Agentless Scanning

Datadog Agentless Scanning provides visibility into risks and vulnerabilities within your hosts, running containers, and serverless functions—all without requiring teams to install Agents on every host or where Agents cannot be installed. Agentless offers also Sensitive Data Scanning capabilities on your storage. Go to https://www.datadoghq.com/blog/agentless-scanning/ to learn more.

GET https://api.ap1.datadoghq.com/api/v2/agentless_scanning/accounts/awshttps://api.datadoghq.eu/api/v2/agentless_scanning/accounts/awshttps://api.ddog-gov.com/api/v2/agentless_scanning/accounts/awshttps://api.datadoghq.com/api/v2/agentless_scanning/accounts/awshttps://api.us3.datadoghq.com/api/v2/agentless_scanning/accounts/awshttps://api.us5.datadoghq.com/api/v2/agentless_scanning/accounts/aws

개요

Fetches the scan options configured for AWS accounts.

응답

OK

Response object that includes a list of AWS scan options.

Expand All

항목

유형

설명

data

[object]

A list of AWS scan options.

attributes

object

Attributes for the AWS scan options.

lambda

boolean

Indicates if scanning of Lambda functions is enabled.

sensitive_data

boolean

Indicates if scanning for sensitive data is enabled.

vuln_containers_os

boolean

Indicates if scanning for vulnerabilities in containers is enabled.

vuln_host_os

boolean

Indicates if scanning for vulnerabilities in hosts is enabled.

id

string

The ID of the AWS account.

type

enum

The type of the resource. The value should always be aws_scan_options. Allowed enum values: aws_scan_options

default: aws_scan_options

{
  "data": [
    {
      "attributes": {
        "lambda": true,
        "sensitive_data": false,
        "vuln_containers_os": true,
        "vuln_host_os": true
      },
      "id": "184366314700",
      "type": "aws_scan_options"
    }
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

/**
 * Get AWS Scan Options returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.AgentlessScanningApi(configuration);

apiInstance
  .listAwsScanOptions()
  .then((data: v2.AwsScanOptionsListResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

POST https://api.ap1.datadoghq.com/api/v2/agentless_scanning/accounts/awshttps://api.datadoghq.eu/api/v2/agentless_scanning/accounts/awshttps://api.ddog-gov.com/api/v2/agentless_scanning/accounts/awshttps://api.datadoghq.com/api/v2/agentless_scanning/accounts/awshttps://api.us3.datadoghq.com/api/v2/agentless_scanning/accounts/awshttps://api.us5.datadoghq.com/api/v2/agentless_scanning/accounts/aws

개요

Activate Agentless scan options for an AWS account.

요청

Body Data (required)

The definition of the new scan options.

Expand All

항목

유형

설명

data [required]

object

Object for the scan options of a single AWS account.

attributes [required]

object

Attributes for the AWS scan options to create.

lambda [required]

boolean

Indicates if scanning of Lambda functions is enabled.

sensitive_data [required]

boolean

Indicates if scanning for sensitive data is enabled.

vuln_containers_os [required]

boolean

Indicates if scanning for vulnerabilities in containers is enabled.

vuln_host_os [required]

boolean

Indicates if scanning for vulnerabilities in hosts is enabled.

id [required]

string

The ID of the AWS account.

type [required]

enum

The type of the resource. The value should always be aws_scan_options. Allowed enum values: aws_scan_options

default: aws_scan_options

{
  "data": {
    "attributes": {
      "lambda": true,
      "sensitive_data": false,
      "vuln_containers_os": true,
      "vuln_host_os": true
    },
    "id": "123456789012",
    "type": "aws_scan_options"
  }
}

응답

Agentless scan options enabled successfully.

Response object that includes the scan options of an AWS account.

