- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
보안 규칙, 신호, 필터 등을 생성하고 관리하세요. 자세한 정보는 Datadog 보안 페이지를 참고하세요.
POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressionshttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressionshttps://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions
Create a new suppression rule.
OAuth apps require the security_monitoring_suppressions_write
authorization scope to access this endpoint.
The definition of the new suppression rule.
항목
유형
설명
data [required]
object
Object for a single suppression rule.
attributes [required]
object
Object containing the attributes of the suppression rule to be created.
data_exclusion_query
string
An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.
description
string
A description for the suppression rule.
enabled [required]
boolean
Whether the suppression rule is enabled.
expiration_date
int64
A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.
name [required]
string
The name of the suppression rule.
rule_query [required]
string
The rule query of the suppression rule, with the same syntax as the search bar for detection rules.
suppression_query
string
The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer.
type [required]
enum
The type of the resource. The value should always be suppressions
.
Allowed enum values: suppressions
default: suppressions
{
"data": {
"attributes": {
"description": "This rule suppresses low-severity signals in staging environments.",
"enabled": true,
"expiration_date": 1638443471000,
"name": "Example-Security-Monitoring",
"rule_query": "type:log_detection source:cloudtrail",
"suppression_query": "env:staging status:low"
},
"type": "suppressions"
}
}
{
"data": {
"attributes": {
"description": "This rule suppresses low-severity signals in staging environments.",
"enabled": true,
"expiration_date": 1638443471000,
"name": "Example-Security-Monitoring",
"rule_query": "type:log_detection source:cloudtrail",
"data_exclusion_query": "account_id:12345"
},
"type": "suppressions"
}
}
OK
Response object containing a single suppression rule.
항목
유형
설명
data
object
The suppression rule's properties.
attributes
object
The attributes of the suppression rule.
creation_date
int64
A Unix millisecond timestamp given the creation date of the suppression rule.
creator
object
A user.
handle
string
The handle of the user.
name
string
The name of the user.
data_exclusion_query
string
An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.
description
string
A description for the suppression rule.
editable
boolean
Whether the suppression rule is editable.
enabled
boolean
Whether the suppression rule is enabled.
expiration_date
int64
A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.
name
string
The name of the suppression rule.
rule_query
string
The rule query of the suppression rule, with the same syntax as the search bar for detection rules.
suppression_query
string
The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.
update_date
int64
A Unix millisecond timestamp given the update date of the suppression rule.
updater
object
A user.
handle
string
The handle of the user.
name
string
The name of the user.
version
int32
The version of the suppression rule; it starts at 1, and is incremented at each update.
id
string
The ID of the suppression rule.
type
enum
The type of the resource. The value should always be suppressions
.
Allowed enum values: suppressions
default: suppressions
{
"data": {
"attributes": {
"creation_date": "integer",
"creator": {
"handle": "john.doe@datadoghq.com",
"name": "John Doe"
},
"data_exclusion_query": "source:cloudtrail account_id:12345",
"description": "This rule suppresses low-severity signals in staging environments.",
"editable": true,
"enabled": true,
"expiration_date": 1703187336000,
"name": "Custom suppression",
"rule_query": "type:log_detection source:cloudtrail",
"suppression_query": "env:staging status:low",
"update_date": "integer",
"updater": {
"handle": "john.doe@datadoghq.com",
"name": "John Doe"
},
"version": 42
},
"id": "3dd-0uc-h1s",
"type": "suppressions"
}
}
Bad Request
API error response.
{
"errors": [
"Bad Request"
]
}
Not Authorized
API error response.
{
"errors": [
"Bad Request"
]
}
Conflict
API error response.
{
"errors": [
"Bad Request"
]
}
Too many requests
API error response.
{
"errors": [
"Bad Request"
]
}
# Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
"data": {
"attributes": {
"description": "This rule suppresses low-severity signals in staging environments.",
"enabled": true,
"expiration_date": 1638443471000,
"name": "Example-Security-Monitoring",
"rule_query": "type:log_detection source:cloudtrail",
"suppression_query": "env:staging status:low"
},
"type": "suppressions"
}
}
EOF
# Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
"data": {
"attributes": {
"description": "This rule suppresses low-severity signals in staging environments.",
"enabled": true,
"expiration_date": 1638443471000,
"name": "Example-Security-Monitoring",
"rule_query": "type:log_detection source:cloudtrail",
"data_exclusion_query": "account_id:12345"
},
"type": "suppressions"
}
}
EOF
// Create a suppression rule returns "OK" response
package main
import (
"context"
"encoding/json"
"fmt"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main() {
body := datadogV2.SecurityMonitoringSuppressionCreateRequest{
Data: datadogV2.SecurityMonitoringSuppressionCreateData{
Attributes: datadogV2.SecurityMonitoringSuppressionCreateAttributes{
Description: datadog.PtrString("This rule suppresses low-severity signals in staging environments."),
Enabled: true,
ExpirationDate: datadog.PtrInt64(1638443471000),
Name: "Example-Security-Monitoring",
RuleQuery: "type:log_detection source:cloudtrail",
SuppressionQuery: datadog.PtrString("env:staging status:low"),
},
Type: datadogV2.SECURITYMONITORINGSUPPRESSIONTYPE_SUPPRESSIONS,
},
}
ctx := datadog.NewDefaultContext(context.Background())
configuration := datadog.NewConfiguration()
apiClient := datadog.NewAPIClient(configuration)
api := datadogV2.NewSecurityMonitoringApi(apiClient)
resp, r, err := api.CreateSecurityMonitoringSuppression(ctx, body)
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
responseContent, _ := json.MarshalIndent(resp, "", " ")
fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`:\n%s\n", responseContent)
}
// Create a suppression rule with an exclusion query returns "OK" response
package main
import (
"context"
"encoding/json"
"fmt"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main() {
body := datadogV2.SecurityMonitoringSuppressionCreateRequest{
Data: datadogV2.SecurityMonitoringSuppressionCreateData{
Attributes: datadogV2.SecurityMonitoringSuppressionCreateAttributes{
Description: datadog.PtrString("This rule suppresses low-severity signals in staging environments."),
Enabled: true,
ExpirationDate: datadog.PtrInt64(1638443471000),
Name: "Example-Security-Monitoring",
RuleQuery: "type:log_detection source:cloudtrail",
DataExclusionQuery: datadog.PtrString("account_id:12345"),
},
Type: datadogV2.SECURITYMONITORINGSUPPRESSIONTYPE_SUPPRESSIONS,
},
}
ctx := datadog.NewDefaultContext(context.Background())
configuration := datadog.NewConfiguration()
apiClient := datadog.NewAPIClient(configuration)
api := datadogV2.NewSecurityMonitoringApi(apiClient)
resp, r, err := api.CreateSecurityMonitoringSuppression(ctx, body)
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
responseContent, _ := json.MarshalIndent(resp, "", " ")
fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSecurityMonitoringSuppression`:\n%s\n", responseContent)
}
First install the library and its dependencies and then save the example to main.go
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Create a suppression rule returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionType;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
SecurityMonitoringSuppressionCreateRequest body =
new SecurityMonitoringSuppressionCreateRequest()
.data(
new SecurityMonitoringSuppressionCreateData()
.attributes(
new SecurityMonitoringSuppressionCreateAttributes()
.description(
"This rule suppresses low-severity signals in staging"
+ " environments.")
.enabled(true)
.expirationDate(1638443471000L)
.name("Example-Security-Monitoring")
.ruleQuery("type:log_detection source:cloudtrail")
.suppressionQuery("env:staging status:low"))
.type(SecurityMonitoringSuppressionType.SUPPRESSIONS));
try {
SecurityMonitoringSuppressionResponse result =
apiInstance.createSecurityMonitoringSuppression(body);
System.out.println(result);
} catch (ApiException e) {
System.err.println(
"Exception when calling SecurityMonitoringApi#createSecurityMonitoringSuppression");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
// Create a suppression rule with an exclusion query returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionType;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
SecurityMonitoringSuppressionCreateRequest body =
new SecurityMonitoringSuppressionCreateRequest()
.data(
new SecurityMonitoringSuppressionCreateData()
.attributes(
new SecurityMonitoringSuppressionCreateAttributes()
.description(
"This rule suppresses low-severity signals in staging"
+ " environments.")
