Datadog MCP Server

components: callbacks: {} examples: {} headers: {} links: {} parameters: APIKeyCategoryParameter: description: Filter API keys by category. in: query name: filter[category] required: false schema: type: string APIKeyFilterCreatedAtEndParameter: description: Only include API keys created on or before the specified date. in: query name: filter[created_at][end] required: false schema: example: '2020-11-24T18:46:21+00:00' type: string APIKeyFilterCreatedAtStartParameter: description: Only include API keys created on or after the specified date. in: query name: filter[created_at][start] required: false schema: example: '2020-11-24T18:46:21+00:00' type: string APIKeyFilterModifiedAtEndParameter: description: Only include API keys modified on or before the specified date. in: query name: filter[modified_at][end] required: false schema: example: '2020-11-24T18:46:21+00:00' type: string APIKeyFilterModifiedAtStartParameter: description: Only include API keys modified on or after the specified date. in: query name: filter[modified_at][start] required: false schema: example: '2020-11-24T18:46:21+00:00' type: string APIKeyFilterParameter: description: Filter API keys by the specified string. in: query name: filter required: false schema: type: string APIKeyId: description: The ID of the API key. in: path name: api_key_id required: true schema: type: string APIKeyIncludeParameter: description: Comma separated list of resource paths for related resources to include in the response. Supported resource paths are `created_by` and `modified_by`. in: query name: include required: false schema: example: created_by,modified_by type: string APIKeyReadConfigReadEnabledParameter: description: Filter API keys by remote config read enabled status. in: query name: filter[remote_config_read_enabled] required: false schema: type: boolean APIKeysSortParameter: description: 'API key attribute used to sort results. Sort order is ascending by default. In order to specify a descending sort, prefix the attribute with a minus sign.' in: query name: sort required: false schema: $ref: '#/components/schemas/APIKeysSort' AWSAccountConfigIDPathParameter: description: 'Unique Datadog ID of the AWS Account Integration Config. To get the config ID for an account, use the [List all AWS integrations](https://docs.datadoghq.com/api/latest/aws-integration/#list-all-aws-integrations) endpoint and query by AWS Account ID.' in: path name: aws_account_config_id required: true schema: type: string ApplicationKeyFilterCreatedAtEndParameter: description: Only include application keys created on or before the specified date. in: query name: filter[created_at][end] required: false schema: example: '2020-11-24T18:46:21+00:00' type: string ApplicationKeyFilterCreatedAtStartParameter: description: Only include application keys created on or after the specified date. in: query name: filter[created_at][start] required: false schema: example: '2020-11-24T18:46:21+00:00' type: string ApplicationKeyFilterParameter: description: Filter application keys by the specified string. in: query name: filter required: false schema: type: string ApplicationKeyID: description: The ID of the application key. in: path name: app_key_id required: true schema: type: string ApplicationKeyIncludeParameter: description: Resource path for related resources to include in the response. Only `owned_by` is supported. in: query name: include required: false schema: example: owned_by type: string ApplicationKeysSortParameter: description: 'Application key attribute used to sort results. Sort order is ascending by default. In order to specify a descending sort, prefix the attribute with a minus sign.' in: query name: sort required: false schema: $ref: '#/components/schemas/ApplicationKeysSort' ApplicationSecurityWafCustomRuleIDParam: description: The ID of the custom rule. example: 3b5-v82-ns6 in: path name: custom_rule_id required: true schema: type: string ApplicationSecurityWafExclusionFilterID: description: The identifier of the WAF exclusion filter. example: 3b5-v82-ns6 in: path name: exclusion_filter_id required: true schema: type: string ArchiveID: description: The ID of the archive. in: path name: archive_id required: true schema: type: string AuthNMappingID: description: The UUID of the AuthN Mapping. in: path name: authn_mapping_id required: true schema: type: string AwsAccountId: description: The ID of an AWS account. example: '123456789012' in: path name: account_id required: true schema: type: string BudgetID: description: Budget id. in: path name: budget_id required: true schema: type: string CaseIDPathParameter: description: Case's UUID or key example: f98a5a5b-e0ff-45d4-b2f5-afe6e74de504 in: path name: case_id required: true schema: type: string CaseSortableFieldParameter: description: Specify which field to sort in: query name: sort[field] required: false schema: $ref: '#/components/schemas/CaseSortableField' CloudAccountID: description: Cloud Account id. in: path name: cloud_account_id required: true schema: type: string CloudWorkloadSecurityAgentRuleID: description: The ID of the Agent rule example: 3b5-v82-ns6 in: path name: agent_rule_id required: true schema: type: string CloudWorkloadSecurityPathAgentPolicyID: description: The ID of the Agent policy example: 6517fcc1-cec7-4394-a655-8d6e9d085255 in: path name: policy_id required: true schema: type: string CloudWorkloadSecurityQueryAgentPolicyID: description: The ID of the Agent policy example: 6517fcc1-cec7-4394-a655-8d6e9d085255 in: query name: policy_id required: false schema: type: string ConfluentAccountID: description: Confluent Account ID. in: path name: account_id required: true schema: type: string ConfluentResourceID: description: Confluent Account Resource ID. in: path name: resource_id required: true schema: type: string ConnectionId: description: The ID of the action connection in: path name: connection_id required: true schema: type: string CustomDestinationId: description: The ID of the custom destination. in: path name: custom_destination_id required: true schema: type: string CustomFrameworkHandle: description: The framework handle in: path name: handle required: true schema: type: string CustomFrameworkVersion: description: The framework version in: path name: version required: true schema: type: string EntityID: description: UUID or Entity Ref. in: path name: entity_id required: true schema: example: service:myservice type: string FastlyAccountID: description: Fastly Account id. in: path name: account_id required: true schema: type: string FastlyServiceID: description: Fastly Service ID. in: path name: service_id required: true schema: type: string FileID: description: File ID. in: path name: file_id required: true schema: type: string FilterByExcludeSnapshot: description: Filter entities by excluding snapshotted entities. in: query name: filter[exclude_snapshot] required: false schema: type: string FilterByID: description: Filter entities by UUID. explode: true in: query name: filter[id] required: false schema: type: string FilterByKind: description: Filter entities by kind. explode: true in: query name: filter[kind] required: false schema: type: string FilterByName: description: Filter entities by name. explode: true in: query name: filter[name] required: false schema: type: string FilterByOwner: description: Filter entities by owner. explode: true in: query name: filter[owner] required: false schema: type: string FilterByRef: description: Filter entities by reference example: service:shopping-cart explode: true in: query name: filter[ref] required: false schema: type: string FilterByRelationType: description: Filter entities by relation type. explode: true in: query name: filter[relation][type] required: false schema: $ref: '#/components/schemas/RelationType' FilterRelationByFromRef: description: Filter relations by the reference of the first entity in the relation. example: service:shopping-cart explode: true in: query name: filter[from_ref] required: false schema: type: string FilterRelationByToRef: description: Filter relations by the reference of the second entity in the relation. example: service:shopping-cart explode: true in: query name: filter[to_ref] required: false schema: type: string FilterRelationByType: description: Filter relations by type. explode: true in: query name: filter[type] required: false schema: $ref: '#/components/schemas/RelationType' GCPSTSServiceAccountID: description: Your GCP STS enabled service account's unique ID. in: path name: account_id required: true schema: type: string HistoricalJobID: description: The ID of the job. in: path name: job_id required: true schema: type: string IncidentAttachmentFilterQueryParameter: description: Specifies which types of attachments are included in the response. explode: false in: query name: filter[attachment_type] required: false schema: items: $ref: '#/components/schemas/IncidentAttachmentAttachmentType' type: array IncidentAttachmentIncludeQueryParameter: description: Specifies which types of related objects are included in the response. explode: false in: query name: include required: false schema: items: $ref: '#/components/schemas/IncidentAttachmentRelatedObject' type: array IncidentIDPathParameter: description: The UUID of the incident. in: path name: incident_id required: true schema: type: string IncidentIncludeQueryParameter: description: Specifies which types of related objects should be included in the response. explode: false in: query name: include required: false schema: items: $ref: '#/components/schemas/IncidentRelatedObject' type: array IncidentIntegrationMetadataIDPathParameter: description: The UUID of the incident integration metadata. in: path name: integration_metadata_id required: true schema: type: string IncidentSearchIncludeQueryParameter: description: Specifies which types of related objects should be included in the response. in: query name: include required: false schema: $ref: '#/components/schemas/IncidentRelatedObject' IncidentSearchQueryQueryParameter: description: 'Specifies which incidents should be returned. The query can contain any number of incident facets joined by `ANDs`, along with multiple values for each of those facets joined by `OR`s. For example: `state:active AND severity:(SEV-2 OR SEV-1)`.' explode: false in: query name: query required: true schema: type: string IncidentSearchSortQueryParameter: description: Specifies the order of returned incidents. explode: false in: query name: sort required: false schema: $ref: '#/components/schemas/IncidentSearchSortOrder' IncidentServiceIDPathParameter: description: The ID of the incident service. in: path name: service_id required: true schema: type: string IncidentServiceIncludeQueryParameter: description: Specifies which types of related objects should be included in the response. in: query name: include required: false schema: $ref: '#/components/schemas/IncidentRelatedObject' IncidentServiceSearchQueryParameter: description: A search query that filters services by name. in: query name: filter required: false schema: example: ExampleServiceName type: string IncidentTeamIDPathParameter: description: The ID of the incident team. in: path name: team_id required: true schema: type: string IncidentTeamIncludeQueryParameter: description: Specifies which types of related objects should be included in the response. in: query name: include required: false schema: $ref: '#/components/schemas/IncidentRelatedObject' IncidentTeamSearchQueryParameter: description: A search query that filters teams by name. in: query name: filter required: false schema: example: ExampleTeamName type: string IncidentTodoIDPathParameter: description: The UUID of the incident todo. in: path name: todo_id required: true schema: type: string IncidentTypeIDPathParameter: description: The UUID of the incident type. in: path name: incident_type_id required: true schema: type: string IncidentTypeIncludeDeletedParameter: description: Include deleted incident types in the response. in: query name: include_deleted schema: default: false type: boolean Include: description: Include relationship data. explode: true in: query name: include required: false schema: $ref: '#/components/schemas/IncludeType' InstanceId: description: The ID of the workflow instance. in: path name: instance_id required: true schema: type: string KindID: description: Entity kind. in: path name: kind_id required: true schema: example: my-job type: string MetricID: description: The name of the log-based metric. in: path name: metric_id required: true schema: type: string MetricName: description: The name of the metric. example: dist.http.endpoint.request in: path name: metric_name required: true schema: type: string MicrosoftTeamsChannelNamePathParameter: description: Your channel name. in: path name: channel_name required: true schema: type: string MicrosoftTeamsHandleNameQueryParameter: description: Your tenant-based handle name. in: query name: name required: false schema: type: string MicrosoftTeamsTeamNamePathParameter: description: Your team name. in: path name: team_name required: true schema: type: string MicrosoftTeamsTenantBasedHandleIDPathParameter: description: Your tenant-based handle id. in: path name: handle_id required: true schema: type: string MicrosoftTeamsTenantIDQueryParameter: description: Your tenant id. in: query name: tenant_id required: false schema: type: string MicrosoftTeamsTenantNamePathParameter: description: Your tenant name. in: path name: tenant_name required: true schema: type: string MicrosoftTeamsWorkflowsWebhookHandleIDPathParameter: description: Your Workflows webhook handle id. in: path name: handle_id required: true schema: type: string MicrosoftTeamsWorkflowsWebhookHandleNameQueryParameter: description: Your Workflows webhook handle name. in: query name: name required: false schema: type: string OnDemandTaskId: description: The UUID of the task. example: 6d09294c-9ad9-42fd-a759-a0c1599b4828 in: path name: task_id required: true schema: type: string OpsgenieServiceIDPathParameter: description: The UUID of the service. in: path name: integration_service_id required: true schema: type: string OrgConfigName: description: The name of an Org Config. in: path name: org_config_name required: true schema: example: monitor_timezone type: string PageNumber: description: Specific page number to return. in: query name: page[number] required: false schema: default: 0 example: 0 format: int64 type: integer PageOffset: description: Specific offset to use as the beginning of the returned page. in: query name: page[offset] required: false schema: default: 0 example: 0 format: int64 type: integer PageSize: description: Size for a given page. The maximum allowed value is 100. in: query name: page[size] required: false schema: default: 10 example: 10 format: int64 type: integer ProductName: description: Name of the product to be deleted, either `logs` or `rum`. in: path name: product required: true schema: type: string ProjectIDPathParameter: description: Project UUID example: e555e290-ed65-49bd-ae18-8acbfcf18db7 in: path name: project_id required: true schema: type: string RelationInclude: description: Include relationship data. explode: true in: query name: include required: false schema: $ref: '#/components/schemas/RelationIncludeType' ReportID: description: The ID of the report job. in: path name: report_id required: true schema: type: string RequestId: description: ID of the deletion request. in: path name: id required: true schema: type: string ResourceFilterAccountID: description: Filter resource filters by cloud provider account ID. This parameter is only valid when provider is specified. in: query name: account_id required: false schema: type: string ResourceFilterProvider: description: Filter resource filters by cloud provider (e.g. aws, gcp, azure). in: query name: cloud_provider required: false schema: type: string ResourceID: description: 'Identifier, formatted as `type:id`. Supported types: `connection`, `dashboard`, `integration-account`, `integration-service`, `integration-webhook`, `notebook`, `reference-table`, `security-rule`, `slo`, `workflow`, `app-builder-app`, `connection`, `connection-group`, `rum-application`.' example: dashboard:abc-def-ghi in: path name: resource_id required: true schema: type: string RetentionFilterIdParam: description: The ID of the retention filter. in: path name: filter_id required: true schema: type: string RoleID: description: The unique identifier of the role. in: path name: role_id required: true schema: type: string RuleId: description: The ID of the rule. in: path name: rule_id required: true schema: type: string RumApplicationIDParameter: description: RUM application ID. in: path name: app_id required: true schema: type: string RumMetricIDParameter: description: The name of the rum-based metric. in: path name: metric_id required: true schema: type: string RumRetentionFilterIDParameter: description: Retention filter ID. in: path name: rf_id required: true schema: type: string SchemaVersion: description: The schema version desired in the response. in: query name: schema_version required: false schema: $ref: '#/components/schemas/ServiceDefinitionSchemaVersions' SecurityFilterID: description: The ID of the security filter. in: path name: security_filter_id required: true schema: type: string SecurityMonitoringRuleID: description: The ID of the rule. in: path name: rule_id required: true schema: type: string SecurityMonitoringSuppressionID: description: The ID of the suppression rule in: path name: suppression_id required: true schema: type: string SensitiveDataScannerGroupID: description: The ID of a group of rules. in: path name: group_id required: true schema: type: string SensitiveDataScannerRuleID: description: The ID of the rule. in: path name: rule_id required: true schema: type: string ServiceAccountID: description: The ID of the service account. in: path name: service_account_id required: true schema: example: 00000000-0000-1234-0000-000000000000 type: string ServiceName: description: The name of the service. in: path name: service_name required: true schema: example: my-service type: string SignalID: description: The ID of the signal. in: path name: signal_id required: true schema: type: string SkipCache: description: Skip cache for resource filters. in: query name: skip_cache required: false schema: type: boolean SpansMetricIDParameter: description: The name of the span-based metric. in: path name: metric_id required: true schema: type: string UserID: description: The ID of the user. in: path name: user_id required: true schema: example: 00000000-0000-9999-0000-000000000000 type: string WorkflowId: description: The ID of the workflow. in: path name: workflow_id required: true schema: type: string requestBodies: {} responses: BadRequestResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request ConcurrentModificationResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Concurrent Modification ConflictResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Conflict FindingsBadRequestResponse: content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: 'Bad Request: The server cannot process the request due to invalid syntax in the request.' FindingsForbiddenResponse: content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: 'Forbidden: Access denied' FindingsNotFoundResponse: content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: 'Not Found: The requested finding cannot be found.' FindingsTooManyRequestsResponse: content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: 'Too many requests: The rate limit set by the API has been exceeded.' ForbiddenResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden NotAuthorizedResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Authorized NotFoundResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found NotificationRulesList: content: application/json: schema: properties: data: items: $ref: '#/components/schemas/NotificationRule' type: array type: object description: The list of notification rules. PreconditionFailedResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Failed Precondition SpansBadRequestResponse: content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request. SpansForbiddenResponse: content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: 'Forbidden: Access denied.' SpansTooManyRequestsResponse: content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: 'Too many requests: The rate limit set by the API has been exceeded.' SpansUnprocessableEntityResponse: content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Unprocessable Entity. TooManyRequestsResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests UnauthorizedResponse: content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unauthorized UnprocessableEntityResponse: content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: The server cannot process the request because it contains invalid data. schemas: APIErrorResponse: description: API error response. properties: errors: description: A list of errors. example: - Bad Request items: description: A list of items. example: Bad Request type: string type: array required: - errors type: object APIKeyCreateAttributes: description: Attributes used to create an API Key. properties: category: description: The APIKeyCreateAttributes category. type: string name: description: Name of the API key. example: API Key for submitting metrics type: string remote_config_read_enabled: description: The APIKeyCreateAttributes remote_config_read_enabled. type: boolean required: - name type: object APIKeyCreateData: description: Object used to create an API key. properties: attributes: $ref: '#/components/schemas/APIKeyCreateAttributes' type: $ref: '#/components/schemas/APIKeysType' required: - attributes - type type: object APIKeyCreateRequest: description: Request used to create an API key. properties: data: $ref: '#/components/schemas/APIKeyCreateData' required: - data type: object APIKeyRelationships: description: Resources related to the API key. properties: created_by: $ref: '#/components/schemas/RelationshipToUser' modified_by: $ref: '#/components/schemas/NullableRelationshipToUser' type: object APIKeyResponse: description: Response for retrieving an API key. properties: data: $ref: '#/components/schemas/FullAPIKey' included: description: Array of objects related to the API key. items: $ref: '#/components/schemas/APIKeyResponseIncludedItem' type: array type: object APIKeyResponseIncludedItem: description: An object related to an API key. oneOf: - $ref: '#/components/schemas/User' - $ref: '#/components/schemas/LeakedKey' APIKeyUpdateAttributes: description: Attributes used to update an API Key. properties: category: description: The APIKeyUpdateAttributes category. type: string name: description: Name of the API key. example: API Key for submitting metrics type: string remote_config_read_enabled: description: The APIKeyUpdateAttributes remote_config_read_enabled. type: boolean required: - name type: object APIKeyUpdateData: description: Object used to update an API key. properties: attributes: $ref: '#/components/schemas/APIKeyUpdateAttributes' id: description: ID of the API key. example: 00112233-4455-6677-8899-aabbccddeeff type: string type: $ref: '#/components/schemas/APIKeysType' required: - attributes - id - type type: object APIKeyUpdateRequest: description: Request used to update an API key. properties: data: $ref: '#/components/schemas/APIKeyUpdateData' required: - data type: object APIKeysResponse: description: Response for a list of API keys. properties: data: description: Array of API keys. items: $ref: '#/components/schemas/PartialAPIKey' type: array included: description: Array of objects related to the API key. items: $ref: '#/components/schemas/APIKeyResponseIncludedItem' type: array meta: $ref: '#/components/schemas/APIKeysResponseMeta' type: object APIKeysResponseMeta: description: Additional information related to api keys response. properties: max_allowed: description: Max allowed number of API keys. format: int64 type: integer page: $ref: '#/components/schemas/APIKeysResponseMetaPage' type: object APIKeysResponseMetaPage: description: Additional information related to the API keys response. properties: total_filtered_count: description: Total filtered application key count. format: int64 type: integer type: object APIKeysSort: default: name description: Sorting options enum: - created_at - -created_at - last4 - -last4 - modified_at - -modified_at - name - -name type: string x-enum-varnames: - CREATED_AT_ASCENDING - CREATED_AT_DESCENDING - LAST4_ASCENDING - LAST4_DESCENDING - MODIFIED_AT_ASCENDING - MODIFIED_AT_DESCENDING - NAME_ASCENDING - NAME_DESCENDING APIKeysType: default: api_keys description: API Keys resource type. enum: - api_keys example: api_keys type: string x-enum-varnames: - API_KEYS APITrigger: description: Trigger a workflow from an API request. The workflow must be published. properties: rateLimit: $ref: '#/components/schemas/TriggerRateLimit' type: object APITriggerWrapper: description: Schema for an API-based trigger. properties: apiTrigger: $ref: '#/components/schemas/APITrigger' startStepNames: $ref: '#/components/schemas/StartStepNames' required: - apiTrigger type: object AWSAccountConfigID: description: 'Unique Datadog ID of the AWS Account Integration Config. To get the config ID for an account, use the [List all AWS integrations](https://docs.datadoghq.com/api/latest/aws-integration/#list-all-aws-integrations) endpoint and query by AWS Account ID.' example: 00000000-abcd-0001-0000-000000000000 type: string AWSAccountCreateRequest: description: AWS Account Create Request body. properties: data: $ref: '#/components/schemas/AWSAccountCreateRequestData' required: - data type: object AWSAccountCreateRequestAttributes: description: The AWS Account Integration Config to be created. properties: account_tags: $ref: '#/components/schemas/AWSAccountTags' auth_config: $ref: '#/components/schemas/AWSAuthConfig' aws_account_id: $ref: '#/components/schemas/AWSAccountID' aws_partition: $ref: '#/components/schemas/AWSAccountPartition' aws_regions: $ref: '#/components/schemas/AWSRegions' logs_config: $ref: '#/components/schemas/AWSLogsConfig' metrics_config: $ref: '#/components/schemas/AWSMetricsConfig' resources_config: $ref: '#/components/schemas/AWSResourcesConfig' traces_config: $ref: '#/components/schemas/AWSTracesConfig' required: - aws_account_id - aws_partition - auth_config type: object AWSAccountCreateRequestData: description: AWS Account Create Request data. properties: attributes: $ref: '#/components/schemas/AWSAccountCreateRequestAttributes' type: $ref: '#/components/schemas/AWSAccountType' required: - attributes - type type: object AWSAccountID: description: AWS Account ID. example: '123456789012' type: string AWSAccountPartition: description: 'AWS partition your AWS account is scoped to. Defaults to `aws`. See [Partitions](https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/partitions.html) in the AWS documentation for more information.' enum: - aws - aws-cn - aws-us-gov example: aws type: string x-enum-varnames: - AWS - AWS_CN - AWS_US_GOV AWSAccountResponse: description: AWS Account response body. properties: data: $ref: '#/components/schemas/AWSAccountResponseData' required: - data type: object AWSAccountResponseAttributes: description: AWS Account response attributes. properties: account_tags: $ref: '#/components/schemas/AWSAccountTags' auth_config: $ref: '#/components/schemas/AWSAuthConfig' aws_account_id: $ref: '#/components/schemas/AWSAccountID' aws_partition: $ref: '#/components/schemas/AWSAccountPartition' aws_regions: $ref: '#/components/schemas/AWSRegions' created_at: description: Timestamp of when the account integration was created. format: date-time readOnly: true type: string logs_config: $ref: '#/components/schemas/AWSLogsConfig' metrics_config: $ref: '#/components/schemas/AWSMetricsConfig' modified_at: description: Timestamp of when the account integration was updated. format: date-time readOnly: true type: string resources_config: $ref: '#/components/schemas/AWSResourcesConfig' traces_config: $ref: '#/components/schemas/AWSTracesConfig' required: - aws_account_id type: object AWSAccountResponseData: description: AWS Account response data. properties: attributes: $ref: '#/components/schemas/AWSAccountResponseAttributes' id: $ref: '#/components/schemas/AWSAccountConfigID' type: $ref: '#/components/schemas/AWSAccountType' required: - id - type type: object AWSAccountTags: description: Tags to apply to all hosts and metrics reporting for this account. Defaults to `[]`. items: description: Tag in the form `key:value`. example: env:prod type: string nullable: true type: array AWSAccountType: default: account description: AWS Account resource type. enum: - account example: account type: string x-enum-varnames: - ACCOUNT AWSAccountUpdateRequest: description: AWS Account Update Request body. properties: data: $ref: '#/components/schemas/AWSAccountUpdateRequestData' required: - data type: object AWSAccountUpdateRequestAttributes: description: The AWS Account Integration Config to be updated. properties: account_tags: $ref: '#/components/schemas/AWSAccountTags' auth_config: $ref: '#/components/schemas/AWSAuthConfig' aws_account_id: $ref: '#/components/schemas/AWSAccountID' aws_partition: $ref: '#/components/schemas/AWSAccountPartition' aws_regions: $ref: '#/components/schemas/AWSRegions' logs_config: $ref: '#/components/schemas/AWSLogsConfig' metrics_config: $ref: '#/components/schemas/AWSMetricsConfig' resources_config: $ref: '#/components/schemas/AWSResourcesConfig' traces_config: $ref: '#/components/schemas/AWSTracesConfig' required: - aws_account_id type: object AWSAccountUpdateRequestData: description: AWS Account Update Request data. properties: attributes: $ref: '#/components/schemas/AWSAccountUpdateRequestAttributes' id: $ref: '#/components/schemas/AWSAccountConfigID' type: $ref: '#/components/schemas/AWSAccountType' required: - attributes - type type: object AWSAccountsResponse: description: AWS Accounts response body. properties: data: description: List of AWS Account Integration Configs. items: $ref: '#/components/schemas/AWSAccountResponseData' type: array required: - data type: object AWSAssumeRole: description: The definition of `AWSAssumeRole` object. properties: account_id: description: AWS account the connection is created for example: '111222333444' pattern: ^\d{12}$ type: string external_id: description: External ID used to scope which connection can be used to assume the role example: 33a1011635c44b38a064cf14e82e1d8f readOnly: true type: string principal_id: description: AWS account that will assume the role example: '123456789012' readOnly: true type: string role: description: Role to assume example: my-role type: string type: $ref: '#/components/schemas/AWSAssumeRoleType' required: - type - account_id - role type: object AWSAssumeRoleType: description: The definition of `AWSAssumeRoleType` object. enum: - AWSAssumeRole example: AWSAssumeRole type: string x-enum-varnames: - AWSASSUMEROLE AWSAssumeRoleUpdate: description: The definition of `AWSAssumeRoleUpdate` object. properties: account_id: description: AWS account the connection is created for example: '111222333444' pattern: ^\d{12}$ type: string generate_new_external_id: description: The `AWSAssumeRoleUpdate` `generate_new_external_id`. type: boolean role: description: Role to assume example: my-role type: string type: $ref: '#/components/schemas/AWSAssumeRoleType' required: - type type: object AWSAuthConfig: description: AWS Authentication config. oneOf: - $ref: '#/components/schemas/AWSAuthConfigKeys' - $ref: '#/components/schemas/AWSAuthConfigRole' AWSAuthConfigKeys: description: AWS Authentication config to integrate your account using an access key pair. properties: access_key_id: description: AWS Access Key ID. example: AKIAIOSFODNN7EXAMPLE type: string secret_access_key: description: AWS Secret Access Key. example: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY minLength: 1 type: string writeOnly: true required: - access_key_id type: object AWSAuthConfigRole: description: AWS Authentication config to integrate your account using an IAM role. properties: external_id: description: AWS IAM External ID for associated role. type: string role_name: description: AWS IAM Role name. example: DatadogIntegrationRole maxLength: 576 minLength: 1 type: string required: - role_name type: object AWSCredentials: description: The definition of `AWSCredentials` object. oneOf: - $ref: '#/components/schemas/AWSAssumeRole' AWSCredentialsUpdate: description: The definition of `AWSCredentialsUpdate` object. oneOf: - $ref: '#/components/schemas/AWSAssumeRoleUpdate' AWSIntegration: description: The definition of `AWSIntegration` object. properties: credentials: $ref: '#/components/schemas/AWSCredentials' type: $ref: '#/components/schemas/AWSIntegrationType' required: - type - credentials type: object AWSIntegrationType: description: The definition of `AWSIntegrationType` object. enum: - AWS example: AWS type: string x-enum-varnames: - AWS AWSIntegrationUpdate: description: The definition of `AWSIntegrationUpdate` object. properties: credentials: $ref: '#/components/schemas/AWSCredentialsUpdate' type: $ref: '#/components/schemas/AWSIntegrationType' required: - type type: object AWSLambdaForwarderConfig: description: 'Log Autosubscription configuration for Datadog Forwarder Lambda functions. Automatically set up triggers for existing and new logs for some services, ensuring no logs from new resources are missed and saving time spent on manual configuration.' properties: lambdas: description: List of Datadog Lambda Log Forwarder ARNs in your AWS account. Defaults to `[]`. items: example: arn:aws:lambda:us-east-1:123456789012:function:DatadogLambdaLogForwarder type: string type: array sources: description: 'List of service IDs set to enable automatic log collection. Discover the list of available services with the [Get list of AWS log ready services](https://docs.datadoghq.com/api/latest/aws-logs-integration/#get-list-of-aws-log-ready-services) endpoint.' items: example: s3 type: string type: array type: object AWSLogsConfig: description: AWS Logs Collection config. properties: lambda_forwarder: $ref: '#/components/schemas/AWSLambdaForwarderConfig' type: object AWSLogsServicesResponse: description: AWS Logs Services response body properties: data: $ref: '#/components/schemas/AWSLogsServicesResponseData' required: - data type: object AWSLogsServicesResponseAttributes: description: AWS Logs Services response body properties: logs_services: description: List of AWS services that can send logs to Datadog example: - s3 items: example: s3 type: string type: array required: - logs_services type: object AWSLogsServicesResponseData: description: AWS Logs Services response body properties: attributes: $ref: '#/components/schemas/AWSLogsServicesResponseAttributes' id: default: logs_services description: The `AWSLogsServicesResponseData` `id`. example: logs_services type: string type: $ref: '#/components/schemas/AWSLogsServicesResponseDataType' required: - id - type type: object AWSLogsServicesResponseDataType: default: logs_services description: The `AWSLogsServicesResponseData` `type`. enum: - logs_services example: logs_services type: string x-enum-varnames: - LOGS_SERVICES AWSMetricsConfig: description: AWS Metrics Collection config. properties: automute_enabled: description: Enable EC2 automute for AWS metrics. Defaults to `true`. example: true type: boolean collect_cloudwatch_alarms: description: Enable CloudWatch alarms collection. Defaults to `false`. example: false type: boolean collect_custom_metrics: description: Enable custom metrics collection. Defaults to `false`. example: false type: boolean enabled: description: Enable AWS metrics collection. Defaults to `true`. example: true type: boolean namespace_filters: $ref: '#/components/schemas/AWSNamespaceFilters' tag_filters: description: AWS Metrics collection tag filters list. Defaults to `[]`. items: $ref: '#/components/schemas/AWSNamespaceTagFilter' type: array type: object AWSNamespaceFilters: description: AWS Metrics namespace filters. Defaults to `exclude_only`. oneOf: - $ref: '#/components/schemas/AWSNamespaceFiltersExcludeOnly' - $ref: '#/components/schemas/AWSNamespaceFiltersIncludeOnly' AWSNamespaceFiltersExcludeOnly: description: 'Exclude only these namespaces from metrics collection. Defaults to `["AWS/SQS", "AWS/ElasticMapReduce"]`. `AWS/SQS` and `AWS/ElasticMapReduce` are excluded by default to reduce your AWS CloudWatch costs from `GetMetricData` API calls.' properties: exclude_only: description: 'Exclude only these namespaces from metrics collection. Defaults to `["AWS/SQS", "AWS/ElasticMapReduce"]`. `AWS/SQS` and `AWS/ElasticMapReduce` are excluded by default to reduce your AWS CloudWatch costs from `GetMetricData` API calls.' example: - AWS/SQS - AWS/ElasticMapReduce items: example: AWS/SQS type: string type: array required: - exclude_only type: object AWSNamespaceFiltersIncludeOnly: description: Include only these namespaces. properties: include_only: description: Include only these namespaces. example: - AWS/EC2 items: example: AWS/EC2 type: string type: array required: - include_only type: object AWSNamespaceTagFilter: description: 'AWS Metrics Collection tag filters list. Defaults to `[]`. The array of custom AWS resource tags (in the form `key:value`) defines a filter that Datadog uses when collecting metrics from a specified service. Wildcards, such as `?` (match a single character) and `*` (match multiple characters), and exclusion using `!` before the tag are supported. For EC2, only hosts that match one of the defined tags will be imported into Datadog. The rest will be ignored. For example, `env:production,instance-type:c?.*,!region:us-east-1`.' properties: namespace: description: The AWS service for which the tag filters defined in `tags` will be applied. example: AWS/EC2 type: string tags: description: The AWS resource tags to filter on for the service specified by `namespace`. items: description: Tag in the form `key:value`. example: datadog:true type: string nullable: true type: array type: object AWSNamespacesResponse: description: AWS Namespaces response body. properties: data: $ref: '#/components/schemas/AWSNamespacesResponseData' required: - data type: object AWSNamespacesResponseAttributes: description: AWS Namespaces response attributes. properties: namespaces: description: AWS CloudWatch namespace. example: - AWS/ApiGateway items: example: AWS/ApiGateway type: string type: array required: - namespaces type: object AWSNamespacesResponseData: description: AWS Namespaces response data. properties: attributes: $ref: '#/components/schemas/AWSNamespacesResponseAttributes' id: default: namespaces description: The `AWSNamespacesResponseData` `id`. example: namespaces type: string type: $ref: '#/components/schemas/AWSNamespacesResponseDataType' required: - id - type type: object AWSNamespacesResponseDataType: default: namespaces description: The `AWSNamespacesResponseData` `type`. enum: - namespaces example: namespaces type: string x-enum-varnames: - NAMESPACES AWSNewExternalIDResponse: description: AWS External ID response body. properties: data: $ref: '#/components/schemas/AWSNewExternalIDResponseData' required: - data type: object AWSNewExternalIDResponseAttributes: description: AWS External ID response body. properties: external_id: description: AWS IAM External ID for associated role. example: acb8f6b8a844443dbb726d07dcb1a870 type: string required: - external_id type: object AWSNewExternalIDResponseData: description: AWS External ID response body. properties: attributes: $ref: '#/components/schemas/AWSNewExternalIDResponseAttributes' id: default: external_id description: The `AWSNewExternalIDResponseData` `id`. example: external_id type: string type: $ref: '#/components/schemas/AWSNewExternalIDResponseDataType' required: - id - type type: object AWSNewExternalIDResponseDataType: default: external_id description: The `AWSNewExternalIDResponseData` `type`. enum: - external_id example: external_id type: string x-enum-varnames: - EXTERNAL_ID AWSRegions: description: AWS Regions to collect data from. Defaults to `include_all`. oneOf: - $ref: '#/components/schemas/AWSRegionsIncludeAll' - $ref: '#/components/schemas/AWSRegionsIncludeOnly' AWSRegionsIncludeAll: description: Include all regions. Defaults to `true`. properties: include_all: description: Include all regions. example: true type: boolean required: - include_all type: object AWSRegionsIncludeOnly: description: Include only these regions. properties: include_only: description: Include only these regions. example: - us-east-1 items: example: us-east-1 type: string type: array required: - include_only type: object AWSResourcesConfig: description: AWS Resources Collection config. properties: cloud_security_posture_management_collection: description: Enable Cloud Security Management to scan AWS resources for vulnerabilities, misconfigurations, identity risks, and compliance violations. Defaults to `false`. Requires `extended_collection` to be set to `true`. example: false type: boolean extended_collection: description: Whether Datadog collects additional attributes and configuration information about the resources in your AWS account. Defaults to `true`. Required for `cloud_security_posture_management_collection`. example: true type: boolean type: object AWSTracesConfig: description: AWS Traces Collection config. properties: xray_services: $ref: '#/components/schemas/XRayServicesList' type: object AccountFilteringConfig: description: The account filtering configuration. properties: excluded_accounts: description: The AWS account IDs to be excluded from your billing dataset. This field is used when `include_new_accounts` is `true`. example: - '123456789123' - '123456789143' items: type: string type: array include_new_accounts: description: Whether or not to automatically include new member accounts by default in your billing dataset. example: true type: boolean included_accounts: description: The AWS account IDs to be included in your billing dataset. This field is used when `include_new_accounts` is `false`. example: - '123456789123' - '123456789143' items: type: string type: array type: object ActionConnectionAttributes: description: The definition of `ActionConnectionAttributes` object. properties: integration: $ref: '#/components/schemas/ActionConnectionIntegration' name: description: Name of the connection example: My AWS Connection type: string required: - name - integration type: object ActionConnectionAttributesUpdate: description: The definition of `ActionConnectionAttributesUpdate` object. properties: integration: $ref: '#/components/schemas/ActionConnectionIntegrationUpdate' name: description: Name of the connection example: My AWS Connection type: string type: object ActionConnectionData: description: Data related to the connection. properties: attributes: $ref: '#/components/schemas/ActionConnectionAttributes' id: description: The connection identifier readOnly: true type: string type: $ref: '#/components/schemas/ActionConnectionDataType' required: - type - attributes type: object ActionConnectionDataType: description: The definition of `ActionConnectionDataType` object. enum: - action_connection example: action_connection type: string x-enum-varnames: - ACTION_CONNECTION ActionConnectionDataUpdate: description: Data related to the connection update. properties: attributes: $ref: '#/components/schemas/ActionConnectionAttributesUpdate' type: $ref: '#/components/schemas/ActionConnectionDataType' required: - type - attributes type: object ActionConnectionIntegration: description: The definition of `ActionConnectionIntegration` object. oneOf: - $ref: '#/components/schemas/AWSIntegration' - $ref: '#/components/schemas/HTTPIntegration' ActionConnectionIntegrationUpdate: description: The definition of `ActionConnectionIntegrationUpdate` object. oneOf: - $ref: '#/components/schemas/AWSIntegrationUpdate' - $ref: '#/components/schemas/HTTPIntegrationUpdate' ActionQuery: description: An action query. This query type is used to trigger an action, such as sending a HTTP request. properties: events: description: Events to listen for downstream of the action query. items: $ref: '#/components/schemas/AppBuilderEvent' type: array id: description: The ID of the action query. