData.new({
              id: "eWswLWJsdC1hZm5-aS0wMjRlYTgwMzVkZTU1MGIwYQ==",
              type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
            }),
          ],
        }),
        project: DatadogAPIClient::V2::CaseManagementProject.new({
          data: DatadogAPIClient::V2::CaseManagementProjectData.new({
            id: "959a6f71-bac8-4027-b1d3-2264f569296f",
            type: DatadogAPIClient::V2::CaseManagementProjectDataType::PROJECTS,
          }),
        }),
      }),
      type: DatadogAPIClient::V2::JiraIssuesDataType::JIRA_ISSUES,
    }),
  ],
})
p api_instance.create_jira_issues(body)

    # Create Jira issues for security findings returns "Created" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::CreateJiraIssueRequestArray.new({
  data: [
    DatadogAPIClient::V2::CreateJiraIssueRequestData.new({
      attributes: DatadogAPIClient::V2::CreateJiraIssueRequestDataAttributes.new({
        title: "A title",
        description: "A description",
      }),
      relationships: DatadogAPIClient::V2::CreateJiraIssueRequestDataRelationships.new({
        findings: DatadogAPIClient::V2::Findings.new({
          data: [
            DatadogAPIClient::V2::FindingData.new({
              id: "eWswLWJsdC1hZm5-aS0wMjRlYTgwMzVkZTU1MGIwYQ==",
              type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
            }),
          ],
        }),
        project: DatadogAPIClient::V2::CaseManagementProject.new({
          data: DatadogAPIClient::V2::CaseManagementProjectData.new({
            id: "959a6f71-bac8-4027-b1d3-2264f569296f",
            type: DatadogAPIClient::V2::CaseManagementProjectDataType::PROJECTS,
          }),
        }),
      }),
      type: DatadogAPIClient::V2::JiraIssuesDataType::JIRA_ISSUES,
    }),
    DatadogAPIClient::V2::CreateJiraIssueRequestData.new({
      attributes: DatadogAPIClient::V2::CreateJiraIssueRequestDataAttributes.new({
        title: "A title",
        description: "A description",
      }),
      relationships: DatadogAPIClient::V2::CreateJiraIssueRequestDataRelationships.new({
        findings: DatadogAPIClient::V2::Findings.new({
          data: [
            DatadogAPIClient::V2::FindingData.new({
              id: "a3ZoLXNjbS14eXV-aS0wNWY5MGYwMGE4NDg2ODdlOA==",
              type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
            }),
          ],
        }),
        project: DatadogAPIClient::V2::CaseManagementProject.new({
          data: DatadogAPIClient::V2::CaseManagementProjectData.new({
            id: "959a6f71-bac8-4027-b1d3-2264f569296f",
            type: DatadogAPIClient::V2::CaseManagementProjectDataType::PROJECTS,
          }),
        }),
      }),
      type: DatadogAPIClient::V2::JiraIssuesDataType::JIRA_ISSUES,
    }),
  ],
})
p api_instance.create_jira_issues(body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Create Jira issue for security finding returns "Created" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::CaseManagementProject;
use datadog_api_client::datadogV2::model::CaseManagementProjectData;
use datadog_api_client::datadogV2::model::CaseManagementProjectDataType;
use datadog_api_client::datadogV2::model::CreateJiraIssueRequestArray;
use datadog_api_client::datadogV2::model::CreateJiraIssueRequestData;
use datadog_api_client::datadogV2::model::CreateJiraIssueRequestDataAttributes;
use datadog_api_client::datadogV2::model::CreateJiraIssueRequestDataRelationships;
use datadog_api_client::datadogV2::model::FindingData;
use datadog_api_client::datadogV2::model::FindingDataType;
use datadog_api_client::datadogV2::model::Findings;
use datadog_api_client::datadogV2::model::JiraIssuesDataType;

#[tokio::main]
async fn main() {
    let body =
        CreateJiraIssueRequestArray::new(
            vec![
                CreateJiraIssueRequestData::new(JiraIssuesDataType::JIRA_ISSUES)
                    .attributes(
                        CreateJiraIssueRequestDataAttributes::new()
                            .description("A description".to_string())
                            .title("A title".to_string()),
                    )
                    .relationships(
                        CreateJiraIssueRequestDataRelationships::new(
                            Findings
                            ::new().data(
                                vec![
                                    FindingData::new(
                                        "YmNlZmJhYTcyMDU5ZDk0ZDhiNjRmNGI0NDk4MDdiNzN-MDJlMjg0NzNmYzJiODY2MzJkNjU0OTI4NmVhZTUyY2U=".to_string(),
                                        FindingDataType::FINDINGS,
                                    )
                                ],
                            ),
                            CaseManagementProject::new(
                                CaseManagementProjectData::new(
                                    "959a6f71-bac8-4027-b1d3-2264f569296f".to_string(),
                                    CaseManagementProjectDataType::PROJECTS,
                                ),
                            ),
                        ),
                    )
            ],
        );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_jira_issues(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    // Create Jira issue for security findings returns "Created" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::CaseManagementProject;
use datadog_api_client::datadogV2::model::CaseManagementProjectData;
use datadog_api_client::datadogV2::model::CaseManagementProjectDataType;
use datadog_api_client::datadogV2::model::CreateJiraIssueRequestArray;
use datadog_api_client::datadogV2::model::CreateJiraIssueRequestData;
use datadog_api_client::datadogV2::model::CreateJiraIssueRequestDataAttributes;
use datadog_api_client::datadogV2::model::CreateJiraIssueRequestDataRelationships;
use datadog_api_client::datadogV2::model::FindingData;
use datadog_api_client::datadogV2::model::FindingDataType;
use datadog_api_client::datadogV2::model::Findings;
use datadog_api_client::datadogV2::model::JiraIssuesDataType;

#[tokio::main]
async fn main() {
    let body = CreateJiraIssueRequestArray::new(vec![CreateJiraIssueRequestData::new(
        JiraIssuesDataType::JIRA_ISSUES,
    )
    .attributes(
        CreateJiraIssueRequestDataAttributes::new()
            .description("A description".to_string())
            .title("A title".to_string()),
    )
    .relationships(CreateJiraIssueRequestDataRelationships::new(
        Findings::new().data(vec![
            FindingData::new(
                "a3ZoLXNjbS14eXV-aS0wNWY5MGYwMGE4NDg2ODdlOA==".to_string(),
                FindingDataType::FINDINGS,
            ),
            FindingData::new(
                "eWswLWJsdC1hZm5-aS0wMjRlYTgwMzVkZTU1MGIwYQ==".to_string(),
                FindingDataType::FINDINGS,
            ),
        ]),
        CaseManagementProject::new(CaseManagementProjectData::new(
            "959a6f71-bac8-4027-b1d3-2264f569296f".to_string(),
            CaseManagementProjectDataType::PROJECTS,
        )),
    ))]);
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_jira_issues(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    // Create Jira issues for security findings returns "Created" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::CaseManagementProject;
use datadog_api_client::datadogV2::model::CaseManagementProjectData;
use datadog_api_client::datadogV2::model::CaseManagementProjectDataType;
use datadog_api_client::datadogV2::model::CreateJiraIssueRequestArray;
use datadog_api_client::datadogV2::model::CreateJiraIssueRequestData;
use datadog_api_client::datadogV2::model::CreateJiraIssueRequestDataAttributes;
use datadog_api_client::datadogV2::model::CreateJiraIssueRequestDataRelationships;
use datadog_api_client::datadogV2::model::FindingData;
use datadog_api_client::datadogV2::model::FindingDataType;
use datadog_api_client::datadogV2::model::Findings;
use datadog_api_client::datadogV2::model::JiraIssuesDataType;

#[tokio::main]
async fn main() {
    let body = CreateJiraIssueRequestArray::new(vec![
        CreateJiraIssueRequestData::new(JiraIssuesDataType::JIRA_ISSUES)
            .attributes(
                CreateJiraIssueRequestDataAttributes::new()
                    .description("A description".to_string())
                    .title("A title".to_string()),
            )
            .relationships(CreateJiraIssueRequestDataRelationships::new(
                Findings::new().data(vec![FindingData::new(
                    "eWswLWJsdC1hZm5-aS0wMjRlYTgwMzVkZTU1MGIwYQ==".to_string(),
                    FindingDataType::FINDINGS,
                )]),
                CaseManagementProject::new(CaseManagementProjectData::new(
                    "959a6f71-bac8-4027-b1d3-2264f569296f".to_string(),
                    CaseManagementProjectDataType::PROJECTS,
                )),
            )),
        CreateJiraIssueRequestData::new(JiraIssuesDataType::JIRA_ISSUES)
            .attributes(
                CreateJiraIssueRequestDataAttributes::new()
                    .description("A description".to_string())
                    .title("A title".to_string()),
            )
            .relationships(CreateJiraIssueRequestDataRelationships::new(
                Findings::new().data(vec![FindingData::new(
                    "a3ZoLXNjbS14eXV-aS0wNWY5MGYwMGE4NDg2ODdlOA==".to_string(),
                    FindingDataType::FINDINGS,
                )]),
                CaseManagementProject::new(CaseManagementProjectData::new(
                    "959a6f71-bac8-4027-b1d3-2264f569296f".to_string(),
                    CaseManagementProjectDataType::PROJECTS,
                )),
            )),
    ]);
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_jira_issues(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Create Jira issue for security finding returns "Created" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateJiraIssuesRequest = {
  body: {
    data: [
      {
        attributes: {
          title: "A title",
          description: "A description",
        },
        relationships: {
          findings: {
            data: [
              {
                id: "YmNlZmJhYTcyMDU5ZDk0ZDhiNjRmNGI0NDk4MDdiNzN-MDJlMjg0NzNmYzJiODY2MzJkNjU0OTI4NmVhZTUyY2U=",
                type: "findings",
              },
            ],
          },
          project: {
            data: {
              id: "959a6f71-bac8-4027-b1d3-2264f569296f",
              type: "projects",
            },
          },
        },
        type: "jira_issues",
      },
    ],
  },
};

apiInstance
  .createJiraIssues(params)
  .then((data: v2.FindingCaseResponseArray) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    /**
 * Create Jira issue for security findings returns "Created" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateJiraIssuesRequest = {
  body: {
    data: [
      {
        attributes: {
          title: "A title",
          description: "A description",
        },
        relationships: {
          findings: {
            data: [
              {
                id: "a3ZoLXNjbS14eXV-aS0wNWY5MGYwMGE4NDg2ODdlOA==",
                type: "findings",
              },
              {
                id: "eWswLWJsdC1hZm5-aS0wMjRlYTgwMzVkZTU1MGIwYQ==",
                type: "findings",
              },
            ],
          },
          project: {
            data: {
              id: "959a6f71-bac8-4027-b1d3-2264f569296f",
              type: "projects",
            },
          },
        },
        type: "jira_issues",
      },
    ],
  },
};

apiInstance
  .createJiraIssues(params)
  .then((data: v2.FindingCaseResponseArray) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    /**
 * Create Jira issues for security findings returns "Created" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateJiraIssuesRequest = {
  body: {
    data: [
      {
        attributes: {
          title: "A title",
          description: "A description",
        },
        relationships: {
          findings: {
            data: [
              {
                id: "eWswLWJsdC1hZm5-aS0wMjRlYTgwMzVkZTU1MGIwYQ==",
                type: "findings",
              },
            ],
          },
          project: {
            data: {
              id: "959a6f71-bac8-4027-b1d3-2264f569296f",
              type: "projects",
            },
          },
        },
        type: "jira_issues",
      },
      {
        attributes: {
          title: "A title",
          description: "A description",
        },
        relationships: {
          findings: {
            data: [
              {
                id: "a3ZoLXNjbS14eXV-aS0wNWY5MGYwMGE4NDg2ODdlOA==",
                type: "findings",
              },
            ],
          },
          project: {
            data: {
              id: "959a6f71-bac8-4027-b1d3-2264f569296f",
              type: "projects",
            },
          },
        },
        type: "jira_issues",
      },
    ],
  },
};

apiInstance
  .createJiraIssues(params)
  .then((data: v2.FindingCaseResponseArray) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Attach security findings to a Jira issue

    PATCH https://api.ap1.datadoghq.com/api/v2/security/findings/jira_issueshttps://api.ap2.datadoghq.com/api/v2/security/findings/jira_issueshttps://api.datadoghq.eu/api/v2/security/findings/jira_issueshttps://api.ddog-gov.com/api/v2/security/findings/jira_issueshttps://api.us2.ddog-gov.com/api/v2/security/findings/jira_issueshttps://api.datadoghq.com/api/v2/security/findings/jira_issueshttps://api.us3.datadoghq.com/api/v2/security/findings/jira_issueshttps://api.us5.datadoghq.com/api/v2/security/findings/jira_issues

    概要

    Attach security findings to a Jira issue by providing the Jira issue URL. You can attach up to 50 security findings per Jira issue. If the Jira issue is not linked to any case, this operation will create a case for the security findings and link the Jira issue to the newly created case. To configure the Jira integration, see Bidirectional ticket syncing with Jira. Security findings that are already attached to another Jira issue will be detached from their previous Jira issue and attached to the specified Jira issue. This endpoint requires any of the following permissions:

  • security_monitoring_findings_write
  • appsec_vm_write

    • リクエスト

    Body Data (required)

    Expand All

    フィールド

    種類

    説明

    data

    object

    Data of the Jira issue to attach security findings to.

    attributes

    object

    Attributes of the Jira issue to attach security findings to.

    jira_issue_url [required]

    string

    URL of the Jira issue to attach security findings to.

    relationships

    object

    Relationships of the Jira issue to attach security findings to.

    findings [required]

    object

    Security findings to attach to the Jira issue.

    data

    [object]

    Array of security finding data objects.

    id [required]

    string

    Unique identifier of the security finding.

    type [required]

    enum

    Security findings resource type. Allowed enum values: findings

    default: findings

    project [required]

    object

    Case management project with Jira integration configured. It is used to attach security findings to the Jira issue. To configure the integration, see Bidirectional ticket syncing with Jira.

    data [required]

    object

    Data object representing a case management project.

    id [required]

    string

    Unique identifier of the case management project.

    type [required]

    enum

    Projects resource type. Allowed enum values: projects

    default: projects

    type [required]

    enum

    Jira issues resource type. Allowed enum values: jira_issues

    default: jira_issues

    {
  "data": {
    "attributes": {
      "jira_issue_url": "https://datadoghq-sandbox-538.atlassian.net/browse/CSMSEC-105476"
    },
    "relationships": {
      "findings": {
        "data": [
          {
            "id": "OTQ3NjJkMmYwMTIzMzMxNTc1Y2Q4MTA5NWU0NTBmMDl-ZjE3NjMxZWVkYzBjZGI1NDY2NWY2OGQxZDk4MDY4MmI=",
            "type": "findings"
          }
        ]
      },
      "project": {
        "data": {
          "id": "959a6f71-bac8-4027-b1d3-2264f569296f",
          "type": "projects"
        }
      }
    },
    "type": "jira_issues"
  }
}
    {
  "data": {
    "attributes": {
      "jira_issue_url": "https://datadoghq-sandbox-538.atlassian.net/browse/CSMSEC-105476"
    },
    "relationships": {
      "findings": {
        "data": [
          {
            "id": "OTQ3NjJkMmYwMTIzMzMxNTc1Y2Q4MTA5NWU0NTBmMDl-ZjE3NjMxZWVkYzBjZGI1NDY2NWY2OGQxZDk4MDY4MmI=",
            "type": "findings"
          },
          {
            "id": "MTNjN2ZmYWMzMDIxYmU1ZDFiZDRjNWUwN2I1NzVmY2F-YTA3MzllMTUzNWM3NmEyZjdiNzEzOWM5YmViZTMzOGM=",
            "type": "findings"
          }
        ]
      },
      "project": {
        "data": {
          "id": "959a6f71-bac8-4027-b1d3-2264f569296f",
          "type": "projects"
        }
      }
    },
    "type": "jira_issues"
  }
}

    応答

    OK

    Case response.

    Expand All

    フィールド

    種類

    説明

    data

    object

    Data of the case.

    attributes

    object

    Attributes of the case.

    archived_at

    date-time

    Timestamp of when the case was archived.

    assigned_to

    object

    User assigned to the case.

    data [required]

    object

    Relationship to user object.

    id [required]

    string

    A unique identifier that represents the user.

    type [required]

    enum

    Users resource type. Allowed enum values: users

    default: users

    attributes

    object

    Custom attributes associated with the case as key-value pairs where values are string arrays.

    <any-key>

    [string]

    closed_at

    date-time

    Timestamp of when the case was closed.

    created_at

    date-time

    Timestamp of when the case was created.

    creation_source

    string

    Source of the case creation.

    description

    string

    Description of the case.

    due_date

    string

    Due date of the case.

    insights

    [object]

    Insights of the case.

    ref

    string

    Reference of the insight.

    resource_id

    string

    Unique identifier of the resource. For example, the unique identifier of a security finding.

    type

    string

    Type of the resource. For example, the type of a security finding is "SECURITY_FINDING".

    jira_issue

    object

    Jira issue associated with the case.

    error_message

    string

    Error message if the Jira issue creation failed.

    result

    object

    Result of the Jira issue creation.

    account_id

    string

    Account ID of the Jira issue.

    issue_id

    string

    Unique identifier of the Jira issue.

    issue_key

    string

    Key of the Jira issue.

    issue_url

    string

    URL of the Jira issue.

    status

    string

    Status of the Jira issue creation. Can be "COMPLETED" if the Jira issue was created successfully, or "FAILED" if the Jira issue creation failed.

    key

    string

    Key of the case.

    modified_at

    date-time

    Timestamp of when the case was last modified.

    priority

    string

    Priority of the case.

    status

    string

    Status of the case.

    status_group

    string

    Status group of the case.

    status_name

    string

    Status name of the case.

    title

    string

    Title of the case.

    type

    string

    Type of the case. For security cases, this is always "SECURITY".

    id

    string

    Unique identifier of the case.

    relationships

    object

    Relationships of the case.

    created_by

    object

    User who created the case.

    data [required]

    object

    Relationship to user object.

    id [required]

    string

    A unique identifier that represents the user.

    type [required]

    enum

    Users resource type. Allowed enum values: users

    default: users

    modified_by

    object

    User who last modified the case.

    data [required]

    object

    Relationship to user object.

    id [required]

    string

    A unique identifier that represents the user.

    type [required]

    enum

    Users resource type. Allowed enum values: users

    default: users

    project

    object

    Project in which the case was created.

    data [required]

    object

    Data object representing a case management project.

    id [required]

    string

    Unique identifier of the case management project.

    type [required]

    enum

    Projects resource type. Allowed enum values: projects

    default: projects

    type [required]

    enum

    Cases resource type. Allowed enum values: cases

    default: cases

    {
  "data": {
    "attributes": {
      "archived_at": "2025-01-01T00:00:00.000Z",
      "assigned_to": {
        "data": {
          "id": "00000000-0000-0000-2345-000000000000",
          "type": "users"
        }
      },
      "attributes": {
        "<any-key>": []
      },
      "closed_at": "2025-01-01T00:00:00.000Z",
      "created_at": "2025-01-01T00:00:00.000Z",
      "creation_source": "CS_SECURITY_FINDING",
      "description": "A description of the case.",
      "due_date": "2025-01-01",
      "insights": [
        {
          "ref": "/security/appsec/vm/library/vulnerability/dfa027f7c037b2f77159adc027fecb56?detection=static",
          "resource_id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
          "type": "SECURITY_FINDING"
        }
      ],
      "jira_issue": {
        "error_message": "{\"errorMessages\":[\"An error occured.\"],\"errors\":{}}",
        "result": {
          "account_id": "463a8631-680e-455c-bfd3-3ed04d326eb7",
          "issue_id": "2871276",
          "issue_key": "PROJ-123",
          "issue_url": "https://domain.atlassian.net/browse/PROJ-123"
        },
        "status": "COMPLETED"
      },
      "key": "PROJ-123",
      "modified_at": "2025-01-01T00:00:00.000Z",
      "priority": "P4",
      "status": "OPEN",
      "status_group": "SG_OPEN",
      "status_name": "Open",
      "title": "A title for the case.",
      "type": "SECURITY"
    },
    "id": "c1234567-89ab-cdef-0123-456789abcdef",
    "relationships": {
      "created_by": {
        "data": {
          "id": "00000000-0000-0000-2345-000000000000",
          "type": "users"
        }
      },
      "modified_by": {
        "data": {
          "id": "00000000-0000-0000-2345-000000000000",
          "type": "users"
        }
      },
      "project": {
        "data": {
          "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001",
          "type": "projects"
        }
      }
    },
    "type": "cases"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Curl command
    curl -X PATCH "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/findings/jira_issues" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "jira_issue_url": "https://datadoghq-sandbox-538.atlassian.net/browse/CSMSEC-105476"
    },
    "relationships": {
      "findings": {
        "data": [
          {
            "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw=="
          }
        ]
      },
      "project": {
        "data": {
          "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001",
          "type": "projects"
        }
      }
    },
    "type": "jira_issues"
  }
}
EOF
    
                        
                              ## default
# 

    # Curl command
    curl -X PATCH "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/findings/jira_issues" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "jira_issue_url": "https://datadoghq-sandbox-538.atlassian.net/browse/CSMSEC-105476"
    },
    "relationships": {
      "findings": {
        "data": [
          {
            "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw=="
          }
        ]
      },
      "project": {
        "data": {
          "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001",
          "type": "projects"
        }
      }
    },
    "type": "jira_issues"
  }
}
EOF
    
                        
    // Attach security finding to a Jira issue returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.AttachJiraIssueRequest{
		Data: &datadogV2.AttachJiraIssueRequestData{
			Attributes: &datadogV2.AttachJiraIssueRequestDataAttributes{
				JiraIssueUrl: "https://datadoghq-sandbox-538.atlassian.net/browse/CSMSEC-105476",
			},
			Relationships: &datadogV2.AttachJiraIssueRequestDataRelationships{
				Findings: datadogV2.Findings{
					Data: []datadogV2.FindingData{
						{
							Id:   "OTQ3NjJkMmYwMTIzMzMxNTc1Y2Q4MTA5NWU0NTBmMDl-ZjE3NjMxZWVkYzBjZGI1NDY2NWY2OGQxZDk4MDY4MmI=",
							Type: datadogV2.FINDINGDATATYPE_FINDINGS,
						},
					},
				},
				Project: datadogV2.CaseManagementProject{
					Data: datadogV2.CaseManagementProjectData{
						Id:   "959a6f71-bac8-4027-b1d3-2264f569296f",
						Type: datadogV2.CASEMANAGEMENTPROJECTDATATYPE_PROJECTS,
					},
				},
			},
			Type: datadogV2.JIRAISSUESDATATYPE_JIRA_ISSUES,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.AttachJiraIssue(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.AttachJiraIssue`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.AttachJiraIssue`:\n%s\n", responseContent)
}