.enabled(true)
.expirationDate(1638443471000L)
.name("Example-Security-Monitoring")
.ruleQuery("type:log_detection source:cloudtrail")
.dataExclusionQuery("account_id:12345"))
.type(SecurityMonitoringSuppressionType.SUPPRESSIONS));
try {
SecurityMonitoringSuppressionResponse result =
apiInstance.createSecurityMonitoringSuppression(body);
System.out.println(result);
} catch (ApiException e) {
System.err.println(
"Exception when calling SecurityMonitoringApi#createSecurityMonitoringSuppression");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
First install the library and its dependencies and then save the example to Example.java
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
"""
Create a suppression rule returns "OK" response
"""
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_suppression_create_attributes import (
SecurityMonitoringSuppressionCreateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_suppression_create_data import (
SecurityMonitoringSuppressionCreateData,
)
from datadog_api_client.v2.model.security_monitoring_suppression_create_request import (
SecurityMonitoringSuppressionCreateRequest,
)
from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType
body = SecurityMonitoringSuppressionCreateRequest(
data=SecurityMonitoringSuppressionCreateData(
attributes=SecurityMonitoringSuppressionCreateAttributes(
description="This rule suppresses low-severity signals in staging environments.",
enabled=True,
expiration_date=1638443471000,
name="Example-Security-Monitoring",
rule_query="type:log_detection source:cloudtrail",
suppression_query="env:staging status:low",
),
type=SecurityMonitoringSuppressionType.SUPPRESSIONS,
),
)
configuration = Configuration()
with ApiClient(configuration) as api_client:
api_instance = SecurityMonitoringApi(api_client)
response = api_instance.create_security_monitoring_suppression(body=body)
print(response)
"""
Create a suppression rule with an exclusion query returns "OK" response
"""
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_suppression_create_attributes import (
SecurityMonitoringSuppressionCreateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_suppression_create_data import (
SecurityMonitoringSuppressionCreateData,
)
from datadog_api_client.v2.model.security_monitoring_suppression_create_request import (
SecurityMonitoringSuppressionCreateRequest,
)
from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType
body = SecurityMonitoringSuppressionCreateRequest(
data=SecurityMonitoringSuppressionCreateData(
attributes=SecurityMonitoringSuppressionCreateAttributes(
description="This rule suppresses low-severity signals in staging environments.",
enabled=True,
expiration_date=1638443471000,
name="Example-Security-Monitoring",
rule_query="type:log_detection source:cloudtrail",
data_exclusion_query="account_id:12345",
),
type=SecurityMonitoringSuppressionType.SUPPRESSIONS,
),
)
configuration = Configuration()
with ApiClient(configuration) as api_client:
api_instance = SecurityMonitoringApi(api_client)
response = api_instance.create_security_monitoring_suppression(body=body)
print(response)
First install the library and its dependencies and then save the example to example.py
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Create a suppression rule returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
body = DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateRequest.new({
data: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateData.new({
attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateAttributes.new({
description: "This rule suppresses low-severity signals in staging environments.",
enabled: true,
expiration_date: 1638443471000,
name: "Example-Security-Monitoring",
rule_query: "type:log_detection source:cloudtrail",
suppression_query: "env:staging status:low",
}),
type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS,
}),
})
p api_instance.create_security_monitoring_suppression(body)
# Create a suppression rule with an exclusion query returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
body = DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateRequest.new({
data: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateData.new({
attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateAttributes.new({
description: "This rule suppresses low-severity signals in staging environments.",
enabled: true,
expiration_date: 1638443471000,
name: "Example-Security-Monitoring",
rule_query: "type:log_detection source:cloudtrail",
data_exclusion_query: "account_id:12345",
}),
type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS,
}),
})
p api_instance.create_security_monitoring_suppression(body)
First install the library and its dependencies and then save the example to example.rb
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Create a suppression rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateAttributes;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateData;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateRequest;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionType;
#[tokio::main]
async fn main() {
let body = SecurityMonitoringSuppressionCreateRequest::new(
SecurityMonitoringSuppressionCreateData::new(
SecurityMonitoringSuppressionCreateAttributes::new(
true,
"Example-Security-Monitoring".to_string(),
"type:log_detection source:cloudtrail".to_string(),
)
.description(
"This rule suppresses low-severity signals in staging environments.".to_string(),
)
.expiration_date(1638443471000)
.suppression_query("env:staging status:low".to_string()),
SecurityMonitoringSuppressionType::SUPPRESSIONS,
),
);
let configuration = datadog::Configuration::new();
let api = SecurityMonitoringAPI::with_config(configuration);
let resp = api.create_security_monitoring_suppression(body).await;
if let Ok(value) = resp {
println!("{:#?}", value);
} else {
println!("{:#?}", resp.unwrap_err());
}
}
// Create a suppression rule with an exclusion query returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateAttributes;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateData;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionCreateRequest;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionType;
#[tokio::main]
async fn main() {
let body = SecurityMonitoringSuppressionCreateRequest::new(
SecurityMonitoringSuppressionCreateData::new(
SecurityMonitoringSuppressionCreateAttributes::new(
true,
"Example-Security-Monitoring".to_string(),
"type:log_detection source:cloudtrail".to_string(),
)
.data_exclusion_query("account_id:12345".to_string())
.description(
"This rule suppresses low-severity signals in staging environments.".to_string(),
)
.expiration_date(1638443471000),
SecurityMonitoringSuppressionType::SUPPRESSIONS,
),
);
let configuration = datadog::Configuration::new();
let api = SecurityMonitoringAPI::with_config(configuration);
let resp = api.create_security_monitoring_suppression(body).await;
if let Ok(value) = resp {
println!("{:#?}", value);
} else {
println!("{:#?}", resp.unwrap_err());
}
}
First install the library and its dependencies and then save the example to src/main.rs
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
/**
* Create a suppression rule returns "OK" response
*/
import { client, v2 } from "@datadog/datadog-api-client";
const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);
const params: v2.SecurityMonitoringApiCreateSecurityMonitoringSuppressionRequest =
{
body: {
data: {
attributes: {
description:
"This rule suppresses low-severity signals in staging environments.",
enabled: true,
expirationDate: 1638443471000,
name: "Example-Security-Monitoring",
ruleQuery: "type:log_detection source:cloudtrail",
suppressionQuery: "env:staging status:low",
},
type: "suppressions",
},
},
};
apiInstance
.createSecurityMonitoringSuppression(params)
.then((data: v2.SecurityMonitoringSuppressionResponse) => {
console.log(
"API called successfully. Returned data: " + JSON.stringify(data)
);
})
.catch((error: any) => console.error(error));
/**
* Create a suppression rule with an exclusion query returns "OK" response
*/
import { client, v2 } from "@datadog/datadog-api-client";
const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);
const params: v2.SecurityMonitoringApiCreateSecurityMonitoringSuppressionRequest =
{
body: {
data: {
attributes: {
description:
"This rule suppresses low-severity signals in staging environments.",
enabled: true,
expirationDate: 1638443471000,
name: "Example-Security-Monitoring",
ruleQuery: "type:log_detection source:cloudtrail",
dataExclusionQuery: "account_id:12345",
},
type: "suppressions",
},
},
};
apiInstance
.createSecurityMonitoringSuppression(params)
.then((data: v2.SecurityMonitoringSuppressionResponse) => {
console.log(
"API called successfully. Returned data: " + JSON.stringify(data)
);
})
.catch((error: any) => console.error(error));
First install the library and its dependencies and then save the example to example.ts
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"
DELETE https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}
Delete a specific suppression rule.
OAuth apps require the security_monitoring_suppressions_write
authorization scope to access this endpoint.
이름
유형
설명
suppression_id [required]
string
The ID of the suppression rule
OK
Not Authorized
API error response.
{
"errors": [
"Bad Request"
]
}
Not Found
API error response.
{
"errors": [
"Bad Request"
]
}
Too many requests
API error response.