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string name: description: A unique identifier for this action query. This name is also used to access the query's result throughout the app. example: fetchPendingOrders type: string properties: $ref: '#/components/schemas/ActionQueryProperties' type: $ref: '#/components/schemas/ActionQueryType' required: - id - name - type - properties type: object ActionQueryCondition: description: Whether to run this query. If specified, the query will only run if this condition evaluates to `true` in JavaScript and all other conditions are also met. oneOf: - type: boolean - example: ${true} type: string ActionQueryDebounceInMs: description: The minimum time in milliseconds that must pass before the query can be triggered again. This is useful for preventing accidental double-clicks from triggering the query multiple times. oneOf: - example: 310.5 format: double type: number - description: If this is a string, it must be a valid JavaScript expression that evaluates to a number. example: ${1000} type: string ActionQueryMockedOutputs: description: The mocked outputs of the action query. This is useful for testing the app without actually running the action. oneOf: - type: string - $ref: '#/components/schemas/ActionQueryMockedOutputsObject' ActionQueryMockedOutputsEnabled: description: Whether to enable the mocked outputs for testing. oneOf: - type: boolean - description: If this is a string, it must be a valid JavaScript expression that evaluates to a boolean. example: ${true} type: string ActionQueryMockedOutputsObject: description: The mocked outputs of the action query. properties: enabled: $ref: '#/components/schemas/ActionQueryMockedOutputsEnabled' outputs: description: The mocked outputs of the action query, serialized as JSON. example: '{"status": "success"}' type: string required: - enabled type: object ActionQueryOnlyTriggerManually: description: Determines when this query is executed. If set to `false`, the query will run when the app loads and whenever any query arguments change. If set to `true`, the query will only run when manually triggered from elsewhere in the app. oneOf: - type: boolean - description: If this is a string, it must be a valid JavaScript expression that evaluates to a boolean. example: ${true} type: string ActionQueryPollingIntervalInMs: description: If specified, the app will poll the query at the specified interval in milliseconds. The minimum polling interval is 15 seconds. The query will only poll when the app's browser tab is active. oneOf: - example: 30000.0 format: double minimum: 15000.0 type: number - description: If this is a string, it must be a valid JavaScript expression that evaluates to a number. example: ${15000} type: string ActionQueryProperties: description: The properties of the action query. properties: condition: $ref: '#/components/schemas/ActionQueryCondition' debounceInMs: $ref: '#/components/schemas/ActionQueryDebounceInMs' mockedOutputs: $ref: '#/components/schemas/ActionQueryMockedOutputs' onlyTriggerManually: $ref: '#/components/schemas/ActionQueryOnlyTriggerManually' outputs: description: The post-query transformation function, which is a JavaScript function that changes the query's `.outputs` property after the query's execution. example: ${((outputs) => {return outputs.body.data})(self.rawOutputs)} type: string pollingIntervalInMs: $ref: '#/components/schemas/ActionQueryPollingIntervalInMs' requiresConfirmation: $ref: '#/components/schemas/ActionQueryRequiresConfirmation' showToastOnError: $ref: '#/components/schemas/ActionQueryShowToastOnError' spec: $ref: '#/components/schemas/ActionQuerySpec' required: - spec type: object ActionQueryRequiresConfirmation: description: Whether to prompt the user to confirm this query before it runs. oneOf: - type: boolean - description: If this is a string, it must be a valid JavaScript expression that evaluates to a boolean. example: ${true} type: string ActionQueryShowToastOnError: description: Whether to display a toast to the user when the query returns an error. oneOf: - type: boolean - description: If this is a string, it must be a valid JavaScript expression that evaluates to a boolean. example: ${true} type: string ActionQuerySpec: description: The definition of the action query. oneOf: - type: string - $ref: '#/components/schemas/ActionQuerySpecObject' ActionQuerySpecConnectionGroup: description: The connection group to use for an action query. properties: id: description: The ID of the connection group. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string tags: description: The tags of the connection group. items: type: string type: array type: object ActionQuerySpecInput: additionalProperties: {} description: The inputs to the action query. See the [Actions Catalog](https://docs.datadoghq.com/actions/actions_catalog/) for more detail on each action and its inputs. type: object ActionQuerySpecInputs: description: The inputs to the action query. These are the values that are passed to the action when it is triggered. oneOf: - type: string - $ref: '#/components/schemas/ActionQuerySpecInput' ActionQuerySpecObject: description: The action query spec object. properties: connectionGroup: $ref: '#/components/schemas/ActionQuerySpecConnectionGroup' connectionId: description: The ID of the custom connection to use for this action query. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 type: string fqn: description: The fully qualified name of the action type. example: com.datadoghq.http.request type: string inputs: $ref: '#/components/schemas/ActionQuerySpecInputs' required: - fqn type: object ActionQueryType: default: action description: The action query type. enum: - action example: action type: string x-enum-varnames: - ACTION ActiveBillingDimensionsAttributes: description: List of active billing dimensions. properties: month: description: 'Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]`.' format: date-time type: string values: description: 'List of active billing dimensions. Example: `[infra_host, apm_host, serverless_infra]`.' items: description: A given billing dimension in a list. example: infra_host type: string type: array type: object ActiveBillingDimensionsBody: description: Active billing dimensions data. properties: attributes: $ref: '#/components/schemas/ActiveBillingDimensionsAttributes' id: description: Unique ID of the response. type: string type: $ref: '#/components/schemas/ActiveBillingDimensionsType' type: object ActiveBillingDimensionsResponse: description: Active billing dimensions response. properties: data: $ref: '#/components/schemas/ActiveBillingDimensionsBody' type: object ActiveBillingDimensionsType: default: billing_dimensions description: Type of active billing dimensions data. enum: - billing_dimensions type: string x-enum-varnames: - BILLING_DIMENSIONS Advisory: description: Advisory. properties: base_severity: description: Advisory base severity. example: Critical type: string id: description: Advisory id. example: GHSA-4wrc-f8pq-fpqp type: string severity: description: Advisory Datadog severity. example: Medium type: string required: - id - base_severity type: object Annotation: description: A list of annotations used in the workflow. These are like sticky notes for your workflow! properties: display: $ref: '#/components/schemas/AnnotationDisplay' id: description: The `Annotation` `id`. example: '' type: string markdownTextAnnotation: $ref: '#/components/schemas/AnnotationMarkdownTextAnnotation' required: - id - display - markdownTextAnnotation type: object AnnotationDisplay: description: The definition of `AnnotationDisplay` object. properties: bounds: $ref: '#/components/schemas/AnnotationDisplayBounds' type: object AnnotationDisplayBounds: description: The definition of `AnnotationDisplayBounds` object. properties: height: description: The `bounds` `height`. format: double type: number width: description: The `bounds` `width`. format: double type: number x: description: The `bounds` `x`. format: double type: number y: description: The `bounds` `y`. format: double type: number type: object AnnotationMarkdownTextAnnotation: description: The definition of `AnnotationMarkdownTextAnnotation` object. properties: text: description: The `markdownTextAnnotation` `text`. type: string type: object ApiID: description: API identifier. example: 90646597-5fdb-4a17-a240-647003f8c028 format: uuid type: string ApmRetentionFilterType: default: apm_retention_filter description: The type of the resource. enum: - apm_retention_filter example: apm_retention_filter type: string x-enum-varnames: - apm_retention_filter AppBuilderEvent: additionalProperties: {} description: An event on a UI component that triggers a response or action in an app. properties: name: $ref: '#/components/schemas/AppBuilderEventName' type: $ref: '#/components/schemas/AppBuilderEventType' type: object AppBuilderEventName: description: The triggering action for the event. enum: - pageChange - tableRowClick - _tableRowButtonClick - change - submit - click - toggleOpen - close - open - executionFinished example: click type: string x-enum-varnames: - PAGECHANGE - TABLEROWCLICK - TABLEROWBUTTONCLICK - CHANGE - SUBMIT - CLICK - TOGGLEOPEN - CLOSE - OPEN - EXECUTIONFINISHED AppBuilderEventType: description: The response to the event. enum: - custom - setComponentState - triggerQuery - openModal - closeModal - openUrl - downloadFile - setStateVariableValue example: triggerQuery type: string x-enum-varnames: - CUSTOM - SETCOMPONENTSTATE - TRIGGERQUERY - OPENMODAL - CLOSEMODAL - OPENURL - DOWNLOADFILE - SETSTATEVARIABLEVALUE AppDefinitionType: default: appDefinitions description: The app definition type. enum: - appDefinitions example: appDefinitions type: string x-enum-varnames: - APPDEFINITIONS AppDeploymentType: default: deployment description: The deployment type. enum: - deployment example: deployment type: string x-enum-varnames: - DEPLOYMENT AppMeta: description: Metadata of an app. properties: created_at: description: Timestamp of when the app was created. format: date-time type: string deleted_at: description: Timestamp of when the app was deleted. format: date-time type: string org_id: description: The Datadog organization ID that owns the app. format: int64 type: integer updated_at: description: Timestamp of when the app was last updated. format: date-time type: string updated_since_deployment: description: Whether the app was updated since it was last published. Published apps are pinned to a specific version and do not automatically update when the app is updated. type: boolean user_id: description: The ID of the user who created the app. format: int64 type: integer user_name: description: The name (or email address) of the user who created the app. type: string user_uuid: description: The UUID of the user who created the app. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string version: description: The version number of the app. This starts at 1 and increments with each update. format: int64 type: integer type: object AppRelationship: description: The app's publication relationship and custom connections. properties: connections: description: Array of custom connections used by the app. items: $ref: '#/components/schemas/CustomConnection' type: array deployment: $ref: '#/components/schemas/DeploymentRelationship' type: object AppTriggerWrapper: description: Schema for an App-based trigger. properties: appTrigger: description: Trigger a workflow from an App. type: object startStepNames: $ref: '#/components/schemas/StartStepNames' required: - appTrigger type: object ApplicationKeyCreateAttributes: description: Attributes used to create an application Key. properties: name: description: Name of the application key. example: Application Key for managing dashboards type: string scopes: description: Array of scopes to grant the application key. example: - dashboards_read - dashboards_write - dashboards_public_share items: description: Name of scope. type: string nullable: true type: array required: - name type: object ApplicationKeyCreateData: description: Object used to create an application key. properties: attributes: $ref: '#/components/schemas/ApplicationKeyCreateAttributes' type: $ref: '#/components/schemas/ApplicationKeysType' required: - attributes - type type: object ApplicationKeyCreateRequest: description: Request used to create an application key. properties: data: $ref: '#/components/schemas/ApplicationKeyCreateData' required: - data type: object ApplicationKeyRelationships: description: Resources related to the application key. properties: owned_by: $ref: '#/components/schemas/RelationshipToUser' type: object ApplicationKeyResponse: description: Response for retrieving an application key. properties: data: $ref: '#/components/schemas/FullApplicationKey' included: description: Array of objects related to the application key. items: $ref: '#/components/schemas/ApplicationKeyResponseIncludedItem' type: array type: object ApplicationKeyResponseIncludedItem: description: An object related to an application key. oneOf: - $ref: '#/components/schemas/User' - $ref: '#/components/schemas/Role' - $ref: '#/components/schemas/LeakedKey' ApplicationKeyResponseMeta: description: Additional information related to the application key response. properties: max_allowed_per_user: description: Max allowed number of application keys per user. format: int64 type: integer page: $ref: '#/components/schemas/ApplicationKeyResponseMetaPage' type: object ApplicationKeyResponseMetaPage: description: Additional information related to the application key response. properties: total_filtered_count: description: Total filtered application key count. format: int64 type: integer type: object ApplicationKeyUpdateAttributes: description: Attributes used to update an application Key. properties: name: description: Name of the application key. example: Application Key for managing dashboards type: string scopes: description: Array of scopes to grant the application key. example: - dashboards_read - dashboards_write - dashboards_public_share items: description: Name of scope. type: string nullable: true type: array type: object ApplicationKeyUpdateData: description: Object used to update an application key. properties: attributes: $ref: '#/components/schemas/ApplicationKeyUpdateAttributes' id: description: ID of the application key. example: 00112233-4455-6677-8899-aabbccddeeff type: string type: $ref: '#/components/schemas/ApplicationKeysType' required: - attributes - id - type type: object ApplicationKeyUpdateRequest: description: Request used to update an application key. properties: data: $ref: '#/components/schemas/ApplicationKeyUpdateData' required: - data type: object ApplicationKeysSort: default: name description: Sorting options enum: - created_at - -created_at - last4 - -last4 - name - -name type: string x-enum-varnames: - CREATED_AT_ASCENDING - CREATED_AT_DESCENDING - LAST4_ASCENDING - LAST4_DESCENDING - NAME_ASCENDING - NAME_DESCENDING ApplicationKeysType: default: application_keys description: Application Keys resource type. enum: - application_keys example: application_keys type: string x-enum-varnames: - APPLICATION_KEYS ApplicationSecurityWafCustomRuleAction: description: The definition of `ApplicationSecurityWafCustomRuleAction` object. properties: action: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleActionAction' parameters: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleActionParameters' type: object ApplicationSecurityWafCustomRuleActionAction: default: block_request description: Override the default action to take when the WAF custom rule would block. enum: - redirect_request - block_request example: block_request type: string x-enum-varnames: - REDIRECT_REQUEST - BLOCK_REQUEST ApplicationSecurityWafCustomRuleActionParameters: description: The definition of `ApplicationSecurityWafCustomRuleActionParameters` object. properties: location: description: The location to redirect to when the WAF custom rule triggers. example: /blocking type: string status_code: default: 403 description: The status code to return when the WAF custom rule triggers. example: 403 format: int64 type: integer type: object ApplicationSecurityWafCustomRuleAttributes: description: A WAF custom rule. properties: action: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleAction' blocking: description: Indicates whether the WAF custom rule will block the request. example: false type: boolean conditions: description: 'Conditions for which the WAF Custom Rule will triggers, all conditions needs to match in order for the WAF rule to trigger.' items: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleCondition' type: array enabled: description: Indicates whether the WAF custom rule is enabled. example: false type: boolean metadata: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleMetadata' name: description: The Name of the WAF custom rule. example: Block request from bad useragent type: string path_glob: description: The path glob for the WAF custom rule. example: /api/search/* type: string scope: description: The scope of the WAF custom rule. items: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleScope' type: array tags: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleTags' required: - enabled - blocking - name - tags - conditions type: object ApplicationSecurityWafCustomRuleCondition: description: One condition of the WAF Custom Rule. properties: operator: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleConditionOperator' parameters: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleConditionParameters' required: - operator - parameters type: object ApplicationSecurityWafCustomRuleConditionInput: description: Input from the request on which the condition should apply. properties: address: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleConditionInputAddress' key_path: description: Specific path for the input. items: type: string type: array required: - address type: object ApplicationSecurityWafCustomRuleConditionInputAddress: description: Input from the request on which the condition should apply. enum: - server.db.statement - server.io.fs.file - server.io.net.url - server.sys.shell.cmd - server.request.method - server.request.uri.raw - server.request.path_params - server.request.query - server.request.headers.no_cookies - server.request.cookies - server.request.trailers - server.request.body - server.response.status - server.response.headers.no_cookies - server.response.trailers - grpc.server.request.metadata - grpc.server.request.message - grpc.server.method - graphql.server.all_resolvers - usr.id - http.client_ip example: server.db.statement type: string x-enum-varnames: - SERVER_DB_STATEMENT - SERVER_IO_FS_FILE - SERVER_IO_NET_URL - SERVER_SYS_SHELL_CMD - SERVER_REQUEST_METHOD - SERVER_REQUEST_URI_RAW - SERVER_REQUEST_PATH_PARAMS - SERVER_REQUEST_QUERY - SERVER_REQUEST_HEADERS_NO_COOKIES - SERVER_REQUEST_COOKIES - SERVER_REQUEST_TRAILERS - SERVER_REQUEST_BODY - SERVER_RESPONSE_STATUS - SERVER_RESPONSE_HEADERS_NO_COOKIES - SERVER_RESPONSE_TRAILERS - GRPC_SERVER_REQUEST_METADATA - GRPC_SERVER_REQUEST_MESSAGE - GRPC_SERVER_METHOD - GRAPHQL_SERVER_ALL_RESOLVERS - USR_ID - HTTP_CLIENT_IP ApplicationSecurityWafCustomRuleConditionOperator: description: Operator to use for the WAF Condition. enum: - match_regex - '!match_regex' - phrase_match - '!phrase_match' - is_xss - is_sqli - exact_match - '!exact_match' - ip_match - '!ip_match' - capture_data example: match_regex type: string x-enum-varnames: - MATCH_REGEX - NOT_MATCH_REGEX - PHRASE_MATCH - NOT_PHRASE_MATCH - IS_XSS - IS_SQLI - EXACT_MATCH - NOT_EXACT_MATCH - IP_MATCH - NOT_IP_MATCH - CAPTURE_DATA ApplicationSecurityWafCustomRuleConditionOptions: description: Options for the operator of this condition. properties: case_sensitive: default: false description: Evaluate the value as case sensitive. type: boolean min_length: default: 0 description: Only evaluate this condition if the value has a minimum amount of characters. format: int64 type: integer type: object ApplicationSecurityWafCustomRuleConditionParameters: description: The scope of the WAF custom rule. properties: data: description: Identifier of a list of data from the denylist. Can only be used as substitution from the list parameter. example: blocked_users type: string inputs: description: List of inputs on which at least one should match with the given operator. items: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleConditionInput' type: array list: description: 'List of value to use with the condition. Only used with the phrase_match, !phrase_match, exact_match and !exact_match operator.' items: type: string type: array options: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleConditionOptions' regex: description: Regex to use with the condition. Only used with match_regex and !match_regex operator. example: path.* type: string value: description: Store the captured value in the specified tag name. Only used with the capture_data operator. example: custom_tag type: string required: - inputs type: object ApplicationSecurityWafCustomRuleCreateAttributes: description: Create a new WAF custom rule. properties: action: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleAction' blocking: description: Indicates whether the WAF custom rule will block the request. example: false type: boolean conditions: description: 'Conditions for which the WAF Custom Rule will triggers, all conditions needs to match in order for the WAF rule to trigger' items: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleCondition' type: array enabled: description: Indicates whether the WAF custom rule is enabled. example: false type: boolean name: description: The Name of the WAF custom rule. example: Block request from a bad useragent type: string path_glob: description: The path glob for the WAF custom rule. example: /api/search/* type: string scope: description: The scope of the WAF custom rule. items: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleScope' type: array tags: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleTags' required: - enabled - blocking - name - tags - conditions type: object ApplicationSecurityWafCustomRuleCreateData: description: Object for a single WAF custom rule. properties: attributes: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleCreateAttributes' type: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleType' required: - attributes - type type: object ApplicationSecurityWafCustomRuleCreateRequest: description: Request object that includes the custom rule to create. properties: data: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleCreateData' required: - data type: object ApplicationSecurityWafCustomRuleData: description: Object for a single WAF custom rule. properties: attributes: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleAttributes' id: description: The ID of the custom rule. example: 2857c47d-1e3a-4300-8b2f-dc24089c084b readOnly: true type: string type: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleType' type: object ApplicationSecurityWafCustomRuleListResponse: description: Response object that includes a list of WAF custom rules. properties: data: description: The WAF custom rule data. items: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleData' type: array type: object ApplicationSecurityWafCustomRuleMetadata: description: Metadata associated with the WAF Custom Rule. properties: added_at: description: The date and time the WAF custom rule was created. example: '2021-01-01T00:00:00Z' format: date-time type: string added_by: description: The handle of the user who created the WAF custom rule. example: john.doe@datadoghq.com type: string added_by_name: description: The name of the user who created the WAF custom rule. example: John Doe type: string modified_at: description: The date and time the WAF custom rule was last updated. example: '2021-01-01T00:00:00Z' format: date-time type: string modified_by: description: The handle of the user who last updated the WAF custom rule. example: john.doe@datadoghq.com type: string modified_by_name: description: The name of the user who last updated the WAF custom rule. example: John Doe type: string readOnly: true type: object ApplicationSecurityWafCustomRuleResponse: description: Response object that includes a single WAF custom rule. properties: data: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleData' type: object ApplicationSecurityWafCustomRuleScope: description: The scope of the WAF custom rule. properties: env: description: The environment scope for the WAF custom rule. example: prod type: string service: description: The service scope for the WAF custom rule. example: billing-service type: string required: - service - env type: object ApplicationSecurityWafCustomRuleTags: additionalProperties: type: string description: 'Tags associated with the WAF Custom Rule. The concatenation of category and type will form the security activity field associated with the traces.' maxProperties: 32 properties: category: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleTagsCategory' type: description: The type of the WAF rule, associated with the category will form the security activity. example: users.login.success type: string required: - category - type type: object ApplicationSecurityWafCustomRuleTagsCategory: description: The category of the WAF Rule, can be either `business_logic`, `attack_attempt` or `security_response`. enum: - attack_attempt - business_logic - security_response example: business_logic type: string x-enum-varnames: - ATTACK_ATTEMPT - BUSINESS_LOGIC - SECURITY_RESPONSE ApplicationSecurityWafCustomRuleType: default: custom_rule description: The type of the resource. The value should always be `custom_rule`. enum: - custom_rule example: custom_rule type: string x-enum-varnames: - CUSTOM_RULE ApplicationSecurityWafCustomRuleUpdateAttributes: description: Update a WAF custom rule. properties: action: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleAction' blocking: description: Indicates whether the WAF custom rule will block the request. example: false type: boolean conditions: description: 'Conditions for which the WAF Custom Rule will triggers, all conditions needs to match in order for the WAF rule to trigger.' items: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleCondition' type: array enabled: description: Indicates whether the WAF custom rule is enabled. example: false type: boolean name: description: The Name of the WAF custom rule. example: Block request from bad useragent type: string path_glob: description: The path glob for the WAF custom rule. example: /api/search/* type: string scope: description: The scope of the WAF custom rule. items: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleScope' type: array tags: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleTags' required: - enabled - blocking - name - tags - conditions type: object ApplicationSecurityWafCustomRuleUpdateData: description: Object for a single WAF Custom Rule. properties: attributes: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleUpdateAttributes' type: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleType' required: - attributes - type type: object ApplicationSecurityWafCustomRuleUpdateRequest: description: Request object that includes the Custom Rule to update. properties: data: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleUpdateData' required: - data type: object ApplicationSecurityWafExclusionFilterAttributes: description: Attributes describing a WAF exclusion filter. properties: description: description: A description for the exclusion filter. example: Exclude false positives on a path type: string enabled: description: Indicates whether the exclusion filter is enabled. example: true type: boolean event_query: description: The event query matched by the legacy exclusion filter. Cannot be created nor updated. type: string ip_list: description: The client IP addresses matched by the exclusion filter (CIDR notation is supported). items: example: 198.51.100.72 type: string type: array metadata: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterMetadata' on_match: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterOnMatch' parameters: description: A list of parameters matched by the exclusion filter in the HTTP query string and HTTP request body. Nested parameters can be matched by joining fields with a dot character. items: example: list.search.query type: string type: array path_glob: description: The HTTP path glob expression matched by the exclusion filter. example: /accounts/* type: string rules_target: description: The WAF rules targeted by the exclusion filter. items: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterRulesTarget' type: array scope: description: The services where the exclusion filter is deployed. items: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterScope' type: array search_query: description: Generated event search query for traces matching the exclusion filter. readOnly: true type: string type: object ApplicationSecurityWafExclusionFilterCreateAttributes: description: Attributes for creating a WAF exclusion filter. properties: description: description: A description for the exclusion filter. example: Exclude false positives on a path type: string enabled: description: Indicates whether the exclusion filter is enabled. example: true type: boolean ip_list: description: The client IP addresses matched by the exclusion filter (CIDR notation is supported). items: example: 198.51.100.72 type: string type: array on_match: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterOnMatch' parameters: description: A list of parameters matched by the exclusion filter in the HTTP query string and HTTP request body. Nested parameters can be matched by joining fields with a dot character. items: example: list.search.query type: string type: array path_glob: description: The HTTP path glob expression matched by the exclusion filter. example: /accounts/* type: string rules_target: description: The WAF rules targeted by the exclusion filter. items: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterRulesTarget' type: array scope: description: The services where the exclusion filter is deployed. items: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterScope' type: array required: - description - enabled type: object ApplicationSecurityWafExclusionFilterCreateData: description: Object for creating a single WAF exclusion filter. properties: attributes: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterCreateAttributes' type: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterType' required: - attributes - type type: object ApplicationSecurityWafExclusionFilterCreateRequest: description: Request object for creating a single WAF exclusion filter. properties: data: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterCreateData' required: - data type: object ApplicationSecurityWafExclusionFilterID: description: The identifier of the WAF exclusion filter. example: 3dd-0uc-h1s readOnly: true type: string ApplicationSecurityWafExclusionFilterMetadata: description: Extra information about the exclusion filter. properties: added_at: description: The creation date of the exclusion filter. format: date-time type: string added_by: description: The handle of the user who created the exclusion filter. type: string added_by_name: description: The name of the user who created the exclusion filter. type: string modified_at: description: The last modification date of the exclusion filter. format: date-time type: string modified_by: description: The handle of the user who last modified the exclusion filter. type: string modified_by_name: description: The name of the user who last modified the exclusion filter. type: string readOnly: true type: object ApplicationSecurityWafExclusionFilterOnMatch: description: The action taken when the exclusion filter matches. When set to `monitor`, security traces are emitted but the requests are not blocked. By default, security traces are not emitted and the requests are not blocked. enum: - monitor type: string x-enum-varnames: - MONITOR ApplicationSecurityWafExclusionFilterResource: description: A JSON:API resource for an WAF exclusion filter. properties: attributes: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterAttributes' id: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterID' type: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterType' type: object ApplicationSecurityWafExclusionFilterResponse: description: Response object for a single WAF exclusion filter. properties: data: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterResource' type: object ApplicationSecurityWafExclusionFilterRulesTarget: description: Target WAF rules based either on an identifier or tags. properties: rule_id: description: Target a single WAF rule based on its identifier. example: dog-913-009 type: string tags: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterRulesTargetTags' type: object ApplicationSecurityWafExclusionFilterRulesTargetTags: additionalProperties: type: string description: Target multiple WAF rules based on their tags. properties: category: description: The category of the targeted WAF rules. example: attack_attempt type: string type: description: The type of the targeted WAF rules. example: lfi type: string type: object ApplicationSecurityWafExclusionFilterScope: description: Deploy on services based on their environment and/or service name. properties: env: description: Deploy on this environment. example: www type: string service: description: Deploy on this service. example: prod type: string type: object ApplicationSecurityWafExclusionFilterType: default: exclusion_filter description: Type of the resource. The value should always be `exclusion_filter`. enum: - exclusion_filter example: exclusion_filter type: string x-enum-varnames: - EXCLUSION_FILTER ApplicationSecurityWafExclusionFilterUpdateAttributes: description: Attributes for updating a WAF exclusion filter. properties: description: description: A description for the exclusion filter. example: Exclude false positives on a path type: string enabled: description: Indicates whether the exclusion filter is enabled. example: true type: boolean ip_list: description: The client IP addresses matched by the exclusion filter (CIDR notation is supported). items: example: 198.51.100.72 type: string type: array on_match: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterOnMatch' parameters: description: A list of parameters matched by the exclusion filter in the HTTP query string and HTTP request body. Nested parameters can be matched by joining fields with a dot character. items: example: list.search.query type: string type: array path_glob: description: The HTTP path glob expression matched by the exclusion filter. example: /accounts/* type: string rules_target: description: The WAF rules targeted by the exclusion filter. items: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterRulesTarget' type: array scope: description: The services where the exclusion filter is deployed. items: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterScope' type: array required: - description - enabled type: object ApplicationSecurityWafExclusionFilterUpdateData: description: Object for updating a single WAF exclusion filter. properties: attributes: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterUpdateAttributes' type: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterType' required: - attributes - type type: object ApplicationSecurityWafExclusionFilterUpdateRequest: description: Request object for updating a single WAF exclusion filter. properties: data: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterUpdateData' required: - data type: object ApplicationSecurityWafExclusionFiltersResponse: description: Response object for multiple WAF exclusion filters. properties: data: description: A list of WAF exclusion filters. items: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterResource' type: array type: object AppsSortField: description: The field and direction to sort apps by enum: - name - created_at - updated_at - user_name - -name - -created_at - -updated_at - -user_name example: -created_at type: string x-enum-varnames: - NAME - CREATED_AT - UPDATED_AT - USER_NAME - NAME_DESC - CREATED_AT_DESC - UPDATED_AT_DESC - USER_NAME_DESC Asset: description: A single vulnerable asset properties: attributes: $ref: '#/components/schemas/AssetAttributes' id: description: The unique ID for this asset. example: Repository|github.com/DataDog/datadog-agent.git type: string type: $ref: '#/components/schemas/AssetEntityType' required: - id - type - attributes type: object AssetAttributes: description: The JSON:API attributes of the asset. properties: arch: description: Asset architecture. example: arm64 type: string environments: description: List of environments where the asset is deployed. example: - staging items: example: staging type: string type: array name: description: Asset name. example: github.com/DataDog/datadog-agent.git type: string operating_system: $ref: '#/components/schemas/AssetOperatingSystem' risks: $ref: '#/components/schemas/AssetRisks' type: $ref: '#/components/schemas/AssetType' version: $ref: '#/components/schemas/AssetVersion' required: - name - type - risks - environments type: object AssetEntityType: description: The JSON:API type. enum: - assets example: assets type: string x-enum-varnames: - ASSETS AssetOperatingSystem: description: Asset operating system. properties: description: description: Operating system version. example: '24.04' type: string name: description: Operating system name. example: ubuntu type: string required: - name type: object AssetRisks: description: Asset risks. properties: has_access_to_sensitive_data: description: Whether the asset has access to sensitive data or not. example: false type: boolean has_privileged_access: description: Whether the asset has privileged access or not. example: false type: boolean in_production: description: Whether the asset is in production or not. example: false type: boolean is_publicly_accessible: description: Whether the asset is publicly accessible or not. example: false type: boolean under_attack: description: Whether the asset is under attack or not. example: false type: boolean required: - in_production type: object AssetType: description: The asset type enum: - Repository - Service - Host - HostImage - Image example: Repository type: string x-enum-varnames: - REPOSITORY - SERVICE - HOST - HOSTIMAGE - IMAGE AssetVersion: description: Asset version. properties: first: description: Asset first version. example: _latest type: string last: description: Asset last version. example: _latest type: string type: object AuditLogsEvent: description: Object description of an Audit Logs event after it is processed and stored by Datadog. properties: attributes: $ref: '#/components/schemas/AuditLogsEventAttributes' id: description: Unique ID of the event. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: '#/components/schemas/AuditLogsEventType' type: object AuditLogsEventAttributes: description: JSON object containing all event attributes and their associated values. properties: attributes: additionalProperties: {} description: JSON object of attributes from Audit Logs events. example: customAttribute: 123 duration: 2345 type: object message: description: Message of the event. type: string service: description: 'Name of the application or service generating Audit Logs events. This name is used to correlate Audit Logs to APM, so make sure you specify the same value when you use both products.' example: web-app type: string tags: description: Array of tags associated with your event. example: - team:A items: description: Tag associated with your event. type: string type: array timestamp: description: Timestamp of your event. example: '2019-01-02T09:42:36.320Z' format: date-time type: string type: object AuditLogsEventType: default: audit description: Type of the event. enum: - audit example: audit type: string x-enum-varnames: - Audit AuditLogsEventsResponse: description: Response object with all events matching the request and pagination information. properties: data: description: Array of events matching the request. items: $ref: '#/components/schemas/AuditLogsEvent' type: array links: $ref: '#/components/schemas/AuditLogsResponseLinks' meta: $ref: '#/components/schemas/AuditLogsResponseMetadata' type: object AuditLogsQueryFilter: description: Search and filter query settings. properties: from: default: now-15m description: Minimum time for the requested events. Supports date, math, and regular timestamps (in milliseconds). example: now-15m type: string query: default: '*' description: Search query following the Audit Logs search syntax. example: '@type:session AND @session.type:user' type: string to: default: now description: Maximum time for the requested events. Supports date, math, and regular timestamps (in milliseconds). example: now type: string type: object AuditLogsQueryOptions: description: 'Global query options that are used during the query. Note: Specify either timezone or time offset, not both. Otherwise, the query fails.' properties: time_offset: description: Time offset (in seconds) to apply to the query. format: int64 type: integer timezone: default: UTC description: The timezone can be specified as GMT, UTC, an offset from UTC (like UTC+1), or as a Timezone Database identifier (like America/New_York). example: GMT type: string type: object AuditLogsQueryPageOptions: description: Paging attributes for listing events. properties: cursor: description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string limit: default: 10 description: Maximum number of events in the response. example: 25 format: int32 maximum: 1000 type: integer type: object AuditLogsResponseLinks: description: Links attributes. properties: next: description: 'Link for the next set of results. Note that the request can also be made using the POST endpoint.' example: https://app.datadoghq.com/api/v2/audit/event?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object AuditLogsResponseMetadata: description: The metadata associated with a request. properties: elapsed: description: Time elapsed in milliseconds. example: 132 format: int64 type: integer page: $ref: '#/components/schemas/AuditLogsResponsePage' request_id: description: The identifier of the request. example: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR type: string status: $ref: '#/components/schemas/AuditLogsResponseStatus' warnings: description: 'A list of warnings (non-fatal errors) encountered. Partial results may return if warnings are present in the response.' items: $ref: '#/components/schemas/AuditLogsWarning' type: array type: object AuditLogsResponsePage: description: Paging attributes. properties: after: description: The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of `page[cursor]`. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object AuditLogsResponseStatus: description: The status of the response. enum: - done - timeout example: done type: string x-enum-varnames: - DONE - TIMEOUT AuditLogsSearchEventsRequest: description: The request for a Audit Logs events list. properties: filter: $ref: '#/components/schemas/AuditLogsQueryFilter' options: $ref: '#/components/schemas/AuditLogsQueryOptions' page: $ref: '#/components/schemas/AuditLogsQueryPageOptions' sort: $ref: '#/components/schemas/AuditLogsSort' type: object AuditLogsSort: description: Sort parameters when querying events. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING AuditLogsWarning: description: Warning message indicating something that went wrong with the query. properties: code: description: Unique code for this type of warning. example: unknown_index type: string detail: description: Detailed explanation of this specific warning. example: 'indexes: foo, bar' type: string title: description: Short human-readable summary of the warning. example: One or several indexes are missing or invalid, results hold data from the other indexes type: string type: object AuthNMapping: description: The AuthN Mapping object returned by API. properties: attributes: $ref: '#/components/schemas/AuthNMappingAttributes' id: description: ID of the AuthN Mapping. example: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: string relationships: $ref: '#/components/schemas/AuthNMappingRelationships' type: $ref: '#/components/schemas/AuthNMappingsType' required: - id - type type: object AuthNMappingAttributes: description: Attributes of AuthN Mapping. properties: attribute_key: description: Key portion of a key/value pair of the attribute sent from the Identity Provider. example: member-of type: string attribute_value: description: Value portion of a key/value pair of the attribute sent from the Identity Provider. example: Development type: string created_at: description: Creation time of the AuthN Mapping. format: date-time readOnly: true type: string modified_at: description: Time of last AuthN Mapping modification. format: date-time readOnly: true type: string saml_assertion_attribute_id: description: The ID of the SAML assertion attribute. example: '0' type: string type: object AuthNMappingCreateAttributes: description: Key/Value pair of attributes used for create request. properties: attribute_key: description: Key portion of a key/value pair of the attribute sent from the Identity Provider. example: member-of type: string attribute_value: description: Value portion of a key/value pair of the attribute sent from the Identity Provider. example: Development type: string type: object AuthNMappingCreateData: description: Data for creating an AuthN Mapping. properties: attributes: $ref: '#/components/schemas/AuthNMappingCreateAttributes' relationships: $ref: '#/components/schemas/AuthNMappingCreateRelationships' type: $ref: '#/components/schemas/AuthNMappingsType' required: - type type: object AuthNMappingCreateRelationships: description: Relationship of AuthN Mapping create object to a Role or Team. oneOf: - $ref: '#/components/schemas/AuthNMappingRelationshipToRole' - $ref: '#/components/schemas/AuthNMappingRelationshipToTeam' AuthNMappingCreateRequest: description: Request for creating an AuthN Mapping. properties: data: $ref: '#/components/schemas/AuthNMappingCreateData' required: - data type: object AuthNMappingIncluded: description: Included data in the AuthN Mapping response. oneOf: - $ref: '#/components/schemas/SAMLAssertionAttribute' - $ref: '#/components/schemas/Role' - $ref: '#/components/schemas/AuthNMappingTeam' AuthNMappingRelationshipToRole: description: Relationship of AuthN Mapping to a Role. properties: role: $ref: '#/components/schemas/RelationshipToRole' required: - role type: object AuthNMappingRelationshipToTeam: description: Relationship of AuthN Mapping to a Team. properties: team: $ref: '#/components/schemas/RelationshipToTeam' required: - team type: object AuthNMappingRelationships: description: All relationships associated with AuthN Mapping. properties: role: $ref: '#/components/schemas/RelationshipToRole' saml_assertion_attribute: $ref: '#/components/schemas/RelationshipToSAMLAssertionAttribute' team: $ref: '#/components/schemas/RelationshipToTeam' type: object AuthNMappingResourceType: description: The type of resource being mapped to. enum: - role - team type: string x-enum-varnames: - ROLE - TEAM AuthNMappingResponse: description: AuthN Mapping response from the API. properties: data: $ref: '#/components/schemas/AuthNMapping' included: description: Included data in the AuthN Mapping response. items: $ref: '#/components/schemas/AuthNMappingIncluded' type: array type: object AuthNMappingTeam: description: Team. properties: attributes: $ref: '#/components/schemas/AuthNMappingTeamAttributes' id: description: The ID of the Team. example: f9bb8444-af7f-11ec-ac2c-da7ad0900001 type: string type: $ref: '#/components/schemas/TeamType' type: object AuthNMappingTeamAttributes: description: Team attributes. properties: avatar: description: Unicode representation of the avatar for the team, limited to a single grapheme example: "\U0001F951" nullable: true type: string banner: description: Banner selection for the team format: int64 nullable: true type: integer handle: description: The team's identifier example: example-team maxLength: 195 type: string link_count: description: The number of links belonging to the team format: int32 maximum: 2147483647 readOnly: true type: integer name: description: The name of the team example: Example Team maxLength: 200 type: string summary: description: A brief summary of the team, derived from the `description` maxLength: 120 nullable: true type: string user_count: description: The number of users belonging to the team format: int32 maximum: 2147483647 readOnly: true type: integer type: object AuthNMappingUpdateAttributes: description: Key/Value pair of attributes used for update request. properties: attribute_key: description: Key portion of a key/value pair of the attribute sent from the Identity Provider. example: member-of type: string attribute_value: description: Value portion of a key/value pair of the attribute sent from the Identity Provider. example: Development type: string type: object AuthNMappingUpdateData: description: Data for updating an AuthN Mapping. properties: attributes: $ref: '#/components/schemas/AuthNMappingUpdateAttributes' id: description: ID of the AuthN Mapping. example: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: string relationships: $ref: '#/components/schemas/AuthNMappingUpdateRelationships' type: $ref: '#/components/schemas/AuthNMappingsType' required: - id - type type: object AuthNMappingUpdateRelationships: description: Relationship of AuthN Mapping update object to a Role or Team. oneOf: - $ref: '#/components/schemas/AuthNMappingRelationshipToRole' - $ref: '#/components/schemas/AuthNMappingRelationshipToTeam' AuthNMappingUpdateRequest: description: Request to update an AuthN Mapping. properties: data: $ref: '#/components/schemas/AuthNMappingUpdateData' required: - data type: object AuthNMappingsResponse: description: Array of AuthN Mappings response. properties: data: description: Array of returned AuthN Mappings. items: $ref: '#/components/schemas/AuthNMapping' type: array included: description: Included data in the AuthN Mapping response. items: $ref: '#/components/schemas/AuthNMappingIncluded' type: array meta: $ref: '#/components/schemas/ResponseMetaAttributes' type: object AuthNMappingsSort: description: Sorting options for AuthN Mappings. enum: - created_at - -created_at - role_id - -role_id - saml_assertion_attribute_id - -saml_assertion_attribute_id - role.name - -role.name - saml_assertion_attribute.attribute_key - -saml_assertion_attribute.attribute_key - saml_assertion_attribute.attribute_value - -saml_assertion_attribute.attribute_value type: string x-enum-varnames: - CREATED_AT_ASCENDING - CREATED_AT_DESCENDING - ROLE_ID_ASCENDING - ROLE_ID_DESCENDING - SAML_ASSERTION_ATTRIBUTE_ID_ASCENDING - SAML_ASSERTION_ATTRIBUTE_ID_DESCENDING - ROLE_NAME_ASCENDING - ROLE_NAME_DESCENDING - SAML_ASSERTION_ATTRIBUTE_KEY_ASCENDING - SAML_ASSERTION_ATTRIBUTE_KEY_DESCENDING - SAML_ASSERTION_ATTRIBUTE_VALUE_ASCENDING - SAML_ASSERTION_ATTRIBUTE_VALUE_DESCENDING AuthNMappingsType: default: authn_mappings description: AuthN Mappings resource type. enum: - authn_mappings example: authn_mappings type: string x-enum-varnames: - AUTHN_MAPPINGS AwsAccountId: description: The ID of the AWS account. example: '123456789012' type: string AwsCURConfig: description: AWS CUR config. properties: attributes: $ref: '#/components/schemas/AwsCURConfigAttributes' id: description: The ID of the AWS CUR config. format: int64 type: integer type: $ref: '#/components/schemas/AwsCURConfigType' required: - attributes - type type: object AwsCURConfigAttributes: description: Attributes for An AWS CUR config. properties: account_filters: $ref: '#/components/schemas/AccountFilteringConfig' account_id: description: The AWS account ID. example: '123456789123' type: string bucket_name: description: The AWS bucket name used to store the Cost and Usage Report. example: dd-cost-bucket type: string bucket_region: description: The region the bucket is located in. example: us-east-1 type: string created_at: description: The timestamp when the AWS CUR config was created. pattern: ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{6}$ type: string error_messages: description: The error messages for the AWS CUR config. items: type: string type: array months: deprecated: true description: The number of months the report has been backfilled. format: int32 maximum: 36 type: integer report_name: description: The name of the Cost and Usage Report. example: dd-report-name type: string report_prefix: description: The report prefix used for the Cost and Usage Report. example: dd-report-prefix type: string status: description: The status of the AWS CUR. example: active type: string status_updated_at: description: The timestamp when the AWS CUR config status was updated. pattern: ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{6}$ type: string updated_at: description: The timestamp when the AWS CUR config status was updated. pattern: ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{6}$ type: string required: - account_id - bucket_name - bucket_region - report_name - report_prefix - status type: object AwsCURConfigPatchData: description: AWS CUR config Patch data. properties: attributes: $ref: '#/components/schemas/AwsCURConfigPatchRequestAttributes' type: $ref: '#/components/schemas/AwsCURConfigPatchRequestType' required: - attributes - type type: object AwsCURConfigPatchRequest: description: AWS CUR config Patch Request. properties: data: $ref: '#/components/schemas/AwsCURConfigPatchData' required: - data type: object AwsCURConfigPatchRequestAttributes: description: Attributes for AWS CUR config Patch Request. properties: account_filters: $ref: '#/components/schemas/AccountFilteringConfig' is_enabled: description: Whether or not the Cloud Cost Management account is enabled. example: true type: boolean type: object AwsCURConfigPatchRequestType: default: aws_cur_config_patch_request description: Type of AWS CUR config Patch Request. enum: - aws_cur_config_patch_request example: aws_cur_config_patch_request type: string x-enum-varnames: - AWS_CUR_CONFIG_PATCH_REQUEST AwsCURConfigPostData: description: AWS CUR config Post data. properties: attributes: $ref: '#/components/schemas/AwsCURConfigPostRequestAttributes' type: $ref: '#/components/schemas/AwsCURConfigPostRequestType' required: - attributes - type type: object AwsCURConfigPostRequest: description: AWS CUR config Post Request. properties: data: $ref: '#/components/schemas/AwsCURConfigPostData' required: - data type: object AwsCURConfigPostRequestAttributes: description: Attributes for AWS CUR config Post Request. properties: account_filters: $ref: '#/components/schemas/AccountFilteringConfig' account_id: description: The AWS account ID. example: '123456789123' type: string bucket_name: description: The AWS bucket name used to store the Cost and Usage Report. example: dd-cost-bucket type: string bucket_region: description: The region the bucket is located in. example: us-east-1 type: string is_enabled: description: Whether or not the Cloud Cost Management account is enabled. type: boolean months: description: The month of the report. format: int32 maximum: 36 type: integer report_name: description: The name of the Cost and Usage Report. example: dd-report-name type: string report_prefix: description: The report prefix used for the Cost and Usage Report. example: dd-report-prefix type: string required: - account_id - bucket_name - report_name - report_prefix type: object AwsCURConfigPostRequestType: default: aws_cur_config_post_request description: Type of AWS CUR config Post Request. enum: - aws_cur_config_post_request example: aws_cur_config_post_request type: string x-enum-varnames: - AWS_CUR_CONFIG_POST_REQUEST AwsCURConfigResponse: description: Response of AWS CUR config. properties: data: $ref: '#/components/schemas/AwsCURConfig' type: object AwsCURConfigType: default: aws_cur_config description: Type of AWS CUR config. enum: - aws_cur_config example: aws_cur_config type: string x-enum-varnames: - AWS_CUR_CONFIG AwsCURConfigsResponse: description: List of AWS CUR configs. properties: data: description: An AWS CUR config. items: $ref: '#/components/schemas/AwsCURConfig' type: array type: object AwsOnDemandAttributes: description: Attributes for the AWS on demand task. properties: arn: description: The arn of the resource to scan. example: arn:aws:ec2:us-east-1:727000456123:instance/i-0eabb50529b67a1ba type: string assigned_at: description: Specifies the assignment timestamp if the task has been already assigned to a scanner. example: '2025-02-11T18:25:04.550564Z' type: string created_at: description: The task submission timestamp. example: '2025-02-11T18:13:24.576915Z' type: string status: description: 'Indicates the status of the task. QUEUED: the task has been submitted successfully and the resource has not been assigned to a scanner yet. ASSIGNED: the task has been assigned. ABORTED: the scan has been aborted after a period of time due to technical reasons, such as resource not found, insufficient permissions, or the absence of a configured scanner.' example: QUEUED type: string type: object AwsOnDemandCreateAttributes: description: Attributes for the AWS on demand task. properties: arn: description: The arn of the resource to scan. Agentless supports the scan of EC2 instances, lambda functions, AMI, ECR, RDS and S3 buckets. example: arn:aws:ec2:us-east-1:727000456123:instance/i-0eabb50529b67a1ba type: string required: - arn type: object AwsOnDemandCreateData: description: Object for a single AWS on demand task. properties: attributes: $ref: '#/components/schemas/AwsOnDemandCreateAttributes' type: $ref: '#/components/schemas/AwsOnDemandType' required: - type - attributes type: object AwsOnDemandCreateRequest: description: Request object that includes the on demand task to submit. properties: data: $ref: '#/components/schemas/AwsOnDemandCreateData' required: - data type: object AwsOnDemandData: description: Single AWS on demand task. properties: attributes: $ref: '#/components/schemas/AwsOnDemandAttributes' id: description: The UUID of the task. example: 6d09294c-9ad9-42fd-a759-a0c1599b4828 type: string type: $ref: '#/components/schemas/AwsOnDemandType' type: object AwsOnDemandListResponse: description: Response object that includes a list of AWS on demand tasks. properties: data: description: A list of on demand tasks. items: $ref: '#/components/schemas/AwsOnDemandData' type: array type: object AwsOnDemandResponse: description: Response object that includes an AWS on demand task. properties: data: $ref: '#/components/schemas/AwsOnDemandData' type: object AwsOnDemandType: default: aws_resource description: The type of the on demand task. The value should always be `aws_resource`. enum: - aws_resource example: aws_resource type: string x-enum-varnames: - AWS_RESOURCE AwsScanOptionsAttributes: description: Attributes for the AWS scan options. properties: lambda: description: Indicates if scanning of Lambda functions is enabled. example: true type: boolean sensitive_data: description: Indicates if scanning for sensitive data is enabled. example: false type: boolean vuln_containers_os: description: Indicates if scanning for vulnerabilities in containers is enabled. example: true type: boolean vuln_host_os: description: Indicates if scanning for vulnerabilities in hosts is enabled. example: true type: boolean type: object AwsScanOptionsCreateAttributes: description: Attributes for the AWS scan options to create. properties: lambda: description: Indicates if scanning of Lambda functions is enabled. example: true type: boolean sensitive_data: description: Indicates if scanning for sensitive data is enabled. example: false type: boolean vuln_containers_os: description: Indicates if scanning for vulnerabilities in containers is enabled. example: true type: boolean vuln_host_os: description: Indicates if scanning for vulnerabilities in hosts is enabled. example: true type: boolean required: - lambda - sensitive_data - vuln_containers_os - vuln_host_os type: object AwsScanOptionsCreateData: description: Object for the scan options of a single AWS account. properties: attributes: $ref: '#/components/schemas/AwsScanOptionsCreateAttributes' id: $ref: '#/components/schemas/AwsAccountId' type: $ref: '#/components/schemas/AwsScanOptionsType' required: - id - type - attributes type: object AwsScanOptionsCreateRequest: description: Request object that includes the scan options to create. properties: data: $ref: '#/components/schemas/AwsScanOptionsCreateData' required: - data type: object AwsScanOptionsData: description: Single AWS Scan Options entry. properties: attributes: $ref: '#/components/schemas/AwsScanOptionsAttributes' id: description: The ID of the AWS account. example: '184366314700' type: string type: $ref: '#/components/schemas/AwsScanOptionsType' type: object AwsScanOptionsListResponse: description: Response object that includes a list of AWS scan options. properties: data: description: A list of AWS scan options. items: $ref: '#/components/schemas/AwsScanOptionsData' type: array type: object AwsScanOptionsResponse: description: Response object that includes the scan options of an AWS account. properties: data: $ref: '#/components/schemas/AwsScanOptionsData' type: object AwsScanOptionsType: default: aws_scan_options description: The type of the resource. The value should always be `aws_scan_options`. enum: - aws_scan_options example: aws_scan_options type: string x-enum-varnames: - AWS_SCAN_OPTIONS AwsScanOptionsUpdateAttributes: description: Attributes for the AWS scan options to update. properties: lambda: description: Indicates if scanning of Lambda functions is enabled. example: true type: boolean sensitive_data: description: Indicates if scanning for sensitive data is enabled. example: false type: boolean vuln_containers_os: description: Indicates if scanning for vulnerabilities in containers is enabled. example: true type: boolean vuln_host_os: description: Indicates if scanning for vulnerabilities in hosts is enabled. example: true type: boolean type: object AwsScanOptionsUpdateData: description: Object for the scan options of a single AWS account. properties: attributes: $ref: '#/components/schemas/AwsScanOptionsUpdateAttributes' id: $ref: '#/components/schemas/AwsAccountId' type: $ref: '#/components/schemas/AwsScanOptionsType' required: - id - type - attributes type: object AwsScanOptionsUpdateRequest: description: Request object that includes the scan options to update. properties: data: $ref: '#/components/schemas/AwsScanOptionsUpdateData' required: - data type: object AzureStorageDestination: description: The `azure_storage` destination forwards logs to an Azure Blob Storage container. properties: blob_prefix: description: Optional prefix for blobs written to the container. example: logs/ type: string container_name: description: The name of the Azure Blob Storage container to store logs in. example: my-log-container type: string id: description: The unique identifier for this component. example: azure-storage-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - processor-id items: type: string type: array type: $ref: '#/components/schemas/AzureStorageDestinationType' required: - id - type - inputs - container_name type: object AzureStorageDestinationType: default: azure_storage description: The destination type. The value should always be `azure_storage`. enum: - azure_storage example: azure_storage type: string x-enum-varnames: - AZURE_STORAGE AzureUCConfig: description: Azure config. properties: account_id: description: The tenant ID of the azure account. example: 1234abcd-1234-abcd-1234-1234abcd1234 type: string client_id: description: The client ID of the Azure account. example: 1234abcd-1234-abcd-1234-1234abcd1234 type: string created_at: description: The timestamp when the Azure config was created. pattern: ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{6}$ type: string dataset_type: description: The dataset type of the Azure config. example: actual type: string error_messages: description: The error messages for the Azure config. items: type: string type: array export_name: description: The name of the configured Azure Export. example: dd-actual-export type: string export_path: description: The path where the Azure Export is saved. example: dd-export-path type: string id: description: The ID of the Azure config. format: int64 type: integer months: deprecated: true description: The number of months the report has been backfilled. format: int32 maximum: 36 type: integer scope: description: The scope of your observed subscription. example: /subscriptions/1234abcd-1234-abcd-1234-1234abcd1234 type: string status: description: The status of the Azure config. example: active type: string status_updated_at: description: The timestamp when the Azure config status was last updated. pattern: ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{6}$ type: string storage_account: description: The name of the storage account where the Azure Export is saved. example: dd-storage-account type: string storage_container: description: The name of the storage container where the Azure Export is saved. example: dd-storage-container type: string updated_at: description: The timestamp when the Azure config was last updated. pattern: ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{6}$ type: string required: - account_id - client_id - dataset_type - export_name - export_path - scope - status - storage_account - storage_container type: object AzureUCConfigPair: description: Azure config pair. properties: attributes: $ref: '#/components/schemas/AzureUCConfigPairAttributes' id: description: The ID of Cloud Cost Management account. format: int64 type: integer type: $ref: '#/components/schemas/AzureUCConfigPairType' required: - attributes - type type: object AzureUCConfigPairAttributes: description: Attributes for Azure config pair. properties: configs: description: An Azure config. items: $ref: '#/components/schemas/AzureUCConfig' type: array id: description: The ID of the Azure config pair. format: int64 type: integer required: - configs type: object AzureUCConfigPairType: default: azure_uc_configs description: Type of Azure config pair. enum: - azure_uc_configs example: azure_uc_configs type: string x-enum-varnames: - AZURE_UC_CONFIGS AzureUCConfigPairsResponse: description: Response of Azure config pair. properties: data: $ref: '#/components/schemas/AzureUCConfigPair' type: object AzureUCConfigPatchData: description: Azure config Patch data. properties: attributes: $ref: '#/components/schemas/AzureUCConfigPatchRequestAttributes' type: $ref: '#/components/schemas/AzureUCConfigPatchRequestType' required: - attributes - type type: object AzureUCConfigPatchRequest: description: Azure config Patch Request. properties: data: $ref: '#/components/schemas/AzureUCConfigPatchData' required: - data type: object AzureUCConfigPatchRequestAttributes: description: Attributes for Azure config Patch Request. properties: is_enabled: description: Whether or not the Cloud Cost Management account is enabled. example: true type: boolean required: - is_enabled type: object AzureUCConfigPatchRequestType: default: azure_uc_config_patch_request description: Type of Azure config Patch Request. enum: - azure_uc_config_patch_request example: azure_uc_config_patch_request type: string x-enum-varnames: - AZURE_UC_CONFIG_PATCH_REQUEST AzureUCConfigPostData: description: Azure config Post data. properties: attributes: $ref: '#/components/schemas/AzureUCConfigPostRequestAttributes' type: $ref: '#/components/schemas/AzureUCConfigPostRequestType' required: - attributes - type type: object AzureUCConfigPostRequest: description: Azure config Post Request. properties: data: $ref: '#/components/schemas/AzureUCConfigPostData' required: - data type: object AzureUCConfigPostRequestAttributes: description: Attributes for Azure config Post Request. properties: account_id: description: The tenant ID of the azure account. example: 1234abcd-1234-abcd-1234-1234abcd1234 type: string actual_bill_config: $ref: '#/components/schemas/BillConfig' amortized_bill_config: $ref: '#/components/schemas/BillConfig' client_id: description: The client ID of the azure account. example: 1234abcd-1234-abcd-1234-1234abcd1234 type: string is_enabled: description: Whether or not the Cloud Cost Management account is enabled. type: boolean scope: description: The scope of your observed subscription. example: /subscriptions/1234abcd-1234-abcd-1234-1234abcd1234 type: string required: - account_id - actual_bill_config - amortized_bill_config - client_id - scope type: object AzureUCConfigPostRequestType: default: azure_uc_config_post_request description: Type of Azure config Post Request. enum: - azure_uc_config_post_request example: azure_uc_config_post_request type: string x-enum-varnames: - AZURE_UC_CONFIG_POST_REQUEST AzureUCConfigsResponse: description: List of Azure accounts with configs. properties: data: description: An Azure config pair. items: $ref: '#/components/schemas/AzureUCConfigPair' type: array type: object BillConfig: description: Bill config. properties: export_name: description: The name of the configured Azure Export. example: dd-actual-export type: string export_path: description: The path where the Azure Export is saved. example: dd-export-path type: string storage_account: description: The name of the storage account where the Azure Export is saved. example: dd-storage-account type: string storage_container: description: The name of the storage container where the Azure Export is saved. example: dd-storage-container type: string required: - export_name - export_path - storage_account - storage_container type: object BillingDimensionsMappingBody: description: Billing dimensions mapping data. items: $ref: '#/components/schemas/BillingDimensionsMappingBodyItem' type: array BillingDimensionsMappingBodyItem: description: The mapping data for each billing dimension. properties: attributes: $ref: '#/components/schemas/BillingDimensionsMappingBodyItemAttributes' id: description: ID of the billing dimension. type: string type: $ref: '#/components/schemas/ActiveBillingDimensionsType' type: object BillingDimensionsMappingBodyItemAttributes: description: Mapping of billing dimensions to endpoint keys. properties: endpoints: description: List of supported endpoints with their keys mapped to the billing_dimension. items: $ref: '#/components/schemas/BillingDimensionsMappingBodyItemAttributesEndpointsItems' type: array in_app_label: description: Label used for the billing dimension in the Plan & Usage charts. example: APM Hosts type: string timestamp: description: 'Month in ISO-8601 format, UTC, and precise to the second: `[YYYY-MM-DDThh:mm:ss]`.' format: date-time type: string type: object BillingDimensionsMappingBodyItemAttributesEndpointsItems: description: An endpoint's keys mapped to the billing_dimension. properties: id: description: The URL for the endpoint. example: api/v1/usage/billable-summary type: string keys: description: The billing dimension. example: - apm_host_top99p - apm_host_sum items: example: apm_host_top99p type: string type: array status: $ref: '#/components/schemas/BillingDimensionsMappingBodyItemAttributesEndpointsItemsStatus' type: object BillingDimensionsMappingBodyItemAttributesEndpointsItemsStatus: description: Denotes whether mapping keys were available for this endpoint. enum: - OK - NOT_FOUND type: string x-enum-varnames: - OK - NOT_FOUND BillingDimensionsMappingResponse: description: Billing dimensions mapping response. properties: data: $ref: '#/components/schemas/BillingDimensionsMappingBody' type: object Budget: description: A budget. properties: attributes: $ref: '#/components/schemas/BudgetAttributes' id: description: The id of the budget. type: string type: description: The type of the object, must be `budget`. type: string type: object BudgetArray: description: An array of budgets. example: data: - attributes: created_at: 1741011342772 created_by: user1 end_month: 202502 metrics_query: aws.cost.amortized{service:ec2} by {service} name: my budget org_id: 123 start_month: 202501 total_amount: 1000 updated_at: 1741011342772 updated_by: user2 id: 00000000-0a0a-0a0a-aaa0-00000000000a type: budget properties: data: description: The `BudgetArray` `data`. items: $ref: '#/components/schemas/Budget' type: array type: object BudgetAttributes: description: The attributes of a budget. properties: created_at: description: The timestamp when the budget was created. example: 1738258683590 format: int64 type: integer created_by: description: The id of the user that created the budget. example: 00000000-0a0a-0a0a-aaa0-00000000000a type: string end_month: description: The month when the budget ends. example: 202502 format: int64 type: integer entries: description: The entries of the budget. items: $ref: '#/components/schemas/BudgetEntry' type: array metrics_query: description: The cost query used to track against the budget. example: aws.cost.amortized{service:ec2} by {service} type: string name: description: The name of the budget. example: my budget type: string org_id: description: The id of the org the budget belongs to. example: 123 format: int64 type: integer start_month: description: The month when the budget starts. example: 202501 format: int64 type: integer total_amount: description: The sum of all budget entries' amounts. example: 1000 format: double type: number updated_at: description: The timestamp when the budget was last updated. example: 1738258683590 format: int64 type: integer updated_by: description: The id of the user that created the budget. example: 00000000-0a0a-0a0a-aaa0-00000000000a type: string type: object BudgetEntry: description: The entry of a budget. properties: amount: description: The `amount` of the budget entry. example: 500 format: double type: number month: description: The `month` of the budget entry. example: 202501 format: int64 type: integer tag_filters: description: The `tag_filters` of the budget entry. items: $ref: '#/components/schemas/TagFilter' type: array type: object BudgetWithEntries: description: The definition of the `BudgetWithEntries` object. properties: data: $ref: '#/components/schemas/BudgetWithEntriesData' type: object BudgetWithEntriesData: description: A budget and all its entries. properties: attributes: $ref: '#/components/schemas/BudgetAttributes' id: description: The `BudgetWithEntriesData` `id`. example: 00000000-0a0a-0a0a-aaa0-00000000000a type: string type: description: The type of the object, must be `budget`. type: string type: object BulkMuteFindingsRequest: description: The new bulk mute finding request. properties: data: $ref: '#/components/schemas/BulkMuteFindingsRequestData' required: - data type: object BulkMuteFindingsRequestAttributes: additionalProperties: false description: The mute properties to be updated. properties: mute: $ref: '#/components/schemas/BulkMuteFindingsRequestProperties' required: - mute type: object BulkMuteFindingsRequestData: description: Data object containing the new bulk mute properties of the finding. properties: attributes: $ref: '#/components/schemas/BulkMuteFindingsRequestAttributes' id: description: UUID to identify the request example: dbe5f567-192b-4404-b908-29b70e1c9f76 type: string meta: $ref: '#/components/schemas/BulkMuteFindingsRequestMeta' type: $ref: '#/components/schemas/FindingType' required: - id - type - attributes - meta type: object BulkMuteFindingsRequestMeta: description: Meta object containing the findings to be updated. properties: findings: description: Array of findings. items: $ref: '#/components/schemas/BulkMuteFindingsRequestMetaFindings' type: array type: object BulkMuteFindingsRequestMetaFindings: description: Finding object containing the finding information. properties: finding_id: $ref: '#/components/schemas/FindingID' type: object BulkMuteFindingsRequestProperties: additionalProperties: false description: Object containing the new mute properties of the findings. properties: description: description: Additional information about the reason why those findings are muted or unmuted. This field has a maximum limit of 280 characters. type: string expiration_date: description: 'The expiration date of the mute or unmute action (Unix ms). It must be set to a value greater than the current timestamp. If this field is not provided, the finding will be muted or unmuted indefinitely, which is equivalent to setting the expiration date to 9999999999999. ' example: 1778721573794 format: int64 type: integer muted: description: Whether those findings should be muted or unmuted. example: true type: boolean reason: $ref: '#/components/schemas/FindingMuteReason' required: - muted - reason type: object BulkMuteFindingsResponse: description: The expected response schema. properties: data: $ref: '#/components/schemas/BulkMuteFindingsResponseData' required: - data type: object BulkMuteFindingsResponseData: description: Data object containing the ID of the request that was updated. properties: id: description: UUID used to identify the request example: 93bfeb70-af47-424d-908a-948d3f08e37f type: string type: $ref: '#/components/schemas/FindingType' type: object CIAppAggregateBucketValue: description: A bucket value, can either be a timeseries or a single value. oneOf: - $ref: '#/components/schemas/CIAppAggregateBucketValueSingleString' - $ref: '#/components/schemas/CIAppAggregateBucketValueSingleNumber' - $ref: '#/components/schemas/CIAppAggregateBucketValueTimeseries' CIAppAggregateBucketValueSingleNumber: description: A single number value. format: double type: number CIAppAggregateBucketValueSingleString: description: A single string value. type: string CIAppAggregateBucketValueTimeseries: description: A timeseries array. items: $ref: '#/components/schemas/CIAppAggregateBucketValueTimeseriesPoint' type: array x-generate-alias-as-model: true CIAppAggregateBucketValueTimeseriesPoint: description: A timeseries point. properties: time: description: The time value for this point. example: '2020-06-08T11:55:00.123Z' format: date-time type: string value: description: The value for this point. example: 19 format: double type: number type: object CIAppAggregateSort: description: A sort rule. The `aggregation` field is required when `type` is `measure`. example: aggregation: count order: asc properties: aggregation: $ref: '#/components/schemas/CIAppAggregationFunction' metric: description: The metric to sort by (only used for `type=measure`). example: '@duration' type: string order: $ref: '#/components/schemas/CIAppSortOrder' type: $ref: '#/components/schemas/CIAppAggregateSortType' type: object CIAppAggregateSortType: default: alphabetical description: The type of sorting algorithm. enum: - alphabetical - measure type: string x-enum-varnames: - ALPHABETICAL - MEASURE CIAppAggregationFunction: description: An aggregation function. enum: - count - cardinality - pc75 - pc90 - pc95 - pc98 - pc99 - sum - min - max - avg - median - latest - earliest - most_frequent - delta example: pc90 type: string x-enum-varnames: - COUNT - CARDINALITY - PERCENTILE_75 - PERCENTILE_90 - PERCENTILE_95 - PERCENTILE_98 - PERCENTILE_99 - SUM - MIN - MAX - AVG - MEDIAN - LATEST - EARLIEST - MOST_FREQUENT - DELTA CIAppCIError: description: Contains information of the CI error. nullable: true properties: domain: $ref: '#/components/schemas/CIAppCIErrorDomain' message: description: Error message. maxLength: 5000 nullable: true type: string stack: description: The stack trace of the reported errors. nullable: true type: string type: description: Short description of the error type. maxLength: 100 nullable: true type: string type: object CIAppCIErrorDomain: description: Error category used to differentiate between issues related to the developer or provider environments. enum: - provider - user - unknown type: string x-enum-varnames: - PROVIDER - USER - UNKNOWN CIAppCompute: description: A compute rule to compute metrics or timeseries. properties: aggregation: $ref: '#/components/schemas/CIAppAggregationFunction' interval: description: 'The time buckets'' size (only used for type=timeseries) Defaults to a resolution of 150 points.' example: 5m type: string metric: description: The metric to use. example: '@duration' type: string type: $ref: '#/components/schemas/CIAppComputeType' required: - aggregation type: object CIAppComputeType: default: total description: The type of compute. enum: - timeseries - total type: string x-enum-varnames: - TIMESERIES - TOTAL CIAppComputes: additionalProperties: $ref: '#/components/schemas/CIAppAggregateBucketValue' description: A map of the metric name to value for regular compute, or a list of values for a timeseries. type: object CIAppCreatePipelineEventRequest: description: Request object. properties: data: $ref: '#/components/schemas/CIAppCreatePipelineEventRequestData' type: object CIAppCreatePipelineEventRequestAttributes: description: Attributes of the pipeline event to create. properties: env: description: The Datadog environment. type: string provider_name: description: The name of the CI provider. By default, this is "custom". type: string resource: $ref: '#/components/schemas/CIAppCreatePipelineEventRequestAttributesResource' service: description: If the CI provider is SaaS, use this to differentiate between instances. type: string required: - resource type: object CIAppCreatePipelineEventRequestAttributesResource: description: Details of the CI pipeline event. example: Details TBD oneOf: - $ref: '#/components/schemas/CIAppPipelineEventPipeline' - $ref: '#/components/schemas/CIAppPipelineEventStage' - $ref: '#/components/schemas/CIAppPipelineEventJob' - $ref: '#/components/schemas/CIAppPipelineEventStep' CIAppCreatePipelineEventRequestData: description: Data of the pipeline event to create. properties: attributes: $ref: '#/components/schemas/CIAppCreatePipelineEventRequestAttributes' type: $ref: '#/components/schemas/CIAppCreatePipelineEventRequestDataType' type: object CIAppCreatePipelineEventRequestDataType: default: cipipeline_resource_request description: Type of the event. enum: - cipipeline_resource_request example: cipipeline_resource_request type: string x-enum-varnames: - CIPIPELINE_RESOURCE_REQUEST CIAppEventAttributes: description: JSON object containing all event attributes and their associated values. properties: attributes: additionalProperties: {} description: JSON object of attributes from CI Visibility test events. example: customAttribute: 123 duration: 2345 type: object tags: $ref: '#/components/schemas/TagsEventAttribute' test_level: $ref: '#/components/schemas/CIAppTestLevel' type: object CIAppGitInfo: description: 'If pipelines are triggered due to actions to a Git repository, then all payloads must contain this. Note that either `tag` or `branch` has to be provided, but not both.' nullable: true properties: author_email: description: The commit author email. example: author@example.com type: string author_name: description: The commit author name. example: John Doe nullable: true type: string author_time: description: The commit author timestamp in RFC3339 format. example: '2023-05-31T15:30:00Z' nullable: true type: string branch: description: The branch name (if a tag use the tag parameter). example: feature-1 nullable: true type: string commit_time: description: The commit timestamp in RFC3339 format. example: '2023-05-31T15:30:00Z' nullable: true type: string committer_email: description: The committer email. example: committer@example.com nullable: true type: string committer_name: description: The committer name. nullable: true type: string default_branch: description: The Git repository's default branch. example: main nullable: true type: string message: description: The commit message. example: Instrumenting tests with CI Visibility. nullable: true type: string repository_url: description: The URL of the repository. example: https://github.com/username/repository type: string sha: description: The git commit SHA. example: da39a3ee5e6b4b0d3255bfef95601890afd80709 pattern: ^[a-fA-F0-9]{40}$ type: string tag: description: The tag name (if a branch use the branch parameter). example: v1.0.0 nullable: true type: string required: - repository_url - sha - author_email type: object CIAppGroupByHistogram: description: 'Used to perform a histogram computation (only for measure facets). At most, 100 buckets are allowed, the number of buckets is `(max - min)/interval`.' properties: interval: description: The bin size of the histogram buckets. example: 10 format: double type: number max: description: 'The maximum value for the measure used in the histogram (values greater than this one are filtered out).' example: 100 format: double type: number min: description: 'The minimum value for the measure used in the histogram (values smaller than this one are filtered out).' example: 50 format: double type: number required: - interval - min - max type: object CIAppGroupByMissing: description: The value to use for logs that don't have the facet used to group-by. oneOf: - $ref: '#/components/schemas/CIAppGroupByMissingString' - $ref: '#/components/schemas/CIAppGroupByMissingNumber' CIAppGroupByMissingNumber: description: The missing value to use if there is a number valued facet. format: double type: number CIAppGroupByMissingString: description: The missing value to use if there is a string valued facet. type: string CIAppGroupByTotal: default: false description: A resulting object to put the given computes in over all the matching records. oneOf: - $ref: '#/components/schemas/CIAppGroupByTotalBoolean' - $ref: '#/components/schemas/CIAppGroupByTotalString' - $ref: '#/components/schemas/CIAppGroupByTotalNumber' CIAppGroupByTotalBoolean: description: If set to true, creates an additional bucket labeled "$facet_total". type: boolean CIAppGroupByTotalNumber: description: A number to use as the key value for the total bucket. format: double type: number CIAppGroupByTotalString: description: A string to use as the key value for the total bucket. type: string CIAppHostInfo: description: Contains information of the host running the pipeline, stage, job, or step. nullable: true properties: hostname: description: FQDN of the host. example: www.example.com type: string labels: description: A list of labels used to select or identify the node. example: - ubuntu-18.04 - n2.large items: type: string type: array name: description: Name for the host. type: string workspace: description: The path where the code is checked out. example: /home/workspace/code/my-repo type: string type: object CIAppPipelineEvent: description: Object description of a pipeline event after being processed and stored by Datadog. properties: attributes: $ref: '#/components/schemas/CIAppPipelineEventAttributes' id: description: Unique ID of the event. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: '#/components/schemas/CIAppPipelineEventTypeName' type: object CIAppPipelineEventAttributes: description: JSON object containing all event attributes and their associated values. properties: attributes: additionalProperties: {} description: JSON object of attributes from CI Visibility pipeline events. example: customAttribute: 123 duration: 2345 type: object ci_level: $ref: '#/components/schemas/CIAppPipelineLevel' tags: $ref: '#/components/schemas/TagsEventAttribute' type: object CIAppPipelineEventFinishedPipeline: description: Details of a finished pipeline. properties: end: description: Time when the pipeline run finished. It cannot be older than 18 hours in the past from the current time. The time format must be RFC3339. example: '2023-05-31T15:30:00Z' format: date-time type: string error: $ref: '#/components/schemas/CIAppCIError' git: $ref: '#/components/schemas/CIAppGitInfo' is_manual: description: Whether or not the pipeline was triggered manually by the user. example: false nullable: true type: boolean is_resumed: description: Whether or not the pipeline was resumed after being blocked. example: false nullable: true type: boolean level: $ref: '#/components/schemas/CIAppPipelineEventPipelineLevel' metrics: $ref: '#/components/schemas/CIAppPipelineEventMetrics' name: description: Name of the pipeline. All pipeline runs for the builds should have the same name. example: Deploy to AWS type: string node: $ref: '#/components/schemas/CIAppHostInfo' parameters: $ref: '#/components/schemas/CIAppPipelineEventParameters' parent_pipeline: $ref: '#/components/schemas/CIAppPipelineEventParentPipeline' partial_retry: description: 'Whether or not the pipeline was a partial retry of a previous attempt. A partial retry is one which only runs a subset of the original jobs.' example: false type: boolean pipeline_id: description: 'Any ID used in the provider to identify the pipeline run even if it is not unique across retries. If the `pipeline_id` is unique, then both `unique_id` and `pipeline_id` can be set to the same value.' example: '#023' type: string previous_attempt: $ref: '#/components/schemas/CIAppPipelineEventPreviousPipeline' queue_time: description: The queue time in milliseconds, if applicable. example: 1004 format: int64 minimum: 0 nullable: true type: integer start: description: Time when the pipeline run started (it should not include any queue time). The time format must be RFC3339. example: '2023-05-31T15:30:00Z' format: date-time type: string status: $ref: '#/components/schemas/CIAppPipelineEventPipelineStatus' tags: $ref: '#/components/schemas/CIAppPipelineEventTags' unique_id: description: 'UUID of the pipeline run. The ID has to be unique across retries and pipelines, including partial retries.' example: 3eacb6f3-ff04-4e10-8a9c-46e6d054024a type: string url: description: The URL to look at the pipeline in the CI provider UI. example: https://my-ci-provider.example/pipelines/my-pipeline/run/1 type: string required: - level - unique_id - name - url - start - end - status - partial_retry type: object CIAppPipelineEventInProgressPipeline: description: Details of a running pipeline. properties: error: $ref: '#/components/schemas/CIAppCIError' git: $ref: '#/components/schemas/CIAppGitInfo' is_manual: description: Whether or not the pipeline was triggered manually by the user. example: false nullable: true type: boolean is_resumed: description: Whether or not the pipeline was resumed after being blocked. example: false nullable: true type: boolean level: $ref: '#/components/schemas/CIAppPipelineEventPipelineLevel' metrics: $ref: '#/components/schemas/CIAppPipelineEventMetrics' name: description: Name of the pipeline. All pipeline runs for the builds should have the same name. example: Deploy to AWS type: string node: $ref: '#/components/schemas/CIAppHostInfo' parameters: $ref: '#/components/schemas/CIAppPipelineEventParameters' parent_pipeline: $ref: '#/components/schemas/CIAppPipelineEventParentPipeline' partial_retry: description: 'Whether or not the pipeline was a partial retry of a previous attempt. A partial retry is one which only runs a subset of the original jobs.' example: false type: boolean pipeline_id: description: 'Any ID used in the provider to identify the pipeline run even if it is not unique across retries. If the `pipeline_id` is unique, then both `unique_id` and `pipeline_id` can be set to the same value.' example: '#023' type: string previous_attempt: $ref: '#/components/schemas/CIAppPipelineEventPreviousPipeline' queue_time: description: The queue time in milliseconds, if applicable. example: 1004 format: int64 minimum: 0 nullable: true type: integer start: description: Time when the pipeline run started (it should not include any queue time). The time format must be RFC3339. example: '2023-05-31T15:30:00Z' format: date-time type: string status: $ref: '#/components/schemas/CIAppPipelineEventPipelineInProgressStatus' tags: $ref: '#/components/schemas/CIAppPipelineEventTags' unique_id: description: UUID of the pipeline run. The ID has to be the same as the finished pipeline. example: 3eacb6f3-ff04-4e10-8a9c-46e6d054024a type: string url: description: The URL to look at the pipeline in the CI provider UI. example: https://my-ci-provider.example/pipelines/my-pipeline/run/1 type: string required: - level - unique_id - name - url - start - status - partial_retry type: object CIAppPipelineEventJob: description: Details of a CI job. properties: dependencies: description: A list of job IDs that this job depends on. example: - f7e6a006-a029-46c3-b0cc-742c9d7d363b - c8a69849-3c3b-4721-8b33-3e8ec2df1ebe items: description: A list of job IDs. type: string nullable: true type: array end: description: Time when the job run finished. The time format must be RFC3339. example: '2023-05-31T15:30:00Z' format: date-time type: string error: $ref: '#/components/schemas/CIAppCIError' git: $ref: '#/components/schemas/CIAppGitInfo' id: description: The UUID for the job. It has to be unique within each pipeline execution. example: c865bad4-de82-44b8-ade7-2c987528eb54 type: string level: $ref: '#/components/schemas/CIAppPipelineEventJobLevel' metrics: $ref: '#/components/schemas/CIAppPipelineEventMetrics' name: description: The name for the job. example: test type: string node: $ref: '#/components/schemas/CIAppHostInfo' parameters: $ref: '#/components/schemas/CIAppPipelineEventParameters' pipeline_name: description: The parent pipeline name. example: Build type: string pipeline_unique_id: description: The parent pipeline UUID. example: 76b572af-a078-42b2-a08a-cc28f98b944f type: string queue_time: description: The queue time in milliseconds, if applicable. example: 1004 format: int64 minimum: 0 nullable: true type: integer stage_id: description: The parent stage UUID (if applicable). nullable: true type: string stage_name: description: The parent stage name (if applicable). nullable: true type: string start: description: Time when the job run instance started (it should not include any queue time). The time format must be RFC3339. example: '2023-05-31T15:30:00Z' format: date-time type: string status: $ref: '#/components/schemas/CIAppPipelineEventJobStatus' tags: $ref: '#/components/schemas/CIAppPipelineEventTags' url: description: The URL to look at the job in the CI provider UI. example: https://ci-platform.com/job/your-job-name/build/123 type: string required: - level - id - name - pipeline_unique_id - pipeline_name - start - end - status - url type: object CIAppPipelineEventJobLevel: default: job description: Used to distinguish between pipelines, stages, jobs, and steps. enum: - job example: job type: string x-enum-varnames: - JOB CIAppPipelineEventJobStatus: description: The final status of the job. enum: - success - error - canceled - skipped example: success type: string x-enum-varnames: - SUCCESS - ERROR - CANCELED - SKIPPED CIAppPipelineEventMetrics: description: A list of user-defined metrics. The metrics must follow the `key:value` pattern and the value must be numeric. example: - bundle_size:370 - build_time:50021 items: description: Metrics in the form of `key:value`. The value needs to be numeric. type: string nullable: true type: array CIAppPipelineEventParameters: additionalProperties: type: string description: A map of key-value parameters or environment variables that were defined for the pipeline. example: LOG_LEVEL: debug nullable: true type: object CIAppPipelineEventParentPipeline: description: If the pipeline is triggered as child of another pipeline, this should contain the details of the parent pipeline. nullable: true properties: id: description: UUID of a pipeline. example: 93bfeb70-af47-424d-908a-948d3f08e37f type: string url: description: The URL to look at the pipeline in the CI provider UI. example: https://ci-platform.com/pipelines/123456789 type: string required: - id type: object CIAppPipelineEventPipeline: description: Details of the top level pipeline, build, or workflow of your CI. oneOf: - $ref: '#/components/schemas/CIAppPipelineEventFinishedPipeline' - $ref: '#/components/schemas/CIAppPipelineEventInProgressPipeline' CIAppPipelineEventPipelineInProgressStatus: description: The in progress status of the pipeline. enum: - running example: running type: string x-enum-varnames: - RUNNING CIAppPipelineEventPipelineLevel: default: pipeline description: Used to distinguish between pipelines, stages, jobs, and steps. enum: - pipeline example: pipeline type: string x-enum-varnames: - PIPELINE CIAppPipelineEventPipelineStatus: description: The final status of the pipeline. enum: - success - error - canceled - skipped - blocked example: success type: string x-enum-varnames: - SUCCESS - ERROR - CANCELED - SKIPPED - BLOCKED CIAppPipelineEventPreviousPipeline: description: If the pipeline is a retry, this should contain the details of the previous attempt. nullable: true properties: id: description: UUID of a pipeline. example: 93bfeb70-af47-424d-908a-948d3f08e37f type: string url: description: The URL to look at the pipeline in the CI provider UI. example: https://ci-platform.com/pipelines/123456789 type: string required: - id type: object CIAppPipelineEventStage: description: Details of a CI stage. properties: dependencies: description: A list of stage IDs that this stage depends on. example: - f7e6a006-a029-46c3-b0cc-742c9d7d363b - c8a69849-3c3b-4721-8b33-3e8ec2df1ebe items: description: A list of stage IDs. type: string nullable: true type: array end: description: Time when the stage run finished. The time format must be RFC3339. example: '2023-05-31T15:30:00Z' format: date-time type: string error: $ref: '#/components/schemas/CIAppCIError' git: $ref: '#/components/schemas/CIAppGitInfo' id: description: UUID for the stage. It has to be unique at least in the pipeline scope. example: 562bdbbb-7cab-48c8-851c-b24ca14628bf type: string level: $ref: '#/components/schemas/CIAppPipelineEventStageLevel' metrics: $ref: '#/components/schemas/CIAppPipelineEventMetrics' name: description: The name for the stage. example: build type: string node: $ref: '#/components/schemas/CIAppHostInfo' parameters: $ref: '#/components/schemas/CIAppPipelineEventParameters' pipeline_name: description: The parent pipeline name. example: Build type: string pipeline_unique_id: description: The parent pipeline UUID. example: 76b572af-a078-42b2-a08a-cc28f98b944f type: string queue_time: description: The queue time in milliseconds, if applicable. example: 1004 format: int64 minimum: 0 nullable: true type: integer start: description: Time when the stage run started (it should not include any queue time). The time format must be RFC3339. example: '2023-05-31T15:30:00Z' format: date-time type: string status: $ref: '#/components/schemas/CIAppPipelineEventStageStatus' tags: $ref: '#/components/schemas/CIAppPipelineEventTags' required: - level - id - name - pipeline_unique_id - pipeline_name - start - end - status type: object CIAppPipelineEventStageLevel: default: stage description: Used to distinguish between pipelines, stages, jobs and steps. enum: - stage example: stage type: string x-enum-varnames: - STAGE CIAppPipelineEventStageStatus: description: The final status of the stage. enum: - success - error - canceled - skipped example: success type: string x-enum-varnames: - SUCCESS - ERROR - CANCELED - SKIPPED CIAppPipelineEventStep: description: Details of a CI step. properties: end: description: Time when the step run finished. The time format must be RFC3339. example: '2023-05-31T15:30:00Z' format: date-time type: string error: $ref: '#/components/schemas/CIAppCIError' git: $ref: '#/components/schemas/CIAppGitInfo' id: description: UUID for the step. It has to be unique within each pipeline execution. example: c2d517a8-4f3a-4b41-b4ae-69df0c864c79 type: string job_id: description: The parent job UUID (if applicable). nullable: true type: string job_name: description: The parent job name (if applicable). nullable: true type: string level: $ref: '#/components/schemas/CIAppPipelineEventStepLevel' metrics: $ref: '#/components/schemas/CIAppPipelineEventMetrics' name: description: The name for the step. example: test-server type: string node: $ref: '#/components/schemas/CIAppHostInfo' parameters: $ref: '#/components/schemas/CIAppPipelineEventParameters' pipeline_name: description: The parent pipeline name. example: Build type: string pipeline_unique_id: description: The parent pipeline UUID. example: 76b572af-a078-42b2-a08a-cc28f98b944f type: string stage_id: description: The parent stage UUID (if applicable). nullable: true type: string stage_name: description: The parent stage name (if applicable). nullable: true type: string start: description: Time when the step run started. The time format must be RFC3339. example: '2023-05-31T15:30:00Z' format: date-time type: string status: $ref: '#/components/schemas/CIAppPipelineEventStepStatus' tags: $ref: '#/components/schemas/CIAppPipelineEventTags' url: description: The URL to look at the step in the CI provider UI. nullable: true type: string required: - level - id - name - pipeline_unique_id - pipeline_name - start - end - status type: object CIAppPipelineEventStepLevel: default: step description: Used to distinguish between pipelines, stages, jobs and steps. enum: - step example: step type: string x-enum-varnames: - STEP CIAppPipelineEventStepStatus: description: The final status of the step. enum: - success - error example: success type: string x-enum-varnames: - SUCCESS - ERROR CIAppPipelineEventTags: description: A list of user-defined tags. The tags must follow the `key:value` pattern. example: - team:backend - type:deployment items: description: Tags in the form of `key:value`. type: string nullable: true type: array CIAppPipelineEventTypeName: description: Type of the event. enum: - cipipeline example: cipipeline type: string x-enum-varnames: - CIPIPELINE CIAppPipelineEventsRequest: description: The request for a pipelines search. properties: filter: $ref: '#/components/schemas/CIAppPipelinesQueryFilter' options: $ref: '#/components/schemas/CIAppQueryOptions' page: $ref: '#/components/schemas/CIAppQueryPageOptions' sort: $ref: '#/components/schemas/CIAppSort' type: object CIAppPipelineEventsResponse: description: Response object with all pipeline events matching the request and pagination information. properties: data: description: Array of events matching the request. items: $ref: '#/components/schemas/CIAppPipelineEvent' type: array links: $ref: '#/components/schemas/CIAppResponseLinks' meta: $ref: '#/components/schemas/CIAppResponseMetadataWithPagination' type: object CIAppPipelineLevel: description: Pipeline execution level. enum: - pipeline - stage - job - step - custom example: pipeline type: string x-enum-varnames: - PIPELINE - STAGE - JOB - STEP - CUSTOM CIAppPipelinesAggregateRequest: description: The object sent with the request to retrieve aggregation buckets of pipeline events from your organization. properties: compute: description: The list of metrics or timeseries to compute for the retrieved buckets. items: $ref: '#/components/schemas/CIAppCompute' type: array filter: $ref: '#/components/schemas/CIAppPipelinesQueryFilter' group_by: description: The rules for the group-by. items: $ref: '#/components/schemas/CIAppPipelinesGroupBy' type: array options: $ref: '#/components/schemas/CIAppQueryOptions' type: object CIAppPipelinesAggregationBucketsResponse: description: The query results. properties: buckets: description: The list of matching buckets, one item per bucket. items: $ref: '#/components/schemas/CIAppPipelinesBucketResponse' type: array type: object CIAppPipelinesAnalyticsAggregateResponse: description: The response object for the pipeline events aggregate API endpoint. properties: data: $ref: '#/components/schemas/CIAppPipelinesAggregationBucketsResponse' links: $ref: '#/components/schemas/CIAppResponseLinks' meta: $ref: '#/components/schemas/CIAppResponseMetadata' type: object CIAppPipelinesBucketResponse: description: Bucket values. properties: by: additionalProperties: description: The values for each group-by. description: The key-value pairs for each group-by. example: '@ci.provider.name': gitlab '@ci.status': success type: object computes: $ref: '#/components/schemas/CIAppComputes' type: object CIAppPipelinesGroupBy: description: A group-by rule. properties: facet: description: The name of the facet to use (required). example: '@ci.status' type: string histogram: $ref: '#/components/schemas/CIAppGroupByHistogram' limit: default: 10 description: The maximum buckets to return for this group-by. format: int64 type: integer missing: $ref: '#/components/schemas/CIAppGroupByMissing' sort: $ref: '#/components/schemas/CIAppAggregateSort' total: $ref: '#/components/schemas/CIAppGroupByTotal' required: - facet type: object CIAppPipelinesQueryFilter: description: The search and filter query settings. properties: from: default: now-15m description: The minimum time for the requested events; supports date, math, and regular timestamps (in milliseconds). example: now-15m type: string query: default: '*' description: The search query following the CI Visibility Explorer search syntax. example: '@ci.provider.name:github AND @ci.status:error' type: string to: default: now description: The maximum time for the requested events, supports date, math, and regular timestamps (in milliseconds). example: now type: string type: object CIAppQueryOptions: description: 'Global query options that are used during the query. Only supply timezone or time offset, not both. Otherwise, the query fails.' properties: time_offset: description: The time offset (in seconds) to apply to the query. format: int64 type: integer timezone: default: UTC description: The timezone can be specified as GMT, UTC, an offset from UTC (like UTC+1), or as a Timezone Database identifier (like America/New_York). example: GMT type: string type: object CIAppQueryPageOptions: description: Paging attributes for listing events. properties: cursor: description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string limit: default: 10 description: Maximum number of events in the response. example: 25 format: int32 maximum: 1000 type: integer type: object CIAppResponseLinks: description: Links attributes. properties: next: description: 'Link for the next set of results. The request can also be made using the POST endpoint.' example: https://app.datadoghq.com/api/v2/ci/tests/events?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object CIAppResponseMetadata: description: The metadata associated with a request. properties: elapsed: description: The time elapsed in milliseconds. example: 132 format: int64 type: integer request_id: description: The identifier of the request. example: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR type: string status: $ref: '#/components/schemas/CIAppResponseStatus' warnings: description: 'A list of warnings (non-fatal errors) encountered. Partial results may return if warnings are present in the response.' items: $ref: '#/components/schemas/CIAppWarning' type: array type: object CIAppResponseMetadataWithPagination: description: The metadata associated with a request. properties: elapsed: description: The time elapsed in milliseconds. example: 132 format: int64 type: integer page: $ref: '#/components/schemas/CIAppResponsePage' request_id: description: The identifier of the request. example: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR type: string status: $ref: '#/components/schemas/CIAppResponseStatus' warnings: description: 'A list of warnings (non-fatal errors) encountered. Partial results may return if warnings are present in the response.' items: $ref: '#/components/schemas/CIAppWarning' type: array type: object CIAppResponsePage: description: Paging attributes. properties: after: description: The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of `page[cursor]`. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object CIAppResponseStatus: description: The status of the response. enum: - done - timeout example: done type: string x-enum-varnames: - DONE - TIMEOUT CIAppSort: description: Sort parameters when querying events. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING CIAppSortOrder: description: The order to use, ascending or descending. enum: - asc - desc example: asc type: string x-enum-varnames: - ASCENDING - DESCENDING CIAppTestEvent: description: Object description of test event after being processed and stored by Datadog. properties: attributes: $ref: '#/components/schemas/CIAppEventAttributes' id: description: Unique ID of the event. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: '#/components/schemas/CIAppTestEventTypeName' type: object CIAppTestEventTypeName: description: Type of the event. enum: - citest example: citest type: string x-enum-varnames: - CITEST CIAppTestEventsRequest: description: The request for a tests search. properties: filter: $ref: '#/components/schemas/CIAppTestsQueryFilter' options: $ref: '#/components/schemas/CIAppQueryOptions' page: $ref: '#/components/schemas/CIAppQueryPageOptions' sort: $ref: '#/components/schemas/CIAppSort' type: object CIAppTestEventsResponse: description: Response object with all test events matching the request and pagination information. properties: data: description: Array of events matching the request. items: $ref: '#/components/schemas/CIAppTestEvent' type: array links: $ref: '#/components/schemas/CIAppResponseLinks' meta: $ref: '#/components/schemas/CIAppResponseMetadataWithPagination' type: object CIAppTestLevel: description: Test run level. enum: - session - module - suite - test example: test type: string x-enum-varnames: - SESSION - MODULE - SUITE - TEST CIAppTestsAggregateRequest: description: The object sent with the request to retrieve aggregation buckets of test events from your organization. properties: compute: description: The list of metrics or timeseries to compute for the retrieved buckets. items: $ref: '#/components/schemas/CIAppCompute' type: array filter: $ref: '#/components/schemas/CIAppTestsQueryFilter' group_by: description: The rules for the group-by. items: $ref: '#/components/schemas/CIAppTestsGroupBy' type: array options: $ref: '#/components/schemas/CIAppQueryOptions' type: object CIAppTestsAggregationBucketsResponse: description: The query results. properties: buckets: description: The list of matching buckets, one item per bucket. items: $ref: '#/components/schemas/CIAppTestsBucketResponse' type: array type: object CIAppTestsAnalyticsAggregateResponse: description: The response object for the test events aggregate API endpoint. properties: data: $ref: '#/components/schemas/CIAppTestsAggregationBucketsResponse' links: $ref: '#/components/schemas/CIAppResponseLinks' meta: $ref: '#/components/schemas/CIAppResponseMetadataWithPagination' type: object CIAppTestsBucketResponse: description: Bucket values. properties: by: additionalProperties: description: The values for each group-by. description: The key-value pairs for each group-by. example: '@test.service': web-ui-tests '@test.status': skip type: object computes: $ref: '#/components/schemas/CIAppComputes' type: object CIAppTestsGroupBy: description: A group-by rule. properties: facet: description: The name of the facet to use (required). example: '@test.service' type: string histogram: $ref: '#/components/schemas/CIAppGroupByHistogram' limit: default: 10 description: The maximum buckets to return for this group-by. format: int64 type: integer missing: $ref: '#/components/schemas/CIAppGroupByMissing' sort: $ref: '#/components/schemas/CIAppAggregateSort' total: $ref: '#/components/schemas/CIAppGroupByTotal' required: - facet type: object CIAppTestsQueryFilter: description: The search and filter query settings. properties: from: default: now-15m description: The minimum time for the requested events; supports date, math, and regular timestamps (in milliseconds). example: now-15m type: string query: default: '*' description: The search query following the CI Visibility Explorer search syntax. example: '@test.service:web-ui-tests AND @test.status:fail' type: string to: default: now description: The maximum time for the requested events, supports date, math, and regular timestamps (in milliseconds). example: now type: string type: object CIAppWarning: description: A warning message indicating something that went wrong with the query. properties: code: description: A unique code for this type of warning. example: unknown_index type: string detail: description: A detailed explanation of this specific warning. example: 'indexes: foo, bar' type: string title: description: A short human-readable summary of the warning. example: One or several indexes are missing or invalid, results hold data from the other indexes type: string type: object CSMAgentsMetadata: description: Metadata related to the paginated response. properties: page_index: description: The index of the current page in the paginated results. example: 0 format: int64 type: integer page_size: description: The number of items per page in the paginated results. example: 10 format: int64 type: integer total_filtered: description: Total number of items that match the filter criteria. example: 128697 format: int64 type: integer type: object CSMAgentsType: default: datadog_agent description: The type of the resource. The value should always be `datadog_agent`. enum: - datadog_agent example: datadog_agent type: string x-enum-varnames: - DATADOG_AGENT CVSS: description: Vulnerability severity. properties: score: description: Vulnerability severity score. example: 4.5 format: double type: number severity: $ref: '#/components/schemas/VulnerabilitySeverity' vector: description: Vulnerability CVSS vector. example: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H type: string required: - score - severity - vector type: object CalculatedField: description: Calculated field. properties: expression: description: Expression. example: '@request_end_timestamp - @request_start_timestamp' type: string name: description: Field name. example: response_time type: string required: - name - expression type: object CancelDataDeletionResponseBody: description: The response from the cancel data deletion request endpoint. properties: data: $ref: '#/components/schemas/DataDeletionResponseItem' meta: $ref: '#/components/schemas/DataDeletionResponseMeta' type: object Case: description: A case properties: attributes: $ref: '#/components/schemas/CaseAttributes' id: description: Case's identifier example: aeadc05e-98a8-11ec-ac2c-da7ad0900001 type: string relationships: $ref: '#/components/schemas/CaseRelationships' type: $ref: '#/components/schemas/CaseResourceType' required: - id - type - attributes type: object Case3rdPartyTicketStatus: default: IN_PROGRESS description: Case status enum: - IN_PROGRESS - COMPLETED - FAILED example: COMPLETED readOnly: true type: string x-enum-varnames: - IN_PROGRESS - COMPLETED - FAILED CaseAssign: description: Case assign properties: attributes: $ref: '#/components/schemas/CaseAssignAttributes' type: $ref: '#/components/schemas/CaseResourceType' required: - attributes - type type: object CaseAssignAttributes: description: Case assign attributes properties: assignee_id: description: Assignee's UUID example: f98a5a5b-e0ff-45d4-b2f5-afe6e74de504 type: string required: - assignee_id type: object CaseAssignRequest: description: Case assign request properties: data: $ref: '#/components/schemas/CaseAssign' required: - data type: object CaseAttributes: description: Case attributes properties: archived_at: description: Timestamp of when the case was archived format: date-time nullable: true readOnly: true type: string closed_at: description: Timestamp of when the case was closed format: date-time nullable: true readOnly: true type: string created_at: description: Timestamp of when the case was created format: date-time readOnly: true type: string description: description: Description type: string jira_issue: $ref: '#/components/schemas/JiraIssue' key: description: Key example: CASEM-4523 type: string modified_at: description: Timestamp of when the case was last modified format: date-time nullable: true readOnly: true type: string priority: $ref: '#/components/schemas/CasePriority' service_now_ticket: $ref: '#/components/schemas/ServiceNowTicket' status: $ref: '#/components/schemas/CaseStatus' title: description: Title example: Memory leak investigation on API type: string type: $ref: '#/components/schemas/CaseType' type: object CaseCreate: description: Case creation data properties: attributes: $ref: '#/components/schemas/CaseCreateAttributes' relationships: $ref: '#/components/schemas/CaseCreateRelationships' type: $ref: '#/components/schemas/CaseResourceType' required: - attributes - type type: object CaseCreateAttributes: description: Case creation attributes properties: description: description: Description type: string priority: $ref: '#/components/schemas/CasePriority' title: description: Title example: Security breach investigation type: string type: $ref: '#/components/schemas/CaseType' required: - title - type type: object CaseCreateRelationships: description: Relationships formed with the case on creation properties: assignee: $ref: '#/components/schemas/NullableUserRelationship' project: $ref: '#/components/schemas/ProjectRelationship' required: - project type: object CaseCreateRequest: description: Case create request properties: data: $ref: '#/components/schemas/CaseCreate' required: - data type: object CaseEmpty: description: Case empty request data properties: type: $ref: '#/components/schemas/CaseResourceType' required: - type type: object CaseEmptyRequest: description: Case empty request properties: data: $ref: '#/components/schemas/CaseEmpty' required: - data type: object CasePriority: default: NOT_DEFINED description: Case priority enum: - NOT_DEFINED - P1 - P2 - P3 - P4 - P5 example: NOT_DEFINED type: string x-enum-varnames: - NOT_DEFINED - P1 - P2 - P3 - P4 - P5 CaseRelationships: description: Resources related to a case properties: assignee: $ref: '#/components/schemas/NullableUserRelationship' created_by: $ref: '#/components/schemas/NullableUserRelationship' modified_by: $ref: '#/components/schemas/NullableUserRelationship' project: $ref: '#/components/schemas/ProjectRelationship' type: object CaseResourceType: default: case description: Case resource type enum: - case example: case type: string x-enum-varnames: - CASE CaseResponse: description: Case response properties: data: $ref: '#/components/schemas/Case' type: object CaseSortableField: description: Case field that can be sorted on enum: - created_at - priority - status example: created_at type: string x-enum-varnames: - CREATED_AT - PRIORITY - STATUS CaseStatus: description: Case status enum: - OPEN - IN_PROGRESS - CLOSED example: OPEN type: string x-enum-varnames: - OPEN - IN_PROGRESS - CLOSED CaseTrigger: description: Trigger a workflow from a Case. For automatic triggering a handle must be configured and the workflow must be published. properties: rateLimit: $ref: '#/components/schemas/TriggerRateLimit' type: object CaseTriggerWrapper: description: Schema for a Case-based trigger. properties: caseTrigger: $ref: '#/components/schemas/CaseTrigger' startStepNames: $ref: '#/components/schemas/StartStepNames' required: - caseTrigger type: object CaseType: description: Case type enum: - STANDARD example: STANDARD type: string x-enum-varnames: - STANDARD CaseUpdatePriority: description: Case priority status properties: attributes: $ref: '#/components/schemas/CaseUpdatePriorityAttributes' type: $ref: '#/components/schemas/CaseResourceType' required: - attributes - type type: object CaseUpdatePriorityAttributes: description: Case update priority attributes properties: priority: $ref: '#/components/schemas/CasePriority' required: - priority type: object CaseUpdatePriorityRequest: description: Case update priority request properties: data: $ref: '#/components/schemas/CaseUpdatePriority' required: - data type: object CaseUpdateStatus: description: Case update status properties: attributes: $ref: '#/components/schemas/CaseUpdateStatusAttributes' type: $ref: '#/components/schemas/CaseResourceType' required: - attributes - type type: object CaseUpdateStatusAttributes: description: Case update status attributes properties: status: $ref: '#/components/schemas/CaseStatus' required: - status type: object CaseUpdateStatusRequest: description: Case update status request properties: data: $ref: '#/components/schemas/CaseUpdateStatus' required: - data type: object CasesResponse: description: Response with cases properties: data: description: Cases response data items: $ref: '#/components/schemas/Case' type: array meta: $ref: '#/components/schemas/CasesResponseMeta' type: object CasesResponseMeta: description: Cases response metadata properties: page: $ref: '#/components/schemas/CasesResponseMetaPagination' type: object CasesResponseMetaPagination: description: Pagination metadata properties: current: description: Current page number format: int64 type: integer size: description: Number of cases in current page format: int64 type: integer total: description: Total number of pages format: int64 type: integer type: object ChangeEventCustomAttributes: description: Object representing custom change event attributes. properties: author: $ref: '#/components/schemas/ChangeEventCustomAttributesAuthor' change_metadata: additionalProperties: {} description: Free form object with information related to the `change` event. Can be arbitrarily nested and contain any valid JSON. example: dd: team: datadog_team user_email: datadog@datadog.com user_id: datadog_user_id user_name: datadog_username resource_link: datadog.com/feature/fallback_payments_test type: object changed_resource: $ref: '#/components/schemas/ChangeEventCustomAttributesChangedResource' impacted_resources: description: 'A list of resources impacted by this change. It is recommended to provide an impacted resource to display the change event at the right location. Only resources of type `service` are supported.' example: - name: payments_api type: service items: $ref: '#/components/schemas/ChangeEventCustomAttributesImpactedResourcesItems' type: array new_value: additionalProperties: {} description: Free form object to track new value of the changed resource. example: enabled: true percentage: 50% rule: datacenter: devcycle.us1.prod type: object prev_value: additionalProperties: {} description: Free form object to track previous value of the changed resource. example: enabled: true percentage: 10% rule: datacenter: devcycle.us1.prod type: object required: - changed_resource type: object ChangeEventCustomAttributesAuthor: description: Object representing the entity which made the change. Optional field but if provided should include `type` and `name`. properties: name: description: Author's name. Limited to 128 characters. example: datadog@datadog.com maxLength: 128 type: string type: $ref: '#/components/schemas/ChangeEventCustomAttributesAuthorType' required: - name - type type: object ChangeEventCustomAttributesAuthorType: description: Author's type. enum: - user - system example: user type: string x-enum-varnames: - USER - SYSTEM ChangeEventCustomAttributesChangedResource: description: Object representing a uniquely identified resource. properties: name: description: Resource's name. example: fallback_payments_test type: string type: $ref: '#/components/schemas/ChangeEventCustomAttributesChangedResourceType' required: - type - name type: object ChangeEventCustomAttributesChangedResourceType: description: Resource's type. enum: - feature_flag - configuration example: feature_flag type: string x-enum-varnames: - FEATURE_FLAG - CONFIGURATION ChangeEventCustomAttributesImpactedResourcesItems: description: Object representing a uniquely identified resource. Only the resource type `service` is supported. properties: name: description: Resource's name. example: payments_api type: string type: $ref: '#/components/schemas/ChangeEventCustomAttributesImpactedResourcesItemsType' required: - type - name type: object ChangeEventCustomAttributesImpactedResourcesItemsType: description: Resource's type. enum: - service example: service type: string x-enum-varnames: - SERVICE ChangeEventTriggerWrapper: description: Schema for a Change Event-based trigger. properties: changeEventTrigger: description: Trigger a workflow from a Change Event. type: object startStepNames: $ref: '#/components/schemas/StartStepNames' required: - changeEventTrigger type: object ChargebackBreakdown: description: Charges breakdown. properties: charge_type: description: The type of charge for a particular product. example: on_demand type: string cost: description: The cost for a particular product and charge type during a given month. format: double type: number product_name: description: The product for which cost is being reported. example: infra_host type: string type: object CloudConfigurationComplianceRuleOptions: additionalProperties: {} description: 'Options for cloud_configuration rules. Fields `resourceType` and `regoRule` are mandatory when managing custom `cloud_configuration` rules. ' properties: complexRule: description: 'Whether the rule is a complex one. Must be set to true if `regoRule.resourceTypes` contains more than one item. Defaults to false. ' type: boolean regoRule: $ref: '#/components/schemas/CloudConfigurationRegoRule' resourceType: description: 'Main resource type to be checked by the rule. It should be specified again in `regoRule.resourceTypes`. ' example: aws_acm type: string type: object CloudConfigurationRegoRule: description: Rule details. properties: policy: description: 'The policy written in `rego`, see: https://www.openpolicyagent.org/docs/latest/policy-language/' example: "package datadog\n\nimport data.datadog.output as dd_output\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\neval(resource) = \"skip\" if {\n # Logic that evaluates to true if the resource should be skipped\n true\n} else = \"pass\" {\n # Logic that evaluates to true if the resource is compliant\n true\n} else = \"fail\" {\n # Logic that evaluates to true if the resource is not compliant\n true\n}\n\n# This part remains unchanged for all rules\nresults contains result if {\n some resource in input.resources[input.main_resource_type]\n result := dd_output.format(resource, eval(resource))\n}\n" type: string resourceTypes: description: List of resource types that will be evaluated upon. Must have at least one element. example: - gcp_iam_service_account - gcp_iam_policy items: type: string type: array required: - policy - resourceTypes type: object CloudConfigurationRuleCaseCreate: description: Description of signals. properties: notifications: description: Notification targets for each rule case. items: description: Notification. type: string type: array status: $ref: '#/components/schemas/SecurityMonitoringRuleSeverity' required: - status type: object CloudConfigurationRuleComplianceSignalOptions: description: How to generate compliance signals. Useful for cloud_configuration rules only. properties: defaultActivationStatus: description: The default activation status. nullable: true type: boolean defaultGroupByFields: description: The default group by fields. items: type: string nullable: true type: array userActivationStatus: description: Whether signals will be sent. nullable: true type: boolean userGroupByFields: description: Fields to use to group findings by when sending signals. items: type: string nullable: true type: array type: object CloudConfigurationRuleCreatePayload: description: Create a new cloud configuration rule. properties: cases: description: 'Description of generated findings and signals (severity and channels to be notified in case of a signal). Must contain exactly one item. ' items: $ref: '#/components/schemas/CloudConfigurationRuleCaseCreate' type: array complianceSignalOptions: $ref: '#/components/schemas/CloudConfigurationRuleComplianceSignalOptions' filters: description: Additional queries to filter matched events before they are processed. items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array isEnabled: description: Whether the rule is enabled. example: true type: boolean message: description: Message in markdown format for generated findings and signals. example: '#Description Explanation of the rule. #Remediation How to fix the security issue. ' type: string name: description: The name of the rule. example: My security monitoring rule. type: string options: $ref: '#/components/schemas/CloudConfigurationRuleOptions' tags: description: Tags for generated findings and signals. example: - env:prod - team:security items: description: Tag. type: string type: array type: $ref: '#/components/schemas/CloudConfigurationRuleType' required: - name - isEnabled - options - complianceSignalOptions - cases - message type: object CloudConfigurationRuleOptions: description: Options on cloud configuration rules. properties: complianceRuleOptions: $ref: '#/components/schemas/CloudConfigurationComplianceRuleOptions' required: - complianceRuleOptions type: object CloudConfigurationRulePayload: description: The payload of a cloud configuration rule. properties: cases: description: 'Description of generated findings and signals (severity and channels to be notified in case of a signal). Must contain exactly one item. ' items: $ref: '#/components/schemas/CloudConfigurationRuleCaseCreate' type: array complianceSignalOptions: $ref: '#/components/schemas/CloudConfigurationRuleComplianceSignalOptions' filters: description: Additional queries to filter matched events before they are processed. items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array isEnabled: description: Whether the rule is enabled. example: true type: boolean message: description: Message in markdown format for generated findings and signals. example: '#Description Explanation of the rule. #Remediation How to fix the security issue. ' type: string name: description: The name of the rule. example: My security monitoring rule. type: string options: $ref: '#/components/schemas/CloudConfigurationRuleOptions' tags: description: Tags for generated findings and signals. example: - env:prod - team:security items: description: Tag. type: string type: array type: $ref: '#/components/schemas/CloudConfigurationRuleType' required: - name - isEnabled - options - complianceSignalOptions - cases - message type: object CloudConfigurationRuleType: description: The rule type. enum: - cloud_configuration type: string x-enum-varnames: - CLOUD_CONFIGURATION CloudWorkloadSecurityAgentPoliciesListResponse: description: Response object that includes a list of Agent policies properties: data: description: A list of Agent policy objects items: $ref: '#/components/schemas/CloudWorkloadSecurityAgentPolicyData' type: array type: object CloudWorkloadSecurityAgentPolicyAttributes: description: A Cloud Workload Security Agent policy returned by the API properties: blockingRulesCount: description: The number of rules with the blocking feature in this policy example: 100 format: int32 maximum: 2147483647 type: integer datadogManaged: description: Whether the policy is managed by Datadog example: false type: boolean description: description: The description of the policy example: My agent policy type: string disabledRulesCount: description: The number of rules that are disabled in this policy example: 100 format: int32 maximum: 2147483647 type: integer enabled: description: Whether the Agent policy is enabled example: true type: boolean hostTags: description: The host tags defining where this policy is deployed items: type: string type: array hostTagsLists: description: The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR items: items: type: string type: array type: array monitoringRulesCount: description: The number of rules in the monitoring state in this policy example: 100 format: int32 maximum: 2147483647 type: integer name: description: The name of the policy example: my_agent_policy type: string policyVersion: description: The version of the policy example: '1' type: string priority: description: The priority of the policy example: 10 format: int64 type: integer ruleCount: description: The number of rules in this policy example: 100 format: int32 maximum: 2147483647 type: integer updateDate: description: Timestamp in milliseconds when the policy was last updated example: 1624366480320 format: int64 type: integer updatedAt: description: When the policy was last updated, timestamp in milliseconds example: 1624366480320 format: int64 type: integer updater: $ref: '#/components/schemas/CloudWorkloadSecurityAgentPolicyUpdaterAttributes' type: object CloudWorkloadSecurityAgentPolicyCreateAttributes: description: Create a new Cloud Workload Security Agent policy properties: description: description: The description of the policy example: My agent policy type: string enabled: description: Whether the policy is enabled example: true type: boolean hostTags: description: The host tags defining where this policy is deployed items: type: string type: array hostTagsLists: description: The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR items: items: type: string type: array type: array name: description: The name of the policy example: my_agent_policy type: string required: - name type: object CloudWorkloadSecurityAgentPolicyCreateData: description: Object for a single Agent rule properties: attributes: $ref: '#/components/schemas/CloudWorkloadSecurityAgentPolicyCreateAttributes' type: $ref: '#/components/schemas/CloudWorkloadSecurityAgentPolicyType' required: - attributes - type type: object CloudWorkloadSecurityAgentPolicyCreateRequest: description: Request object that includes the Agent policy to create properties: data: $ref: '#/components/schemas/CloudWorkloadSecurityAgentPolicyCreateData' required: - data type: object CloudWorkloadSecurityAgentPolicyData: description: Object for a single Agent policy properties: attributes: $ref: '#/components/schemas/CloudWorkloadSecurityAgentPolicyAttributes' id: description: The ID of the Agent policy example: 6517fcc1-cec7-4394-a655-8d6e9d085255 type: string type: $ref: '#/components/schemas/CloudWorkloadSecurityAgentPolicyType' type: object CloudWorkloadSecurityAgentPolicyID: description: The ID of the Agent policy example: 6517fcc1-cec7-4394-a655-8d6e9d085255 type: string CloudWorkloadSecurityAgentPolicyResponse: description: Response object that includes an Agent policy properties: data: $ref: '#/components/schemas/CloudWorkloadSecurityAgentPolicyData' type: object CloudWorkloadSecurityAgentPolicyType: default: policy description: The type of the resource, must always be `policy` enum: - policy example: policy type: string x-enum-varnames: - POLICY CloudWorkloadSecurityAgentPolicyUpdateAttributes: description: Update an existing Cloud Workload Security Agent policy properties: description: description: The description of the policy example: My agent policy type: string enabled: description: Whether the policy is enabled example: true type: boolean hostTags: description: The host tags