セキュリティモニタリング

信号を生成し、生成された信号を一覧表示するための検出ルール。

POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressionshttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressionshttps://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions

概要

Create a new suppression rule. This endpoint requires the security_monitoring_suppressions_write authorization scope.

リクエスト

Body Data (required)

The definition of the new suppression rule.

Expand All

フィールド

種類

説明

data [required]

object

Object for a single suppression rule.

attributes [required]

object

Object containing the attributes of the suppression rule to be created.

data_exclusion_query

string

An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

description

string

A description for the suppression rule.

enabled [required]

boolean

Whether the suppression rule is enabled.

expiration_date

int64

A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

name [required]

string

The name of the suppression rule.

rule_query [required]

string

The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

suppression_query

string

The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer.

type [required]

enum

The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

default: suppressions

{
  "data": {
    "attributes": {
      "description": "This rule suppresses low-severity signals in staging environments.",
      "enabled": true,
      "expiration_date": 1638443471000,
      "name": "Example-Security-Monitoring",
      "rule_query": "type:log_detection source:cloudtrail",
      "suppression_query": "env:staging status:low"
    },
    "type": "suppressions"
  }
}
{
  "data": {
    "attributes": {
      "description": "This rule suppresses low-severity signals in staging environments.",
      "enabled": true,
      "expiration_date": 1638443471000,
      "name": "Example-Security-Monitoring",
      "rule_query": "type:log_detection source:cloudtrail",
      "data_exclusion_query": "account_id:12345"
    },
    "type": "suppressions"
  }
}

応答

OK

Response object containing a single suppression rule.

Expand All

フィールド

種類

説明

data

object

The suppression rule's properties.

attributes

object

The attributes of the suppression rule.

creation_date

int64

A Unix millisecond timestamp given the creation date of the suppression rule.

creator

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

data_exclusion_query

string

An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

description

string

A description for the suppression rule.

enabled

boolean

Whether the suppression rule is enabled.

expiration_date

int64

A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

name

string

The name of the suppression rule.

rule_query

string

The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

suppression_query

string

The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.

update_date

int64

A Unix millisecond timestamp given the update date of the suppression rule.

updater

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

version

int32

The version of the suppression rule; it starts at 1, and is incremented at each update.

id

string

The ID of the suppression rule.

type

enum

The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

default: suppressions

{
  "data": {
    "attributes": {
      "creation_date": "integer",
      "creator": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "data_exclusion_query": "source:cloudtrail account_id:12345",
      "description": "This rule suppresses low-severity signals in staging environments.",
      "enabled": true,
      "expiration_date": 1703187336000,
      "name": "Custom suppression",
      "rule_query": "type:log_detection source:cloudtrail",
      "suppression_query": "env:staging status:low",
      "update_date": "integer",
      "updater": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "version": 42
    },
    "id": "3dd-0uc-h1s",
    "type": "suppressions"
  }
}

Bad Request

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Conflict

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

コード例

                          # Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1638443471000, "name": "Example-Security-Monitoring", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low" }, "type": "suppressions" } } EOF
                          # Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1638443471000, "name": "Example-Security-Monitoring", "rule_query": "type:log_detection source:cloudtrail", "data_exclusion_query": "account_id:12345" }, "type": "suppressions" } } EOF
// Create a suppression rule returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityMonitoringSuppressionCreateRequest{
		Data: datadogV2.SecurityMonitoringSuppressionCreateData{
			Attributes: datadogV2.SecurityMonitoringSuppressionCreateAttributes{
				Description:      datadog.PtrString("This rule suppresses low-severity signals in staging environments."),
				Enabled:          true,
				ExpirationDate:   datadog.PtrInt64(1638443471000),
				Name:             "Example-Security-Monitoring",
				RuleQuery:        "type:log_detection source:cloudtrail",
				SuppressionQuery: datadog.PtrString("env:staging status:low"),
			},
			Type: datadogV2.SECURITYMONITORINGSUPPRESSIONTYPE_SUPPRESSIONS,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateSecurityMonitoringSuppression(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`:\n%s\n", responseContent)
}
// Create a suppression rule with an exclusion query returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityMonitoringSuppressionCreateRequest{
		Data: datadogV2.SecurityMonitoringSuppressionCreateData{
			Attributes: datadogV2.SecurityMonitoringSuppressionCreateAttributes{
				Description:        datadog.PtrString("This rule suppresses low-severity signals in staging environments."),
				Enabled:            true,
				ExpirationDate:     datadog.PtrInt64(1638443471000),
				Name:               "Example-Security-Monitoring",
				RuleQuery:          "type:log_detection source:cloudtrail",
				DataExclusionQuery: datadog.PtrString("account_id:12345"),
			},
			Type: datadogV2.SECURITYMONITORINGSUPPRESSIONTYPE_SUPPRESSIONS,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateSecurityMonitoringSuppression(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Create a suppression rule returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionType;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringSuppressionCreateRequest body =
        new SecurityMonitoringSuppressionCreateRequest()
            .data(
                new SecurityMonitoringSuppressionCreateData()
                    .attributes(
                        new SecurityMonitoringSuppressionCreateAttributes()
                            .description(
                                "This rule suppresses low-severity signals in staging"
                                    + " environments.")
                            .enabled(true)
                            .expirationDate(1638443471000L)
                            .name("Example-Security-Monitoring")
                            .ruleQuery("type:log_detection source:cloudtrail")
                            .suppressionQuery("env:staging status:low"))
                    .type(SecurityMonitoringSuppressionType.SUPPRESSIONS));

    try {
      SecurityMonitoringSuppressionResponse result =
          apiInstance.createSecurityMonitoringSuppression(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#createSecurityMonitoringSuppression");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}
// Create a suppression rule with an exclusion query returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionType;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringSuppressionCreateRequest body =
        new SecurityMonitoringSuppressionCreateRequest()
            .data(
                new SecurityMonitoringSuppressionCreateData()
                    .attributes(
                        new SecurityMonitoringSuppressionCreateAttributes()
                            .description(
                                "This rule suppresses low-severity signals in staging"
                                    + " environments.")
                            .enabled(true)
                            .expirationDate(1638443471000L)
                            .name("Example-Security-Monitoring")
                            .ruleQuery("type:log_detection source:cloudtrail")
                            .dataExclusionQuery("account_id:12345"))
                    .type(SecurityMonitoringSuppressionType.SUPPRESSIONS));

    try {
      SecurityMonitoringSuppressionResponse result =
          apiInstance.createSecurityMonitoringSuppression(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#createSecurityMonitoringSuppression");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
"""
Create a suppression rule returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_suppression_create_attributes import (
    SecurityMonitoringSuppressionCreateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_suppression_create_data import (
    SecurityMonitoringSuppressionCreateData,
)
from datadog_api_client.v2.model.security_monitoring_suppression_create_request import (
    SecurityMonitoringSuppressionCreateRequest,
)
from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType

body = SecurityMonitoringSuppressionCreateRequest(
    data=SecurityMonitoringSuppressionCreateData(
        attributes=SecurityMonitoringSuppressionCreateAttributes(
            description="This rule suppresses low-severity signals in staging environments.",
            enabled=True,
            expiration_date=1638443471000,
            name="Example-Security-Monitoring",
            rule_query="type:log_detection source:cloudtrail",
            suppression_query="env:staging status:low",
        ),
        type=SecurityMonitoringSuppressionType.SUPPRESSIONS,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_security_monitoring_suppression(body=body)

    print(response)
"""
Create a suppression rule with an exclusion query returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_suppression_create_attributes import (
    SecurityMonitoringSuppressionCreateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_suppression_create_data import (
    SecurityMonitoringSuppressionCreateData,
)
from datadog_api_client.v2.model.security_monitoring_suppression_create_request import (
    SecurityMonitoringSuppressionCreateRequest,
)
from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType

body = SecurityMonitoringSuppressionCreateRequest(
    data=SecurityMonitoringSuppressionCreateData(
        attributes=SecurityMonitoringSuppressionCreateAttributes(
            description="This rule suppresses low-severity signals in staging environments.",
            enabled=True,
            expiration_date=1638443471000,
            name="Example-Security-Monitoring",
            rule_query="type:log_detection source:cloudtrail",
            data_exclusion_query="account_id:12345",
        ),
        type=SecurityMonitoringSuppressionType.SUPPRESSIONS,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_security_monitoring_suppression(body=body)