{
"errors": [
"Bad Request"
]
}
# Path parameters
export suppression_id="CHANGE_ME"
# Curl command
curl -X DELETE "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/${suppression_id}" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
Delete a suppression rule returns "OK" response
"""
from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = environ["SUPPRESSION_DATA_ID"]
configuration = Configuration()
with ApiClient(configuration) as api_client:
api_instance = SecurityMonitoringApi(api_client)
api_instance.delete_security_monitoring_suppression(
suppression_id=SUPPRESSION_DATA_ID,
)
First install the library and its dependencies and then save the example to example.py
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Delete a suppression rule returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = ENV["SUPPRESSION_DATA_ID"]
api_instance.delete_security_monitoring_suppression(SUPPRESSION_DATA_ID)
First install the library and its dependencies and then save the example to example.rb
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Delete a suppression rule returns "OK" response
package main
import (
"context"
"fmt"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main() {
// there is a valid "suppression" in the system
SuppressionDataID := os.Getenv("SUPPRESSION_DATA_ID")
ctx := datadog.NewDefaultContext(context.Background())
configuration := datadog.NewConfiguration()
apiClient := datadog.NewAPIClient(configuration)
api := datadogV2.NewSecurityMonitoringApi(apiClient)
r, err := api.DeleteSecurityMonitoringSuppression(ctx, SuppressionDataID)
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.DeleteSecurityMonitoringSuppression`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
}
First install the library and its dependencies and then save the example to main.go
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Delete a suppression rule returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
// there is a valid "suppression" in the system
String SUPPRESSION_DATA_ID = System.getenv("SUPPRESSION_DATA_ID");
try {
apiInstance.deleteSecurityMonitoringSuppression(SUPPRESSION_DATA_ID);
} catch (ApiException e) {
System.err.println(
"Exception when calling SecurityMonitoringApi#deleteSecurityMonitoringSuppression");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
First install the library and its dependencies and then save the example to Example.java
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
// Delete a suppression rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
#[tokio::main]
async fn main() {
// there is a valid "suppression" in the system
let suppression_data_id = std::env::var("SUPPRESSION_DATA_ID").unwrap();
let configuration = datadog::Configuration::new();
let api = SecurityMonitoringAPI::with_config(configuration);
let resp = api
.delete_security_monitoring_suppression(suppression_data_id.clone())
.await;
if let Ok(value) = resp {
println!("{:#?}", value);
} else {
println!("{:#?}", resp.unwrap_err());
}
}
First install the library and its dependencies and then save the example to src/main.rs
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
/**
* Delete a suppression rule returns "OK" response
*/
import { client, v2 } from "@datadog/datadog-api-client";
const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);
// there is a valid "suppression" in the system
const SUPPRESSION_DATA_ID = process.env.SUPPRESSION_DATA_ID as string;
const params: v2.SecurityMonitoringApiDeleteSecurityMonitoringSuppressionRequest =
{
suppressionId: SUPPRESSION_DATA_ID,
};
apiInstance
.deleteSecurityMonitoringSuppression(params)
.then((data: any) => {
console.log(
"API called successfully. Returned data: " + JSON.stringify(data)
);
})
.catch((error: any) => console.error(error));
First install the library and its dependencies and then save the example to example.ts
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"
GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}
Get the details of a specific suppression rule.
OAuth apps require the security_monitoring_suppressions_read
authorization scope to access this endpoint.
이름
유형
설명
suppression_id [required]
string
The ID of the suppression rule
OK
Response object containing a single suppression rule.
항목
유형
설명
data
object
The suppression rule's properties.
attributes
object
The attributes of the suppression rule.
creation_date
int64
A Unix millisecond timestamp given the creation date of the suppression rule.
creator
object
A user.
handle
string
The handle of the user.
name
string
The name of the user.
data_exclusion_query
string
An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.
description
string
A description for the suppression rule.
editable
boolean
Whether the suppression rule is editable.
enabled
boolean
Whether the suppression rule is enabled.
expiration_date
int64
A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.
name
string
The name of the suppression rule.
rule_query
string
The rule query of the suppression rule, with the same syntax as the search bar for detection rules.
suppression_query
string
The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.
update_date
int64
A Unix millisecond timestamp given the update date of the suppression rule.
updater
object
A user.
handle
string
The handle of the user.
name
string
The name of the user.
version
int32
The version of the suppression rule; it starts at 1, and is incremented at each update.
id
string
The ID of the suppression rule.
type
enum
The type of the resource. The value should always be suppressions
.
Allowed enum values: suppressions
default: suppressions
{
"data": {
"attributes": {
"creation_date": "integer",
"creator": {
"handle": "john.doe@datadoghq.com",
"name": "John Doe"
},
"data_exclusion_query": "source:cloudtrail account_id:12345",
"description": "This rule suppresses low-severity signals in staging environments.",
"editable": true,
"enabled": true,
"expiration_date": 1703187336000,
"name": "Custom suppression",
"rule_query": "type:log_detection source:cloudtrail",
"suppression_query": "env:staging status:low",
"update_date": "integer",
"updater": {
"handle": "john.doe@datadoghq.com",
"name": "John Doe"
},
"version": 42
},
"id": "3dd-0uc-h1s",
"type": "suppressions"
}
}
Not Authorized
API error response.
{
"errors": [
"Bad Request"
]
}
Not Found
API error response.
{
"errors": [
"Bad Request"
]
}
Too many requests
API error response.
{
"errors": [
"Bad Request"
]
}
# Path parameters
export suppression_id="CHANGE_ME"
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/${suppression_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
Get a suppression rule returns "OK" response
"""
from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = environ["SUPPRESSION_DATA_ID"]
configuration = Configuration()
with ApiClient(configuration) as api_client:
api_instance = SecurityMonitoringApi(api_client)
response = api_instance.get_security_monitoring_suppression(
suppression_id=SUPPRESSION_DATA_ID,
)
print(response)
First install the library and its dependencies and then save the example to example.py
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Get a suppression rule returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = ENV["SUPPRESSION_DATA_ID"]
p api_instance.get_security_monitoring_suppression(SUPPRESSION_DATA_ID)
First install the library and its dependencies and then save the example to example.rb
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Get a suppression rule returns "OK" response
package main
import (
"context"
"encoding/json"
"fmt"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main() {
// there is a valid "suppression" in the system
SuppressionDataID := os.Getenv("SUPPRESSION_DATA_ID")
ctx := datadog.NewDefaultContext(context.Background())
configuration := datadog.NewConfiguration()
apiClient := datadog.NewAPIClient(configuration)
api := datadogV2.NewSecurityMonitoringApi(apiClient)
resp, r, err := api.GetSecurityMonitoringSuppression(ctx, SuppressionDataID)
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetSecurityMonitoringSuppression`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
responseContent, _ := json.MarshalIndent(resp, "", " ")
fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetSecurityMonitoringSuppression`:\n%s\n", responseContent)
}
First install the library and its dependencies and then save the example to main.go
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Get a suppression rule returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
// there is a valid "suppression" in the system
String SUPPRESSION_DATA_ID = System.getenv("SUPPRESSION_DATA_ID");
try {
SecurityMonitoringSuppressionResponse result =
apiInstance.getSecurityMonitoringSuppression(SUPPRESSION_DATA_ID);
System.out.println(result);
} catch (ApiException e) {
System.err.println(
"Exception when calling SecurityMonitoringApi#getSecurityMonitoringSuppression");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
First install the library and its dependencies and then save the example to Example.java
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
// Get a suppression rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
#[tokio::main]
async fn main() {
// there is a valid "suppression" in the system
let suppression_data_id = std::env::var("SUPPRESSION_DATA_ID").unwrap();
let configuration = datadog::Configuration::new();
let api = SecurityMonitoringAPI::with_config(configuration);
let resp = api
.get_security_monitoring_suppression(suppression_data_id.clone())
.await;
if let Ok(value) = resp {
println!("{:#?}", value);
} else {
println!("{:#?}", resp.unwrap_err());
}
}
First install the library and its dependencies and then save the example to src/main.rs
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
/**
* Get a suppression rule returns "OK" response
*/
import { client, v2 } from "@datadog/datadog-api-client";
const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);
// there is a valid "suppression" in the system
const SUPPRESSION_DATA_ID = process.env.SUPPRESSION_DATA_ID as string;
const params: v2.SecurityMonitoringApiGetSecurityMonitoringSuppressionRequest =
{
suppressionId: SUPPRESSION_DATA_ID,
};
apiInstance
.getSecurityMonitoringSuppression(params)
.then((data: v2.SecurityMonitoringSuppressionResponse) => {
console.log(
"API called successfully. Returned data: " + JSON.stringify(data)
);
})
.catch((error: any) => console.error(error));
First install the library and its dependencies and then save the example to example.ts
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"
GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressionshttps://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressionshttps://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressionshttps://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions
Get the list of all suppression rules.
OAuth apps require the security_monitoring_suppressions_read
authorization scope to access this endpoint.
OK
Response object containing the available suppression rules.
