- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Cloud Security Management Threats (CSM Threats) monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. See Cloud Security Management Threats for more information on setting up CSM Threats.
GET https://api.ap1.datadoghq.com/api/v2/security/cloud_workload/policy/downloadhttps://api.datadoghq.eu/api/v2/security/cloud_workload/policy/downloadhttps://api.ddog-gov.com/api/v2/security/cloud_workload/policy/downloadhttps://api.datadoghq.com/api/v2/security/cloud_workload/policy/downloadhttps://api.us3.datadoghq.com/api/v2/security/cloud_workload/policy/downloadhttps://api.us5.datadoghq.com/api/v2/security/cloud_workload/policy/download
The download endpoint generates a Cloud Workload Security policy file from your currently active
Cloud Workload Security rules, and downloads them as a .policy file. This file can then be deployed to
your Agents to update the policy running in your environment.
This endpoint requires the security_monitoring_cws_agent_rules_read
permission.
OK
{}
Not Authorized
API error response.
{
"errors": [
"Bad Request"
]
}
Too many requests
API error response.
{
"errors": [
"Bad Request"
]
}
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/cloud_workload/policy/download" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
Get the latest Cloud Workload Security policy returns "OK" response
"""
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.csm_threats_api import CSMThreatsApi
configuration = Configuration()
with ApiClient(configuration) as api_client:
api_instance = CSMThreatsApi(api_client)
response = api_instance.download_cloud_workload_policy_file()
print(response.read())
First install the library and its dependencies and then save the example to example.py
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Get the latest Cloud Workload Security policy returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient::V2::CSMThreatsAPI.new
p api_instance.download_cloud_workload_policy_file()
First install the library and its dependencies and then save the example to example.rb
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
// Get the latest Cloud Workload Security policy returns "OK" response
package main
import (
"context"
"fmt"
"io/ioutil"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main() {
ctx := datadog.NewDefaultContext(context.Background())
configuration := datadog.NewConfiguration()
apiClient := datadog.NewAPIClient(configuration)
api := datadogV2.NewCSMThreatsApi(apiClient)
resp, r, err := api.DownloadCloudWorkloadPolicyFile(ctx)
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `CSMThreatsApi.DownloadCloudWorkloadPolicyFile`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
responseContent, _ := ioutil.ReadAll(resp)
fmt.Fprintf(os.Stdout, "Response from `CSMThreatsApi.DownloadCloudWorkloadPolicyFile`:\n%s\n", responseContent)
}
First install the library and its dependencies and then save the example to main.go
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Get the latest Cloud Workload Security policy returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.CsmThreatsApi;
import java.io.File;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
CsmThreatsApi apiInstance = new CsmThreatsApi(defaultClient);
try {
File result = apiInstance.downloadCloudWorkloadPolicyFile();
System.out.println(result);
} catch (ApiException e) {
System.err.println("Exception when calling CsmThreatsApi#downloadCloudWorkloadPolicyFile");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
First install the library and its dependencies and then save the example to Example.java
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
// Get the latest Cloud Workload Security policy returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;
#[tokio::main]
async fn main() {
let configuration = datadog::Configuration::new();
let api = CSMThreatsAPI::with_config(configuration);
let resp = api.download_cloud_workload_policy_file().await;
if let Ok(value) = resp {
println!("{:#?}", value);
} else {
println!("{:#?}", resp.unwrap_err());
}
}
First install the library and its dependencies and then save the example to src/main.rs
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run
/**
* Get the latest Cloud Workload Security policy returns "OK" response
*/
import { client, v2 } from "@datadog/datadog-api-client";
const configuration = client.createConfiguration();
const apiInstance = new v2.CSMThreatsApi(configuration);
apiInstance
.downloadCloudWorkloadPolicyFile()
.then((data: client.HttpFile) => {
console.log(
"API called successfully. Returned data: " + JSON.stringify(data)
);
})
.catch((error: any) => console.error(error));
First install the library and its dependencies and then save the example to example.ts
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"
GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/policy/downloadhttps://api.datadoghq.eu/api/v2/remote_config/products/cws/policy/downloadhttps://api.ddog-gov.com/api/v2/remote_config/products/cws/policy/downloadhttps://api.datadoghq.com/api/v2/remote_config/products/cws/policy/downloadhttps://api.us3.datadoghq.com/api/v2/remote_config/products/cws/policy/downloadhttps://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy/download
The download endpoint generates a CSM Threats policy file from your currently active
CSM Threats rules, and downloads them as a .policy
file. This file can then be deployed to
your Agents to update the policy running in your environment.
OK
{}
Not Authorized
API error response.
{
"errors": [
"Bad Request"
]
}
Too many requests
API error response.
{
"errors": [
"Bad Request"
]
}
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy/download" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
Get the latest CSM Threats policy returns "OK" response
"""
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.csm_threats_api import CSMThreatsApi
configuration = Configuration()
with ApiClient(configuration) as api_client:
api_instance = CSMThreatsApi(api_client)
response = api_instance.download_csm_threats_policy()
print(response.read())
First install the library and its dependencies and then save the example to example.py
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Get the latest CSM Threats policy returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient::V2::CSMThreatsAPI.new
p api_instance.download_csm_threats_policy()
First install the library and its dependencies and then save the example to example.rb
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
// Get the latest CSM Threats policy returns "OK" response
package main
import (
"context"
"fmt"
"io/ioutil"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main() {
ctx := datadog.NewDefaultContext(context.Background())
configuration := datadog.NewConfiguration()
apiClient := datadog.NewAPIClient(configuration)
api := datadogV2.NewCSMThreatsApi(apiClient)
resp, r, err := api.DownloadCSMThreatsPolicy(ctx)
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `CSMThreatsApi.DownloadCSMThreatsPolicy`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
responseContent, _ := ioutil.ReadAll(resp)
fmt.Fprintf(os.Stdout, "Response from `CSMThreatsApi.DownloadCSMThreatsPolicy`:\n%s\n", responseContent)
}
First install the library and its dependencies and then save the example to main.go
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Get the latest CSM Threats policy returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.CsmThreatsApi;
import java.io.File;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
CsmThreatsApi apiInstance = new CsmThreatsApi(defaultClient);
try {
File result = apiInstance.downloadCSMThreatsPolicy();
System.out.println(result);
} catch (ApiException e) {
System.err.println("Exception when calling CsmThreatsApi#downloadCSMThreatsPolicy");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
First install the library and its dependencies and then save the example to Example.java
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
// Get the latest CSM Threats policy returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;
#[tokio::main]
async fn main() {
let configuration = datadog::Configuration::new();
let api = CSMThreatsAPI::with_config(configuration);
let resp = api.download_csm_threats_policy().await;
if let Ok(value) = resp {
println!("{:#?}", value);
} else {
println!("{:#?}", resp.unwrap_err());
}
}
First install the library and its dependencies and then save the example to src/main.rs
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run
/**
* Get the latest CSM Threats policy returns "OK" response
*/
import { client, v2 } from "@datadog/datadog-api-client";
const configuration = client.createConfiguration();
const apiInstance = new v2.CSMThreatsApi(configuration);
apiInstance
.downloadCSMThreatsPolicy()
.then((data: client.HttpFile) => {
console.log(
"API called successfully. Returned data: " + JSON.stringify(data)
);
})
.catch((error: any) => console.error(error));
First install the library and its dependencies and then save the example to example.ts
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"
GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}
Get the details of a specific Agent rule.
This endpoint requires the security_monitoring_cws_agent_rules_read
permission.
이름
유형
설명
agent_rule_id [required]
string
The ID of the Agent rule.
OK
Response object that includes an Agent rule.
항목
유형
설명
data
object
Object for a single Agent rule.
attributes
object
A Cloud Workload Security Agent rule returned by the API.
actions
[object]
The array of actions the rule can perform if triggered.
filter
string
SECL expression used to target the container to apply the action on
kill
object
Kill system call applied on the container matching the rule
signal
string
Supported signals for the kill system call.
agentConstraint
string
The version of the agent.
category
string
The category of the Agent rule.
creationAuthorUuId
string
The ID of the user who created the rule.
creationDate
int64
When the Agent rule was created, timestamp in milliseconds.
creator
object
The attributes of the user who created the Agent rule.
handle
string
The handle of the user.
name
string
The name of the user.
defaultRule
boolean
Whether the rule is included by default.
description
string
The description of the Agent rule.
enabled
boolean
Whether the Agent rule is enabled.
expression
string
The SECL expression of the Agent rule.
filters
[string]
The platforms the Agent rule is supported on.
name
string
The name of the Agent rule.
updateAuthorUuId
string
The ID of the user who updated the rule.
updateDate
int64
Timestamp in milliseconds when the Agent rule was last updated.
updatedAt
int64
When the Agent rule was last updated, timestamp in milliseconds.
updater
object
The attributes of the user who last updated the Agent rule.
handle
string
The handle of the user.
name
string
The name of the user.
version
int64
The version of the Agent rule.
id
string
The ID of the Agent rule.
type
enum
The type of the resource. The value should always be agent_rule
.