    // Attach security findings to a Jira issue returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.AttachJiraIssueRequest{
		Data: &datadogV2.AttachJiraIssueRequestData{
			Attributes: &datadogV2.AttachJiraIssueRequestDataAttributes{
				JiraIssueUrl: "https://datadoghq-sandbox-538.atlassian.net/browse/CSMSEC-105476",
			},
			Relationships: &datadogV2.AttachJiraIssueRequestDataRelationships{
				Findings: datadogV2.Findings{
					Data: []datadogV2.FindingData{
						{
							Id:   "OTQ3NjJkMmYwMTIzMzMxNTc1Y2Q4MTA5NWU0NTBmMDl-ZjE3NjMxZWVkYzBjZGI1NDY2NWY2OGQxZDk4MDY4MmI=",
							Type: datadogV2.FINDINGDATATYPE_FINDINGS,
						},
						{
							Id:   "MTNjN2ZmYWMzMDIxYmU1ZDFiZDRjNWUwN2I1NzVmY2F-YTA3MzllMTUzNWM3NmEyZjdiNzEzOWM5YmViZTMzOGM=",
							Type: datadogV2.FINDINGDATATYPE_FINDINGS,
						},
					},
				},
				Project: datadogV2.CaseManagementProject{
					Data: datadogV2.CaseManagementProjectData{
						Id:   "959a6f71-bac8-4027-b1d3-2264f569296f",
						Type: datadogV2.CASEMANAGEMENTPROJECTDATATYPE_PROJECTS,
					},
				},
			},
			Type: datadogV2.JIRAISSUESDATATYPE_JIRA_ISSUES,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.AttachJiraIssue(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.AttachJiraIssue`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.AttachJiraIssue`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Attach security finding to a Jira issue returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.AttachJiraIssueRequest;
import com.datadog.api.client.v2.model.AttachJiraIssueRequestData;
import com.datadog.api.client.v2.model.AttachJiraIssueRequestDataAttributes;
import com.datadog.api.client.v2.model.AttachJiraIssueRequestDataRelationships;
import com.datadog.api.client.v2.model.CaseManagementProject;
import com.datadog.api.client.v2.model.CaseManagementProjectData;
import com.datadog.api.client.v2.model.CaseManagementProjectDataType;
import com.datadog.api.client.v2.model.FindingCaseResponse;
import com.datadog.api.client.v2.model.FindingData;
import com.datadog.api.client.v2.model.FindingDataType;
import com.datadog.api.client.v2.model.Findings;
import com.datadog.api.client.v2.model.JiraIssuesDataType;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    AttachJiraIssueRequest body =
        new AttachJiraIssueRequest()
            .data(
                new AttachJiraIssueRequestData()
                    .attributes(
                        new AttachJiraIssueRequestDataAttributes()
                            .jiraIssueUrl(
                                "https://datadoghq-sandbox-538.atlassian.net/browse/CSMSEC-105476"))
                    .relationships(
                        new AttachJiraIssueRequestDataRelationships()
                            .findings(
                                new Findings()
                                    .data(
                                        Collections.singletonList(
                                            new FindingData()
                                                .id(
                                                    "OTQ3NjJkMmYwMTIzMzMxNTc1Y2Q4MTA5NWU0NTBmMDl-ZjE3NjMxZWVkYzBjZGI1NDY2NWY2OGQxZDk4MDY4MmI=")
                                                .type(FindingDataType.FINDINGS))))
                            .project(
                                new CaseManagementProject()
                                    .data(
                                        new CaseManagementProjectData()
                                            .id("959a6f71-bac8-4027-b1d3-2264f569296f")
                                            .type(CaseManagementProjectDataType.PROJECTS))))
                    .type(JiraIssuesDataType.JIRA_ISSUES));

    try {
      FindingCaseResponse result = apiInstance.attachJiraIssue(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#attachJiraIssue");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    // Attach security findings to a Jira issue returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.AttachJiraIssueRequest;
import com.datadog.api.client.v2.model.AttachJiraIssueRequestData;
import com.datadog.api.client.v2.model.AttachJiraIssueRequestDataAttributes;
import com.datadog.api.client.v2.model.AttachJiraIssueRequestDataRelationships;
import com.datadog.api.client.v2.model.CaseManagementProject;
import com.datadog.api.client.v2.model.CaseManagementProjectData;
import com.datadog.api.client.v2.model.CaseManagementProjectDataType;
import com.datadog.api.client.v2.model.FindingCaseResponse;
import com.datadog.api.client.v2.model.FindingData;
import com.datadog.api.client.v2.model.FindingDataType;
import com.datadog.api.client.v2.model.Findings;
import com.datadog.api.client.v2.model.JiraIssuesDataType;
import java.util.Arrays;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    AttachJiraIssueRequest body =
        new AttachJiraIssueRequest()
            .data(
                new AttachJiraIssueRequestData()
                    .attributes(
                        new AttachJiraIssueRequestDataAttributes()
                            .jiraIssueUrl(
                                "https://datadoghq-sandbox-538.atlassian.net/browse/CSMSEC-105476"))
                    .relationships(
                        new AttachJiraIssueRequestDataRelationships()
                            .findings(
                                new Findings()
                                    .data(
                                        Arrays.asList(
                                            new FindingData()
                                                .id(
                                                    "OTQ3NjJkMmYwMTIzMzMxNTc1Y2Q4MTA5NWU0NTBmMDl-ZjE3NjMxZWVkYzBjZGI1NDY2NWY2OGQxZDk4MDY4MmI=")
                                                .type(FindingDataType.FINDINGS),
                                            new FindingData()
                                                .id(
                                                    "MTNjN2ZmYWMzMDIxYmU1ZDFiZDRjNWUwN2I1NzVmY2F-YTA3MzllMTUzNWM3NmEyZjdiNzEzOWM5YmViZTMzOGM=")
                                                .type(FindingDataType.FINDINGS))))
                            .project(
                                new CaseManagementProject()
                                    .data(
                                        new CaseManagementProjectData()
                                            .id("959a6f71-bac8-4027-b1d3-2264f569296f")
                                            .type(CaseManagementProjectDataType.PROJECTS))))
                    .type(JiraIssuesDataType.JIRA_ISSUES));

    try {
      FindingCaseResponse result = apiInstance.attachJiraIssue(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#attachJiraIssue");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Attach security finding to a Jira issue returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.attach_jira_issue_request import AttachJiraIssueRequest
from datadog_api_client.v2.model.attach_jira_issue_request_data import AttachJiraIssueRequestData
from datadog_api_client.v2.model.attach_jira_issue_request_data_attributes import AttachJiraIssueRequestDataAttributes
from datadog_api_client.v2.model.attach_jira_issue_request_data_relationships import (
    AttachJiraIssueRequestDataRelationships,
)
from datadog_api_client.v2.model.case_management_project import CaseManagementProject
from datadog_api_client.v2.model.case_management_project_data import CaseManagementProjectData
from datadog_api_client.v2.model.case_management_project_data_type import CaseManagementProjectDataType
from datadog_api_client.v2.model.finding_data import FindingData
from datadog_api_client.v2.model.finding_data_type import FindingDataType
from datadog_api_client.v2.model.findings import Findings
from datadog_api_client.v2.model.jira_issues_data_type import JiraIssuesDataType

body = AttachJiraIssueRequest(
    data=AttachJiraIssueRequestData(
        attributes=AttachJiraIssueRequestDataAttributes(
            jira_issue_url="https://datadoghq-sandbox-538.atlassian.net/browse/CSMSEC-105476",
        ),
        relationships=AttachJiraIssueRequestDataRelationships(
            findings=Findings(
                data=[
                    FindingData(
                        id="OTQ3NjJkMmYwMTIzMzMxNTc1Y2Q4MTA5NWU0NTBmMDl-ZjE3NjMxZWVkYzBjZGI1NDY2NWY2OGQxZDk4MDY4MmI=",
                        type=FindingDataType.FINDINGS,
                    ),
                ],
            ),
            project=CaseManagementProject(
                data=CaseManagementProjectData(
                    id="959a6f71-bac8-4027-b1d3-2264f569296f",
                    type=CaseManagementProjectDataType.PROJECTS,
                ),
            ),
        ),
        type=JiraIssuesDataType.JIRA_ISSUES,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.attach_jira_issue(body=body)

    print(response)

    """
Attach security findings to a Jira issue returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.attach_jira_issue_request import AttachJiraIssueRequest
from datadog_api_client.v2.model.attach_jira_issue_request_data import AttachJiraIssueRequestData
from datadog_api_client.v2.model.attach_jira_issue_request_data_attributes import AttachJiraIssueRequestDataAttributes
from datadog_api_client.v2.model.attach_jira_issue_request_data_relationships import (
    AttachJiraIssueRequestDataRelationships,
)
from datadog_api_client.v2.model.case_management_project import CaseManagementProject
from datadog_api_client.v2.model.case_management_project_data import CaseManagementProjectData
from datadog_api_client.v2.model.case_management_project_data_type import CaseManagementProjectDataType
from datadog_api_client.v2.model.finding_data import FindingData
from datadog_api_client.v2.model.finding_data_type import FindingDataType
from datadog_api_client.v2.model.findings import Findings
from datadog_api_client.v2.model.jira_issues_data_type import JiraIssuesDataType

body = AttachJiraIssueRequest(
    data=AttachJiraIssueRequestData(
        attributes=AttachJiraIssueRequestDataAttributes(
            jira_issue_url="https://datadoghq-sandbox-538.atlassian.net/browse/CSMSEC-105476",
        ),
        relationships=AttachJiraIssueRequestDataRelationships(
            findings=Findings(
                data=[
                    FindingData(
                        id="OTQ3NjJkMmYwMTIzMzMxNTc1Y2Q4MTA5NWU0NTBmMDl-ZjE3NjMxZWVkYzBjZGI1NDY2NWY2OGQxZDk4MDY4MmI=",
                        type=FindingDataType.FINDINGS,
                    ),
                    FindingData(
                        id="MTNjN2ZmYWMzMDIxYmU1ZDFiZDRjNWUwN2I1NzVmY2F-YTA3MzllMTUzNWM3NmEyZjdiNzEzOWM5YmViZTMzOGM=",
                        type=FindingDataType.FINDINGS,
                    ),
                ],
            ),
            project=CaseManagementProject(
                data=CaseManagementProjectData(
                    id="959a6f71-bac8-4027-b1d3-2264f569296f",
                    type=CaseManagementProjectDataType.PROJECTS,
                ),
            ),
        ),
        type=JiraIssuesDataType.JIRA_ISSUES,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.attach_jira_issue(body=body)

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Attach security finding to a Jira issue returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::AttachJiraIssueRequest.new({
  data: DatadogAPIClient::V2::AttachJiraIssueRequestData.new({
    attributes: DatadogAPIClient::V2::AttachJiraIssueRequestDataAttributes.new({
      jira_issue_url: "https://datadoghq-sandbox-538.atlassian.net/browse/CSMSEC-105476",
    }),
    relationships: DatadogAPIClient::V2::AttachJiraIssueRequestDataRelationships.new({
      findings: DatadogAPIClient::V2::Findings.new({
        data: [
          DatadogAPIClient::V2::FindingData.new({
            id: "OTQ3NjJkMmYwMTIzMzMxNTc1Y2Q4MTA5NWU0NTBmMDl-ZjE3NjMxZWVkYzBjZGI1NDY2NWY2OGQxZDk4MDY4MmI=",
            type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
          }),
        ],
      }),
      project: DatadogAPIClient::V2::CaseManagementProject.new({
        data: DatadogAPIClient::V2::CaseManagementProjectData.new({
          id: "959a6f71-bac8-4027-b1d3-2264f569296f",
          type: DatadogAPIClient::V2::CaseManagementProjectDataType::PROJECTS,
        }),
      }),
    }),
    type: DatadogAPIClient::V2::JiraIssuesDataType::JIRA_ISSUES,
  }),
})
p api_instance.attach_jira_issue(body)

    # Attach security findings to a Jira issue returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::AttachJiraIssueRequest.new({
  data: DatadogAPIClient::V2::AttachJiraIssueRequestData.new({
    attributes: DatadogAPIClient::V2::AttachJiraIssueRequestDataAttributes.new({
      jira_issue_url: "https://datadoghq-sandbox-538.atlassian.net/browse/CSMSEC-105476",
    }),
    relationships: DatadogAPIClient::V2::AttachJiraIssueRequestDataRelationships.new({
      findings: DatadogAPIClient::V2::Findings.new({
        data: [
          DatadogAPIClient::V2::FindingData.new({
            id: "OTQ3NjJkMmYwMTIzMzMxNTc1Y2Q4MTA5NWU0NTBmMDl-ZjE3NjMxZWVkYzBjZGI1NDY2NWY2OGQxZDk4MDY4MmI=",
            type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
          }),
          DatadogAPIClient::V2::FindingData.new({
            id: "MTNjN2ZmYWMzMDIxYmU1ZDFiZDRjNWUwN2I1NzVmY2F-YTA3MzllMTUzNWM3NmEyZjdiNzEzOWM5YmViZTMzOGM=",
            type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
          }),
        ],
      }),
      project: DatadogAPIClient::V2::CaseManagementProject.new({
        data: DatadogAPIClient::V2::CaseManagementProjectData.new({
          id: "959a6f71-bac8-4027-b1d3-2264f569296f",
          type: DatadogAPIClient::V2::CaseManagementProjectDataType::PROJECTS,
        }),
      }),
    }),
    type: DatadogAPIClient::V2::JiraIssuesDataType::JIRA_ISSUES,
  }),
})
p api_instance.attach_jira_issue(body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Attach security finding to a Jira issue returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::AttachJiraIssueRequest;
use datadog_api_client::datadogV2::model::AttachJiraIssueRequestData;
use datadog_api_client::datadogV2::model::AttachJiraIssueRequestDataAttributes;
use datadog_api_client::datadogV2::model::AttachJiraIssueRequestDataRelationships;
use datadog_api_client::datadogV2::model::CaseManagementProject;
use datadog_api_client::datadogV2::model::CaseManagementProjectData;
use datadog_api_client::datadogV2::model::CaseManagementProjectDataType;
use datadog_api_client::datadogV2::model::FindingData;
use datadog_api_client::datadogV2::model::FindingDataType;
use datadog_api_client::datadogV2::model::Findings;
use datadog_api_client::datadogV2::model::JiraIssuesDataType;

#[tokio::main]
async fn main() {
    let body =
        AttachJiraIssueRequest
        ::new().data(
            AttachJiraIssueRequestData::new(JiraIssuesDataType::JIRA_ISSUES)
                .attributes(
                    AttachJiraIssueRequestDataAttributes::new(
                        "https://datadoghq-sandbox-538.atlassian.net/browse/CSMSEC-105476".to_string(),
                    ),
                )
                .relationships(
                    AttachJiraIssueRequestDataRelationships::new(
                        Findings
                        ::new().data(
                            vec![
                                FindingData::new(
                                    "OTQ3NjJkMmYwMTIzMzMxNTc1Y2Q4MTA5NWU0NTBmMDl-ZjE3NjMxZWVkYzBjZGI1NDY2NWY2OGQxZDk4MDY4MmI=".to_string(),
                                    FindingDataType::FINDINGS,
                                )
                            ],
                        ),
                        CaseManagementProject::new(
                            CaseManagementProjectData::new(
                                "959a6f71-bac8-4027-b1d3-2264f569296f".to_string(),
                                CaseManagementProjectDataType::PROJECTS,
                            ),
                        ),
                    ),
                ),
        );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.attach_jira_issue(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    // Attach security findings to a Jira issue returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::AttachJiraIssueRequest;
use datadog_api_client::datadogV2::model::AttachJiraIssueRequestData;
use datadog_api_client::datadogV2::model::AttachJiraIssueRequestDataAttributes;
use datadog_api_client::datadogV2::model::AttachJiraIssueRequestDataRelationships;
use datadog_api_client::datadogV2::model::CaseManagementProject;
use datadog_api_client::datadogV2::model::CaseManagementProjectData;
use datadog_api_client::datadogV2::model::CaseManagementProjectDataType;
use datadog_api_client::datadogV2::model::FindingData;
use datadog_api_client::datadogV2::model::FindingDataType;
use datadog_api_client::datadogV2::model::Findings;
use datadog_api_client::datadogV2::model::JiraIssuesDataType;

#[tokio::main]
async fn main() {
    let body =
        AttachJiraIssueRequest
        ::new().data(
            AttachJiraIssueRequestData::new(JiraIssuesDataType::JIRA_ISSUES)
                .attributes(
                    AttachJiraIssueRequestDataAttributes::new(
                        "https://datadoghq-sandbox-538.atlassian.net/browse/CSMSEC-105476".to_string(),
                    ),
                )
                .relationships(
                    AttachJiraIssueRequestDataRelationships::new(
                        Findings
                        ::new().data(
                            vec![
                                FindingData::new(
                                    "OTQ3NjJkMmYwMTIzMzMxNTc1Y2Q4MTA5NWU0NTBmMDl-ZjE3NjMxZWVkYzBjZGI1NDY2NWY2OGQxZDk4MDY4MmI=".to_string(),
                                    FindingDataType::FINDINGS,
                                ),
                                FindingData::new(
                                    "MTNjN2ZmYWMzMDIxYmU1ZDFiZDRjNWUwN2I1NzVmY2F-YTA3MzllMTUzNWM3NmEyZjdiNzEzOWM5YmViZTMzOGM=".to_string(),
                                    FindingDataType::FINDINGS,
                                )
                            ],
                        ),
                        CaseManagementProject::new(
                            CaseManagementProjectData::new(
                                "959a6f71-bac8-4027-b1d3-2264f569296f".to_string(),
                                CaseManagementProjectDataType::PROJECTS,
                            ),
                        ),
                    ),
                ),
        );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.attach_jira_issue(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Attach security finding to a Jira issue returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiAttachJiraIssueRequest = {
  body: {
    data: {
      attributes: {
        jiraIssueUrl:
          "https://datadoghq-sandbox-538.atlassian.net/browse/CSMSEC-105476",
      },
      relationships: {
        findings: {
          data: [
            {
              id: "OTQ3NjJkMmYwMTIzMzMxNTc1Y2Q4MTA5NWU0NTBmMDl-ZjE3NjMxZWVkYzBjZGI1NDY2NWY2OGQxZDk4MDY4MmI=",
              type: "findings",
            },
          ],
        },
        project: {
          data: {
            id: "959a6f71-bac8-4027-b1d3-2264f569296f",
            type: "projects",
          },
        },
      },
      type: "jira_issues",
    },
  },
};

apiInstance
  .attachJiraIssue(params)
  .then((data: v2.FindingCaseResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    /**
 * Attach security findings to a Jira issue returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiAttachJiraIssueRequest = {
  body: {
    data: {
      attributes: {
        jiraIssueUrl:
          "https://datadoghq-sandbox-538.atlassian.net/browse/CSMSEC-105476",
      },
      relationships: {
        findings: {
          data: [
            {
              id: "OTQ3NjJkMmYwMTIzMzMxNTc1Y2Q4MTA5NWU0NTBmMDl-ZjE3NjMxZWVkYzBjZGI1NDY2NWY2OGQxZDk4MDY4MmI=",
              type: "findings",
            },
            {
              id: "MTNjN2ZmYWMzMDIxYmU1ZDFiZDRjNWUwN2I1NzVmY2F-YTA3MzllMTUzNWM3NmEyZjdiNzEzOWM5YmViZTMzOGM=",
              type: "findings",
            },
          ],
        },
        project: {
          data: {
            id: "959a6f71-bac8-4027-b1d3-2264f569296f",
            type: "projects",
          },
        },
      },
      type: "jira_issues",
    },
  },
};

apiInstance
  .attachJiraIssue(params)
  .then((data: v2.FindingCaseResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Mute or unmute security findings

    Note: This endpoint is in preview and is subject to change. If you have any feedback, contact Datadog support.

    PATCH https://api.ap1.datadoghq.com/api/v2/security/findings/mutehttps://api.ap2.datadoghq.com/api/v2/security/findings/mutehttps://api.datadoghq.eu/api/v2/security/findings/mutehttps://api.ddog-gov.com/api/v2/security/findings/mutehttps://api.us2.ddog-gov.com/api/v2/security/findings/mutehttps://api.datadoghq.com/api/v2/security/findings/mutehttps://api.us3.datadoghq.com/api/v2/security/findings/mutehttps://api.us5.datadoghq.com/api/v2/security/findings/mute

    概要

    Mute or unmute security findings. You can mute or unmute up to 100 security findings per request. The request body must include is_muted and reason attributes. The allowed reasons depend on whether the finding is being muted or unmuted:

    • To mute a finding: PENDING_FIX, FALSE_POSITIVE, OTHER, NO_FIX, DUPLICATE, RISK_ACCEPTED.
    • To unmute a finding: NO_PENDING_FIX, HUMAN_ERROR, NO_LONGER_ACCEPTED_RISK, OTHER.
    This endpoint requires any of the following permissions:
  • security_monitoring_findings_write
  • appsec_vm_write

    • リクエスト

    Body Data (required)

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    Data of the mute request.

    attributes [required]

    object

    Attributes of the mute request.

    mute [required]

    object

    Mute properties to apply to the findings.

    description

    string

    Additional information about the reason why the findings are muted or unmuted. This field has a limit of 280 characters.

    expire_at

    int64

    The expiration date of the mute action (Unix ms). It must be set to a value greater than the current timestamp. If this field is not provided, the findings remain muted indefinitely.

    is_muted [required]

    boolean

    Whether the findings should be muted or unmuted.

    reason [required]

    enum

    The reason why the findings are muted or unmuted. Allowed enum values: PENDING_FIX,FALSE_POSITIVE,OTHER,NO_FIX,DUPLICATE,RISK_ACCEPTED,NO_PENDING_FIX,HUMAN_ERROR,NO_LONGER_ACCEPTED_RISK

    id

    string

    Unique identifier of the mute request.

    relationships [required]

    object

    Relationships of the mute request.

    findings [required]

    object

    Security findings to mute or unmute.

    data

    [object]

    Array of security finding data objects.

    id [required]

    string

    Unique identifier of the security finding.

    type [required]

    enum

    Security findings resource type. Allowed enum values: findings

    default: findings

    type [required]

    enum

    Mute resource type. Allowed enum values: mute

    default: mute

    {
  "data": {
    "attributes": {
      "mute": {
        "description": "To be resolved later.",
        "expire_at": 1778721573794,
        "is_muted": true,
        "reason": "RISK_ACCEPTED"
      }
    },
    "relationships": {
      "findings": {
        "data": [
          {
            "id": "ZGVmLTAwMC0wYmd-MDE4NjcyMDJkMzE4MDE5ODY5MGE4ZmQ2MmFlMjg0Y2M=",
            "type": "findings"
          }
        ]
      }
    },
    "type": "mute"
  }
}
    {
  "data": {
    "attributes": {
      "mute": {
        "description": "Resolved.",
        "is_muted": false,
        "reason": "NO_PENDING_FIX"
      }
    },
    "relationships": {
      "findings": {
        "data": [
          {
            "id": "ZGVmLTAwMC0wYmd-MDE4NjcyMDJkMzE4MDE5ODY5MGE4ZmQ2MmFlMjg0Y2M=",
            "type": "findings"
          }
        ]
      }
    },
    "type": "mute"
  }
}

    応答

    Accepted

    Response for the mute or unmute request.

    Expand All

    フィールド

    種類

    説明

    data

    object

    Data of the mute response.

    id [required]

    string

    Unique identifier of the mute request.

    type [required]

    enum

    Mute resource type. Allowed enum values: mute

    default: mute

    {
  "data": {
    "id": "00000000-0000-0000-0000-000000000001",
    "type": "mute"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Unauthorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Unprocessable Entity

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [object]

    A list of errors.

    detail

    string

    A human-readable explanation specific to this occurrence of the error.

    meta

    object

    Non-standard meta-information about the error

    source

    object

    References to the source of the error.

    header

    string

    A string indicating the name of a single request header which caused the error.

    parameter

    string

    A string indicating which URI query parameter caused the error.

    pointer

    string

    A JSON pointer to the value in the request document that caused the error.

    status

    string

    Status code of the response.

    title

    string

    Short human-readable summary of the error.

    {
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Curl command
    curl -X PATCH "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/findings/mute" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "mute": {
        "description": "To be resolved later.",
        "expire_at": 1778721573794,
        "is_muted": true,
        "reason": "RISK_ACCEPTED"
      }
    },
    "relationships": {
      "findings": {
        "data": [
          {
            "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
            "type": "findings"
          }
        ]
      }
    },
    "type": "mute"
  }
}
EOF
    
                        
                              ## default
# 

    # Curl command
    curl -X PATCH "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/findings/mute" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "mute": {
        "description": "To be resolved later.",
        "expire_at": 1778721573794,
        "is_muted": true,
        "reason": "RISK_ACCEPTED"
      }
    },
    "relationships": {
      "findings": {
        "data": [
          {
            "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
            "type": "findings"
          }
        ]
      }
    },
    "type": "mute"
  }
}
EOF

    Update a custom framework

    PUT https://api.ap1.datadoghq.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.ap2.datadoghq.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.datadoghq.eu/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.ddog-gov.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.us2.ddog-gov.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.datadoghq.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.us3.datadoghq.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.us5.datadoghq.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}

    概要

    Update a custom framework. This endpoint requires all of the following permissions:

  • security_monitoring_rules_read
  • security_monitoring_rules_write

    • OAuth apps require the security_monitoring_rules_read, security_monitoring_rules_write authorization scope to access this endpoint.

    引数

    パスパラメーター

    名前

    種類

    説明

    handle [required]

    string

    The framework handle

    version [required]

    string

    The framework version

    リクエスト

    Body Data (required)

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    Contains type and attributes for custom frameworks.

    attributes [required]

    object

    Framework Data Attributes.

    description

    string

    Framework Description

    handle [required]

    string

    Framework Handle

    icon_url

    string

    Framework Icon URL

    name [required]

    string

    Framework Name

    requirements [required]

    [object]

    Framework Requirements

    controls [required]

    [object]

    Requirement Controls.

    name [required]

    string

    Control Name.

    rules_id [required]

    [string]

    Rule IDs.

    name [required]

    string

    Requirement Name.

    version [required]

    string

    Framework Version

    type [required]

    enum

    The type of the resource. The value must be custom_framework. Allowed enum values: custom_framework

    default: custom_framework

    {
  "data": {
    "type": "custom_framework",
    "attributes": {
      "name": "name",
      "handle": "create-framework-new",
      "version": "10",
      "icon_url": "test-url",
      "requirements": [
        {
          "name": "requirement",
          "controls": [
            {
              "name": "control",
              "rules_id": [
                "def-000-be9"
              ]
            }
          ]
        }
      ]
    }
  }
}

    応答

    OK

    Response object to update a custom framework.