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Create a suppression rule returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateData.new({
    attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateAttributes.new({
      description: "This rule suppresses low-severity signals in staging environments.",
      enabled: true,
      expiration_date: 1638443471000,
      name: "Example-Security-Monitoring",
      rule_query: "type:log_detection source:cloudtrail",
      suppression_query: "env:staging status:low",
    }),
    type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS,
  }),
})
p api_instance.create_security_monitoring_suppression(body)
# Create a suppression rule with an exclusion query returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateData.new({
    attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateAttributes.new({
      description: "This rule suppresses low-severity signals in staging environments.",
      enabled: true,
      expiration_date: 1638443471000,
      name: "Example-Security-Monitoring",
      rule_query: "type:log_detection source:cloudtrail",
      data_exclusion_query: "account_id:12345",
    }),
    type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS,
  }),
})
p api_instance.create_security_monitoring_suppression(body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
/**
 * Create a suppression rule returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateSecurityMonitoringSuppressionRequest =
  {
    body: {
      data: {
        attributes: {
          description:
            "This rule suppresses low-severity signals in staging environments.",
          enabled: true,
          expirationDate: 1638443471000,
          name: "Example-Security-Monitoring",
          ruleQuery: "type:log_detection source:cloudtrail",
          suppressionQuery: "env:staging status:low",
        },
        type: "suppressions",
      },
    },
  };

apiInstance
  .createSecurityMonitoringSuppression(params)
  .then((data: v2.SecurityMonitoringSuppressionResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));
/**
 * Create a suppression rule with an exclusion query returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateSecurityMonitoringSuppressionRequest =
  {
    body: {
      data: {
        attributes: {
          description:
            "This rule suppresses low-severity signals in staging environments.",
          enabled: true,
          expirationDate: 1638443471000,
          name: "Example-Security-Monitoring",
          ruleQuery: "type:log_detection source:cloudtrail",
          dataExclusionQuery: "account_id:12345",
        },
        type: "suppressions",
      },
    },
  };

apiInstance
  .createSecurityMonitoringSuppression(params)
  .then((data: v2.SecurityMonitoringSuppressionResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

DELETE https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}

概要

Delete a specific suppression rule. This endpoint requires the security_monitoring_suppressions_write authorization scope.

引数

パスパラメーター

名前

種類

説明

suppression_id [required]

string

The ID of the suppression rule

応答

OK

Not Authorized

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

コード例

                  # Path parameters
export suppression_id="CHANGE_ME"
# Curl command
curl -X DELETE "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/${suppression_id}" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
Delete a suppression rule returns "OK" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = environ["SUPPRESSION_DATA_ID"]

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    api_instance.delete_security_monitoring_suppression(
        suppression_id=SUPPRESSION_DATA_ID,
    )

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Delete a suppression rule returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = ENV["SUPPRESSION_DATA_ID"]
api_instance.delete_security_monitoring_suppression(SUPPRESSION_DATA_ID)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Delete a suppression rule returns "OK" response

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "suppression" in the system
	SuppressionDataID := os.Getenv("SUPPRESSION_DATA_ID")

	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	r, err := api.DeleteSecurityMonitoringSuppression(ctx, SuppressionDataID)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.DeleteSecurityMonitoringSuppression`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Delete a suppression rule returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "suppression" in the system
    String SUPPRESSION_DATA_ID = System.getenv("SUPPRESSION_DATA_ID");

    try {
      apiInstance.deleteSecurityMonitoringSuppression(SUPPRESSION_DATA_ID);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#deleteSecurityMonitoringSuppression");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
/**
 * Delete a suppression rule returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "suppression" in the system
const SUPPRESSION_DATA_ID = process.env.SUPPRESSION_DATA_ID as string;

const params: v2.SecurityMonitoringApiDeleteSecurityMonitoringSuppressionRequest =
  {
    suppressionId: SUPPRESSION_DATA_ID,
  };

apiInstance
  .deleteSecurityMonitoringSuppression(params)
  .then((data: any) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}

概要

Get the details of a specific suppression rule. This endpoint requires the security_monitoring_suppressions_read authorization scope.

引数

パスパラメーター

名前

種類

説明

suppression_id [required]

string

The ID of the suppression rule

応答

OK

Response object containing a single suppression rule.

Expand All

フィールド

種類

説明

data

object

The suppression rule's properties.

attributes

object

The attributes of the suppression rule.

creation_date

int64

A Unix millisecond timestamp given the creation date of the suppression rule.

creator

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

data_exclusion_query

string

An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

description

string

A description for the suppression rule.

enabled

boolean

Whether the suppression rule is enabled.

expiration_date

int64

A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

name

string

The name of the suppression rule.

rule_query

string

The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

suppression_query

string

The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.

update_date

int64

A Unix millisecond timestamp given the update date of the suppression rule.

updater

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

version

int32

The version of the suppression rule; it starts at 1, and is incremented at each update.

id

string

The ID of the suppression rule.

type

enum

The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

default: suppressions

{
  "data": {
    "attributes": {
      "creation_date": "integer",
      "creator": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "data_exclusion_query": "source:cloudtrail account_id:12345",
      "description": "This rule suppresses low-severity signals in staging environments.",
      "enabled": true,
      "expiration_date": 1703187336000,
      "name": "Custom suppression",
      "rule_query": "type:log_detection source:cloudtrail",
      "suppression_query": "env:staging status:low",
      "update_date": "integer",
      "updater": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "version": 42
    },
    "id": "3dd-0uc-h1s",
    "type": "suppressions"
  }
}

Not Authorized

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

コード例

                  # Path parameters
export suppression_id="CHANGE_ME"
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/${suppression_id}" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
Get a suppression rule returns "OK" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = environ["SUPPRESSION_DATA_ID"]

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_security_monitoring_suppression(
        suppression_id=SUPPRESSION_DATA_ID,
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Get a suppression rule returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = ENV["SUPPRESSION_DATA_ID"]
p api_instance.get_security_monitoring_suppression(SUPPRESSION_DATA_ID)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Get a suppression rule returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "suppression" in the system
	SuppressionDataID := os.Getenv("SUPPRESSION_DATA_ID")

	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetSecurityMonitoringSuppression(ctx, SuppressionDataID)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetSecurityMonitoringSuppression`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetSecurityMonitoringSuppression`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Get a suppression rule returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "suppression" in the system
    String SUPPRESSION_DATA_ID = System.getenv("SUPPRESSION_DATA_ID");

    try {
      SecurityMonitoringSuppressionResponse result =
          apiInstance.getSecurityMonitoringSuppression(SUPPRESSION_DATA_ID);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#getSecurityMonitoringSuppression");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
/**
 * Get a suppression rule returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "suppression" in the system
const SUPPRESSION_DATA_ID = process.env.SUPPRESSION_DATA_ID as string;

const params: v2.SecurityMonitoringApiGetSecurityMonitoringSuppressionRequest =
  {
    suppressionId: SUPPRESSION_DATA_ID,
  };

apiInstance
  .getSecurityMonitoringSuppression(params)
  .then((data: v2.SecurityMonitoringSuppressionResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressionshttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressionshttps://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions

概要

Get the list of all suppression rules. This endpoint requires the security_monitoring_suppressions_read authorization scope.

応答

OK

Response object containing the available suppression rules.