Allowed enum values: agent_rule
default: agent_rule
{
"data": {
"attributes": {
"actions": [
{
"filter": "string",
"kill": {
"signal": "string"
}
}
],
"agentConstraint": "string",
"category": "Process Activity",
"creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
"creationDate": 1624366480320,
"creator": {
"handle": "datadog.user@example.com",
"name": "Datadog User"
},
"defaultRule": false,
"description": "My Agent rule",
"enabled": true,
"expression": "exec.file.name == \\\"sh\\\"",
"filters": [],
"name": "my_agent_rule",
"updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
"updateDate": 1624366480320,
"updatedAt": 1624366480320,
"updater": {
"handle": "datadog.user@example.com",
"name": "Datadog User"
},
"version": 23
},
"id": "3dd-0uc-h1s",
"type": "agent_rule"
}
}
Not Authorized
API error response.
{
"errors": [
"Bad Request"
]
}
Not Found
API error response.
{
"errors": [
"Bad Request"
]
}
Too many requests
API error response.
{
"errors": [
"Bad Request"
]
}
# Path parameters
export agent_rule_id="3b5-v82-ns6"
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/${agent_rule_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
Get a Cloud Workload Security Agent rule returns "OK" response
"""
from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.csm_threats_api import CSMThreatsApi
# there is a valid "agent_rule" in the system
AGENT_RULE_DATA_ID = environ["AGENT_RULE_DATA_ID"]
configuration = Configuration()
with ApiClient(configuration) as api_client:
api_instance = CSMThreatsApi(api_client)
response = api_instance.get_cloud_workload_security_agent_rule(
agent_rule_id=AGENT_RULE_DATA_ID,
)
print(response)
First install the library and its dependencies and then save the example to example.py
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Get a Cloud Workload Security Agent rule returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient::V2::CSMThreatsAPI.new
# there is a valid "agent_rule" in the system
AGENT_RULE_DATA_ID = ENV["AGENT_RULE_DATA_ID"]
p api_instance.get_cloud_workload_security_agent_rule(AGENT_RULE_DATA_ID)
First install the library and its dependencies and then save the example to example.rb
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
// Get a Cloud Workload Security Agent rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;
#[tokio::main]
async fn main() {
// there is a valid "agent_rule" in the system
let agent_rule_data_id = std::env::var("AGENT_RULE_DATA_ID").unwrap();
let configuration = datadog::Configuration::new();
let api = CSMThreatsAPI::with_config(configuration);
let resp = api
.get_cloud_workload_security_agent_rule(agent_rule_data_id.clone())
.await;
if let Ok(value) = resp {
println!("{:#?}", value);
} else {
println!("{:#?}", resp.unwrap_err());
}
}
First install the library and its dependencies and then save the example to src/main.rs
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run
// Get a Cloud Workload Security Agent rule returns "OK" response
package main
import (
"context"
"encoding/json"
"fmt"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main() {
// there is a valid "agent_rule" in the system
AgentRuleDataID := os.Getenv("AGENT_RULE_DATA_ID")
ctx := datadog.NewDefaultContext(context.Background())
configuration := datadog.NewConfiguration()
apiClient := datadog.NewAPIClient(configuration)
api := datadogV2.NewCSMThreatsApi(apiClient)
resp, r, err := api.GetCloudWorkloadSecurityAgentRule(ctx, AgentRuleDataID)
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `CSMThreatsApi.GetCloudWorkloadSecurityAgentRule`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
responseContent, _ := json.MarshalIndent(resp, "", " ")
fmt.Fprintf(os.Stdout, "Response from `CSMThreatsApi.GetCloudWorkloadSecurityAgentRule`:\n%s\n", responseContent)
}
First install the library and its dependencies and then save the example to main.go
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Get a Cloud Workload Security Agent rule returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.CsmThreatsApi;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleResponse;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
CsmThreatsApi apiInstance = new CsmThreatsApi(defaultClient);
// there is a valid "agent_rule" in the system
String AGENT_RULE_DATA_ID = System.getenv("AGENT_RULE_DATA_ID");
try {
CloudWorkloadSecurityAgentRuleResponse result =
apiInstance.getCloudWorkloadSecurityAgentRule(AGENT_RULE_DATA_ID);
System.out.println(result);
} catch (ApiException e) {
System.err.println("Exception when calling CsmThreatsApi#getCloudWorkloadSecurityAgentRule");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
First install the library and its dependencies and then save the example to Example.java
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
/**
* Get a Cloud Workload Security Agent rule returns "OK" response
*/
import { client, v2 } from "@datadog/datadog-api-client";
const configuration = client.createConfiguration();
const apiInstance = new v2.CSMThreatsApi(configuration);
// there is a valid "agent_rule" in the system
const AGENT_RULE_DATA_ID = process.env.AGENT_RULE_DATA_ID as string;
const params: v2.CSMThreatsApiGetCloudWorkloadSecurityAgentRuleRequest = {
agentRuleId: AGENT_RULE_DATA_ID,
};
apiInstance
.getCloudWorkloadSecurityAgentRule(params)
.then((data: v2.CloudWorkloadSecurityAgentRuleResponse) => {
console.log(
"API called successfully. Returned data: " + JSON.stringify(data)
);
})
.catch((error: any) => console.error(error));
First install the library and its dependencies and then save the example to example.ts
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"
GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}
Get the details of a specific Cloud Security Management Threats Agent rule.
이름
유형
설명
agent_rule_id [required]
string
The ID of the Agent rule.
OK
Response object that includes an Agent rule.
항목
유형
설명
data
object
Object for a single Agent rule.
attributes
object
A Cloud Workload Security Agent rule returned by the API.
actions
[object]
The array of actions the rule can perform if triggered.
filter
string
SECL expression used to target the container to apply the action on
kill
object
Kill system call applied on the container matching the rule
signal
string
Supported signals for the kill system call.
agentConstraint
string
The version of the agent.
category
string
The category of the Agent rule.
creationAuthorUuId
string
The ID of the user who created the rule.
creationDate
int64
When the Agent rule was created, timestamp in milliseconds.
creator
object
The attributes of the user who created the Agent rule.
handle
string
The handle of the user.
name
string
The name of the user.
defaultRule
boolean
Whether the rule is included by default.
description
string
The description of the Agent rule.
enabled
boolean
Whether the Agent rule is enabled.
expression
string
The SECL expression of the Agent rule.
filters
[string]
The platforms the Agent rule is supported on.
name
string
The name of the Agent rule.
updateAuthorUuId
string
The ID of the user who updated the rule.
updateDate
int64
Timestamp in milliseconds when the Agent rule was last updated.
updatedAt
int64
When the Agent rule was last updated, timestamp in milliseconds.
updater
object
The attributes of the user who last updated the Agent rule.
handle
string
The handle of the user.
name
string
The name of the user.
version
int64
The version of the Agent rule.
id
string
The ID of the Agent rule.
type
enum
The type of the resource. The value should always be agent_rule
.
Allowed enum values: agent_rule
default: agent_rule
{
"data": {
"attributes": {
"actions": [
{
"filter": "string",
"kill": {
"signal": "string"
}
}
],
"agentConstraint": "string",
"category": "Process Activity",
"creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
"creationDate": 1624366480320,
"creator": {
"handle": "datadog.user@example.com",
"name": "Datadog User"
},
"defaultRule": false,
"description": "My Agent rule",
"enabled": true,
"expression": "exec.file.name == \\\"sh\\\"",
"filters": [],
"name": "my_agent_rule",
"updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
"updateDate": 1624366480320,
"updatedAt": 1624366480320,
"updater": {
"handle": "datadog.user@example.com",
"name": "Datadog User"
},
"version": 23
},
"id": "3dd-0uc-h1s",
"type": "agent_rule"
}
}
Not Authorized
API error response.