항목
유형
설명
data
[object]
A list of suppressions objects.
attributes
object
The attributes of the suppression rule.
creation_date
int64
A Unix millisecond timestamp given the creation date of the suppression rule.
creator
object
A user.
handle
string
The handle of the user.
name
string
The name of the user.
data_exclusion_query
string
An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.
description
string
A description for the suppression rule.
editable
boolean
Whether the suppression rule is editable.
enabled
boolean
Whether the suppression rule is enabled.
expiration_date
int64
A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.
name
string
The name of the suppression rule.
rule_query
string
The rule query of the suppression rule, with the same syntax as the search bar for detection rules.
suppression_query
string
The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.
update_date
int64
A Unix millisecond timestamp given the update date of the suppression rule.
updater
object
A user.
handle
string
The handle of the user.
name
string
The name of the user.
version
int32
The version of the suppression rule; it starts at 1, and is incremented at each update.
id
string
The ID of the suppression rule.
type
enum
The type of the resource. The value should always be suppressions
.
Allowed enum values: suppressions
default: suppressions
{
"data": [
{
"attributes": {
"creation_date": "integer",
"creator": {
"handle": "john.doe@datadoghq.com",
"name": "John Doe"
},
"data_exclusion_query": "source:cloudtrail account_id:12345",
"description": "This rule suppresses low-severity signals in staging environments.",
"editable": true,
"enabled": true,
"expiration_date": 1703187336000,
"name": "Custom suppression",
"rule_query": "type:log_detection source:cloudtrail",
"suppression_query": "env:staging status:low",
"update_date": "integer",
"updater": {
"handle": "john.doe@datadoghq.com",
"name": "John Doe"
},
"version": 42
},
"id": "3dd-0uc-h1s",
"type": "suppressions"
}
]
}
Not Authorized
API error response.
{
"errors": [
"Bad Request"
]
}
Too many requests
API error response.
{
"errors": [
"Bad Request"
]
}
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
Get all suppression rules returns "OK" response
"""
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
configuration = Configuration()
with ApiClient(configuration) as api_client:
api_instance = SecurityMonitoringApi(api_client)
response = api_instance.list_security_monitoring_suppressions()
print(response)
First install the library and its dependencies and then save the example to example.py
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Get all suppression rules returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.list_security_monitoring_suppressions()
First install the library and its dependencies and then save the example to example.rb
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Get all suppression rules returns "OK" response
package main
import (
"context"
"encoding/json"
"fmt"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main() {
ctx := datadog.NewDefaultContext(context.Background())
configuration := datadog.NewConfiguration()
apiClient := datadog.NewAPIClient(configuration)
api := datadogV2.NewSecurityMonitoringApi(apiClient)
resp, r, err := api.ListSecurityMonitoringSuppressions(ctx)
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ListSecurityMonitoringSuppressions`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
responseContent, _ := json.MarshalIndent(resp, "", " ")
fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.ListSecurityMonitoringSuppressions`:\n%s\n", responseContent)
}
First install the library and its dependencies and then save the example to main.go
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Get all suppression rules returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionsResponse;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
try {
SecurityMonitoringSuppressionsResponse result =
apiInstance.listSecurityMonitoringSuppressions();
System.out.println(result);
} catch (ApiException e) {
System.err.println(
"Exception when calling SecurityMonitoringApi#listSecurityMonitoringSuppressions");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
First install the library and its dependencies and then save the example to Example.java
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
// Get all suppression rules returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
#[tokio::main]
async fn main() {
let configuration = datadog::Configuration::new();
let api = SecurityMonitoringAPI::with_config(configuration);
let resp = api.list_security_monitoring_suppressions().await;
if let Ok(value) = resp {
println!("{:#?}", value);
} else {
println!("{:#?}", resp.unwrap_err());
}
}
First install the library and its dependencies and then save the example to src/main.rs
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
/**
* Get all suppression rules returns "OK" response
*/
import { client, v2 } from "@datadog/datadog-api-client";
const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);
apiInstance
.listSecurityMonitoringSuppressions()
.then((data: v2.SecurityMonitoringSuppressionsResponse) => {
console.log(
"API called successfully. Returned data: " + JSON.stringify(data)
);
})
.catch((error: any) => console.error(error));
First install the library and its dependencies and then save the example to example.ts
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"
PATCH https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/{suppression_id}
Update a specific suppression rule.
OAuth apps require the security_monitoring_suppressions_write
authorization scope to access this endpoint.
이름
유형
설명
suppression_id [required]
string
The ID of the suppression rule
New definition of the suppression rule. Supports partial updates.
항목
유형
설명
data [required]
object
The new suppression properties; partial updates are supported.
attributes [required]
object
The suppression rule properties to be updated.
data_exclusion_query
string
An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.
description
string
A description for the suppression rule.
enabled
boolean
Whether the suppression rule is enabled.
expiration_date
int64
A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. If unset, the expiration date of the suppression rule is left untouched. If set to null
, the expiration date is removed.
name
string
The name of the suppression rule.
rule_query
string
The rule query of the suppression rule, with the same syntax as the search bar for detection rules.
suppression_query
string
The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.
version
int32
The current version of the suppression. This is optional, but it can help prevent concurrent modifications.
type [required]
enum
The type of the resource. The value should always be suppressions
.
Allowed enum values: suppressions
default: suppressions
{
"data": {
"attributes": {
"suppression_query": "env:staging status:low"
},
"type": "suppressions"
}
}
OK
Response object containing a single suppression rule.
항목
유형
설명
data
object
The suppression rule's properties.
attributes
object
The attributes of the suppression rule.
creation_date
int64
A Unix millisecond timestamp given the creation date of the suppression rule.
creator
object
A user.
handle
string
The handle of the user.
name
string
The name of the user.
data_exclusion_query
string
An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.
description
string
A description for the suppression rule.
editable
boolean
Whether the suppression rule is editable.
enabled
boolean
Whether the suppression rule is enabled.
expiration_date
int64
A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.
name
string
The name of the suppression rule.
rule_query
string
The rule query of the suppression rule, with the same syntax as the search bar for detection rules.
suppression_query
string
The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer.
update_date
int64
A Unix millisecond timestamp given the update date of the suppression rule.
updater
object
A user.
handle
string
The handle of the user.
name
string
The name of the user.
version
int32
The version of the suppression rule; it starts at 1, and is incremented at each update.
id
string
The ID of the suppression rule.
type
enum
The type of the resource. The value should always be suppressions
.
Allowed enum values: suppressions
default: suppressions
{
"data": {
"attributes": {
"creation_date": "integer",
"creator": {
"handle": "john.doe@datadoghq.com",
"name": "John Doe"
},
"data_exclusion_query": "source:cloudtrail account_id:12345",
"description": "This rule suppresses low-severity signals in staging environments.",
"editable": true,
"enabled": true,
"expiration_date": 1703187336000,
"name": "Custom suppression",
"rule_query": "type:log_detection source:cloudtrail",
"suppression_query": "env:staging status:low",
"update_date": "integer",
"updater": {
"handle": "john.doe@datadoghq.com",
"name": "John Doe"
},
"version": 42
},
"id": "3dd-0uc-h1s",
"type": "suppressions"
}
}
Bad Request
API error response.
{
"errors": [
"Bad Request"
]
}
Not Authorized
API error response.
{
"errors": [
"Bad Request"
]
}
Not Found
API error response.
{
"errors": [
"Bad Request"
]
}
Concurrent Modification
API error response.
{
"errors": [
"Bad Request"
]
}
Too many requests
API error response.
