Language

한국어 English Français 日本語 Español

Datadog Site

Site help
US1 US3 US5 EU AP1 US1-FED
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Workload Protection

Workload Protection monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. See Workload Protection for more information on setting up Workload Protection.

Note: These endpoints are split based on whether you are using the US1-FED site or not. Please reference the specific resource for the site you are using.

Download the Workload Protection policy

GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/policy/downloadhttps://api.datadoghq.eu/api/v2/remote_config/products/cws/policy/downloadhttps://api.ddog-gov.com/api/v2/remote_config/products/cws/policy/downloadhttps://api.datadoghq.com/api/v2/remote_config/products/cws/policy/downloadhttps://api.us3.datadoghq.com/api/v2/remote_config/products/cws/policy/downloadhttps://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy/download

개요

The download endpoint generates a Workload Protection policy file from your currently active Workload Protection rules, and downloads them as a .policy file. This file can then be deployed to your Agents to update the policy running in your environment.

Note: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.

응답

OK

Expand All

항목

유형

설명

No response body

{}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy/download" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

Get all Workload Protection Agent rules

GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_ruleshttps://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.datadoghq.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules

개요

Get the list of Workload Protection Agent rules.

Note: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.

응답

OK

Response object that includes a list of Agent rule

Expand All

항목

유형

설명

data

[object]

A list of Agent rules objects

attributes

object

A Workload Protection Agent rule returned by the API.

actions

[object]

The array of actions the rule can perform if triggered

filter

string

SECL expression used to target the container to apply the action on

kill

object

Kill system call applied on the container matching the rule

signal

string

Supported signals for the kill system call

agentConstraint

string

The version of the Agent

category

string

The category of the Agent rule

creationAuthorUuId

string

The ID of the user who created the rule

creationDate

int64

When the Agent rule was created, timestamp in milliseconds

creator

object

The attributes of the user who created the Agent rule

handle

string

The handle of the user

name

string

The name of the user

defaultRule

boolean

Whether the rule is included by default

description

string

The description of the Agent rule

enabled

boolean

Whether the Agent rule is enabled

expression

string

The SECL expression of the Agent rule

filters

[string]

The platforms the Agent rule is supported on

name

string

The name of the Agent rule

product_tags

[string]

The list of product tags associated with the rule

updateAuthorUuId

string

The ID of the user who updated the rule

updateDate

int64

Timestamp in milliseconds when the Agent rule was last updated

updatedAt

int64

When the Agent rule was last updated, timestamp in milliseconds

updater

object

The attributes of the user who last updated the Agent rule

handle

string

The handle of the user

name

string

The name of the user

version

int64

The version of the Agent rule

id

string

The ID of the Agent rule

type

enum

The type of the resource, must always be agent_rule Allowed enum values: agent_rule

default: agent_rule

{
  "data": [
    {
      "attributes": {
        "actions": [
          {
            "filter": "string",
            "kill": {
              "signal": "string"
            }
          }
        ],
        "agentConstraint": "string",
        "category": "Process Activity",
        "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
        "creationDate": 1624366480320,
        "creator": {
          "handle": "datadog.user@example.com",
          "name": "Datadog User"
        },
        "defaultRule": false,
        "description": "My Agent rule",
        "enabled": true,
        "expression": "exec.file.name == \"sh\"",
        "filters": [],
        "name": "my_agent_rule",
        "product_tags": [],
        "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
        "updateDate": 1624366480320,
        "updatedAt": 1624366480320,
        "updater": {
          "handle": "datadog.user@example.com",
          "name": "Datadog User"
        },
        "version": 23
      },
      "id": "3dd-0uc-h1s",
      "type": "agent_rule"
    }
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

Create a Workload Protection Agent rule

POST https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_ruleshttps://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.datadoghq.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_ruleshttps://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules

개요

Create a new Workload Protection Agent rule with the given parameters.

Note: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.

요청

Body Data (required)

The definition of the new Agent rule

Expand All

항목

유형

설명

data [required]

object

Object for a single Agent rule

attributes [required]

object

Create a new Workload Protection Agent rule.

description

string

The description of the Agent rule.

enabled

boolean

Whether the Agent rule is enabled

expression [required]

string

The SECL expression of the Agent rule.

filters

[string]

The platforms the Agent rule is supported on

name [required]

string

The name of the Agent rule.

policy_id

string

The ID of the policy where the Agent rule is saved

product_tags

[string]

The list of product tags associated with the rule

type [required]

enum

The type of the resource, must always be agent_rule Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "description": "My Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \"sh\"",
      "filters": [],
      "name": "exampleworkloadprotection",
      "policy_id": "6517fcc1-cec7-4394-a655-8d6e9d085255",
      "product_tags": []
    },
    "type": "agent_rule"
  }
}

응답

OK

Response object that includes an Agent rule

Expand All

항목

유형

설명

data

object

Object for a single Agent rule

attributes

object

A Workload Protection Agent rule returned by the API.

actions

[object]