Expand All

フィールド

種類

説明

data

[object]

A list of suppressions objects.

attributes

object

The attributes of the suppression rule.

creation_date

int64

A Unix millisecond timestamp given the creation date of the suppression rule.

creator

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

data_exclusion_query

string

An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

description

string

A description for the suppression rule.

enabled

boolean

Whether the suppression rule is enabled.

expiration_date

int64

A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

name

string

The name of the suppression rule.

rule_query

string

The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

suppression_query

string

The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.

update_date

int64

A Unix millisecond timestamp given the update date of the suppression rule.

updater

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

version

int32

The version of the suppression rule; it starts at 1, and is incremented at each update.

id

string

The ID of the suppression rule.

type

enum

The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

default: suppressions

{
  "data": [
    {
      "attributes": {
        "creation_date": "integer",
        "creator": {
          "handle": "john.doe@datadoghq.com",
          "name": "John Doe"
        },
        "data_exclusion_query": "source:cloudtrail account_id:12345",
        "description": "This rule suppresses low-severity signals in staging environments.",
        "enabled": true,
        "expiration_date": 1703187336000,
        "name": "Custom suppression",
        "rule_query": "type:log_detection source:cloudtrail",
        "suppression_query": "env:staging status:low",
        "update_date": "integer",
        "updater": {
          "handle": "john.doe@datadoghq.com",
          "name": "John Doe"
        },
        "version": 42
      },
      "id": "3dd-0uc-h1s",
      "type": "suppressions"
    }
  ]
}

Not Authorized

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

コード例

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
Get all suppression rules returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.list_security_monitoring_suppressions()

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Get all suppression rules returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.list_security_monitoring_suppressions()

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Get all suppression rules returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.ListSecurityMonitoringSuppressions(ctx)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ListSecurityMonitoringSuppressions`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.ListSecurityMonitoringSuppressions`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Get all suppression rules returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionsResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      SecurityMonitoringSuppressionsResponse result =
          apiInstance.listSecurityMonitoringSuppressions();
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#listSecurityMonitoringSuppressions");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
/**
 * Get all suppression rules returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

apiInstance
  .listSecurityMonitoringSuppressions()
  .then((data: v2.SecurityMonitoringSuppressionsResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

PATCH https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}

概要

Update a specific suppression rule. This endpoint requires the security_monitoring_suppressions_write authorization scope.

引数

パスパラメーター

名前

種類

説明

suppression_id [required]

string

The ID of the suppression rule

リクエスト

Body Data (required)

New definition of the suppression rule. Supports partial updates.

Expand All

フィールド

種類

説明

data [required]

object

The new suppression properties; partial updates are supported.

attributes [required]

object

The suppression rule properties to be updated.

data_exclusion_query

string

An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

description

string

A description for the suppression rule.

enabled

boolean

Whether the suppression rule is enabled.

expiration_date

int64

A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. If unset, the expiration date of the suppression rule is left untouched. If set to null, the expiration date is removed.

name

string

The name of the suppression rule.

rule_query

string

The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

suppression_query

string

The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.

version

int32

The current version of the suppression. This is optional, but it can help prevent concurrent modifications.

type [required]

enum

The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

default: suppressions

{
  "data": {
    "attributes": {
      "suppression_query": "env:staging status:low"
    },
    "type": "suppressions"
  }
}

応答

OK

Response object containing a single suppression rule.

Expand All

フィールド

種類

説明

data

object

The suppression rule's properties.

attributes

object

The attributes of the suppression rule.

creation_date

int64

A Unix millisecond timestamp given the creation date of the suppression rule.

creator

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

data_exclusion_query

string

An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.

description

string

A description for the suppression rule.

enabled

boolean

Whether the suppression rule is enabled.

expiration_date

int64

A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.

name

string

The name of the suppression rule.

rule_query

string

The rule query of the suppression rule, with the same syntax as the search bar for detection rules.

suppression_query

string

The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.

update_date

int64

A Unix millisecond timestamp given the update date of the suppression rule.

updater

object

A user.

handle

string

The handle of the user.

name

string

The name of the user.

version

int32

The version of the suppression rule; it starts at 1, and is incremented at each update.

id

string

The ID of the suppression rule.

type

enum

The type of the resource. The value should always be suppressions. Allowed enum values: suppressions

default: suppressions

{
  "data": {
    "attributes": {
      "creation_date": "integer",
      "creator": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "data_exclusion_query": "source:cloudtrail account_id:12345",
      "description": "This rule suppresses low-severity signals in staging environments.",
      "enabled": true,
      "expiration_date": 1703187336000,
      "name": "Custom suppression",
      "rule_query": "type:log_detection source:cloudtrail",
      "suppression_query": "env:staging status:low",
      "update_date": "integer",
      "updater": {
        "handle": "john.doe@datadoghq.com",
        "name": "John Doe"
      },
      "version": 42
    },
    "id": "3dd-0uc-h1s",
    "type": "suppressions"
  }
}

Bad Request

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Concurrent Modification

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

コード例

                          # Path parameters
export suppression_id="CHANGE_ME"
# Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/${suppression_id}" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "suppression_query": "env:staging status:low" }, "type": "suppressions" } } EOF
// Update a suppression rule returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "suppression" in the system
	SuppressionDataID := os.Getenv("SUPPRESSION_DATA_ID")

	body := datadogV2.SecurityMonitoringSuppressionUpdateRequest{
		Data: datadogV2.SecurityMonitoringSuppressionUpdateData{
			Attributes: datadogV2.SecurityMonitoringSuppressionUpdateAttributes{
				SuppressionQuery: datadog.PtrString("env:staging status:low"),
			},
			Type: datadogV2.SECURITYMONITORINGSUPPRESSIONTYPE_SUPPRESSIONS,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.UpdateSecurityMonitoringSuppression(ctx, SuppressionDataID, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.UpdateSecurityMonitoringSuppression`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.UpdateSecurityMonitoringSuppression`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Update a suppression rule returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionType;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionUpdateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionUpdateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionUpdateRequest;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "suppression" in the system
    String SUPPRESSION_DATA_ID = System.getenv("SUPPRESSION_DATA_ID");

    SecurityMonitoringSuppressionUpdateRequest body =
        new SecurityMonitoringSuppressionUpdateRequest()
            .data(
                new SecurityMonitoringSuppressionUpdateData()
                    .attributes(
                        new SecurityMonitoringSuppressionUpdateAttributes()
                            .suppressionQuery("env:staging status:low"))
                    .type(SecurityMonitoringSuppressionType.SUPPRESSIONS));

    try {
      SecurityMonitoringSuppressionResponse result =
          apiInstance.updateSecurityMonitoringSuppression(SUPPRESSION_DATA_ID, body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#updateSecurityMonitoringSuppression");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
"""
Update a suppression rule returns "OK" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType
from datadog_api_client.v2.model.security_monitoring_suppression_update_attributes import (
    SecurityMonitoringSuppressionUpdateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_suppression_update_data import (
    SecurityMonitoringSuppressionUpdateData,
)
from datadog_api_client.v2.model.security_monitoring_suppression_update_request import (
    SecurityMonitoringSuppressionUpdateRequest,
)

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = environ["SUPPRESSION_DATA_ID"]

body = SecurityMonitoringSuppressionUpdateRequest(
    data=SecurityMonitoringSuppressionUpdateData(
        attributes=SecurityMonitoringSuppressionUpdateAttributes(
            suppression_query="env:staging status:low",
        ),
        type=SecurityMonitoringSuppressionType.SUPPRESSIONS,
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.update_security_monitoring_suppression(suppression_id=SUPPRESSION_DATA_ID, body=body)

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Update a suppression rule returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = ENV["SUPPRESSION_DATA_ID"]

body = DatadogAPIClient::V2::SecurityMonitoringSuppressionUpdateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringSuppressionUpdateData.new({
    attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionUpdateAttributes.new({
      suppression_query: "env:staging status:low",
    }),
    type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS,
  }),
})
p api_instance.update_security_monitoring_suppression(SUPPRESSION_DATA_ID, body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
/**
 * Update a suppression rule returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "suppression" in the system
const SUPPRESSION_DATA_ID = process.env.SUPPRESSION_DATA_ID as string;

const params: v2.SecurityMonitoringApiUpdateSecurityMonitoringSuppressionRequest =
  {
    body: {
      data: {
        attributes: {
          suppressionQuery: "env:staging status:low",
        },
        type: "suppressions",
      },
    },
    suppressionId: SUPPRESSION_DATA_ID,
  };

apiInstance
  .updateSecurityMonitoringSuppression(params)
  .then((data: v2.SecurityMonitoringSuppressionResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

GET https://api.ap1.datadoghq.com/api/v2/posture_management/findingshttps://api.datadoghq.eu/api/v2/posture_management/findingshttps://api.ddog-gov.com/api/v2/posture_management/findingshttps://api.datadoghq.com/api/v2/posture_management/findingshttps://api.us3.datadoghq.com/api/v2/posture_management/findingshttps://api.us5.datadoghq.com/api/v2/posture_management/findings

概要

Get a list of CSPM findings.