{
"errors": [
"Bad Request"
]
}
# Path parameters
export suppression_id="CHANGE_ME"
# Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/${suppression_id}" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
"data": {
"attributes": {
"suppression_query": "env:staging status:low"
},
"type": "suppressions"
}
}
EOF
// Update a suppression rule returns "OK" response
package main
import (
"context"
"encoding/json"
"fmt"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main() {
// there is a valid "suppression" in the system
SuppressionDataID := os.Getenv("SUPPRESSION_DATA_ID")
body := datadogV2.SecurityMonitoringSuppressionUpdateRequest{
Data: datadogV2.SecurityMonitoringSuppressionUpdateData{
Attributes: datadogV2.SecurityMonitoringSuppressionUpdateAttributes{
SuppressionQuery: datadog.PtrString("env:staging status:low"),
},
Type: datadogV2.SECURITYMONITORINGSUPPRESSIONTYPE_SUPPRESSIONS,
},
}
ctx := datadog.NewDefaultContext(context.Background())
configuration := datadog.NewConfiguration()
apiClient := datadog.NewAPIClient(configuration)
api := datadogV2.NewSecurityMonitoringApi(apiClient)
resp, r, err := api.UpdateSecurityMonitoringSuppression(ctx, SuppressionDataID, body)
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.UpdateSecurityMonitoringSuppression`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
responseContent, _ := json.MarshalIndent(resp, "", " ")
fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.UpdateSecurityMonitoringSuppression`:\n%s\n", responseContent)
}
First install the library and its dependencies and then save the example to main.go
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Update a suppression rule returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionType;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionUpdateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionUpdateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionUpdateRequest;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
// there is a valid "suppression" in the system
String SUPPRESSION_DATA_ID = System.getenv("SUPPRESSION_DATA_ID");
SecurityMonitoringSuppressionUpdateRequest body =
new SecurityMonitoringSuppressionUpdateRequest()
.data(
new SecurityMonitoringSuppressionUpdateData()
.attributes(
new SecurityMonitoringSuppressionUpdateAttributes()
.suppressionQuery("env:staging status:low"))
.type(SecurityMonitoringSuppressionType.SUPPRESSIONS));
try {
SecurityMonitoringSuppressionResponse result =
apiInstance.updateSecurityMonitoringSuppression(SUPPRESSION_DATA_ID, body);
System.out.println(result);
} catch (ApiException e) {
System.err.println(
"Exception when calling SecurityMonitoringApi#updateSecurityMonitoringSuppression");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
First install the library and its dependencies and then save the example to Example.java
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
"""
Update a suppression rule returns "OK" response
"""
from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType
from datadog_api_client.v2.model.security_monitoring_suppression_update_attributes import (
SecurityMonitoringSuppressionUpdateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_suppression_update_data import (
SecurityMonitoringSuppressionUpdateData,
)
from datadog_api_client.v2.model.security_monitoring_suppression_update_request import (
SecurityMonitoringSuppressionUpdateRequest,
)
# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = environ["SUPPRESSION_DATA_ID"]
body = SecurityMonitoringSuppressionUpdateRequest(
data=SecurityMonitoringSuppressionUpdateData(
attributes=SecurityMonitoringSuppressionUpdateAttributes(
suppression_query="env:staging status:low",
),
type=SecurityMonitoringSuppressionType.SUPPRESSIONS,
),
)
configuration = Configuration()
with ApiClient(configuration) as api_client:
api_instance = SecurityMonitoringApi(api_client)
response = api_instance.update_security_monitoring_suppression(suppression_id=SUPPRESSION_DATA_ID, body=body)
print(response)
First install the library and its dependencies and then save the example to example.py
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Update a suppression rule returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
# there is a valid "suppression" in the system
SUPPRESSION_DATA_ID = ENV["SUPPRESSION_DATA_ID"]
body = DatadogAPIClient::V2::SecurityMonitoringSuppressionUpdateRequest.new({
data: DatadogAPIClient::V2::SecurityMonitoringSuppressionUpdateData.new({
attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionUpdateAttributes.new({
suppression_query: "env:staging status:low",
}),
type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS,
}),
})
p api_instance.update_security_monitoring_suppression(SUPPRESSION_DATA_ID, body)
First install the library and its dependencies and then save the example to example.rb
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Update a suppression rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionType;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionUpdateAttributes;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionUpdateData;
use datadog_api_client::datadogV2::model::SecurityMonitoringSuppressionUpdateRequest;
#[tokio::main]
async fn main() {
// there is a valid "suppression" in the system
let suppression_data_id = std::env::var("SUPPRESSION_DATA_ID").unwrap();
let body = SecurityMonitoringSuppressionUpdateRequest::new(
SecurityMonitoringSuppressionUpdateData::new(
SecurityMonitoringSuppressionUpdateAttributes::new()
.suppression_query("env:staging status:low".to_string()),
SecurityMonitoringSuppressionType::SUPPRESSIONS,
),
);
let configuration = datadog::Configuration::new();
let api = SecurityMonitoringAPI::with_config(configuration);
let resp = api
.update_security_monitoring_suppression(suppression_data_id.clone(), body)
.await;
if let Ok(value) = resp {
println!("{:#?}", value);
} else {
println!("{:#?}", resp.unwrap_err());
}
}
First install the library and its dependencies and then save the example to src/main.rs
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
/**
* Update a suppression rule returns "OK" response
*/
import { client, v2 } from "@datadog/datadog-api-client";
const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);
// there is a valid "suppression" in the system
const SUPPRESSION_DATA_ID = process.env.SUPPRESSION_DATA_ID as string;
const params: v2.SecurityMonitoringApiUpdateSecurityMonitoringSuppressionRequest =
{
body: {
data: {
attributes: {
suppressionQuery: "env:staging status:low",
},
type: "suppressions",
},
},
suppressionId: SUPPRESSION_DATA_ID,
};
apiInstance
.updateSecurityMonitoringSuppression(params)
.then((data: v2.SecurityMonitoringSuppressionResponse) => {
console.log(
"API called successfully. Returned data: " + JSON.stringify(data)
);
})
.catch((error: any) => console.error(error));
First install the library and its dependencies and then save the example to example.ts
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"
Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.
GET https://api.ap1.datadoghq.com/api/v2/posture_management/findingshttps://api.datadoghq.eu/api/v2/posture_management/findingshttps://api.ddog-gov.com/api/v2/posture_management/findingshttps://api.datadoghq.com/api/v2/posture_management/findingshttps://api.us3.datadoghq.com/api/v2/posture_management/findingshttps://api.us5.datadoghq.com/api/v2/posture_management/findings
Get a list of CSPM findings.
Filters can be applied by appending query parameters to the URL.
?filter[attribute_key]=attribute_value
?filter[attribute_key]=attribute_value&filter[attribute_key]=attribute_value...
?filter[tags]=tag_key:tag_value&filter[tags]=tag_key_2:tag_value_2
Here, attribute_key
can be any of the filter keys described further below.
Query parameters of type integer
support comparison operators (>
, >=
, <
, <=
). This is particularly useful when filtering by evaluation_changed_at
or resource_discovery_timestamp
. For example: ?filter[evaluation_changed_at]=>20123123121
.
You can also use the negation operator on strings. For example, use filter[resource_type]=-aws*
to filter for any non-AWS resources.
The operator must come after the equal sign. For example, to filter with the >=
operator, add the operator after the equal sign: filter[evaluation_changed_at]=>=1678809373257
.
Query parameters must be only among the documented ones and with values of correct types. Duplicated query parameters (e.g. filter[status]=low&filter[status]=info
) are not allowed.
The response includes an array of finding objects, pagination metadata, and a count of items that match the query.
Each finding object contains the following:
GetFinding
request to retrieve the full finding details.evaluation_changed_at
and resource_discovery_date
time stamps.OAuth apps require the security_monitoring_findings_read
authorization scope to access this endpoint.
이름
유형
설명
page[limit]
integer
Limit the number of findings returned. Must be <= 1000.
snapshot_timestamp
integer
Return findings for a given snapshot of time (Unix ms).
page[cursor]
string
Return the next page of findings pointed to by the cursor.
filter[tags]
string
Return findings that have these associated tags (repeatable).
filter[evaluation_changed_at]
string
Return findings that have changed from pass to fail or vice versa on a specified date (Unix ms) or date range (using comparison operators).
filter[muted]
boolean
Set to true
to return findings that are muted. Set to false
to return unmuted findings.
filter[rule_id]
string
Return findings for the specified rule ID.
filter[rule_name]
string
Return findings for the specified rule.
filter[resource_type]
string
Return only findings for the specified resource type.
filter[discovery_timestamp]
string
Return findings that were found on a specified date (Unix ms) or date range (using comparison operators).
filter[evaluation]
enum
Return only pass
or fail
findings.
Allowed enum values: pass, fail
filter[status]
enum
Return only findings with the specified status.
Allowed enum values: critical, high, medium, low, info
OK
The expected response schema when listing findings.
항목
유형
설명
data [required]
[object]
Array of findings.
attributes
object
The JSON:API attributes of the finding.
evaluation
enum
The evaluation of the finding.
Allowed enum values: pass,fail
evaluation_changed_at
int64
The date on which the evaluation for this finding changed (Unix ms).
mute
object
Information about the mute status of this finding.
description
string
Additional information about the reason why this finding is muted or unmuted.
expiration_date
int64
The expiration date of the mute or unmute action (Unix ms).
muted
boolean
Whether this finding is muted or unmuted.
reason
enum
The reason why this finding is muted or unmuted.