{
"errors": [
"Bad Request"
]
}
Not Found
API error response.
{
"errors": [
"Bad Request"
]
}
Too many requests
API error response.
{
"errors": [
"Bad Request"
]
}
# Path parameters
export agent_rule_id="3b5-v82-ns6"
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/${agent_rule_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
Get a CSM Threats Agent rule returns "OK" response
"""
from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.csm_threats_api import CSMThreatsApi
# there is a valid "agent_rule_rc" in the system
AGENT_RULE_DATA_ID = environ["AGENT_RULE_DATA_ID"]
configuration = Configuration()
with ApiClient(configuration) as api_client:
api_instance = CSMThreatsApi(api_client)
response = api_instance.get_csm_threats_agent_rule(
agent_rule_id=AGENT_RULE_DATA_ID,
)
print(response)
First install the library and its dependencies and then save the example to example.py
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Get a CSM Threats Agent rule returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient::V2::CSMThreatsAPI.new
# there is a valid "agent_rule_rc" in the system
AGENT_RULE_DATA_ID = ENV["AGENT_RULE_DATA_ID"]
p api_instance.get_csm_threats_agent_rule(AGENT_RULE_DATA_ID)
First install the library and its dependencies and then save the example to example.rb
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
// Get a CSM Threats Agent rule returns "OK" response
package main
import (
"context"
"encoding/json"
"fmt"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main() {
// there is a valid "agent_rule_rc" in the system
AgentRuleDataID := os.Getenv("AGENT_RULE_DATA_ID")
ctx := datadog.NewDefaultContext(context.Background())
configuration := datadog.NewConfiguration()
apiClient := datadog.NewAPIClient(configuration)
api := datadogV2.NewCSMThreatsApi(apiClient)
resp, r, err := api.GetCSMThreatsAgentRule(ctx, AgentRuleDataID)
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `CSMThreatsApi.GetCSMThreatsAgentRule`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
responseContent, _ := json.MarshalIndent(resp, "", " ")
fmt.Fprintf(os.Stdout, "Response from `CSMThreatsApi.GetCSMThreatsAgentRule`:\n%s\n", responseContent)
}
First install the library and its dependencies and then save the example to main.go
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Get a CSM Threats Agent rule returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.CsmThreatsApi;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleResponse;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
CsmThreatsApi apiInstance = new CsmThreatsApi(defaultClient);
// there is a valid "agent_rule_rc" in the system
String AGENT_RULE_DATA_ID = System.getenv("AGENT_RULE_DATA_ID");
try {
CloudWorkloadSecurityAgentRuleResponse result =
apiInstance.getCSMThreatsAgentRule(AGENT_RULE_DATA_ID);
System.out.println(result);
} catch (ApiException e) {
System.err.println("Exception when calling CsmThreatsApi#getCSMThreatsAgentRule");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
First install the library and its dependencies and then save the example to Example.java
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
// Get a CSM Threats Agent rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;
#[tokio::main]
async fn main() {
// there is a valid "agent_rule_rc" in the system
let agent_rule_data_id = std::env::var("AGENT_RULE_DATA_ID").unwrap();
let configuration = datadog::Configuration::new();
let api = CSMThreatsAPI::with_config(configuration);
let resp = api
.get_csm_threats_agent_rule(agent_rule_data_id.clone())
.await;
if let Ok(value) = resp {
println!("{:#?}", value);
} else {
println!("{:#?}", resp.unwrap_err());
}
}
First install the library and its dependencies and then save the example to src/main.rs
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run
/**
* Get a CSM Threats Agent rule returns "OK" response
*/
import { client, v2 } from "@datadog/datadog-api-client";
const configuration = client.createConfiguration();
const apiInstance = new v2.CSMThreatsApi(configuration);
// there is a valid "agent_rule_rc" in the system
const AGENT_RULE_DATA_ID = process.env.AGENT_RULE_DATA_ID as string;
const params: v2.CSMThreatsApiGetCSMThreatsAgentRuleRequest = {
agentRuleId: AGENT_RULE_DATA_ID,
};
apiInstance
.getCSMThreatsAgentRule(params)
.then((data: v2.CloudWorkloadSecurityAgentRuleResponse) => {
console.log(
"API called successfully. Returned data: " + JSON.stringify(data)
);
})
.catch((error: any) => console.error(error));
First install the library and its dependencies and then save the example to example.ts
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"
GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules
Get the list of Agent rules.
This endpoint requires the security_monitoring_cws_agent_rules_read
permission.
OK
Response object that includes a list of Agent rule.
항목
유형
설명
data
[object]
A list of Agent rules objects.
attributes
object
A Cloud Workload Security Agent rule returned by the API.
actions
[object]
The array of actions the rule can perform if triggered.
filter
string
SECL expression used to target the container to apply the action on
kill
object
Kill system call applied on the container matching the rule
signal
string
Supported signals for the kill system call.
agentConstraint
string
The version of the agent.
category
string
The category of the Agent rule.
creationAuthorUuId
string
The ID of the user who created the rule.
creationDate
int64
When the Agent rule was created, timestamp in milliseconds.
creator
object
The attributes of the user who created the Agent rule.
handle
string
The handle of the user.
name
string
The name of the user.
defaultRule
boolean
Whether the rule is included by default.
description
string
The description of the Agent rule.
enabled
boolean
Whether the Agent rule is enabled.
expression
string
The SECL expression of the Agent rule.
filters
[string]
The platforms the Agent rule is supported on.
name
string
The name of the Agent rule.
updateAuthorUuId
string
The ID of the user who updated the rule.
updateDate
int64
Timestamp in milliseconds when the Agent rule was last updated.
updatedAt
int64
When the Agent rule was last updated, timestamp in milliseconds.
updater
object
The attributes of the user who last updated the Agent rule.
handle
string
The handle of the user.
name
string
The name of the user.
version
int64
The version of the Agent rule.
id
string
The ID of the Agent rule.
type
enum
The type of the resource. The value should always be agent_rule
.
Allowed enum values: agent_rule
default: agent_rule
{
"data": [
{
"attributes": {
"actions": [
{
"filter": "string",
"kill": {
"signal": "string"
}
}
],
"agentConstraint": "string",
"category": "Process Activity",
"creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
"creationDate": 1624366480320,
"creator": {
"handle": "datadog.user@example.com",
"name": "Datadog User"
},
"defaultRule": false,
"description": "My Agent rule",
"enabled": true,
"expression": "exec.file.name == \\\"sh\\\"",
"filters": [],
"name": "my_agent_rule",
"updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
"updateDate": 1624366480320,
"updatedAt": 1624366480320,
"updater": {
"handle": "datadog.user@example.com",
"name": "Datadog User"
},
"version": 23
},
"id": "3dd-0uc-h1s",
"type": "agent_rule"
}
]
}
Not Authorized
API error response.
{
"errors": [
"Bad Request"
]
}
Too many requests
API error response.
{
"errors": [
"Bad Request"
]
}
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
Get all Cloud Workload Security Agent rules returns "OK" response
"""
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.csm_threats_api import CSMThreatsApi
configuration = Configuration()
with ApiClient(configuration) as api_client:
api_instance = CSMThreatsApi(api_client)
response = api_instance.list_cloud_workload_security_agent_rules()
print(response)
First install the library and its dependencies and then save the example to example.py
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Get all Cloud Workload Security Agent rules returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient::V2::CSMThreatsAPI.new
p api_instance.list_cloud_workload_security_agent_rules()
First install the library and its dependencies and then save the example to example.rb
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
// Get all Cloud Workload Security Agent rules returns "OK" response
package main
import (
"context"
"encoding/json"
"fmt"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main() {
ctx := datadog.NewDefaultContext(context.Background())
configuration := datadog.NewConfiguration()
apiClient := datadog.NewAPIClient(configuration)
api := datadogV2.NewCSMThreatsApi(apiClient)
resp, r, err := api.ListCloudWorkloadSecurityAgentRules(ctx)
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `CSMThreatsApi.ListCloudWorkloadSecurityAgentRules`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
responseContent, _ := json.MarshalIndent(resp, "", " ")
fmt.Fprintf(os.Stdout, "Response from `CSMThreatsApi.ListCloudWorkloadSecurityAgentRules`:\n%s\n", responseContent)
}
First install the library and its dependencies and then save the example to main.go
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Get all Cloud Workload Security Agent rules returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.CsmThreatsApi;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRulesListResponse;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
CsmThreatsApi apiInstance = new CsmThreatsApi(defaultClient);
try {
CloudWorkloadSecurityAgentRulesListResponse result =
apiInstance.listCloudWorkloadSecurityAgentRules();
System.out.println(result);
} catch (ApiException e) {
System.err.println(
"Exception when calling CsmThreatsApi#listCloudWorkloadSecurityAgentRules");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
First install the library and its dependencies and then save the example to Example.java
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
// Get all Cloud Workload Security Agent rules returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;
#[tokio::main]
async fn main() {
let configuration = datadog::Configuration::new();
let api = CSMThreatsAPI::with_config(configuration);
let resp = api.list_cloud_workload_security_agent_rules().await;
if let Ok(value) = resp {
println!("{:#?}", value);
} else {
println!("{:#?}", resp.unwrap_err());
}
}
First install the library and its dependencies and then save the example to src/main.rs
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run
/**
* Get all Cloud Workload Security Agent rules returns "OK" response
*/
import { client, v2 } from "@datadog/datadog-api-client";
const configuration = client.createConfiguration();
const apiInstance = new v2.CSMThreatsApi(configuration);
apiInstance
.listCloudWorkloadSecurityAgentRules()
.then((data: v2.CloudWorkloadSecurityAgentRulesListResponse) => {
console.log(
"API called successfully. Returned data: " + JSON.stringify(data)
);
})
.catch((error: any) => console.error(error));
First install the library and its dependencies and then save the example to example.ts
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"
GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_ruleshttps://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.datadoghq.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules
Get the list of Cloud Security Management Threats Agent rules.