The array of actions the rule can perform if triggered

filter

string

SECL expression used to target the container to apply the action on

kill

object

Kill system call applied on the container matching the rule

signal

string

Supported signals for the kill system call

agentConstraint

string

The version of the Agent

category

string

The category of the Agent rule

creationAuthorUuId

string

The ID of the user who created the rule

creationDate

int64

When the Agent rule was created, timestamp in milliseconds

creator

object

The attributes of the user who created the Agent rule

handle

string

The handle of the user

name

string

The name of the user

defaultRule

boolean

Whether the rule is included by default

description

string

The description of the Agent rule

enabled

boolean

Whether the Agent rule is enabled

expression

string

The SECL expression of the Agent rule

filters

[string]

The platforms the Agent rule is supported on

name

string

The name of the Agent rule

product_tags

[string]

The list of product tags associated with the rule

updateAuthorUuId

string

The ID of the user who updated the rule

updateDate

int64

Timestamp in milliseconds when the Agent rule was last updated

updatedAt

int64

When the Agent rule was last updated, timestamp in milliseconds

updater

object

The attributes of the user who last updated the Agent rule

handle

string

The handle of the user

name

string

The name of the user

version

int64

The version of the Agent rule

id

string

The ID of the Agent rule

type

enum

The type of the resource, must always be agent_rule Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "actions": [
        {
          "filter": "string",
          "kill": {
            "signal": "string"
          }
        }
      ],
      "agentConstraint": "string",
      "category": "Process Activity",
      "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "creationDate": 1624366480320,
      "creator": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "defaultRule": false,
      "description": "My Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \"sh\"",
      "filters": [],
      "name": "my_agent_rule",
      "product_tags": [],
      "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "updateDate": 1624366480320,
      "updatedAt": 1624366480320,
      "updater": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "version": 23
    },
    "id": "3dd-0uc-h1s",
    "type": "agent_rule"
  }
}

Bad Request

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Conflict

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

                          # Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "description": "My Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \"sh\"",
      "filters": [],
      "name": "exampleworkloadprotection",
      "policy_id": "6517fcc1-cec7-4394-a655-8d6e9d085255",
      "product_tags": []
    },
    "type": "agent_rule"
  }
}
EOF

Get a Workload Protection Agent rule

GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}

개요

Get the details of a specific Workload Protection Agent rule.

Note: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.

인수

경로 파라미터

이름

유형

설명

agent_rule_id [required]

string

The ID of the Agent rule

쿼리 문자열

이름

유형

설명

policy_id

string

The ID of the Agent policy

응답

OK

Response object that includes an Agent rule

Expand All

항목

유형

설명

data

object

Object for a single Agent rule

attributes

object

A Workload Protection Agent rule returned by the API.

actions

[object]

The array of actions the rule can perform if triggered

filter

string

SECL expression used to target the container to apply the action on

kill

object

Kill system call applied on the container matching the rule

signal

string

Supported signals for the kill system call

agentConstraint

string

The version of the Agent

category

string

The category of the Agent rule

creationAuthorUuId

string

The ID of the user who created the rule

creationDate

int64

When the Agent rule was created, timestamp in milliseconds

creator

object

The attributes of the user who created the Agent rule

handle

string

The handle of the user

name

string

The name of the user

defaultRule

boolean

Whether the rule is included by default

description

string

The description of the Agent rule

enabled

boolean

Whether the Agent rule is enabled

expression

string

The SECL expression of the Agent rule

filters

[string]

The platforms the Agent rule is supported on

name

string

The name of the Agent rule

product_tags

[string]

The list of product tags associated with the rule

updateAuthorUuId

string

The ID of the user who updated the rule

updateDate

int64

Timestamp in milliseconds when the Agent rule was last updated

updatedAt

int64

When the Agent rule was last updated, timestamp in milliseconds

updater

object

The attributes of the user who last updated the Agent rule

handle

string

The handle of the user

name

string

The name of the user

version

int64

The version of the Agent rule

id

string

The ID of the Agent rule

type

enum

The type of the resource, must always be agent_rule Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "actions": [
        {
          "filter": "string",
          "kill": {
            "signal": "string"
          }
        }
      ],
      "agentConstraint": "string",
      "category": "Process Activity",
      "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "creationDate": 1624366480320,
      "creator": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "defaultRule": false,
      "description": "My Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \"sh\"",
      "filters": [],
      "name": "my_agent_rule",
      "product_tags": [],
      "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "updateDate": 1624366480320,
      "updatedAt": 1624366480320,
      "updater": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "version": 23
    },
    "id": "3dd-0uc-h1s",
    "type": "agent_rule"
  }
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

                  # Path parameters
export agent_rule_id="3b5-v82-ns6"
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/${agent_rule_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

Update a Workload Protection Agent rule

PATCH https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}

개요

Update a specific Workload Protection Agent rule. Returns the Agent rule object when the request is successful.

Note: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.