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    Contains type and attributes for custom frameworks.

    attributes [required]

    object

    Framework Handle and Version.

    handle

    string

    Framework Handle

    version

    string

    Framework Version

    id [required]

    string

    The ID of the custom framework.

    type [required]

    enum

    The type of the resource. The value must be custom_framework. Allowed enum values: custom_framework

    default: custom_framework

    {
  "data": {
    "attributes": {
      "handle": "sec2",
      "version": "2"
    },
    "id": "handle-version",
    "type": "custom_framework"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Path parameters
    export handle="CHANGE_ME"
    export version="CHANGE_ME"
    # Curl command
    curl -X PUT "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/cloud_security_management/custom_frameworks/${handle}/${version}" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "handle": "sec2",
      "name": "security-framework",
      "requirements": [
        {
          "controls": [
            {
              "name": "control",
              "rules_id": [
                "def-000-be9"
              ]
            }
          ],
          "name": "criteria"
        }
      ],
      "version": "2"
    },
    "type": "custom_framework"
  }
}
EOF
    
                        
    // Update a custom framework returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.UpdateCustomFrameworkRequest{
		Data: datadogV2.CustomFrameworkData{
			Type: datadogV2.CUSTOMFRAMEWORKTYPE_CUSTOM_FRAMEWORK,
			Attributes: datadogV2.CustomFrameworkDataAttributes{
				Name:    "name",
				Handle:  "create-framework-new",
				Version: "10",
				IconUrl: datadog.PtrString("test-url"),
				Requirements: []datadogV2.CustomFrameworkRequirement{
					{
						Name: "requirement",
						Controls: []datadogV2.CustomFrameworkControl{
							{
								Name: "control",
								RulesId: []string{
									"def-000-be9",
								},
							},
						},
					},
				},
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.UpdateCustomFramework(ctx, "create-framework-new", "10", body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.UpdateCustomFramework`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.UpdateCustomFramework`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Update a custom framework returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.CustomFrameworkControl;
import com.datadog.api.client.v2.model.CustomFrameworkData;
import com.datadog.api.client.v2.model.CustomFrameworkDataAttributes;
import com.datadog.api.client.v2.model.CustomFrameworkRequirement;
import com.datadog.api.client.v2.model.CustomFrameworkType;
import com.datadog.api.client.v2.model.UpdateCustomFrameworkRequest;
import com.datadog.api.client.v2.model.UpdateCustomFrameworkResponse;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    UpdateCustomFrameworkRequest body =
        new UpdateCustomFrameworkRequest()
            .data(
                new CustomFrameworkData()
                    .type(CustomFrameworkType.CUSTOM_FRAMEWORK)
                    .attributes(
                        new CustomFrameworkDataAttributes()
                            .name("name")
                            .handle("create-framework-new")
                            .version("10")
                            .iconUrl("test-url")
                            .requirements(
                                Collections.singletonList(
                                    new CustomFrameworkRequirement()
                                        .name("requirement")
                                        .controls(
                                            Collections.singletonList(
                                                new CustomFrameworkControl()
                                                    .name("control")
                                                    .rulesId(
                                                        Collections.singletonList(
                                                            "def-000-be9"))))))));

    try {
      UpdateCustomFrameworkResponse result =
          apiInstance.updateCustomFramework("create-framework-new", "10", body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#updateCustomFramework");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Update a custom framework returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.custom_framework_control import CustomFrameworkControl
from datadog_api_client.v2.model.custom_framework_data import CustomFrameworkData
from datadog_api_client.v2.model.custom_framework_data_attributes import CustomFrameworkDataAttributes
from datadog_api_client.v2.model.custom_framework_requirement import CustomFrameworkRequirement
from datadog_api_client.v2.model.custom_framework_type import CustomFrameworkType
from datadog_api_client.v2.model.update_custom_framework_request import UpdateCustomFrameworkRequest

body = UpdateCustomFrameworkRequest(
    data=CustomFrameworkData(
        type=CustomFrameworkType.CUSTOM_FRAMEWORK,
        attributes=CustomFrameworkDataAttributes(
            name="name",
            handle="create-framework-new",
            version="10",
            icon_url="test-url",
            requirements=[
                CustomFrameworkRequirement(
                    name="requirement",
                    controls=[
                        CustomFrameworkControl(
                            name="control",
                            rules_id=[
                                "def-000-be9",
                            ],
                        ),
                    ],
                ),
            ],
        ),
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.update_custom_framework(handle="create-framework-new", version="10", body=body)

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Update a custom framework returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::UpdateCustomFrameworkRequest.new({
  data: DatadogAPIClient::V2::CustomFrameworkData.new({
    type: DatadogAPIClient::V2::CustomFrameworkType::CUSTOM_FRAMEWORK,
    attributes: DatadogAPIClient::V2::CustomFrameworkDataAttributes.new({
      name: "name",
      handle: "create-framework-new",
      version: "10",
      icon_url: "test-url",
      requirements: [
        DatadogAPIClient::V2::CustomFrameworkRequirement.new({
          name: "requirement",
          controls: [
            DatadogAPIClient::V2::CustomFrameworkControl.new({
              name: "control",
              rules_id: [
                "def-000-be9",
              ],
            }),
          ],
        }),
      ],
    }),
  }),
})
p api_instance.update_custom_framework("create-framework-new", "10", body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Update a custom framework returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::CustomFrameworkControl;
use datadog_api_client::datadogV2::model::CustomFrameworkData;
use datadog_api_client::datadogV2::model::CustomFrameworkDataAttributes;
use datadog_api_client::datadogV2::model::CustomFrameworkRequirement;
use datadog_api_client::datadogV2::model::CustomFrameworkType;
use datadog_api_client::datadogV2::model::UpdateCustomFrameworkRequest;

#[tokio::main]
async fn main() {
    let body = UpdateCustomFrameworkRequest::new(CustomFrameworkData::new(
        CustomFrameworkDataAttributes::new(
            "create-framework-new".to_string(),
            "name".to_string(),
            vec![CustomFrameworkRequirement::new(
                vec![CustomFrameworkControl::new(
                    "control".to_string(),
                    vec!["def-000-be9".to_string()],
                )],
                "requirement".to_string(),
            )],
            "10".to_string(),
        )
        .icon_url("test-url".to_string()),
        CustomFrameworkType::CUSTOM_FRAMEWORK,
    ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .update_custom_framework("create-framework-new".to_string(), "10".to_string(), body)
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Update a custom framework returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiUpdateCustomFrameworkRequest = {
  body: {
    data: {
      type: "custom_framework",
      attributes: {
        name: "name",
        handle: "create-framework-new",
        version: "10",
        iconUrl: "test-url",
        requirements: [
          {
            name: "requirement",
            controls: [
              {
                name: "control",
                rulesId: ["def-000-be9"],
              },
            ],
          },
        ],
      },
    },
  },
  handle: "create-framework-new",
  version: "10",
};

apiInstance
  .updateCustomFramework(params)
  .then((data: v2.UpdateCustomFrameworkResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Delete a custom framework

    DELETE https://api.ap1.datadoghq.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.ap2.datadoghq.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.datadoghq.eu/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.ddog-gov.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.us2.ddog-gov.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.datadoghq.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.us3.datadoghq.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.us5.datadoghq.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}

    概要

    Delete a custom framework. This endpoint requires all of the following permissions:

  • security_monitoring_rules_read
  • security_monitoring_rules_write

    • OAuth apps require the security_monitoring_rules_read, security_monitoring_rules_write authorization scope to access this endpoint.

    引数

    パスパラメーター

    名前

    種類

    説明

    handle [required]

    string

    The framework handle

    version [required]

    string

    The framework version

    応答

    OK

    Response object to delete a custom framework.

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    Metadata for custom frameworks.

    attributes

    object

    Framework without requirements.

    description

    string

    Framework Description

    handle [required]

    string

    Framework Handle

    icon_url

    string

    Framework Icon URL

    name [required]

    string

    Framework Name

    version [required]

    string

    Framework Version

    id

    string

    The ID of the custom framework.

    type

    enum

    The type of the resource. The value must be custom_framework. Allowed enum values: custom_framework

    default: custom_framework

    {
  "data": {
    "attributes": {
      "description": "this is a security description",
      "handle": "sec2",
      "icon_url": "https://example.com/icon.png",
      "name": "security-framework",
      "version": "2"
    },
    "id": "handle-version",
    "type": "custom_framework"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Path parameters
    export handle="CHANGE_ME"
    export version="CHANGE_ME"
    # Curl command
    curl -X DELETE "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/cloud_security_management/custom_frameworks/${handle}/${version}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Delete a custom framework returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.delete_custom_framework(
        handle="create-framework-new",
        version="10",
    )

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Delete a custom framework returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.delete_custom_framework("create-framework-new", "10")

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Delete a custom framework returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.DeleteCustomFramework(ctx, "create-framework-new", "10")

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.DeleteCustomFramework`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.DeleteCustomFramework`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Delete a custom framework returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.DeleteCustomFrameworkResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      DeleteCustomFrameworkResponse result =
          apiInstance.deleteCustomFramework("create-framework-new", "10");
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#deleteCustomFramework");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Delete a custom framework returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .delete_custom_framework("create-framework-new".to_string(), "10".to_string())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Delete a custom framework returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiDeleteCustomFrameworkRequest = {
  handle: "create-framework-new",
  version: "10",
};

apiInstance
  .deleteCustomFramework(params)
  .then((data: v2.DeleteCustomFrameworkResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Get a custom framework

    GET https://api.ap1.datadoghq.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.ap2.datadoghq.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.datadoghq.eu/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.ddog-gov.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.us2.ddog-gov.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.datadoghq.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.us3.datadoghq.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}https://api.us5.datadoghq.com/api/v2/cloud_security_management/custom_frameworks/{handle}/{version}

    概要

    Get a custom framework. This endpoint requires the security_monitoring_rules_read permission.

    OAuth apps require the security_monitoring_rules_read authorization scope to access this endpoint.

    引数

    パスパラメーター

    名前

    種類

    説明

    handle [required]

    string

    The framework handle

    version [required]

    string

    The framework version

    応答

    OK

    Response object to get a custom framework.

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    Contains type and attributes for custom frameworks.

    attributes [required]

    object

    Full Framework Data Attributes.

    handle [required]

    string

    Framework Handle

    icon_url

    string

    Framework Icon URL

    name [required]

    string

    Framework Name

    requirements [required]

    [object]

    Framework Requirements

    controls [required]

    [object]

    Requirement Controls.

    name [required]

    string

    Control Name.

    rules_id [required]

    [string]

    Rule IDs.

    name [required]

    string

    Requirement Name.

    version [required]

    string

    Framework Version

    id [required]

    string

    The ID of the custom framework.

    type [required]

    enum

    The type of the resource. The value must be custom_framework. Allowed enum values: custom_framework

    default: custom_framework

    {
  "data": {
    "attributes": {
      "handle": "sec2",
      "icon_url": "https://example.com/icon.png",
      "name": "security-framework",
      "requirements": [
        {
          "controls": [
            {
              "name": "A1.2",
              "rules_id": [
                "def-000-abc"
              ]
            }
          ],
          "name": "criteria"
        }
      ],
      "version": "2"
    },
    "id": "handle-version",
    "type": "custom_framework"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Path parameters
    export handle="CHANGE_ME"
    export version="CHANGE_ME"
    # Curl command
    curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/cloud_security_management/custom_frameworks/${handle}/${version}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Get a custom framework returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_custom_framework(
        handle="create-framework-new",
        version="10",
    )

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Get a custom framework returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.get_custom_framework("create-framework-new", "10")

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Get a custom framework returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetCustomFramework(ctx, "create-framework-new", "10")

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetCustomFramework`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetCustomFramework`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Get a custom framework returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.GetCustomFrameworkResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      GetCustomFrameworkResponse result =
          apiInstance.getCustomFramework("create-framework-new", "10");
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#getCustomFramework");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Get a custom framework returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .get_custom_framework("create-framework-new".to_string(), "10".to_string())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Get a custom framework returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiGetCustomFrameworkRequest = {
  handle: "create-framework-new",
  version: "10",
};

apiInstance
  .getCustomFramework(params)
  .then((data: v2.GetCustomFrameworkResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    List resource filters

    GET https://api.ap1.datadoghq.com/api/v2/cloud_security_management/resource_filtershttps://api.ap2.datadoghq.com/api/v2/cloud_security_management/resource_filtershttps://api.datadoghq.eu/api/v2/cloud_security_management/resource_filtershttps://api.ddog-gov.com/api/v2/cloud_security_management/resource_filtershttps://api.us2.ddog-gov.com/api/v2/cloud_security_management/resource_filtershttps://api.datadoghq.com/api/v2/cloud_security_management/resource_filtershttps://api.us3.datadoghq.com/api/v2/cloud_security_management/resource_filtershttps://api.us5.datadoghq.com/api/v2/cloud_security_management/resource_filters

    概要

    List resource filters. This endpoint requires the security_monitoring_filters_read permission.

    OAuth apps require the security_monitoring_filters_read authorization scope to access this endpoint.

    引数

    クエリ文字列

    名前

    種類

    説明

    cloud_provider

    string

    Filter resource filters by cloud provider (e.g. aws, gcp, azure).

    account_id

    string

    Filter resource filters by cloud provider account ID. This parameter is only valid when provider is specified.

    skip_cache

    boolean

    Skip cache for resource filters.

    応答

    OK

    The definition of GetResourceEvaluationFiltersResponse object.

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    The definition of GetResourceFilterResponseData object.

    attributes

    object

    Attributes of a resource filter.

    cloud_provider [required]

    object

    A map of cloud provider names (e.g., "aws", "gcp", "azure") to a map of account/resource IDs and their associated tag filters.

    <any-key>

    object

    <any-key>

    [string]

    uuid

    string

    The UUID of the resource filter.

    id

    string

    The data id.

    type

    enum

    Constant string to identify the request type. Allowed enum values: csm_resource_filter

    {
  "data": {
    "attributes": {
      "cloud_provider": {
        "<any-key>": {
          "<any-key>": [
            "environment:production"
          ]
        }
      },
      "uuid": "string"
    },
    "id": "csm_resource_filter",
    "type": "csm_resource_filter"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Curl command
    curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/cloud_security_management/resource_filters" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
List resource filters returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_resource_evaluation_filters(
        cloud_provider="aws",
        account_id="123456789",
    )

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # List resource filters returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
opts = {
  cloud_provider: "aws",
  account_id: "123456789",
}
p api_instance.get_resource_evaluation_filters(opts)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // List resource filters returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetResourceEvaluationFilters(ctx, *datadogV2.NewGetResourceEvaluationFiltersOptionalParameters().WithCloudProvider("aws").WithAccountId("123456789"))

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetResourceEvaluationFilters`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetResourceEvaluationFilters`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // List resource filters returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.api.SecurityMonitoringApi.GetResourceEvaluationFiltersOptionalParameters;
import com.datadog.api.client.v2.model.GetResourceEvaluationFiltersResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      GetResourceEvaluationFiltersResponse result =
          apiInstance.getResourceEvaluationFilters(
              new GetResourceEvaluationFiltersOptionalParameters()
                  .cloudProvider("aws")
                  .accountId("123456789"));
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#getResourceEvaluationFilters");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // List resource filters returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::GetResourceEvaluationFiltersOptionalParams;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .get_resource_evaluation_filters(
            GetResourceEvaluationFiltersOptionalParams::default()
                .cloud_provider("aws".to_string())
                .account_id("123456789".to_string()),
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * List resource filters returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiGetResourceEvaluationFiltersRequest = {
  cloudProvider: "aws",
  accountId: "123456789",
};

apiInstance
  .getResourceEvaluationFilters(params)
  .then((data: v2.GetResourceEvaluationFiltersResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Update resource filters

    PUT https://api.ap1.datadoghq.com/api/v2/cloud_security_management/resource_filtershttps://api.ap2.datadoghq.com/api/v2/cloud_security_management/resource_filtershttps://api.datadoghq.eu/api/v2/cloud_security_management/resource_filtershttps://api.ddog-gov.com/api/v2/cloud_security_management/resource_filtershttps://api.us2.ddog-gov.com/api/v2/cloud_security_management/resource_filtershttps://api.datadoghq.com/api/v2/cloud_security_management/resource_filtershttps://api.us3.datadoghq.com/api/v2/cloud_security_management/resource_filtershttps://api.us5.datadoghq.com/api/v2/cloud_security_management/resource_filters

    概要

    Update resource filters. This endpoint requires the security_monitoring_filters_write permission.

    OAuth apps require the security_monitoring_filters_write authorization scope to access this endpoint.

    リクエスト

    Body Data (required)

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    The definition of UpdateResourceFilterRequestData object.

    attributes [required]

    object

    Attributes of a resource filter.

    cloud_provider [required]

    object

    A map of cloud provider names (e.g., "aws", "gcp", "azure") to a map of account/resource IDs and their associated tag filters.

    <any-key>

    object

    <any-key>

    [string]

    uuid

    string

    The UUID of the resource filter.

    id

    string

    The UpdateResourceEvaluationFiltersRequestData id.

    type [required]

    enum

    Constant string to identify the request type. Allowed enum values: csm_resource_filter

    {
  "data": {
    "attributes": {
      "cloud_provider": {
        "aws": {
          "aws_account_id": [
            "tag1:v1"
          ]
        }
      }
    },
    "id": "csm_resource_filter",
    "type": "csm_resource_filter"
  }
}

    応答

    OK

    The definition of UpdateResourceEvaluationFiltersResponse object.

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    The definition of UpdateResourceFilterResponseData object.

    attributes [required]

    object

    Attributes of a resource filter.

    cloud_provider [required]

    object

    A map of cloud provider names (e.g., "aws", "gcp", "azure") to a map of account/resource IDs and their associated tag filters.

    <any-key>

    object

    <any-key>

    [string]

    uuid

    string

    The UUID of the resource filter.

    id

    string

    The data id.

    type [required]

    enum

    Constant string to identify the request type. Allowed enum values: csm_resource_filter

    {
  "data": {
    "attributes": {
      "cloud_provider": {
        "<any-key>": {
          "<any-key>": [
            "environment:production"
          ]
        }
      },
      "uuid": "string"
    },
    "id": "csm_resource_filter",
    "type": "csm_resource_filter"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Curl command
    curl -X PUT "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/cloud_security_management/resource_filters" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "aws": {
        "123456789": [
          "environment:production",
          "team:devops"
        ]
      },
      "azure": {
        "sub-001": [
          "app:frontend"
        ]
      },
      "gcp": {
        "project-abc": [
          "region:us-central1"
        ]
      }
    },
    "id": "csm_resource_filter",
    "type": "csm_resource_filter"
  }
}
EOF
    
                        
    // Update resource filters returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.UpdateResourceEvaluationFiltersRequest{
		Data: datadogV2.UpdateResourceEvaluationFiltersRequestData{
			Attributes: datadogV2.ResourceFilterAttributes{
				CloudProvider: map[string]map[string][]string{
					"aws": map[string][]string{
						"aws_account_id": []string{
							"tag1:v1",
						},
					},
				},
			},
			Id:   datadog.PtrString("csm_resource_filter"),
			Type: datadogV2.RESOURCEFILTERREQUESTTYPE_CSM_RESOURCE_FILTER,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.UpdateResourceEvaluationFilters(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.UpdateResourceEvaluationFilters`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.UpdateResourceEvaluationFilters`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Update resource filters returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.ResourceFilterAttributes;
import com.datadog.api.client.v2.model.ResourceFilterRequestType;
import com.datadog.api.client.v2.model.UpdateResourceEvaluationFiltersRequest;
import com.datadog.api.client.v2.model.UpdateResourceEvaluationFiltersRequestData;
import com.datadog.api.client.v2.model.UpdateResourceEvaluationFiltersResponse;
import java.util.Collections;
import java.util.Map;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    UpdateResourceEvaluationFiltersRequest body =
        new UpdateResourceEvaluationFiltersRequest()
            .data(
                new UpdateResourceEvaluationFiltersRequestData()
                    .attributes(
                        new ResourceFilterAttributes()
                            .cloudProvider(
                                Map.ofEntries(
                                    Map.entry(
                                        "aws",
                                        Map.ofEntries(
                                            Map.entry(
                                                "aws_account_id",
                                                Collections.singletonList("tag1:v1")))))))
                    .id("csm_resource_filter")
                    .type(ResourceFilterRequestType.CSM_RESOURCE_FILTER));

    try {
      UpdateResourceEvaluationFiltersResponse result =
          apiInstance.updateResourceEvaluationFilters(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#updateResourceEvaluationFilters");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Update resource filters returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.resource_filter_attributes import ResourceFilterAttributes
from datadog_api_client.v2.model.resource_filter_request_type import ResourceFilterRequestType
from datadog_api_client.v2.model.update_resource_evaluation_filters_request import (
    UpdateResourceEvaluationFiltersRequest,
)
from datadog_api_client.v2.model.update_resource_evaluation_filters_request_data import (
    UpdateResourceEvaluationFiltersRequestData,
)

body = UpdateResourceEvaluationFiltersRequest(
    data=UpdateResourceEvaluationFiltersRequestData(
        attributes=ResourceFilterAttributes(
            cloud_provider=dict(
                aws=dict(
                    aws_account_id=[
                        "tag1:v1",
                    ],
                ),
            ),
        ),
        id="csm_resource_filter",
        type=ResourceFilterRequestType.CSM_RESOURCE_FILTER,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.update_resource_evaluation_filters(body=body)

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Update resource filters returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::UpdateResourceEvaluationFiltersRequest.new({
  data: DatadogAPIClient::V2::UpdateResourceEvaluationFiltersRequestData.new({
    attributes: DatadogAPIClient::V2::ResourceFilterAttributes.new({
      cloud_provider: {
        aws: {
          aws_account_id: [
            "tag1:v1",
          ],
        },
      },
    }),
    id: "csm_resource_filter",
    type: DatadogAPIClient::V2::ResourceFilterRequestType::CSM_RESOURCE_FILTER,
  }),
})
p api_instance.update_resource_evaluation_filters(body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Update resource filters returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::ResourceFilterAttributes;
use datadog_api_client::datadogV2::model::ResourceFilterRequestType;
use datadog_api_client::datadogV2::model::UpdateResourceEvaluationFiltersRequest;
use datadog_api_client::datadogV2::model::UpdateResourceEvaluationFiltersRequestData;
use std::collections::BTreeMap;

#[tokio::main]
async fn main() {
    let body = UpdateResourceEvaluationFiltersRequest::new(
        UpdateResourceEvaluationFiltersRequestData::new(
            ResourceFilterAttributes::new(BTreeMap::from([(
                "aws".to_string(),
                BTreeMap::from([("aws_account_id".to_string(), vec!["tag1:v1".to_string()])]),
            )])),
            ResourceFilterRequestType::CSM_RESOURCE_FILTER,
        )
        .id("csm_resource_filter".to_string()),
    );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.update_resource_evaluation_filters(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Update resource filters returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiUpdateResourceEvaluationFiltersRequest = {
  body: {
    data: {
      attributes: {
        cloudProvider: {
          aws: {
            aws_account_id: ["tag1:v1"],
          },
        },
      },
      id: "csm_resource_filter",
      type: "csm_resource_filter",
    },
  },
};

apiInstance
  .updateResourceEvaluationFilters(params)
  .then((data: v2.UpdateResourceEvaluationFiltersResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Create a custom framework

    POST https://api.ap1.datadoghq.com/api/v2/cloud_security_management/custom_frameworkshttps://api.ap2.datadoghq.com/api/v2/cloud_security_management/custom_frameworkshttps://api.datadoghq.eu/api/v2/cloud_security_management/custom_frameworkshttps://api.ddog-gov.com/api/v2/cloud_security_management/custom_frameworkshttps://api.us2.ddog-gov.com/api/v2/cloud_security_management/custom_frameworkshttps://api.datadoghq.com/api/v2/cloud_security_management/custom_frameworkshttps://api.us3.datadoghq.com/api/v2/cloud_security_management/custom_frameworkshttps://api.us5.datadoghq.com/api/v2/cloud_security_management/custom_frameworks

    概要

    Create a custom framework. This endpoint requires all of the following permissions:

  • security_monitoring_rules_read
  • security_monitoring_rules_write

    • OAuth apps require the security_monitoring_rules_read, security_monitoring_rules_write authorization scope to access this endpoint.

    リクエスト

    Body Data (required)

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    Contains type and attributes for custom frameworks.

    attributes [required]

    object

    Framework Data Attributes.

    description

    string

    Framework Description

    handle [required]

    string

    Framework Handle

    icon_url

    string

    Framework Icon URL

    name [required]

    string

    Framework Name

    requirements [required]

    [object]

    Framework Requirements

    controls [required]

    [object]

    Requirement Controls.

    name [required]

    string

    Control Name.

    rules_id [required]

    [string]

    Rule IDs.

    name [required]

    string

    Requirement Name.

    version [required]

    string

    Framework Version

    type [required]

    enum

    The type of the resource. The value must be custom_framework. Allowed enum values: custom_framework

    default: custom_framework

    {
  "data": {
    "type": "custom_framework",
    "attributes": {
      "name": "name",
      "handle": "create-framework-new",
      "version": "10",
      "icon_url": "test-url",
      "requirements": [
        {
          "name": "requirement",
          "controls": [
            {
              "name": "control",
              "rules_id": [
                "def-000-be9"
              ]
            }
          ]
        }
      ]
    }
  }
}

    応答

    OK

    Response object to create a custom framework.