OK
Response object that includes a list of Agent rule.
항목
유형
설명
data
[object]
A list of Agent rules objects.
attributes
object
A Cloud Workload Security Agent rule returned by the API.
actions
[object]
The array of actions the rule can perform if triggered.
filter
string
SECL expression used to target the container to apply the action on
kill
object
Kill system call applied on the container matching the rule
signal
string
Supported signals for the kill system call.
agentConstraint
string
The version of the agent.
category
string
The category of the Agent rule.
creationAuthorUuId
string
The ID of the user who created the rule.
creationDate
int64
When the Agent rule was created, timestamp in milliseconds.
creator
object
The attributes of the user who created the Agent rule.
handle
string
The handle of the user.
name
string
The name of the user.
defaultRule
boolean
Whether the rule is included by default.
description
string
The description of the Agent rule.
enabled
boolean
Whether the Agent rule is enabled.
expression
string
The SECL expression of the Agent rule.
filters
[string]
The platforms the Agent rule is supported on.
name
string
The name of the Agent rule.
updateAuthorUuId
string
The ID of the user who updated the rule.
updateDate
int64
Timestamp in milliseconds when the Agent rule was last updated.
updatedAt
int64
When the Agent rule was last updated, timestamp in milliseconds.
updater
object
The attributes of the user who last updated the Agent rule.
handle
string
The handle of the user.
name
string
The name of the user.
version
int64
The version of the Agent rule.
id
string
The ID of the Agent rule.
type
enum
The type of the resource. The value should always be agent_rule
.
Allowed enum values: agent_rule
default: agent_rule
{
"data": [
{
"attributes": {
"actions": [
{
"filter": "string",
"kill": {
"signal": "string"
}
}
],
"agentConstraint": "string",
"category": "Process Activity",
"creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
"creationDate": 1624366480320,
"creator": {
"handle": "datadog.user@example.com",
"name": "Datadog User"
},
"defaultRule": false,
"description": "My Agent rule",
"enabled": true,
"expression": "exec.file.name == \\\"sh\\\"",
"filters": [],
"name": "my_agent_rule",
"updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
"updateDate": 1624366480320,
"updatedAt": 1624366480320,
"updater": {
"handle": "datadog.user@example.com",
"name": "Datadog User"
},
"version": 23
},
"id": "3dd-0uc-h1s",
"type": "agent_rule"
}
]
}
Not Authorized
API error response.
{
"errors": [
"Bad Request"
]
}
Too many requests
API error response.
{
"errors": [
"Bad Request"
]
}
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
Get all CSM Threats Agent rules returns "OK" response
"""
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.csm_threats_api import CSMThreatsApi
configuration = Configuration()
with ApiClient(configuration) as api_client:
api_instance = CSMThreatsApi(api_client)
response = api_instance.list_csm_threats_agent_rules()
print(response)
First install the library and its dependencies and then save the example to example.py
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Get all CSM Threats Agent rules returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient::V2::CSMThreatsAPI.new
p api_instance.list_csm_threats_agent_rules()
First install the library and its dependencies and then save the example to example.rb
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
/**
* Get all CSM Threats Agent rules returns "OK" response
*/
import { client, v2 } from "@datadog/datadog-api-client";
const configuration = client.createConfiguration();
const apiInstance = new v2.CSMThreatsApi(configuration);
apiInstance
.listCSMThreatsAgentRules()
.then((data: v2.CloudWorkloadSecurityAgentRulesListResponse) => {
console.log(
"API called successfully. Returned data: " + JSON.stringify(data)
);
})
.catch((error: any) => console.error(error));
First install the library and its dependencies and then save the example to example.ts
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"
// Get all CSM Threats Agent rules returns "OK" response
package main
import (
"context"
"encoding/json"
"fmt"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main() {
ctx := datadog.NewDefaultContext(context.Background())
configuration := datadog.NewConfiguration()
apiClient := datadog.NewAPIClient(configuration)
api := datadogV2.NewCSMThreatsApi(apiClient)
resp, r, err := api.ListCSMThreatsAgentRules(ctx)
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `CSMThreatsApi.ListCSMThreatsAgentRules`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
responseContent, _ := json.MarshalIndent(resp, "", " ")
fmt.Fprintf(os.Stdout, "Response from `CSMThreatsApi.ListCSMThreatsAgentRules`:\n%s\n", responseContent)
}
First install the library and its dependencies and then save the example to main.go
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Get all CSM Threats Agent rules returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.CsmThreatsApi;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRulesListResponse;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
CsmThreatsApi apiInstance = new CsmThreatsApi(defaultClient);
try {
CloudWorkloadSecurityAgentRulesListResponse result = apiInstance.listCSMThreatsAgentRules();
System.out.println(result);
} catch (ApiException e) {
System.err.println("Exception when calling CsmThreatsApi#listCSMThreatsAgentRules");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
First install the library and its dependencies and then save the example to Example.java
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
// Get all CSM Threats Agent rules returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;
#[tokio::main]
async fn main() {
let configuration = datadog::Configuration::new();
let api = CSMThreatsAPI::with_config(configuration);
let resp = api.list_csm_threats_agent_rules().await;
if let Ok(value) = resp {
println!("{:#?}", value);
} else {
println!("{:#?}", resp.unwrap_err());
}
}
First install the library and its dependencies and then save the example to src/main.rs
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run
POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules
Create a new Agent rule with the given parameters.
This endpoint requires the security_monitoring_cws_agent_rules_write
permission.
The definition of the new Agent rule.
항목
유형
설명
data [required]
object
Object for a single Agent rule.
attributes [required]
object
Create a new Cloud Workload Security Agent rule.
description
string
The description of the Agent rule.
enabled
boolean
Whether the Agent rule is enabled.
expression [required]
string
The SECL expression of the Agent rule.
filters
[string]
The platforms the Agent rule is supported on.
name [required]
string
The name of the Agent rule.
type [required]
enum
The type of the resource. The value should always be agent_rule
.
Allowed enum values: agent_rule
default: agent_rule
{
"data": {
"attributes": {
"description": "Test Agent rule",
"enabled": true,
"expression": "exec.file.name == \"sh\"",
"name": "examplecsmthreat"
},
"type": "agent_rule"
}
}
OK
Response object that includes an Agent rule.