Expand All

항목

유형

설명

data

object

Single AWS Scan Options entry.

attributes

object

Attributes for the AWS scan options.

lambda

boolean

Indicates if scanning of Lambda functions is enabled.

sensitive_data

boolean

Indicates if scanning for sensitive data is enabled.

vuln_containers_os

boolean

Indicates if scanning for vulnerabilities in containers is enabled.

vuln_host_os

boolean

Indicates if scanning for vulnerabilities in hosts is enabled.

id

string

The ID of the AWS account.

type

enum

The type of the resource. The value should always be aws_scan_options. Allowed enum values: aws_scan_options

default: aws_scan_options

{
  "data": {
    "attributes": {
      "lambda": true,
      "sensitive_data": false,
      "vuln_containers_os": true,
      "vuln_host_os": true
    },
    "id": "184366314700",
    "type": "aws_scan_options"
  }
}

Bad Request

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Conflict

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

/**
 * Post AWS Scan Options returns "Agentless scan options enabled successfully." response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.AgentlessScanningApi(configuration);

const params: v2.AgentlessScanningApiCreateAwsScanOptionsRequest = {
  body: {
    data: {
      id: "000000000003",
      type: "aws_scan_options",
      attributes: {
        lambda: true,
        sensitiveData: false,
        vulnContainersOs: true,
        vulnHostOs: true,
      },
    },
  },
};

apiInstance
  .createAwsScanOptions(params)
  .then((data: v2.AwsScanOptionsResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

PATCH https://api.ap1.datadoghq.com/api/v2/agentless_scanning/accounts/aws/{account_id}https://api.datadoghq.eu/api/v2/agentless_scanning/accounts/aws/{account_id}https://api.ddog-gov.com/api/v2/agentless_scanning/accounts/aws/{account_id}https://api.datadoghq.com/api/v2/agentless_scanning/accounts/aws/{account_id}https://api.us3.datadoghq.com/api/v2/agentless_scanning/accounts/aws/{account_id}https://api.us5.datadoghq.com/api/v2/agentless_scanning/accounts/aws/{account_id}

개요

Update the Agentless scan options for an activated account.

인수

경로 파라미터

이름

유형

설명

account_id [required]

string

The ID of an AWS account.

요청

Body Data (required)

New definition of the scan options.

Expand All

항목

유형

설명

data [required]

object

Object for the scan options of a single AWS account.

attributes [required]

object

Attributes for the AWS scan options to update.

lambda

boolean

Indicates if scanning of Lambda functions is enabled.

sensitive_data

boolean

Indicates if scanning for sensitive data is enabled.

vuln_containers_os

boolean

Indicates if scanning for vulnerabilities in containers is enabled.

vuln_host_os

boolean

Indicates if scanning for vulnerabilities in hosts is enabled.

id [required]

string

The ID of the AWS account.

type [required]

enum

The type of the resource. The value should always be aws_scan_options. Allowed enum values: aws_scan_options

default: aws_scan_options

{
  "data": {
    "type": "aws_scan_options",
    "id": "000000000002",
    "attributes": {
      "vuln_host_os": true,
      "vuln_containers_os": true,
      "lambda": false
    }
  }
}

응답

No Content

Bad Request

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

/**
 * Patch AWS Scan Options returns "No Content" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.AgentlessScanningApi(configuration);

const params: v2.AgentlessScanningApiUpdateAwsScanOptionsRequest = {
  body: {
    data: {
      type: "aws_scan_options",
      id: "000000000002",
      attributes: {
        vulnHostOs: true,
        vulnContainersOs: true,
        lambda: false,
      },
    },
  },
  accountId: "000000000002",
};

apiInstance
  .updateAwsScanOptions(params)
  .then((data: any) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

DELETE https://api.ap1.datadoghq.com/api/v2/agentless_scanning/accounts/aws/{account_id}https://api.datadoghq.eu/api/v2/agentless_scanning/accounts/aws/{account_id}https://api.ddog-gov.com/api/v2/agentless_scanning/accounts/aws/{account_id}https://api.datadoghq.com/api/v2/agentless_scanning/accounts/aws/{account_id}https://api.us3.datadoghq.com/api/v2/agentless_scanning/accounts/aws/{account_id}https://api.us5.datadoghq.com/api/v2/agentless_scanning/accounts/aws/{account_id}

개요

Delete Agentless scan options for an AWS account.

인수

경로 파라미터

이름

유형

설명

account_id [required]

string

The ID of an AWS account.