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    Contains type and attributes for custom frameworks.

    attributes [required]

    object

    Framework Handle and Version.

    handle

    string

    Framework Handle

    version

    string

    Framework Version

    id [required]

    string

    The ID of the custom framework.

    type [required]

    enum

    The type of the resource. The value must be custom_framework. Allowed enum values: custom_framework

    default: custom_framework

    {
  "data": {
    "attributes": {
      "handle": "sec2",
      "version": "2"
    },
    "id": "handle-version",
    "type": "custom_framework"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Conflict

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Curl command
    curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/cloud_security_management/custom_frameworks" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "handle": "sec2",
      "name": "security-framework",
      "requirements": [
        {
          "controls": [
            {
              "name": "control",
              "rules_id": [
                "def-000-be9"
              ]
            }
          ],
          "name": "criteria"
        }
      ],
      "version": "2"
    },
    "type": "custom_framework"
  }
}
EOF
    
                        
    // Create a custom framework returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.CreateCustomFrameworkRequest{
		Data: datadogV2.CustomFrameworkData{
			Type: datadogV2.CUSTOMFRAMEWORKTYPE_CUSTOM_FRAMEWORK,
			Attributes: datadogV2.CustomFrameworkDataAttributes{
				Name:    "name",
				Handle:  "create-framework-new",
				Version: "10",
				IconUrl: datadog.PtrString("test-url"),
				Requirements: []datadogV2.CustomFrameworkRequirement{
					{
						Name: "requirement",
						Controls: []datadogV2.CustomFrameworkControl{
							{
								Name: "control",
								RulesId: []string{
									"def-000-be9",
								},
							},
						},
					},
				},
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateCustomFramework(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateCustomFramework`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateCustomFramework`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Create a custom framework returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.CreateCustomFrameworkRequest;
import com.datadog.api.client.v2.model.CreateCustomFrameworkResponse;
import com.datadog.api.client.v2.model.CustomFrameworkControl;
import com.datadog.api.client.v2.model.CustomFrameworkData;
import com.datadog.api.client.v2.model.CustomFrameworkDataAttributes;
import com.datadog.api.client.v2.model.CustomFrameworkRequirement;
import com.datadog.api.client.v2.model.CustomFrameworkType;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    CreateCustomFrameworkRequest body =
        new CreateCustomFrameworkRequest()
            .data(
                new CustomFrameworkData()
                    .type(CustomFrameworkType.CUSTOM_FRAMEWORK)
                    .attributes(
                        new CustomFrameworkDataAttributes()
                            .name("name")
                            .handle("create-framework-new")
                            .version("10")
                            .iconUrl("test-url")
                            .requirements(
                                Collections.singletonList(
                                    new CustomFrameworkRequirement()
                                        .name("requirement")
                                        .controls(
                                            Collections.singletonList(
                                                new CustomFrameworkControl()
                                                    .name("control")
                                                    .rulesId(
                                                        Collections.singletonList(
                                                            "def-000-be9"))))))));

    try {
      CreateCustomFrameworkResponse result = apiInstance.createCustomFramework(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#createCustomFramework");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Create a custom framework returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.create_custom_framework_request import CreateCustomFrameworkRequest
from datadog_api_client.v2.model.custom_framework_control import CustomFrameworkControl
from datadog_api_client.v2.model.custom_framework_data import CustomFrameworkData
from datadog_api_client.v2.model.custom_framework_data_attributes import CustomFrameworkDataAttributes
from datadog_api_client.v2.model.custom_framework_requirement import CustomFrameworkRequirement
from datadog_api_client.v2.model.custom_framework_type import CustomFrameworkType

body = CreateCustomFrameworkRequest(
    data=CustomFrameworkData(
        type=CustomFrameworkType.CUSTOM_FRAMEWORK,
        attributes=CustomFrameworkDataAttributes(
            name="name",
            handle="create-framework-new",
            version="10",
            icon_url="test-url",
            requirements=[
                CustomFrameworkRequirement(
                    name="requirement",
                    controls=[
                        CustomFrameworkControl(
                            name="control",
                            rules_id=[
                                "def-000-be9",
                            ],
                        ),
                    ],
                ),
            ],
        ),
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_custom_framework(body=body)

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Create a custom framework returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::CreateCustomFrameworkRequest.new({
  data: DatadogAPIClient::V2::CustomFrameworkData.new({
    type: DatadogAPIClient::V2::CustomFrameworkType::CUSTOM_FRAMEWORK,
    attributes: DatadogAPIClient::V2::CustomFrameworkDataAttributes.new({
      name: "name",
      handle: "create-framework-new",
      version: "10",
      icon_url: "test-url",
      requirements: [
        DatadogAPIClient::V2::CustomFrameworkRequirement.new({
          name: "requirement",
          controls: [
            DatadogAPIClient::V2::CustomFrameworkControl.new({
              name: "control",
              rules_id: [
                "def-000-be9",
              ],
            }),
          ],
        }),
      ],
    }),
  }),
})
p api_instance.create_custom_framework(body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Create a custom framework returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::CreateCustomFrameworkRequest;
use datadog_api_client::datadogV2::model::CustomFrameworkControl;
use datadog_api_client::datadogV2::model::CustomFrameworkData;
use datadog_api_client::datadogV2::model::CustomFrameworkDataAttributes;
use datadog_api_client::datadogV2::model::CustomFrameworkRequirement;
use datadog_api_client::datadogV2::model::CustomFrameworkType;

#[tokio::main]
async fn main() {
    let body = CreateCustomFrameworkRequest::new(CustomFrameworkData::new(
        CustomFrameworkDataAttributes::new(
            "create-framework-new".to_string(),
            "name".to_string(),
            vec![CustomFrameworkRequirement::new(
                vec![CustomFrameworkControl::new(
                    "control".to_string(),
                    vec!["def-000-be9".to_string()],
                )],
                "requirement".to_string(),
            )],
            "10".to_string(),
        )
        .icon_url("test-url".to_string()),
        CustomFrameworkType::CUSTOM_FRAMEWORK,
    ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_custom_framework(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Create a custom framework returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateCustomFrameworkRequest = {
  body: {
    data: {
      type: "custom_framework",
      attributes: {
        name: "name",
        handle: "create-framework-new",
        version: "10",
        iconUrl: "test-url",
        requirements: [
          {
            name: "requirement",
            controls: [
              {
                name: "control",
                rulesId: ["def-000-be9"],
              },
            ],
          },
        ],
      },
    },
  },
};

apiInstance
  .createCustomFramework(params)
  .then((data: v2.CreateCustomFrameworkResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Get all security filters

    GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/security_filtershttps://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/security_filtershttps://api.datadoghq.eu/api/v2/security_monitoring/configuration/security_filtershttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/security_filtershttps://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/security_filtershttps://api.datadoghq.com/api/v2/security_monitoring/configuration/security_filtershttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/security_filtershttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters

    概要

    Get the list of configured security filters with their definitions. This endpoint requires the security_monitoring_filters_read permission.

    OAuth apps require the security_monitoring_filters_read authorization scope to access this endpoint.

    応答

    OK

    All the available security filters objects.

    Expand All

    フィールド

    種類

    説明

    data

    [object]

    A list of security filters objects.

    attributes

    object

    The object describing a security filter.

    exclusion_filters

    [object]

    The list of exclusion filters applied in this security filter.

    name

    string

    The exclusion filter name.

    query

    string

    The exclusion filter query.

    filtered_data_type

    enum

    The filtered data type. Allowed enum values: logs

    is_builtin

    boolean

    Whether the security filter is the built-in filter.

    is_enabled

    boolean

    Whether the security filter is enabled.

    name

    string

    The security filter name.

    query

    string

    The security filter query. Logs accepted by this query will be accepted by this filter.

    version

    int32

    The version of the security filter.

    id

    string

    The ID of the security filter.

    type

    enum

    The type of the resource. The value should always be security_filters. Allowed enum values: security_filters

    default: security_filters

    meta

    object

    Optional metadata associated to the response.

    warning

    string

    A warning message.

    {
  "data": [
    {
      "attributes": {
        "exclusion_filters": [
          {
            "name": "Exclude staging",
            "query": "source:staging"
          }
        ],
        "filtered_data_type": "logs",
        "is_builtin": false,
        "is_enabled": false,
        "name": "Custom security filter",
        "query": "service:api",
        "version": 1
      },
      "id": "3dd-0uc-h1s",
      "type": "security_filters"
    }
  ],
  "meta": {
    "warning": "All the security filters are disabled. As a result, no logs are being analyzed."
  }
}

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Curl command
    curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Get all security filters returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.list_security_filters()

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Get all security filters returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.list_security_filters()

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Get all security filters returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.ListSecurityFilters(ctx)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ListSecurityFilters`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.ListSecurityFilters`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Get all security filters returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityFiltersResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      SecurityFiltersResponse result = apiInstance.listSecurityFilters();
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#listSecurityFilters");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Get all security filters returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.list_security_filters().await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Get all security filters returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

apiInstance
  .listSecurityFilters()
  .then((data: v2.SecurityFiltersResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Create a security filter

    POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/security_filtershttps://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/security_filtershttps://api.datadoghq.eu/api/v2/security_monitoring/configuration/security_filtershttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/security_filtershttps://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/security_filtershttps://api.datadoghq.com/api/v2/security_monitoring/configuration/security_filtershttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/security_filtershttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters

    概要

    Create a security filter.

    See the security filter guide for more examples.

    This endpoint requires the security_monitoring_filters_write permission.

    OAuth apps require the security_monitoring_filters_write authorization scope to access this endpoint.

    リクエスト

    Body Data (required)

    The definition of the new security filter.

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    Object for a single security filter.

    attributes [required]

    object

    Object containing the attributes of the security filter to be created.

    exclusion_filters [required]

    [object]

    Exclusion filters to exclude some logs from the security filter.

    name [required]

    string

    Exclusion filter name.

    query [required]

    string

    Exclusion filter query. Logs that match this query are excluded from the security filter.

    filtered_data_type [required]

    enum

    The filtered data type. Allowed enum values: logs

    is_enabled [required]

    boolean

    Whether the security filter is enabled.

    name [required]

    string

    The name of the security filter.

    query [required]

    string

    The query of the security filter.

    type [required]

    enum

    The type of the resource. The value should always be security_filters. Allowed enum values: security_filters

    default: security_filters

    {
  "data": {
    "attributes": {
      "exclusion_filters": [
        {
          "name": "Exclude staging",
          "query": "source:staging"
        }
      ],
      "filtered_data_type": "logs",
      "is_enabled": true,
      "name": "Example-Security-Monitoring",
      "query": "service:ExampleSecurityMonitoring"
    },
    "type": "security_filters"
  }
}

    応答

    OK

    Response object which includes a single security filter.

    Expand All

    フィールド

    種類

    説明

    data

    object

    The security filter's properties.

    attributes

    object

    The object describing a security filter.

    exclusion_filters

    [object]

    The list of exclusion filters applied in this security filter.

    name

    string

    The exclusion filter name.

    query

    string

    The exclusion filter query.

    filtered_data_type

    enum

    The filtered data type. Allowed enum values: logs

    is_builtin

    boolean

    Whether the security filter is the built-in filter.

    is_enabled

    boolean

    Whether the security filter is enabled.

    name

    string

    The security filter name.

    query

    string

    The security filter query. Logs accepted by this query will be accepted by this filter.

    version

    int32

    The version of the security filter.

    id

    string

    The ID of the security filter.

    type

    enum

    The type of the resource. The value should always be security_filters. Allowed enum values: security_filters

    default: security_filters

    meta

    object

    Optional metadata associated to the response.

    warning

    string

    A warning message.

    {
  "data": {
    "attributes": {
      "exclusion_filters": [
        {
          "name": "Exclude staging",
          "query": "source:staging"
        }
      ],
      "filtered_data_type": "logs",
      "is_builtin": false,
      "is_enabled": false,
      "name": "Custom security filter",
      "query": "service:api",
      "version": 1
    },
    "id": "3dd-0uc-h1s",
    "type": "security_filters"
  },
  "meta": {
    "warning": "All the security filters are disabled. As a result, no logs are being analyzed."
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Conflict

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Curl command
    curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "exclusion_filters": [
        {
          "name": "Exclude staging",
          "query": "source:staging"
        }
      ],
      "filtered_data_type": "logs",
      "is_enabled": true,
      "name": "Custom security filter",
      "query": "service:api"
    },
    "type": "security_filters"
  }
}
EOF
    
                        
    // Create a security filter returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityFilterCreateRequest{
		Data: datadogV2.SecurityFilterCreateData{
			Attributes: datadogV2.SecurityFilterCreateAttributes{
				ExclusionFilters: []datadogV2.SecurityFilterExclusionFilter{
					{
						Name:  "Exclude staging",
						Query: "source:staging",
					},
				},
				FilteredDataType: datadogV2.SECURITYFILTERFILTEREDDATATYPE_LOGS,
				IsEnabled:        true,
				Name:             "Example-Security-Monitoring",
				Query:            "service:ExampleSecurityMonitoring",
			},
			Type: datadogV2.SECURITYFILTERTYPE_SECURITY_FILTERS,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateSecurityFilter(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSecurityFilter`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSecurityFilter`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Create a security filter returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityFilterCreateAttributes;
import com.datadog.api.client.v2.model.SecurityFilterCreateData;
import com.datadog.api.client.v2.model.SecurityFilterCreateRequest;
import com.datadog.api.client.v2.model.SecurityFilterExclusionFilter;
import com.datadog.api.client.v2.model.SecurityFilterFilteredDataType;
import com.datadog.api.client.v2.model.SecurityFilterResponse;
import com.datadog.api.client.v2.model.SecurityFilterType;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityFilterCreateRequest body =
        new SecurityFilterCreateRequest()
            .data(
                new SecurityFilterCreateData()
                    .attributes(
                        new SecurityFilterCreateAttributes()
                            .exclusionFilters(
                                Collections.singletonList(
                                    new SecurityFilterExclusionFilter()
                                        .name("Exclude staging")
                                        .query("source:staging")))
                            .filteredDataType(SecurityFilterFilteredDataType.LOGS)
                            .isEnabled(true)
                            .name("Example-Security-Monitoring")
                            .query("service:ExampleSecurityMonitoring"))
                    .type(SecurityFilterType.SECURITY_FILTERS));

    try {
      SecurityFilterResponse result = apiInstance.createSecurityFilter(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#createSecurityFilter");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Create a security filter returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_filter_create_attributes import SecurityFilterCreateAttributes
from datadog_api_client.v2.model.security_filter_create_data import SecurityFilterCreateData
from datadog_api_client.v2.model.security_filter_create_request import SecurityFilterCreateRequest
from datadog_api_client.v2.model.security_filter_exclusion_filter import SecurityFilterExclusionFilter
from datadog_api_client.v2.model.security_filter_filtered_data_type import SecurityFilterFilteredDataType
from datadog_api_client.v2.model.security_filter_type import SecurityFilterType

body = SecurityFilterCreateRequest(
    data=SecurityFilterCreateData(
        attributes=SecurityFilterCreateAttributes(
            exclusion_filters=[
                SecurityFilterExclusionFilter(
                    name="Exclude staging",
                    query="source:staging",
                ),
            ],
            filtered_data_type=SecurityFilterFilteredDataType.LOGS,
            is_enabled=True,
            name="Example-Security-Monitoring",
            query="service:ExampleSecurityMonitoring",
        ),
        type=SecurityFilterType.SECURITY_FILTERS,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_security_filter(body=body)

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Create a security filter returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityFilterCreateRequest.new({
  data: DatadogAPIClient::V2::SecurityFilterCreateData.new({
    attributes: DatadogAPIClient::V2::SecurityFilterCreateAttributes.new({
      exclusion_filters: [
        DatadogAPIClient::V2::SecurityFilterExclusionFilter.new({
          name: "Exclude staging",
          query: "source:staging",
        }),
      ],
      filtered_data_type: DatadogAPIClient::V2::SecurityFilterFilteredDataType::LOGS,
      is_enabled: true,
      name: "Example-Security-Monitoring",
      query: "service:ExampleSecurityMonitoring",
    }),
    type: DatadogAPIClient::V2::SecurityFilterType::SECURITY_FILTERS,
  }),
})
p api_instance.create_security_filter(body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Create a security filter returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityFilterCreateAttributes;
use datadog_api_client::datadogV2::model::SecurityFilterCreateData;
use datadog_api_client::datadogV2::model::SecurityFilterCreateRequest;
use datadog_api_client::datadogV2::model::SecurityFilterExclusionFilter;
use datadog_api_client::datadogV2::model::SecurityFilterFilteredDataType;
use datadog_api_client::datadogV2::model::SecurityFilterType;

#[tokio::main]
async fn main() {
    let body = SecurityFilterCreateRequest::new(SecurityFilterCreateData::new(
        SecurityFilterCreateAttributes::new(
            vec![SecurityFilterExclusionFilter::new(
                "Exclude staging".to_string(),
                "source:staging".to_string(),
            )],
            SecurityFilterFilteredDataType::LOGS,
            true,
            "Example-Security-Monitoring".to_string(),
            "service:ExampleSecurityMonitoring".to_string(),
        ),
        SecurityFilterType::SECURITY_FILTERS,
    ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_security_filter(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Create a security filter returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateSecurityFilterRequest = {
  body: {
    data: {
      attributes: {
        exclusionFilters: [
          {
            name: "Exclude staging",
            query: "source:staging",
          },
        ],
        filteredDataType: "logs",
        isEnabled: true,
        name: "Example-Security-Monitoring",
        query: "service:ExampleSecurityMonitoring",
      },
      type: "security_filters",
    },
  },
};

apiInstance
  .createSecurityFilter(params)
  .then((data: v2.SecurityFilterResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Get a security filter

    GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}

    概要

    Get the details of a specific security filter.

    See the security filter guide for more examples.

    This endpoint requires the security_monitoring_filters_read permission.

    OAuth apps require the security_monitoring_filters_read authorization scope to access this endpoint.

    引数

    パスパラメーター

    名前

    種類

    説明

    security_filter_id [required]

    string

    The ID of the security filter.

    応答

    OK

    Response object which includes a single security filter.

    Expand All

    フィールド

    種類

    説明

    data

    object

    The security filter's properties.

    attributes

    object

    The object describing a security filter.

    exclusion_filters

    [object]

    The list of exclusion filters applied in this security filter.

    name

    string

    The exclusion filter name.

    query

    string

    The exclusion filter query.

    filtered_data_type

    enum

    The filtered data type. Allowed enum values: logs

    is_builtin

    boolean

    Whether the security filter is the built-in filter.

    is_enabled

    boolean

    Whether the security filter is enabled.

    name

    string

    The security filter name.

    query

    string

    The security filter query. Logs accepted by this query will be accepted by this filter.

    version

    int32

    The version of the security filter.

    id

    string

    The ID of the security filter.

    type

    enum

    The type of the resource. The value should always be security_filters. Allowed enum values: security_filters

    default: security_filters

    meta

    object

    Optional metadata associated to the response.

    warning

    string

    A warning message.

    {
  "data": {
    "attributes": {
      "exclusion_filters": [
        {
          "name": "Exclude staging",
          "query": "source:staging"
        }
      ],
      "filtered_data_type": "logs",
      "is_builtin": false,
      "is_enabled": false,
      "name": "Custom security filter",
      "query": "service:api",
      "version": 1
    },
    "id": "3dd-0uc-h1s",
    "type": "security_filters"
  },
  "meta": {
    "warning": "All the security filters are disabled. As a result, no logs are being analyzed."
  }
}

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Path parameters
    export security_filter_id="CHANGE_ME"
    # Curl command
    curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/${security_filter_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Get a security filter returns "OK" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

# there is a valid "security_filter" in the system
SECURITY_FILTER_DATA_ID = environ["SECURITY_FILTER_DATA_ID"]

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_security_filter(
        security_filter_id=SECURITY_FILTER_DATA_ID,
    )

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Get a security filter returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "security_filter" in the system
SECURITY_FILTER_DATA_ID = ENV["SECURITY_FILTER_DATA_ID"]
p api_instance.get_security_filter(SECURITY_FILTER_DATA_ID)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Get a security filter returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "security_filter" in the system
	SecurityFilterDataID := os.Getenv("SECURITY_FILTER_DATA_ID")

	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetSecurityFilter(ctx, SecurityFilterDataID)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetSecurityFilter`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetSecurityFilter`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Get a security filter returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityFilterResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "security_filter" in the system
    String SECURITY_FILTER_DATA_ID = System.getenv("SECURITY_FILTER_DATA_ID");

    try {
      SecurityFilterResponse result = apiInstance.getSecurityFilter(SECURITY_FILTER_DATA_ID);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#getSecurityFilter");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Get a security filter returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    // there is a valid "security_filter" in the system
    let security_filter_data_id = std::env::var("SECURITY_FILTER_DATA_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .get_security_filter(security_filter_data_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Get a security filter returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "security_filter" in the system
const SECURITY_FILTER_DATA_ID = process.env.SECURITY_FILTER_DATA_ID as string;

const params: v2.SecurityMonitoringApiGetSecurityFilterRequest = {
  securityFilterId: SECURITY_FILTER_DATA_ID,
};

apiInstance
  .getSecurityFilter(params)
  .then((data: v2.SecurityFilterResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Update a security filter

    PATCH https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}

    概要

    Update a specific security filter. Returns the security filter object when the request is successful. This endpoint requires the security_monitoring_filters_write permission.

    OAuth apps require the security_monitoring_filters_write authorization scope to access this endpoint.

    引数

    パスパラメーター

    名前

    種類

    説明

    security_filter_id [required]

    string

    The ID of the security filter.

    リクエスト

    Body Data (required)

    New definition of the security filter.

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    The new security filter properties.

    attributes [required]

    object

    The security filters properties to be updated.

    exclusion_filters

    [object]

    Exclusion filters to exclude some logs from the security filter.

    name [required]

    string

    Exclusion filter name.

    query [required]

    string

    Exclusion filter query. Logs that match this query are excluded from the security filter.

    filtered_data_type

    enum

    The filtered data type. Allowed enum values: logs

    is_enabled

    boolean

    Whether the security filter is enabled.

    name

    string

    The name of the security filter.

    query

    string

    The query of the security filter.

    version

    int32

    The version of the security filter to update.

    type [required]

    enum

    The type of the resource. The value should always be security_filters. Allowed enum values: security_filters

    default: security_filters

    {
  "data": {
    "attributes": {
      "exclusion_filters": [],
      "filtered_data_type": "logs",
      "is_enabled": true,
      "name": "Example-Security-Monitoring",
      "query": "service:ExampleSecurityMonitoring",
      "version": 1
    },
    "type": "security_filters"
  }
}

    応答

    OK

    Response object which includes a single security filter.

    Expand All

    フィールド

    種類

    説明

    data

    object

    The security filter's properties.

    attributes

    object

    The object describing a security filter.

    exclusion_filters

    [object]

    The list of exclusion filters applied in this security filter.

    name

    string

    The exclusion filter name.

    query

    string

    The exclusion filter query.

    filtered_data_type

    enum

    The filtered data type. Allowed enum values: logs

    is_builtin

    boolean

    Whether the security filter is the built-in filter.

    is_enabled

    boolean

    Whether the security filter is enabled.

    name

    string

    The security filter name.

    query

    string

    The security filter query. Logs accepted by this query will be accepted by this filter.

    version

    int32

    The version of the security filter.

    id

    string

    The ID of the security filter.

    type

    enum

    The type of the resource. The value should always be security_filters. Allowed enum values: security_filters

    default: security_filters

    meta

    object

    Optional metadata associated to the response.

    warning

    string

    A warning message.