항목
유형
설명
data
object
Object for a single Agent rule.
attributes
object
A Cloud Workload Security Agent rule returned by the API.
actions
[object]
The array of actions the rule can perform if triggered.
filter
string
SECL expression used to target the container to apply the action on
kill
object
Kill system call applied on the container matching the rule
signal
string
Supported signals for the kill system call.
agentConstraint
string
The version of the agent.
category
string
The category of the Agent rule.
creationAuthorUuId
string
The ID of the user who created the rule.
creationDate
int64
When the Agent rule was created, timestamp in milliseconds.
creator
object
The attributes of the user who created the Agent rule.
handle
string
The handle of the user.
name
string
The name of the user.
defaultRule
boolean
Whether the rule is included by default.
description
string
The description of the Agent rule.
enabled
boolean
Whether the Agent rule is enabled.
expression
string
The SECL expression of the Agent rule.
filters
[string]
The platforms the Agent rule is supported on.
name
string
The name of the Agent rule.
updateAuthorUuId
string
The ID of the user who updated the rule.
updateDate
int64
Timestamp in milliseconds when the Agent rule was last updated.
updatedAt
int64
When the Agent rule was last updated, timestamp in milliseconds.
updater
object
The attributes of the user who last updated the Agent rule.
handle
string
The handle of the user.
name
string
The name of the user.
version
int64
The version of the Agent rule.
id
string
The ID of the Agent rule.
type
enum
The type of the resource. The value should always be agent_rule
.
Allowed enum values: agent_rule
default: agent_rule
{
"data": {
"attributes": {
"actions": [
{
"filter": "string",
"kill": {
"signal": "string"
}
}
],
"agentConstraint": "string",
"category": "Process Activity",
"creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
"creationDate": 1624366480320,
"creator": {
"handle": "datadog.user@example.com",
"name": "Datadog User"
},
"defaultRule": false,
"description": "My Agent rule",
"enabled": true,
"expression": "exec.file.name == \\\"sh\\\"",
"filters": [],
"name": "my_agent_rule",
"updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
"updateDate": 1624366480320,
"updatedAt": 1624366480320,
"updater": {
"handle": "datadog.user@example.com",
"name": "Datadog User"
},
"version": 23
},
"id": "3dd-0uc-h1s",
"type": "agent_rule"
}
}
Bad Request
API error response.
{
"errors": [
"Bad Request"
]
}
Not Authorized
API error response.
{
"errors": [
"Bad Request"
]
}
Conflict
API error response.
{
"errors": [
"Bad Request"
]
}
Too many requests
API error response.
{
"errors": [
"Bad Request"
]
}
# Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
"data": {
"attributes": {
"description": "Test Agent rule",
"enabled": true,
"expression": "exec.file.name == \"sh\"",
"name": "examplecsmthreat"
},
"type": "agent_rule"
}
}
EOF
// Create a Cloud Workload Security Agent rule returns "OK" response
package main
import (
"context"
"encoding/json"
"fmt"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main() {
body := datadogV2.CloudWorkloadSecurityAgentRuleCreateRequest{
Data: datadogV2.CloudWorkloadSecurityAgentRuleCreateData{
Attributes: datadogV2.CloudWorkloadSecurityAgentRuleCreateAttributes{
Description: datadog.PtrString("Test Agent rule"),
Enabled: datadog.PtrBool(true),
Expression: `exec.file.name == "sh"`,
Name: "examplecsmthreat",
},
Type: datadogV2.CLOUDWORKLOADSECURITYAGENTRULETYPE_AGENT_RULE,
},
}
ctx := datadog.NewDefaultContext(context.Background())
configuration := datadog.NewConfiguration()
apiClient := datadog.NewAPIClient(configuration)
api := datadogV2.NewCSMThreatsApi(apiClient)
resp, r, err := api.CreateCloudWorkloadSecurityAgentRule(ctx, body)
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `CSMThreatsApi.CreateCloudWorkloadSecurityAgentRule`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
responseContent, _ := json.MarshalIndent(resp, "", " ")
fmt.Fprintf(os.Stdout, "Response from `CSMThreatsApi.CreateCloudWorkloadSecurityAgentRule`:\n%s\n", responseContent)
}
First install the library and its dependencies and then save the example to main.go
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Create a Cloud Workload Security Agent rule returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.CsmThreatsApi;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleCreateAttributes;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleCreateData;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleCreateRequest;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleResponse;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleType;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
CsmThreatsApi apiInstance = new CsmThreatsApi(defaultClient);
CloudWorkloadSecurityAgentRuleCreateRequest body =
new CloudWorkloadSecurityAgentRuleCreateRequest()
.data(
new CloudWorkloadSecurityAgentRuleCreateData()
.attributes(
new CloudWorkloadSecurityAgentRuleCreateAttributes()
.description("Test Agent rule")
.enabled(true)
.expression("""
exec.file.name == "sh"
""")
.name("examplecsmthreat"))
.type(CloudWorkloadSecurityAgentRuleType.AGENT_RULE));
try {
CloudWorkloadSecurityAgentRuleResponse result =
apiInstance.createCloudWorkloadSecurityAgentRule(body);
System.out.println(result);
} catch (ApiException e) {
System.err.println(
"Exception when calling CsmThreatsApi#createCloudWorkloadSecurityAgentRule");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
First install the library and its dependencies and then save the example to Example.java
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
"""
Create a Cloud Workload Security Agent rule returns "OK" response
"""
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.csm_threats_api import CSMThreatsApi
from datadog_api_client.v2.model.cloud_workload_security_agent_rule_create_attributes import (
CloudWorkloadSecurityAgentRuleCreateAttributes,
)
from datadog_api_client.v2.model.cloud_workload_security_agent_rule_create_data import (
CloudWorkloadSecurityAgentRuleCreateData,
)
from datadog_api_client.v2.model.cloud_workload_security_agent_rule_create_request import (
CloudWorkloadSecurityAgentRuleCreateRequest,
)
from datadog_api_client.v2.model.cloud_workload_security_agent_rule_type import CloudWorkloadSecurityAgentRuleType
body = CloudWorkloadSecurityAgentRuleCreateRequest(
data=CloudWorkloadSecurityAgentRuleCreateData(
attributes=CloudWorkloadSecurityAgentRuleCreateAttributes(
description="Test Agent rule",
enabled=True,
expression='exec.file.name == "sh"',
name="examplecsmthreat",
),
type=CloudWorkloadSecurityAgentRuleType.AGENT_RULE,
),
)
configuration = Configuration()
with ApiClient(configuration) as api_client:
api_instance = CSMThreatsApi(api_client)
response = api_instance.create_cloud_workload_security_agent_rule(body=body)
print(response)
First install the library and its dependencies and then save the example to example.py
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Create a Cloud Workload Security Agent rule returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient::V2::CSMThreatsAPI.new
body = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateRequest.new({
data: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateData.new({
attributes: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateAttributes.new({
description: "Test Agent rule",
enabled: true,
expression: 'exec.file.name == "sh"',
name: "examplecsmthreat",
}),
type: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleType::AGENT_RULE,
}),
})
p api_instance.create_cloud_workload_security_agent_rule(body)
First install the library and its dependencies and then save the example to example.rb
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
// Create a Cloud Workload Security Agent rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;
use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleCreateAttributes;
use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleCreateData;
use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleCreateRequest;
use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleType;
#[tokio::main]
async fn main() {
let body = CloudWorkloadSecurityAgentRuleCreateRequest::new(
CloudWorkloadSecurityAgentRuleCreateData::new(
CloudWorkloadSecurityAgentRuleCreateAttributes::new(
r#"exec.file.name == "sh""#.to_string(),
"examplecsmthreat".to_string(),
)
.description("Test Agent rule".to_string())
.enabled(true),
CloudWorkloadSecurityAgentRuleType::AGENT_RULE,
),
);
let configuration = datadog::Configuration::new();
let api = CSMThreatsAPI::with_config(configuration);
let resp = api.create_cloud_workload_security_agent_rule(body).await;
if let Ok(value) = resp {
println!("{:#?}", value);
} else {
println!("{:#?}", resp.unwrap_err());
}
}
First install the library and its dependencies and then save the example to src/main.rs
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run
/**
* Create a Cloud Workload Security Agent rule returns "OK" response
*/
import { client, v2 } from "@datadog/datadog-api-client";
const configuration = client.createConfiguration();
const apiInstance = new v2.CSMThreatsApi(configuration);
const params: v2.CSMThreatsApiCreateCloudWorkloadSecurityAgentRuleRequest = {
body: {
data: {
attributes: {
description: "Test Agent rule",
enabled: true,
expression: `exec.file.name == "sh"`,
name: "examplecsmthreat",
},
type: "agent_rule",
},
},
};
apiInstance
.createCloudWorkloadSecurityAgentRule(params)
.then((data: v2.CloudWorkloadSecurityAgentRuleResponse) => {
console.log(
"API called successfully. Returned data: " + JSON.stringify(data)
);
})
.catch((error: any) => console.error(error));
First install the library and its dependencies and then save the example to example.ts
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"
POST https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_ruleshttps://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.datadoghq.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules
Create a new Cloud Security Management Threats Agent rule with the given parameters.