응답

No Content

Bad Request

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

/**
 * Delete AWS Scan Options returns "No Content" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.AgentlessScanningApi(configuration);

const params: v2.AgentlessScanningApiDeleteAwsScanOptionsRequest = {
  accountId: "account_id",
};

apiInstance
  .deleteAwsScanOptions(params)
  .then((data: any) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

GET https://api.ap1.datadoghq.com/api/v2/agentless_scanning/ondemand/awshttps://api.datadoghq.eu/api/v2/agentless_scanning/ondemand/awshttps://api.ddog-gov.com/api/v2/agentless_scanning/ondemand/awshttps://api.datadoghq.com/api/v2/agentless_scanning/ondemand/awshttps://api.us3.datadoghq.com/api/v2/agentless_scanning/ondemand/awshttps://api.us5.datadoghq.com/api/v2/agentless_scanning/ondemand/aws

개요

Fetches the most recent 1000 AWS on demand tasks. This endpoint requires the security_monitoring_findings_read permission.

응답

OK

Response object that includes a list of AWS on demand tasks.

Expand All

항목

유형

설명

data

[object]

A list of on demand tasks.

attributes

object

Attributes for the AWS on demand task.

arn

string

The arn of the resource to scan.

assigned_at

string

Specifies the assignment timestamp if the task has been already assigned to a scanner.

created_at

string

The task submission timestamp.

status

string

Indicates the status of the task. QUEUED: the task has been submitted successfully and the resource has not been assigned to a scanner yet. ASSIGNED: the task has been assigned. ABORTED: the scan has been aborted after a period of time due to technical reasons, such as resource not found, insufficient permissions, or the absence of a configured scanner.

id

string

The UUID of the task.

type

enum

The type of the on demand task. The value should always be aws_resource. Allowed enum values: aws_resource

default: aws_resource

{
  "data": [
    {
      "attributes": {
        "arn": "arn:aws:ec2:us-east-1:727000456123:instance/i-0eabb50529b67a1ba",
        "assigned_at": "2025-02-11T18:25:04.550564Z",
        "created_at": "2025-02-11T18:13:24.576915Z",
        "status": "QUEUED"
      },
      "id": "6d09294c-9ad9-42fd-a759-a0c1599b4828",
      "type": "aws_resource"
    }
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

/**
 * Get AWS On Demand tasks returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.AgentlessScanningApi(configuration);

apiInstance
  .listAwsOnDemandTasks()
  .then((data: v2.AwsOnDemandListResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

GET https://api.ap1.datadoghq.com/api/v2/agentless_scanning/ondemand/aws/{task_id}https://api.datadoghq.eu/api/v2/agentless_scanning/ondemand/aws/{task_id}https://api.ddog-gov.com/api/v2/agentless_scanning/ondemand/aws/{task_id}https://api.datadoghq.com/api/v2/agentless_scanning/ondemand/aws/{task_id}https://api.us3.datadoghq.com/api/v2/agentless_scanning/ondemand/aws/{task_id}https://api.us5.datadoghq.com/api/v2/agentless_scanning/ondemand/aws/{task_id}

개요

Fetch the data of a specific on demand task. This endpoint requires the security_monitoring_findings_read permission.

인수

경로 파라미터

이름

유형

설명

task_id [required]

string

The UUID of the task.

응답

OK.

Response object that includes an AWS on demand task.

Expand All

항목

유형

설명

data

object

Single AWS on demand task.

attributes

object

Attributes for the AWS on demand task.

arn

string

The arn of the resource to scan.

assigned_at

string

Specifies the assignment timestamp if the task has been already assigned to a scanner.

created_at

string

The task submission timestamp.

status

string

Indicates the status of the task. QUEUED: the task has been submitted successfully and the resource has not been assigned to a scanner yet. ASSIGNED: the task has been assigned. ABORTED: the scan has been aborted after a period of time due to technical reasons, such as resource not found, insufficient permissions, or the absence of a configured scanner.

id

string

The UUID of the task.