    {
  "data": {
    "attributes": {
      "exclusion_filters": [
        {
          "name": "Exclude staging",
          "query": "source:staging"
        }
      ],
      "filtered_data_type": "logs",
      "is_builtin": false,
      "is_enabled": false,
      "name": "Custom security filter",
      "query": "service:api",
      "version": 1
    },
    "id": "3dd-0uc-h1s",
    "type": "security_filters"
  },
  "meta": {
    "warning": "All the security filters are disabled. As a result, no logs are being analyzed."
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Concurrent Modification

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Path parameters
    export security_filter_id="CHANGE_ME"
    # Curl command
    curl -X PATCH "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/${security_filter_id}" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "exclusion_filters": [],
      "filtered_data_type": "logs",
      "is_enabled": true,
      "name": "Custom security filter",
      "query": "service:api",
      "version": 1
    },
    "type": "security_filters"
  }
}
EOF
    
                        
    // Update a security filter returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "security_filter" in the system
	SecurityFilterDataID := os.Getenv("SECURITY_FILTER_DATA_ID")

	body := datadogV2.SecurityFilterUpdateRequest{
		Data: datadogV2.SecurityFilterUpdateData{
			Attributes: datadogV2.SecurityFilterUpdateAttributes{
				ExclusionFilters: []datadogV2.SecurityFilterExclusionFilter{},
				FilteredDataType: datadogV2.SECURITYFILTERFILTEREDDATATYPE_LOGS.Ptr(),
				IsEnabled:        datadog.PtrBool(true),
				Name:             datadog.PtrString("Example-Security-Monitoring"),
				Query:            datadog.PtrString("service:ExampleSecurityMonitoring"),
				Version:          datadog.PtrInt32(1),
			},
			Type: datadogV2.SECURITYFILTERTYPE_SECURITY_FILTERS,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.UpdateSecurityFilter(ctx, SecurityFilterDataID, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.UpdateSecurityFilter`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.UpdateSecurityFilter`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Update a security filter returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityFilterFilteredDataType;
import com.datadog.api.client.v2.model.SecurityFilterResponse;
import com.datadog.api.client.v2.model.SecurityFilterType;
import com.datadog.api.client.v2.model.SecurityFilterUpdateAttributes;
import com.datadog.api.client.v2.model.SecurityFilterUpdateData;
import com.datadog.api.client.v2.model.SecurityFilterUpdateRequest;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "security_filter" in the system
    String SECURITY_FILTER_DATA_ID = System.getenv("SECURITY_FILTER_DATA_ID");

    SecurityFilterUpdateRequest body =
        new SecurityFilterUpdateRequest()
            .data(
                new SecurityFilterUpdateData()
                    .attributes(
                        new SecurityFilterUpdateAttributes()
                            .filteredDataType(SecurityFilterFilteredDataType.LOGS)
                            .isEnabled(true)
                            .name("Example-Security-Monitoring")
                            .query("service:ExampleSecurityMonitoring")
                            .version(1))
                    .type(SecurityFilterType.SECURITY_FILTERS));

    try {
      SecurityFilterResponse result =
          apiInstance.updateSecurityFilter(SECURITY_FILTER_DATA_ID, body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#updateSecurityFilter");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Update a security filter returns "OK" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_filter_filtered_data_type import SecurityFilterFilteredDataType
from datadog_api_client.v2.model.security_filter_type import SecurityFilterType
from datadog_api_client.v2.model.security_filter_update_attributes import SecurityFilterUpdateAttributes
from datadog_api_client.v2.model.security_filter_update_data import SecurityFilterUpdateData
from datadog_api_client.v2.model.security_filter_update_request import SecurityFilterUpdateRequest

# there is a valid "security_filter" in the system
SECURITY_FILTER_DATA_ID = environ["SECURITY_FILTER_DATA_ID"]

body = SecurityFilterUpdateRequest(
    data=SecurityFilterUpdateData(
        attributes=SecurityFilterUpdateAttributes(
            exclusion_filters=[],
            filtered_data_type=SecurityFilterFilteredDataType.LOGS,
            is_enabled=True,
            name="Example-Security-Monitoring",
            query="service:ExampleSecurityMonitoring",
            version=1,
        ),
        type=SecurityFilterType.SECURITY_FILTERS,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.update_security_filter(security_filter_id=SECURITY_FILTER_DATA_ID, body=body)

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Update a security filter returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "security_filter" in the system
SECURITY_FILTER_DATA_ID = ENV["SECURITY_FILTER_DATA_ID"]

body = DatadogAPIClient::V2::SecurityFilterUpdateRequest.new({
  data: DatadogAPIClient::V2::SecurityFilterUpdateData.new({
    attributes: DatadogAPIClient::V2::SecurityFilterUpdateAttributes.new({
      exclusion_filters: [],
      filtered_data_type: DatadogAPIClient::V2::SecurityFilterFilteredDataType::LOGS,
      is_enabled: true,
      name: "Example-Security-Monitoring",
      query: "service:ExampleSecurityMonitoring",
      version: 1,
    }),
    type: DatadogAPIClient::V2::SecurityFilterType::SECURITY_FILTERS,
  }),
})
p api_instance.update_security_filter(SECURITY_FILTER_DATA_ID, body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Update a security filter returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityFilterFilteredDataType;
use datadog_api_client::datadogV2::model::SecurityFilterType;
use datadog_api_client::datadogV2::model::SecurityFilterUpdateAttributes;
use datadog_api_client::datadogV2::model::SecurityFilterUpdateData;
use datadog_api_client::datadogV2::model::SecurityFilterUpdateRequest;

#[tokio::main]
async fn main() {
    // there is a valid "security_filter" in the system
    let security_filter_data_id = std::env::var("SECURITY_FILTER_DATA_ID").unwrap();
    let body = SecurityFilterUpdateRequest::new(SecurityFilterUpdateData::new(
        SecurityFilterUpdateAttributes::new()
            .exclusion_filters(vec![])
            .filtered_data_type(SecurityFilterFilteredDataType::LOGS)
            .is_enabled(true)
            .name("Example-Security-Monitoring".to_string())
            .query("service:ExampleSecurityMonitoring".to_string())
            .version(1),
        SecurityFilterType::SECURITY_FILTERS,
    ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .update_security_filter(security_filter_data_id.clone(), body)
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Update a security filter returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "security_filter" in the system
const SECURITY_FILTER_DATA_ID = process.env.SECURITY_FILTER_DATA_ID as string;

const params: v2.SecurityMonitoringApiUpdateSecurityFilterRequest = {
  body: {
    data: {
      attributes: {
        exclusionFilters: [],
        filteredDataType: "logs",
        isEnabled: true,
        name: "Example-Security-Monitoring",
        query: "service:ExampleSecurityMonitoring",
        version: 1,
      },
      type: "security_filters",
    },
  },
  securityFilterId: SECURITY_FILTER_DATA_ID,
};

apiInstance
  .updateSecurityFilter(params)
  .then((data: v2.SecurityFilterResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Delete a security filter

    DELETE https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/{security_filter_id}

    概要

    Delete a specific security filter. This endpoint requires the security_monitoring_filters_write permission.

    OAuth apps require the security_monitoring_filters_write authorization scope to access this endpoint.

    引数

    パスパラメーター

    名前

    種類

    説明

    security_filter_id [required]

    string

    The ID of the security filter.

    応答

    OK

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Path parameters
    export security_filter_id="CHANGE_ME"
    # Curl command
    curl -X DELETE "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/security_filters/${security_filter_id}" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Delete a security filter returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    api_instance.delete_security_filter(
        security_filter_id="security_filter_id",
    )

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Delete a security filter returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
api_instance.delete_security_filter("security_filter_id")

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Delete a security filter returns "OK" response

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	r, err := api.DeleteSecurityFilter(ctx, "security_filter_id")

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.DeleteSecurityFilter`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Delete a security filter returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      apiInstance.deleteSecurityFilter("security_filter_id");
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#deleteSecurityFilter");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Delete a security filter returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .delete_security_filter("security_filter_id".to_string())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Delete a security filter returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiDeleteSecurityFilterRequest = {
  securityFilterId: "security_filter_id",
};

apiInstance
  .deleteSecurityFilter(params)
  .then((data: any) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Get all suppression rules

    GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressionshttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressionshttps://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/suppressionshttps://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions

    概要

    Get the list of all suppression rules.

    OAuth apps require the security_monitoring_suppressions_read authorization scope to access this endpoint.

    引数

    クエリ文字列

    名前

    種類

    説明

    query

    string

    Query string.

    sort

    enum

    Attribute used to sort the list of suppression rules. Prefix with - to sort in descending order.
    Allowed enum values: name, start_date, expiration_date, update_date, enabled, -name, -start_date, -expiration_date, -update_date, -creation_date

    Show 1 more, -enabled

    page[size]

    integer

    Size for a given page. Use -1 to return all items.

    page[number]

    integer

    Specific page number to return.

    応答

    OK

    Response object containing the available suppression rules with pagination metadata.

    Expand All

    フィールド

    種類

    説明

    data

    [object]

    A list of suppressions objects.

    attributes

    object

    The attributes of the suppression rule.

    creation_date

    int64

    A Unix millisecond timestamp given the creation date of the suppression rule.

    creator

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    data_exclusion_query

    string

    An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

    description

    string

    A description for the suppression rule.

    editable

    boolean

    Whether the suppression rule is editable.

    enabled

    boolean

    Whether the suppression rule is enabled.

    expiration_date

    int64

    A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

    name

    string

    The name of the suppression rule.

    rule_query

    string

    The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

    start_date

    int64

    A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals.

    suppression_query

    string

    The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.

    tags

    [string]

    List of tags associated with the suppression rule.

    update_date

    int64

    A Unix millisecond timestamp given the update date of the suppression rule.

    updater

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    version

    int32

    The version of the suppression rule; it starts at 1, and is incremented at each update.

    id

    string

    The ID of the suppression rule.

    type

    enum

    The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

    default: suppressions

    meta

    object

    Metadata for the suppression list response.

    page

    object

    Pagination metadata.

    pageNumber

    int64

    Current page number.

    pageSize

    int64

    Current page size.

    totalCount

    int64

    Total count of suppressions.

    {
  "data": [
    {
      "attributes": {
        "creation_date": "integer",
        "creator": {
          "handle": "john.doe@datadoghq.com",
          "name": "John Doe"
        },
        "data_exclusion_query": "source:cloudtrail account_id:12345",
        "description": "This rule suppresses low-severity signals in staging environments.",
        "editable": true,
        "enabled": true,
        "expiration_date": 1703187336000,
        "name": "Custom suppression",
        "rule_query": "type:log_detection source:cloudtrail",
        "start_date": 1703187336000,
        "suppression_query": "env:staging status:low",
        "tags": [
          "technique:T1110-brute-force",
          "source:cloudtrail"
        ],
        "update_date": "integer",
        "updater": {
          "handle": "john.doe@datadoghq.com",
          "name": "John Doe"
        },
        "version": 42
      },
      "id": "3dd-0uc-h1s",
      "type": "suppressions"
    }
  ],
  "meta": {
    "page": {
      "pageNumber": 0,
      "pageSize": 2,
      "totalCount": 2
    }
  }
}

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Curl command
    curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Get all suppression rules returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.list_security_monitoring_suppressions()

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Get all suppression rules returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.list_security_monitoring_suppressions()

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Get all suppression rules returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.ListSecurityMonitoringSuppressions(ctx, *datadogV2.NewListSecurityMonitoringSuppressionsOptionalParameters())

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ListSecurityMonitoringSuppressions`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.ListSecurityMonitoringSuppressions`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Get all suppression rules returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringPaginatedSuppressionsResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      SecurityMonitoringPaginatedSuppressionsResponse result =
          apiInstance.listSecurityMonitoringSuppressions();
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#listSecurityMonitoringSuppressions");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Get all suppression rules returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::ListSecurityMonitoringSuppressionsOptionalParams;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .list_security_monitoring_suppressions(
            ListSecurityMonitoringSuppressionsOptionalParams::default(),
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Get all suppression rules returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

apiInstance
  .listSecurityMonitoringSuppressions()
  .then((data: v2.SecurityMonitoringPaginatedSuppressionsResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Create a suppression rule

    POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressionshttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressionshttps://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/suppressionshttps://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions

    概要

    Create a new suppression rule.

    OAuth apps require the security_monitoring_suppressions_write authorization scope to access this endpoint.

    リクエスト

    Body Data (required)

    The definition of the new suppression rule.

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    Object for a single suppression rule.

    attributes [required]

    object

    Object containing the attributes of the suppression rule to be created.

    data_exclusion_query

    string

    An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

    description

    string

    A description for the suppression rule.

    enabled [required]

    boolean

    Whether the suppression rule is enabled.

    expiration_date

    int64

    A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

    name [required]

    string

    The name of the suppression rule.

    rule_query [required]

    string

    The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

    start_date

    int64

    A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals.

    suppression_query

    string

    The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer.

    tags

    [string]

    List of tags associated with the suppression rule.

    type [required]

    enum

    The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

    default: suppressions

    {
  "data": {
    "attributes": {
      "description": "This rule suppresses low-severity signals in staging environments.",
      "enabled": true,
      "start_date": 1637493071000,
      "expiration_date": 1638443471000,
      "name": "Example-Security-Monitoring",
      "rule_query": "type:log_detection source:cloudtrail",
      "suppression_query": "env:staging status:low",
      "tags": [
        "technique:T1110-brute-force",
        "source:cloudtrail"
      ]
    },
    "type": "suppressions"
  }
}
    {
  "data": {
    "attributes": {
      "description": "This rule suppresses low-severity signals in staging environments.",
      "enabled": true,
      "start_date": 1637493071000,
      "expiration_date": 1638443471000,
      "name": "Example-Security-Monitoring",
      "rule_query": "type:log_detection source:cloudtrail",
      "data_exclusion_query": "account_id:12345"
    },
    "type": "suppressions"
  }
}

    応答

    OK

    Response object containing a single suppression rule.

    Expand All

    フィールド

    種類

    説明

    data

    object

    The suppression rule's properties.

    attributes

    object

    The attributes of the suppression rule.

    creation_date

    int64

    A Unix millisecond timestamp given the creation date of the suppression rule.

    creator

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    data_exclusion_query

    string

    An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

    description

    string

    A description for the suppression rule.

    editable

    boolean

    Whether the suppression rule is editable.

    enabled

    boolean

    Whether the suppression rule is enabled.

    expiration_date

    int64

    A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

    name

    string

    The name of the suppression rule.

    rule_query

    string

    The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

    start_date

    int64

    A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals.

    suppression_query

    string

    The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.

    tags

    [string]

    List of tags associated with the suppression rule.

    update_date

    int64

    A Unix millisecond timestamp given the update date of the suppression rule.

    updater

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    version

    int32

    The version of the suppression rule; it starts at 1, and is incremented at each update.

    id

    string

    The ID of the suppression rule.

    type

    enum

    The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

    default: suppressions

    {
  "data": {
    "attributes": {
      "creation_date": "integer",
      "creator": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "data_exclusion_query": "source:cloudtrail account_id:12345",
      "description": "This rule suppresses low-severity signals in staging environments.",
      "editable": true,
      "enabled": true,
      "expiration_date": 1703187336000,
      "name": "Custom suppression",
      "rule_query": "type:log_detection source:cloudtrail",
      "start_date": 1703187336000,
      "suppression_query": "env:staging status:low",
      "tags": [
        "technique:T1110-brute-force",
        "source:cloudtrail"
      ],
      "update_date": "integer",
      "updater": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "version": 42
    },
    "id": "3dd-0uc-h1s",
    "type": "suppressions"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Conflict

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Curl command
    curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "data_exclusion_query": "source:cloudtrail account_id:12345",
      "description": "This rule suppresses low-severity signals in staging environments.",
      "enabled": true,
      "expiration_date": 1703187336000,
      "name": "Custom suppression",
      "rule_query": "type:log_detection source:cloudtrail",
      "start_date": 1703187336000,
      "suppression_query": "env:staging status:low",
      "tags": [
        "technique:T1110-brute-force",
        "source:cloudtrail"
      ]
    },
    "type": "suppressions"
  }
}
EOF
    
                        
                              ## default
# 

    # Curl command
    curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "data_exclusion_query": "source:cloudtrail account_id:12345",
      "description": "This rule suppresses low-severity signals in staging environments.",
      "enabled": true,
      "expiration_date": 1703187336000,
      "name": "Custom suppression",
      "rule_query": "type:log_detection source:cloudtrail",
      "start_date": 1703187336000,
      "suppression_query": "env:staging status:low",
      "tags": [
        "technique:T1110-brute-force",
        "source:cloudtrail"
      ]
    },
    "type": "suppressions"
  }
}
EOF
    
                        
    // Create a suppression rule returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityMonitoringSuppressionCreateRequest{
		Data: datadogV2.SecurityMonitoringSuppressionCreateData{
			Attributes: datadogV2.SecurityMonitoringSuppressionCreateAttributes{
				Description:      datadog.PtrString("This rule suppresses low-severity signals in staging environments."),
				Enabled:          true,
				StartDate:        datadog.PtrInt64(1637493071000),
				ExpirationDate:   datadog.PtrInt64(1638443471000),
				Name:             "Example-Security-Monitoring",
				RuleQuery:        "type:log_detection source:cloudtrail",
				SuppressionQuery: datadog.PtrString("env:staging status:low"),
				Tags: []string{
					"technique:T1110-brute-force",
					"source:cloudtrail",
				},
			},
			Type: datadogV2.SECURITYMONITORINGSUPPRESSIONTYPE_SUPPRESSIONS,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateSecurityMonitoringSuppression(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`:\n%s\n", responseContent)
}

    // Create a suppression rule with an exclusion query returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityMonitoringSuppressionCreateRequest{
		Data: datadogV2.SecurityMonitoringSuppressionCreateData{
			Attributes: datadogV2.SecurityMonitoringSuppressionCreateAttributes{
				Description:        datadog.PtrString("This rule suppresses low-severity signals in staging environments."),
				Enabled:            true,
				StartDate:          datadog.PtrInt64(1637493071000),
				ExpirationDate:     datadog.PtrInt64(1638443471000),
				Name:               "Example-Security-Monitoring",
				RuleQuery:          "type:log_detection source:cloudtrail",
				DataExclusionQuery: datadog.PtrString("account_id:12345"),
			},
			Type: datadogV2.SECURITYMONITORINGSUPPRESSIONTYPE_SUPPRESSIONS,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateSecurityMonitoringSuppression(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Create a suppression rule returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionType;
import java.util.Arrays;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringSuppressionCreateRequest body =
        new SecurityMonitoringSuppressionCreateRequest()
            .data(
                new SecurityMonitoringSuppressionCreateData()
                    .attributes(
                        new SecurityMonitoringSuppressionCreateAttributes()
                            .description(
                                "This rule suppresses low-severity signals in staging"
                                    + " environments.")
                            .enabled(true)
                            .startDate(1637493071000L)
                            .expirationDate(1638443471000L)
                            .name("Example-Security-Monitoring")
                            .ruleQuery("type:log_detection source:cloudtrail")
                            .suppressionQuery("env:staging status:low")
                            .tags(
                                Arrays.asList("technique:T1110-brute-force", "source:cloudtrail")))
                    .type(SecurityMonitoringSuppressionType.SUPPRESSIONS));

    try {
      SecurityMonitoringSuppressionResponse result =
          apiInstance.createSecurityMonitoringSuppression(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#createSecurityMonitoringSuppression");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    // Create a suppression rule with an exclusion query returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionType;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringSuppressionCreateRequest body =
        new SecurityMonitoringSuppressionCreateRequest()
            .data(
                new SecurityMonitoringSuppressionCreateData()
                    .attributes(
                        new SecurityMonitoringSuppressionCreateAttributes()
                            .description(
                                "This rule suppresses low-severity signals in staging"
                                    + " environments.")
                            .enabled(true)
                            .startDate(1637493071000L)
                            .expirationDate(1638443471000L)
                            .name("Example-Security-Monitoring")
                            .ruleQuery("type:log_detection source:cloudtrail")
                            .dataExclusionQuery("account_id:12345"))
                    .type(SecurityMonitoringSuppressionType.SUPPRESSIONS));

    try {
      SecurityMonitoringSuppressionResponse result =
          apiInstance.createSecurityMonitoringSuppression(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#createSecurityMonitoringSuppression");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Create a suppression rule returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_suppression_create_attributes import (
    SecurityMonitoringSuppressionCreateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_suppression_create_data import (
    SecurityMonitoringSuppressionCreateData,
)
from datadog_api_client.v2.model.security_monitoring_suppression_create_request import (
    SecurityMonitoringSuppressionCreateRequest,
)
from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType

body = SecurityMonitoringSuppressionCreateRequest(
    data=SecurityMonitoringSuppressionCreateData(
        attributes=SecurityMonitoringSuppressionCreateAttributes(
            description="This rule suppresses low-severity signals in staging environments.",
            enabled=True,
            start_date=1637493071000,
            expiration_date=1638443471000,
            name="Example-Security-Monitoring",
            rule_query="type:log_detection source:cloudtrail",
            suppression_query="env:staging status:low",
            tags=[
                "technique:T1110-brute-force",
                "source:cloudtrail",
            ],
        ),
        type=SecurityMonitoringSuppressionType.SUPPRESSIONS,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_security_monitoring_suppression(body=body)

    print(response)

    """
Create a suppression rule with an exclusion query returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_suppression_create_attributes import (
    SecurityMonitoringSuppressionCreateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_suppression_create_data import (
    SecurityMonitoringSuppressionCreateData,
)
from datadog_api_client.v2.model.security_monitoring_suppression_create_request import (
    SecurityMonitoringSuppressionCreateRequest,
)
from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType

body = SecurityMonitoringSuppressionCreateRequest(
    data=SecurityMonitoringSuppressionCreateData(
        attributes=SecurityMonitoringSuppressionCreateAttributes(
            description="This rule suppresses low-severity signals in staging environments.",
            enabled=True,
            start_date=1637493071000,
            expiration_date=1638443471000,
            name="Example-Security-Monitoring",
            rule_query="type:log_detection source:cloudtrail",
            data_exclusion_query="account_id:12345",
        ),
        type=SecurityMonitoringSuppressionType.SUPPRESSIONS,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_security_monitoring_suppression(body=body)

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Create a suppression rule returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateData.new({
    attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateAttributes.new({
      description: "This rule suppresses low-severity signals in staging environments.",
      enabled: true,
      start_date: 1637493071000,
      expiration_date: 1638443471000,
      name: "Example-Security-Monitoring",
      rule_query: "type:log_detection source:cloudtrail",
      suppression_query: "env:staging status:low",
      tags: [
        "technique:T1110-brute-force",
        "source:cloudtrail",
      ],
    }),
    type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS,
  }),
})
p api_instance.create_security_monitoring_suppression(body)

    # Create a suppression rule with an exclusion query returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateData.new({
    attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateAttributes.new({
      description: "This rule suppresses low-severity signals in staging environments.",
      enabled: true,
      start_date: 1637493071000,
      expiration_date: 1638443471000,
      name: "Example-Security-Monitoring",
      rule_query: "type:log_detection source:cloudtrail",
      data_exclusion_query: "account_id:12345",
    }),
    type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS,
  }),
})
p api_instance.create_security_monitoring_suppression(body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Create a suppression rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateAttributes;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateData;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateRequest;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionType;

#[tokio::main]
async fn main() {
    let body = SecurityMonitoringSuppressionCreateRequest::new(
        SecurityMonitoringSuppressionCreateData::new(
            SecurityMonitoringSuppressionCreateAttributes::new(
                true,
                "Example-Security-Monitoring".to_string(),
                "type:log_detection source:cloudtrail".to_string(),
            )
            .description(
                "This rule suppresses low-severity signals in staging environments.".to_string(),
            )
            .expiration_date(1638443471000)
            .start_date(1637493071000)
            .suppression_query("env:staging status:low".to_string())
            .tags(vec![
                "technique:T1110-brute-force".to_string(),
                "source:cloudtrail".to_string(),
            ]),
            SecurityMonitoringSuppressionType::SUPPRESSIONS,
        ),
    );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_security_monitoring_suppression(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    // Create a suppression rule with an exclusion query returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateAttributes;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateData;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateRequest;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionType;

#[tokio::main]
async fn main() {
    let body = SecurityMonitoringSuppressionCreateRequest::new(
        SecurityMonitoringSuppressionCreateData::new(
            SecurityMonitoringSuppressionCreateAttributes::new(
                true,
                "Example-Security-Monitoring".to_string(),
                "type:log_detection source:cloudtrail".to_string(),
            )
            .data_exclusion_query("account_id:12345".to_string())
            .description(
                "This rule suppresses low-severity signals in staging environments.".to_string(),
            )
            .expiration_date(1638443471000)
            .start_date(1637493071000),
            SecurityMonitoringSuppressionType::SUPPRESSIONS,
        ),
    );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_security_monitoring_suppression(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Create a suppression rule returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateSecurityMonitoringSuppressionRequest =
  {
    body: {
      data: {
        attributes: {
          description:
            "This rule suppresses low-severity signals in staging environments.",
          enabled: true,
          startDate: 1637493071000,
          expirationDate: 1638443471000,
          name: "Example-Security-Monitoring",
          ruleQuery: "type:log_detection source:cloudtrail",
          suppressionQuery: "env:staging status:low",
          tags: ["technique:T1110-brute-force", "source:cloudtrail"],
        },
        type: "suppressions",
      },
    },
  };

apiInstance
  .createSecurityMonitoringSuppression(params)
  .then((data: v2.SecurityMonitoringSuppressionResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    /**
 * Create a suppression rule with an exclusion query returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateSecurityMonitoringSuppressionRequest =
  {
    body: {
      data: {
        attributes: {
          description:
            "This rule suppresses low-severity signals in staging environments.",
          enabled: true,
          startDate: 1637493071000,
          expirationDate: 1638443471000,
          name: "Example-Security-Monitoring",
          ruleQuery: "type:log_detection source:cloudtrail",
          dataExclusionQuery: "account_id:12345",
        },
        type: "suppressions",
      },
    },
  };

apiInstance
  .createSecurityMonitoringSuppression(params)
  .then((data: v2.SecurityMonitoringSuppressionResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Get a suppression rule

    GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}

    概要

    Get the details of a specific suppression rule.

    OAuth apps require the security_monitoring_suppressions_read authorization scope to access this endpoint.

    引数

    パスパラメーター

    名前

    種類

    説明

    suppression_id [required]

    string

    The ID of the suppression rule

    応答

    OK

    Response object containing a single suppression rule.

    Expand All

    フィールド

    種類

    説明

    data

    object

    The suppression rule's properties.

    attributes

    object

    The attributes of the suppression rule.

    creation_date

    int64

    A Unix millisecond timestamp given the creation date of the suppression rule.

    creator

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    data_exclusion_query

    string

    An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

    description

    string

    A description for the suppression rule.

    editable

    boolean

    Whether the suppression rule is editable.

    enabled

    boolean

    Whether the suppression rule is enabled.

    expiration_date

    int64

    A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

    name

    string

    The name of the suppression rule.

    rule_query

    string

    The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

    start_date

    int64

    A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals.

    suppression_query

    string

    The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.

    tags

    [string]

    List of tags associated with the suppression rule.

    update_date

    int64

    A Unix millisecond timestamp given the update date of the suppression rule.

    updater

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    version

    int32

    The version of the suppression rule; it starts at 1, and is incremented at each update.

    id

    string

    The ID of the suppression rule.

    type

    enum

    The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

    default: suppressions

    {
  "data": {
    "attributes": {
      "creation_date": "integer",
      "creator": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "data_exclusion_query": "source:cloudtrail account_id:12345",
      "description": "This rule suppresses low-severity signals in staging environments.",
      "editable": true,
      "enabled": true,
      "expiration_date": 1703187336000,
      "name": "Custom suppression",
      "rule_query": "type:log_detection source:cloudtrail",
      "start_date": 1703187336000,
      "suppression_query": "env:staging status:low",
      "tags": [
        "technique:T1110-brute-force",
        "source:cloudtrail"
      ],
      "update_date": "integer",
      "updater": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "version": 42
    },
    "id": "3dd-0uc-h1s",
    "type": "suppressions"
  }
}

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Path parameters
    export suppression_id="CHANGE_ME"
    # Curl command
    curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/${suppression_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Get a suppression rule returns "OK" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = environ["SUPPRESSION_DATA_ID"]

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_security_monitoring_suppression(
        suppression_id=SUPPRESSION_DATA_ID,
    )

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Get a suppression rule returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = ENV["SUPPRESSION_DATA_ID"]
p api_instance.get_security_monitoring_suppression(SUPPRESSION_DATA_ID)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Get a suppression rule returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "suppression" in the system
	SuppressionDataID := os.Getenv("SUPPRESSION_DATA_ID")

	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetSecurityMonitoringSuppression(ctx, SuppressionDataID)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetSecurityMonitoringSuppression`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetSecurityMonitoringSuppression`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Get a suppression rule returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "suppression" in the system
    String SUPPRESSION_DATA_ID = System.getenv("SUPPRESSION_DATA_ID");

    try {
      SecurityMonitoringSuppressionResponse result =
          apiInstance.getSecurityMonitoringSuppression(SUPPRESSION_DATA_ID);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#getSecurityMonitoringSuppression");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Get a suppression rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    // there is a valid "suppression" in the system
    let suppression_data_id = std::env::var("SUPPRESSION_DATA_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .get_security_monitoring_suppression(suppression_data_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Get a suppression rule returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "suppression" in the system
const SUPPRESSION_DATA_ID = process.env.SUPPRESSION_DATA_ID as string;

const params: v2.SecurityMonitoringApiGetSecurityMonitoringSuppressionRequest =
  {
    suppressionId: SUPPRESSION_DATA_ID,
  };

apiInstance
  .getSecurityMonitoringSuppression(params)
  .then((data: v2.SecurityMonitoringSuppressionResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Update a suppression rule

    PATCH https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}

    概要

    Update a specific suppression rule.