인수

경로 파라미터

이름

유형

설명

agent_rule_id [required]

string

The ID of the Agent rule

쿼리 문자열

이름

유형

설명

policy_id

string

The ID of the Agent policy

요청

Body Data (required)

New definition of the Agent rule

Expand All

항목

유형

설명

data [required]

object

Object for a single Agent rule

attributes [required]

object

Update an existing Workload Protection Agent rule.

description

string

The description of the Agent rule

enabled

boolean

Whether the Agent rule is enabled

expression

string

The SECL expression of the Agent rule

policy_id

string

The ID of the policy where the Agent rule is saved

product_tags

[string]

The list of product tags associated with the rule

id

string

The ID of the Agent rule

type [required]

enum

The type of the resource, must always be agent_rule Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "description": "My Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \"sh\"",
      "policy_id": "a8c8e364-6556-434d-b798-a4c23de29c0b",
      "product_tags": []
    },
    "id": "3dd-0uc-h1s",
    "type": "agent_rule"
  }
}

응답

OK

Response object that includes an Agent rule

Expand All

항목

유형

설명

data

object

Object for a single Agent rule

attributes

object

A Workload Protection Agent rule returned by the API.

actions

[object]

The array of actions the rule can perform if triggered

filter

string

SECL expression used to target the container to apply the action on

kill

object

Kill system call applied on the container matching the rule

signal

string

Supported signals for the kill system call

agentConstraint

string

The version of the Agent

category

string

The category of the Agent rule

creationAuthorUuId

string

The ID of the user who created the rule

creationDate

int64

When the Agent rule was created, timestamp in milliseconds

creator

object

The attributes of the user who created the Agent rule

handle

string

The handle of the user

name

string

The name of the user

defaultRule

boolean

Whether the rule is included by default

description

string

The description of the Agent rule

enabled

boolean

Whether the Agent rule is enabled

expression

string

The SECL expression of the Agent rule

filters

[string]

The platforms the Agent rule is supported on

name

string

The name of the Agent rule

product_tags

[string]

The list of product tags associated with the rule

updateAuthorUuId

string

The ID of the user who updated the rule

updateDate

int64

Timestamp in milliseconds when the Agent rule was last updated

updatedAt

int64

When the Agent rule was last updated, timestamp in milliseconds

updater

object

The attributes of the user who last updated the Agent rule

handle

string

The handle of the user

name

string

The name of the user

version

int64

The version of the Agent rule

id

string

The ID of the Agent rule

type

enum

The type of the resource, must always be agent_rule Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "actions": [
        {
          "filter": "string",
          "kill": {
            "signal": "string"
          }
        }
      ],
      "agentConstraint": "string",
      "category": "Process Activity",
      "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "creationDate": 1624366480320,
      "creator": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "defaultRule": false,
      "description": "My Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \"sh\"",
      "filters": [],
      "name": "my_agent_rule",
      "product_tags": [],
      "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "updateDate": 1624366480320,
      "updatedAt": 1624366480320,
      "updater": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "version": 23
    },
    "id": "3dd-0uc-h1s",
    "type": "agent_rule"
  }
}

Bad Request

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Concurrent Modification

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

                  # Path parameters
export agent_rule_id="3b5-v82-ns6"
# Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/${agent_rule_id}" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {},
    "type": "agent_rule"
  }
}
EOF

Delete a Workload Protection Agent rule

DELETE https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.datadoghq.eu/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.ddog-gov.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}

개요

Delete a specific Workload Protection Agent rule.

Note: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.

인수

경로 파라미터

이름

유형

설명

agent_rule_id [required]

string

The ID of the Agent rule

쿼리 문자열

이름

유형

설명

policy_id

string

The ID of the Agent policy

응답

OK

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

                  # Path parameters
export agent_rule_id="3b5-v82-ns6"
# Curl command
curl -X DELETE "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/agent_rules/${agent_rule_id}" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

Get all Workload Protection Agent policies

GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/policyhttps://api.datadoghq.eu/api/v2/remote_config/products/cws/policyhttps://api.ddog-gov.com/api/v2/remote_config/products/cws/policyhttps://api.datadoghq.com/api/v2/remote_config/products/cws/policyhttps://api.us3.datadoghq.com/api/v2/remote_config/products/cws/policyhttps://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy

개요

Get the list of Workload Protection Agent policies

응답

OK

Response object that includes a list of Agent policies

Expand All

항목

유형

설명

data

[object]

A list of Agent policy objects

attributes

object

A Cloud Workload Security Agent policy returned by the API

blockingRulesCount

int32

The number of rules with the blocking feature in this policy

datadogManaged

boolean

Whether the policy is managed by Datadog

description

string

The description of the policy

disabledRulesCount

int32

The number of rules that are disabled in this policy

enabled

boolean

Whether the Agent policy is enabled

hostTags

[string]

The host tags defining where this policy is deployed

hostTagsLists

[array]