Filtering

Filters can be applied by appending query parameters to the URL.

  • Using a single filter: ?filter[attribute_key]=attribute_value
  • Chaining filters: ?filter[attribute_key]=attribute_value&filter[attribute_key]=attribute_value...
  • Filtering on tags: ?filter[tags]=tag_key:tag_value&filter[tags]=tag_key_2:tag_value_2

Here, attribute_key can be any of the filter keys described further below.

Query parameters of type integer support comparison operators (>, >=, <, <=). This is particularly useful when filtering by evaluation_changed_at or resource_discovery_timestamp. For example: ?filter[evaluation_changed_at]=>20123123121.

You can also use the negation operator on strings. For example, use filter[resource_type]=-aws* to filter for any non-AWS resources.

The operator must come after the equal sign. For example, to filter with the >= operator, add the operator after the equal sign: filter[evaluation_changed_at]=>=1678809373257.

Query parameters must be only among the documented ones and with values of correct types. Duplicated query parameters (e.g. filter[status]=low&filter[status]=info) are not allowed.

Response

The response includes an array of finding objects, pagination metadata, and a count of items that match the query.

Each finding object contains the following:

  • The finding ID that can be used in a GetFinding request to retrieve the full finding details.
  • Core attributes, including status, evaluation, high-level resource details, muted state, and rule details.
  • evaluation_changed_at and resource_discovery_date time stamps.
  • An array of associated tags.
This endpoint requires the security_monitoring_findings_read authorization scope.

引数

クエリ文字列

名前

種類

説明

page[limit]

integer

Limit the number of findings returned. Must be <= 1000.

snapshot_timestamp

integer

Return findings for a given snapshot of time (Unix ms).

page[cursor]

string

Return the next page of findings pointed to by the cursor.

filter[tags]

string

Return findings that have these associated tags (repeatable).

filter[evaluation_changed_at]

string

Return findings that have changed from pass to fail or vice versa on a specified date (Unix ms) or date range (using comparison operators).

filter[muted]

boolean

Set to true to return findings that are muted. Set to false to return unmuted findings.

filter[rule_id]

string

Return findings for the specified rule ID.

filter[rule_name]

string

Return findings for the specified rule.

filter[resource_type]

string

Return only findings for the specified resource type.

filter[discovery_timestamp]

string

Return findings that were found on a specified date (Unix ms) or date range (using comparison operators).

filter[evaluation]

enum

Return only pass or fail findings.
Allowed enum values: pass, fail

filter[status]

enum

Return only findings with the specified status.
Allowed enum values: critical, high, medium, low, info

応答

OK

The expected response schema when listing findings.

Expand All

フィールド

種類

説明

data [required]

[object]

Array of findings.

attributes

object

The JSON:API attributes of the finding.

evaluation

enum

The evaluation of the finding. Allowed enum values: pass,fail

evaluation_changed_at

int64

The date on which the evaluation for this finding changed (Unix ms).

mute

object

Information about the mute status of this finding.

description

string

Additional information about the reason why this finding is muted or unmuted.

expiration_date

int64

The expiration date of the mute or unmute action (Unix ms).

muted

boolean

Whether this finding is muted or unmuted.

reason

enum

The reason why this finding is muted or unmuted. Allowed enum values: PENDING_FIX,FALSE_POSITIVE,ACCEPTED_RISK,NO_PENDING_FIX,HUMAN_ERROR,NO_LONGER_ACCEPTED_RISK,OTHER

start_date

int64

The start of the mute period.

uuid

string

The ID of the user who muted or unmuted this finding.

resource

string

The resource name of this finding.

resource_discovery_date

int64

The date on which the resource was discovered (Unix ms).

resource_type

string

The resource type of this finding.

rule

object

The rule that triggered this finding.

id

string

The ID of the rule that triggered this finding.

name

string

The name of the rule that triggered this finding.

status

enum

The status of the finding. Allowed enum values: critical,high,medium,low,info

tags

[string]

The tags associated with this finding.

id

string

The unique ID for this finding.

type

enum

The JSON:API type for findings. Allowed enum values: finding

default: finding

meta [required]

object

Metadata for pagination.

page

object

Pagination and findings count information.

cursor

string

The cursor used to paginate requests.

total_filtered_count

int64

The total count of findings after the filter has been applied.

snapshot_timestamp

int64

The point in time corresponding to the listed findings.

{
  "data": [
    {
      "attributes": {
        "evaluation": "pass",
        "evaluation_changed_at": 1678721573794,
        "mute": {
          "description": "To be resolved later",
          "expiration_date": 1778721573794,
          "muted": true,
          "reason": "ACCEPTED_RISK",
          "start_date": 1678721573794,
          "uuid": "e51c9744-d158-11ec-ad23-da7ad0900002"
        },
        "resource": "my_resource_name",
        "resource_discovery_date": 1678721573794,
        "resource_type": "azure_storage_account",
        "rule": {
          "id": "dv2-jzf-41i",
          "name": "Soft delete is enabled for Azure Storage"
        },
        "status": "critical",
        "tags": [
          "cloud_provider:aws",
          "myTag:myValue"
        ]
      },
      "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
      "type": "finding"
    }
  ],
  "meta": {
    "page": {
      "cursor": "eyJhZnRlciI6IkFRQUFBWWJiaEJXQS1OY1dqUUFBQUFCQldXSmlhRUpYUVVGQlJFSktkbTlDTUdaWFRVbDNRVUUiLCJ2YWx1ZXMiOlsiY3JpdGljYWwiXX0=",
      "total_filtered_count": 213
    },
    "snapshot_timestamp": 1678721573794
  }
}

Bad Request: The server cannot process the request due to invalid syntax in the request.

API error response.

Expand All

フィールド

種類

説明

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Forbidden: Access denied

API error response.

Expand All

フィールド

種類

説明

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Not Found: The requested finding cannot be found.

API error response.

Expand All

フィールド

種類

説明

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Too many requests: The rate limit set by the API has been exceeded.

API error response.

Expand All

フィールド

種類

説明

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

コード例

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/posture_management/findings" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
List findings returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
configuration.unstable_operations["list_findings"] = True
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.list_findings()

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# List findings returns "OK" response

require "datadog_api_client"
DatadogAPIClient.configure do |config|
  config.unstable_operations["v2.list_findings".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.list_findings()

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// List findings returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	configuration.SetUnstableOperationEnabled("v2.ListFindings", true)
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.ListFindings(ctx, *datadogV2.NewListFindingsOptionalParameters())

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ListFindings`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.ListFindings`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// List findings returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.ListFindingsResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    defaultClient.setUnstableOperationEnabled("v2.listFindings", true);
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      ListFindingsResponse result = apiInstance.listFindings();
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#listFindings");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
/**
 * List findings returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
configuration.unstableOperations["v2.listFindings"] = true;
const apiInstance = new v2.SecurityMonitoringApi(configuration);

apiInstance
  .listFindings()
  .then((data: v2.ListFindingsResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

GET https://api.ap1.datadoghq.com/api/v2/posture_management/findings/{finding_id}https://api.datadoghq.eu/api/v2/posture_management/findings/{finding_id}https://api.ddog-gov.com/api/v2/posture_management/findings/{finding_id}https://api.datadoghq.com/api/v2/posture_management/findings/{finding_id}https://api.us3.datadoghq.com/api/v2/posture_management/findings/{finding_id}https://api.us5.datadoghq.com/api/v2/posture_management/findings/{finding_id}

概要

Returns a single finding with message and resource configuration. This endpoint requires the security_monitoring_findings_read authorization scope.