Allowed enum values: PENDING_FIX,FALSE_POSITIVE,ACCEPTED_RISK,NO_PENDING_FIX,HUMAN_ERROR,NO_LONGER_ACCEPTED_RISK,OTHER
start_date
int64
The start of the mute period.
uuid
string
The ID of the user who muted or unmuted this finding.
resource
string
The resource name of this finding.
resource_discovery_date
int64
The date on which the resource was discovered (Unix ms).
resource_type
string
The resource type of this finding.
rule
object
The rule that triggered this finding.
id
string
The ID of the rule that triggered this finding.
name
string
The name of the rule that triggered this finding.
status
enum
The status of the finding.
Allowed enum values: critical,high,medium,low,info
tags
[string]
The tags associated with this finding.
id
string
The unique ID for this finding.
type
enum
The JSON:API type for findings.
Allowed enum values: finding
default: finding
meta [required]
object
Metadata for pagination.
page
object
Pagination and findings count information.
cursor
string
The cursor used to paginate requests.
total_filtered_count
int64
The total count of findings after the filter has been applied.
snapshot_timestamp
int64
The point in time corresponding to the listed findings.
{
"data": [
{
"attributes": {
"evaluation": "pass",
"evaluation_changed_at": 1678721573794,
"mute": {
"description": "To be resolved later",
"expiration_date": 1778721573794,
"muted": true,
"reason": "ACCEPTED_RISK",
"start_date": 1678721573794,
"uuid": "e51c9744-d158-11ec-ad23-da7ad0900002"
},
"resource": "my_resource_name",
"resource_discovery_date": 1678721573794,
"resource_type": "azure_storage_account",
"rule": {
"id": "dv2-jzf-41i",
"name": "Soft delete is enabled for Azure Storage"
},
"status": "critical",
"tags": [
"cloud_provider:aws",
"myTag:myValue"
]
},
"id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
"type": "finding"
}
],
"meta": {
"page": {
"cursor": "eyJhZnRlciI6IkFRQUFBWWJiaEJXQS1OY1dqUUFBQUFCQldXSmlhRUpYUVVGQlJFSktkbTlDTUdaWFRVbDNRVUUiLCJ2YWx1ZXMiOlsiY3JpdGljYWwiXX0=",
"total_filtered_count": 213
},
"snapshot_timestamp": 1678721573794
}
}
Bad Request: The server cannot process the request due to invalid syntax in the request.
API error response.
항목
유형
설명
errors [required]
[object]
A list of errors.
detail
string
A human-readable explanation specific to this occurrence of the error.
status
string
Status code of the response.
title
string
Short human-readable summary of the error.
{
"errors": [
{
"detail": "Missing required attribute in body",
"status": "400",
"title": "Bad Request"
}
]
}
Forbidden: Access denied
API error response.
항목
유형
설명
errors [required]
[object]
A list of errors.
detail
string
A human-readable explanation specific to this occurrence of the error.
status
string
Status code of the response.
title
string
Short human-readable summary of the error.
{
"errors": [
{
"detail": "Missing required attribute in body",
"status": "400",
"title": "Bad Request"
}
]
}
Not Found: The requested finding cannot be found.
API error response.
항목
유형
설명
errors [required]
[object]
A list of errors.
detail
string
A human-readable explanation specific to this occurrence of the error.
status
string
Status code of the response.
title
string
Short human-readable summary of the error.
{
"errors": [
{
"detail": "Missing required attribute in body",
"status": "400",
"title": "Bad Request"
}
]
}
Too many requests: The rate limit set by the API has been exceeded.
API error response.
항목
유형
설명
errors [required]
[object]
A list of errors.
detail
string
A human-readable explanation specific to this occurrence of the error.
status
string
Status code of the response.
title
string
Short human-readable summary of the error.
{
"errors": [
{
"detail": "Missing required attribute in body",
"status": "400",
"title": "Bad Request"
}
]
}
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/posture_management/findings" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
List findings returns "OK" response
"""
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
configuration = Configuration()
configuration.unstable_operations["list_findings"] = True
with ApiClient(configuration) as api_client:
api_instance = SecurityMonitoringApi(api_client)
response = api_instance.list_findings()
print(response)
First install the library and its dependencies and then save the example to example.py
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# List findings returns "OK" response
require "datadog_api_client"
DatadogAPIClient.configure do |config|
config.unstable_operations["v2.list_findings".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.list_findings()
First install the library and its dependencies and then save the example to example.rb
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// List findings returns "OK" response
package main
import (
"context"
"encoding/json"
"fmt"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main() {
ctx := datadog.NewDefaultContext(context.Background())
configuration := datadog.NewConfiguration()
configuration.SetUnstableOperationEnabled("v2.ListFindings", true)
apiClient := datadog.NewAPIClient(configuration)
api := datadogV2.NewSecurityMonitoringApi(apiClient)
resp, r, err := api.ListFindings(ctx, *datadogV2.NewListFindingsOptionalParameters())
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ListFindings`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
responseContent, _ := json.MarshalIndent(resp, "", " ")
fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.ListFindings`:\n%s\n", responseContent)
}
First install the library and its dependencies and then save the example to main.go
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// List findings returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.ListFindingsResponse;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
defaultClient.setUnstableOperationEnabled("v2.listFindings", true);
SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
try {
ListFindingsResponse result = apiInstance.listFindings();
System.out.println(result);
} catch (ApiException e) {
System.err.println("Exception when calling SecurityMonitoringApi#listFindings");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
First install the library and its dependencies and then save the example to Example.java
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
// List findings returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::ListFindingsOptionalParams;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
#[tokio::main]
async fn main() {
let mut configuration = datadog::Configuration::new();
configuration.set_unstable_operation_enabled("v2.ListFindings", true);
let api = SecurityMonitoringAPI::with_config(configuration);
let resp = api
.list_findings(ListFindingsOptionalParams::default())
.await;
if let Ok(value) = resp {
println!("{:#?}", value);
} else {
println!("{:#?}", resp.unwrap_err());
}
}
First install the library and its dependencies and then save the example to src/main.rs
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
/**
* List findings returns "OK" response
*/
import { client, v2 } from "@datadog/datadog-api-client";
const configuration = client.createConfiguration();
configuration.unstableOperations["v2.listFindings"] = true;
const apiInstance = new v2.SecurityMonitoringApi(configuration);
apiInstance
.listFindings()
.then((data: v2.ListFindingsResponse) => {
console.log(
"API called successfully. Returned data: " + JSON.stringify(data)
);
})
.catch((error: any) => console.error(error));
First install the library and its dependencies and then save the example to example.ts
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"
Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.
GET https://api.ap1.datadoghq.com/api/v2/posture_management/findings/{finding_id}https://api.datadoghq.eu/api/v2/posture_management/findings/{finding_id}https://api.ddog-gov.com/api/v2/posture_management/findings/{finding_id}https://api.datadoghq.com/api/v2/posture_management/findings/{finding_id}https://api.us3.datadoghq.com/api/v2/posture_management/findings/{finding_id}https://api.us5.datadoghq.com/api/v2/posture_management/findings/{finding_id}
Returns a single finding with message and resource configuration.
OAuth apps require the security_monitoring_findings_read
authorization scope to access this endpoint.
이름
유형
설명
finding_id [required]
string
The ID of the finding.
이름
유형
설명
snapshot_timestamp
integer
Return the finding for a given snapshot of time (Unix ms).
OK
The expected response schema when getting a finding.
항목
유형
설명
data [required]
object
A single finding with with message and resource configuration.
attributes
object
The JSON:API attributes of the detailed finding.
evaluation
enum
The evaluation of the finding.
Allowed enum values: pass,fail
evaluation_changed_at
int64
The date on which the evaluation for this finding changed (Unix ms).
message
string
The remediation message for this finding.
mute
object
Information about the mute status of this finding.
description
string
Additional information about the reason why this finding is muted or unmuted.
expiration_date
int64
The expiration date of the mute or unmute action (Unix ms).
muted
boolean
Whether this finding is muted or unmuted.
reason
enum
The reason why this finding is muted or unmuted.
Allowed enum values: PENDING_FIX,FALSE_POSITIVE,ACCEPTED_RISK,NO_PENDING_FIX,HUMAN_ERROR,NO_LONGER_ACCEPTED_RISK,OTHER
start_date
int64
The start of the mute period.
uuid
string
The ID of the user who muted or unmuted this finding.
resource
string
The resource name of this finding.
resource_configuration
object
The resource configuration for this finding.
resource_discovery_date
int64
The date on which the resource was discovered (Unix ms).
resource_type
string
The resource type of this finding.
rule
object
The rule that triggered this finding.
id
string
The ID of the rule that triggered this finding.
name
string
The name of the rule that triggered this finding.
status
enum
The status of the finding.