The definition of the new Agent rule.
항목
유형
설명
data [required]
object
Object for a single Agent rule.
attributes [required]
object
Create a new Cloud Workload Security Agent rule.
description
string
The description of the Agent rule.
enabled
boolean
Whether the Agent rule is enabled.
expression [required]
string
The SECL expression of the Agent rule.
filters
[string]
The platforms the Agent rule is supported on.
name [required]
string
The name of the Agent rule.
type [required]
enum
The type of the resource. The value should always be agent_rule
.
Allowed enum values: agent_rule
default: agent_rule
{
"data": {
"attributes": {
"description": "My Agent rule",
"enabled": true,
"expression": "exec.file.name == \"sh\"",
"filters": [
"os == \"linux\""
],
"name": "examplecsmthreat"
},
"type": "agent_rule"
}
}
OK
Response object that includes an Agent rule.
항목
유형
설명
data
object
Object for a single Agent rule.
attributes
object
A Cloud Workload Security Agent rule returned by the API.
actions
[object]
The array of actions the rule can perform if triggered.
filter
string
SECL expression used to target the container to apply the action on
kill
object
Kill system call applied on the container matching the rule
signal
string
Supported signals for the kill system call.
agentConstraint
string
The version of the agent.
category
string
The category of the Agent rule.
creationAuthorUuId
string
The ID of the user who created the rule.
creationDate
int64
When the Agent rule was created, timestamp in milliseconds.
creator
object
The attributes of the user who created the Agent rule.
handle
string
The handle of the user.
name
string
The name of the user.
defaultRule
boolean
Whether the rule is included by default.
description
string
The description of the Agent rule.
enabled
boolean
Whether the Agent rule is enabled.
expression
string
The SECL expression of the Agent rule.
filters
[string]
The platforms the Agent rule is supported on.
name
string
The name of the Agent rule.
updateAuthorUuId
string
The ID of the user who updated the rule.
updateDate
int64
Timestamp in milliseconds when the Agent rule was last updated.
updatedAt
int64
When the Agent rule was last updated, timestamp in milliseconds.
updater
object
The attributes of the user who last updated the Agent rule.
handle
string
The handle of the user.
name
string
The name of the user.
version
int64
The version of the Agent rule.
id
string
The ID of the Agent rule.
type
enum
The type of the resource. The value should always be agent_rule
.
Allowed enum values: agent_rule
default: agent_rule
{
"data": {
"attributes": {
"actions": [
{
"filter": "string",
"kill": {
"signal": "string"
}
}
],
"agentConstraint": "string",
"category": "Process Activity",
"creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
"creationDate": 1624366480320,
"creator": {
"handle": "datadog.user@example.com",
"name": "Datadog User"
},
"defaultRule": false,
"description": "My Agent rule",
"enabled": true,
"expression": "exec.file.name == \\\"sh\\\"",
"filters": [],
"name": "my_agent_rule",
"updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
"updateDate": 1624366480320,
"updatedAt": 1624366480320,
"updater": {
"handle": "datadog.user@example.com",
"name": "Datadog User"
},
"version": 23
},
"id": "3dd-0uc-h1s",
"type": "agent_rule"
}
}
Bad Request
API error response.
{
"errors": [
"Bad Request"
]
}
Not Authorized
API error response.
{
"errors": [
"Bad Request"
]
}
Conflict
API error response.
{
"errors": [
"Bad Request"
]
}
Too many requests
API error response.
{
"errors": [
"Bad Request"
]
}
# Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
"data": {
"attributes": {
"description": "My Agent rule",
"enabled": true,
"expression": "exec.file.name == \"sh\"",
"filters": [
"os == \"linux\""
],
"name": "examplecsmthreat"
},
"type": "agent_rule"
}
}
EOF
// Create a CSM Threats Agent rule returns "OK" response
package main
import (
"context"
"encoding/json"
"fmt"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main() {
body := datadogV2.CloudWorkloadSecurityAgentRuleCreateRequest{
Data: datadogV2.CloudWorkloadSecurityAgentRuleCreateData{
Attributes: datadogV2.CloudWorkloadSecurityAgentRuleCreateAttributes{
Description: datadog.PtrString("My Agent rule"),
Enabled: datadog.PtrBool(true),
Expression: `exec.file.name == "sh"`,
Filters: []string{
`os == "linux"`,
},
Name: "examplecsmthreat",
},
Type: datadogV2.CLOUDWORKLOADSECURITYAGENTRULETYPE_AGENT_RULE,
},
}
ctx := datadog.NewDefaultContext(context.Background())
configuration := datadog.NewConfiguration()
apiClient := datadog.NewAPIClient(configuration)
api := datadogV2.NewCSMThreatsApi(apiClient)
resp, r, err := api.CreateCSMThreatsAgentRule(ctx, body)
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `CSMThreatsApi.CreateCSMThreatsAgentRule`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
responseContent, _ := json.MarshalIndent(resp, "", " ")
fmt.Fprintf(os.Stdout, "Response from `CSMThreatsApi.CreateCSMThreatsAgentRule`:\n%s\n", responseContent)
}
First install the library and its dependencies and then save the example to main.go
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Create a CSM Threats Agent rule returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.CsmThreatsApi;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleCreateAttributes;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleCreateData;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleCreateRequest;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleResponse;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleType;
import java.util.Collections;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
CsmThreatsApi apiInstance = new CsmThreatsApi(defaultClient);
CloudWorkloadSecurityAgentRuleCreateRequest body =
new CloudWorkloadSecurityAgentRuleCreateRequest()
.data(
new CloudWorkloadSecurityAgentRuleCreateData()
.attributes(
new CloudWorkloadSecurityAgentRuleCreateAttributes()
.description("My Agent rule")
.enabled(true)
.expression("""
exec.file.name == "sh"
""")
.filters(Collections.singletonList("""
os == "linux"
"""))
.name("examplecsmthreat"))
.type(CloudWorkloadSecurityAgentRuleType.AGENT_RULE));
try {
CloudWorkloadSecurityAgentRuleResponse result = apiInstance.createCSMThreatsAgentRule(body);
System.out.println(result);
} catch (ApiException e) {
System.err.println("Exception when calling CsmThreatsApi#createCSMThreatsAgentRule");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
First install the library and its dependencies and then save the example to Example.java
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
"""
Create a CSM Threats Agent rule returns "OK" response
"""
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.csm_threats_api import CSMThreatsApi
from datadog_api_client.v2.model.cloud_workload_security_agent_rule_create_attributes import (
CloudWorkloadSecurityAgentRuleCreateAttributes,
)
from datadog_api_client.v2.model.cloud_workload_security_agent_rule_create_data import (
CloudWorkloadSecurityAgentRuleCreateData,
)
from datadog_api_client.v2.model.cloud_workload_security_agent_rule_create_request import (
CloudWorkloadSecurityAgentRuleCreateRequest,
)
from datadog_api_client.v2.model.cloud_workload_security_agent_rule_type import CloudWorkloadSecurityAgentRuleType
body = CloudWorkloadSecurityAgentRuleCreateRequest(
data=CloudWorkloadSecurityAgentRuleCreateData(
attributes=CloudWorkloadSecurityAgentRuleCreateAttributes(
description="My Agent rule",
enabled=True,
expression='exec.file.name == "sh"',
filters=[
'os == "linux"',
],
name="examplecsmthreat",
),
type=CloudWorkloadSecurityAgentRuleType.AGENT_RULE,
),
)
configuration = Configuration()
with ApiClient(configuration) as api_client:
api_instance = CSMThreatsApi(api_client)
response = api_instance.create_csm_threats_agent_rule(body=body)
print(response)
First install the library and its dependencies and then save the example to example.py
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Create a CSM Threats Agent rule returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient::V2::CSMThreatsAPI.new
body = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateRequest.new({
data: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateData.new({
attributes: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateAttributes.new({
description: "My Agent rule",
enabled: true,
expression: 'exec.file.name == "sh"',
filters: [
'os == "linux"',
],
name: "examplecsmthreat",
}),
type: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleType::AGENT_RULE,
}),
})
p api_instance.create_csm_threats_agent_rule(body)
First install the library and its dependencies and then save the example to example.rb
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
// Create a CSM Threats Agent rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;
use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleCreateAttributes;
use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleCreateData;
use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleCreateRequest;
use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleType;
#[tokio::main]
async fn main() {
let body = CloudWorkloadSecurityAgentRuleCreateRequest::new(
CloudWorkloadSecurityAgentRuleCreateData::new(
CloudWorkloadSecurityAgentRuleCreateAttributes::new(
r#"exec.file.name == "sh""#.to_string(),
"examplecsmthreat".to_string(),
)
.description("My Agent rule".to_string())
.enabled(true)
.filters(vec![r#"os == "linux""#.to_string()]),
CloudWorkloadSecurityAgentRuleType::AGENT_RULE,
),
);
let configuration = datadog::Configuration::new();
let api = CSMThreatsAPI::with_config(configuration);
let resp = api.create_csm_threats_agent_rule(body).await;
if let Ok(value) = resp {
println!("{:#?}", value);
} else {
println!("{:#?}", resp.unwrap_err());
}
}
First install the library and its dependencies and then save the example to src/main.rs
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run
/**
* Create a CSM Threats Agent rule returns "OK" response
*/
import { client, v2 } from "@datadog/datadog-api-client";
const configuration = client.createConfiguration();
const apiInstance = new v2.CSMThreatsApi(configuration);
const params: v2.CSMThreatsApiCreateCSMThreatsAgentRuleRequest = {
body: {
data: {
attributes: {
description: "My Agent rule",
enabled: true,
expression: `exec.file.name == "sh"`,
filters: [`os == "linux"`],
name: "examplecsmthreat",
},
type: "agent_rule",
},
},
};
apiInstance
.createCSMThreatsAgentRule(params)
.then((data: v2.CloudWorkloadSecurityAgentRuleResponse) => {
console.log(
"API called successfully. Returned data: " + JSON.stringify(data)
);
})
.catch((error: any) => console.error(error));
First install the library and its dependencies and then save the example to example.ts
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"
PATCH https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}
Update a specific Agent rule.