    OAuth apps require the security_monitoring_suppressions_write authorization scope to access this endpoint.

    引数

    パスパラメーター

    名前

    種類

    説明

    suppression_id [required]

    string

    The ID of the suppression rule

    リクエスト

    Body Data (required)

    New definition of the suppression rule. Supports partial updates.

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    The new suppression properties; partial updates are supported.

    attributes [required]

    object

    The suppression rule properties to be updated.

    data_exclusion_query

    string

    An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

    description

    string

    A description for the suppression rule.

    enabled

    boolean

    Whether the suppression rule is enabled.

    expiration_date

    int64

    A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. If unset, the expiration date of the suppression rule is left untouched. If set to null, the expiration date is removed.

    name

    string

    The name of the suppression rule.

    rule_query

    string

    The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

    start_date

    int64

    A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals. If unset, the start date of the suppression rule is left untouched. If set to null, the start date is removed.

    suppression_query

    string

    The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.

    tags

    [string]

    List of tags associated with the suppression rule.

    version

    int32

    The current version of the suppression. This is optional, but it can help prevent concurrent modifications.

    type [required]

    enum

    The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

    default: suppressions

    {
  "data": {
    "attributes": {
      "suppression_query": "env:staging status:low"
    },
    "type": "suppressions"
  }
}

    応答

    OK

    Response object containing a single suppression rule.

    Expand All

    フィールド

    種類

    説明

    data

    object

    The suppression rule's properties.

    attributes

    object

    The attributes of the suppression rule.

    creation_date

    int64

    A Unix millisecond timestamp given the creation date of the suppression rule.

    creator

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    data_exclusion_query

    string

    An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

    description

    string

    A description for the suppression rule.

    editable

    boolean

    Whether the suppression rule is editable.

    enabled

    boolean

    Whether the suppression rule is enabled.

    expiration_date

    int64

    A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

    name

    string

    The name of the suppression rule.

    rule_query

    string

    The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

    start_date

    int64

    A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals.

    suppression_query

    string

    The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.

    tags

    [string]

    List of tags associated with the suppression rule.

    update_date

    int64

    A Unix millisecond timestamp given the update date of the suppression rule.

    updater

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    version

    int32

    The version of the suppression rule; it starts at 1, and is incremented at each update.

    id

    string

    The ID of the suppression rule.

    type

    enum

    The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

    default: suppressions

    {
  "data": {
    "attributes": {
      "creation_date": "integer",
      "creator": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "data_exclusion_query": "source:cloudtrail account_id:12345",
      "description": "This rule suppresses low-severity signals in staging environments.",
      "editable": true,
      "enabled": true,
      "expiration_date": 1703187336000,
      "name": "Custom suppression",
      "rule_query": "type:log_detection source:cloudtrail",
      "start_date": 1703187336000,
      "suppression_query": "env:staging status:low",
      "tags": [
        "technique:T1110-brute-force",
        "source:cloudtrail"
      ],
      "update_date": "integer",
      "updater": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "version": 42
    },
    "id": "3dd-0uc-h1s",
    "type": "suppressions"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Concurrent Modification

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Path parameters
    export suppression_id="CHANGE_ME"
    # Curl command
    curl -X PATCH "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/${suppression_id}" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "data_exclusion_query": "source:cloudtrail account_id:12345",
      "description": "This rule suppresses low-severity signals in staging environments.",
      "enabled": true,
      "expiration_date": 1703187336000,
      "name": "Custom suppression",
      "rule_query": "type:log_detection source:cloudtrail",
      "start_date": 1703187336000,
      "suppression_query": "env:staging status:low",
      "tags": [
        "technique:T1110-brute-force",
        "source:cloudtrail"
      ]
    },
    "type": "suppressions"
  }
}
EOF
    
                        
    // Update a suppression rule returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "suppression" in the system
	SuppressionDataID := os.Getenv("SUPPRESSION_DATA_ID")

	body := datadogV2.SecurityMonitoringSuppressionUpdateRequest{
		Data: datadogV2.SecurityMonitoringSuppressionUpdateData{
			Attributes: datadogV2.SecurityMonitoringSuppressionUpdateAttributes{
				SuppressionQuery: datadog.PtrString("env:staging status:low"),
			},
			Type: datadogV2.SECURITYMONITORINGSUPPRESSIONTYPE_SUPPRESSIONS,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.UpdateSecurityMonitoringSuppression(ctx, SuppressionDataID, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.UpdateSecurityMonitoringSuppression`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.UpdateSecurityMonitoringSuppression`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Update a suppression rule returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionType;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionUpdateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionUpdateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionUpdateRequest;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "suppression" in the system
    String SUPPRESSION_DATA_ID = System.getenv("SUPPRESSION_DATA_ID");

    SecurityMonitoringSuppressionUpdateRequest body =
        new SecurityMonitoringSuppressionUpdateRequest()
            .data(
                new SecurityMonitoringSuppressionUpdateData()
                    .attributes(
                        new SecurityMonitoringSuppressionUpdateAttributes()
                            .suppressionQuery("env:staging status:low"))
                    .type(SecurityMonitoringSuppressionType.SUPPRESSIONS));

    try {
      SecurityMonitoringSuppressionResponse result =
          apiInstance.updateSecurityMonitoringSuppression(SUPPRESSION_DATA_ID, body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#updateSecurityMonitoringSuppression");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Update a suppression rule returns "OK" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType
from datadog_api_client.v2.model.security_monitoring_suppression_update_attributes import (
    SecurityMonitoringSuppressionUpdateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_suppression_update_data import (
    SecurityMonitoringSuppressionUpdateData,
)
from datadog_api_client.v2.model.security_monitoring_suppression_update_request import (
    SecurityMonitoringSuppressionUpdateRequest,
)

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = environ["SUPPRESSION_DATA_ID"]

body = SecurityMonitoringSuppressionUpdateRequest(
    data=SecurityMonitoringSuppressionUpdateData(
        attributes=SecurityMonitoringSuppressionUpdateAttributes(
            suppression_query="env:staging status:low",
        ),
        type=SecurityMonitoringSuppressionType.SUPPRESSIONS,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.update_security_monitoring_suppression(suppression_id=SUPPRESSION_DATA_ID, body=body)

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Update a suppression rule returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = ENV["SUPPRESSION_DATA_ID"]

body = DatadogAPIClient::V2::SecurityMonitoringSuppressionUpdateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringSuppressionUpdateData.new({
    attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionUpdateAttributes.new({
      suppression_query: "env:staging status:low",
    }),
    type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS,
  }),
})
p api_instance.update_security_monitoring_suppression(SUPPRESSION_DATA_ID, body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Update a suppression rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionType;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionUpdateAttributes;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionUpdateData;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionUpdateRequest;

#[tokio::main]
async fn main() {
    // there is a valid "suppression" in the system
    let suppression_data_id = std::env::var("SUPPRESSION_DATA_ID").unwrap();
    let body = SecurityMonitoringSuppressionUpdateRequest::new(
        SecurityMonitoringSuppressionUpdateData::new(
            SecurityMonitoringSuppressionUpdateAttributes::new()
                .suppression_query("env:staging status:low".to_string()),
            SecurityMonitoringSuppressionType::SUPPRESSIONS,
        ),
    );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .update_security_monitoring_suppression(suppression_data_id.clone(), body)
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Update a suppression rule returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "suppression" in the system
const SUPPRESSION_DATA_ID = process.env.SUPPRESSION_DATA_ID as string;

const params: v2.SecurityMonitoringApiUpdateSecurityMonitoringSuppressionRequest =
  {
    body: {
      data: {
        attributes: {
          suppressionQuery: "env:staging status:low",
        },
        type: "suppressions",
      },
    },
    suppressionId: SUPPRESSION_DATA_ID,
  };

apiInstance
  .updateSecurityMonitoringSuppression(params)
  .then((data: v2.SecurityMonitoringSuppressionResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Delete a suppression rule

    DELETE https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}

    概要

    Delete a specific suppression rule.

    OAuth apps require the security_monitoring_suppressions_write authorization scope to access this endpoint.

    引数

    パスパラメーター

    名前

    種類

    説明

    suppression_id [required]

    string

    The ID of the suppression rule

    応答

    OK

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Path parameters
    export suppression_id="CHANGE_ME"
    # Curl command
    curl -X DELETE "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/${suppression_id}" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Delete a suppression rule returns "OK" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = environ["SUPPRESSION_DATA_ID"]

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    api_instance.delete_security_monitoring_suppression(
        suppression_id=SUPPRESSION_DATA_ID,
    )

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Delete a suppression rule returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = ENV["SUPPRESSION_DATA_ID"]
api_instance.delete_security_monitoring_suppression(SUPPRESSION_DATA_ID)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Delete a suppression rule returns "OK" response

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "suppression" in the system
	SuppressionDataID := os.Getenv("SUPPRESSION_DATA_ID")

	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	r, err := api.DeleteSecurityMonitoringSuppression(ctx, SuppressionDataID)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.DeleteSecurityMonitoringSuppression`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Delete a suppression rule returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "suppression" in the system
    String SUPPRESSION_DATA_ID = System.getenv("SUPPRESSION_DATA_ID");

    try {
      apiInstance.deleteSecurityMonitoringSuppression(SUPPRESSION_DATA_ID);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#deleteSecurityMonitoringSuppression");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Delete a suppression rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    // there is a valid "suppression" in the system
    let suppression_data_id = std::env::var("SUPPRESSION_DATA_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .delete_security_monitoring_suppression(suppression_data_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Delete a suppression rule returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "suppression" in the system
const SUPPRESSION_DATA_ID = process.env.SUPPRESSION_DATA_ID as string;

const params: v2.SecurityMonitoringApiDeleteSecurityMonitoringSuppressionRequest =
  {
    suppressionId: SUPPRESSION_DATA_ID,
  };

apiInstance
  .deleteSecurityMonitoringSuppression(params)
  .then((data: any) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Validate a suppression rule

    POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/validationhttps://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/validationhttps://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/validationhttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/validationhttps://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/validationhttps://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/validationhttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/validationhttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/validation

    概要

    Validate a suppression rule. This endpoint requires the security_monitoring_suppressions_write permission.

    OAuth apps require the security_monitoring_suppressions_write authorization scope to access this endpoint.

    リクエスト

    Body Data (required)

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    Object for a single suppression rule.

    attributes [required]

    object

    Object containing the attributes of the suppression rule to be created.

    data_exclusion_query

    string

    An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

    description

    string

    A description for the suppression rule.

    enabled [required]

    boolean

    Whether the suppression rule is enabled.

    expiration_date

    int64

    A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

    name [required]

    string

    The name of the suppression rule.

    rule_query [required]

    string

    The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

    start_date

    int64

    A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals.

    suppression_query

    string

    The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer.

    tags

    [string]

    List of tags associated with the suppression rule.

    type [required]

    enum

    The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

    default: suppressions

    {
  "data": {
    "attributes": {
      "data_exclusion_query": "source:cloudtrail account_id:12345",
      "description": "This rule suppresses low-severity signals in staging environments.",
      "enabled": true,
      "name": "Custom suppression",
      "rule_query": "type:log_detection source:cloudtrail"
    },
    "type": "suppressions"
  }
}

    応答

    OK

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Curl command
    curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/validation" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "data_exclusion_query": "source:cloudtrail account_id:12345",
      "description": "This rule suppresses low-severity signals in staging environments.",
      "enabled": true,
      "expiration_date": 1703187336000,
      "name": "Custom suppression",
      "rule_query": "type:log_detection source:cloudtrail",
      "start_date": 1703187336000,
      "suppression_query": "env:staging status:low",
      "tags": [
        "technique:T1110-brute-force",
        "source:cloudtrail"
      ]
    },
    "type": "suppressions"
  }
}
EOF
    
                        
    // Validate a suppression rule returns "OK" response

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityMonitoringSuppressionCreateRequest{
		Data: datadogV2.SecurityMonitoringSuppressionCreateData{
			Attributes: datadogV2.SecurityMonitoringSuppressionCreateAttributes{
				DataExclusionQuery: datadog.PtrString("source:cloudtrail account_id:12345"),
				Description:        datadog.PtrString("This rule suppresses low-severity signals in staging environments."),
				Enabled:            true,
				Name:               "Custom suppression",
				RuleQuery:          "type:log_detection source:cloudtrail",
			},
			Type: datadogV2.SECURITYMONITORINGSUPPRESSIONTYPE_SUPPRESSIONS,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	r, err := api.ValidateSecurityMonitoringSuppression(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ValidateSecurityMonitoringSuppression`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Validate a suppression rule returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionType;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringSuppressionCreateRequest body =
        new SecurityMonitoringSuppressionCreateRequest()
            .data(
                new SecurityMonitoringSuppressionCreateData()
                    .attributes(
                        new SecurityMonitoringSuppressionCreateAttributes()
                            .dataExclusionQuery("source:cloudtrail account_id:12345")
                            .description(
                                "This rule suppresses low-severity signals in staging"
                                    + " environments.")
                            .enabled(true)
                            .name("Custom suppression")
                            .ruleQuery("type:log_detection source:cloudtrail"))
                    .type(SecurityMonitoringSuppressionType.SUPPRESSIONS));

    try {
      apiInstance.validateSecurityMonitoringSuppression(body);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#validateSecurityMonitoringSuppression");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Validate a suppression rule returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_suppression_create_attributes import (
    SecurityMonitoringSuppressionCreateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_suppression_create_data import (
    SecurityMonitoringSuppressionCreateData,
)
from datadog_api_client.v2.model.security_monitoring_suppression_create_request import (
    SecurityMonitoringSuppressionCreateRequest,
)
from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType

body = SecurityMonitoringSuppressionCreateRequest(
    data=SecurityMonitoringSuppressionCreateData(
        attributes=SecurityMonitoringSuppressionCreateAttributes(
            data_exclusion_query="source:cloudtrail account_id:12345",
            description="This rule suppresses low-severity signals in staging environments.",
            enabled=True,
            name="Custom suppression",
            rule_query="type:log_detection source:cloudtrail",
        ),
        type=SecurityMonitoringSuppressionType.SUPPRESSIONS,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    api_instance.validate_security_monitoring_suppression(body=body)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Validate a suppression rule returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateData.new({
    attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateAttributes.new({
      data_exclusion_query: "source:cloudtrail account_id:12345",
      description: "This rule suppresses low-severity signals in staging environments.",
      enabled: true,
      name: "Custom suppression",
      rule_query: "type:log_detection source:cloudtrail",
    }),
    type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS,
  }),
})
api_instance.validate_security_monitoring_suppression(body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Validate a suppression rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateAttributes;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateData;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateRequest;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionType;

#[tokio::main]
async fn main() {
    let body = SecurityMonitoringSuppressionCreateRequest::new(
        SecurityMonitoringSuppressionCreateData::new(
            SecurityMonitoringSuppressionCreateAttributes::new(
                true,
                "Custom suppression".to_string(),
                "type:log_detection source:cloudtrail".to_string(),
            )
            .data_exclusion_query("source:cloudtrail account_id:12345".to_string())
            .description(
                "This rule suppresses low-severity signals in staging environments.".to_string(),
            ),
            SecurityMonitoringSuppressionType::SUPPRESSIONS,
        ),
    );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.validate_security_monitoring_suppression(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Validate a suppression rule returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiValidateSecurityMonitoringSuppressionRequest =
  {
    body: {
      data: {
        attributes: {
          dataExclusionQuery: "source:cloudtrail account_id:12345",
          description:
            "This rule suppresses low-severity signals in staging environments.",
          enabled: true,
          name: "Custom suppression",
          ruleQuery: "type:log_detection source:cloudtrail",
        },
        type: "suppressions",
      },
    },
  };

apiInstance
  .validateSecurityMonitoringSuppression(params)
  .then((data: any) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Get suppressions affecting future rule

    POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/ruleshttps://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/ruleshttps://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/ruleshttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/ruleshttps://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/ruleshttps://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/ruleshttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/ruleshttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules

    概要

    Get the list of suppressions that would affect a rule.

    OAuth apps require the security_monitoring_suppressions_read authorization scope to access this endpoint.

    リクエスト

    Body Data (required)

    Expand All

    フィールド

    種類

    説明

    Option 1

    object

    Create a new rule.

    calculatedFields

    [object]

    Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is also defined.

    expression [required]

    string

    Expression.

    name [required]

    string

    Field name.

    cases [required]

    [object]

    Cases for generating signals.

    actions

    [object]

    Action to perform for each rule case.

    options

    object

    Options for the rule action

    duration

    int64

    Duration of the action in seconds. 0 indicates no expiration.

    flaggedIPType

    enum

    Used with the case action of type 'flag_ip'. The value specified in this field is applied as a flag to the IP addresses. Allowed enum values: SUSPICIOUS,FLAGGED

    userBehaviorName

    string

    Used with the case action of type 'user_behavior'. The value specified in this field is applied as a risk tag to all users affected by the rule.

    type

    enum

    The action type. Allowed enum values: block_ip,block_user,user_behavior,flag_ip

    condition

    string

    A case contains logical operations (>,>=, &&, ||) to determine if a signal should be generated based on the event counts in the previously defined queries.

    name

    string

    Name of the case.

    notifications

    [string]

    Notification targets.

    status [required]

    enum

    Severity of the Security Signal. Allowed enum values: info,low,medium,high,critical

    filters

    [object]

    Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules.

    action

    enum

    The type of filtering action. Allowed enum values: require,suppress

    query

    string

    Query for selecting logs to apply the filtering action.

    groupSignalsBy

    [string]

    Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups.

    hasExtendedTitle

    boolean

    Whether the notifications include the triggering group-by values in their title.

    isEnabled [required]

    boolean

    Whether the rule is enabled.

    message [required]

    string

    Message for generated signals.

    name [required]

    string

    The name of the rule.

    options [required]

    object

    Options.

    anomalyDetectionOptions

    object

    Options on anomaly detection method.

    bucketDuration

    enum

    Duration in seconds of the time buckets used to aggregate events matched by the rule. Must be greater than or equal to 300. Allowed enum values: 300,600,900,1800,3600,10800

    detectionTolerance

    enum

    An optional parameter that sets how permissive anomaly detection is. Higher values require higher deviations before triggering a signal. Allowed enum values: 1,2,3,4,5

    instantaneousBaseline

    boolean

    When set to true, Datadog uses previous values that fall within the defined learning window to construct the baseline, enabling the system to establish an accurate baseline more rapidly rather than relying solely on gradual learning over time.

    learningDuration

    enum

    Learning duration in hours. Anomaly detection waits for at least this amount of historical data before it starts evaluating. Allowed enum values: 1,6,12,24,48,168,336

    learningPeriodBaseline

    int64

    An optional override baseline to apply while the rule is in the learning period. Must be greater than or equal to 0.

    complianceRuleOptions

    object

    Options for cloud_configuration rules. Fields resourceType and regoRule are mandatory when managing custom cloud_configuration rules.

    complexRule

    boolean

    Whether the rule is a complex one. Must be set to true if regoRule.resourceTypes contains more than one item. Defaults to false.

    regoRule

    object

    Rule details.

    policy [required]

    string

    The policy written in rego, see: https://www.openpolicyagent.org/docs/latest/policy-language/

    resourceTypes [required]

    [string]

    List of resource types that will be evaluated upon. Must have at least one element.

    resourceType

    string

    Main resource type to be checked by the rule. It should be specified again in regoRule.resourceTypes.

    decreaseCriticalityBasedOnEnv

    boolean

    If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce signal noise. The severity is decreased by one level: CRITICAL in production becomes HIGH in non-production, HIGH becomes MEDIUM and so on. INFO remains INFO. The decrement is applied when the environment tag of the signal starts with staging, test or dev.

    detectionMethod

    enum

    The detection method. Allowed enum values: threshold,new_value,anomaly_detection,impossible_travel,hardcoded,third_party,anomaly_threshold,sequence_detection

    evaluationWindow

    enum

    A time window is specified to match when at least one of the cases matches true. This is a sliding window and evaluates in real time. For third party detection method, this field is not used. Allowed enum values: 0,60,300,600,900,1800,3600,7200,10800,21600

    Show 2 more,43200,86400

    hardcodedEvaluatorType

    enum

    Hardcoded evaluator type. Allowed enum values: log4shell

    impossibleTravelOptions

    object

    Options on impossible travel detection method.

    baselineUserLocations

    boolean

    If true, signals are suppressed for the first 24 hours. In that time, Datadog learns the user's regular access locations. This can be helpful to reduce noise and infer VPN usage or credentialed API access.

    keepAlive

    enum

    Once a signal is generated, the signal will remain "open" if a case is matched at least once within this keep alive window. For third party detection method, this field is not used. Allowed enum values: 0,60,300,600,900,1800,3600,7200,10800,21600

    Show 2 more,43200,86400

    maxSignalDuration

    enum

    A signal will "close" regardless of the query being matched once the time exceeds the maximum duration. This time is calculated from the first seen timestamp. Allowed enum values: 0,60,300,600,900,1800,3600,7200,10800,21600

    Show 2 more,43200,86400

    newValueOptions

    object

    Options on new value detection method.

    forgetAfter

    int32

    The duration in days after which a learned value is forgotten.

    instantaneousBaseline

    boolean

    When set to true, Datadog uses previous values that fall within the defined learning window to construct the baseline, enabling the system to establish an accurate baseline more rapidly rather than relying solely on gradual learning over time.

    learningDuration

    int32

    The duration in days during which values are learned, and after which signals will be generated for values that weren't learned. If set to 0, a signal will be generated for all new values after the first value is learned.

    learningMethod

    enum

    The learning method used to determine when signals should be generated for values that weren't learned. Allowed enum values: duration,threshold

    default: duration

    learningThreshold

    enum

    A number of occurrences after which signals will be generated for values that weren't learned. Allowed enum values: 0,1

    sequenceDetectionOptions

    object

    Options on sequence detection method.

    stepTransitions

    [object]

    Transitions defining the allowed order of steps and their evaluation windows.

    child

    string

    Name of the child step.

    evaluationWindow

    enum

    A time window is specified to match when at least one of the cases matches true. This is a sliding window and evaluates in real time. For third party detection method, this field is not used. Allowed enum values: 0,60,300,600,900,1800,3600,7200,10800,21600

    Show 2 more,43200,86400

    parent

    string

    Name of the parent step.

    steps

    [object]

    Steps that define the conditions to be matched in sequence.

    condition

    string

    Condition referencing rule queries (e.g., a > 0).

    evaluationWindow

    enum

    A time window is specified to match when at least one of the cases matches true. This is a sliding window and evaluates in real time. For third party detection method, this field is not used. Allowed enum values: 0,60,300,600,900,1800,3600,7200,10800,21600

    Show 2 more,43200,86400

    name

    string

    Unique name identifying the step.

    thirdPartyRuleOptions

    object

    Options on third party detection method.

    defaultNotifications

    [string]

    Notification targets for the logs that do not correspond to any of the cases.

    defaultStatus

    enum

    Severity of the Security Signal. Allowed enum values: info,low,medium,high,critical

    rootQueries

    [object]

    Queries to be combined with third party case queries. Each of them can have different group by fields, to aggregate differently based on the type of alert.

    groupByFields

    [string]

    Fields to group by.

    query

    string

    Query to run on logs.

    signalTitleTemplate

    string

    A template for the signal title; if omitted, the title is generated based on the case name.

    queries [required]

    [object]

    Queries for selecting logs which are part of the rule.

    aggregation

    enum

    The aggregation type. Allowed enum values: count,cardinality,sum,max,new_value,geo_data,event_count,none

    customQueryExtension

    string

    Query extension to append to the logs query.

    dataSource

    enum

    Source of events, either logs, audit trail, security signals, or Datadog events. app_sec_spans is deprecated in favor of spans. Allowed enum values: logs,audit,app_sec_spans,spans,security_runtime,network,events,security_signals

    default: logs

    distinctFields

    [string]

    Field for which the cardinality is measured. Sent as an array.

    groupByFields

    [string]

    Fields to group by.

    hasOptionalGroupByFields

    boolean

    When false, events without a group-by value are ignored by the rule. When true, events with missing group-by fields are processed with N/A, replacing the missing values.

    index

    string

    This field is currently unstable and might be removed in a minor version upgrade. The index to run the query on, if the dataSource is logs. Only used for scheduled rules - in other words, when the schedulingOptions field is present in the rule payload.

    indexes

    [string]

    List of indexes to query when the dataSource is logs. Only used for scheduled rules, such as when the schedulingOptions field is present in the rule payload.