引数

パスパラメーター

名前

種類

説明

finding_id [required]

string

The ID of the finding.

クエリ文字列

名前

種類

説明

snapshot_timestamp

integer

Return the finding for a given snapshot of time (Unix ms).

応答

OK

The expected response schema when getting a finding.

Expand All

フィールド

種類

説明

data [required]

object

A single finding with with message and resource configuration.

attributes

object

The JSON:API attributes of the detailed finding.

evaluation

enum

The evaluation of the finding. Allowed enum values: pass,fail

evaluation_changed_at

int64

The date on which the evaluation for this finding changed (Unix ms).

message

string

The remediation message for this finding.

mute

object

Information about the mute status of this finding.

description

string

Additional information about the reason why this finding is muted or unmuted.

expiration_date

int64

The expiration date of the mute or unmute action (Unix ms).

muted

boolean

Whether this finding is muted or unmuted.

reason

enum

The reason why this finding is muted or unmuted. Allowed enum values: PENDING_FIX,FALSE_POSITIVE,ACCEPTED_RISK,NO_PENDING_FIX,HUMAN_ERROR,NO_LONGER_ACCEPTED_RISK,OTHER

start_date

int64

The start of the mute period.

uuid

string

The ID of the user who muted or unmuted this finding.

resource

string

The resource name of this finding.

resource_configuration

object

The resource configuration for this finding.

resource_discovery_date

int64

The date on which the resource was discovered (Unix ms).

resource_type

string

The resource type of this finding.

rule

object

The rule that triggered this finding.

id

string

The ID of the rule that triggered this finding.

name

string

The name of the rule that triggered this finding.

status

enum

The status of the finding. Allowed enum values: critical,high,medium,low,info

tags

[string]

The tags associated with this finding.

id

string

The unique ID for this finding.

type

enum

The JSON:API type for findings that have the message and resource configuration. Allowed enum values: detailed_finding

default: detailed_finding

{
  "data": {
    "attributes": {
      "evaluation": "pass",
      "evaluation_changed_at": 1678721573794,
      "message": "## Remediation\n\n### From the console\n\n1. Go to Storage Account\n2. For each Storage Account, navigate to Data Protection\n3. Select Set soft delete enabled and enter the number of days to retain soft deleted data.",
      "mute": {
        "description": "To be resolved later",
        "expiration_date": 1778721573794,
        "muted": true,
        "reason": "ACCEPTED_RISK",
        "start_date": 1678721573794,
        "uuid": "e51c9744-d158-11ec-ad23-da7ad0900002"
      },
      "resource": "my_resource_name",
      "resource_configuration": {},
      "resource_discovery_date": 1678721573794,
      "resource_type": "azure_storage_account",
      "rule": {
        "id": "dv2-jzf-41i",
        "name": "Soft delete is enabled for Azure Storage"
      },
      "status": "critical",
      "tags": [
        "cloud_provider:aws",
        "myTag:myValue"
      ]
    },
    "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
    "type": "detailed_finding"
  }
}

Bad Request: The server cannot process the request due to invalid syntax in the request.

API error response.

Expand All

フィールド

種類

説明

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Forbidden: Access denied

API error response.

Expand All

フィールド

種類

説明

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Not Found: The requested finding cannot be found.

API error response.

Expand All

フィールド

種類

説明

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Too many requests: The rate limit set by the API has been exceeded.

API error response.

Expand All

フィールド

種類

説明

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

コード例

                  # Path parameters
export finding_id="CHANGE_ME"
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/posture_management/findings/${finding_id}" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
Get a finding returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
configuration.unstable_operations["get_finding"] = True
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_finding(
        finding_id="AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz",
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Get a finding returns "OK" response

require "datadog_api_client"
DatadogAPIClient.configure do |config|
  config.unstable_operations["v2.get_finding".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.get_finding("AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz")

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Get a finding returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	configuration.SetUnstableOperationEnabled("v2.GetFinding", true)
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetFinding(ctx, "AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz", *datadogV2.NewGetFindingOptionalParameters())

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetFinding`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetFinding`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Get a finding returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.GetFindingResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    defaultClient.setUnstableOperationEnabled("v2.getFinding", true);
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      GetFindingResponse result =
          apiInstance.getFinding(
              "AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz");
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#getFinding");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
/**
 * Get a finding returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
configuration.unstableOperations["v2.getFinding"] = true;
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiGetFindingRequest = {
  findingId:
    "AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz",
};

apiInstance
  .getFinding(params)
  .then((data: v2.GetFindingResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

PATCH https://api.ap1.datadoghq.com/api/v2/posture_management/findingshttps://api.datadoghq.eu/api/v2/posture_management/findingshttps://api.ddog-gov.com/api/v2/posture_management/findingshttps://api.datadoghq.com/api/v2/posture_management/findingshttps://api.us3.datadoghq.com/api/v2/posture_management/findingshttps://api.us5.datadoghq.com/api/v2/posture_management/findings

概要

Mute or unmute findings.

リクエスト

Body Data (required)

Attributes

All findings are updated with the same attributes. The request body must include at least two attributes: muted and reason. The allowed reasons depend on whether the finding is being muted or unmuted:

  • To mute a finding: PENDING_FIX, FALSE_POSITIVE, ACCEPTED_RISK, OTHER.
  • To unmute a finding : NO_PENDING_FIX, HUMAN_ERROR, NO_LONGER_ACCEPTED_RISK, OTHER.

Meta

The request body must include a list of the finding IDs to be updated.

Expand All

フィールド

種類

説明

data [required]

object

Data object containing the new bulk mute properties of the finding.

attributes [required]

object

The mute properties to be updated.

mute [required]

object

Object containing the new mute properties of the findings.

description

string

Additional information about the reason why those findings are muted or unmuted. This field has a maximum limit of 280 characters.

expiration_date

int64

The expiration date of the mute or unmute action (Unix ms). It must be set to a value greater than the current timestamp. If this field is not provided, the finding will be muted or unmuted indefinitely, which is equivalent to setting the expiration date to 9999999999999.

muted [required]

boolean

Whether those findings should be muted or unmuted.

reason [required]

enum

The reason why this finding is muted or unmuted. Allowed enum values: PENDING_FIX,FALSE_POSITIVE,ACCEPTED_RISK,NO_PENDING_FIX,HUMAN_ERROR,NO_LONGER_ACCEPTED_RISK,OTHER

id [required]

string

UUID to identify the request

meta [required]

object

Meta object containing the findings to be updated.

findings

[object]

Array of findings.

finding_id

string

The unique ID for this finding.

type [required]

enum

The JSON:API type for findings. Allowed enum values: finding

default: finding

{
  "data": {
    "attributes": {
      "mute": {
        "expiration_date": 1778721573794,
        "muted": true,
        "reason": "ACCEPTED_RISK"
      }
    },
    "id": "dbe5f567-192b-4404-b908-29b70e1c9f76",
    "meta": {
      "findings": [
        {
          "finding_id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw=="
        }
      ]
    },
    "type": "finding"
  }
}

応答

OK

The expected response schema.

Expand All

フィールド

種類

説明

data [required]

object

Data object containing the ID of the request that was updated.

id

string

UUID used to identify the request

type

enum

The JSON:API type for findings. Allowed enum values: finding

default: finding

{
  "data": {
    "id": "93bfeb70-af47-424d-908a-948d3f08e37f",
    "type": "finding"
  }
}

Bad Request: The server cannot process the request due to invalid syntax in the request.

API error response.

Expand All

フィールド

種類

説明

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Forbidden: Access denied

API error response.

Expand All

フィールド

種類

説明

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Not Found: The requested finding cannot be found.

API error response.

Expand All

フィールド

種類

説明

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Invalid Request: The server understands the request syntax but cannot process it due to invalid data.

API error response.

Expand All

フィールド

種類

説明

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Too many requests: The rate limit set by the API has been exceeded.