Allowed enum values: critical,high,medium,low,info
tags
[string]
The tags associated with this finding.
id
string
The unique ID for this finding.
type
enum
The JSON:API type for findings that have the message and resource configuration.
Allowed enum values: detailed_finding
default: detailed_finding
{
"data": {
"attributes": {
"evaluation": "pass",
"evaluation_changed_at": 1678721573794,
"message": "## Remediation\n\n### From the console\n\n1. Go to Storage Account\n2. For each Storage Account, navigate to Data Protection\n3. Select Set soft delete enabled and enter the number of days to retain soft deleted data.",
"mute": {
"description": "To be resolved later",
"expiration_date": 1778721573794,
"muted": true,
"reason": "ACCEPTED_RISK",
"start_date": 1678721573794,
"uuid": "e51c9744-d158-11ec-ad23-da7ad0900002"
},
"resource": "my_resource_name",
"resource_configuration": {},
"resource_discovery_date": 1678721573794,
"resource_type": "azure_storage_account",
"rule": {
"id": "dv2-jzf-41i",
"name": "Soft delete is enabled for Azure Storage"
},
"status": "critical",
"tags": [
"cloud_provider:aws",
"myTag:myValue"
]
},
"id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
"type": "detailed_finding"
}
}
Bad Request: The server cannot process the request due to invalid syntax in the request.
API error response.
항목
유형
설명
errors [required]
[object]
A list of errors.
detail
string
A human-readable explanation specific to this occurrence of the error.
status
string
Status code of the response.
title
string
Short human-readable summary of the error.
{
"errors": [
{
"detail": "Missing required attribute in body",
"status": "400",
"title": "Bad Request"
}
]
}
Forbidden: Access denied
API error response.
항목
유형
설명
errors [required]
[object]
A list of errors.
detail
string
A human-readable explanation specific to this occurrence of the error.
status
string
Status code of the response.
title
string
Short human-readable summary of the error.
{
"errors": [
{
"detail": "Missing required attribute in body",
"status": "400",
"title": "Bad Request"
}
]
}
Not Found: The requested finding cannot be found.
API error response.
항목
유형
설명
errors [required]
[object]
A list of errors.
detail
string
A human-readable explanation specific to this occurrence of the error.
status
string
Status code of the response.
title
string
Short human-readable summary of the error.
{
"errors": [
{
"detail": "Missing required attribute in body",
"status": "400",
"title": "Bad Request"
}
]
}
Too many requests: The rate limit set by the API has been exceeded.
API error response.
항목
유형
설명
errors [required]
[object]
A list of errors.
detail
string
A human-readable explanation specific to this occurrence of the error.
status
string
Status code of the response.
title
string
Short human-readable summary of the error.
{
"errors": [
{
"detail": "Missing required attribute in body",
"status": "400",
"title": "Bad Request"
}
]
}
# Path parameters
export finding_id="CHANGE_ME"
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/posture_management/findings/${finding_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
"""
Get a finding returns "OK" response
"""
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
configuration = Configuration()
configuration.unstable_operations["get_finding"] = True
with ApiClient(configuration) as api_client:
api_instance = SecurityMonitoringApi(api_client)
response = api_instance.get_finding(
finding_id="AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz",
)
print(response)
First install the library and its dependencies and then save the example to example.py
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Get a finding returns "OK" response
require "datadog_api_client"
DatadogAPIClient.configure do |config|
config.unstable_operations["v2.get_finding".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.get_finding("AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz")
First install the library and its dependencies and then save the example to example.rb
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
// Get a finding returns "OK" response
package main
import (
"context"
"encoding/json"
"fmt"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main() {
ctx := datadog.NewDefaultContext(context.Background())
configuration := datadog.NewConfiguration()
configuration.SetUnstableOperationEnabled("v2.GetFinding", true)
apiClient := datadog.NewAPIClient(configuration)
api := datadogV2.NewSecurityMonitoringApi(apiClient)
resp, r, err := api.GetFinding(ctx, "AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz", *datadogV2.NewGetFindingOptionalParameters())
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetFinding`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
responseContent, _ := json.MarshalIndent(resp, "", " ")
fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetFinding`:\n%s\n", responseContent)
}
First install the library and its dependencies and then save the example to main.go
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Get a finding returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.GetFindingResponse;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
defaultClient.setUnstableOperationEnabled("v2.getFinding", true);
SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
try {
GetFindingResponse result =
apiInstance.getFinding(
"AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz");
System.out.println(result);
} catch (ApiException e) {
System.err.println("Exception when calling SecurityMonitoringApi#getFinding");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
First install the library and its dependencies and then save the example to Example.java
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
// Get a finding returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::GetFindingOptionalParams;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
#[tokio::main]
async fn main() {
let mut configuration = datadog::Configuration::new();
configuration.set_unstable_operation_enabled("v2.GetFinding", true);
let api = SecurityMonitoringAPI::with_config(configuration);
let resp =
api
.get_finding(
"AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz".to_string(),
GetFindingOptionalParams::default(),
)
.await;
if let Ok(value) = resp {
println!("{:#?}", value);
} else {
println!("{:#?}", resp.unwrap_err());
}
}
First install the library and its dependencies and then save the example to src/main.rs
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
/**
* Get a finding returns "OK" response
*/
import { client, v2 } from "@datadog/datadog-api-client";
const configuration = client.createConfiguration();
configuration.unstableOperations["v2.getFinding"] = true;
const apiInstance = new v2.SecurityMonitoringApi(configuration);
const params: v2.SecurityMonitoringApiGetFindingRequest = {
findingId:
"AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz",
};
apiInstance
.getFinding(params)
.then((data: v2.GetFindingResponse) => {
console.log(
"API called successfully. Returned data: " + JSON.stringify(data)
);
})
.catch((error: any) => console.error(error));
First install the library and its dependencies and then save the example to example.ts
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"
Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.
PATCH https://api.ap1.datadoghq.com/api/v2/posture_management/findingshttps://api.datadoghq.eu/api/v2/posture_management/findingshttps://api.ddog-gov.com/api/v2/posture_management/findingshttps://api.datadoghq.com/api/v2/posture_management/findingshttps://api.us3.datadoghq.com/api/v2/posture_management/findingshttps://api.us5.datadoghq.com/api/v2/posture_management/findings
Mute or unmute findings.
All findings are updated with the same attributes. The request body must include at least two attributes: muted
and reason
.
The allowed reasons depend on whether the finding is being muted or unmuted:
PENDING_FIX
, FALSE_POSITIVE
, ACCEPTED_RISK
, OTHER
.NO_PENDING_FIX
, HUMAN_ERROR
, NO_LONGER_ACCEPTED_RISK
, OTHER
.The request body must include a list of the finding IDs to be updated.
항목
유형
설명
data [required]
object
Data object containing the new bulk mute properties of the finding.
attributes [required]
object
The mute properties to be updated.
mute [required]
object
Object containing the new mute properties of the findings.
description
string
Additional information about the reason why those findings are muted or unmuted. This field has a maximum limit of 280 characters.
expiration_date
int64
The expiration date of the mute or unmute action (Unix ms). It must be set to a value greater than the current timestamp. If this field is not provided, the finding will be muted or unmuted indefinitely, which is equivalent to setting the expiration date to 9999999999999.
muted [required]
boolean
Whether those findings should be muted or unmuted.
reason [required]
enum
The reason why this finding is muted or unmuted.
Allowed enum values: PENDING_FIX,FALSE_POSITIVE,ACCEPTED_RISK,NO_PENDING_FIX,HUMAN_ERROR,NO_LONGER_ACCEPTED_RISK,OTHER
id [required]
string
UUID to identify the request
meta [required]
object
Meta object containing the findings to be updated.
findings
[object]
Array of findings.
finding_id
string
The unique ID for this finding.
type [required]
enum
The JSON:API type for findings.
Allowed enum values: finding
default: finding
{
"data": {
"attributes": {
"mute": {
"expiration_date": 1778721573794,
"muted": true,
"reason": "ACCEPTED_RISK"
}
},
"id": "dbe5f567-192b-4404-b908-29b70e1c9f76",
"meta": {
"findings": [
{
"finding_id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw=="
}
]
},
"type": "finding"
}
}
OK
The expected response schema.