The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR

monitoringRulesCount

int32

The number of rules in the monitoring state in this policy

name

string

The name of the policy

policyVersion

string

The version of the policy

priority

int64

The priority of the policy

ruleCount

int32

The number of rules in this policy

updateDate

int64

Timestamp in milliseconds when the policy was last updated

updatedAt

int64

When the policy was last updated, timestamp in milliseconds

updater

object

The attributes of the user who last updated the policy

handle

string

The handle of the user

name

string

The name of the user

id

string

The ID of the Agent policy

type

enum

The type of the resource, must always be policy Allowed enum values: policy

default: policy

{
  "data": [
    {
      "attributes": {
        "blockingRulesCount": 100,
        "datadogManaged": false,
        "description": "My agent policy",
        "disabledRulesCount": 100,
        "enabled": true,
        "hostTags": [],
        "hostTagsLists": [],
        "monitoringRulesCount": 100,
        "name": "my_agent_policy",
        "policyVersion": "1",
        "priority": 10,
        "ruleCount": 100,
        "updateDate": 1624366480320,
        "updatedAt": 1624366480320,
        "updater": {
          "handle": "datadog.user@example.com",
          "name": "Datadog User"
        }
      },
      "id": "6517fcc1-cec7-4394-a655-8d6e9d085255",
      "type": "policy"
    }
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

Create a Workload Protection Agent policy

POST https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/policyhttps://api.datadoghq.eu/api/v2/remote_config/products/cws/policyhttps://api.ddog-gov.com/api/v2/remote_config/products/cws/policyhttps://api.datadoghq.com/api/v2/remote_config/products/cws/policyhttps://api.us3.datadoghq.com/api/v2/remote_config/products/cws/policyhttps://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy

개요

Create a new Workload Protection Agent policy with the given parameters

요청

Body Data (required)

The definition of the new Agent policy

Expand All

항목

유형

설명

data [required]

object

Object for a single Agent rule

attributes [required]

object

Create a new Cloud Workload Security Agent policy

description

string

The description of the policy

enabled

boolean

Whether the policy is enabled

hostTags

[string]

The host tags defining where this policy is deployed

hostTagsLists

[array]

The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR

name [required]

string

The name of the policy

type [required]

enum

The type of the resource, must always be policy Allowed enum values: policy

default: policy

{
  "data": {
    "attributes": {
      "description": "My agent policy",
      "enabled": true,
      "hostTagsLists": [
        [
          "env:test"
        ]
      ],
      "name": "my_agent_policy"
    },
    "type": "policy"
  }
}

응답

OK

Response object that includes an Agent policy

Expand All

항목

유형

설명

data

object

Object for a single Agent policy

attributes

object

A Cloud Workload Security Agent policy returned by the API

blockingRulesCount

int32

The number of rules with the blocking feature in this policy

datadogManaged

boolean

Whether the policy is managed by Datadog

description

string

The description of the policy

disabledRulesCount

int32

The number of rules that are disabled in this policy

enabled

boolean

Whether the Agent policy is enabled

hostTags

[string]

The host tags defining where this policy is deployed

hostTagsLists

[array]

The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR

monitoringRulesCount

int32

The number of rules in the monitoring state in this policy

name

string

The name of the policy

policyVersion

string

The version of the policy

priority

int64

The priority of the policy

ruleCount

int32

The number of rules in this policy

updateDate

int64

Timestamp in milliseconds when the policy was last updated

updatedAt

int64

When the policy was last updated, timestamp in milliseconds

updater

object

The attributes of the user who last updated the policy

handle

string

The handle of the user

name

string

The name of the user

id

string

The ID of the Agent policy

type

enum

The type of the resource, must always be policy Allowed enum values: policy

default: policy

{
  "data": {
    "attributes": {
      "blockingRulesCount": 100,
      "datadogManaged": false,
      "description": "My agent policy",
      "disabledRulesCount": 100,
      "enabled": true,
      "hostTags": [],
      "hostTagsLists": [],
      "monitoringRulesCount": 100,
      "name": "my_agent_policy",
      "policyVersion": "1",
      "priority": 10,
      "ruleCount": 100,
      "updateDate": 1624366480320,
      "updatedAt": 1624366480320,
      "updater": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      }
    },
    "id": "6517fcc1-cec7-4394-a655-8d6e9d085255",
    "type": "policy"
  }
}

Bad Request

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Conflict

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

                          # Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "description": "My agent policy",
      "enabled": true,
      "hostTagsLists": [
        [
          "env:test"
        ]
      ],
      "name": "my_agent_policy"
    },
    "type": "policy"
  }
}
EOF

Get a Workload Protection Agent policy

GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id}https://api.datadoghq.eu/api/v2/remote_config/products/cws/policy/{policy_id}https://api.ddog-gov.com/api/v2/remote_config/products/cws/policy/{policy_id}https://api.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id}https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id}https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id}

개요

Get the details of a specific Workload Protection Agent policy

인수

경로 파라미터

이름

유형

설명

policy_id [required]

string

The ID of the Agent policy

응답

OK

Response object that includes an Agent policy

Expand All

항목

유형

설명

data

object

Object for a single Agent policy

attributes

object

A Cloud Workload Security Agent policy returned by the API

blockingRulesCount

int32

The number of rules with the blocking feature in this policy

datadogManaged

boolean

Whether the policy is managed by Datadog

description

string

The description of the policy

disabledRulesCount

int32

The number of rules that are disabled in this policy

enabled

boolean

Whether the Agent policy is enabled

hostTags

[string]