API error response.

Expand All

フィールド

種類

説明

errors [required]

[object]

A list of errors.

detail

string

A human-readable explanation specific to this occurrence of the error.

status

string

Status code of the response.

title

string

Short human-readable summary of the error.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

コード例

                          # Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/posture_management/findings" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "mute": { "expiration_date": 1778721573794, "muted": true, "reason": "ACCEPTED_RISK" } }, "id": "dbe5f567-192b-4404-b908-29b70e1c9f76", "meta": { "findings": [ { "finding_id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==" } ] }, "type": "finding" } } EOF
// Mute or unmute a batch of findings returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.BulkMuteFindingsRequest{
		Data: datadogV2.BulkMuteFindingsRequestData{
			Attributes: datadogV2.BulkMuteFindingsRequestAttributes{
				Mute: datadogV2.BulkMuteFindingsRequestProperties{
					ExpirationDate: datadog.PtrInt64(1778721573794),
					Muted:          true,
					Reason:         datadogV2.FINDINGMUTEREASON_ACCEPTED_RISK,
				},
			},
			Id: "dbe5f567-192b-4404-b908-29b70e1c9f76",
			Meta: datadogV2.BulkMuteFindingsRequestMeta{
				Findings: []datadogV2.BulkMuteFindingsRequestMetaFindings{
					{
						FindingId: datadog.PtrString("ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw=="),
					},
				},
			},
			Type: datadogV2.FINDINGTYPE_FINDING,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	configuration.SetUnstableOperationEnabled("v2.MuteFindings", true)
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.MuteFindings(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.MuteFindings`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.MuteFindings`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Mute or unmute a batch of findings returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequest;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestAttributes;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestData;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestMeta;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestMetaFindings;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestProperties;
import com.datadog.api.client.v2.model.BulkMuteFindingsResponse;
import com.datadog.api.client.v2.model.FindingMuteReason;
import com.datadog.api.client.v2.model.FindingType;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    defaultClient.setUnstableOperationEnabled("v2.muteFindings", true);
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    BulkMuteFindingsRequest body =
        new BulkMuteFindingsRequest()
            .data(
                new BulkMuteFindingsRequestData()
                    .attributes(
                        new BulkMuteFindingsRequestAttributes()
                            .mute(
                                new BulkMuteFindingsRequestProperties()
                                    .expirationDate(1778721573794L)
                                    .muted(true)
                                    .reason(FindingMuteReason.ACCEPTED_RISK)))
                    .id("dbe5f567-192b-4404-b908-29b70e1c9f76")
                    .meta(
                        new BulkMuteFindingsRequestMeta()
                            .findings(
                                Collections.singletonList(
                                    new BulkMuteFindingsRequestMetaFindings()
                                        .findingId(
                                            "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw=="))))
                    .type(FindingType.FINDING));

    try {
      BulkMuteFindingsResponse result = apiInstance.muteFindings(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#muteFindings");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
"""
Mute or unmute a batch of findings returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.bulk_mute_findings_request import BulkMuteFindingsRequest
from datadog_api_client.v2.model.bulk_mute_findings_request_attributes import BulkMuteFindingsRequestAttributes
from datadog_api_client.v2.model.bulk_mute_findings_request_data import BulkMuteFindingsRequestData
from datadog_api_client.v2.model.bulk_mute_findings_request_meta import BulkMuteFindingsRequestMeta
from datadog_api_client.v2.model.bulk_mute_findings_request_meta_findings import BulkMuteFindingsRequestMetaFindings
from datadog_api_client.v2.model.bulk_mute_findings_request_properties import BulkMuteFindingsRequestProperties
from datadog_api_client.v2.model.finding_mute_reason import FindingMuteReason
from datadog_api_client.v2.model.finding_type import FindingType

body = BulkMuteFindingsRequest(
    data=BulkMuteFindingsRequestData(
        attributes=BulkMuteFindingsRequestAttributes(
            mute=BulkMuteFindingsRequestProperties(
                expiration_date=1778721573794,
                muted=True,
                reason=FindingMuteReason.ACCEPTED_RISK,
            ),
        ),
        id="dbe5f567-192b-4404-b908-29b70e1c9f76",
        meta=BulkMuteFindingsRequestMeta(
            findings=[
                BulkMuteFindingsRequestMetaFindings(
                    finding_id="ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
                ),
            ],
        ),
        type=FindingType.FINDING,
    ),
)

configuration = Configuration()
configuration.unstable_operations["mute_findings"] = True
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.mute_findings(body=body)

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Mute or unmute a batch of findings returns "OK" response

require "datadog_api_client"
DatadogAPIClient.configure do |config|
  config.unstable_operations["v2.mute_findings".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::BulkMuteFindingsRequest.new({
  data: DatadogAPIClient::V2::BulkMuteFindingsRequestData.new({
    attributes: DatadogAPIClient::V2::BulkMuteFindingsRequestAttributes.new({
      mute: DatadogAPIClient::V2::BulkMuteFindingsRequestProperties.new({
        expiration_date: 1778721573794,
        muted: true,
        reason: DatadogAPIClient::V2::FindingMuteReason::ACCEPTED_RISK,
      }),
    }),
    id: "dbe5f567-192b-4404-b908-29b70e1c9f76",
    meta: DatadogAPIClient::V2::BulkMuteFindingsRequestMeta.new({
      findings: [
        DatadogAPIClient::V2::BulkMuteFindingsRequestMetaFindings.new({
          finding_id: "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
        }),
      ],
    }),
    type: DatadogAPIClient::V2::FindingType::FINDING,
  }),
})
p api_instance.mute_findings(body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
/**
 * Mute or unmute a batch of findings returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
configuration.unstableOperations["v2.muteFindings"] = true;
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiMuteFindingsRequest = {
  body: {
    data: {
      attributes: {
        mute: {
          expirationDate: 1778721573794,
          muted: true,
          reason: "ACCEPTED_RISK",
        },
      },
      id: "dbe5f567-192b-4404-b908-29b70e1c9f76",
      meta: {
        findings: [
          {
            findingId: "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
          },
        ],
      },
      type: "finding",
    },
  },
};

apiInstance
  .muteFindings(params)
  .then((data: v2.BulkMuteFindingsResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

PATCH https://api.ap1.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/add_to_incidenthttps://api.datadoghq.eu/api/v1/security_analytics/signals/{signal_id}/add_to_incidenthttps://api.ddog-gov.com/api/v1/security_analytics/signals/{signal_id}/add_to_incidenthttps://api.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/add_to_incidenthttps://api.us3.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/add_to_incidenthttps://api.us5.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/add_to_incident

概要

インシデントにセキュリティシグナルを追加します。これにより、シグナルエクスプローラー内でインシデント別にシグナルを検索したり、インシデントタイムライン上でシグナルを表示したりすることが可能になります。

引数

パスパラメーター

名前

種類

説明

signal_id [required]

string

The ID of the signal.

リクエスト

Body Data (required)

シグナルの更新を記述する属性。

Expand All

フィールド

種類

説明

add_to_signal_timeline

boolean

Whether to post the signal on the incident timeline.

incident_id [required]

int64

Public ID attribute of the incident to which the signal will be added.

version

int64

Version of the updated signal. If server side version is higher, update will be rejected.

{
  "incident_id": 2609
}

応答

OK

Updated signal data following a successfully performed update.

Expand All

フィールド

種類

説明

status

string

Status of the response.