defining where this policy is deployed items: type: string type: array hostTagsLists: description: The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR items: items: type: string type: array type: array name: description: The name of the policy example: my_agent_policy type: string type: object CloudWorkloadSecurityAgentPolicyUpdateData: description: Object for a single Agent policy properties: attributes: $ref: '#/components/schemas/CloudWorkloadSecurityAgentPolicyUpdateAttributes' id: $ref: '#/components/schemas/CloudWorkloadSecurityAgentPolicyID' type: $ref: '#/components/schemas/CloudWorkloadSecurityAgentPolicyType' required: - attributes - type type: object CloudWorkloadSecurityAgentPolicyUpdateRequest: description: Request object that includes the Agent policy with the attributes to update properties: data: $ref: '#/components/schemas/CloudWorkloadSecurityAgentPolicyUpdateData' required: - data type: object CloudWorkloadSecurityAgentPolicyUpdaterAttributes: description: The attributes of the user who last updated the policy properties: handle: description: The handle of the user example: datadog.user@example.com type: string name: description: The name of the user example: Datadog User nullable: true type: string type: object CloudWorkloadSecurityAgentRuleAction: description: The action the rule can perform if triggered properties: filter: description: SECL expression used to target the container to apply the action on type: string kill: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleKill' metadata: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActionMetadata' set: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActionSet' type: object CloudWorkloadSecurityAgentRuleActionMetadata: description: The metadata action applied on the scope matching the rule properties: image_tag: description: The image tag of the metadata action type: string service: description: The service of the metadata action type: string short_image: description: The short image of the metadata action type: string type: object CloudWorkloadSecurityAgentRuleActionSet: description: The set action applied on the scope matching the rule properties: append: description: Whether the value should be appended to the field type: boolean field: description: The field of the set action type: string name: description: The name of the set action type: string scope: description: The scope of the set action type: string size: description: The size of the set action format: int64 type: integer ttl: description: The time to live of the set action format: int64 type: integer value: description: The value of the set action type: string type: object CloudWorkloadSecurityAgentRuleActions: description: The array of actions the rule can perform if triggered items: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleAction' nullable: true type: array CloudWorkloadSecurityAgentRuleAttributes: description: A Cloud Workload Security Agent rule returned by the API properties: actions: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActions' agentConstraint: description: The version of the Agent type: string blocking: description: The blocking policies that the rule belongs to items: type: string type: array category: description: The category of the Agent rule example: Process Activity type: string creationAuthorUuId: description: The ID of the user who created the rule example: e51c9744-d158-11ec-ad23-da7ad0900002 type: string creationDate: description: When the Agent rule was created, timestamp in milliseconds example: 1624366480320 format: int64 type: integer creator: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreatorAttributes' defaultRule: description: Whether the rule is included by default example: false type: boolean description: description: The description of the Agent rule example: My Agent rule type: string disabled: description: The disabled policies that the rule belongs to items: type: string type: array enabled: description: Whether the Agent rule is enabled example: true type: boolean expression: description: The SECL expression of the Agent rule example: exec.file.name == "sh" type: string filters: description: The platforms the Agent rule is supported on items: type: string type: array monitoring: description: The monitoring policies that the rule belongs to items: type: string type: array name: description: The name of the Agent rule example: my_agent_rule type: string product_tags: description: The list of product tags associated with the rule items: type: string type: array updateAuthorUuId: description: The ID of the user who updated the rule example: e51c9744-d158-11ec-ad23-da7ad0900002 type: string updateDate: description: Timestamp in milliseconds when the Agent rule was last updated example: 1624366480320 format: int64 type: integer updatedAt: description: When the Agent rule was last updated, timestamp in milliseconds example: 1624366480320 format: int64 type: integer updater: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdaterAttributes' version: description: The version of the Agent rule example: 23 format: int64 type: integer type: object CloudWorkloadSecurityAgentRuleCreateAttributes: description: Create a new Cloud Workload Security Agent rule. properties: actions: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActions' blocking: description: The blocking policies that the rule belongs to items: type: string type: array description: description: The description of the Agent rule. example: My Agent rule type: string disabled: description: The disabled policies that the rule belongs to items: type: string type: array enabled: description: Whether the Agent rule is enabled example: true type: boolean expression: description: The SECL expression of the Agent rule. example: exec.file.name == "sh" type: string filters: description: The platforms the Agent rule is supported on items: type: string type: array monitoring: description: The monitoring policies that the rule belongs to items: type: string type: array name: description: The name of the Agent rule. example: my_agent_rule type: string policy_id: description: The ID of the policy where the Agent rule is saved example: a8c8e364-6556-434d-b798-a4c23de29c0b type: string product_tags: description: The list of product tags associated with the rule items: type: string type: array required: - name - expression type: object CloudWorkloadSecurityAgentRuleCreateData: description: Object for a single Agent rule properties: attributes: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreateAttributes' type: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleType' required: - attributes - type type: object CloudWorkloadSecurityAgentRuleCreateRequest: description: Request object that includes the Agent rule to create properties: data: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreateData' required: - data type: object CloudWorkloadSecurityAgentRuleCreatorAttributes: description: The attributes of the user who created the Agent rule properties: handle: description: The handle of the user example: datadog.user@example.com type: string name: description: The name of the user example: Datadog User nullable: true type: string type: object CloudWorkloadSecurityAgentRuleData: description: Object for a single Agent rule properties: attributes: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleAttributes' id: description: The ID of the Agent rule example: 3dd-0uc-h1s type: string type: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleType' type: object CloudWorkloadSecurityAgentRuleID: description: The ID of the Agent rule example: 3dd-0uc-h1s type: string CloudWorkloadSecurityAgentRuleKill: description: Kill system call applied on the container matching the rule properties: signal: description: Supported signals for the kill system call type: string type: object CloudWorkloadSecurityAgentRuleResponse: description: Response object that includes an Agent rule properties: data: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleData' type: object CloudWorkloadSecurityAgentRuleType: default: agent_rule description: The type of the resource, must always be `agent_rule` enum: - agent_rule example: agent_rule type: string x-enum-varnames: - AGENT_RULE CloudWorkloadSecurityAgentRuleUpdateAttributes: description: Update an existing Cloud Workload Security Agent rule properties: actions: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActions' blocking: description: The blocking policies that the rule belongs to items: type: string type: array description: description: The description of the Agent rule example: My Agent rule type: string disabled: description: The disabled policies that the rule belongs to items: type: string type: array enabled: description: Whether the Agent rule is enabled example: true type: boolean expression: description: The SECL expression of the Agent rule example: exec.file.name == "sh" type: string monitoring: description: The monitoring policies that the rule belongs to items: type: string type: array policy_id: description: The ID of the policy where the Agent rule is saved example: a8c8e364-6556-434d-b798-a4c23de29c0b type: string product_tags: description: The list of product tags associated with the rule items: type: string type: array type: object CloudWorkloadSecurityAgentRuleUpdateData: description: Object for a single Agent rule properties: attributes: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateAttributes' id: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleID' type: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleType' required: - attributes - type type: object CloudWorkloadSecurityAgentRuleUpdateRequest: description: Request object that includes the Agent rule with the attributes to update properties: data: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateData' required: - data type: object CloudWorkloadSecurityAgentRuleUpdaterAttributes: description: The attributes of the user who last updated the Agent rule properties: handle: description: The handle of the user example: datadog.user@example.com type: string name: description: The name of the user example: Datadog User nullable: true type: string type: object CloudWorkloadSecurityAgentRulesListResponse: description: Response object that includes a list of Agent rule properties: data: description: A list of Agent rules objects items: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleData' type: array type: object CloudflareAccountCreateRequest: description: Payload schema when adding a Cloudflare account. properties: data: $ref: '#/components/schemas/CloudflareAccountCreateRequestData' required: - data type: object CloudflareAccountCreateRequestAttributes: description: Attributes object for creating a Cloudflare account. properties: api_key: description: The API key (or token) for the Cloudflare account. example: a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 type: string email: description: The email associated with the Cloudflare account. If an API key is provided (and not a token), this field is also required. example: test-email@example.com type: string name: description: The name of the Cloudflare account. example: test-name type: string resources: description: An allowlist of resources to restrict pulling metrics for including `'web', 'dns', 'lb' (load balancer), 'worker'`. example: - web - dns - lb - worker items: type: string type: array zones: description: An allowlist of zones to restrict pulling metrics for. example: - zone_id_1 - zone_id_2 items: type: string type: array required: - api_key - name type: object CloudflareAccountCreateRequestData: description: Data object for creating a Cloudflare account. properties: attributes: $ref: '#/components/schemas/CloudflareAccountCreateRequestAttributes' type: $ref: '#/components/schemas/CloudflareAccountType' required: - attributes - type type: object CloudflareAccountResponse: description: The expected response schema when getting a Cloudflare account. properties: data: $ref: '#/components/schemas/CloudflareAccountResponseData' type: object CloudflareAccountResponseAttributes: description: Attributes object of a Cloudflare account. properties: email: description: The email associated with the Cloudflare account. example: test-email@example.com type: string name: description: The name of the Cloudflare account. example: test-name type: string resources: description: An allowlist of resources, such as `web`, `dns`, `lb` (load balancer), `worker`, that restricts pulling metrics from those resources. example: - web - dns - lb - worker items: type: string type: array zones: description: An allowlist of zones to restrict pulling metrics for. example: - zone_id_1 - zone_id_2 items: type: string type: array required: - name type: object CloudflareAccountResponseData: description: Data object of a Cloudflare account. properties: attributes: $ref: '#/components/schemas/CloudflareAccountResponseAttributes' id: description: The ID of the Cloudflare account, a hash of the account name. example: c1a8e059bfd1e911cf10b626340c9a54 type: string type: $ref: '#/components/schemas/CloudflareAccountType' required: - attributes - id - type type: object CloudflareAccountType: default: cloudflare-accounts description: The JSON:API type for this API. Should always be `cloudflare-accounts`. enum: - cloudflare-accounts example: cloudflare-accounts type: string x-enum-varnames: - CLOUDFLARE_ACCOUNTS CloudflareAccountUpdateRequest: description: Payload schema when updating a Cloudflare account. properties: data: $ref: '#/components/schemas/CloudflareAccountUpdateRequestData' required: - data type: object CloudflareAccountUpdateRequestAttributes: description: Attributes object for updating a Cloudflare account. properties: api_key: description: The API key of the Cloudflare account. example: a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 type: string email: description: The email associated with the Cloudflare account. If an API key is provided (and not a token), this field is also required. example: test-email@example.com type: string name: description: The name of the Cloudflare account. type: string resources: description: An allowlist of resources to restrict pulling metrics for including `'web', 'dns', 'lb' (load balancer), 'worker'`. example: - web - dns - lb - worker items: type: string type: array zones: description: An allowlist of zones to restrict pulling metrics for. example: - zone_id_1 - zone_id_2 items: type: string type: array required: - api_key type: object CloudflareAccountUpdateRequestData: description: Data object for updating a Cloudflare account. properties: attributes: $ref: '#/components/schemas/CloudflareAccountUpdateRequestAttributes' type: $ref: '#/components/schemas/CloudflareAccountType' type: object CloudflareAccountsResponse: description: The expected response schema when getting Cloudflare accounts. properties: data: description: The JSON:API data schema. items: $ref: '#/components/schemas/CloudflareAccountResponseData' type: array type: object CodeLocation: description: Code vulnerability location. properties: file_path: description: Vulnerability location file path. example: src/Class.java:100 type: string location: description: Vulnerability extracted location. example: com.example.Class:100 type: string method: description: Vulnerability location method. example: FooBar type: string required: - location type: object CompletionCondition: description: The definition of `CompletionCondition` object. properties: operand1: description: The `CompletionCondition` `operand1`. operand2: description: The `CompletionCondition` `operand2`. operator: $ref: '#/components/schemas/CompletionConditionOperator' required: - operand1 - operator type: object CompletionConditionOperator: description: The definition of `CompletionConditionOperator` object. enum: - OPERATOR_EQUAL - OPERATOR_NOT_EQUAL - OPERATOR_GREATER_THAN - OPERATOR_LESS_THAN - OPERATOR_GREATER_THAN_OR_EQUAL_TO - OPERATOR_LESS_THAN_OR_EQUAL_TO - OPERATOR_CONTAINS - OPERATOR_DOES_NOT_CONTAIN - OPERATOR_IS_NULL - OPERATOR_IS_NOT_NULL - OPERATOR_IS_EMPTY - OPERATOR_IS_NOT_EMPTY example: OPERATOR_EQUAL type: string x-enum-varnames: - OPERATOR_EQUAL - OPERATOR_NOT_EQUAL - OPERATOR_GREATER_THAN - OPERATOR_LESS_THAN - OPERATOR_GREATER_THAN_OR_EQUAL_TO - OPERATOR_LESS_THAN_OR_EQUAL_TO - OPERATOR_CONTAINS - OPERATOR_DOES_NOT_CONTAIN - OPERATOR_IS_NULL - OPERATOR_IS_NOT_NULL - OPERATOR_IS_EMPTY - OPERATOR_IS_NOT_EMPTY CompletionGate: description: Used to create conditions before running subsequent actions. properties: completionCondition: $ref: '#/components/schemas/CompletionCondition' retryStrategy: $ref: '#/components/schemas/RetryStrategy' required: - completionCondition - retryStrategy type: object Component: description: '[Definition of a UI component in the app](https://docs.datadoghq.com/service_management/app_builder/components/)' properties: events: description: Events to listen for on the UI component. items: $ref: '#/components/schemas/AppBuilderEvent' type: array id: description: The ID of the UI component. This property is deprecated; use `name` to identify individual components instead. nullable: true type: string name: description: A unique identifier for this UI component. This name is also visible in the app editor. example: '' type: string properties: $ref: '#/components/schemas/ComponentProperties' type: $ref: '#/components/schemas/ComponentType' required: - name - type - properties type: object ComponentGrid: description: A grid component. The grid component is the root canvas for an app and contains all other components. properties: events: description: Events to listen for on the grid component. items: $ref: '#/components/schemas/AppBuilderEvent' type: array id: description: The ID of the grid component. This property is deprecated; use `name` to identify individual components instead. type: string name: description: A unique identifier for this grid component. This name is also visible in the app editor. example: '' type: string properties: $ref: '#/components/schemas/ComponentGridProperties' type: $ref: '#/components/schemas/ComponentGridType' required: - name - type - properties type: object ComponentGridProperties: description: Properties of a grid component. properties: backgroundColor: default: default description: The background color of the grid. type: string children: description: The child components of the grid. items: $ref: '#/components/schemas/Component' type: array isVisible: $ref: '#/components/schemas/ComponentGridPropertiesIsVisible' type: object ComponentGridPropertiesIsVisible: description: Whether the grid component and its children are visible. If a string, it must be a valid JavaScript expression that evaluates to a boolean. oneOf: - type: string - default: true type: boolean ComponentGridType: default: grid description: The grid component type. enum: - grid example: grid type: string x-enum-varnames: - GRID ComponentProperties: additionalProperties: {} description: Properties of a UI component. Different component types can have their own additional unique properties. See the [components documentation](https://docs.datadoghq.com/service_management/app_builder/components/) for more detail on each component type and its properties. properties: children: description: The child components of the UI component. items: $ref: '#/components/schemas/Component' type: array isVisible: $ref: '#/components/schemas/ComponentPropertiesIsVisible' type: object ComponentPropertiesIsVisible: description: Whether the UI component is visible. If this is a string, it must be a valid JavaScript expression that evaluates to a boolean. oneOf: - type: boolean - description: If this is a string, it must be a valid JavaScript expression that evaluates to a boolean. example: ${true} type: string ComponentType: description: The UI component type. enum: - table - textInput - textArea - button - text - select - modal - schemaForm - checkbox - tabs - vegaChart - radioButtons - numberInput - fileInput - jsonInput - gridCell - dateRangePicker - search - container - calloutValue example: text type: string x-enum-varnames: - TABLE - TEXTINPUT - TEXTAREA - BUTTON - TEXT - SELECT - MODAL - SCHEMAFORM - CHECKBOX - TABS - VEGACHART - RADIOBUTTONS - NUMBERINPUT - FILEINPUT - JSONINPUT - GRIDCELL - DATERANGEPICKER - SEARCH - CONTAINER - CALLOUTVALUE ConfluentAccountCreateRequest: description: Payload schema when adding a Confluent account. properties: data: $ref: '#/components/schemas/ConfluentAccountCreateRequestData' required: - data type: object ConfluentAccountCreateRequestAttributes: description: Attributes associated with the account creation request. properties: api_key: description: The API key associated with your Confluent account. example: TESTAPIKEY123 type: string api_secret: description: The API secret associated with your Confluent account. example: test-api-secret-123 type: string resources: description: A list of Confluent resources associated with the Confluent account. items: $ref: '#/components/schemas/ConfluentAccountResourceAttributes' type: array tags: description: A list of strings representing tags. Can be a single key, or key-value pairs separated by a colon. example: - myTag - myTag2:myValue items: type: string type: array required: - api_key - api_secret type: object ConfluentAccountCreateRequestData: description: The data body for adding a Confluent account. properties: attributes: $ref: '#/components/schemas/ConfluentAccountCreateRequestAttributes' type: $ref: '#/components/schemas/ConfluentAccountType' required: - attributes - type type: object ConfluentAccountResourceAttributes: description: Attributes object for updating a Confluent resource. properties: enable_custom_metrics: default: false description: Enable the `custom.consumer_lag_offset` metric, which contains extra metric tags. example: false type: boolean id: description: The ID associated with a Confluent resource. example: resource-id-123 type: string resource_type: description: The resource type of the Resource. Can be `kafka`, `connector`, `ksql`, or `schema_registry`. example: kafka type: string tags: description: A list of strings representing tags. Can be a single key, or key-value pairs separated by a colon. example: - myTag - myTag2:myValue items: type: string type: array required: - resource_type type: object ConfluentAccountResponse: description: The expected response schema when getting a Confluent account. properties: data: $ref: '#/components/schemas/ConfluentAccountResponseData' type: object ConfluentAccountResponseAttributes: description: The attributes of a Confluent account. properties: api_key: description: The API key associated with your Confluent account. example: TESTAPIKEY123 type: string resources: description: A list of Confluent resources associated with the Confluent account. items: $ref: '#/components/schemas/ConfluentResourceResponseAttributes' type: array tags: description: A list of strings representing tags. Can be a single key, or key-value pairs separated by a colon. example: - myTag - myTag2:myValue items: type: string type: array required: - api_key type: object ConfluentAccountResponseData: description: An API key and API secret pair that represents a Confluent account. properties: attributes: $ref: '#/components/schemas/ConfluentAccountResponseAttributes' id: description: A randomly generated ID associated with a Confluent account. example: account_id_abc123 type: string type: $ref: '#/components/schemas/ConfluentAccountType' required: - attributes - id - type type: object ConfluentAccountType: default: confluent-cloud-accounts description: The JSON:API type for this API. Should always be `confluent-cloud-accounts`. enum: - confluent-cloud-accounts example: confluent-cloud-accounts type: string x-enum-varnames: - CONFLUENT_CLOUD_ACCOUNTS ConfluentAccountUpdateRequest: description: The JSON:API request for updating a Confluent account. properties: data: $ref: '#/components/schemas/ConfluentAccountUpdateRequestData' required: - data type: object ConfluentAccountUpdateRequestAttributes: description: Attributes object for updating a Confluent account. properties: api_key: description: The API key associated with your Confluent account. example: TESTAPIKEY123 type: string api_secret: description: The API secret associated with your Confluent account. example: test-api-secret-123 type: string tags: description: A list of strings representing tags. Can be a single key, or key-value pairs separated by a colon. example: - myTag - myTag2:myValue items: type: string type: array required: - api_key - api_secret type: object ConfluentAccountUpdateRequestData: description: Data object for updating a Confluent account. properties: attributes: $ref: '#/components/schemas/ConfluentAccountUpdateRequestAttributes' type: $ref: '#/components/schemas/ConfluentAccountType' required: - attributes - type type: object ConfluentAccountsResponse: description: Confluent account returned by the API. properties: data: description: The Confluent account. items: $ref: '#/components/schemas/ConfluentAccountResponseData' type: array type: object ConfluentResourceRequest: description: The JSON:API request for updating a Confluent resource. properties: data: $ref: '#/components/schemas/ConfluentResourceRequestData' required: - data type: object ConfluentResourceRequestAttributes: description: Attributes object for updating a Confluent resource. properties: enable_custom_metrics: default: false description: Enable the `custom.consumer_lag_offset` metric, which contains extra metric tags. example: false type: boolean resource_type: description: The resource type of the Resource. Can be `kafka`, `connector`, `ksql`, or `schema_registry`. example: kafka type: string tags: description: A list of strings representing tags. Can be a single key, or key-value pairs separated by a colon. example: - myTag - myTag2:myValue items: type: string type: array required: - resource_type type: object ConfluentResourceRequestData: description: JSON:API request for updating a Confluent resource. properties: attributes: $ref: '#/components/schemas/ConfluentResourceRequestAttributes' id: description: The ID associated with a Confluent resource. example: resource-id-123 type: string type: $ref: '#/components/schemas/ConfluentResourceType' required: - attributes - type - id type: object ConfluentResourceResponse: description: Response schema when interacting with a Confluent resource. properties: data: $ref: '#/components/schemas/ConfluentResourceResponseData' type: object ConfluentResourceResponseAttributes: description: Model representation of a Confluent Cloud resource. properties: enable_custom_metrics: default: false description: Enable the `custom.consumer_lag_offset` metric, which contains extra metric tags. example: false type: boolean id: description: The ID associated with the Confluent resource. example: resource_id_abc123 type: string resource_type: description: The resource type of the Resource. Can be `kafka`, `connector`, `ksql`, or `schema_registry`. example: kafka type: string tags: description: A list of strings representing tags. Can be a single key, or key-value pairs separated by a colon. example: - myTag - myTag2:myValue items: type: string type: array required: - resource_type type: object ConfluentResourceResponseData: description: Confluent Cloud resource data. properties: attributes: $ref: '#/components/schemas/ConfluentResourceResponseAttributes' id: description: The ID associated with the Confluent resource. example: resource_id_abc123 type: string type: $ref: '#/components/schemas/ConfluentResourceType' required: - attributes - type - id type: object ConfluentResourceType: default: confluent-cloud-resources description: The JSON:API type for this request. enum: - confluent-cloud-resources example: confluent-cloud-resources type: string x-enum-varnames: - CONFLUENT_CLOUD_RESOURCES ConfluentResourcesResponse: description: Response schema when interacting with a list of Confluent resources. properties: data: description: The JSON:API data attribute. items: $ref: '#/components/schemas/ConfluentResourceResponseData' type: array type: object Connection: description: The definition of `Connection` object. properties: connectionId: description: The `Connection` `connectionId`. example: '' type: string label: description: The `Connection` `label`. example: '' type: string required: - connectionId - label type: object ConnectionEnv: description: A list of connections or connection groups used in the workflow. properties: connectionGroups: description: The `ConnectionEnv` `connectionGroups`. items: $ref: '#/components/schemas/ConnectionGroup' type: array connections: description: The `ConnectionEnv` `connections`. items: $ref: '#/components/schemas/Connection' type: array env: $ref: '#/components/schemas/ConnectionEnvEnv' required: - env type: object ConnectionEnvEnv: description: The definition of `ConnectionEnvEnv` object. enum: - default example: default type: string x-enum-varnames: - DEFAULT ConnectionGroup: description: The definition of `ConnectionGroup` object. properties: connectionGroupId: description: The `ConnectionGroup` `connectionGroupId`. example: '' type: string label: description: The `ConnectionGroup` `label`. example: '' type: string tags: description: The `ConnectionGroup` `tags`. example: - '' items: type: string type: array required: - connectionGroupId - label - tags type: object Container: description: Container object. properties: attributes: $ref: '#/components/schemas/ContainerAttributes' id: description: Container ID. type: string type: $ref: '#/components/schemas/ContainerType' type: object ContainerAttributes: description: Attributes for a container. properties: container_id: description: The ID of the container. type: string created_at: description: Time the container was created. type: string host: description: Hostname of the host running the container. type: string image_digest: description: Digest of the compressed image manifest. nullable: true type: string image_name: description: Name of the associated container image. type: string image_tags: description: List of image tags associated with the container image. items: type: string nullable: true type: array name: description: Name of the container. type: string started_at: description: Time the container was started. type: string state: description: State of the container. This depends on the container runtime. type: string tags: description: List of tags associated with the container. items: type: string type: array type: object ContainerGroup: description: Container group object. properties: attributes: $ref: '#/components/schemas/ContainerGroupAttributes' id: description: Container Group ID. type: string relationships: $ref: '#/components/schemas/ContainerGroupRelationships' type: $ref: '#/components/schemas/ContainerGroupType' type: object ContainerGroupAttributes: description: Attributes for a container group. properties: count: description: Number of containers in the group. format: int64 type: integer tags: description: Tags from the group name parsed in key/value format. type: object type: object ContainerGroupRelationships: description: Relationships to containers inside a container group. properties: containers: $ref: '#/components/schemas/ContainerGroupRelationshipsLink' type: object ContainerGroupRelationshipsData: description: Links data. items: description: A link data. type: string type: array ContainerGroupRelationshipsLink: description: Relationships to Containers inside a Container Group. properties: data: $ref: '#/components/schemas/ContainerGroupRelationshipsData' links: $ref: '#/components/schemas/ContainerGroupRelationshipsLinks' type: object ContainerGroupRelationshipsLinks: description: Links attributes. properties: related: description: Link to related containers. type: string type: object ContainerGroupType: default: container_group description: Type of container group. enum: - container_group example: container_group type: string x-enum-varnames: - CONTAINER_GROUP ContainerImage: description: Container Image object. properties: attributes: $ref: '#/components/schemas/ContainerImageAttributes' id: description: Container Image ID. type: string type: $ref: '#/components/schemas/ContainerImageType' type: object ContainerImageAttributes: description: Attributes for a Container Image. properties: container_count: description: Number of containers running the image. format: int64 type: integer image_flavors: description: 'List of platform-specific images associated with the image record. The list contains more than 1 entry for multi-architecture images.' items: $ref: '#/components/schemas/ContainerImageFlavor' type: array image_tags: description: List of image tags associated with the Container Image. items: description: An image tag associated with the Container Image. type: string type: array images_built_at: description: 'List of build times associated with the Container Image. The list contains more than 1 entry for multi-architecture images.' items: description: Time the platform-specific Container Image was built. type: string type: array name: description: Name of the Container Image. type: string os_architectures: description: List of Operating System architectures supported by the Container Image. items: description: Operating System architecture supported by the Container Image. example: amd64 type: string type: array os_names: description: List of Operating System names supported by the Container Image. items: description: Operating System supported by the Container Image. example: linux type: string type: array os_versions: description: List of Operating System versions supported by the Container Image. items: description: Operating System version supported by the Container Image. type: string type: array published_at: description: Time the image was pushed to the container registry. type: string registry: description: Registry the Container Image was pushed to. type: string repo_digest: description: Digest of the compressed image manifest. type: string repository: description: Repository where the Container Image is stored in. type: string short_image: description: Short version of the Container Image name. type: string sizes: description: 'List of size for each platform-specific image associated with the image record. The list contains more than 1 entry for multi-architecture images.' items: description: Size of the platform-specific Container Image. format: int64 type: integer type: array sources: description: List of sources where the Container Image was collected from. items: description: Source where the Container Image was collected from. type: string type: array tags: description: List of tags associated with the Container Image. items: description: A tag associated with the Container Image. type: string type: array vulnerability_count: $ref: '#/components/schemas/ContainerImageVulnerabilities' type: object ContainerImageFlavor: description: Container Image breakdown by supported platform. properties: built_at: description: Time the platform-specific Container Image was built. type: string os_architecture: description: Operating System architecture supported by the Container Image. type: string os_name: description: Operating System name supported by the Container Image. type: string os_version: description: Operating System version supported by the Container Image. type: string size: description: Size of the platform-specific Container Image. format: int64 type: integer type: object ContainerImageGroup: description: Container Image Group object. properties: attributes: $ref: '#/components/schemas/ContainerImageGroupAttributes' id: description: Container Image Group ID. type: string relationships: $ref: '#/components/schemas/ContainerImageGroupRelationships' type: $ref: '#/components/schemas/ContainerImageGroupType' type: object ContainerImageGroupAttributes: description: Attributes for a Container Image Group. properties: count: description: Number of Container Images in the group. format: int64 type: integer name: description: Name of the Container Image group. type: string tags: description: Tags from the group name parsed in key/value format. type: object type: object ContainerImageGroupImagesRelationshipsLink: description: Relationships to Container Images inside a Container Image Group. properties: data: $ref: '#/components/schemas/ContainerImageGroupRelationshipsData' links: $ref: '#/components/schemas/ContainerImageGroupRelationshipsLinks' type: object ContainerImageGroupRelationships: description: Relationships inside a Container Image Group. properties: container_images: $ref: '#/components/schemas/ContainerImageGroupImagesRelationshipsLink' type: object ContainerImageGroupRelationshipsData: description: Links data. items: description: A link data. type: string type: array ContainerImageGroupRelationshipsLinks: description: Links attributes. properties: related: description: Link to related Container Images. type: string type: object ContainerImageGroupType: default: container_image_group description: Type of Container Image Group. enum: - container_image_group example: container_image_group type: string x-enum-varnames: - CONTAINER_IMAGE_GROUP ContainerImageItem: description: Possible Container Image models. oneOf: - $ref: '#/components/schemas/ContainerImage' - $ref: '#/components/schemas/ContainerImageGroup' ContainerImageMeta: description: Response metadata object. properties: pagination: $ref: '#/components/schemas/ContainerImageMetaPage' type: object ContainerImageMetaPage: description: Paging attributes. properties: cursor: description: The cursor used to get the current results, if any. type: string limit: description: Number of results returned format: int32 maximum: 10000 minimum: 0 type: integer next_cursor: description: The cursor used to get the next results, if any. type: string prev_cursor: description: The cursor used to get the previous results, if any. nullable: true type: string total: description: Total number of records that match the query. format: int64 type: integer type: $ref: '#/components/schemas/ContainerImageMetaPageType' type: object ContainerImageMetaPageType: default: cursor_limit description: Type of Container Image pagination. enum: - cursor_limit example: cursor_limit type: string x-enum-varnames: - CURSOR_LIMIT ContainerImageType: default: container_image description: Type of Container Image. enum: - container_image example: container_image type: string x-enum-varnames: - CONTAINER_IMAGE ContainerImageVulnerabilities: description: Vulnerability counts associated with the Container Image. properties: asset_id: description: ID of the Container Image. type: string critical: description: Number of vulnerabilities with CVSS Critical severity. format: int64 type: integer high: description: Number of vulnerabilities with CVSS High severity. format: int64 type: integer low: description: Number of vulnerabilities with CVSS Low severity. format: int64 type: integer medium: description: Number of vulnerabilities with CVSS Medium severity. format: int64 type: integer none: description: Number of vulnerabilities with CVSS None severity. format: int64 type: integer unknown: description: Number of vulnerabilities with an unknown CVSS severity. format: int64 type: integer type: object ContainerImagesResponse: description: List of Container Images. properties: data: description: Array of Container Image objects. items: $ref: '#/components/schemas/ContainerImageItem' type: array links: $ref: '#/components/schemas/ContainerImagesResponseLinks' meta: $ref: '#/components/schemas/ContainerImageMeta' type: object ContainerImagesResponseLinks: description: Pagination links. properties: first: description: Link to the first page. type: string last: description: Link to the last page. nullable: true type: string next: description: Link to the next page. nullable: true type: string prev: description: Link to previous page. nullable: true type: string self: description: Link to current page. type: string type: object ContainerItem: description: Possible Container models. oneOf: - $ref: '#/components/schemas/Container' - $ref: '#/components/schemas/ContainerGroup' ContainerMeta: description: Response metadata object. properties: pagination: $ref: '#/components/schemas/ContainerMetaPage' type: object ContainerMetaPage: description: Paging attributes. properties: cursor: description: The cursor used to get the current results, if any. type: string limit: description: Number of results returned format: int32 maximum: 10000 minimum: 0 type: integer next_cursor: description: The cursor used to get the next results, if any. type: string prev_cursor: description: The cursor used to get the previous results, if any. nullable: true type: string total: description: Total number of records that match the query. format: int64 type: integer type: $ref: '#/components/schemas/ContainerMetaPageType' type: object ContainerMetaPageType: default: cursor_limit description: Type of Container pagination. enum: - cursor_limit example: cursor_limit type: string x-enum-varnames: - CURSOR_LIMIT ContainerType: default: container description: Type of container. enum: - container example: container type: string x-enum-varnames: - CONTAINER ContainersResponse: description: List of containers. properties: data: description: Array of Container objects. items: $ref: '#/components/schemas/ContainerItem' type: array links: $ref: '#/components/schemas/ContainersResponseLinks' meta: $ref: '#/components/schemas/ContainerMeta' type: object ContainersResponseLinks: description: Pagination links. properties: first: description: Link to the first page. type: string last: description: Link to the last page. nullable: true type: string next: description: Link to the next page. nullable: true type: string prev: description: Link to previous page. nullable: true type: string self: description: Link to current page. type: string type: object ContentEncoding: description: HTTP header used to compress the media-type. enum: - identity - gzip - deflate type: string x-enum-varnames: - IDENTITY - GZIP - DEFLATE ConvertJobResultsToSignalsAttributes: description: Attributes for converting historical job results to signals. properties: id: description: Request ID. type: string jobResultIds: description: Job result IDs. example: - '' items: type: string type: array notifications: description: Notifications sent. example: - '' items: type: string type: array signalMessage: description: Message of generated signals. example: A large number of failed login attempts. type: string signalSeverity: $ref: '#/components/schemas/SecurityMonitoringRuleSeverity' required: - jobResultIds - signalSeverity - signalMessage - notifications type: object ConvertJobResultsToSignalsData: description: Data for converting historical job results to signals. properties: attributes: $ref: '#/components/schemas/ConvertJobResultsToSignalsAttributes' type: $ref: '#/components/schemas/ConvertJobResultsToSignalsDataType' type: object ConvertJobResultsToSignalsDataType: description: Type of payload. enum: - historicalDetectionsJobResultSignalConversion type: string x-enum-varnames: - HISTORICALDETECTIONSJOBRESULTSIGNALCONVERSION ConvertJobResultsToSignalsRequest: description: Request for converting historical job results to signals. properties: data: $ref: '#/components/schemas/ConvertJobResultsToSignalsData' type: object CostAttributionAggregates: description: An array of available aggregates. items: $ref: '#/components/schemas/CostAttributionAggregatesBody' type: array CostAttributionAggregatesBody: description: The object containing the aggregates. properties: agg_type: description: The aggregate type. example: sum type: string field: description: The field. example: infra_host_committed_cost type: string value: description: The value for a given field. format: double type: number type: object CostAttributionTagNames: additionalProperties: description: 'A list of values that are associated with each tag key. - An empty list means the resource use wasn''t tagged with the respective tag. - Multiple values means the respective tag was applied multiple times on the resource. - An `<empty>` value means the resource was tagged with the respective tag but did not have a value.' items: description: A given tag in a list. example: datadog-integrations-lab type: string type: array description: 'Tag keys and values. A `null` value here means that the requested tag breakdown cannot be applied because it does not match the [tags configured for usage attribution](https://docs.datadoghq.com/account_management/billing/usage_attribution/#getting-started). In this scenario the API returns the total cost, not broken down by tags.' nullable: true type: object CostAttributionType: default: cost_by_tag description: Type of cost attribution data. enum: - cost_by_tag example: cost_by_tag type: string x-enum-varnames: - COST_BY_TAG CostByOrg: description: Cost data. properties: attributes: $ref: '#/components/schemas/CostByOrgAttributes' id: description: Unique ID of the response. type: string type: $ref: '#/components/schemas/CostByOrgType' type: object CostByOrgAttributes: description: Cost attributes data. properties: account_name: description: The account name. type: string account_public_id: description: The account public ID. type: string charges: description: List of charges data reported for the requested month. items: $ref: '#/components/schemas/ChargebackBreakdown' type: array date: description: The month requested. format: date-time type: string org_name: description: The organization name. type: string public_id: description: The organization public ID. type: string region: description: The region of the Datadog instance that the organization belongs to. type: string total_cost: description: The total cost of products for the month. format: double type: number type: object CostByOrgResponse: description: Chargeback Summary response. properties: data: description: Response containing Chargeback Summary. items: $ref: '#/components/schemas/CostByOrg' type: array type: object CostByOrgType: default: cost_by_org description: Type of cost data. enum: - cost_by_org example: cost_by_org type: string x-enum-varnames: - COST_BY_ORG CreateActionConnectionRequest: description: Request used to create an action connection. properties: data: $ref: '#/components/schemas/ActionConnectionData' required: - data type: object CreateActionConnectionResponse: description: The response for a created connection properties: data: $ref: '#/components/schemas/ActionConnectionData' type: object CreateAppRequest: description: A request object for creating a new app. example: data: attributes: components: - events: [] name: grid0 properties: children: - events: [] name: gridCell0 properties: children: - events: [] name: calloutValue0 properties: isDisabled: false isLoading: false isVisible: true label: CPU Usage size: sm style: vivid_yellow unit: kB value: '42' type: calloutValue isVisible: 'true' layout: default: height: 8 width: 2 x: 0 y: 0 type: gridCell type: grid description: This is a simple example app name: Example App queries: [] rootInstanceName: grid0 type: appDefinitions properties: data: $ref: '#/components/schemas/CreateAppRequestData' type: object CreateAppRequestData: description: The data object containing the app definition. properties: attributes: $ref: '#/components/schemas/CreateAppRequestDataAttributes' type: $ref: '#/components/schemas/AppDefinitionType' required: - type type: object CreateAppRequestDataAttributes: description: App definition attributes such as name, description, and components. properties: components: description: The UI components that make up the app. items: $ref: '#/components/schemas/ComponentGrid' type: array description: description: A human-readable description for the app. type: string name: description: The name of the app. type: string queries: description: An array of queries, such as external actions and state variables, that the app uses. items: $ref: '#/components/schemas/Query' type: array rootInstanceName: description: The name of the root component of the app. This must be a `grid` component that contains all other components. type: string tags: description: A list of tags for the app, which can be used to filter apps. example: - service:webshop-backend - team:webshop items: description: An individual tag for the app. type: string type: array type: object CreateAppResponse: description: The response object after a new app is successfully created, with the app ID. properties: data: $ref: '#/components/schemas/CreateAppResponseData' type: object CreateAppResponseData: description: The data object containing the app ID. properties: id: description: The ID of the created app. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: $ref: '#/components/schemas/AppDefinitionType' required: - id - type type: object CreateCustomFrameworkRequest: description: Request object to create a custom framework. properties: data: $ref: '#/components/schemas/CustomFrameworkData' required: - data type: object CreateCustomFrameworkResponse: description: Response object to create a custom framework. properties: data: $ref: '#/components/schemas/FrameworkHandleAndVersionResponseData' required: - data type: object CreateDataDeletionRequestBody: description: Object needed to create a data deletion request. properties: data: $ref: '#/components/schemas/CreateDataDeletionRequestBodyData' required: - data type: object CreateDataDeletionRequestBodyAttributes: description: Attributes for creating a data deletion request. properties: from: description: Start of requested time window, milliseconds since Unix epoch. example: 1672527600000 format: int64 type: integer indexes: description: List of indexes for the search. If not provided, the search is performed in all indexes. example: - test-index - test-index-2 items: description: Individual index. type: string type: array query: additionalProperties: type: string description: Query for creating a data deletion request. example: host: abc service: xyz type: object to: description: End of requested time window, milliseconds since Unix epoch. example: 1704063600000 format: int64 type: integer required: - query - from - to type: object CreateDataDeletionRequestBodyData: description: Data needed to create a data deletion request. properties: attributes: $ref: '#/components/schemas/CreateDataDeletionRequestBodyAttributes' type: $ref: '#/components/schemas/CreateDataDeletionRequestBodyDataType' required: - attributes - type type: object CreateDataDeletionRequestBodyDataType: description: The deletion request type. enum: - create_deletion_req example: create_deletion_req type: string x-enum-varnames: - CREATE_DELETION_REQ CreateDataDeletionResponseBody: description: The response from the create data deletion request endpoint. properties: data: $ref: '#/components/schemas/DataDeletionResponseItem' meta: $ref: '#/components/schemas/DataDeletionResponseMeta' type: object CreateNotificationRuleParameters: description: Body of the notification rule create request. properties: data: $ref: '#/components/schemas/CreateNotificationRuleParametersData' type: object CreateNotificationRuleParametersData: description: 'Data of the notification rule create request: the rule type, and the rule attributes. All fields are required.' properties: attributes: $ref: '#/components/schemas/CreateNotificationRuleParametersDataAttributes' type: $ref: '#/components/schemas/NotificationRulesType' required: - attributes - type type: object CreateNotificationRuleParametersDataAttributes: description: Attributes of the notification rule create request. properties: enabled: $ref: '#/components/schemas/Enabled' name: $ref: '#/components/schemas/RuleName' selectors: $ref: '#/components/schemas/Selectors' targets: $ref: '#/components/schemas/Targets' time_aggregation: $ref: '#/components/schemas/TimeAggregation' required: - selectors - name - targets type: object CreateOpenAPIResponse: description: Response for `CreateOpenAPI` operation. properties: data: $ref: '#/components/schemas/CreateOpenAPIResponseData' type: object CreateOpenAPIResponseAttributes: description: Attributes for `CreateOpenAPI`. properties: failed_endpoints: description: List of endpoints which couldn't be parsed. items: $ref: '#/components/schemas/OpenAPIEndpoint' type: array type: object CreateOpenAPIResponseData: description: Data envelope for `CreateOpenAPIResponse`. properties: attributes: $ref: '#/components/schemas/CreateOpenAPIResponseAttributes' id: $ref: '#/components/schemas/ApiID' type: object CreatePageRequest: description: Full request to trigger an On-Call Page. example: data: attributes: description: Page details. tags: - service:test target: identifier: my-team type: team_handle title: Page title urgency: low type: pages properties: data: $ref: '#/components/schemas/CreatePageRequestData' type: object CreatePageRequestData: description: The main request body, including attributes and resource type. properties: attributes: $ref: '#/components/schemas/CreatePageRequestDataAttributes' type: $ref: '#/components/schemas/CreatePageRequestDataType' required: - type type: object CreatePageRequestDataAttributes: description: Details about the On-Call Page you want to create. properties: description: description: A short summary of the issue or context. type: string tags: description: Tags to help categorize or filter the page. items: type: string type: array target: $ref: '#/components/schemas/CreatePageRequestDataAttributesTarget' title: description: The title of the page. example: 'Service: Test is down' type: string urgency: $ref: '#/components/schemas/PageUrgency' required: - target - title - urgency type: object CreatePageRequestDataAttributesTarget: description: Information about the target to notify (such as a team or user). properties: identifier: description: Identifier for the target (for example, team handle or user ID). type: string type: $ref: '#/components/schemas/OnCallPageTargetType' type: object CreatePageRequestDataType: default: pages description: The type of resource used when creating an On-Call Page. enum: - pages example: pages type: string x-enum-varnames: - PAGES CreatePageResponse: description: The full response object after creating a new On-Call Page. example: data: id: 15e74b8b-f865-48d0-bcc5-453323ed2c8f type: pages properties: data: $ref: '#/components/schemas/CreatePageResponseData' type: object CreatePageResponseData: description: The information returned after successfully creating a page. properties: id: description: The unique ID of the created page. type: string type: $ref: '#/components/schemas/CreatePageResponseDataType' required: - type type: object CreatePageResponseDataType: default: pages description: The type of resource used when creating an On-Call Page. enum: - pages example: pages type: string x-enum-varnames: - PAGES CreateRuleRequest: description: Scorecard create rule request. properties: data: $ref: '#/components/schemas/CreateRuleRequestData' type: object CreateRuleRequestData: description: Scorecard create rule request data. properties: attributes: $ref: '#/components/schemas/RuleAttributes' type: $ref: '#/components/schemas/RuleType' type: object CreateRuleResponse: description: Created rule in response. properties: data: $ref: '#/components/schemas/CreateRuleResponseData' type: object CreateRuleResponseData: description: Create rule response data. properties: attributes: $ref: '#/components/schemas/RuleAttributes' id: $ref: '#/components/schemas/RuleId' relationships: $ref: '#/components/schemas/RelationshipToRule' type: $ref: '#/components/schemas/RuleType' type: object CreateWorkflowRequest: description: A request object for creating a new workflow. example: data: attributes: description: A sample workflow. name: Example Workflow published: true spec: annotations: - display: bounds: height: 150 width: 300 x: -375 y: -0.5 id: 99999999-9999-9999-9999-999999999999 markdownTextAnnotation: text: Example annotation. connectionEnvs: - connections: - connectionId: 11111111-1111-1111-1111-111111111111 label: INTEGRATION_DATADOG env: default handle: my-handle inputSchema: parameters: - defaultValue: default name: input type: STRING outputSchema: parameters: - name: output type: ARRAY_OBJECT value: '{{ Steps.Step1 }}' steps: - actionId: com.datadoghq.dd.monitor.listMonitors connectionLabel: INTEGRATION_DATADOG name: Step1 outboundEdges: - branchName: main nextStepName: Step2 parameters: - name: tags value: service:monitoring - actionId: com.datadoghq.core.noop name: Step2 triggers: - monitorTrigger: rateLimit: count: 1 interval: 3600s startStepNames: - Step1 - githubWebhookTrigger: {} startStepNames: - Step1 tags: - team:infra - service:monitoring - foo:bar type: workflows properties: data: $ref: '#/components/schemas/WorkflowData' required: - data type: object CreateWorkflowResponse: description: The response object after creating a new workflow. properties: data: $ref: '#/components/schemas/WorkflowData' required: - data type: object Creator: description: Creator of the object. properties: email: description: Email of the creator. type: string handle: description: Handle of the creator. type: string name: description: Name of the creator. nullable: true type: string type: object CsmAgentData: description: Single Agent Data. properties: attributes: $ref: '#/components/schemas/CsmAgentsAttributes' id: description: The ID of the Agent. example: fffffc5505f6a006fdf7cf5aae053653 type: string type: $ref: '#/components/schemas/CSMAgentsType' type: object CsmAgentsAttributes: description: A CSM Agent returned by the API. properties: agent_version: description: Version of the Datadog Agent. type: string aws_fargate: description: AWS Fargate details. type: string cluster_name: description: List of cluster names associated with the Agent. items: type: string type: array datadog_agent: description: Unique identifier for the Datadog Agent. type: string ecs_fargate_task_arn: description: ARN of the ECS Fargate task. type: string envs: description: List of environments associated with the Agent. items: type: string nullable: true type: array host_id: description: ID of the host. format: int64 type: integer hostname: description: Name of the host. type: string install_method_installer_version: description: Version of the installer used for installing the Datadog Agent. type: string install_method_tool: description: Tool used for installing the Datadog Agent. type: string is_csm_vm_containers_enabled: description: Indicates if CSM VM Containers is enabled. nullable: true type: boolean is_csm_vm_hosts_enabled: description: Indicates if CSM VM Hosts is enabled. nullable: true type: boolean is_cspm_enabled: description: Indicates if CSPM is enabled. nullable: true type: boolean is_cws_enabled: description: Indicates if CWS is enabled. nullable: true type: boolean is_cws_remote_configuration_enabled: description: Indicates if CWS Remote Configuration is enabled. nullable: true type: boolean is_remote_configuration_enabled: description: Indicates if Remote Configuration is enabled. nullable: true type: boolean os: description: Operating system of the host. type: string type: object CsmAgentsResponse: description: Response object that includes a list of CSM Agents. properties: data: description: A list of Agents. items: $ref: '#/components/schemas/CsmAgentData' type: array meta: $ref: '#/components/schemas/CSMAgentsMetadata' type: object CsmCloudAccountsCoverageAnalysisAttributes: description: CSM Cloud Accounts Coverage Analysis attributes. properties: aws_coverage: $ref: '#/components/schemas/CsmCoverageAnalysis' azure_coverage: $ref: '#/components/schemas/CsmCoverageAnalysis' gcp_coverage: $ref: '#/components/schemas/CsmCoverageAnalysis' org_id: description: The ID of your organization. example: 123456 format: int64 type: integer total_coverage: $ref: '#/components/schemas/CsmCoverageAnalysis' type: object CsmCloudAccountsCoverageAnalysisData: description: CSM Cloud Accounts Coverage Analysis data. properties: attributes: $ref: '#/components/schemas/CsmCloudAccountsCoverageAnalysisAttributes' id: description: The ID of your organization. example: 66b3c6b5-5c9a-457e-b1c3-f247ca23afa3 type: string type: default: get_cloud_accounts_coverage_analysis_response_public_v0 description: The type of the resource. The value should always be `get_cloud_accounts_coverage_analysis_response_public_v0`. example: get_cloud_accounts_coverage_analysis_response_public_v0 type: string type: object CsmCloudAccountsCoverageAnalysisResponse: description: CSM Cloud Accounts Coverage Analysis response. properties: data: $ref: '#/components/schemas/CsmCloudAccountsCoverageAnalysisData' type: object CsmCoverageAnalysis: description: CSM Coverage Analysis. properties: configured_resources_count: description: The number of fully configured resources. example: 8 format: int64 type: integer coverage: description: The coverage percentage. example: 0.8 format: double type: number partially_configured_resources_count: description: The number of partially configured resources. example: 0 format: int64 type: integer total_resources_count: description: The total number of resources. example: 10 format: int64 type: integer type: object CsmHostsAndContainersCoverageAnalysisAttributes: description: CSM Hosts and Containers Coverage Analysis attributes. properties: cspm_coverage: $ref: '#/components/schemas/CsmCoverageAnalysis' cws_coverage: $ref: '#/components/schemas/CsmCoverageAnalysis' org_id: description: The ID of your organization. example: 123456 format: int64 type: integer total_coverage: $ref: '#/components/schemas/CsmCoverageAnalysis' vm_coverage: $ref: '#/components/schemas/CsmCoverageAnalysis' type: object CsmHostsAndContainersCoverageAnalysisData: description: CSM Hosts and Containers Coverage Analysis data. properties: attributes: $ref: '#/components/schemas/CsmHostsAndContainersCoverageAnalysisAttributes' id: description: The ID of your organization. example: 66b3c6b5-5c9a-457e-b1c3-f247ca23afa3 type: string type: default: get_hosts_and_containers_coverage_analysis_response_public_v0 description: The type of the resource. The value should always be `get_hosts_and_containers_coverage_analysis_response_public_v0`. example: get_hosts_and_containers_coverage_analysis_response_public_v0 type: string type: object CsmHostsAndContainersCoverageAnalysisResponse: description: CSM Hosts and Containers Coverage Analysis response. properties: data: $ref: '#/components/schemas/CsmHostsAndContainersCoverageAnalysisData' type: object CsmServerlessCoverageAnalysisAttributes: description: CSM Serverless Resources Coverage Analysis attributes. properties: cws_coverage: $ref: '#/components/schemas/CsmCoverageAnalysis' org_id: description: The ID of your organization. example: 123456 format: int64 type: integer total_coverage: $ref: '#/components/schemas/CsmCoverageAnalysis' type: object CsmServerlessCoverageAnalysisData: description: CSM Serverless Resources Coverage Analysis data. properties: attributes: $ref: '#/components/schemas/CsmServerlessCoverageAnalysisAttributes' id: description: The ID of your organization. example: 66b3c6b5-5c9a-457e-b1c3-f247ca23afa3 type: string type: default: get_serverless_coverage_analysis_response_public_v0 description: The type of the resource. The value should always be `get_serverless_coverage_analysis_response_public_v0`. example: get_serverless_coverage_analysis_response_public_v0 type: string type: object CsmServerlessCoverageAnalysisResponse: description: CSM Serverless Resources Coverage Analysis response. properties: data: $ref: '#/components/schemas/CsmServerlessCoverageAnalysisData' type: object CustomConnection: description: A custom connection used by an app. properties: attributes: $ref: '#/components/schemas/CustomConnectionAttributes' id: description: The ID of the custom connection. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: $ref: '#/components/schemas/CustomConnectionType' type: object CustomConnectionAttributes: description: The custom connection attributes. properties: name: description: The name of the custom connection. type: string onPremRunner: $ref: '#/components/schemas/CustomConnectionAttributesOnPremRunner' type: object CustomConnectionAttributesOnPremRunner: description: Information about the Private Action Runner used by the custom connection, if the custom connection is associated with a Private Action Runner. properties: id: description: The Private Action Runner ID. type: string url: description: The URL of the Private Action Runner. type: string type: object CustomConnectionType: default: custom_connections description: The custom connection type. enum: - custom_connections example: custom_connections type: string x-enum-varnames: - CUSTOM_CONNECTIONS CustomCostGetResponseMeta: description: Meta for the response from the Get Custom Costs endpoints. properties: version: description: Version of Custom Costs file type: string type: object CustomCostListResponseMeta: description: Meta for the response from the List Custom Costs endpoints. properties: total_filtered_count: description: Number of Custom Costs files returned by the List Custom Costs endpoint format: int64 type: integer version: description: Version of Custom Costs file type: string type: object CustomCostUploadResponseMeta: description: Meta for the response from the Upload Custom Costs endpoints. properties: version: description: Version of Custom Costs file type: string type: object CustomCostsFileGetResponse: description: Response for Get Custom Costs files. properties: data: $ref: '#/components/schemas/CustomCostsFileMetadataWithContentHighLevel' meta: $ref: '#/components/schemas/CustomCostGetResponseMeta' type: object CustomCostsFileLineItem: description: Line item details from a Custom Costs file. properties: BilledCost: description: Total cost in the cost file. example: 100.5 format: double type: number BillingCurrency: description: Currency used in the Custom Costs file. example: USD type: string ChargeDescription: description: Description for the line item cost. example: Monthly usage charge for my service type: string ChargePeriodEnd: description: End date of the usage charge. example: '2023-02-28' pattern: ^\d{4}-\d{2}-\d{2}$ type: string ChargePeriodStart: description: Start date of the usage charge. example: '2023-02-01' pattern: ^\d{4}-\d{2}-\d{2}$ type: string ProviderName: description: Name of the provider for the line item. type: string Tags: additionalProperties: type: string description: Additional tags for the line item. type: object type: object CustomCostsFileListResponse: description: Response for List Custom Costs files. properties: data: description: List of Custom Costs files. items: $ref: '#/components/schemas/CustomCostsFileMetadataHighLevel' type: array meta: $ref: '#/components/schemas/CustomCostListResponseMeta' type: object CustomCostsFileMetadata: description: Schema of a Custom Costs metadata. properties: billed_cost: description: Total cost in the cost file. example: 100.5 format: double type: number billing_currency: description: Currency used in the Custom Costs file. example: USD type: string charge_period: $ref: '#/components/schemas/CustomCostsFileUsageChargePeriod' name: description: Name of the Custom Costs file. example: my_file.json type: string provider_names: description: Providers contained in the Custom Costs file. items: description: Name of the provider. example: my_provider type: string type: array status: description: Status of the Custom Costs file. example: active type: string uploaded_at: description: Timestamp, in millisecond, of the upload time of the Custom Costs file. example: 1704067200000 format: double type: number uploaded_by: $ref: '#/components/schemas/CustomCostsUser' type: object CustomCostsFileMetadataHighLevel: description: JSON API format for a Custom Costs file. properties: attributes: $ref: '#/components/schemas/CustomCostsFileMetadata' id: description: ID of the Custom Costs metadata. type: string type: description: Type of the Custom Costs file metadata. type: string type: object CustomCostsFileMetadataWithContent: description: Schema of a cost file's metadata. properties: billed_cost: description: Total cost in the cost file. example: 100.5 format: double type: number billing_currency: description: Currency used in the Custom Costs file. example: USD type: string charge_period: $ref: '#/components/schemas/CustomCostsFileUsageChargePeriod' content: description: Detail of the line items from the Custom Costs file. items: $ref: '#/components/schemas/CustomCostsFileLineItem' type: array name: description: Name of the Custom Costs file. example: my_file.json type: string provider_names: description: Providers contained in the Custom Costs file. items: description: Name of a provider. example: my_provider type: string type: array status: description: Status of the Custom Costs file. example: active type: string uploaded_at: description: Timestamp in millisecond of the upload time of the Custom Costs file. example: 1704067200000 format: double type: number uploaded_by: $ref: '#/components/schemas/CustomCostsUser' type: object CustomCostsFileMetadataWithContentHighLevel: description: JSON API format of for a Custom Costs file with content. properties: attributes: $ref: '#/components/schemas/CustomCostsFileMetadataWithContent' id: description: ID of the Custom Costs metadata. type: string type: description: Type of the Custom Costs file metadata. type: string type: object CustomCostsFileUploadRequest: description: Request for uploading a Custom Costs file. items: $ref: '#/components/schemas/CustomCostsFileLineItem' type: array CustomCostsFileUploadResponse: description: Response for Uploaded Custom Costs files. properties: data: $ref: '#/components/schemas/CustomCostsFileMetadataHighLevel' meta: $ref: '#/components/schemas/CustomCostUploadResponseMeta' type: object CustomCostsFileUsageChargePeriod: description: Usage charge period of a Custom Costs file. properties: end: description: End of the usage of the Custom Costs file. example: 1706745600000 format: double type: number start: description: Start of the usage of the Custom Costs file. example: 1704067200000 format: double type: number type: object CustomCostsUser: description: Metadata of the user that has uploaded the Custom Costs file. properties: email: description: The name of the Custom Costs file. example: email.test@datadohq.com type: string icon: description: The name of the Custom Costs file. example: icon.png type: string name: description: Name of the user. example: Test User type: string type: object CustomDestinationAttributeTagsRestrictionListType: default: ALLOW_LIST description: 'How `forward_tags_restriction_list` parameter should be interpreted. If `ALLOW_LIST`, then only tags whose keys on the forwarded logs match the ones on the restriction list are forwarded. `BLOCK_LIST` works the opposite way. It does not forward the tags matching the ones on the list.' enum: - ALLOW_LIST - BLOCK_LIST example: ALLOW_LIST type: string x-enum-varnames: - ALLOW_LIST - BLOCK_LIST CustomDestinationCreateRequest: description: The custom destination. properties: data: $ref: '#/components/schemas/CustomDestinationCreateRequestDefinition' type: object CustomDestinationCreateRequestAttributes: description: The attributes associated with the custom destination. properties: enabled: default: true description: Whether logs matching this custom destination should be forwarded or not. example: true type: boolean forward_tags: default: true description: Whether tags from the forwarded logs should be forwarded or not. example: true type: boolean forward_tags_restriction_list: default: [] description: 'List of [keys of tags](https://docs.datadoghq.com/getting_started/tagging/#define-tags) to be filtered. An empty list represents no restriction is in place and either all or no tags will be forwarded depending on `forward_tags_restriction_list_type` parameter.' example: - datacenter - host items: description: The [key part of a tag](https://docs.datadoghq.com/getting_started/tagging/#define-tags). type: string maxItems: 10 minItems: 0 type: array forward_tags_restriction_list_type: $ref: '#/components/schemas/CustomDestinationAttributeTagsRestrictionListType' forwarder_destination: $ref: '#/components/schemas/CustomDestinationForwardDestination' name: description: The custom destination name. example: Nginx logs type: string query: default: '' description: The custom destination query and filter. Logs matching this query are forwarded to the destination. example: source:nginx type: string required: - name - forwarder_destination type: object CustomDestinationCreateRequestDefinition: description: The definition of a custom destination. properties: attributes: $ref: '#/components/schemas/CustomDestinationCreateRequestAttributes' type: $ref: '#/components/schemas/CustomDestinationType' required: - type - attributes type: object CustomDestinationElasticsearchDestinationAuth: description: Basic access authentication. properties: password: description: The password of the authentication. This field is not returned by the API. example: datadog-custom-destination-password type: string writeOnly: true username: description: The username of the authentication. This field is not returned by the API. example: datadog-custom-destination-username type: string writeOnly: true required: - username - password type: object CustomDestinationForwardDestination: description: A custom destination's location to forward logs. oneOf: - $ref: '#/components/schemas/CustomDestinationForwardDestinationHttp' - $ref: '#/components/schemas/CustomDestinationForwardDestinationSplunk' - $ref: '#/components/schemas/CustomDestinationForwardDestinationElasticsearch' CustomDestinationForwardDestinationElasticsearch: description: The Elasticsearch destination. properties: auth: $ref: '#/components/schemas/CustomDestinationElasticsearchDestinationAuth' endpoint: description: 'The destination for which logs will be forwarded to. Must have HTTPS scheme and forwarding back to Datadog is not allowed.' example: https://example.com type: string index_name: description: Name of the Elasticsearch index (must follow [Elasticsearch's criteria](https://www.elastic.co/guide/en/elasticsearch/reference/8.11/indices-create-index.html#indices-create-api-path-params)). example: nginx-logs type: string index_rotation: description: 'Date pattern with US locale and UTC timezone to be appended to the index name after adding `-` (that is, `${index_name}-${indexPattern}`). You can customize the index rotation naming pattern by choosing one of these options: - Hourly: `yyyy-MM-dd-HH` (as an example, it would render: `2022-10-19-09`) - Daily: `yyyy-MM-dd` (as an example, it would render: `2022-10-19`) - Weekly: `yyyy-''W''ww` (as an example, it would render: `2022-W42`) - Monthly: `yyyy-MM` (as an example, it would render: `2022-10`) If this field is missing or is blank, it means that the index name will always be the same (that is, no rotation).' example: yyyy-MM-dd type: string type: $ref: '#/components/schemas/CustomDestinationForwardDestinationElasticsearchType' required: - type - endpoint - auth - index_name type: object CustomDestinationForwardDestinationElasticsearchType: default: elasticsearch description: Type of the Elasticsearch destination. enum: - elasticsearch example: elasticsearch type: string x-enum-varnames: - ELASTICSEARCH CustomDestinationForwardDestinationHttp: description: The HTTP destination. properties: auth: $ref: '#/components/schemas/CustomDestinationHttpDestinationAuth' endpoint: description: 'The destination for which logs will be forwarded to. Must have HTTPS scheme and forwarding back to Datadog is not allowed.' example: https://example.com type: string type: $ref: '#/components/schemas/CustomDestinationForwardDestinationHttpType' required: - type - endpoint - auth type: object CustomDestinationForwardDestinationHttpType: default: http description: Type of the HTTP destination. enum: - http example: http type: string x-enum-varnames: - HTTP CustomDestinationForwardDestinationSplunk: description: The Splunk HTTP Event Collector (HEC) destination. properties: access_token: description: Access token of the Splunk HTTP Event Collector. This field is not returned by the API. example: splunk_access_token type: string writeOnly: true endpoint: description: 'The destination for which logs will be forwarded to. Must have HTTPS scheme and forwarding back to Datadog is not allowed.' example: https://example.com type: string type: $ref: '#/components/schemas/CustomDestinationForwardDestinationSplunkType' required: - type - endpoint - access_token type: object CustomDestinationForwardDestinationSplunkType: default: splunk_hec description: Type of the Splunk HTTP Event Collector (HEC) destination. enum: - splunk_hec example: splunk_hec type: string x-enum-varnames: - SPLUNK_HEC CustomDestinationHttpDestinationAuth: description: Authentication method of the HTTP requests. oneOf: - $ref: '#/components/schemas/CustomDestinationHttpDestinationAuthBasic' - $ref: '#/components/schemas/CustomDestinationHttpDestinationAuthCustomHeader' CustomDestinationHttpDestinationAuthBasic: description: Basic access authentication. properties: password: description: The password of the authentication. This field is not returned by the API. example: datadog-custom-destination-password type: string writeOnly: true type: $ref: '#/components/schemas/CustomDestinationHttpDestinationAuthBasicType' username: description: The username of the authentication. This field is not returned by the API. example: datadog-custom-destination-username type: string writeOnly: true required: - type - username - password type: object CustomDestinationHttpDestinationAuthBasicType: default: basic description: Type of the basic access authentication. enum: - basic example: basic type: string x-enum-varnames: - BASIC CustomDestinationHttpDestinationAuthCustomHeader: description: Custom header access authentication. properties: header_name: description: The header name of the authentication. example: CUSTOM-HEADER-NAME type: string header_value: description: The header value of the authentication. This field is not returned by the API. example: CUSTOM-HEADER-AUTHENTICATION-VALUE type: string writeOnly: true type: $ref: '#/components/schemas/CustomDestinationHttpDestinationAuthCustomHeaderType' required: - type - header_name - header_value type: object CustomDestinationHttpDestinationAuthCustomHeaderType: default: custom_header description: Type of the custom header access authentication. enum: - custom_header example: custom_header type: string x-enum-varnames: - CUSTOM_HEADER CustomDestinationResponse: description: The custom destination. properties: data: $ref: '#/components/schemas/CustomDestinationResponseDefinition' type: object CustomDestinationResponseAttributes: description: The attributes associated with the custom destination. properties: enabled: default: true description: Whether logs matching this custom destination should be forwarded or not. example: true type: boolean forward_tags: default: true description: Whether tags from the forwarded logs should be forwarded or not. example: true type: boolean forward_tags_restriction_list: default: [] description: 'List of [keys of tags](https://docs.datadoghq.com/getting_started/tagging/#define-tags) to be filtered. An empty list represents no restriction is in place and either all or no tags will be forwarded depending on `forward_tags_restriction_list_type` parameter.' example: - datacenter - host items: description: The [key part of a tag](https://docs.datadoghq.com/getting_started/tagging/#define-tags). type: string maxItems: 10 minItems: 0 type: array forward_tags_restriction_list_type: $ref: '#/components/schemas/CustomDestinationAttributeTagsRestrictionListType' forwarder_destination: $ref: '#/components/schemas/CustomDestinationResponseForwardDestination' name: description: The custom destination name. example: Nginx logs type: string query: default: '' description: The custom destination query filter. Logs matching this query are forwarded to the destination. example: source:nginx type: string type: object CustomDestinationResponseDefinition: description: The definition of a custom destination. properties: attributes: $ref: '#/components/schemas/CustomDestinationResponseAttributes' id: description: The custom destination ID. example: be5d7a69-d0c8-4d4d-8ee8-bba292d98139 readOnly: true type: string type: $ref: '#/components/schemas/CustomDestinationType' type: object CustomDestinationResponseElasticsearchDestinationAuth: additionalProperties: description: Basic access authentication. description: Basic access authentication. type: object CustomDestinationResponseForwardDestination: description: A custom destination's location to forward logs. oneOf: - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationHttp' - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationSplunk' - $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationElasticsearch' CustomDestinationResponseForwardDestinationElasticsearch: description: The Elasticsearch destination. properties: auth: $ref: '#/components/schemas/CustomDestinationResponseElasticsearchDestinationAuth' endpoint: description: 'The destination for which logs will be forwarded to. Must have HTTPS scheme and forwarding back to Datadog is not allowed.' example: https://example.com type: string index_name: description: Name of the Elasticsearch index (must follow [Elasticsearch's criteria](https://www.elastic.co/guide/en/elasticsearch/reference/8.11/indices-create-index.html#indices-create-api-path-params)). example: nginx-logs type: string index_rotation: description: 'Date pattern with US locale and UTC timezone to be appended to the index name after adding `-` (that is, `${index_name}-${indexPattern}`). You can customize the index rotation naming pattern by choosing one of these options: - Hourly: `yyyy-MM-dd-HH` (as an example, it would render: `2022-10-19-09`) - Daily: `yyyy-MM-dd` (as an example, it would render: `2022-10-19`) - Weekly: `yyyy-''W''ww` (as an example, it would render: `2022-W42`) - Monthly: `yyyy-MM` (as an example, it would render: `2022-10`) If this field is missing or is blank, it means that the index name will always be the same (that is, no rotation).' example: yyyy-MM-dd type: string type: $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationElasticsearchType' required: - type - endpoint - auth - index_name type: object CustomDestinationResponseForwardDestinationElasticsearchType: default: elasticsearch description: Type of the Elasticsearch destination. enum: - elasticsearch example: elasticsearch type: string x-enum-varnames: - ELASTICSEARCH CustomDestinationResponseForwardDestinationHttp: description: The HTTP destination. properties: auth: $ref: '#/components/schemas/CustomDestinationResponseHttpDestinationAuth' endpoint: description: 'The destination for which logs will be forwarded to. Must have HTTPS scheme and forwarding back to Datadog is not allowed.' example: https://example.com type: string type: $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationHttpType' required: - type - endpoint - auth type: object CustomDestinationResponseForwardDestinationHttpType: default: http description: Type of the HTTP destination. enum: - http example: http type: string x-enum-varnames: - HTTP CustomDestinationResponseForwardDestinationSplunk: description: The Splunk HTTP Event Collector (HEC) destination. properties: endpoint: description: 'The destination for which logs will be forwarded to. Must have HTTPS scheme and forwarding back to Datadog is not allowed.' example: https://example.com type: string type: $ref: '#/components/schemas/CustomDestinationResponseForwardDestinationSplunkType' required: - type - endpoint type: object CustomDestinationResponseForwardDestinationSplunkType: default: splunk_hec description: Type of the Splunk HTTP Event Collector (HEC) destination. enum: - splunk_hec example: splunk_hec type: string x-enum-varnames: - SPLUNK_HEC CustomDestinationResponseHttpDestinationAuth: description: Authentication method of the HTTP requests. oneOf: - $ref: '#/components/schemas/CustomDestinationResponseHttpDestinationAuthBasic' - $ref: '#/components/schemas/CustomDestinationResponseHttpDestinationAuthCustomHeader' CustomDestinationResponseHttpDestinationAuthBasic: description: Basic access authentication. properties: type: $ref: '#/components/schemas/CustomDestinationResponseHttpDestinationAuthBasicType' required: - type type: object CustomDestinationResponseHttpDestinationAuthBasicType: default: basic description: Type of the basic access authentication. enum: - basic example: basic type: string x-enum-varnames: - BASIC CustomDestinationResponseHttpDestinationAuthCustomHeader: description: Custom header access authentication. properties: header_name: description: The header name of the authentication. example: CUSTOM-HEADER-NAME type: string type: $ref: '#/components/schemas/CustomDestinationResponseHttpDestinationAuthCustomHeaderType' required: - type - header_name type: object CustomDestinationResponseHttpDestinationAuthCustomHeaderType: default: custom_header description: Type of the custom header access authentication. enum: - custom_header example: custom_header type: string x-enum-varnames: - CUSTOM_HEADER CustomDestinationType: default: custom_destination description: The type of the resource. The value should always be `custom_destination`. enum: - custom_destination example: custom_destination type: string x-enum-varnames: - CUSTOM_DESTINATION CustomDestinationUpdateRequest: description: The custom destination. properties: data: $ref: '#/components/schemas/CustomDestinationUpdateRequestDefinition' type: object CustomDestinationUpdateRequestAttributes: description: The attributes associated with the custom destination. properties: enabled: default: true description: Whether logs matching this custom destination should be forwarded or not. example: true type: boolean forward_tags: default: true description: Whether tags from the forwarded logs should be forwarded or not. example: true type: boolean forward_tags_restriction_list: default: [] description: 'List of [keys of tags](https://docs.datadoghq.com/getting_started/tagging/#define-tags) to be restricted from being forwarded. An empty list represents no restriction is in place and either all or no tags will be forwarded depending on `forward_tags_restriction_list_type` parameter.' example: - datacenter - host items: description: The [key part of a tag](https://docs.datadoghq.com/getting_started/tagging/#define-tags). type: string maxItems: 10 minItems: 0 type: array forward_tags_restriction_list_type: $ref: '#/components/schemas/CustomDestinationAttributeTagsRestrictionListType' forwarder_destination: $ref: '#/components/schemas/CustomDestinationForwardDestination' name: description: The custom destination name. example: Nginx logs type: string query: default: '' description: The custom destination query and filter. Logs matching this query are forwarded to the destination. example: source:nginx type: string type: object CustomDestinationUpdateRequestDefinition: description: The definition of a custom destination. properties: attributes: $ref: '#/components/schemas/CustomDestinationUpdateRequestAttributes' id: description: The custom destination ID. example: be5d7a69-d0c8-4d4d-8ee8-bba292d98139 type: string type: $ref: '#/components/schemas/CustomDestinationType' required: - type - id type: object CustomDestinationsResponse: description: The available custom destinations. properties: data: description: A list of custom destinations. items: $ref: '#/components/schemas/CustomDestinationResponseDefinition' type: array type: object CustomFrameworkControl: description: Framework Control. properties: name: description: Control Name. example: A1.2 type: string rules_id: description: Rule IDs. example: - '["def-000-abc"]' items: type: string type: array required: - name - rules_id type: object CustomFrameworkData: description: Contains type and attributes for custom frameworks. properties: attributes: $ref: '#/components/schemas/CustomFrameworkDataAttributes' type: $ref: '#/components/schemas/CustomFrameworkType' required: - type - attributes type: object CustomFrameworkDataAttributes: description: Framework Data Attributes. properties: description: description: Framework Description type: string handle: description: Framework Handle example: sec2 type: string icon_url: description: Framework Icon URL type: string name: description: Framework Name example: security-framework type: string requirements: description: Framework Requirements items: $ref: '#/components/schemas/CustomFrameworkRequirement' type: array version: description: Framework Version example: '2' type: string required: - handle - version - name - requirements type: object CustomFrameworkDataHandleAndVersion: description: Framework Handle and Version. properties: handle: description: Framework Handle example: sec2 type: string version: description: Framework Version example: '2' type: string type: object CustomFrameworkMetadata: description: Metadata for custom frameworks. properties: attributes: $ref: '#/components/schemas/CustomFrameworkWithoutRequirements' id: description: The ID of the custom framework. example: handle-version type: string type: $ref: '#/components/schemas/CustomFrameworkType' type: object CustomFrameworkRequirement: description: Framework Requirement. properties: controls: description: Requirement Controls. items: $ref: '#/components/schemas/CustomFrameworkControl' type: array name: description: Requirement Name. example: criteria type: string required: - name - controls type: object CustomFrameworkType: default: custom_framework description: The type of the resource. The value