The host tags defining where this policy is deployed

hostTagsLists

[array]

The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR

monitoringRulesCount

int32

The number of rules in the monitoring state in this policy

name

string

The name of the policy

policyVersion

string

The version of the policy

priority

int64

The priority of the policy

ruleCount

int32

The number of rules in this policy

updateDate

int64

Timestamp in milliseconds when the policy was last updated

updatedAt

int64

When the policy was last updated, timestamp in milliseconds

updater

object

The attributes of the user who last updated the policy

handle

string

The handle of the user

name

string

The name of the user

id

string

The ID of the Agent policy

type

enum

The type of the resource, must always be policy Allowed enum values: policy

default: policy

{
  "data": {
    "attributes": {
      "blockingRulesCount": 100,
      "datadogManaged": false,
      "description": "My agent policy",
      "disabledRulesCount": 100,
      "enabled": true,
      "hostTags": [],
      "hostTagsLists": [],
      "monitoringRulesCount": 100,
      "name": "my_agent_policy",
      "policyVersion": "1",
      "priority": 10,
      "ruleCount": 100,
      "updateDate": 1624366480320,
      "updatedAt": 1624366480320,
      "updater": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      }
    },
    "id": "6517fcc1-cec7-4394-a655-8d6e9d085255",
    "type": "policy"
  }
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

                  # Path parameters
export policy_id="6517fcc1-cec7-4394-a655-8d6e9d085255"
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy/${policy_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

Update a Workload Protection Agent policy

PATCH https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id}https://api.datadoghq.eu/api/v2/remote_config/products/cws/policy/{policy_id}https://api.ddog-gov.com/api/v2/remote_config/products/cws/policy/{policy_id}https://api.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id}https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id}https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id}

개요

Update a specific Workload Protection Agent policy. Returns the Agent policy object when the request is successful.

인수

경로 파라미터

이름

유형

설명

policy_id [required]

string

The ID of the Agent policy

요청

Body Data (required)

New definition of the Agent policy

Expand All

항목

유형

설명

data [required]

object

Object for a single Agent policy

attributes [required]

object

Update an existing Cloud Workload Security Agent policy

description

string

The description of the policy

enabled

boolean

Whether the policy is enabled

hostTags

[string]

The host tags defining where this policy is deployed

hostTagsLists

[array]

The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR

name

string

The name of the policy

id

string

The ID of the Agent policy

type [required]

enum

The type of the resource, must always be policy Allowed enum values: policy

default: policy

{
  "data": {
    "attributes": {
      "description": "Updated agent policy",
      "enabled": true,
      "hostTagsLists": [
        [
          "env:test"
        ]
      ],
      "name": "updated_agent_policy"
    },
    "id": "6517fcc1-cec7-4394-a655-8d6e9d085255",
    "type": "policy"
  }
}

응답

OK

Response object that includes an Agent policy

Expand All

항목

유형

설명

data

object

Object for a single Agent policy

attributes

object

A Cloud Workload Security Agent policy returned by the API

blockingRulesCount

int32

The number of rules with the blocking feature in this policy

datadogManaged

boolean

Whether the policy is managed by Datadog

description

string

The description of the policy

disabledRulesCount

int32

The number of rules that are disabled in this policy

enabled

boolean

Whether the Agent policy is enabled

hostTags

[string]

The host tags defining where this policy is deployed

hostTagsLists

[array]

The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR

monitoringRulesCount

int32

The number of rules in the monitoring state in this policy

name

string

The name of the policy

policyVersion

string

The version of the policy

priority

int64

The priority of the policy

ruleCount

int32

The number of rules in this policy

updateDate

int64

Timestamp in milliseconds when the policy was last updated

updatedAt

int64

When the policy was last updated, timestamp in milliseconds

updater

object

The attributes of the user who last updated the policy

handle

string

The handle of the user

name

string

The name of the user

id

string

The ID of the Agent policy

type

enum

The type of the resource, must always be policy Allowed enum values: policy

default: policy

{
  "data": {
    "attributes": {
      "blockingRulesCount": 100,
      "datadogManaged": false,
      "description": "My agent policy",
      "disabledRulesCount": 100,
      "enabled": true,
      "hostTags": [],
      "hostTagsLists": [],
      "monitoringRulesCount": 100,
      "name": "my_agent_policy",
      "policyVersion": "1",
      "priority": 10,
      "ruleCount": 100,
      "updateDate": 1624366480320,
      "updatedAt": 1624366480320,
      "updater": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      }
    },
    "id": "6517fcc1-cec7-4394-a655-8d6e9d085255",
    "type": "policy"
  }
}

Bad Request

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Concurrent Modification

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

                          # Path parameters
export policy_id="6517fcc1-cec7-4394-a655-8d6e9d085255"
# Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy/${policy_id}" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "description": "Updated agent policy",
      "enabled": true,
      "hostTagsLists": [
        [
          "env:test"
        ]
      ],
      "name": "updated_agent_policy"
    },
    "id": "6517fcc1-cec7-4394-a655-8d6e9d085255",
    "type": "policy"
  }
}
EOF