항목
유형
설명
data [required]
object
Data object containing the ID of the request that was updated.
id
string
UUID used to identify the request
type
enum
The JSON:API type for findings.
Allowed enum values: finding
default: finding
{
"data": {
"id": "93bfeb70-af47-424d-908a-948d3f08e37f",
"type": "finding"
}
}
Bad Request: The server cannot process the request due to invalid syntax in the request.
API error response.
항목
유형
설명
errors [required]
[object]
A list of errors.
detail
string
A human-readable explanation specific to this occurrence of the error.
status
string
Status code of the response.
title
string
Short human-readable summary of the error.
{
"errors": [
{
"detail": "Missing required attribute in body",
"status": "400",
"title": "Bad Request"
}
]
}
Forbidden: Access denied
API error response.
항목
유형
설명
errors [required]
[object]
A list of errors.
detail
string
A human-readable explanation specific to this occurrence of the error.
status
string
Status code of the response.
title
string
Short human-readable summary of the error.
{
"errors": [
{
"detail": "Missing required attribute in body",
"status": "400",
"title": "Bad Request"
}
]
}
Not Found: The requested finding cannot be found.
API error response.
항목
유형
설명
errors [required]
[object]
A list of errors.
detail
string
A human-readable explanation specific to this occurrence of the error.
status
string
Status code of the response.
title
string
Short human-readable summary of the error.
{
"errors": [
{
"detail": "Missing required attribute in body",
"status": "400",
"title": "Bad Request"
}
]
}
Invalid Request: The server understands the request syntax but cannot process it due to invalid data.
API error response.
항목
유형
설명
errors [required]
[object]
A list of errors.
detail
string
A human-readable explanation specific to this occurrence of the error.
status
string
Status code of the response.
title
string
Short human-readable summary of the error.
{
"errors": [
{
"detail": "Missing required attribute in body",
"status": "400",
"title": "Bad Request"
}
]
}
Too many requests: The rate limit set by the API has been exceeded.
API error response.
항목
유형
설명
errors [required]
[object]
A list of errors.
detail
string
A human-readable explanation specific to this occurrence of the error.
status
string
Status code of the response.
title
string
Short human-readable summary of the error.
{
"errors": [
{
"detail": "Missing required attribute in body",
"status": "400",
"title": "Bad Request"
}
]
}
# Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/posture_management/findings" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
"data": {
"attributes": {
"mute": {
"expiration_date": 1778721573794,
"muted": true,
"reason": "ACCEPTED_RISK"
}
},
"id": "dbe5f567-192b-4404-b908-29b70e1c9f76",
"meta": {
"findings": [
{
"finding_id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw=="
}
]
},
"type": "finding"
}
}
EOF
// Mute or unmute a batch of findings returns "OK" response
package main
import (
"context"
"encoding/json"
"fmt"
"os"
"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)
func main() {
body := datadogV2.BulkMuteFindingsRequest{
Data: datadogV2.BulkMuteFindingsRequestData{
Attributes: datadogV2.BulkMuteFindingsRequestAttributes{
Mute: datadogV2.BulkMuteFindingsRequestProperties{
ExpirationDate: datadog.PtrInt64(1778721573794),
Muted: true,
Reason: datadogV2.FINDINGMUTEREASON_ACCEPTED_RISK,
},
},
Id: "dbe5f567-192b-4404-b908-29b70e1c9f76",
Meta: datadogV2.BulkMuteFindingsRequestMeta{
Findings: []datadogV2.BulkMuteFindingsRequestMetaFindings{
{
FindingId: datadog.PtrString("ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw=="),
},
},
},
Type: datadogV2.FINDINGTYPE_FINDING,
},
}
ctx := datadog.NewDefaultContext(context.Background())
configuration := datadog.NewConfiguration()
configuration.SetUnstableOperationEnabled("v2.MuteFindings", true)
apiClient := datadog.NewAPIClient(configuration)
api := datadogV2.NewSecurityMonitoringApi(apiClient)
resp, r, err := api.MuteFindings(ctx, body)
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.MuteFindings`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
responseContent, _ := json.MarshalIndent(resp, "", " ")
fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.MuteFindings`:\n%s\n", responseContent)
}
First install the library and its dependencies and then save the example to main.go
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
// Mute or unmute a batch of findings returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequest;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestAttributes;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestData;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestMeta;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestMetaFindings;
import com.datadog.api.client.v2.model.BulkMuteFindingsRequestProperties;
import com.datadog.api.client.v2.model.BulkMuteFindingsResponse;
import com.datadog.api.client.v2.model.FindingMuteReason;
import com.datadog.api.client.v2.model.FindingType;
import java.util.Collections;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
defaultClient.setUnstableOperationEnabled("v2.muteFindings", true);
SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
BulkMuteFindingsRequest body =
new BulkMuteFindingsRequest()
.data(
new BulkMuteFindingsRequestData()
.attributes(
new BulkMuteFindingsRequestAttributes()
.mute(
new BulkMuteFindingsRequestProperties()
.expirationDate(1778721573794L)
.muted(true)
.reason(FindingMuteReason.ACCEPTED_RISK)))
.id("dbe5f567-192b-4404-b908-29b70e1c9f76")
.meta(
new BulkMuteFindingsRequestMeta()
.findings(
Collections.singletonList(
new BulkMuteFindingsRequestMetaFindings()
.findingId(
"ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw=="))))
.type(FindingType.FINDING));
try {
BulkMuteFindingsResponse result = apiInstance.muteFindings(body);
System.out.println(result);
} catch (ApiException e) {
System.err.println("Exception when calling SecurityMonitoringApi#muteFindings");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
First install the library and its dependencies and then save the example to Example.java
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
"""
Mute or unmute a batch of findings returns "OK" response
"""
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.bulk_mute_findings_request import BulkMuteFindingsRequest
from datadog_api_client.v2.model.bulk_mute_findings_request_attributes import BulkMuteFindingsRequestAttributes
from datadog_api_client.v2.model.bulk_mute_findings_request_data import BulkMuteFindingsRequestData
from datadog_api_client.v2.model.bulk_mute_findings_request_meta import BulkMuteFindingsRequestMeta
from datadog_api_client.v2.model.bulk_mute_findings_request_meta_findings import BulkMuteFindingsRequestMetaFindings
from datadog_api_client.v2.model.bulk_mute_findings_request_properties import BulkMuteFindingsRequestProperties
from datadog_api_client.v2.model.finding_mute_reason import FindingMuteReason
from datadog_api_client.v2.model.finding_type import FindingType
body = BulkMuteFindingsRequest(
data=BulkMuteFindingsRequestData(
attributes=BulkMuteFindingsRequestAttributes(
mute=BulkMuteFindingsRequestProperties(
expiration_date=1778721573794,
muted=True,
reason=FindingMuteReason.ACCEPTED_RISK,
),
),
id="dbe5f567-192b-4404-b908-29b70e1c9f76",
meta=BulkMuteFindingsRequestMeta(
findings=[
BulkMuteFindingsRequestMetaFindings(
finding_id="ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
),
],
),
type=FindingType.FINDING,
),
)
configuration = Configuration()
configuration.unstable_operations["mute_findings"] = True
with ApiClient(configuration) as api_client:
api_instance = SecurityMonitoringApi(api_client)
response = api_instance.mute_findings(body=body)
print(response)
First install the library and its dependencies and then save the example to example.py
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
# Mute or unmute a batch of findings returns "OK" response
require "datadog_api_client"
DatadogAPIClient.configure do |config|
config.unstable_operations["v2.mute_findings".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
body = DatadogAPIClient::V2::BulkMuteFindingsRequest.new({
data: DatadogAPIClient::V2::BulkMuteFindingsRequestData.new({
attributes: DatadogAPIClient::V2::BulkMuteFindingsRequestAttributes.new({
mute: DatadogAPIClient::V2::BulkMuteFindingsRequestProperties.new({
expiration_date: 1778721573794,
muted: true,
reason: DatadogAPIClient::V2::FindingMuteReason::ACCEPTED_RISK,
}),
}),
id: "dbe5f567-192b-4404-b908-29b70e1c9f76",
meta: DatadogAPIClient::V2::BulkMuteFindingsRequestMeta.new({
findings: [
DatadogAPIClient::V2::BulkMuteFindingsRequestMetaFindings.new({
finding_id: "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
}),
],
}),
type: DatadogAPIClient::V2::FindingType::FINDING,
}),
})
p api_instance.mute_findings(body)
First install the library and its dependencies and then save the example to example.rb
and run following commands:
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datado