Returns the Agent rule object when the request is successful.
This endpoint requires the security_monitoring_cws_agent_rules_write
permission.
이름
유형
설명
agent_rule_id [required]
string
The ID of the Agent rule.
New definition of the Agent rule.
항목
유형
설명
data [required]
object
Object for a single Agent rule.
attributes [required]
object
Update an existing Cloud Workload Security Agent rule.
description
string
The description of the Agent rule.
enabled
boolean
Whether the Agent rule is enabled.
expression
string
The SECL expression of the Agent rule.
id
string
The ID of the agent rule.
type [required]
enum
The type of the resource. The value should always be agent_rule
.
Allowed enum values: agent_rule
default: agent_rule
{
"data": {
"attributes": {
"description": "Test Agent rule",
"enabled": true,
"expression": "exec.file.name == \"sh\""
},
"type": "agent_rule",
"id": "3dd-0uc-h1s"
}
}
OK
Response object that includes an Agent rule.
항목
유형
설명
data
object
Object for a single Agent rule.
attributes
object
A Cloud Workload Security Agent rule returned by the API.
actions
[object]
The array of actions the rule can perform if triggered.
filter
string
SECL expression used to target the container to apply the action on
kill
object
Kill system call applied on the container matching the rule
signal
string
Supported signals for the kill system call.
agentConstraint
string
The version of the agent.
category
string
The category of the Agent rule.
creationAuthorUuId
string
The ID of the user who created the rule.
creationDate
int64
When the Agent rule was created, timestamp in milliseconds.
creator
object
The attributes of the user who created the Agent rule.
handle
string
The handle of the user.
name
string
The name of the user.
defaultRule
boolean
Whether the rule is included by default.
description
string
The description of the Agent rule.
enabled
boolean
Whether the Agent rule is enabled.
expression
string
The SECL expression of the Agent rule.
filters
[string]
The platforms the Agent rule is supported on.
name
string
The name of the Agent rule.
updateAuthorUuId
string
The ID of the user who updated the rule.
updateDate
int64
Timestamp in milliseconds when the Agent rule was last updated.
updatedAt
int64
When the Agent rule was last updated, timestamp in milliseconds.
updater
object
The attributes of the user who last updated the Agent rule.
handle
string
The handle of the user.
name
string
The name of the user.
version
int64
The version of the Agent rule.
id
string
The ID of the Agent rule.
type
enum
The type of the resource. The value should always be agent_rule
.
Allowed enum values: agent_rule
default: agent_rule
{
"data": {
"attributes": {
"actions": [
{
"filter": "string",
"kill": {
"signal": "string"
}
}
],
"agentConstraint": "string",
"category": "Process Activity",
"creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
"creationDate": 1624366480320,
"creator": {
"handle": "datadog.user@example.com",
"name": "Datadog User"
},
"defaultRule": false,
"description": "My Agent rule",
"enabled": true,
"expression": "exec.file.name == \\\"sh\\\"",
"filters": [],
"name": "my_agent_rule",
"updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
"updateDate": 1624366480320,
"updatedAt": 1624366480320,
"updater": {
"handle": "datadog.user@example.com",
"name": "Datadog User"
},
"version": 23
},
"id": "3dd-0uc-h1s",
"type": "agent_rule"
}
}
Bad Request
API error response.
{
"errors": [
"Bad Request"
]
}
Not Authorized
API error response.
{
"errors": [
"Bad Request"
]
}
Not Found
API error response.
{
"errors": [
"Bad Request"
]
}
Concurrent Modification
API error response.
{
"errors": [
"Bad Request"
]
}
Too many requests
API error response.
{
"errors": [
"Bad Request"
]
}
# Path parameters
export agent_rule_id="3b5-v82-ns6"
# Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/${agent_rule_id}" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
"data": {
"attributes": {
"description": "Test Agent rule",
"enabled": true,
"expression": "exec.file.name == \"sh\""
},
"type": "agent_rule",
"id": "3dd-0uc-h1s"
}
}
EOF
// Update a Cloud Workload Security Agent rule returns "OK" response
package main
import (
"context"
"encoding/json"
"fmt"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main() {
// there is a valid "agent_rule" in the system
AgentRuleDataID := os.Getenv("AGENT_RULE_DATA_ID")
body := datadogV2.CloudWorkloadSecurityAgentRuleUpdateRequest{
Data: datadogV2.CloudWorkloadSecurityAgentRuleUpdateData{
Attributes: datadogV2.CloudWorkloadSecurityAgentRuleUpdateAttributes{
Description: datadog.PtrString("Test Agent rule"),
Enabled: datadog.PtrBool(true),
Expression: datadog.PtrString(`exec.file.name == "sh"`),
},
Type: datadogV2.CLOUDWORKLOADSECURITYAGENTRULETYPE_AGENT_RULE,
Id: datadog.PtrString(AgentRuleDataID),
},
}
ctx := datadog.NewDefaultContext(context.Background())
configuration := datadog.NewConfiguration()
apiClient := datadog.NewAPIClient(configuration)
api := datadogV2.NewCSMThreatsApi(apiClient)
resp, r, err := api.UpdateCloudWorkloadSecurityAgentRule(ctx, AgentRuleDataID, body)
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `CSMThreatsApi.UpdateCloudWorkloadSecurityAgentRule`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
responseContent, _ := json.MarshalIndent(resp, "", " ")
fmt.Fprintf(os.Stdout, "Response from `CSMThreatsApi.UpdateCloudWorkloadSecurityAgentRule`:\n%s\n", responseContent)
}
First install the library and its dependencies and then save the example to main.go
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" go run "main.go"
// Update a Cloud Workload Security Agent rule returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.CsmThreatsApi;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleResponse;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleType;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleUpdateAttributes;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleUpdateData;
import com.datadog.api.client.v2.model.CloudWorkloadSecurityAgentRuleUpdateRequest;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
CsmThreatsApi apiInstance = new CsmThreatsApi(defaultClient);
// there is a valid "agent_rule" in the system
String AGENT_RULE_DATA_ID = System.getenv("AGENT_RULE_DATA_ID");
CloudWorkloadSecurityAgentRuleUpdateRequest body =
new CloudWorkloadSecurityAgentRuleUpdateRequest()
.data(
new CloudWorkloadSecurityAgentRuleUpdateData()
.attributes(
new CloudWorkloadSecurityAgentRuleUpdateAttributes()
.description("Test Agent rule")
.enabled(true)
.expression("""
exec.file.name == "sh"
"""))
.type(CloudWorkloadSecurityAgentRuleType.AGENT_RULE)
.id(AGENT_RULE_DATA_ID));
try {
CloudWorkloadSecurityAgentRuleResponse result =
apiInstance.updateCloudWorkloadSecurityAgentRule(AGENT_RULE_DATA_ID, body);
System.out.println(result);
} catch (ApiException e) {
System.err.println(
"Exception when calling CsmThreatsApi#updateCloudWorkloadSecurityAgentRule");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
First install the library and its dependencies and then save the example to Example.java
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" java "Example.java"
"""
Update a Cloud Workload Security Agent rule returns "OK" response
"""
from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.csm_threats_api import CSMThreatsApi
from datadog_api_client.v2.model.cloud_workload_security_agent_rule_type import CloudWorkloadSecurityAgentRuleType
from datadog_api_client.v2.model.cloud_workload_security_agent_rule_update_attributes import (
CloudWorkloadSecurityAgentRuleUpdateAttributes,
)
from datadog_api_client.v2.model.cloud_workload_security_agent_rule_update_data import (
CloudWorkloadSecurityAgentRuleUpdateData,
)