Delete a Workload Protection Agent policy

DELETE https://api.ap1.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id}https://api.datadoghq.eu/api/v2/remote_config/products/cws/policy/{policy_id}https://api.ddog-gov.com/api/v2/remote_config/products/cws/policy/{policy_id}https://api.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id}https://api.us3.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id}https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy/{policy_id}

개요

Delete a specific Workload Protection Agent policy

인수

경로 파라미터

이름

유형

설명

policy_id [required]

string

The ID of the Agent policy

응답

OK

OK

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

                  # Path parameters
export policy_id="6517fcc1-cec7-4394-a655-8d6e9d085255"
# Curl command
curl -X DELETE "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/remote_config/products/cws/policy/${policy_id}" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

Download the Workload Protection policy (US1-FED)

GET https://api.ap1.datadoghq.com/api/v2/security/cloud_workload/policy/downloadhttps://api.datadoghq.eu/api/v2/security/cloud_workload/policy/downloadhttps://api.ddog-gov.com/api/v2/security/cloud_workload/policy/downloadhttps://api.datadoghq.com/api/v2/security/cloud_workload/policy/downloadhttps://api.us3.datadoghq.com/api/v2/security/cloud_workload/policy/downloadhttps://api.us5.datadoghq.com/api/v2/security/cloud_workload/policy/download

개요

The download endpoint generates a Workload Protection policy file from your currently active Workload Protection rules, and downloads them as a .policy file. This file can then be deployed to your Agents to update the policy running in your environment.

Note: This endpoint should only be used for the Government (US1-FED) site.

This endpoint requires the security_monitoring_cws_agent_rules_read permission.

응답

OK

Expand All

항목

유형

설명

No response body

{}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security/cloud_workload/policy/download" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

Get all Workload Protection Agent rules (US1-FED)

GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules

개요

Get the list of Agent rules.

Note: This endpoint should only be used for the Government (US1-FED) site.

This endpoint requires the security_monitoring_cws_agent_rules_read permission.

응답

OK

Response object that includes a list of Agent rule

Expand All

항목

유형

설명

data

[object]

A list of Agent rules objects

attributes

object

A Workload Protection Agent rule returned by the API.

actions

[object]

The array of actions the rule can perform if triggered

filter

string

SECL expression used to target the container to apply the action on

kill

object

Kill system call applied on the container matching the rule

signal

string

Supported signals for the kill system call

agentConstraint

string

The version of the Agent

category

string

The category of the Agent rule

creationAuthorUuId

string

The ID of the user who created the rule

creationDate

int64

When the Agent rule was created, timestamp in milliseconds

creator

object

The attributes of the user who created the Agent rule

handle

string

The handle of the user

name

string

The name of the user

defaultRule

boolean

Whether the rule is included by default

description

string

The description of the Agent rule

enabled

boolean

Whether the Agent rule is enabled

expression

string

The SECL expression of the Agent rule

filters

[string]

The platforms the Agent rule is supported on

name

string

The name of the Agent rule

product_tags

[string]

The list of product tags associated with the rule

updateAuthorUuId

string

The ID of the user who updated the rule

updateDate

int64

Timestamp in milliseconds when the Agent rule was last updated

updatedAt

int64

When the Agent rule was last updated, timestamp in milliseconds

updater

object

The attributes of the user who last updated the Agent rule

handle

string

The handle of the user

name

string

The name of the user

version

int64

The version of the Agent rule

id

string

The ID of the Agent rule

type

enum

The type of the resource, must always be agent_rule Allowed enum values: agent_rule

default: agent_rule

{
  "data": [
    {
      "attributes": {
        "actions": [
          {
            "filter": "string",
            "kill": {
              "signal": "string"
            }
          }
        ],
        "agentConstraint": "string",
        "category": "Process Activity",
        "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
        "creationDate": 1624366480320,
        "creator": {
          "handle": "datadog.user@example.com",
          "name": "Datadog User"
        },
        "defaultRule": false,
        "description": "My Agent rule",
        "enabled": true,
        "expression": "exec.file.name == \"sh\"",
        "filters": [],
        "name": "my_agent_rule",
        "product_tags": [],
        "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
        "updateDate": 1624366480320,
        "updatedAt": 1624366480320,
        "updater": {
          "handle": "datadog.user@example.com",
          "name": "Datadog User"
        },
        "version": 23
      },
      "id": "3dd-0uc-h1s",
      "type": "agent_rule"
    }
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

Create a Workload Protection Agent rule (US1-FED)

POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_ruleshttps://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules

개요

Create a new Agent rule with the given parameters.

Note: This endpoint should only be used for the Government (US1-FED) site.

This endpoint requires the security_monitoring_cws_agent_rules_write permission.