    metric

    string

    DEPRECATED: (Deprecated) The target field to aggregate over when using the sum or max aggregations. metrics field should be used instead.

    metrics

    [string]

    Group of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values.

    name

    string

    Name of the query.

    query

    string

    Query to run on logs.

    referenceTables

    [object]

    Reference tables for the rule.

    checkPresence

    boolean

    Whether to include or exclude the matched values.

    columnName

    string

    The name of the column in the reference table.

    logFieldPath

    string

    The field in the log to match against the reference table.

    ruleQueryName

    string

    The name of the query to apply the reference table to.

    tableName

    string

    The name of the reference table.

    schedulingOptions

    object

    Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs real-time on ingested logs.

    rrule

    string

    Schedule for the rule queries, written in RRULE syntax. See RFC for syntax reference.

    start

    string

    Start date for the schedule, in ISO 8601 format without timezone.

    timezone

    string

    Time zone of the start date, in the tz database format.

    tags

    [string]

    Tags for generated signals.

    thirdPartyCases

    [object]

    Cases for generating signals from third-party rules. Only available for third-party rules.

    name

    string

    Name of the case.

    notifications

    [string]

    Notification targets for each case.

    query

    string

    A query to map a third party event to this case.

    status [required]

    enum

    Severity of the Security Signal. Allowed enum values: info,low,medium,high,critical

    type

    enum

    The rule type. Allowed enum values: api_security,application_security,log_detection,workload_activity,workload_security

    Option 2

    object

    Create a new signal correlation rule.

    cases [required]

    [object]

    Cases for generating signals.

    actions

    [object]

    Action to perform for each rule case.

    options

    object

    Options for the rule action

    duration

    int64

    Duration of the action in seconds. 0 indicates no expiration.

    flaggedIPType

    enum

    Used with the case action of type 'flag_ip'. The value specified in this field is applied as a flag to the IP addresses. Allowed enum values: SUSPICIOUS,FLAGGED

    userBehaviorName

    string

    Used with the case action of type 'user_behavior'. The value specified in this field is applied as a risk tag to all users affected by the rule.

    type

    enum

    The action type. Allowed enum values: block_ip,block_user,user_behavior,flag_ip

    condition

    string

    A case contains logical operations (>,>=, &&, ||) to determine if a signal should be generated based on the event counts in the previously defined queries.

    name

    string

    Name of the case.

    notifications

    [string]

    Notification targets.

    status [required]

    enum

    Severity of the Security Signal. Allowed enum values: info,low,medium,high,critical

    filters

    [object]

    Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules.

    action

    enum

    The type of filtering action. Allowed enum values: require,suppress

    query

    string

    Query for selecting logs to apply the filtering action.

    hasExtendedTitle

    boolean

    Whether the notifications include the triggering group-by values in their title.

    isEnabled [required]

    boolean

    Whether the rule is enabled.

    message [required]

    string

    Message for generated signals.

    name [required]

    string

    The name of the rule.

    options [required]

    object

    Options.

    anomalyDetectionOptions

    object

    Options on anomaly detection method.

    bucketDuration

    enum

    Duration in seconds of the time buckets used to aggregate events matched by the rule. Must be greater than or equal to 300. Allowed enum values: 300,600,900,1800,3600,10800

    detectionTolerance

    enum

    An optional parameter that sets how permissive anomaly detection is. Higher values require higher deviations before triggering a signal. Allowed enum values: 1,2,3,4,5

    instantaneousBaseline

    boolean

    When set to true, Datadog uses previous values that fall within the defined learning window to construct the baseline, enabling the system to establish an accurate baseline more rapidly rather than relying solely on gradual learning over time.

    learningDuration

    enum

    Learning duration in hours. Anomaly detection waits for at least this amount of historical data before it starts evaluating. Allowed enum values: 1,6,12,24,48,168,336

    learningPeriodBaseline

    int64

    An optional override baseline to apply while the rule is in the learning period. Must be greater than or equal to 0.

    complianceRuleOptions

    object

    Options for cloud_configuration rules. Fields resourceType and regoRule are mandatory when managing custom cloud_configuration rules.

    complexRule

    boolean

    Whether the rule is a complex one. Must be set to true if regoRule.resourceTypes contains more than one item. Defaults to false.

    regoRule

    object

    Rule details.

    policy [required]

    string

    The policy written in rego, see: https://www.openpolicyagent.org/docs/latest/policy-language/

    resourceTypes [required]

    [string]

    List of resource types that will be evaluated upon. Must have at least one element.

    resourceType

    string

    Main resource type to be checked by the rule. It should be specified again in regoRule.resourceTypes.

    decreaseCriticalityBasedOnEnv

    boolean

    If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce signal noise. The severity is decreased by one level: CRITICAL in production becomes HIGH in non-production, HIGH becomes MEDIUM and so on. INFO remains INFO. The decrement is applied when the environment tag of the signal starts with staging, test or dev.

    detectionMethod

    enum

    The detection method. Allowed enum values: threshold,new_value,anomaly_detection,impossible_travel,hardcoded,third_party,anomaly_threshold,sequence_detection

    evaluationWindow

    enum

    A time window is specified to match when at least one of the cases matches true. This is a sliding window and evaluates in real time. For third party detection method, this field is not used. Allowed enum values: 0,60,300,600,900,1800,3600,7200,10800,21600

    Show 2 more,43200,86400

    hardcodedEvaluatorType

    enum

    Hardcoded evaluator type. Allowed enum values: log4shell

    impossibleTravelOptions

    object

    Options on impossible travel detection method.

    baselineUserLocations

    boolean

    If true, signals are suppressed for the first 24 hours. In that time, Datadog learns the user's regular access locations. This can be helpful to reduce noise and infer VPN usage or credentialed API access.

    keepAlive

    enum

    Once a signal is generated, the signal will remain "open" if a case is matched at least once within this keep alive window. For third party detection method, this field is not used. Allowed enum values: 0,60,300,600,900,1800,3600,7200,10800,21600

    Show 2 more,43200,86400

    maxSignalDuration

    enum

    A signal will "close" regardless of the query being matched once the time exceeds the maximum duration. This time is calculated from the first seen timestamp. Allowed enum values: 0,60,300,600,900,1800,3600,7200,10800,21600

    Show 2 more,43200,86400

    newValueOptions

    object

    Options on new value detection method.

    forgetAfter

    int32

    The duration in days after which a learned value is forgotten.

    instantaneousBaseline

    boolean

    When set to true, Datadog uses previous values that fall within the defined learning window to construct the baseline, enabling the system to establish an accurate baseline more rapidly rather than relying solely on gradual learning over time.

    learningDuration

    int32

    The duration in days during which values are learned, and after which signals will be generated for values that weren't learned. If set to 0, a signal will be generated for all new values after the first value is learned.

    learningMethod

    enum

    The learning method used to determine when signals should be generated for values that weren't learned. Allowed enum values: duration,threshold

    default: duration

    learningThreshold

    enum

    A number of occurrences after which signals will be generated for values that weren't learned. Allowed enum values: 0,1

    sequenceDetectionOptions

    object

    Options on sequence detection method.

    stepTransitions

    [object]

    Transitions defining the allowed order of steps and their evaluation windows.

    child

    string

    Name of the child step.

    evaluationWindow

    enum

    A time window is specified to match when at least one of the cases matches true. This is a sliding window and evaluates in real time. For third party detection method, this field is not used. Allowed enum values: 0,60,300,600,900,1800,3600,7200,10800,21600

    Show 2 more,43200,86400

    parent

    string

    Name of the parent step.

    steps

    [object]

    Steps that define the conditions to be matched in sequence.

    condition

    string

    Condition referencing rule queries (e.g., a > 0).

    evaluationWindow

    enum

    A time window is specified to match when at least one of the cases matches true. This is a sliding window and evaluates in real time. For third party detection method, this field is not used. Allowed enum values: 0,60,300,600,900,1800,3600,7200,10800,21600

    Show 2 more,43200,86400

    name

    string

    Unique name identifying the step.

    thirdPartyRuleOptions

    object

    Options on third party detection method.

    defaultNotifications

    [string]

    Notification targets for the logs that do not correspond to any of the cases.

    defaultStatus

    enum

    Severity of the Security Signal. Allowed enum values: info,low,medium,high,critical

    rootQueries

    [object]

    Queries to be combined with third party case queries. Each of them can have different group by fields, to aggregate differently based on the type of alert.

    groupByFields

    [string]

    Fields to group by.

    query

    string

    Query to run on logs.

    signalTitleTemplate

    string

    A template for the signal title; if omitted, the title is generated based on the case name.

    queries [required]

    [object]

    Queries for selecting signals which are part of the rule.

    aggregation

    enum

    The aggregation type. Allowed enum values: count,cardinality,sum,max,new_value,geo_data,event_count,none

    correlatedByFields

    [string]

    Fields to group by.

    correlatedQueryIndex

    int32

    Index of the rule query used to retrieve the correlated field.

    metrics

    [string]

    Group of target fields to aggregate over.

    name

    string

    Name of the query.

    ruleId [required]

    string

    Rule ID to match on signals.

    tags

    [string]

    Tags for generated signals.

    type

    enum

    The rule type. Allowed enum values: signal_correlation

    Option 3

    object

    Create a new cloud configuration rule.

    cases [required]

    [object]

    Description of generated findings and signals (severity and channels to be notified in case of a signal). Must contain exactly one item.

    notifications

    [string]

    Notification targets for each rule case.

    status [required]

    enum

    Severity of the Security Signal. Allowed enum values: info,low,medium,high,critical

    complianceSignalOptions [required]

    object

    How to generate compliance signals. Useful for cloud_configuration rules only.

    defaultActivationStatus

    boolean

    The default activation status.

    defaultGroupByFields

    [string]

    The default group by fields.

    userActivationStatus

    boolean

    Whether signals will be sent.

    userGroupByFields

    [string]

    Fields to use to group findings by when sending signals.

    filters

    [object]

    Additional queries to filter matched events before they are processed.

    action

    enum

    The type of filtering action. Allowed enum values: require,suppress

    query

    string

    Query for selecting logs to apply the filtering action.

    isEnabled [required]

    boolean

    Whether the rule is enabled.

    message [required]

    string

    Message in markdown format for generated findings and signals.

    name [required]

    string

    The name of the rule.

    options [required]

    object

    Options on cloud configuration rules.

    complianceRuleOptions [required]

    object

    Options for cloud_configuration rules. Fields resourceType and regoRule are mandatory when managing custom cloud_configuration rules.

    complexRule

    boolean

    Whether the rule is a complex one. Must be set to true if regoRule.resourceTypes contains more than one item. Defaults to false.

    regoRule

    object

    Rule details.

    policy [required]

    string

    The policy written in rego, see: https://www.openpolicyagent.org/docs/latest/policy-language/

    resourceTypes [required]

    [string]

    List of resource types that will be evaluated upon. Must have at least one element.

    resourceType

    string

    Main resource type to be checked by the rule. It should be specified again in regoRule.resourceTypes.

    tags

    [string]

    Tags for generated findings and signals.

    type

    enum

    The rule type. Allowed enum values: cloud_configuration

    {
  "name": "Example-Security-Monitoring",
  "queries": [
    {
      "query": "@test:true",
      "aggregation": "count",
      "groupByFields": [],
      "distinctFields": [],
      "metrics": []
    }
  ],
  "filters": [],
  "cases": [
    {
      "name": "",
      "status": "info",
      "condition": "a > 0",
      "notifications": []
    }
  ],
  "options": {
    "evaluationWindow": 900,
    "keepAlive": 3600,
    "maxSignalDuration": 86400
  },
  "message": "Test rule",
  "tags": [],
  "isEnabled": true,
  "type": "log_detection"
}

    応答

    OK

    Response object containing the available suppression rules.

    Expand All

    フィールド

    種類

    説明

    data

    [object]

    A list of suppressions objects.

    attributes

    object

    The attributes of the suppression rule.

    creation_date

    int64

    A Unix millisecond timestamp given the creation date of the suppression rule.

    creator

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    data_exclusion_query

    string

    An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

    description

    string

    A description for the suppression rule.

    editable

    boolean

    Whether the suppression rule is editable.

    enabled

    boolean

    Whether the suppression rule is enabled.

    expiration_date

    int64

    A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

    name

    string

    The name of the suppression rule.

    rule_query

    string

    The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

    start_date

    int64

    A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals.

    suppression_query

    string

    The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.

    tags

    [string]

    List of tags associated with the suppression rule.

    update_date

    int64

    A Unix millisecond timestamp given the update date of the suppression rule.

    updater

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    version

    int32

    The version of the suppression rule; it starts at 1, and is incremented at each update.

    id

    string

    The ID of the suppression rule.

    type

    enum

    The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

    default: suppressions

    {
  "data": [
    {
      "attributes": {
        "creation_date": "integer",
        "creator": {
          "handle": "john.doe@datadoghq.com",
          "name": "John Doe"
        },
        "data_exclusion_query": "source:cloudtrail account_id:12345",
        "description": "This rule suppresses low-severity signals in staging environments.",
        "editable": true,
        "enabled": true,
        "expiration_date": 1703187336000,
        "name": "Custom suppression",
        "rule_query": "type:log_detection source:cloudtrail",
        "start_date": 1703187336000,
        "suppression_query": "env:staging status:low",
        "tags": [
          "technique:T1110-brute-force",
          "source:cloudtrail"
        ],
        "update_date": "integer",
        "updater": {
          "handle": "john.doe@datadoghq.com",
          "name": "John Doe"
        },
        "version": 42
      },
      "id": "3dd-0uc-h1s",
      "type": "suppressions"
    }
  ]
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Curl command
    curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "calculatedFields": [
    {
      "expression": "@request_end_timestamp - @request_start_timestamp",
      "name": "response_time"
    }
  ],
  "cases": [],
  "filters": [
    {
      "action": "require"
    }
  ],
  "groupSignalsBy": [
    "service"
  ],
  "hasExtendedTitle": true,
  "isEnabled": true,
  "message": "",
  "name": "My security monitoring rule.",
  "options": {
    "anomalyDetectionOptions": {
      "bucketDuration": 300,
      "detectionTolerance": 5,
      "instantaneousBaseline": false
    },
    "complianceRuleOptions": {
      "regoRule": {
        "policy": "package datadog\n\nimport data.datadog.output as dd_output\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\neval(resource) = \"skip\" if {\n  # Logic that evaluates to true if the resource should be skipped\n  true\n} else = \"pass\" {\n  # Logic that evaluates to true if the resource is compliant\n  true\n} else = \"fail\" {\n  # Logic that evaluates to true if the resource is not compliant\n  true\n}\n\n# This part remains unchanged for all rules\nresults contains result if {\n  some resource in input.resources[input.main_resource_type]\n  result := dd_output.format(resource, eval(resource))\n}",
        "resourceTypes": [
          "gcp_iam_service_account",
          "gcp_iam_policy"
        ]
      },
      "resourceType": "aws_acm"
    },
    "decreaseCriticalityBasedOnEnv": false,
    "detectionMethod": "threshold",
    "hardcodedEvaluatorType": "log4shell",
    "impossibleTravelOptions": {
      "baselineUserLocations": true
    },
    "newValueOptions": {
      "instantaneousBaseline": false,
      "learningMethod": "duration"
    },
    "thirdPartyRuleOptions": {
      "defaultStatus": "critical",
      "rootQueries": [
        {
          "query": "source:cloudtrail"
        }
      ]
    }
  },
  "queries": [],
  "schedulingOptions": {
    "rrule": "FREQ=HOURLY;INTERVAL=1;",
    "start": "2025-07-14T12:00:00",
    "timezone": "America/New_York"
  },
  "tags": [
    "env:prod",
    "team:security"
  ],
  "thirdPartyCases": [],
  "type": "api_security"
}
EOF
    
                        
    // Get suppressions affecting future rule returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityMonitoringRuleCreatePayload{
		SecurityMonitoringStandardRuleCreatePayload: &datadogV2.SecurityMonitoringStandardRuleCreatePayload{
			Name: "Example-Security-Monitoring",
			Queries: []datadogV2.SecurityMonitoringStandardRuleQuery{
				{
					Query:          datadog.PtrString("@test:true"),
					Aggregation:    datadogV2.SECURITYMONITORINGRULEQUERYAGGREGATION_COUNT.Ptr(),
					GroupByFields:  []string{},
					DistinctFields: []string{},
					Metrics:        []string{},
				},
			},
			Filters: []datadogV2.SecurityMonitoringFilter{},
			Cases: []datadogV2.SecurityMonitoringRuleCaseCreate{
				{
					Name:          datadog.PtrString(""),
					Status:        datadogV2.SECURITYMONITORINGRULESEVERITY_INFO,
					Condition:     datadog.PtrString("a > 0"),
					Notifications: []string{},
				},
			},
			Options: datadogV2.SecurityMonitoringRuleOptions{
				EvaluationWindow:  datadogV2.SECURITYMONITORINGRULEEVALUATIONWINDOW_FIFTEEN_MINUTES.Ptr(),
				KeepAlive:         datadogV2.SECURITYMONITORINGRULEKEEPALIVE_ONE_HOUR.Ptr(),
				MaxSignalDuration: datadogV2.SECURITYMONITORINGRULEMAXSIGNALDURATION_ONE_DAY.Ptr(),
			},
			Message:   "Test rule",
			Tags:      []string{},
			IsEnabled: true,
			Type:      datadogV2.SECURITYMONITORINGRULETYPECREATE_LOG_DETECTION.Ptr(),
		}}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetSuppressionsAffectingFutureRule(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetSuppressionsAffectingFutureRule`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetSuppressionsAffectingFutureRule`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Get suppressions affecting future rule returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleCaseCreate;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleCreatePayload;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleEvaluationWindow;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleKeepAlive;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleMaxSignalDuration;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleOptions;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleQueryAggregation;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleSeverity;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleTypeCreate;
import com.datadog.api.client.v2.model.SecurityMonitoringStandardRuleCreatePayload;
import com.datadog.api.client.v2.model.SecurityMonitoringStandardRuleQuery;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionsResponse;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringRuleCreatePayload body =
        new SecurityMonitoringRuleCreatePayload(
            new SecurityMonitoringStandardRuleCreatePayload()
                .name("Example-Security-Monitoring")
                .queries(
                    Collections.singletonList(
                        new SecurityMonitoringStandardRuleQuery()
                            .query("@test:true")
                            .aggregation(SecurityMonitoringRuleQueryAggregation.COUNT)))
                .cases(
                    Collections.singletonList(
                        new SecurityMonitoringRuleCaseCreate()
                            .name("")
                            .status(SecurityMonitoringRuleSeverity.INFO)
                            .condition("a > 0")))
                .options(
                    new SecurityMonitoringRuleOptions()
                        .evaluationWindow(SecurityMonitoringRuleEvaluationWindow.FIFTEEN_MINUTES)
                        .keepAlive(SecurityMonitoringRuleKeepAlive.ONE_HOUR)
                        .maxSignalDuration(SecurityMonitoringRuleMaxSignalDuration.ONE_DAY))
                .message("Test rule")
                .isEnabled(true)
                .type(SecurityMonitoringRuleTypeCreate.LOG_DETECTION));

    try {
      SecurityMonitoringSuppressionsResponse result =
          apiInstance.getSuppressionsAffectingFutureRule(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#getSuppressionsAffectingFutureRule");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Get suppressions affecting future rule returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_rule_case_create import SecurityMonitoringRuleCaseCreate
from datadog_api_client.v2.model.security_monitoring_rule_evaluation_window import (
    SecurityMonitoringRuleEvaluationWindow,
)
from datadog_api_client.v2.model.security_monitoring_rule_keep_alive import SecurityMonitoringRuleKeepAlive
from datadog_api_client.v2.model.security_monitoring_rule_max_signal_duration import (
    SecurityMonitoringRuleMaxSignalDuration,
)
from datadog_api_client.v2.model.security_monitoring_rule_options import SecurityMonitoringRuleOptions
from datadog_api_client.v2.model.security_monitoring_rule_query_aggregation import (
    SecurityMonitoringRuleQueryAggregation,
)
from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity
from datadog_api_client.v2.model.security_monitoring_rule_type_create import SecurityMonitoringRuleTypeCreate
from datadog_api_client.v2.model.security_monitoring_standard_rule_create_payload import (
    SecurityMonitoringStandardRuleCreatePayload,
)
from datadog_api_client.v2.model.security_monitoring_standard_rule_query import SecurityMonitoringStandardRuleQuery

body = SecurityMonitoringStandardRuleCreatePayload(
    name="Example-Security-Monitoring",
    queries=[
        SecurityMonitoringStandardRuleQuery(
            query="@test:true",
            aggregation=SecurityMonitoringRuleQueryAggregation.COUNT,
            group_by_fields=[],
            distinct_fields=[],
            metrics=[],
        ),
    ],
    filters=[],
    cases=[
        SecurityMonitoringRuleCaseCreate(
            name="",
            status=SecurityMonitoringRuleSeverity.INFO,
            condition="a > 0",
            notifications=[],
        ),
    ],
    options=SecurityMonitoringRuleOptions(
        evaluation_window=SecurityMonitoringRuleEvaluationWindow.FIFTEEN_MINUTES,
        keep_alive=SecurityMonitoringRuleKeepAlive.ONE_HOUR,
        max_signal_duration=SecurityMonitoringRuleMaxSignalDuration.ONE_DAY,
    ),
    message="Test rule",
    tags=[],
    is_enabled=True,
    type=SecurityMonitoringRuleTypeCreate.LOG_DETECTION,
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_suppressions_affecting_future_rule(body=body)

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Get suppressions affecting future rule returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringStandardRuleCreatePayload.new({
  name: "Example-Security-Monitoring",
  queries: [
    DatadogAPIClient::V2::SecurityMonitoringStandardRuleQuery.new({
      query: "@test:true",
      aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::COUNT,
      group_by_fields: [],
      distinct_fields: [],
      metrics: [],
    }),
  ],
  filters: [],
  cases: [
    DatadogAPIClient::V2::SecurityMonitoringRuleCaseCreate.new({
      name: "",
      status: DatadogAPIClient::V2::SecurityMonitoringRuleSeverity::INFO,
      condition: "a > 0",
      notifications: [],
    }),
  ],
  options: DatadogAPIClient::V2::SecurityMonitoringRuleOptions.new({
    evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES,
    keep_alive: DatadogAPIClient::V2::SecurityMonitoringRuleKeepAlive::ONE_HOUR,
    max_signal_duration: DatadogAPIClient::V2::SecurityMonitoringRuleMaxSignalDuration::ONE_DAY,
  }),
  message: "Test rule",
  tags: [],
  is_enabled: true,
  type: DatadogAPIClient::V2::SecurityMonitoringRuleTypeCreate::LOG_DETECTION,
})
p api_instance.get_suppressions_affecting_future_rule(body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Get suppressions affecting future rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseCreate;
use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCreatePayload;
use datadog_api_client::datadogV2::model::SecurityMonitoringRuleEvaluationWindow;
use datadog_api_client::datadogV2::model::SecurityMonitoringRuleKeepAlive;
use datadog_api_client::datadogV2::model::SecurityMonitoringRuleMaxSignalDuration;
use datadog_api_client::datadogV2::model::SecurityMonitoringRuleOptions;
use datadog_api_client::datadogV2::model::SecurityMonitoringRuleQueryAggregation;
use datadog_api_client::datadogV2::model::SecurityMonitoringRuleSeverity;
use datadog_api_client::datadogV2::model::SecurityMonitoringRuleTypeCreate;
use datadog_api_client::datadogV2::model::SecurityMonitoringStandardRuleCreatePayload;
use datadog_api_client::datadogV2::model::SecurityMonitoringStandardRuleQuery;

#[tokio::main]
async fn main() {
    let body =
        SecurityMonitoringRuleCreatePayload::SecurityMonitoringStandardRuleCreatePayload(Box::new(
            SecurityMonitoringStandardRuleCreatePayload::new(
                vec![
                    SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
                        .condition("a > 0".to_string())
                        .name("".to_string())
                        .notifications(vec![]),
                ],
                true,
                "Test rule".to_string(),
                "Example-Security-Monitoring".to_string(),
                SecurityMonitoringRuleOptions::new()
                    .evaluation_window(SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES)
                    .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
                    .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
                vec![SecurityMonitoringStandardRuleQuery::new()
                    .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
                    .distinct_fields(vec![])
                    .group_by_fields(vec![])
                    .metrics(vec![])
                    .query("@test:true".to_string())],
            )
            .filters(vec![])
            .tags(vec![])
            .type_(SecurityMonitoringRuleTypeCreate::LOG_DETECTION),
        ));
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.get_suppressions_affecting_future_rule(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Get suppressions affecting future rule returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiGetSuppressionsAffectingFutureRuleRequest =
  {
    body: {
      name: "Example-Security-Monitoring",
      queries: [
        {
          query: "@test:true",
          aggregation: "count",
          groupByFields: [],
          distinctFields: [],
          metrics: [],
        },
      ],
      filters: [],
      cases: [
        {
          name: "",
          status: "info",
          condition: "a > 0",
          notifications: [],
        },
      ],
      options: {
        evaluationWindow: 900,
        keepAlive: 3600,
        maxSignalDuration: 86400,
      },
      message: "Test rule",
      tags: [],
      isEnabled: true,
      type: "log_detection",
    },
  };

apiInstance
  .getSuppressionsAffectingFutureRule(params)
  .then((data: v2.SecurityMonitoringSuppressionsResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Get suppressions affecting a specific rule

    GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id}https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id}https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id}

    概要

    Get the list of suppressions that affect a specific existing rule by its ID.

