monitoring_hist_signals
Creates, updates, deletes, gets or lists a monitoring_hist_signals resource.
Overview
| Name | monitoring_hist_signals |
| Type | Resource |
| Id | datadog.security.monitoring_hist_signals |
Fields
The following fields are returned by SELECT queries:
- get_security_monitoring_histsignal
- get_security_monitoring_histsignals_by_job_id
- list_security_monitoring_histsignals
| Name | Datatype | Description |
|---|---|---|
id | string | The unique ID of the security signal. (example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA) |
attributes | object | The object containing all signal attributes and their associated values. |
type | string | The type of event. (default: signal, example: signal) |
| Name | Datatype | Description |
|---|---|---|
id | string | The unique ID of the security signal. (example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA) |
attributes | object | The object containing all signal attributes and their associated values. |
type | string | The type of event. (default: signal, example: signal) |
| Name | Datatype | Description |
|---|---|---|
id | string | The unique ID of the security signal. (example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA) |
attributes | object | The object containing all signal attributes and their associated values. |
type | string | The type of event. (default: signal, example: signal) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_security_monitoring_histsignal | select | histsignal_id, region | Get a hist signal's details. | |
get_security_monitoring_histsignals_by_job_id | select | job_id, region | filter[query], filter[from], filter[to], sort, page[cursor], page[limit] | Get a job's hist signals. |
list_security_monitoring_histsignals | select | region | filter[query], filter[from], filter[to], sort, page[cursor], page[limit] | List hist signals. |
search_security_monitoring_histsignals | exec | region | Search hist signals. | |
convert_job_result_to_signal | exec | region | Convert a job result to a signal. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
histsignal_id | string | The ID of the historical signal. |
job_id | string | The ID of the job. |
region | string | (default: datadoghq.com) |
filter[from] | string (date-time) | The minimum timestamp for requested security signals. (example: 2019-01-02T09:42:36.320Z) |
filter[query] | string | The search query for security signals. (example: security:attack status:high) |
filter[to] | string (date-time) | The maximum timestamp for requested security signals. (example: 2019-01-03T09:42:36.320Z) |
page[cursor] | string | A list of results using the cursor provided in the previous query. (example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==) |
page[limit] | integer (int32) | The maximum number of security signals in the response. (example: 25) |
sort | string | The order of the security signals in results. |
SELECT examples
- get_security_monitoring_histsignal
- get_security_monitoring_histsignals_by_job_id
- list_security_monitoring_histsignals
Get a hist signal's details.
SELECT
id,
attributes,
type
FROM datadog.security.monitoring_hist_signals
WHERE histsignal_id = '{{ histsignal_id }}' -- required
AND region = '{{ region }}' -- required
;
Get a job's hist signals.
SELECT
id,
attributes,
type
FROM datadog.security.monitoring_hist_signals
WHERE job_id = '{{ job_id }}' -- required
AND region = '{{ region }}' -- required
AND filter[query] = '{{ filter[query] }}'
AND filter[from] = '{{ filter[from] }}'
AND filter[to] = '{{ filter[to] }}'
AND sort = '{{ sort }}'
AND page[cursor] = '{{ page[cursor] }}'
AND page[limit] = '{{ page[limit] }}'
;
List hist signals.
SELECT
id,
attributes,
type
FROM datadog.security.monitoring_hist_signals
WHERE region = '{{ region }}' -- required
AND filter[query] = '{{ filter[query] }}'
AND filter[from] = '{{ filter[from] }}'
AND filter[to] = '{{ filter[to] }}'
AND sort = '{{ sort }}'
AND page[cursor] = '{{ page[cursor] }}'
AND page[limit] = '{{ page[limit] }}'
;
Lifecycle Methods
- search_security_monitoring_histsignals
- convert_job_result_to_signal
Search hist signals.
EXEC datadog.security.monitoring_hist_signals.search_security_monitoring_histsignals
@region='{{ region }}' --required
@@json=
'{
"filter": "{{ filter }}",
"page": "{{ page }}",
"sort": "{{ sort }}"
}'
;
Convert a job result to a signal.
EXEC datadog.security.monitoring_hist_signals.convert_job_result_to_signal
@region='{{ region }}' --required
@@json=
'{
"data": "{{ data }}"
}'
;