요청

Body Data (required)

The definition of the new Agent rule

Expand All

항목

유형

설명

data [required]

object

Object for a single Agent rule

attributes [required]

object

Create a new Workload Protection Agent rule.

description

string

The description of the Agent rule.

enabled

boolean

Whether the Agent rule is enabled

expression [required]

string

The SECL expression of the Agent rule.

filters

[string]

The platforms the Agent rule is supported on

name [required]

string

The name of the Agent rule.

policy_id

string

The ID of the policy where the Agent rule is saved

product_tags

[string]

The list of product tags associated with the rule

type [required]

enum

The type of the resource, must always be agent_rule Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "description": "My Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \"sh\"",
      "filters": [],
      "name": "exampleworkloadprotection"
    },
    "type": "agent_rule"
  }
}

응답

OK

Response object that includes an Agent rule

Expand All

항목

유형

설명

data

object

Object for a single Agent rule

attributes

object

A Workload Protection Agent rule returned by the API.

actions

[object]

The array of actions the rule can perform if triggered

filter

string

SECL expression used to target the container to apply the action on

kill

object

Kill system call applied on the container matching the rule

signal

string

Supported signals for the kill system call

agentConstraint

string

The version of the Agent

category

string

The category of the Agent rule

creationAuthorUuId

string

The ID of the user who created the rule

creationDate

int64

When the Agent rule was created, timestamp in milliseconds

creator

object

The attributes of the user who created the Agent rule

handle

string

The handle of the user

name

string

The name of the user

defaultRule

boolean

Whether the rule is included by default

description

string

The description of the Agent rule

enabled

boolean

Whether the Agent rule is enabled

expression

string

The SECL expression of the Agent rule

filters

[string]

The platforms the Agent rule is supported on

name

string

The name of the Agent rule

product_tags

[string]

The list of product tags associated with the rule

updateAuthorUuId

string

The ID of the user who updated the rule

updateDate

int64

Timestamp in milliseconds when the Agent rule was last updated

updatedAt

int64

When the Agent rule was last updated, timestamp in milliseconds

updater

object

The attributes of the user who last updated the Agent rule

handle

string

The handle of the user

name

string

The name of the user

version

int64

The version of the Agent rule

id

string

The ID of the Agent rule

type

enum

The type of the resource, must always be agent_rule Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "actions": [
        {
          "filter": "string",
          "kill": {
            "signal": "string"
          }
        }
      ],
      "agentConstraint": "string",
      "category": "Process Activity",
      "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "creationDate": 1624366480320,
      "creator": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "defaultRule": false,
      "description": "My Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \"sh\"",
      "filters": [],
      "name": "my_agent_rule",
      "product_tags": [],
      "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "updateDate": 1624366480320,
      "updatedAt": 1624366480320,
      "updater": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "version": 23
    },
    "id": "3dd-0uc-h1s",
    "type": "agent_rule"
  }
}

Bad Request

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Conflict

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

                          # Curl command
curl -X POST "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "description": "My Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \"sh\"",
      "filters": [],
      "name": "exampleworkloadprotection"
    },
    "type": "agent_rule"
  }
}
EOF

Get a Workload Protection Agent rule (US1-FED)

GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}

개요

Get the details of a specific Agent rule.

Note: This endpoint should only be used for the Government (US1-FED) site.

This endpoint requires the security_monitoring_cws_agent_rules_read permission.

인수

경로 파라미터

이름

유형

설명

agent_rule_id [required]

string

The ID of the Agent rule

응답

OK

Response object that includes an Agent rule

Expand All

항목

유형

설명

data

object

Object for a single Agent rule

attributes

object

A Workload Protection Agent rule returned by the API.

actions

[object]

The array of actions the rule can perform if triggered

filter

string

SECL expression used to target the container to apply the action on

kill

object

Kill system call applied on the container matching the rule

signal

string

Supported signals for the kill system call

agentConstraint

string

The version of the Agent

category

string

The category of the Agent rule

creationAuthorUuId

string

The ID of the user who created the rule

creationDate

int64

When the Agent rule was created, timestamp in milliseconds

creator

object

The attributes of the user who created the Agent rule

handle

string

The handle of the user

name

string

The name of the user

defaultRule

boolean

Whether the rule is included by default

description

string

The description of the Agent rule

enabled

boolean

Whether the Agent rule is enabled

expression

string

The SECL expression of the Agent rule

filters

[string]

The platforms the Agent rule is supported on

name

string

The name of the Agent rule

product_tags

[string]

The list of product tags associated with the rule

updateAuthorUuId

string

The ID of the user who updated the rule

updateDate

int64

Timestamp in milliseconds when the Agent rule was last updated

updatedAt

int64

When the Agent rule was last updated, timestamp in milliseconds

updater

object

The attributes of the user who last updated the Agent rule

handle

string

The handle of the user

name

string

The name of the user

version

int64

The version of the Agent rule

id

string

The ID of the Agent rule

type

enum

The type of the resource, must always be agent_rule Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "actions": [
        {
          "filter": "string",
          "kill": {
            "signal": "string"
          }
        }
      ],
      "agentConstraint": "string",
      "category": "Process Activity",
      "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "creationDate": 1624366480320,
      "creator": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "defaultRule": false,
      "description": "My Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \"sh\"",
      "filters": [],
      "name": "my_agent_rule",
      "product_tags": [],
      "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "updateDate": 1624366480320,
      "updatedAt": 1624366480320,
      "updater": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "version": 23
    },
    "id": "3dd-0uc-h1s",
    "type": "agent_rule"
  }
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

                  # Path parameters
export agent_rule_id="3b5-v82-ns6"
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/${agent_rule_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

Update a Workload Protection Agent rule (US1-FED)

PATCH https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}

개요

Update a specific Agent rule. Returns the Agent rule object when the request is successful.