type

enum

The type of the on demand task. The value should always be aws_resource. Allowed enum values: aws_resource

default: aws_resource

{
  "data": {
    "attributes": {
      "arn": "arn:aws:ec2:us-east-1:727000456123:instance/i-0eabb50529b67a1ba",
      "assigned_at": "2025-02-11T18:25:04.550564Z",
      "created_at": "2025-02-11T18:13:24.576915Z",
      "status": "QUEUED"
    },
    "id": "6d09294c-9ad9-42fd-a759-a0c1599b4828",
    "type": "aws_resource"
  }
}

Bad Request

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

/**
 * Get AWS On Demand task by id returns "OK." response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.AgentlessScanningApi(configuration);

const params: v2.AgentlessScanningApiGetAwsOnDemandTaskRequest = {
  taskId: "63d6b4f5-e5d0-4d90-824a-9580f05f026a",
};

apiInstance
  .getAwsOnDemandTask(params)
  .then((data: v2.AwsOnDemandResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

POST https://api.ap1.datadoghq.com/api/v2/agentless_scanning/ondemand/awshttps://api.datadoghq.eu/api/v2/agentless_scanning/ondemand/awshttps://api.ddog-gov.com/api/v2/agentless_scanning/ondemand/awshttps://api.datadoghq.com/api/v2/agentless_scanning/ondemand/awshttps://api.us3.datadoghq.com/api/v2/agentless_scanning/ondemand/awshttps://api.us5.datadoghq.com/api/v2/agentless_scanning/ondemand/aws

개요

Trigger the scan of an AWS resource with a high priority. Agentless scanning must be activated for the AWS account containing the resource to scan. This endpoint requires the security_monitoring_findings_write permission.

요청

Body Data (required)

The definition of the on demand task.

Expand All

항목

유형

설명

data [required]

object

Object for a single AWS on demand task.

attributes [required]

object

Attributes for the AWS on demand task.

arn [required]

string

The arn of the resource to scan. Agentless supports the scan of EC2 instances, lambda functions, AMI, ECR, RDS and S3 buckets.

type [required]

enum

The type of the on demand task. The value should always be aws_resource. Allowed enum values: aws_resource

default: aws_resource

{
  "data": {
    "attributes": {
      "arn": "arn:aws:lambda:eu-west-3:376334461865:function:This-Is-An-Api-Spec-Test"
    },
    "type": "aws_resource"
  }
}

응답

AWS on demand task created successfully.

Response object that includes an AWS on demand task.

Expand All

항목

유형

설명

data

object

Single AWS on demand task.

attributes

object

Attributes for the AWS on demand task.

arn

string

The arn of the resource to scan.

assigned_at

string

Specifies the assignment timestamp if the task has been already assigned to a scanner.

created_at

string

The task submission timestamp.

status

string

Indicates the status of the task. QUEUED: the task has been submitted successfully and the resource has not been assigned to a scanner yet. ASSIGNED: the task has been assigned. ABORTED: the scan has been aborted after a period of time due to technical reasons, such as resource not found, insufficient permissions, or the absence of a configured scanner.

id

string

The UUID of the task.

type

enum

The type of the on demand task. The value should always be aws_resource. Allowed enum values: aws_resource

default: aws_resource

{
  "data": {
    "attributes": {
      "arn": "arn:aws:ec2:us-east-1:727000456123:instance/i-0eabb50529b67a1ba",
      "assigned_at": "2025-02-11T18:25:04.550564Z",
      "created_at": "2025-02-11T18:13:24.576915Z",
      "status": "QUEUED"
    },
    "id": "6d09294c-9ad9-42fd-a759-a0c1599b4828",
    "type": "aws_resource"
  }
}

Bad Request

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

/**
 * Post an AWS on demand task returns "AWS on demand task created successfully." response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.AgentlessScanningApi(configuration);

const params: v2.AgentlessScanningApiCreateAwsOnDemandTaskRequest = {
  body: {
    data: {
      attributes: {
        arn: "arn:aws:lambda:eu-west-3:376334461865:function:This-Is-An-Api-Spec-Test",
      },
      type: "aws_resource",
    },
  },
};

apiInstance
  .createAwsOnDemandTask(params)
  .then((data: v2.AwsOnDemandResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" tsc "example.ts"

PREVIEWING: vishalshah/add-missing-functions-sql-reference
Your Privacy Choices