{
  "status": "string"
}

Bad Request

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Forbidden

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

コード例

                          # Path parameters
export signal_id="CHANGE_ME"
# Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v1/security_analytics/signals/${signal_id}/add_to_incident" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "incident_id": 2609 } EOF
// Add a security signal to an incident returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV1"
)

func main() {
	body := datadogV1.AddSignalToIncidentRequest{
		IncidentId: 2609,
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV1.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.AddSecurityMonitoringSignalToIncident(ctx, "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.AddSecurityMonitoringSignalToIncident`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.AddSecurityMonitoringSignalToIncident`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Add a security signal to an incident returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v1.api.SecurityMonitoringApi;
import com.datadog.api.client.v1.model.AddSignalToIncidentRequest;
import com.datadog.api.client.v1.model.SuccessfulSignalUpdateResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    AddSignalToIncidentRequest body = new AddSignalToIncidentRequest().incidentId(2609L);

    try {
      SuccessfulSignalUpdateResponse result =
          apiInstance.addSecurityMonitoringSignalToIncident(
              "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#addSecurityMonitoringSignalToIncident");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
"""
Add a security signal to an incident returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v1.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v1.model.add_signal_to_incident_request import AddSignalToIncidentRequest

body = AddSignalToIncidentRequest(
    incident_id=2609,
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.add_security_monitoring_signal_to_incident(
        signal_id="AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body=body
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Add a security signal to an incident returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V1::SecurityMonitoringAPI.new

body = DatadogAPIClient::V1::AddSignalToIncidentRequest.new({
  incident_id: 2609,
})
p api_instance.add_security_monitoring_signal_to_incident("AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
/**
 * Add a security signal to an incident returns "OK" response
 */

import { client, v1 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v1.SecurityMonitoringApi(configuration);

const params: v1.SecurityMonitoringApiAddSecurityMonitoringSignalToIncidentRequest =
  {
    body: {
      incidentId: 2609,
    },
    signalId: "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE",
  };

apiInstance
  .addSecurityMonitoringSignalToIncident(params)
  .then((data: v1.SuccessfulSignalUpdateResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

PATCH https://api.ap1.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/statehttps://api.datadoghq.eu/api/v1/security_analytics/signals/{signal_id}/statehttps://api.ddog-gov.com/api/v1/security_analytics/signals/{signal_id}/statehttps://api.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/statehttps://api.us3.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/statehttps://api.us5.datadoghq.com/api/v1/security_analytics/signals/{signal_id}/state

概要

セキュリティシグナルのトリアージ状態を変更します。

引数

パスパラメーター

名前

種類

説明

signal_id [required]

string

The ID of the signal.

リクエスト

Body Data (required)

シグナルの更新を記述する属性。

Expand All

フィールド

種類

説明

archiveComment

string

Optional comment to explain why a signal is being archived.

archiveReason

enum

Reason why a signal has been archived. Allowed enum values: none,false_positive,testing_or_maintenance,investigated_case_opened,other

state [required]

enum

The new triage state of the signal. Allowed enum values: open,archived,under_review

version

int64

Version of the updated signal. If server side version is higher, update will be rejected.

{
  "archiveReason": "none",
  "state": "open"
}

応答

OK

Updated signal data following a successfully performed update.

Expand All

フィールド

種類

説明

status

string

Status of the response.

{
  "status": "string"
}

Bad Request

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Forbidden

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

Error response object.

Expand All

フィールド

種類

説明

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

コード例

                          # Path parameters
export signal_id="CHANGE_ME"
# Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v1/security_analytics/signals/${signal_id}/state" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "archiveReason": "none", "state": "open" } EOF
// Change the triage state of a security signal returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV1"
)

func main() {
	body := datadogV1.SignalStateUpdateRequest{
		ArchiveReason: datadogV1.SIGNALARCHIVEREASON_NONE.Ptr(),
		State:         datadogV1.SIGNALTRIAGESTATE_OPEN,
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV1.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.EditSecurityMonitoringSignalState(ctx, "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.EditSecurityMonitoringSignalState`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.EditSecurityMonitoringSignalState`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Change the triage state of a security signal returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v1.api.SecurityMonitoringApi;
import com.datadog.api.client.v1.model.SignalArchiveReason;
import com.datadog.api.client.v1.model.SignalStateUpdateRequest;
import com.datadog.api.client.v1.model.SignalTriageState;
import com.datadog.api.client.v1.model.SuccessfulSignalUpdateResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SignalStateUpdateRequest body =
        new SignalStateUpdateRequest()
            .archiveReason(SignalArchiveReason.NONE)
            .state(SignalTriageState.OPEN);

    try {
      SuccessfulSignalUpdateResponse result =
          apiInstance.editSecurityMonitoringSignalState(
              "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#editSecurityMonitoringSignalState");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
"""
Change the triage state of a security signal returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v1.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v1.model.signal_archive_reason import SignalArchiveReason
from datadog_api_client.v1.model.signal_state_update_request import SignalStateUpdateRequest
from datadog_api_client.v1.model.signal_triage_state import SignalTriageState

body = SignalStateUpdateRequest(
    archive_reason=SignalArchiveReason.NONE,
    state=SignalTriageState.OPEN,
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.edit_security_monitoring_signal_state(
        signal_id="AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body=body
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Change the triage state of a security signal returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V1::SecurityMonitoringAPI.new

body = DatadogAPIClient::V1::SignalStateUpdateRequest.new({
  archive_reason: DatadogAPIClient::V1::SignalArchiveReason::NONE,
  state: DatadogAPIClient::V1::SignalTriageState::OPEN,
})
p api_instance.edit_security_monitoring_signal_state("AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE", body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
/**
 * Change the triage state of a security signal returns "OK" response
 */

import { client, v1 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v1.SecurityMonitoringApi(configuration);

const params: v1.SecurityMonitoringApiEditSecurityMonitoringSignalStateRequest =
  {
    body: {
      archiveReason: "none",
      state: "open",
    },
    signalId: "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE",
  };

apiInstance
  .editSecurityMonitoringSignalState(params)
  .then((data: v1.SuccessfulSignalUpdateResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

PATCH https://api.ap1.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/statehttps://api.datadoghq.eu/api/v2/security_monitoring/signals/{signal_id}/statehttps://api.ddog-gov.com/api/v2/security_monitoring/signals/{signal_id}/statehttps://api.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/statehttps://api.us3.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/statehttps://api.us5.datadoghq.com/api/v2/security_monitoring/signals/{signal_id}/state

概要

セキュリティシグナルのトリアージ状態を変更します。

引数

パスパラメーター

名前

種類

説明

signal_id [required]

string

The ID of the signal.

リクエスト

Body Data (required)

シグナルの更新を記述する属性。

Expand All

フィールド

種類

説明

data [required]

object

Data containing the patch for changing the state of a signal.

attributes [required]

object

Attributes describing the change of state of a security signal.

archive_comment

string

Optional comment to display on archived signals.

archive_reason

enum

Reason a signal is archived. Allowed enum values: none,false_positive,testing_or_maintenance,investigated_case_opened,other

state [required]

enum

The new triage state of the signal. Allowed enum values: open,archived,under_review

version

int64

Version of the updated signal. If server side version is higher, update will be rejected.

id

The unique ID of the security signal.

type

enum

The type of event. Allowed enum values: signal_metadata

default: signal_metadata

{
  "data": {
    "attributes": {
      "archive_reason": "none",
      "state": "open"
    }
  }
}

応答

OK

The response returned after all triage operations, containing the updated signal triage data.