from datadog_api_client.v2.model.cloud_workload_security_agent_rule_update_request import (
CloudWorkloadSecurityAgentRuleUpdateRequest,
)
# there is a valid "agent_rule" in the system
AGENT_RULE_DATA_ID = environ["AGENT_RULE_DATA_ID"]
body = CloudWorkloadSecurityAgentRuleUpdateRequest(
data=CloudWorkloadSecurityAgentRuleUpdateData(
attributes=CloudWorkloadSecurityAgentRuleUpdateAttributes(
description="Test Agent rule",
enabled=True,
expression='exec.file.name == "sh"',
),
type=CloudWorkloadSecurityAgentRuleType.AGENT_RULE,
id=AGENT_RULE_DATA_ID,
),
)
configuration = Configuration()
with ApiClient(configuration) as api_client:
api_instance = CSMThreatsApi(api_client)
response = api_instance.update_cloud_workload_security_agent_rule(agent_rule_id=AGENT_RULE_DATA_ID, body=body)
print(response)
First install the library and its dependencies and then save the example to example.py
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" python3 "example.py"
# Update a Cloud Workload Security Agent rule returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient::V2::CSMThreatsAPI.new
# there is a valid "agent_rule" in the system
AGENT_RULE_DATA_ID = ENV["AGENT_RULE_DATA_ID"]
body = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateRequest.new({
data: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateData.new({
attributes: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateAttributes.new({
description: "Test Agent rule",
enabled: true,
expression: 'exec.file.name == "sh"',
}),
type: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleType::AGENT_RULE,
id: AGENT_RULE_DATA_ID,
}),
})
p api_instance.update_cloud_workload_security_agent_rule(AGENT_RULE_DATA_ID, body)
First install the library and its dependencies and then save the example to example.rb
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"
// Update a Cloud Workload Security Agent rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_csm_threats::CSMThreatsAPI;
use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleType;
use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleUpdateAttributes;
use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleUpdateData;
use datadog_api_client::datadogV2::model::CloudWorkloadSecurityAgentRuleUpdateRequest;
#[tokio::main]
async fn main() {
// there is a valid "agent_rule" in the system
let agent_rule_data_id = std::env::var("AGENT_RULE_DATA_ID").unwrap();
let body = CloudWorkloadSecurityAgentRuleUpdateRequest::new(
CloudWorkloadSecurityAgentRuleUpdateData::new(
CloudWorkloadSecurityAgentRuleUpdateAttributes::new()
.description("Test Agent rule".to_string())
.enabled(true)
.expression(r#"exec.file.name == "sh""#.to_string()),
CloudWorkloadSecurityAgentRuleType::AGENT_RULE,
)
.id(agent_rule_data_id.clone()),
);
let configuration = datadog::Configuration::new();
let api = CSMThreatsAPI::with_config(configuration);
let resp = api
.update_cloud_workload_security_agent_rule(agent_rule_data_id.clone(), body)
.await;
if let Ok(value) = resp {
println!("{:#?}", value);
} else {
println!("{:#?}", resp.unwrap_err());
}
}
First install the library and its dependencies and then save the example to src/main.rs
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" cargo run
/**
* Update a Cloud Workload Security Agent rule returns "OK" response
*/
import { client, v2 } from "@datadog/datadog-api-client";
const configuration = client.createConfiguration();
const apiInstance = new v2.CSMThreatsApi(configuration);
// there is a valid "agent_rule" in the system
const AGENT_RULE_DATA_ID = process.env.AGENT_RULE_DATA_ID as string;
const params: v2.CSMThreatsApiUpdateCloudWorkloadSecurityAgentRuleRequest = {
body: {
data: {
attributes: {
description: "Test Agent rule",
enabled: true,
expression: `exec.file.name == "sh"`,
},
type: "agent_rule",
id: AGENT_RULE_DATA_ID,
},
},
agentRuleId: AGENT_RULE_DATA_ID,
};
apiInstance
.updateCloudWorkloadSecurityAgentRule(params)
.then((data: v2.CloudWorkloadSecurityAgentRuleResponse) => {
console.log(
"API called successfully. Returned data: " + JSON.stringify(data)
);
})
.catch((error: any) => console.error(error));
First install the library and its dependencies and then save the example to example.ts
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"
PATCH https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}
Update a specific Cloud Security Management Threats Agent rule. Returns the Agent rule object when the request is successful.
이름
유형
설명
agent_rule_id [required]
string
The ID of the Agent rule.
New definition of the Agent rule.
항목
유형
설명
data [required]
object
Object for a single Agent rule.
attributes [required]
object
Update an existing Cloud Workload Security Agent rule.
description
string
The description of the Agent rule.
enabled
boolean
Whether the Agent rule is enabled.
expression
string
The SECL expression of the Agent rule.
id
string
The ID of the agent rule.
type [required]
enum
The type of the resource. The value should always be agent_rule
.
Allowed enum values: agent_rule
default: agent_rule
{
"data": {
"attributes": {
"description": "Test Agent rule",
"enabled": true,
"expression": "exec.file.name == \"sh\""
},
"type": "agent_rule",
"id": "3dd-0uc-h1s"
}
}
OK
Response object that includes an Agent rule.
항목
유형
설명
data
object
Object for a single Agent rule.
attributes
object
A Cloud Workload Security Agent rule returned by the API.
actions
[object]
The array of actions the rule can perform if triggered.
filter
string
SECL expression used to target the container to apply the action on
kill
object
Kill system call applied on the container matching the rule
signal
string
Supported signals for the kill system call.
agentConstraint
string
The version of the agent.
category
string
The category of the Agent rule.
creationAuthorUuId
string
The ID of the user who created the rule.
creationDate
int64
When the Agent rule was created, timestamp in milliseconds.
creator
object
The attributes of the user who created the Agent rule.
handle
string
The handle of the user.
name
string
The name of the user.
defaultRule
boolean
Whether the rule is included by default.
description
string
The description of the Agent rule.
enabled
boolean
Whether the Agent rule is enabled.
expression
string
The SECL expression of the Agent rule.
filters
[string]
The platforms the Agent rule is supported on.
name
string
The name of the Agent rule.
updateAuthorUuId
string
The ID of the user who updated the rule.
updateDate
int64
Timestamp in milliseconds when the Agent rule was last updated.
updatedAt
int64
When the Agent rule was last updated, timestamp in milliseconds.
updater
object
The attributes of the user who last updated the Agent rule.
handle
string
The handle of the user.
name
string
The name of the user.
version
int64
The version of the Agent rule.
id
string
The ID of the Agent rule.
type
enum
The type of the resource. The value should always be agent_rule
.
Allowed enum values: agent_rule
default: agent_rule
{
"data": {
"attributes": {
"actions": [
{
"filter": "string",
"kill": {
"signal": "string"
}
}
],
"agentConstraint": "string",
"category": "Process Activity",
"creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
"creationDate": 1624366480320,
"creator": {
"handle": "datadog.user@example.com",
"name": "Datadog User"
},
"defaultRule": false,
"description": "My Agent rule",
"enabled": true,
"expression": "exec.file.name == \\\"sh\\\"",
"filters": [],
"name": "my_agent_rule",
"updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
"updateDate": 1624366480320,
"updatedAt": 1624366480320,
"updater": {
"handle": "datadog.user@example.com",
"name": "Datadog User"
},
"version": 23
},
"id": "3dd-0uc-h1s",
"type": "agent_rule"
}
}
Bad Request
API error response.