Note: This endpoint should only be used for the Government (US1-FED) site.

This endpoint requires the security_monitoring_cws_agent_rules_write permission.

인수

경로 파라미터

이름

유형

설명

agent_rule_id [required]

string

The ID of the Agent rule

요청

Body Data (required)

New definition of the Agent rule

Expand All

항목

유형

설명

data [required]

object

Object for a single Agent rule

attributes [required]

object

Update an existing Workload Protection Agent rule.

description

string

The description of the Agent rule

enabled

boolean

Whether the Agent rule is enabled

expression

string

The SECL expression of the Agent rule

policy_id

string

The ID of the policy where the Agent rule is saved

product_tags

[string]

The list of product tags associated with the rule

id

string

The ID of the Agent rule

type [required]

enum

The type of the resource, must always be agent_rule Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "description": "Updated Agent rule",
      "expression": "exec.file.name == \"sh\""
    },
    "id": "3dd-0uc-h1s",
    "type": "agent_rule"
  }
}

응답

OK

Response object that includes an Agent rule

Expand All

항목

유형

설명

data

object

Object for a single Agent rule

attributes

object

A Workload Protection Agent rule returned by the API.

actions

[object]

The array of actions the rule can perform if triggered

filter

string

SECL expression used to target the container to apply the action on

kill

object

Kill system call applied on the container matching the rule

signal

string

Supported signals for the kill system call

agentConstraint

string

The version of the Agent

category

string

The category of the Agent rule

creationAuthorUuId

string

The ID of the user who created the rule

creationDate

int64

When the Agent rule was created, timestamp in milliseconds

creator

object

The attributes of the user who created the Agent rule

handle

string

The handle of the user

name

string

The name of the user

defaultRule

boolean

Whether the rule is included by default

description

string

The description of the Agent rule

enabled

boolean

Whether the Agent rule is enabled

expression

string

The SECL expression of the Agent rule

filters

[string]

The platforms the Agent rule is supported on

name

string

The name of the Agent rule

product_tags

[string]

The list of product tags associated with the rule

updateAuthorUuId

string

The ID of the user who updated the rule

updateDate

int64

Timestamp in milliseconds when the Agent rule was last updated

updatedAt

int64

When the Agent rule was last updated, timestamp in milliseconds

updater

object

The attributes of the user who last updated the Agent rule

handle

string

The handle of the user

name

string

The name of the user

version

int64

The version of the Agent rule

id

string

The ID of the Agent rule

type

enum

The type of the resource, must always be agent_rule Allowed enum values: agent_rule

default: agent_rule

{
  "data": {
    "attributes": {
      "actions": [
        {
          "filter": "string",
          "kill": {
            "signal": "string"
          }
        }
      ],
      "agentConstraint": "string",
      "category": "Process Activity",
      "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "creationDate": 1624366480320,
      "creator": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "defaultRule": false,
      "description": "My Agent rule",
      "enabled": true,
      "expression": "exec.file.name == \"sh\"",
      "filters": [],
      "name": "my_agent_rule",
      "product_tags": [],
      "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002",
      "updateDate": 1624366480320,
      "updatedAt": 1624366480320,
      "updater": {
        "handle": "datadog.user@example.com",
        "name": "Datadog User"
      },
      "version": 23
    },
    "id": "3dd-0uc-h1s",
    "type": "agent_rule"
  }
}

Bad Request

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Concurrent Modification

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

                          # Path parameters
export agent_rule_id="3b5-v82-ns6"
# Curl command
curl -X PATCH "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/${agent_rule_id}" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "description": "Updated Agent rule",
      "expression": "exec.file.name == \"sh\""
    },
    "id": "3dd-0uc-h1s",
    "type": "agent_rule"
  }
}
EOF

Delete a Workload Protection Agent rule (US1-FED)

DELETE https://api.ap1.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.datadoghq.eu/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.ddog-gov.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}

개요

Delete a specific Agent rule.

Note: This endpoint should only be used for the Government (US1-FED) site.

This endpoint requires the security_monitoring_cws_agent_rules_write permission.

인수

경로 파라미터

이름

유형

설명

agent_rule_id [required]

string

The ID of the Agent rule

응답

OK

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

                  # Path parameters
export agent_rule_id="3b5-v82-ns6"
# Curl command
curl -X DELETE "https://api.ap1.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/${agent_rule_id}" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"
PREVIEWING: datadog-api-spec/generated/3879