Expand All

フィールド

種類

説明

data [required]

object

Data containing the updated triage attributes of the signal.

attributes

object

Attributes describing a triage state update operation over a security signal.

archive_comment

string

Optional comment to display on archived signals.

archive_comment_timestamp

int64

Timestamp of the last edit to the comment.

archive_comment_user

object

Object representing a given user entity.

handle

string

The handle for this user account.

icon

string

Gravatar icon associated to the user.

id

int64

Numerical ID assigned by Datadog to this user account.

name

string

The name for this user account.

uuid [required]

string

UUID assigned by Datadog to this user account.

archive_reason

enum

Reason a signal is archived. Allowed enum values: none,false_positive,testing_or_maintenance,investigated_case_opened,other

assignee [required]

object

Object representing a given user entity.

handle

string

The handle for this user account.

icon

string

Gravatar icon associated to the user.

id

int64

Numerical ID assigned by Datadog to this user account.

name

string

The name for this user account.

uuid [required]

string

UUID assigned by Datadog to this user account.

incident_ids [required]

[integer]

Array of incidents that are associated with this signal.

state [required]

enum

The new triage state of the signal. Allowed enum values: open,archived,under_review

state_update_timestamp

int64

Timestamp of the last update to the signal state.

state_update_user

object

Object representing a given user entity.

handle

string

The handle for this user account.

icon

string

Gravatar icon associated to the user.

id

int64

Numerical ID assigned by Datadog to this user account.

name

string

The name for this user account.

uuid [required]

string

UUID assigned by Datadog to this user account.

id

string

The unique ID of the security signal.

type

enum

The type of event. Allowed enum values: signal_metadata

default: signal_metadata

{
  "data": {
    "attributes": {
      "archive_comment": "string",
      "archive_comment_timestamp": "integer",
      "archive_comment_user": {
        "handle": "string",
        "icon": "/path/to/matching/gravatar/icon",
        "id": "integer",
        "name": "string",
        "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
      },
      "archive_reason": "string",
      "assignee": {
        "handle": "string",
        "icon": "/path/to/matching/gravatar/icon",
        "id": "integer",
        "name": "string",
        "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
      },
      "incident_ids": [],
      "state": "open",
      "state_update_timestamp": "integer",
      "state_update_user": {
        "handle": "string",
        "icon": "/path/to/matching/gravatar/icon",
        "id": "integer",
        "name": "string",
        "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"
      }
    },
    "id": "string",
    "type": "signal_metadata"
  }
}

Bad Request

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Forbidden

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

フィールド

種類

説明

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

コード例

                          # Path parameters
export signal_id="CHANGE_ME"
# Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/signals/${signal_id}/state" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "archive_reason": "none", "state": "open" } } } EOF
// Change the triage state of a security signal returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityMonitoringSignalStateUpdateRequest{
		Data: datadogV2.SecurityMonitoringSignalStateUpdateData{
			Attributes: datadogV2.SecurityMonitoringSignalStateUpdateAttributes{
				ArchiveReason: datadogV2.SECURITYMONITORINGSIGNALARCHIVEREASON_NONE.Ptr(),
				State:         datadogV2.SECURITYMONITORINGSIGNALSTATE_OPEN,
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.EditSecurityMonitoringSignalState(ctx, "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.EditSecurityMonitoringSignalState`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.EditSecurityMonitoringSignalState`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Change the triage state of a security signal returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalArchiveReason;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalState;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalStateUpdateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalStateUpdateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalStateUpdateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringSignalTriageUpdateResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringSignalStateUpdateRequest body =
        new SecurityMonitoringSignalStateUpdateRequest()
            .data(
                new SecurityMonitoringSignalStateUpdateData()
                    .attributes(
                        new SecurityMonitoringSignalStateUpdateAttributes()
                            .archiveReason(SecurityMonitoringSignalArchiveReason.NONE)
                            .state(SecurityMonitoringSignalState.OPEN)));

    try {
      SecurityMonitoringSignalTriageUpdateResponse result =
          apiInstance.editSecurityMonitoringSignalState(
              "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#editSecurityMonitoringSignalState");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
"""
Change the triage state of a security signal returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_signal_archive_reason import SecurityMonitoringSignalArchiveReason
from datadog_api_client.v2.model.security_monitoring_signal_state import SecurityMonitoringSignalState
from datadog_api_client.v2.model.security_monitoring_signal_state_update_attributes import (
    SecurityMonitoringSignalStateUpdateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_signal_state_update_data import (
    SecurityMonitoringSignalStateUpdateData,
)
from datadog_api_client.v2.model.security_monitoring_signal_state_update_request import (
    SecurityMonitoringSignalStateUpdateRequest,
)

body = SecurityMonitoringSignalStateUpdateRequest(
    data=SecurityMonitoringSignalStateUpdateData(
        attributes=SecurityMonitoringSignalStateUpdateAttributes(
            archive_reason=SecurityMonitoringSignalArchiveReason.NONE,
            state=SecurityMonitoringSignalState.OPEN,
        ),
    ),
)

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.edit_security_monitoring_signal_state(
        signal_id="AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body=body
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Change the triage state of a security signal returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringSignalStateUpdateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringSignalStateUpdateData.new({
    attributes: DatadogAPIClient::V2::SecurityMonitoringSignalStateUpdateAttributes.new({
      archive_reason: DatadogAPIClient::V2::SecurityMonitoringSignalArchiveReason::NONE,
      state: DatadogAPIClient::V2::SecurityMonitoringSignalState::OPEN,
    }),
  }),
})
p api_instance.edit_security_monitoring_signal_state("AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
/**
 * Change the triage state of a security signal returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiEditSecurityMonitoringSignalStateRequest =
  {
    body: {
      data: {
        attributes: {
          archiveReason: "none",
          state: "open",
        },
      },
    },
    signalId: "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE",
  };

apiInstance
  .editSecurityMonitoringSignalState(params)
  .then((data: v2.SecurityMonitoringSignalTriageUpdateResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/ruleshttps://api.datadoghq.eu/api/v2/security_monitoring/ruleshttps://api.ddog-gov.com/api/v2/security_monitoring/ruleshttps://api.datadoghq.com/api/v2/security_monitoring/ruleshttps://api.us3.datadoghq.com/api/v2/security_monitoring/ruleshttps://api.us5.datadoghq.com/api/v2/security_monitoring/rules

概要

Create a detection rule. This endpoint requires the security_monitoring_rules_write authorization scope.

リクエスト

Body Data (required)

Expand All

フィールド

種類

説明

Option 1

object

Create a new rule.

cases [required]

[object]

Cases for generating signals.

condition

string

A rule case contains logical operations (>,>=, &&, ||) to determine if a signal should be generated based on the event counts in the previously defined queries.

name

string

Name of the case.

notifications

[string]

Notification targets for each rule case.

status [required]

enum

Severity of the Security Signal. Allowed enum values: info,low,medium,high,critical

filters

[object]

Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules.

action

enum

The type of filtering action. Allowed enum values: require,suppress

query

string

Query for selecting logs to apply the filtering action.

hasExtendedTitle

boolean

Whether the notifications include the triggering group-by values in their title.

isEnabled [required]

boolean

Whether the rule is enabled.

message [required]

string

Message for generated signals.

name [required]

string

The name of the rule.

options [required]

object

Options on rules.

complianceRuleOptions

object

Options for cloud_configuration rules. Fields resourceType and regoRule are mandatory when managing custom cloud_configuration rules.

complexRule

boolean

Whether the rule is a complex one. Must be set to true if regoRule.resourceTypes contains more than one item. Defaults to false.

regoRule

object

Rule details.

policy [required]

string

resourceTypes [required]

[string]

List of resource types that will be evaluated upon. Must have at least one element.

resourceType

string

Main resource type to be checked by the rule. It should be specified again in regoRule.resourceTypes.

decreaseCriticalityBasedOnEnv

boolean

If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce signal noise. The severity is decreased by one level: CRITICAL in production becomes HIGH in non-production, HIGH becomes MEDIUM and so on. INFO remains INFO. The decrement is applied when the environment tag of the signal starts with staging, test or dev.

detectionMethod

enum

The detection method. Allowed enum values: threshold,new_value,anomaly_detection,impossible_travel,hardcoded,third_party

evaluationWindow

enum

A time window is specified to match when at least one of the cases matches true. This is a sliding window and evaluates in real time. Allowed enum values: 0,60,300,600,900,1800,3600,7200

hardcodedEvaluatorType

enum

Hardcoded evaluator type. Allowed enum values: log4shell

impossibleTravelOptions

object

Options on impossible travel rules.

baselineUserLocations

boolean

If true, signals are suppressed for the first 24 hours. In that time, Datadog learns the user's regular access locations. This can be helpful to reduce noise and infer VPN usage or credentialed API access.

keepAlive

enum

Once a signal is generated, the signal will remain “open” if a case is matched at least once within this keep alive window. Allowed enum values: 0,60,300,600,900,1800,3600,7200,10800,21600

maxSignalDuration

enum

A signal will “close” regardless of the query being matched once the time exceeds the maximum duration. This time is calculated from the first seen timestamp. Allowed enum values: 0,60,300,600,900,