monitoring_signals
Creates, updates, deletes, gets or lists a monitoring_signals resource.
Overview
| Name | monitoring_signals |
| Type | Resource |
| Id | datadog.security.monitoring_signals |
Fields
The following fields are returned by SELECT queries:
- get_security_monitoring_signal
- list_security_monitoring_signals
| Name | Datatype | Description |
|---|---|---|
id | string | The unique ID of the security signal. (example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA) |
attributes | object | The object containing all signal attributes and their associated values. |
type | string | The type of event. (default: signal, example: signal) |
| Name | Datatype | Description |
|---|---|---|
id | string | The unique ID of the security signal. (example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA) |
attributes | object | The object containing all signal attributes and their associated values. |
type | string | The type of event. (default: signal, example: signal) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_security_monitoring_signal | select | signal_id, region | Get a signal's details. | |
list_security_monitoring_signals | select | region | filter[query], filter[from], filter[to], sort, page[cursor], page[limit] | The list endpoint returns security signals that match a search query. Both this endpoint and the POST endpoint can be used interchangeably when listing security signals. |
search_security_monitoring_signals | exec | region | Returns security signals that match a search query. Both this endpoint and the GET endpoint can be used interchangeably for listing security signals. | |
edit_security_monitoring_signal_assignee | exec | signal_id, region, data | Modify the triage assignee of a security signal. | |
edit_security_monitoring_signal_incidents | exec | signal_id, region, data | Change the related incidents for a security signal. | |
edit_security_monitoring_signal_state | exec | signal_id, region, data | Change the triage state of a security signal. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
region | string | (default: datadoghq.com) |
signal_id | string | The ID of the signal. |
filter[from] | string (date-time) | The minimum timestamp for requested security signals. (example: 2019-01-02T09:42:36.320Z) |
filter[query] | string | The search query for security signals. (example: security:attack status:high) |
filter[to] | string (date-time) | The maximum timestamp for requested security signals. (example: 2019-01-03T09:42:36.320Z) |
page[cursor] | string | A list of results using the cursor provided in the previous query. (example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==) |
page[limit] | integer (int32) | The maximum number of security signals in the response. (example: 25) |
sort | string | The order of the security signals in results. |
SELECT examples
- get_security_monitoring_signal
- list_security_monitoring_signals
Get a signal's details.
SELECT
id,
attributes,
type
FROM datadog.security.monitoring_signals
WHERE signal_id = '{{ signal_id }}' -- required
AND region = '{{ region }}' -- required
;
The list endpoint returns security signals that match a search query.
Both this endpoint and the POST endpoint can be used interchangeably when listing
security signals.
SELECT
id,
attributes,
type
FROM datadog.security.monitoring_signals
WHERE region = '{{ region }}' -- required
AND filter[query] = '{{ filter[query] }}'
AND filter[from] = '{{ filter[from] }}'
AND filter[to] = '{{ filter[to] }}'
AND sort = '{{ sort }}'
AND page[cursor] = '{{ page[cursor] }}'
AND page[limit] = '{{ page[limit] }}'
;
Lifecycle Methods
- search_security_monitoring_signals
- edit_security_monitoring_signal_assignee
- edit_security_monitoring_signal_incidents
- edit_security_monitoring_signal_state
Returns security signals that match a search query.
Both this endpoint and the GET endpoint can be used interchangeably for listing
security signals.
EXEC datadog.security.monitoring_signals.search_security_monitoring_signals
@region='{{ region }}' --required
@@json=
'{
"filter": "{{ filter }}",
"page": "{{ page }}",
"sort": "{{ sort }}"
}'
;
Modify the triage assignee of a security signal.
EXEC datadog.security.monitoring_signals.edit_security_monitoring_signal_assignee
@signal_id='{{ signal_id }}' --required,
@region='{{ region }}' --required
@@json=
'{
"data": "{{ data }}"
}'
;
Change the related incidents for a security signal.
EXEC datadog.security.monitoring_signals.edit_security_monitoring_signal_incidents
@signal_id='{{ signal_id }}' --required,
@region='{{ region }}' --required
@@json=
'{
"data": "{{ data }}"
}'
;
Change the triage state of a security signal.
EXEC datadog.security.monitoring_signals.edit_security_monitoring_signal_state
@signal_id='{{ signal_id }}' --required,
@region='{{ region }}' --required
@@json=
'{
"data": "{{ data }}"
}'
;