    OAuth apps require the security_monitoring_suppressions_read authorization scope to access this endpoint.

    引数

    パスパラメーター

    名前

    種類

    説明

    rule_id [required]

    string

    The ID of the rule.

    応答

    OK

    Response object containing the available suppression rules.

    Expand All

    フィールド

    種類

    説明

    data

    [object]

    A list of suppressions objects.

    attributes

    object

    The attributes of the suppression rule.

    creation_date

    int64

    A Unix millisecond timestamp given the creation date of the suppression rule.

    creator

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    data_exclusion_query

    string

    An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

    description

    string

    A description for the suppression rule.

    editable

    boolean

    Whether the suppression rule is editable.

    enabled

    boolean

    Whether the suppression rule is enabled.

    expiration_date

    int64

    A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

    name

    string

    The name of the suppression rule.

    rule_query

    string

    The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

    start_date

    int64

    A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals.

    suppression_query

    string

    The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.

    tags

    [string]

    List of tags associated with the suppression rule.

    update_date

    int64

    A Unix millisecond timestamp given the update date of the suppression rule.

    updater

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    version

    int32

    The version of the suppression rule; it starts at 1, and is incremented at each update.

    id

    string

    The ID of the suppression rule.

    type

    enum

    The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

    default: suppressions

    {
  "data": [
    {
      "attributes": {
        "creation_date": "integer",
        "creator": {
          "handle": "john.doe@datadoghq.com",
          "name": "John Doe"
        },
        "data_exclusion_query": "source:cloudtrail account_id:12345",
        "description": "This rule suppresses low-severity signals in staging environments.",
        "editable": true,
        "enabled": true,
        "expiration_date": 1703187336000,
        "name": "Custom suppression",
        "rule_query": "type:log_detection source:cloudtrail",
        "start_date": 1703187336000,
        "suppression_query": "env:staging status:low",
        "tags": [
          "technique:T1110-brute-force",
          "source:cloudtrail"
        ],
        "update_date": "integer",
        "updater": {
          "handle": "john.doe@datadoghq.com",
          "name": "John Doe"
        },
        "version": 42
      },
      "id": "3dd-0uc-h1s",
      "type": "suppressions"
    }
  ]
}

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Path parameters
    export rule_id="CHANGE_ME"
    # Curl command
    curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules/${rule_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Get suppressions affecting a specific rule returns "OK" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

# there is a valid "security_rule" in the system
SECURITY_RULE_ID = environ["SECURITY_RULE_ID"]

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_suppressions_affecting_rule(
        rule_id=SECURITY_RULE_ID,
    )

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Get suppressions affecting a specific rule returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "security_rule" in the system
SECURITY_RULE_ID = ENV["SECURITY_RULE_ID"]
p api_instance.get_suppressions_affecting_rule(SECURITY_RULE_ID)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Get suppressions affecting a specific rule returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "security_rule" in the system
	SecurityRuleID := os.Getenv("SECURITY_RULE_ID")

	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetSuppressionsAffectingRule(ctx, SecurityRuleID)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetSuppressionsAffectingRule`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetSuppressionsAffectingRule`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Get suppressions affecting a specific rule returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionsResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "security_rule" in the system
    String SECURITY_RULE_ID = System.getenv("SECURITY_RULE_ID");

    try {
      SecurityMonitoringSuppressionsResponse result =
          apiInstance.getSuppressionsAffectingRule(SECURITY_RULE_ID);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#getSuppressionsAffectingRule");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Get suppressions affecting a specific rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    // there is a valid "security_rule" in the system
    let security_rule_id = std::env::var("SECURITY_RULE_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .get_suppressions_affecting_rule(security_rule_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Get suppressions affecting a specific rule returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "security_rule" in the system
const SECURITY_RULE_ID = process.env.SECURITY_RULE_ID as string;

const params: v2.SecurityMonitoringApiGetSuppressionsAffectingRuleRequest = {
  ruleId: SECURITY_RULE_ID,
};

apiInstance
  .getSuppressionsAffectingRule(params)
  .then((data: v2.SecurityMonitoringSuppressionsResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Get a suppression's version history

    GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}/version_historyhttps://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}/version_historyhttps://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/{suppression_id}/version_historyhttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}/version_historyhttps://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}/version_historyhttps://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}/version_historyhttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}/version_historyhttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}/version_history

    概要

    Get a suppression’s version history.

    OAuth apps require the security_monitoring_suppressions_read authorization scope to access this endpoint.

    引数

    パスパラメーター

    名前

    種類

    説明

    suppression_id [required]

    string

    The ID of the suppression rule

    クエリ文字列

    名前

    種類

    説明

    page[size]

    integer

    Size for a given page. The maximum allowed value is 100.

    page[number]

    integer

    Specific page number to return.

    応答

    OK

    Response for getting the suppression version history.

    Expand All

    フィールド

    種類

    説明

    data

    object

    Data for the suppression version history.

    attributes

    object

    Response object containing the version history of a suppression.

    count

    int32

    The number of suppression versions.

    data

    object

    The version history of a suppression.

    <any-key>

    object

    A suppression version with a list of updates.

    changes

    [object]

    A list of changes.

    change

    string

    The new value of the field.

    field

    string

    The field that was changed.

    type

    enum

    The type of change. Allowed enum values: create,update,delete

    suppression

    object

    The attributes of the suppression rule.

    creation_date

    int64

    A Unix millisecond timestamp given the creation date of the suppression rule.

    creator

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    data_exclusion_query

    string

    An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

    description

    string

    A description for the suppression rule.

    editable

    boolean

    Whether the suppression rule is editable.

    enabled

    boolean

    Whether the suppression rule is enabled.

    expiration_date

    int64

    A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

    name

    string

    The name of the suppression rule.

    rule_query

    string

    The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

    start_date

    int64

    A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals.

    suppression_query

    string

    The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.

    tags

    [string]

    List of tags associated with the suppression rule.

    update_date

    int64

    A Unix millisecond timestamp given the update date of the suppression rule.

    updater

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    version

    int32

    The version of the suppression rule; it starts at 1, and is incremented at each update.

    id

    string

    ID of the suppression.

    type

    enum

    Type of data. Allowed enum values: suppression_version_history

    {
  "data": {
    "attributes": {
      "count": "integer",
      "data": {
        "<any-key>": {
          "changes": [
            {
              "change": "cloud_provider:aws",
              "field": "Tags",
              "type": "string"
            }
          ],
          "suppression": {
            "creation_date": "integer",
            "creator": {
              "handle": "john.doe@datadoghq.com",
              "name": "John Doe"
            },
            "data_exclusion_query": "source:cloudtrail account_id:12345",
            "description": "This rule suppresses low-severity signals in staging environments.",
            "editable": true,
            "enabled": true,
            "expiration_date": 1703187336000,
            "name": "Custom suppression",
            "rule_query": "type:log_detection source:cloudtrail",
            "start_date": 1703187336000,
            "suppression_query": "env:staging status:low",
            "tags": [
              "technique:T1110-brute-force",
              "source:cloudtrail"
            ],
            "update_date": "integer",
            "updater": {
              "handle": "john.doe@datadoghq.com",
              "name": "John Doe"
            },
            "version": 42
          }
        }
      }
    },
    "id": "string",
    "type": "string"
  }
}

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Path parameters
    export suppression_id="CHANGE_ME"
    # Curl command
    curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/${suppression_id}/version_history" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Get a suppression's version history returns "OK" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = environ["SUPPRESSION_DATA_ID"]

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_suppression_version_history(
        suppression_id=SUPPRESSION_DATA_ID,
    )

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Get a suppression's version history returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = ENV["SUPPRESSION_DATA_ID"]
p api_instance.get_suppression_version_history(SUPPRESSION_DATA_ID)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Get a suppression's version history returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "suppression" in the system
	SuppressionDataID := os.Getenv("SUPPRESSION_DATA_ID")

	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetSuppressionVersionHistory(ctx, SuppressionDataID, *datadogV2.NewGetSuppressionVersionHistoryOptionalParameters())

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetSuppressionVersionHistory`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetSuppressionVersionHistory`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Get a suppression's version history returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.GetSuppressionVersionHistoryResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "suppression" in the system
    String SUPPRESSION_DATA_ID = System.getenv("SUPPRESSION_DATA_ID");

    try {
      GetSuppressionVersionHistoryResponse result =
          apiInstance.getSuppressionVersionHistory(SUPPRESSION_DATA_ID);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#getSuppressionVersionHistory");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Get a suppression's version history returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::GetSuppressionVersionHistoryOptionalParams;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    // there is a valid "suppression" in the system
    let suppression_data_id = std::env::var("SUPPRESSION_DATA_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .get_suppression_version_history(
            suppression_data_id.clone(),
            GetSuppressionVersionHistoryOptionalParams::default(),
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Get a suppression's version history returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "suppression" in the system
const SUPPRESSION_DATA_ID = process.env.SUPPRESSION_DATA_ID as string;

const params: v2.SecurityMonitoringApiGetSuppressionVersionHistoryRequest = {
  suppressionId: SUPPRESSION_DATA_ID,
};

apiInstance
  .getSuppressionVersionHistory(params)
  .then((data: v2.GetSuppressionVersionHistoryResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Get all critical assets

    GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/critical_assetshttps://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/critical_assetshttps://api.datadoghq.eu/api/v2/security_monitoring/configuration/critical_assetshttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/critical_assetshttps://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/critical_assetshttps://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assetshttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/critical_assetshttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets

    概要

    Get the list of all critical assets.

    OAuth apps require the security_monitoring_critical_assets_read authorization scope to access this endpoint.

    応答

    OK

    Response object containing the available critical assets.

    Expand All

    フィールド

    種類

    説明

    data

    [object]

    A list of critical assets objects.

    attributes

    object

    The attributes of the critical asset.

    creation_author_id

    int64

    ID of user who created the critical asset.

    creation_date

    int64

    A Unix millisecond timestamp given the creation date of the critical asset.

    creator

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    enabled

    boolean

    Whether the critical asset is enabled.

    query

    string

    The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer.

    rule_query

    string

    The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to.

    severity

    enum

    Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased, or the severity can be left unchanged (no-op). Allowed enum values: info,low,medium,high,critical,increase,decrease,no-op

    tags

    [string]

    List of tags associated with the critical asset.

    update_author_id

    int64

    ID of user who updated the critical asset.

    update_date

    int64

    A Unix millisecond timestamp given the update date of the critical asset.

    updater

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    version

    int32

    The version of the critical asset; it starts at 1, and is incremented at each update.

    id

    string

    The ID of the critical asset.

    type

    enum

    The type of the resource. The value should always be critical_assets. Allowed enum values: critical_assets

    default: critical_assets

    {
  "data": [
    {
      "attributes": {
        "creation_author_id": 367742,
        "creation_date": "integer",
        "creator": {
          "handle": "john.doe@datadoghq.com",
          "name": "John Doe"
        },
        "enabled": true,
        "query": "security:monitoring",
        "rule_query": "type:log_detection source:cloudtrail",
        "severity": "increase",
        "tags": [
          "team:database",
          "source:cloudtrail"
        ],
        "update_author_id": 367743,
        "update_date": "integer",
        "updater": {
          "handle": "john.doe@datadoghq.com",
          "name": "John Doe"
        },
        "version": 2
      },
      "id": "4e2435a5-6670-4b8f-baff-46083cd1c250",
      "type": "critical_assets"
    }
  ]
}

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Curl command
    curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Get all critical assets returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.list_security_monitoring_critical_assets()

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Get all critical assets returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.list_security_monitoring_critical_assets()

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Get all critical assets returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.ListSecurityMonitoringCriticalAssets(ctx, *datadogV2.NewListSecurityMonitoringCriticalAssetsOptionalParameters())

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ListSecurityMonitoringCriticalAssets`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.ListSecurityMonitoringCriticalAssets`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Get all critical assets returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetsResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      SecurityMonitoringCriticalAssetsResponse result =
          apiInstance.listSecurityMonitoringCriticalAssets();
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#listSecurityMonitoringCriticalAssets");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Get all critical assets returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::ListSecurityMonitoringCriticalAssetsOptionalParams;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .list_security_monitoring_critical_assets(
            ListSecurityMonitoringCriticalAssetsOptionalParams::default(),
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Get all critical assets returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

apiInstance
  .listSecurityMonitoringCriticalAssets()
  .then((data: v2.SecurityMonitoringCriticalAssetsResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Create a critical asset

    POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/critical_assetshttps://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/critical_assetshttps://api.datadoghq.eu/api/v2/security_monitoring/configuration/critical_assetshttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/critical_assetshttps://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/critical_assetshttps://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assetshttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/critical_assetshttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets

    概要

    Create a new critical asset.

    OAuth apps require the security_monitoring_critical_assets_write authorization scope to access this endpoint.

    リクエスト

    Body Data (required)

    The definition of the new critical asset.

    Expand All

    フィールド

    種類

    説明

    data [required]

    object

    Object for a single critical asset.

    attributes [required]

    object

    Object containing the attributes of the critical asset to be created.

    enabled

    boolean

    Whether the critical asset is enabled. Defaults to true if not specified.

    default: true

    query [required]

    string

    The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer.

    rule_query [required]

    string

    The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to.

    severity [required]

    enum

    Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased, or the severity can be left unchanged (no-op). Allowed enum values: info,low,medium,high,critical,increase,decrease,no-op

    tags

    [string]

    List of tags associated with the critical asset.

    type [required]

    enum

    The type of the resource. The value should always be critical_assets. Allowed enum values: critical_assets

    default: critical_assets

    {
  "data": {
    "type": "critical_assets",
    "attributes": {
      "query": "host:examplesecuritymonitoring",
      "rule_query": "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail",
      "severity": "decrease",
      "tags": [
        "team:security",
        "env:test"
      ]
    }
  }
}

    応答

    OK

    Response object containing a single critical asset.

    Expand All

    フィールド

    種類

    説明

    data

    object

    The critical asset's properties.

    attributes

    object

    The attributes of the critical asset.

    creation_author_id

    int64

    ID of user who created the critical asset.

    creation_date

    int64

    A Unix millisecond timestamp given the creation date of the critical asset.

    creator

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    enabled

    boolean

    Whether the critical asset is enabled.

    query

    string

    The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer.

    rule_query

    string

    The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to.

    severity

    enum

    Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased, or the severity can be left unchanged (no-op). Allowed enum values: info,low,medium,high,critical,increase,decrease,no-op

    tags

    [string]

    List of tags associated with the critical asset.

    update_author_id

    int64

    ID of user who updated the critical asset.

    update_date

    int64

    A Unix millisecond timestamp given the update date of the critical asset.

    updater

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    version

    int32

    The version of the critical asset; it starts at 1, and is incremented at each update.

    id

    string

    The ID of the critical asset.

    type

    enum

    The type of the resource. The value should always be critical_assets. Allowed enum values: critical_assets

    default: critical_assets

    {
  "data": {
    "attributes": {
      "creation_author_id": 367742,
      "creation_date": "integer",
      "creator": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "enabled": true,
      "query": "security:monitoring",
      "rule_query": "type:log_detection source:cloudtrail",
      "severity": "increase",
      "tags": [
        "team:database",
        "source:cloudtrail"
      ],
      "update_author_id": 367743,
      "update_date": "integer",
      "updater": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "version": 2
    },
    "id": "4e2435a5-6670-4b8f-baff-46083cd1c250",
    "type": "critical_assets"
  }
}

    Bad Request

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Conflict

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                              ## default
# 

    # Curl command
    curl -X POST "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "enabled": true,
      "query": "security:monitoring",
      "rule_query": "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail",
      "severity": "increase",
      "tags": [
        "team:database",
        "source:cloudtrail"
      ]
    },
    "type": "critical_assets"
  }
}
EOF
    
                        
    // Create a critical asset returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityMonitoringCriticalAssetCreateRequest{
		Data: datadogV2.SecurityMonitoringCriticalAssetCreateData{
			Type: datadogV2.SECURITYMONITORINGCRITICALASSETTYPE_CRITICAL_ASSETS,
			Attributes: datadogV2.SecurityMonitoringCriticalAssetCreateAttributes{
				Query:     "host:examplesecuritymonitoring",
				RuleQuery: "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail",
				Severity:  datadogV2.SECURITYMONITORINGCRITICALASSETSEVERITY_DECREASE,
				Tags: []string{
					"team:security",
					"env:test",
				},
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateSecurityMonitoringCriticalAsset(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSecurityMonitoringCriticalAsset`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSecurityMonitoringCriticalAsset`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Create a critical asset returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetCreateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetCreateData;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetCreateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetSeverity;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetType;
import java.util.Arrays;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringCriticalAssetCreateRequest body =
        new SecurityMonitoringCriticalAssetCreateRequest()
            .data(
                new SecurityMonitoringCriticalAssetCreateData()
                    .type(SecurityMonitoringCriticalAssetType.CRITICAL_ASSETS)
                    .attributes(
                        new SecurityMonitoringCriticalAssetCreateAttributes()
                            .query("host:examplesecuritymonitoring")
                            .ruleQuery(
                                "type:(log_detection OR signal_correlation OR workload_security OR"
                                    + " application_security) source:cloudtrail")
                            .severity(SecurityMonitoringCriticalAssetSeverity.DECREASE)
                            .tags(Arrays.asList("team:security", "env:test"))));

    try {
      SecurityMonitoringCriticalAssetResponse result =
          apiInstance.createSecurityMonitoringCriticalAsset(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#createSecurityMonitoringCriticalAsset");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    """
Create a critical asset returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_critical_asset_create_attributes import (
    SecurityMonitoringCriticalAssetCreateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_critical_asset_create_data import (
    SecurityMonitoringCriticalAssetCreateData,
)
from datadog_api_client.v2.model.security_monitoring_critical_asset_create_request import (
    SecurityMonitoringCriticalAssetCreateRequest,
)
from datadog_api_client.v2.model.security_monitoring_critical_asset_severity import (
    SecurityMonitoringCriticalAssetSeverity,
)
from datadog_api_client.v2.model.security_monitoring_critical_asset_type import SecurityMonitoringCriticalAssetType

body = SecurityMonitoringCriticalAssetCreateRequest(
    data=SecurityMonitoringCriticalAssetCreateData(
        type=SecurityMonitoringCriticalAssetType.CRITICAL_ASSETS,
        attributes=SecurityMonitoringCriticalAssetCreateAttributes(
            query="host:examplesecuritymonitoring",
            rule_query="type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail",
            severity=SecurityMonitoringCriticalAssetSeverity.DECREASE,
            tags=[
                "team:security",
                "env:test",
            ],
        ),
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_security_monitoring_critical_asset(body=body)

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Create a critical asset returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringCriticalAssetCreateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringCriticalAssetCreateData.new({
    type: DatadogAPIClient::V2::SecurityMonitoringCriticalAssetType::CRITICAL_ASSETS,
    attributes: DatadogAPIClient::V2::SecurityMonitoringCriticalAssetCreateAttributes.new({
      query: "host:examplesecuritymonitoring",
      rule_query: "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail",
      severity: DatadogAPIClient::V2::SecurityMonitoringCriticalAssetSeverity::DECREASE,
      tags: [
        "team:security",
        "env:test",
      ],
    }),
  }),
})
p api_instance.create_security_monitoring_critical_asset(body)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Create a critical asset returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetCreateAttributes;
use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetCreateData;
use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetCreateRequest;
use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetSeverity;
use datadog_api_client::datadogV2::model::SecurityMonitoringCriticalAssetType;

#[tokio::main]
async fn main() {
    let body =
        SecurityMonitoringCriticalAssetCreateRequest::new(
            SecurityMonitoringCriticalAssetCreateData::new(
                SecurityMonitoringCriticalAssetCreateAttributes::new(
                    "host:examplesecuritymonitoring".to_string(),
                    "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail".to_string(),
                    SecurityMonitoringCriticalAssetSeverity::DECREASE,
                ).tags(vec!["team:security".to_string(), "env:test".to_string()]),
                SecurityMonitoringCriticalAssetType::CRITICAL_ASSETS,
            ),
        );
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_security_monitoring_critical_asset(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Create a critical asset returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateSecurityMonitoringCriticalAssetRequest =
  {
    body: {
      data: {
        type: "critical_assets",
        attributes: {
          query: "host:examplesecuritymonitoring",
          ruleQuery:
            "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail",
          severity: "decrease",
          tags: ["team:security", "env:test"],
        },
      },
    },
  };

apiInstance
  .createSecurityMonitoringCriticalAsset(params)
  .then((data: v2.SecurityMonitoringCriticalAssetResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Get a critical asset

    GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}

    概要

    Get the details of a specific critical asset.

    OAuth apps require the security_monitoring_critical_assets_read authorization scope to access this endpoint.

    引数

    パスパラメーター

    名前

    種類

    説明

    critical_asset_id [required]

    string

    The ID of the critical asset.

    応答

    OK

    Response object containing a single critical asset.

    Expand All

    フィールド

    種類

    説明

    data

    object

    The critical asset's properties.

    attributes

    object

    The attributes of the critical asset.

    creation_author_id

    int64

    ID of user who created the critical asset.

    creation_date

    int64

    A Unix millisecond timestamp given the creation date of the critical asset.

    creator

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    enabled

    boolean

    Whether the critical asset is enabled.

    query

    string

    The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer.

    rule_query

    string

    The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to.

    severity

    enum

    Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased, or the severity can be left unchanged (no-op). Allowed enum values: info,low,medium,high,critical,increase,decrease,no-op

    tags

    [string]

    List of tags associated with the critical asset.

    update_author_id

    int64

    ID of user who updated the critical asset.

    update_date

    int64

    A Unix millisecond timestamp given the update date of the critical asset.

    updater

    object

    A user.

    handle

    string

    The handle of the user.

    name

    string

    The name of the user.

    version

    int32

    The version of the critical asset; it starts at 1, and is incremented at each update.

    id

    string

    The ID of the critical asset.

    type

    enum

    The type of the resource. The value should always be critical_assets. Allowed enum values: critical_assets

    default: critical_assets

    {
  "data": {
    "attributes": {
      "creation_author_id": 367742,
      "creation_date": "integer",
      "creator": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "enabled": true,
      "query": "security:monitoring",
      "rule_query": "type:log_detection source:cloudtrail",
      "severity": "increase",
      "tags": [
        "team:database",
        "source:cloudtrail"
      ],
      "update_author_id": 367743,
      "update_date": "integer",
      "updater": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "version": 2
    },
    "id": "4e2435a5-6670-4b8f-baff-46083cd1c250",
    "type": "critical_assets"
  }
}

    Not Authorized

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Not Found

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    Too many requests

    API error response.

    Expand All

    フィールド

    種類

    説明

    errors [required]

    [string]

    A list of errors.

    {
  "errors": [
    "Bad Request"
  ]
}

    コード例

                      # Path parameters
    export critical_asset_id="CHANGE_ME"
    # Curl command
    curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/${critical_asset_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
    
                
    """
Get a critical asset returns "OK" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

# there is a valid "critical_asset" in the system
CRITICAL_ASSET_DATA_ID = environ["CRITICAL_ASSET_DATA_ID"]

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_security_monitoring_critical_asset(
        critical_asset_id=CRITICAL_ASSET_DATA_ID,
    )

    print(response)

    Instructions

    First install the library and its dependencies and then save the example to example.py and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
    # Get a critical asset returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "critical_asset" in the system
CRITICAL_ASSET_DATA_ID = ENV["CRITICAL_ASSET_DATA_ID"]
p api_instance.get_security_monitoring_critical_asset(CRITICAL_ASSET_DATA_ID)

    Instructions

    First install the library and its dependencies and then save the example to example.rb and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
    // Get a critical asset returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "critical_asset" in the system
	CriticalAssetDataID := os.Getenv("CRITICAL_ASSET_DATA_ID")

	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetSecurityMonitoringCriticalAsset(ctx, CriticalAssetDataID)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetSecurityMonitoringCriticalAsset`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetSecurityMonitoringCriticalAsset`:\n%s\n", responseContent)
}

    Instructions

    First install the library and its dependencies and then save the example to main.go and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
    // Get a critical asset returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringCriticalAssetResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "critical_asset" in the system
    String CRITICAL_ASSET_DATA_ID = System.getenv("CRITICAL_ASSET_DATA_ID");

    try {
      SecurityMonitoringCriticalAssetResponse result =
          apiInstance.getSecurityMonitoringCriticalAsset(CRITICAL_ASSET_DATA_ID);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#getSecurityMonitoringCriticalAsset");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

    Instructions

    First install the library and its dependencies and then save the example to Example.java and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
    // Get a critical asset returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    // there is a valid "critical_asset" in the system
    let critical_asset_data_id = std::env::var("CRITICAL_ASSET_DATA_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .get_security_monitoring_critical_asset(critical_asset_data_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

    Instructions

    First install the library and its dependencies and then save the example to src/main.rs and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
    /**
 * Get a critical asset returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "critical_asset" in the system
const CRITICAL_ASSET_DATA_ID = process.env.CRITICAL_ASSET_DATA_ID as string;

const params: v2.SecurityMonitoringApiGetSecurityMonitoringCriticalAssetRequest =
  {
    criticalAssetId: CRITICAL_ASSET_DATA_ID,
  };

apiInstance
  .getSecurityMonitoringCriticalAsset(params)
  .then((data: v2.SecurityMonitoringCriticalAssetResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

    Instructions

    First install the library and its dependencies and then save the example to example.ts and run following commands:

        
    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

    Update a critical asset

    PATCH https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}