must be `custom_framework`. enum: - custom_framework example: custom_framework type: string x-enum-varnames: - CUSTOM_FRAMEWORK CustomFrameworkWithoutRequirements: description: Framework without requirements. properties: description: description: Framework Description example: this is a security description type: string handle: description: Framework Handle example: sec2 type: string icon_url: description: Framework Icon URL example: https://example.com/icon.png type: string name: description: Framework Name example: security-framework type: string version: description: Framework Version example: '2' type: string required: - handle - version - name type: object DORADeploymentRequest: description: Request to create a DORA deployment event. properties: data: $ref: '#/components/schemas/DORADeploymentRequestData' required: - data type: object DORADeploymentRequestAttributes: description: Attributes to create a DORA deployment event. properties: env: description: Environment name to where the service was deployed. example: staging type: string finished_at: description: Unix timestamp when the deployment finished. It must be in nanoseconds, milliseconds, or seconds, and it should not be older than 1 hour. example: 1693491984000000000 format: int64 type: integer git: $ref: '#/components/schemas/DORAGitInfo' id: description: Deployment ID. type: string service: description: Service name. example: shopist type: string started_at: description: Unix timestamp when the deployment started. It must be in nanoseconds, milliseconds, or seconds. example: 1693491974000000000 format: int64 type: integer team: description: Name of the team owning the deployed service. If not provided, this is automatically populated with the team associated with the service in the Service Catalog. example: backend type: string version: description: Version to correlate with [APM Deployment Tracking](https://docs.datadoghq.com/tracing/services/deployment_tracking/). example: v1.12.07 type: string required: - service - started_at - finished_at type: object DORADeploymentRequestData: description: The JSON:API data. properties: attributes: $ref: '#/components/schemas/DORADeploymentRequestAttributes' required: - attributes type: object DORADeploymentResponse: description: Response after receiving a DORA deployment event. properties: data: $ref: '#/components/schemas/DORADeploymentResponseData' required: - data type: object DORADeploymentResponseData: description: The JSON:API data. properties: id: description: The ID of the received DORA deployment event. example: 4242fcdd31586083 type: string type: $ref: '#/components/schemas/DORADeploymentType' required: - id type: object DORADeploymentType: default: dora_deployment description: JSON:API type for DORA deployment events. enum: - dora_deployment example: dora_deployment type: string x-enum-varnames: - DORA_DEPLOYMENT DORAEvent: description: A DORA event. properties: attributes: description: The attributes of the event. type: object id: description: The ID of the event. type: string type: description: The type of the event. type: string type: object DORAFailureRequest: description: Request to create a DORA failure event. properties: data: $ref: '#/components/schemas/DORAFailureRequestData' required: - data type: object DORAFailureRequestAttributes: description: Attributes to create a DORA failure event. properties: env: description: Environment name that was impacted by the failure. example: staging type: string finished_at: description: Unix timestamp when the failure finished. It must be in nanoseconds, milliseconds, or seconds, and it should not be older than 1 hour. example: 1693491984000000000 format: int64 type: integer git: $ref: '#/components/schemas/DORAGitInfo' id: description: Failure ID. Must have at least 16 characters. Required to update a previously sent failure. type: string name: description: Failure name. example: Webserver is down failing all requests. type: string services: description: Service names impacted by the failure. If possible, use names registered in the Service Catalog. Required when the team field is not provided. example: - shopist items: type: string type: array severity: description: Failure severity. example: High type: string started_at: description: Unix timestamp when the failure started. It must be in nanoseconds, milliseconds, or seconds. example: 1693491974000000000 format: int64 type: integer team: description: Name of the team owning the services impacted. If possible, use team handles registered in Datadog. Required when the services field is not provided. example: backend type: string version: description: Version to correlate with [APM Deployment Tracking](https://docs.datadoghq.com/tracing/services/deployment_tracking/). example: v1.12.07 type: string required: - started_at type: object DORAFailureRequestData: description: The JSON:API data. properties: attributes: $ref: '#/components/schemas/DORAFailureRequestAttributes' required: - attributes type: object DORAFailureResponse: description: Response after receiving a DORA failure event. properties: data: $ref: '#/components/schemas/DORAFailureResponseData' required: - data type: object DORAFailureResponseData: description: Response after receiving a DORA failure event. properties: id: description: The ID of the received DORA failure event. example: 4242fcdd31586083 type: string type: $ref: '#/components/schemas/DORAFailureType' required: - id type: object DORAFailureType: default: dora_failure description: JSON:API type for DORA failure events. enum: - dora_failure example: dora_failure type: string x-enum-varnames: - DORA_FAILURE DORAFetchResponse: description: Response for the DORA fetch endpoints. properties: data: $ref: '#/components/schemas/DORAEvent' type: object DORAGitInfo: description: Git info for DORA Metrics events. properties: commit_sha: $ref: '#/components/schemas/GitCommitSHA' repository_url: $ref: '#/components/schemas/GitRepositoryURL' required: - repository_url - commit_sha type: object DORAListDeploymentsRequest: description: Request to get a list of deployments. properties: data: $ref: '#/components/schemas/DORAListDeploymentsRequestData' required: - data type: object DORAListDeploymentsRequestAttributes: description: Attributes to get a list of deployments. properties: from: description: Minimum timestamp for requested events. format: date-time type: string limit: default: 10 description: Maximum number of events in the response. format: int32 maximum: 1000 type: integer query: description: Search query with event platform syntax. type: string sort: description: Sort order (prefixed with `-` for descending). type: string to: description: Maximum timestamp for requested events. format: date-time type: string type: object DORAListDeploymentsRequestData: description: The JSON:API data. properties: attributes: $ref: '#/components/schemas/DORAListDeploymentsRequestAttributes' type: $ref: '#/components/schemas/DORAListDeploymentsRequestDataType' required: - attributes type: object DORAListDeploymentsRequestDataType: description: The definition of `DORAListDeploymentsRequestDataType` object. enum: - dora_deployments_list_request type: string x-enum-varnames: - DORA_DEPLOYMENTS_LIST_REQUEST DORAListFailuresRequest: description: Request to get a list of failures. properties: data: $ref: '#/components/schemas/DORAListFailuresRequestData' required: - data type: object DORAListFailuresRequestAttributes: description: Attributes to get a list of failures. properties: from: description: Minimum timestamp for requested events. format: date-time type: string limit: default: 10 description: Maximum number of events in the response. format: int32 maximum: 1000 type: integer query: description: Search query with event platform syntax. type: string sort: description: Sort order (prefixed with `-` for descending). type: string to: description: Maximum timestamp for requested events. format: date-time type: string type: object DORAListFailuresRequestData: description: The JSON:API data. properties: attributes: $ref: '#/components/schemas/DORAListFailuresRequestAttributes' type: $ref: '#/components/schemas/DORAListFailuresRequestDataType' required: - attributes type: object DORAListFailuresRequestDataType: description: The definition of `DORAListFailuresRequestDataType` object. enum: - dora_failures_list_request type: string x-enum-varnames: - DORA_FAILURES_LIST_REQUEST DORAListResponse: description: Response for the DORA list endpoints. properties: data: description: The list of DORA events. items: $ref: '#/components/schemas/DORAEvent' type: array type: object DashboardListAddItemsRequest: description: Request containing a list of dashboards to add. properties: dashboards: description: List of dashboards to add the dashboard list. items: $ref: '#/components/schemas/DashboardListItemRequest' type: array type: object DashboardListAddItemsResponse: description: Response containing a list of added dashboards. properties: added_dashboards_to_list: description: List of dashboards added to the dashboard list. items: $ref: '#/components/schemas/DashboardListItemResponse' type: array type: object DashboardListDeleteItemsRequest: description: Request containing a list of dashboards to delete. properties: dashboards: description: List of dashboards to delete from the dashboard list. items: $ref: '#/components/schemas/DashboardListItemRequest' type: array type: object DashboardListDeleteItemsResponse: description: Response containing a list of deleted dashboards. properties: deleted_dashboards_from_list: description: List of dashboards deleted from the dashboard list. items: $ref: '#/components/schemas/DashboardListItemResponse' type: array type: object DashboardListItem: description: A dashboard within a list. properties: author: $ref: '#/components/schemas/Creator' created: description: Date of creation of the dashboard. format: date-time readOnly: true type: string icon: description: URL to the icon of the dashboard. nullable: true readOnly: true type: string id: description: ID of the dashboard. example: q5j-nti-fv6 type: string integration_id: description: The short name of the integration. nullable: true readOnly: true type: string is_favorite: description: Whether or not the dashboard is in the favorites. readOnly: true type: boolean is_read_only: description: Whether or not the dashboard is read only. readOnly: true type: boolean is_shared: description: Whether the dashboard is publicly shared or not. readOnly: true type: boolean modified: description: Date of last edition of the dashboard. format: date-time readOnly: true type: string popularity: description: Popularity of the dashboard. format: int32 maximum: 5 readOnly: true type: integer tags: description: List of team names representing ownership of a dashboard. items: description: The name of a Datadog team, formatted as `team:<name>` type: string maxItems: 5 nullable: true readOnly: true type: array title: description: Title of the dashboard. readOnly: true type: string type: $ref: '#/components/schemas/DashboardType' url: description: URL path to the dashboard. readOnly: true type: string required: - type - id type: object DashboardListItemRequest: description: A dashboard within a list. properties: id: description: ID of the dashboard. example: q5j-nti-fv6 type: string type: $ref: '#/components/schemas/DashboardType' required: - type - id type: object DashboardListItemResponse: description: A dashboard within a list. properties: id: description: ID of the dashboard. example: q5j-nti-fv6 readOnly: true type: string type: $ref: '#/components/schemas/DashboardType' required: - type - id type: object DashboardListItems: description: Dashboards within a list. properties: dashboards: description: List of dashboards in the dashboard list. example: [] items: $ref: '#/components/schemas/DashboardListItem' type: array total: description: Number of dashboards in the dashboard list. format: int64 readOnly: true type: integer required: - dashboards type: object DashboardListUpdateItemsRequest: description: Request containing the list of dashboards to update to. properties: dashboards: description: List of dashboards to update the dashboard list to. items: $ref: '#/components/schemas/DashboardListItemRequest' type: array type: object DashboardListUpdateItemsResponse: description: Response containing a list of updated dashboards. properties: dashboards: description: List of dashboards in the dashboard list. items: $ref: '#/components/schemas/DashboardListItemResponse' type: array type: object DashboardTriggerWrapper: description: Schema for a Dashboard-based trigger. properties: dashboardTrigger: description: Trigger a workflow from a Dashboard. type: object startStepNames: $ref: '#/components/schemas/StartStepNames' required: - dashboardTrigger type: object DashboardType: description: The type of the dashboard. enum: - custom_timeboard - custom_screenboard - integration_screenboard - integration_timeboard - host_timeboard example: host_timeboard type: string x-enum-varnames: - CUSTOM_TIMEBOARD - CUSTOM_SCREENBOARD - INTEGRATION_SCREENBOARD - INTEGRATION_TIMEBOARD - HOST_TIMEBOARD DataDeletionResponseItem: description: The created data deletion request information. properties: attributes: $ref: '#/components/schemas/DataDeletionResponseItemAttributes' id: description: The ID of the created data deletion request. example: '1' type: string type: description: The type of the request created. example: deletion_request type: string required: - id - type - attributes type: object DataDeletionResponseItemAttributes: description: Deletion attribute for data deletion response. properties: created_at: description: Creation time of the deletion request. example: '2024-01-01T00:00:00.000000Z' type: string created_by: description: User who created the deletion request. example: test.user@datadoghq.com type: string from_time: description: Start of requested time window, milliseconds since Unix epoch. example: 1672527600000 format: int64 type: integer indexes: description: List of indexes for the search. If not provided, the search is performed in all indexes. example: - test-index - test-index-2 items: description: Individual index. type: string type: array is_created: description: Whether the deletion request is fully created or not. It can take several minutes to fully create a deletion request depending on the target query and timeframe. example: true type: boolean org_id: description: Organization ID. example: 321813 format: int64 type: integer product: description: Product name. example: logs type: string query: description: Query for creating a data deletion request. example: service:xyz host:abc type: string starting_at: description: Starting time of the process to delete the requested data. example: '2024-01-01T02:00:00.000000Z' type: string status: description: Status of the deletion request. example: pending type: string to_time: description: End of requested time window, milliseconds since Unix epoch. example: 1704063600000 format: int64 type: integer total_unrestricted: description: Total number of elements to be deleted. Only the data accessible to the current user that matches the query and timeframe provided will be deleted. example: 100 format: int64 type: integer updated_at: description: Update time of the deletion request. example: '2024-01-01T00:00:00.000000Z' type: string required: - created_at - created_by - from_time - is_created - org_id - product - query - starting_at - status - to_time - total_unrestricted - updated_at type: object DataDeletionResponseMeta: description: The metadata of the data deletion response. properties: count_product: additionalProperties: format: int64 type: integer description: The total deletion requests created by product. example: logs: 8 rum: 7 type: object count_status: additionalProperties: format: int64 type: integer description: The total deletion requests created by status. example: completed: 10 pending: 5 type: object next_page: description: The next page when searching deletion requests created in the current organization. example: cGFnZTI= type: string product: description: The product of the deletion request. example: logs type: string request_status: description: The status of the executed request. example: canceled type: string type: object DataRelationshipsTeams: description: Associates teams with this schedule in a data structure. properties: data: description: An array of team references for this schedule. items: $ref: '#/components/schemas/DataRelationshipsTeamsDataItems' type: array type: object DataRelationshipsTeamsDataItems: description: Relates a team to this schedule, identified by `id` and `type` (must be `teams`). properties: id: description: The unique identifier of the team in this relationship. example: 00000000-da3a-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/DataRelationshipsTeamsDataItemsType' required: - type - id type: object DataRelationshipsTeamsDataItemsType: default: teams description: Teams resource type. enum: - teams example: teams type: string x-enum-varnames: - TEAMS DataScalarColumn: description: A column containing the numerical results for a formula or query. properties: meta: $ref: '#/components/schemas/ScalarMeta' name: description: The name referencing the formula or query for this column. example: a type: string type: $ref: '#/components/schemas/ScalarColumnTypeNumber' values: description: The array of numerical values for one formula or query. example: - 0.5 items: description: An individual value for a given column and group-by. example: 0.5 format: double nullable: true type: number type: array type: object DataTransform: description: A data transformer, which is custom JavaScript code that executes and transforms data when its inputs change. properties: id: description: The ID of the data transformer. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string name: description: A unique identifier for this data transformer. This name is also used to access the transformer's result throughout the app. example: combineTwoOrders type: string properties: $ref: '#/components/schemas/DataTransformProperties' type: $ref: '#/components/schemas/DataTransformType' required: - id - name - type - properties type: object DataTransformProperties: description: The properties of the data transformer. properties: outputs: description: A JavaScript function that returns the transformed data. example: "${(() => {return {\n allItems: [...fetchOrder1.outputs.items, ...fetchOrder2.outputs.items],\n}})()}" type: string type: object DataTransformType: default: dataTransform description: The data transform type. enum: - dataTransform example: dataTransform type: string x-enum-varnames: - DATATRANSFORM DatabaseMonitoringTriggerWrapper: description: Schema for a Database Monitoring-based trigger. properties: databaseMonitoringTrigger: description: Trigger a workflow from Database Monitoring. type: object startStepNames: $ref: '#/components/schemas/StartStepNames' required: - databaseMonitoringTrigger type: object Date: description: Date as Unix timestamp in milliseconds. example: 1722439510282 format: int64 type: integer DeleteAppResponse: description: The response object after an app is successfully deleted. properties: data: $ref: '#/components/schemas/DeleteAppResponseData' type: object DeleteAppResponseData: description: The definition of `DeleteAppResponseData` object. properties: id: description: The ID of the deleted app. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: $ref: '#/components/schemas/AppDefinitionType' required: - id - type type: object DeleteAppsRequest: description: A request object for deleting multiple apps by ID. example: data: - id: aea2ed17-b45f-40d0-ba59-c86b7972c901 type: appDefinitions - id: f69bb8be-6168-4fe7-a30d-370256b6504a type: appDefinitions - id: ab1ed73e-13ad-4426-b0df-a0ff8876a088 type: appDefinitions properties: data: description: An array of objects containing the IDs of the apps to delete. items: $ref: '#/components/schemas/DeleteAppsRequestDataItems' type: array type: object DeleteAppsRequestDataItems: description: An object containing the ID of an app to delete. properties: id: description: The ID of the app to delete. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: $ref: '#/components/schemas/AppDefinitionType' required: - id - type type: object DeleteAppsResponse: description: The response object after multiple apps are successfully deleted. properties: data: description: An array of objects containing the IDs of the deleted apps. items: $ref: '#/components/schemas/DeleteAppsResponseDataItems' type: array type: object DeleteAppsResponseDataItems: description: An object containing the ID of a deleted app. properties: id: description: The ID of the deleted app. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: $ref: '#/components/schemas/AppDefinitionType' required: - id - type type: object DeleteCustomFrameworkResponse: description: Response object to delete a custom framework. properties: data: $ref: '#/components/schemas/CustomFrameworkMetadata' required: - data type: object DependencyLocation: description: Static library vulnerability location. properties: column_end: description: Location column end. example: 140 format: int64 type: integer column_start: description: Location column start. example: 5 format: int64 type: integer file_name: description: Location file name. example: src/go.mod type: string line_end: description: Location line end. example: 10 format: int64 type: integer line_start: description: Location line start. example: 1 format: int64 type: integer required: - file_name - line_start - line_end - column_start - column_end type: object Deployment: description: The version of the app that was published. properties: attributes: $ref: '#/components/schemas/DeploymentAttributes' id: description: The deployment ID. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string meta: $ref: '#/components/schemas/DeploymentMetadata' type: $ref: '#/components/schemas/AppDeploymentType' type: object DeploymentAttributes: description: The attributes object containing the version ID of the published app. properties: app_version_id: description: The version ID of the app that was published. For an unpublished app, this is always the nil UUID (`00000000-0000-0000-0000-000000000000`). example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: object DeploymentMetadata: description: Metadata object containing the publication creation information. properties: created_at: description: Timestamp of when the app was published. format: date-time type: string user_id: description: The ID of the user who published the app. format: int64 type: integer user_name: description: The name (or email address) of the user who published the app. type: string user_uuid: description: The UUID of the user who published the app. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: object DeploymentRelationship: description: Information pointing to the app's publication status. properties: data: $ref: '#/components/schemas/DeploymentRelationshipData' meta: $ref: '#/components/schemas/DeploymentMetadata' type: object DeploymentRelationshipData: description: Data object containing the deployment ID. properties: id: description: The deployment ID. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: $ref: '#/components/schemas/AppDeploymentType' type: object DetailedFinding: description: A single finding with with message and resource configuration. properties: attributes: $ref: '#/components/schemas/DetailedFindingAttributes' id: $ref: '#/components/schemas/FindingID' type: $ref: '#/components/schemas/DetailedFindingType' type: object DetailedFindingAttributes: description: The JSON:API attributes of the detailed finding. properties: evaluation: $ref: '#/components/schemas/FindingEvaluation' evaluation_changed_at: $ref: '#/components/schemas/FindingEvaluationChangedAt' message: description: The remediation message for this finding. example: '## Remediation ### From the console 1. Go to Storage Account 2. For each Storage Account, navigate to Data Protection 3. Select Set soft delete enabled and enter the number of days to retain soft deleted data.' type: string mute: $ref: '#/components/schemas/FindingMute' resource: $ref: '#/components/schemas/FindingResource' resource_configuration: description: The resource configuration for this finding. type: object resource_discovery_date: $ref: '#/components/schemas/FindingResourceDiscoveryDate' resource_type: $ref: '#/components/schemas/FindingResourceType' rule: $ref: '#/components/schemas/FindingRule' status: $ref: '#/components/schemas/FindingStatus' tags: $ref: '#/components/schemas/FindingTags' type: object DetailedFindingType: default: detailed_finding description: The JSON:API type for findings that have the message and resource configuration. enum: - detailed_finding example: detailed_finding type: string x-enum-varnames: - DETAILED_FINDING DeviceAttributes: description: The device attributes properties: description: description: The device description example: a device monitored with NDM type: string device_type: description: The device type example: other type: string integration: description: The device integration example: snmp type: string interface_statuses: $ref: '#/components/schemas/DeviceAttributesInterfaceStatuses' ip_address: description: The device IP address example: 1.2.3.4 type: string location: description: The device location example: paris type: string model: description: The device model example: xx-123 type: string name: description: The device name example: example device type: string os_hostname: description: The device OS hostname type: string os_name: description: The device OS name example: example OS type: string os_version: description: The device OS version example: 1.0.2 type: string ping_status: description: The device ping status example: unmonitored type: string product_name: description: The device product name example: example device type: string serial_number: description: The device serial number example: X12345 type: string status: description: The device SNMP status example: ok type: string subnet: description: The device subnet example: 1.2.3.4/24 type: string sys_object_id: description: The device `sys_object_id` example: 1.3.6.1.4.1.99999 type: string tags: description: The list of device tags example: - device_ip:1.2.3.4 - device_id:example:1.2.3.4 items: type: string type: array vendor: description: The device vendor example: example vendor type: string version: description: The device version example: 1.2.3 type: string type: object DeviceAttributesInterfaceStatuses: description: Count of the device interfaces by status example: down: 1 'off': 2 up: 12 warning: 5 properties: down: description: The number of interfaces that are down format: int64 type: integer 'off': description: The number of interfaces that are off format: int64 type: integer up: description: The number of interfaces that are up format: int64 type: integer warning: description: The number of interfaces that are in a warning state format: int64 type: integer type: object DevicesListData: description: The devices list data properties: attributes: $ref: '#/components/schemas/DeviceAttributes' id: description: The device ID example: example:1.2.3.4 type: string type: description: The type of the resource. The value should always be device. type: string type: object DomainAllowlist: description: The email domain allowlist for an org. properties: attributes: $ref: '#/components/schemas/DomainAllowlistAttributes' id: description: The unique identifier of the org. nullable: true type: string type: $ref: '#/components/schemas/DomainAllowlistType' required: - type type: object DomainAllowlistAttributes: description: The details of the email domain allowlist. properties: domains: description: The list of domains in the email domain allowlist. items: type: string type: array enabled: description: Whether the email domain allowlist is enabled for the org. type: boolean type: object DomainAllowlistRequest: description: Request containing the desired email domain allowlist configuration. properties: data: $ref: '#/components/schemas/DomainAllowlist' required: - data type: object DomainAllowlistResponse: description: Response containing information about the email domain allowlist. properties: data: $ref: '#/components/schemas/DomainAllowlistResponseData' type: object DomainAllowlistResponseData: description: The email domain allowlist response for an org. properties: attributes: $ref: '#/components/schemas/DomainAllowlistResponseDataAttributes' id: description: The unique identifier of the org. nullable: true type: string type: $ref: '#/components/schemas/DomainAllowlistType' required: - type type: object DomainAllowlistResponseDataAttributes: description: The details of the email domain allowlist. properties: domains: description: The list of domains in the email domain allowlist. items: type: string type: array enabled: description: Whether the email domain allowlist is enabled for the org. type: boolean type: object DomainAllowlistType: default: domain_allowlist description: Email domain allowlist allowlist type. enum: - domain_allowlist example: domain_allowlist type: string x-enum-varnames: - DOMAIN_ALLOWLIST DowntimeCreateRequest: description: Request for creating a downtime. properties: data: $ref: '#/components/schemas/DowntimeCreateRequestData' required: - data type: object DowntimeCreateRequestAttributes: description: Downtime details. properties: display_timezone: $ref: '#/components/schemas/DowntimeDisplayTimezone' message: $ref: '#/components/schemas/DowntimeMessage' monitor_identifier: $ref: '#/components/schemas/DowntimeMonitorIdentifier' mute_first_recovery_notification: $ref: '#/components/schemas/DowntimeMuteFirstRecoveryNotification' notify_end_states: $ref: '#/components/schemas/DowntimeNotifyEndStates' notify_end_types: $ref: '#/components/schemas/DowntimeNotifyEndTypes' schedule: $ref: '#/components/schemas/DowntimeScheduleCreateRequest' scope: $ref: '#/components/schemas/DowntimeScope' required: - scope - monitor_identifier type: object DowntimeCreateRequestData: description: Object to create a downtime. properties: attributes: $ref: '#/components/schemas/DowntimeCreateRequestAttributes' type: $ref: '#/components/schemas/DowntimeResourceType' required: - type - attributes type: object DowntimeDisplayTimezone: default: UTC description: 'The timezone in which to display the downtime''s start and end times in Datadog applications. This is not used as an offset for scheduling.' example: America/New_York nullable: true type: string DowntimeIncludedMonitorType: default: monitors description: Monitor resource type. enum: - monitors example: monitors type: string x-enum-varnames: - MONITORS DowntimeMessage: description: 'A message to include with notifications for this downtime. Email notifications can be sent to specific users by using the same `@username` notation as events.' example: Message about the downtime nullable: true type: string DowntimeMeta: description: Pagination metadata returned by the API. properties: page: $ref: '#/components/schemas/DowntimeMetaPage' type: object DowntimeMetaPage: description: Object containing the total filtered count. properties: total_filtered_count: description: Total count of elements matched by the filter. format: int64 type: integer type: object DowntimeMonitorIdentifier: description: Monitor identifier for the downtime. oneOf: - $ref: '#/components/schemas/DowntimeMonitorIdentifierId' - $ref: '#/components/schemas/DowntimeMonitorIdentifierTags' DowntimeMonitorIdentifierId: additionalProperties: {} description: Object of the monitor identifier. properties: monitor_id: description: ID of the monitor to prevent notifications. example: 123 format: int64 type: integer required: - monitor_id type: object DowntimeMonitorIdentifierTags: additionalProperties: {} description: Object of the monitor tags. properties: monitor_tags: description: 'A list of monitor tags. For example, tags that are applied directly to monitors, not tags that are used in monitor queries (which are filtered by the scope parameter), to which the downtime applies. The resulting downtime applies to monitors that match **all** provided monitor tags. Setting `monitor_tags` to `[*]` configures the downtime to mute all monitors for the given scope.' example: - service:postgres - team:frontend items: description: A list of monitor tags. example: service:postgres type: string minItems: 1 type: array required: - monitor_tags type: object DowntimeMonitorIncludedAttributes: description: Attributes of the monitor identified by the downtime. properties: name: description: The name of the monitor identified by the downtime. example: A monitor name type: string type: object DowntimeMonitorIncludedItem: description: Information about the monitor identified by the downtime. properties: attributes: $ref: '#/components/schemas/DowntimeMonitorIncludedAttributes' id: description: ID of the monitor identified by the downtime. example: 12345 format: int64 type: integer type: $ref: '#/components/schemas/DowntimeIncludedMonitorType' type: object DowntimeMuteFirstRecoveryNotification: description: If the first recovery notification during a downtime should be muted. example: false type: boolean DowntimeNotifyEndStateActions: description: Action that will trigger a monitor notification if the downtime is in the `notify_end_types` state. enum: - canceled - expired example: canceled type: string x-enum-varnames: - CANCELED - EXPIRED DowntimeNotifyEndStateTypes: description: State that will trigger a monitor notification when the `notify_end_types` action occurs. enum: - alert - no data - warn example: alert type: string x-enum-varnames: - ALERT - NO_DATA - WARN DowntimeNotifyEndStates: description: States that will trigger a monitor notification when the `notify_end_types` action occurs. example: - alert - warn items: $ref: '#/components/schemas/DowntimeNotifyEndStateTypes' type: array DowntimeNotifyEndTypes: description: Actions that will trigger a monitor notification if the downtime is in the `notify_end_types` state. example: - canceled - expired items: $ref: '#/components/schemas/DowntimeNotifyEndStateActions' type: array DowntimeRelationships: description: All relationships associated with downtime. properties: created_by: $ref: '#/components/schemas/DowntimeRelationshipsCreatedBy' monitor: $ref: '#/components/schemas/DowntimeRelationshipsMonitor' type: object DowntimeRelationshipsCreatedBy: description: The user who created the downtime. properties: data: $ref: '#/components/schemas/DowntimeRelationshipsCreatedByData' type: object DowntimeRelationshipsCreatedByData: description: Data for the user who created the downtime. nullable: true properties: id: description: User ID of the downtime creator. example: 00000000-0000-1234-0000-000000000000 type: string type: $ref: '#/components/schemas/UsersType' type: object DowntimeRelationshipsMonitor: description: The monitor identified by the downtime. properties: data: $ref: '#/components/schemas/DowntimeRelationshipsMonitorData' type: object DowntimeRelationshipsMonitorData: description: Data for the monitor. nullable: true properties: id: description: Monitor ID of the downtime. example: '12345' type: string type: $ref: '#/components/schemas/DowntimeIncludedMonitorType' type: object DowntimeResourceType: default: downtime description: Downtime resource type. enum: - downtime example: downtime type: string x-enum-varnames: - DOWNTIME DowntimeResponse: description: 'Downtiming gives you greater control over monitor notifications by allowing you to globally exclude scopes from alerting. Downtime settings, which can be scheduled with start and end times, prevent all alerting related to specified Datadog tags.' properties: data: $ref: '#/components/schemas/DowntimeResponseData' included: description: Array of objects related to the downtime that the user requested. items: $ref: '#/components/schemas/DowntimeResponseIncludedItem' type: array type: object DowntimeResponseAttributes: description: Downtime details. properties: canceled: description: Time that the downtime was canceled. example: 2020-01-02T03:04:05.282979+0000 format: date-time nullable: true type: string created: description: Creation time of the downtime. example: 2020-01-02T03:04:05.282979+0000 format: date-time type: string display_timezone: $ref: '#/components/schemas/DowntimeDisplayTimezone' message: $ref: '#/components/schemas/DowntimeMessage' modified: description: Time that the downtime was last modified. example: 2020-01-02T03:04:05.282979+0000 format: date-time type: string monitor_identifier: $ref: '#/components/schemas/DowntimeMonitorIdentifier' mute_first_recovery_notification: $ref: '#/components/schemas/DowntimeMuteFirstRecoveryNotification' notify_end_states: $ref: '#/components/schemas/DowntimeNotifyEndStates' notify_end_types: $ref: '#/components/schemas/DowntimeNotifyEndTypes' schedule: $ref: '#/components/schemas/DowntimeScheduleResponse' scope: $ref: '#/components/schemas/DowntimeScope' status: $ref: '#/components/schemas/DowntimeStatus' type: object DowntimeResponseData: description: Downtime data. properties: attributes: $ref: '#/components/schemas/DowntimeResponseAttributes' id: description: The downtime ID. example: 00000000-0000-1234-0000-000000000000 type: string relationships: $ref: '#/components/schemas/DowntimeRelationships' type: $ref: '#/components/schemas/DowntimeResourceType' type: object DowntimeResponseIncludedItem: description: An object related to a downtime. oneOf: - $ref: '#/components/schemas/User' - $ref: '#/components/schemas/DowntimeMonitorIncludedItem' DowntimeScheduleCreateRequest: description: Schedule for the downtime. oneOf: - $ref: '#/components/schemas/DowntimeScheduleRecurrencesCreateRequest' - $ref: '#/components/schemas/DowntimeScheduleOneTimeCreateUpdateRequest' DowntimeScheduleCurrentDowntimeResponse: description: 'The most recent actual start and end dates for a recurring downtime. For a canceled downtime, this is the previously occurring downtime. For active downtimes, this is the ongoing downtime, and for scheduled downtimes it is the upcoming downtime.' properties: end: description: The end of the current downtime. example: 2020-01-02 03:04:00+00:00 format: date-time nullable: true type: string start: description: The start of the current downtime. example: 2020-01-02 03:04:00+00:00 format: date-time type: string type: object DowntimeScheduleOneTimeCreateUpdateRequest: additionalProperties: false description: A one-time downtime definition. properties: end: description: 'ISO-8601 Datetime to end the downtime. Must include a UTC offset of zero. If not provided, the downtime continues forever.' example: 2020-01-02 03:04:00+00:00 format: date-time nullable: true type: string start: description: 'ISO-8601 Datetime to start the downtime. Must include a UTC offset of zero. If not provided, the downtime starts the moment it is created.' example: 2020-01-02 03:04:00+00:00 format: date-time nullable: true type: string type: object DowntimeScheduleOneTimeResponse: description: A one-time downtime definition. properties: end: description: ISO-8601 Datetime to end the downtime. example: 2020-01-02 03:04:00+00:00 format: date-time nullable: true type: string start: description: ISO-8601 Datetime to start the downtime. example: 2020-01-02 03:04:00+00:00 format: date-time type: string required: - start type: object DowntimeScheduleRecurrenceCreateUpdateRequest: additionalProperties: {} description: An object defining the recurrence of the downtime. properties: duration: $ref: '#/components/schemas/DowntimeScheduleRecurrenceDuration' rrule: $ref: '#/components/schemas/DowntimeScheduleRecurrenceRrule' start: description: 'ISO-8601 Datetime to start the downtime. Must not include a UTC offset. If not provided, the downtime starts the moment it is created.' example: 2020-01-02T03:04 nullable: true type: string required: - duration - rrule type: object DowntimeScheduleRecurrenceDuration: description: The length of the downtime. Must begin with an integer and end with one of 'm', 'h', d', or 'w'. example: 123d type: string DowntimeScheduleRecurrenceResponse: description: An RRULE-based recurring downtime. properties: duration: $ref: '#/components/schemas/DowntimeScheduleRecurrenceDuration' rrule: $ref: '#/components/schemas/DowntimeScheduleRecurrenceRrule' start: description: 'ISO-8601 Datetime to start the downtime. Must not include a UTC offset. If not provided, the downtime starts the moment it is created.' example: 2020-01-02T03:04 type: string type: object DowntimeScheduleRecurrenceRrule: description: 'The `RRULE` standard for defining recurring events. For example, to have a recurring event on the first day of each month, set the type to `rrule` and set the `FREQ` to `MONTHLY` and `BYMONTHDAY` to `1`. Most common `rrule` options from the [iCalendar Spec](https://tools.ietf.org/html/rfc5545) are supported. **Note**: Attributes specifying the duration in `RRULE` are not supported (for example, `DTSTART`, `DTEND`, `DURATION`). More examples available in this [downtime guide](https://docs.datadoghq.com/monitors/guide/suppress-alert-with-downtimes/?tab=api).' example: FREQ=MONTHLY;BYSETPOS=3;BYDAY=WE;INTERVAL=1 type: string DowntimeScheduleRecurrencesCreateRequest: description: A recurring downtime schedule definition. properties: recurrences: description: A list of downtime recurrences. items: $ref: '#/components/schemas/DowntimeScheduleRecurrenceCreateUpdateRequest' type: array timezone: default: UTC description: The timezone in which to schedule the downtime. example: America/New_York type: string required: - recurrences type: object DowntimeScheduleRecurrencesResponse: description: A recurring downtime schedule definition. properties: current_downtime: $ref: '#/components/schemas/DowntimeScheduleCurrentDowntimeResponse' recurrences: description: A list of downtime recurrences. items: $ref: '#/components/schemas/DowntimeScheduleRecurrenceResponse' maxItems: 5 minItems: 1 type: array timezone: default: UTC description: 'The timezone in which to schedule the downtime. This affects recurring start and end dates. Must match `display_timezone`.' example: America/New_York type: string required: - recurrences type: object DowntimeScheduleRecurrencesUpdateRequest: additionalProperties: false description: A recurring downtime schedule definition. properties: recurrences: description: A list of downtime recurrences. items: $ref: '#/components/schemas/DowntimeScheduleRecurrenceCreateUpdateRequest' type: array timezone: default: UTC description: The timezone in which to schedule the downtime. example: America/New_York type: string type: object DowntimeScheduleResponse: description: 'The schedule that defines when the monitor starts, stops, and recurs. There are two types of schedules: one-time and recurring. Recurring schedules may have up to five RRULE-based recurrences. If no schedules are provided, the downtime will begin immediately and never end.' oneOf: - $ref: '#/components/schemas/DowntimeScheduleRecurrencesResponse' - $ref: '#/components/schemas/DowntimeScheduleOneTimeResponse' DowntimeScheduleUpdateRequest: description: Schedule for the downtime. oneOf: - $ref: '#/components/schemas/DowntimeScheduleRecurrencesUpdateRequest' - $ref: '#/components/schemas/DowntimeScheduleOneTimeCreateUpdateRequest' DowntimeScope: description: The scope to which the downtime applies. Must follow the [common search syntax](https://docs.datadoghq.com/logs/explorer/search_syntax/). example: env:(staging OR prod) AND datacenter:us-east-1 type: string DowntimeStatus: description: The current status of the downtime. enum: - active - canceled - ended - scheduled example: active type: string x-enum-varnames: - ACTIVE - CANCELED - ENDED - SCHEDULED DowntimeUpdateRequest: description: Request for editing a downtime. properties: data: $ref: '#/components/schemas/DowntimeUpdateRequestData' required: - data type: object DowntimeUpdateRequestAttributes: description: Attributes of the downtime to update. properties: display_timezone: $ref: '#/components/schemas/DowntimeDisplayTimezone' message: $ref: '#/components/schemas/DowntimeMessage' monitor_identifier: $ref: '#/components/schemas/DowntimeMonitorIdentifier' mute_first_recovery_notification: $ref: '#/components/schemas/DowntimeMuteFirstRecoveryNotification' notify_end_states: $ref: '#/components/schemas/DowntimeNotifyEndStates' notify_end_types: $ref: '#/components/schemas/DowntimeNotifyEndTypes' schedule: $ref: '#/components/schemas/DowntimeScheduleUpdateRequest' scope: $ref: '#/components/schemas/DowntimeScope' type: object DowntimeUpdateRequestData: description: Object to update a downtime. properties: attributes: $ref: '#/components/schemas/DowntimeUpdateRequestAttributes' id: description: ID of this downtime. example: 00000000-0000-1234-0000-000000000000 type: string type: $ref: '#/components/schemas/DowntimeResourceType' required: - id - type - attributes type: object EPSS: description: Vulnerability EPSS severity. properties: score: description: Vulnerability EPSS severity score. example: 0.2 format: double type: number severity: $ref: '#/components/schemas/VulnerabilitySeverity' required: - score - severity type: object Enabled: description: Field used to enable or disable the rule. example: true type: boolean EntityAttributes: description: Entity attributes. properties: apiVersion: description: The API version. type: string description: description: The description. type: string displayName: description: The display name. type: string kind: description: The kind. type: string name: description: The name. type: string namespace: description: The namespace. type: string owner: description: The owner. type: string tags: description: The tags. items: type: string type: array type: object EntityData: description: Entity data. properties: attributes: $ref: '#/components/schemas/EntityAttributes' id: description: Entity ID. type: string meta: $ref: '#/components/schemas/EntityMeta' relationships: $ref: '#/components/schemas/EntityRelationships' type: description: Entity. type: string type: object EntityMeta: description: Entity metadata. properties: createdAt: description: The creation time. type: string ingestionSource: description: The ingestion source. type: string modifiedAt: description: The modification time. type: string origin: description: The origin. type: string type: object EntityRaw: description: Entity definition in raw JSON or YAML representation. example: "apiVersion: v3\nkind: service\nmetadata:\n name: myservice\n" type: string EntityRelationships: description: Entity relationships. properties: incidents: $ref: '#/components/schemas/EntityToIncidents' oncall: $ref: '#/components/schemas/EntityToOncalls' rawSchema: $ref: '#/components/schemas/EntityToRawSchema' relatedEntities: $ref: '#/components/schemas/EntityToRelatedEntities' schema: $ref: '#/components/schemas/EntityToSchema' type: object EntityResponseData: description: List of entity data. items: $ref: '#/components/schemas/EntityData' type: array EntityResponseIncludedIncident: description: Included incident. properties: attributes: $ref: '#/components/schemas/EntityResponseIncludedRelatedIncidentAttributes' id: description: Incident ID. type: string type: $ref: '#/components/schemas/EntityResponseIncludedIncidentType' type: object EntityResponseIncludedIncidentType: description: Incident description. enum: - incident type: string x-enum-varnames: - INCIDENT EntityResponseIncludedOncall: description: Included oncall. properties: attributes: $ref: '#/components/schemas/EntityResponseIncludedRelatedOncallAttributes' id: description: Oncall ID. type: string type: $ref: '#/components/schemas/EntityResponseIncludedOncallType' type: object EntityResponseIncludedOncallType: description: Oncall type. enum: - oncall type: string x-enum-varnames: - ONCALL EntityResponseIncludedRawSchema: description: Included raw schema. properties: attributes: $ref: '#/components/schemas/EntityResponseIncludedRawSchemaAttributes' id: description: Raw schema ID. type: string type: $ref: '#/components/schemas/EntityResponseIncludedRawSchemaType' type: object EntityResponseIncludedRawSchemaAttributes: description: Included raw schema attributes. properties: rawSchema: description: Schema from user input in base64 encoding. type: string type: object EntityResponseIncludedRawSchemaType: description: Raw schema type. enum: - rawSchema type: string x-enum-varnames: - RAW_SCHEMA EntityResponseIncludedRelatedEntity: description: Included related entity. properties: attributes: $ref: '#/components/schemas/EntityResponseIncludedRelatedEntityAttributes' id: description: Entity UUID. type: string meta: $ref: '#/components/schemas/EntityResponseIncludedRelatedEntityMeta' type: $ref: '#/components/schemas/EntityResponseIncludedRelatedEntityType' type: object EntityResponseIncludedRelatedEntityAttributes: description: Related entity attributes. properties: kind: description: Entity kind. type: string name: description: Entity name. type: string namespace: description: Entity namespace. type: string type: description: Entity relation type to the associated entity. type: string type: object EntityResponseIncludedRelatedEntityMeta: description: Included related entity meta. properties: createdAt: description: Entity creation time. format: date-time type: string defined_by: description: Entity relation defined by. type: string modifiedAt: description: Entity modification time. format: date-time type: string source: description: Entity relation source. type: string type: object EntityResponseIncludedRelatedEntityType: description: Related entity. enum: - relatedEntity type: string x-enum-varnames: - RELATED_ENTITY EntityResponseIncludedRelatedIncidentAttributes: description: Incident attributes. properties: createdAt: description: Incident creation time. format: date-time type: string htmlURL: description: Incident URL. type: string provider: description: Incident provider. type: string status: description: Incident status. type: string title: description: Incident title. type: string type: object EntityResponseIncludedRelatedOncallAttributes: description: Included related oncall attributes. properties: escalations: $ref: '#/components/schemas/EntityResponseIncludedRelatedOncallEscalations' provider: description: Oncall provider. type: string type: object EntityResponseIncludedRelatedOncallEscalationItem: description: Oncall escalation. properties: email: description: Oncall email. type: string escalationLevel: description: Oncall level. format: int64 type: integer name: description: Oncall name. type: string type: object EntityResponseIncludedRelatedOncallEscalations: description: Oncall escalations. items: $ref: '#/components/schemas/EntityResponseIncludedRelatedOncallEscalationItem' type: array EntityResponseIncludedSchema: description: Included detail entity schema. properties: attributes: $ref: '#/components/schemas/EntityResponseIncludedSchemaAttributes' id: description: Entity ID. type: string type: $ref: '#/components/schemas/EntityResponseIncludedSchemaType' type: object EntityResponseIncludedSchemaAttributes: description: Included schema. properties: schema: $ref: '#/components/schemas/EntityV3' type: object EntityResponseIncludedSchemaType: description: Schema type. enum: - schema type: string x-enum-varnames: - SCHEMA EntityResponseMeta: description: Entity metadata. properties: count: description: Total entities count. format: int64 type: integer includeCount: description: Total included data count. format: int64 type: integer type: object EntityToIncidents: description: Entity to incidents relationship. properties: data: $ref: '#/components/schemas/RelationshipArray' type: object EntityToOncalls: description: Entity to oncalls relationship. properties: data: $ref: '#/components/schemas/RelationshipArray' type: object EntityToRawSchema: description: Entity to raw schema relationship. properties: data: $ref: '#/components/schemas/RelationshipItem' type: object EntityToRelatedEntities: description: Entity to related entities relationship. properties: data: $ref: '#/components/schemas/RelationshipArray' type: object EntityToSchema: description: Entity to detail schema relationship. properties: data: $ref: '#/components/schemas/RelationshipItem' type: object EntityV3: description: Entity schema v3. oneOf: - $ref: '#/components/schemas/EntityV3Service' - $ref: '#/components/schemas/EntityV3Datastore' - $ref: '#/components/schemas/EntityV3Queue' - $ref: '#/components/schemas/EntityV3System' - $ref: '#/components/schemas/EntityV3API' EntityV3API: additionalProperties: false description: Schema for API entities. properties: apiVersion: $ref: '#/components/schemas/EntityV3APIVersion' datadog: $ref: '#/components/schemas/EntityV3APIDatadog' extensions: additionalProperties: {} description: Custom extensions. This is the free-formed field to send client-side metadata. No Datadog features are affected by this field. type: object integrations: $ref: '#/components/schemas/EntityV3Integrations' kind: $ref: '#/components/schemas/EntityV3APIKind' metadata: $ref: '#/components/schemas/EntityV3Metadata' spec: $ref: '#/components/schemas/EntityV3APISpec' required: - apiVersion - kind - metadata type: object EntityV3APIDatadog: additionalProperties: false description: Datadog product integrations for the API entity. properties: codeLocations: $ref: '#/components/schemas/EntityV3DatadogCodeLocations' events: $ref: '#/components/schemas/EntityV3DatadogEvents' logs: $ref: '#/components/schemas/EntityV3DatadogLogs' performanceData: $ref: '#/components/schemas/EntityV3DatadogPerformance' pipelines: $ref: '#/components/schemas/EntityV3DatadogPipelines' type: object EntityV3APIKind: description: The definition of Entity V3 API Kind object. enum: - api example: api type: string x-enum-varnames: - API EntityV3APISpec: additionalProperties: false description: The definition of Entity V3 API Spec object. properties: implementedBy: description: Services which implemented the API. items: type: string type: array interface: $ref: '#/components/schemas/EntityV3APISpecInterface' lifecycle: description: The lifecycle state of the component. minLength: 1 type: string tier: description: The importance of the component. minLength: 1 type: string type: description: The type of API. type: string type: object EntityV3APISpecInterface: additionalProperties: false description: The API definition. oneOf: - $ref: '#/components/schemas/EntityV3APISpecInterfaceFileRef' - $ref: '#/components/schemas/EntityV3APISpecInterfaceDefinition' EntityV3APISpecInterfaceDefinition: additionalProperties: false description: The definition of `EntityV3APISpecInterfaceDefinition` object. properties: definition: description: The API definition. type: object type: object EntityV3APISpecInterfaceFileRef: additionalProperties: false description: The definition of `EntityV3APISpecInterfaceFileRef` object. properties: fileRef: description: The reference to the API definition file. type: string type: object EntityV3APIVersion: description: The schema version of entity type. The field is known as schema-version in the previous version. enum: - v3 example: v3 type: string x-enum-varnames: - V3 EntityV3DatadogCodeLocationItem: additionalProperties: false description: Code location item. properties: paths: description: The paths (glob) to the source code of the service. items: type: string type: array repositoryURL: description: The repository path of the source code of the entity. type: string type: object EntityV3DatadogCodeLocations: additionalProperties: false description: Schema for mapping source code locations to an entity. items: $ref: '#/components/schemas/EntityV3DatadogCodeLocationItem' type: array EntityV3DatadogEventItem: additionalProperties: false description: Events association item. properties: name: description: The name of the query. type: string query: description: The query to run. type: string type: object EntityV3DatadogEvents: additionalProperties: false description: Events associations. items: $ref: '#/components/schemas/EntityV3DatadogEventItem' type: array EntityV3DatadogIntegrationOpsgenie: additionalProperties: false description: An Opsgenie integration schema. properties: region: description: The region for the Opsgenie integration. minLength: 1 type: string serviceURL: description: The service URL for the Opsgenie integration. example: https://www.opsgenie.com/service/shopping-cart minLength: 1 type: string required: - serviceURL type: object EntityV3DatadogIntegrationPagerduty: additionalProperties: false description: A PagerDuty integration schema. properties: serviceURL: description: The service URL for the PagerDuty integration. example: https://www.pagerduty.com/service-directory/Pshopping-cart minLength: 1 type: string required: - serviceURL type: object EntityV3DatadogLogItem: additionalProperties: false description: Log association item. properties: name: description: The name of the query. type: string query: description: The query to run. type: string type: object EntityV3DatadogLogs: additionalProperties: false description: Logs association. items: $ref: '#/components/schemas/EntityV3DatadogLogItem' type: array EntityV3DatadogPerformance: additionalProperties: false description: Performance stats association. properties: tags: description: A list of APM entity tags that associates the APM Stats data with the entity. items: type: string type: array type: object EntityV3DatadogPipelines: additionalProperties: false description: CI Pipelines association. properties: fingerprints: description: A list of CI Fingerprints that associate CI Pipelines with the entity. items: type: string type: array type: object EntityV3Datastore: additionalProperties: false description: Schema for datastore entities. properties: apiVersion: $ref: '#/components/schemas/EntityV3APIVersion' datadog: $ref: '#/components/schemas/EntityV3DatastoreDatadog' extensions: additionalProperties: {} description: Custom extensions. This is the free-formed field to send client side metadata. No Datadog features are affected by this field. type: object integrations: $ref: '#/components/schemas/EntityV3Integrations' kind: $ref: '#/components/schemas/EntityV3DatastoreKind' metadata: $ref: '#/components/schemas/EntityV3Metadata' spec: $ref: '#/components/schemas/EntityV3DatastoreSpec' required: - apiVersion - kind - metadata type: object EntityV3DatastoreDatadog: additionalProperties: false description: Datadog product integrations for the datastore entity. properties: events: $ref: '#/components/schemas/EntityV3DatadogEvents' logs: $ref: '#/components/schemas/EntityV3DatadogLogs' performanceData: $ref: '#/components/schemas/EntityV3DatadogPerformance' type: object EntityV3DatastoreKind: description: The definition of Entity V3 Datastore Kind object. enum: - datastore example: datastore type: string x-enum-varnames: - DATASTORE EntityV3DatastoreSpec: additionalProperties: false description: The definition of Entity V3 Datastore Spec object. properties: componentOf: description: A list of components the datastore is a part of items: type: string type: array lifecycle: description: The lifecycle state of the datastore. minLength: 1 type: string tier: description: The importance of the datastore. minLength: 1 type: string type: description: The type of datastore. type: string type: object EntityV3Integrations: additionalProperties: false description: A base schema for defining third-party integrations. properties: opsgenie: $ref: '#/components/schemas/EntityV3DatadogIntegrationOpsgenie' pagerduty: $ref: '#/components/schemas/EntityV3DatadogIntegrationPagerduty' type: object EntityV3Metadata: additionalProperties: false description: The definition of Entity V3 Metadata object. properties: additionalOwners: additionalProperties: false description: The additional owners of the entity, usually a team. items: $ref: '#/components/schemas/EntityV3MetadataAdditionalOwnersItems' type: array contacts: additionalProperties: false description: A list of contacts for the entity. items: $ref: '#/components/schemas/EntityV3MetadataContactsItems' type: array description: description: Short description of the entity. The UI can leverage the description for display. type: string displayName: description: User friendly name of the entity. The UI can leverage the display name for display. type: string id: description: A read-only globally unique identifier for the entity generated by Datadog. User supplied values are ignored. example: 4b163705-23c0-4573-b2fb-f6cea2163fcb minLength: 1 type: string inheritFrom: description: The entity reference from which to inherit metadata example: application:default/myapp type: string links: additionalProperties: false description: A list of links for the entity. items: $ref: '#/components/schemas/EntityV3MetadataLinksItems' type: array managed: additionalProperties: {} description: A read-only set of Datadog managed attributes generated by Datadog. User supplied values are ignored. type: object name: description: Unique name given to an entity under the kind/namespace. example: myService minLength: 1 type: string namespace: description: Namespace is a part of unique identifier. It has a default value of 'default'. example: default minLength: 1 type: string owner: description: The owner of the entity, usually a team. type: string tags: description: A set of custom tags. example: - this:tag - that:tag items: type: string type: array required: - name type: object EntityV3MetadataAdditionalOwnersItems: description: The definition of Entity V3 Metadata Additional Owners Items object. properties: name: description: Team name. example: '' type: string type: description: Team type. type: string required: - name type: object EntityV3MetadataContactsItems: additionalProperties: false description: The definition of Entity V3 Metadata Contacts Items object. properties: contact: description: Contact value. example: https://slack/ type: string name: description: Contact name. minLength: 2 type: string type: description: Contact type. example: slack type: string required: - type - contact type: object EntityV3MetadataLinksItems: additionalProperties: false description: The definition of Entity V3 Metadata Links Items object. properties: name: description: Link name. example: mylink type: string provider: description: Link provider. type: string type: default: other description: Link type. example: link type: string url: description: Link URL. example: https://mylink type: string required: - name - type - url type: object EntityV3Queue: additionalProperties: false description: Schema for queue entities. properties: apiVersion: $ref: '#/components/schemas/EntityV3APIVersion' datadog: $ref: '#/components/schemas/EntityV3QueueDatadog' extensions: additionalProperties: {} description: Custom extensions. This is the free-formed field to send client-side metadata. No Datadog features are affected by this field. type: object integrations: $ref: '#/components/schemas/EntityV3Integrations' kind: $ref: '#/components/schemas/EntityV3QueueKind' metadata: $ref: '#/components/schemas/EntityV3Metadata' spec: $ref: '#/components/schemas/EntityV3QueueSpec' required: - apiVersion - kind - metadata type: object EntityV3QueueDatadog: additionalProperties: false description: Datadog product integrations for the datastore entity. properties: events: $ref: '#/components/schemas/EntityV3DatadogEvents' logs: $ref: '#/components/schemas/EntityV3DatadogLogs' performanceData: $ref: '#/components/schemas/EntityV3DatadogPerformance' type: object EntityV3QueueKind: description: The definition of Entity V3 Queue Kind object. enum: - queue example: queue type: string x-enum-varnames: - QUEUE EntityV3QueueSpec: additionalProperties: false description: The definition of Entity V3 Queue Spec object. properties: componentOf: description: A list of components the queue is a part of items: type: string type: array lifecycle: description: The lifecycle state of the queue. minLength: 1 type: string tier: description: The importance of the queue. minLength: 1 type: string type: description: The type of queue. type: string type: object EntityV3Service: additionalProperties: false description: Schema for service entities. properties: apiVersion: $ref: '#/components/schemas/EntityV3APIVersion' datadog: $ref: '#/components/schemas/EntityV3ServiceDatadog' extensions: additionalProperties: {} description: Custom extensions. This is the free-formed field to send client-side metadata. No Datadog features are affected by this field. type: object integrations: $ref: '#/components/schemas/EntityV3Integrations' kind: $ref: '#/components/schemas/EntityV3ServiceKind' metadata: $ref: '#/components/schemas/EntityV3Metadata' spec: $ref: '#/components/schemas/EntityV3ServiceSpec' required: - apiVersion - kind - metadata type: object EntityV3ServiceDatadog: additionalProperties: false description: Datadog product integrations for the service entity. properties: codeLocations: $ref: '#/components/schemas/EntityV3DatadogCodeLocations' events: $ref: '#/components/schemas/EntityV3DatadogEvents' logs: $ref: '#/components/schemas/EntityV3DatadogLogs' performanceData: $ref: '#/components/schemas/EntityV3DatadogPerformance' pipelines: $ref: '#/components/schemas/EntityV3DatadogPipelines' type: object EntityV3ServiceKind: description: The definition of Entity V3 Service Kind object. enum: - service example: service type: string x-enum-varnames: - SERVICE EntityV3ServiceSpec: additionalProperties: false description: The definition of Entity V3 Service Spec object. properties: componentOf: description: A list of components the service is a part of items: type: string type: array dependsOn: description: A list of components the service depends on. items: type: string type: array languages: description: The service's programming language. items: type: string type: array lifecycle: description: The lifecycle state of the component. minLength: 1 type: string tier: description: The importance of the component. minLength: 1 type: string type: description: The type of service. type: string type: object EntityV3System: additionalProperties: false description: Schema for system entities. properties: apiVersion: $ref: '#/components/schemas/EntityV3APIVersion' datadog: $ref: '#/components/schemas/EntityV3SystemDatadog' extensions: additionalProperties: {} description: Custom extensions. This is the free-formed field to send client-side metadata. No Datadog features are affected by this field. type: object integrations: $ref: '#/components/schemas/EntityV3Integrations' kind: $ref: '#/components/schemas/EntityV3SystemKind' metadata: $ref: '#/components/schemas/EntityV3Metadata' spec: $ref: '#/components/schemas/EntityV3SystemSpec' required: - apiVersion - kind - metadata type: object EntityV3SystemDatadog: additionalProperties: false description: Datadog product integrations for the service entity. properties: events: $ref: '#/components/schemas/EntityV3DatadogEvents' logs: $ref: '#/components/schemas/EntityV3DatadogLogs' performanceData: $ref: '#/components/schemas/EntityV3DatadogPerformance' pipelines: $ref: '#/components/schemas/EntityV3DatadogPipelines' type: object EntityV3SystemKind: description: The definition of Entity V3 System Kind object. enum: - system example: system type: string x-enum-varnames: - SYSTEM EntityV3SystemSpec: additionalProperties: false description: The definition of Entity V3 System Spec object. properties: components: description: A list of components belongs to the system. items: type: string type: array lifecycle: description: The lifecycle state of the component. minLength: 1 type: string tier: description: An entity reference to the owner of the component. minLength: 1 type: string type: object ErrorHandler: description: Used to handle errors in an action. properties: fallbackStepName: description: The `ErrorHandler` `fallbackStepName`. example: '' type: string retryStrategy: $ref: '#/components/schemas/RetryStrategy' required: - retryStrategy - fallbackStepName type: object Escalation: description: Represents an escalation policy step. properties: id: description: Unique identifier of the escalation step. type: string relationships: $ref: '#/components/schemas/EscalationRelationships' type: $ref: '#/components/schemas/EscalationType' required: - type type: object EscalationPolicy: description: Represents a complete escalation policy response, including policy data and optionally included related resources. example: data: attributes: name: Escalation Policy 1 resolve_page_on_policy_end: true retries: 2 id: 00000000-aba1-0000-0000-000000000000 relationships: steps: data: - id: 00000000-aba1-0000-0000-000000000000 type: steps teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: policies included: - attributes: avatar: '' description: Team 1 description handle: team1 name: Team 1 id: 00000000-da3a-0000-0000-000000000000 type: teams - attributes: assignment: default escalate_after_seconds: 3600 id: 00000000-aba1-0000-0000-000000000000 relationships: targets: data: - id: 00000000-aba1-0000-0000-000000000000 type: users - id: 00000000-aba2-0000-0000-000000000000 type: schedules - id: 00000000-aba3-0000-0000-000000000000 type: teams type: steps - id: 00000000-aba1-0000-0000-000000000000 type: users - id: 00000000-aba2-0000-0000-000000000000 type: schedules - id: 00000000-aba3-0000-0000-000000000000 type: teams properties: data: $ref: '#/components/schemas/EscalationPolicyData' included: description: Provides any included related resources, such as steps or targets, returned with the policy. items: $ref: '#/components/schemas/EscalationPolicyIncluded' type: array type: object EscalationPolicyCreateRequest: description: Represents a request to create a new escalation policy, including the policy data. example: data: attributes: name: Escalation Policy 1 resolve_page_on_policy_end: true retries: 2 steps: - assignment: default escalate_after_seconds: 3600 targets: - id: 00000000-aba1-0000-0000-000000000000 type: users - id: 00000000-aba2-0000-0000-000000000000 type: schedules - id: 00000000-aba3-0000-0000-000000000000 type: teams - assignment: round-robin escalate_after_seconds: 3600 targets: - id: 00000000-aba1-0000-0000-000000000000 type: users - id: 00000000-abb1-0000-0000-000000000000 type: users relationships: teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: policies properties: data: $ref: '#/components/schemas/EscalationPolicyCreateRequestData' required: - data type: object EscalationPolicyCreateRequestData: description: Represents the data for creating an escalation policy, including its attributes, relationships, and resource type. properties: attributes: $ref: '#/components/schemas/EscalationPolicyCreateRequestDataAttributes' relationships: $ref: '#/components/schemas/EscalationPolicyCreateRequestDataRelationships' type: $ref: '#/components/schemas/EscalationPolicyCreateRequestDataType' required: - type - attributes type: object EscalationPolicyCreateRequestDataAttributes: description: Defines the attributes for creating an escalation policy, including its description, name, resolution behavior, retries, and steps. properties: name: description: Specifies the name for the new escalation policy. example: On-Call Escalation Policy type: string resolve_page_on_policy_end: description: Indicates whether the page is automatically resolved when the policy ends. type: boolean retries: description: Specifies how many times the escalation sequence is retried if there is no response. format: int64 type: integer steps: description: A list of escalation steps, each defining assignment, escalation timeout, and targets for the new policy. items: $ref: '#/components/schemas/EscalationPolicyCreateRequestDataAttributesStepsItems' type: array required: - name - steps type: object EscalationPolicyCreateRequestDataAttributesStepsItems: description: Defines a single escalation step within an escalation policy creation request. Contains assignment strategy, escalation timeout, and a list of targets. properties: assignment: $ref: '#/components/schemas/EscalationPolicyStepAttributesAssignment' escalate_after_seconds: description: Defines how many seconds to wait before escalating to the next step. example: 3600 format: int64 type: integer targets: description: Specifies the collection of escalation targets for this step. example: - users items: $ref: '#/components/schemas/EscalationPolicyStepTarget' type: array required: - targets type: object EscalationPolicyCreateRequestDataRelationships: description: Represents relationships in an escalation policy creation request, including references to teams. properties: teams: $ref: '#/components/schemas/DataRelationshipsTeams' type: object EscalationPolicyCreateRequestDataType: default: policies description: Indicates that the resource is of type `policies`. enum: - policies example: policies type: string x-enum-varnames: - POLICIES EscalationPolicyData: description: Represents the data for a single escalation policy, including its attributes, ID, relationships, and resource type. properties: attributes: $ref: '#/components/schemas/EscalationPolicyDataAttributes' id: description: Specifies the unique identifier of the escalation policy. example: ab000000-0000-0000-0000-000000000000 type: string relationships: $ref: '#/components/schemas/EscalationPolicyDataRelationships' type: $ref: '#/components/schemas/EscalationPolicyDataType' required: - type type: object EscalationPolicyDataAttributes: description: Defines the main attributes of an escalation policy, such as its name and behavior on policy end. properties: name: description: Specifies the name of the escalation policy. example: On-Call Escalation Policy type: string resolve_page_on_policy_end: description: Indicates whether the page is automatically resolved when the policy ends. type: boolean retries: description: Specifies how many times the escalation sequence is retried if there is no response. format: int64 type: integer required: - name type: object EscalationPolicyDataRelationships: description: Represents the relationships for an escalation policy, including references to steps and teams. properties: steps: $ref: '#/components/schemas/EscalationPolicyDataRelationshipsSteps' teams: $ref: '#/components/schemas/DataRelationshipsTeams' required: - steps type: object EscalationPolicyDataRelationshipsSteps: description: Defines the relationship to a collection of steps within an escalation policy. Contains an array of step data references. properties: data: description: An array of references to the steps defined in this escalation policy. items: $ref: '#/components/schemas/EscalationPolicyDataRelationshipsStepsDataItems' type: array type: object EscalationPolicyDataRelationshipsStepsDataItems: description: Defines a relationship to a single step within an escalation policy. Contains the step's `id` and `type`. properties: id: description: Specifies the unique identifier for the step resource. example: 00000000-aba1-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/EscalationPolicyDataRelationshipsStepsDataItemsType' required: - type - id type: object EscalationPolicyDataRelationshipsStepsDataItemsType: default: steps description: Indicates that the resource is of type `steps`. enum: - steps example: steps type: string x-enum-varnames: - STEPS EscalationPolicyDataType: default: policies description: Indicates that the resource is of type `policies`. enum: - policies example: policies type: string x-enum-varnames: - POLICIES EscalationPolicyIncluded: description: Represents included related resources when retrieving an escalation policy, such as teams, steps, or targets. oneOf: - $ref: '#/components/schemas/TeamReference' - $ref: '#/components/schemas/EscalationPolicyStep' - $ref: '#/components/schemas/EscalationPolicyUser' - $ref: '#/components/schemas/ScheduleData' EscalationPolicyStep: description: Represents a single step in an escalation policy, including its attributes, relationships, and resource type. properties: attributes: $ref: '#/components/schemas/EscalationPolicyStepAttributes' id: description: Specifies the unique identifier of this escalation policy step. type: string relationships: $ref: '#/components/schemas/EscalationPolicyStepRelationships' type: $ref: '#/components/schemas/EscalationPolicyStepType' required: - type type: object EscalationPolicyStepAttributes: description: Defines attributes for an escalation policy step, such as assignment strategy and escalation timeout. properties: assignment: $ref: '#/components/schemas/EscalationPolicyStepAttributesAssignment' escalate_after_seconds: description: Specifies how many seconds to wait before escalating to the next step. format: int64 type: integer type: object EscalationPolicyStepAttributesAssignment: description: Specifies how this escalation step will assign targets (example `default` or `round-robin`). enum: - default - round-robin type: string x-enum-varnames: - DEFAULT - ROUND_ROBIN EscalationPolicyStepRelationships: description: Represents the relationship of an escalation policy step to its targets. properties: targets: $ref: '#/components/schemas/EscalationTargets' type: object EscalationPolicyStepTarget: description: Defines a single escalation target within a step for an escalation policy creation request. Contains `id` and `type`. properties: id: description: Specifies the unique identifier for this target. example: 00000000-aba1-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/EscalationPolicyStepTargetType' type: object EscalationPolicyStepTargetType: description: Specifies the type of escalation target (example `users`, `schedules`, or `teams`). enum: - users - schedules - teams example: users type: string x-enum-varnames: - USERS - SCHEDULES - TEAMS EscalationPolicyStepType: default: steps description: Indicates that the resource is of type `steps`. enum: - steps example: steps type: string x-enum-varnames: - STEPS EscalationPolicyUpdateRequest: description: Represents a request to update an existing escalation policy, including the updated policy data. example: data: attributes: name: Escalation Policy 1 resolve_page_on_policy_end: false retries: 2 steps: - assignment: default escalate_after_seconds: 3600 id: 00000000-aba1-0000-0000-000000000000 targets: - id: 00000000-aba1-0000-0000-000000000000 type: users - id: 00000000-aba2-0000-0000-000000000000 type: schedules id: a3000000-0000-0000-0000-000000000000 relationships: teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: policies properties: data: $ref: '#/components/schemas/EscalationPolicyUpdateRequestData' required: - data type: object EscalationPolicyUpdateRequestData: description: Represents the data for updating an existing escalation policy, including its ID, attributes, relationships, and resource type. properties: attributes: $ref: '#/components/schemas/EscalationPolicyUpdateRequestDataAttributes' id: description: Specifies the unique identifier of the escalation policy being updated. example: 00000000-aba1-0000-0000-000000000000 type: string relationships: $ref: '#/components/schemas/EscalationPolicyUpdateRequestDataRelationships' type: $ref: '#/components/schemas/EscalationPolicyUpdateRequestDataType' required: - type - id - attributes type: object EscalationPolicyUpdateRequestDataAttributes: description: Defines the attributes that can be updated for an escalation policy, such as description, name, resolution behavior, retries, and steps. properties: name: description: Specifies the name of the escalation policy. example: On-Call Escalation Policy type: string resolve_page_on_policy_end: description: Indicates whether the page is automatically resolved when the policy ends. type: boolean retries: description: Specifies how many times the escalation sequence is retried if there is no response. format: int64 type: integer steps: description: A list of escalation steps, each defining assignment, escalation timeout, and targets. items: $ref: '#/components/schemas/EscalationPolicyUpdateRequestDataAttributesStepsItems' type: array required: - name - steps type: object EscalationPolicyUpdateRequestDataAttributesStepsItems: description: Defines a single escalation step within an escalation policy update request. Contains assignment strategy, escalation timeout, an optional step ID, and a list of targets. properties: assignment: $ref: '#/components/schemas/EscalationPolicyStepAttributesAssignment' escalate_after_seconds: description: Defines how many seconds to wait before escalating to the next step. example: 3600 format: int64 type: integer id: description: Specifies the unique identifier of this step. example: 00000000-aba1-0000-0000-000000000000 type: string targets: description: Specifies the collection of escalation targets for this step. items: $ref: '#/components/schemas/EscalationPolicyStepTarget' type: array required: - targets type: object EscalationPolicyUpdateRequestDataRelationships: description: Represents relationships in an escalation policy update request, including references to teams. properties: teams: $ref: '#/components/schemas/DataRelationshipsTeams' type: object EscalationPolicyUpdateRequestDataType: default: policies description: Indicates that the resource is of type `policies`. enum: - policies example: policies type: string x-enum-varnames: - POLICIES EscalationPolicyUser: description: Represents a user object in the context of an escalation policy, including their `id`, type, and basic attributes. properties: attributes: $ref: '#/components/schemas/EscalationPolicyUserAttributes' id: description: The unique user identifier. type: string type: $ref: '#/components/schemas/EscalationPolicyUserType' required: - type type: object EscalationPolicyUserAttributes: description: Provides basic user information for an escalation policy, including a name and email address. properties: email: description: The user's email address. example: jane.doe@example.com type: string name: description: The user's name. example: Jane Doe type: string status: $ref: '#/components/schemas/UserAttributesStatus' type: object EscalationPolicyUserType: default: users description: Users resource type. enum: - users example: users type: string x-enum-varnames: - USERS EscalationRelationships: description: Contains the relationships of an escalation object, including its responders. properties: responders: $ref: '#/components/schemas/EscalationRelationshipsResponders' type: object EscalationRelationshipsResponders: description: Lists the users involved in a specific step of the escalation policy. properties: data: description: Array of user references assigned as responders for this escalation step. items: $ref: '#/components/schemas/EscalationRelationshipsRespondersDataItems' type: array type: object EscalationRelationshipsRespondersDataItems: description: Represents a user assigned to an escalation step. properties: id: description: Unique identifier of the user assigned to the escalation step. example: '' type: string type: $ref: '#/components/schemas/EscalationRelationshipsRespondersDataItemsType' required: - type - id type: object EscalationRelationshipsRespondersDataItemsType: default: users description: Represents the resource type for users assigned as responders in an escalation step. enum: - users example: users type: string x-enum-varnames: - USERS EscalationTarget: description: Represents an escalation target, which can be a team, user, or schedule. oneOf: - $ref: '#/components/schemas/TeamTarget' - $ref: '#/components/schemas/UserTarget' - $ref: '#/components/schemas/ScheduleTarget' EscalationTargets: description: A list of escalation targets for a step properties: data: description: The `EscalationTargets` `data`. items: $ref: '#/components/schemas/EscalationTarget' type: array type: object EscalationType: default: escalation_policy_steps description: Represents the resource type for individual steps in an escalation policy used during incident response. enum: - escalation_policy_steps example: escalation_policy_steps type: string x-enum-varnames: - ESCALATION_POLICY_STEPS Event: description: The metadata associated with a request. properties: id: description: Event ID. example: '6509751066204996294' type: string name: description: The event name. type: string source_id: description: Event source ID. example: 36 format: int64 type: integer type: description: Event type. example: error_tracking_alert type: string type: object EventAttributes: description: Object description of attributes from your event. properties: aggregation_key: description: Aggregation key of the event. type: string date_happened: description: 'POSIX timestamp of the event. Must be sent as an integer (no quotation marks). Limited to events no older than 18 hours.' format: int64 type: integer device_name: description: A device name. type: string duration: description: The duration between the triggering of the event and its recovery in nanoseconds. format: int64 type: integer event_object: description: The event title. example: Did you hear the news today? type: string evt: $ref: '#/components/schemas/Event' hostname: description: 'Host name to associate with the event. Any tags associated with the host are also applied to this event.' type: string monitor: $ref: '#/components/schemas/MonitorType' monitor_groups: description: List of groups referred to in the event. items: description: Group referred to in the event. type: string nullable: true type: array monitor_id: description: ID of the monitor that triggered the event. When an event isn't related to a monitor, this field is empty. format: int64 nullable: true type: integer priority: $ref: '#/components/schemas/EventPriority' related_event_id: description: Related event ID. format: int64 type: integer service: description: Service that triggered the event. example: datadog-api type: string source_type_name: description: 'The type of event being posted. For example, `nagios`, `hudson`, `jenkins`, `my_apps`, `chef`, `puppet`, `git` or `bitbucket`. The list of standard source attribute values is [available here](https://docs.datadoghq.com/integrations/faq/list-of-api-source-attribute-value).' type: string sourcecategory: description: Identifier for the source of the event, such as a monitor alert, an externally-submitted event, or an integration. type: string status: $ref: '#/components/schemas/EventStatusType' tags: description: A list of tags to apply to the event. example: - environment:test items: description: A tag. type: string type: array timestamp: description: POSIX timestamp of your event in milliseconds. example: 1652274265000 format: int64 type: integer title: description: The event title. example: Oh boy! type: string type: object EventCategory: description: Event category to identify the type of event. Only the value `change` is supported. Support for other categories are coming. please reach out to datadog support if you're interested. enum: - change example: change type: string x-enum-varnames: - CHANGE EventCreateRequest: description: Object representing an event creation request. properties: attributes: $ref: '#/components/schemas/EventPayload' type: $ref: '#/components/schemas/EventCreateRequestType' type: object EventCreateRequestPayload: description: Payload for creating an event. properties: data: $ref: '#/components/schemas/EventCreateRequest' type: object EventCreateRequestType: description: Entity type. enum: - event example: event type: string x-enum-varnames: - EVENT EventCreateResponse: description: Object containing an event response. properties: attributes: $ref: '#/components/schemas/EventCreateResponseAttributes' type: description: Event type example: event type: string type: object EventCreateResponseAttributes: description: JSON object containing all events attributes and their associated values. properties: attributes: $ref: '#/components/schemas/EventCreateResponseAttributesAttributes' type: object EventCreateResponseAttributesAttributes: description: JSON object of attributes from your events. properties: evt: $ref: '#/components/schemas/EventCreateResponseAttributesAttributesEvt' type: object EventCreateResponseAttributesAttributesEvt: description: JSON object of event system attributes. properties: id: description: Event id type: string type: object EventCreateResponsePayload: description: Response containing information about created event. properties: data: $ref: '#/components/schemas/EventCreateResponse' type: object EventPayload: description: Event attributes. properties: aggregation_key: description: An arbitrary string to use for aggregation when correlating events. Limited to 100 characters. maxLength: 100 type: string attributes: $ref: '#/components/schemas/EventPayloadAttributes' category: $ref: '#/components/schemas/EventCategory' message: description: The body of the event. Limited to 4000 characters. example: payment_processed feature flag has been enabled maxLength: 4000 type: string tags: description: 'A list of tags to apply to the event. Refer to [Tags docs](https://docs.datadoghq.com/getting_started/tagging/).' example: - env:test items: description: A tag. type: string type: array timestamp: description: 'Timestamp when the event occurred. Must follow [ISO 8601](https://www.iso.org/iso-8601-date-and-time-format.html) format. For example `"2017-01-15T01:30:15.010000Z"`. Defaults to the timestamp of receipt. Limited to values no older than 18 hours.' type: string title: description: The event title. Limited to 500 characters. example: payment_processed feature flag updated maxLength: 500 type: string required: - title - category - attributes type: object EventPayloadAttributes: description: JSON object for custom attributes. Schema are different per each event category. oneOf: - $ref: '#/components/schemas/ChangeEventCustomAttributes' EventPriority: description: The priority of the event's monitor. For example, `normal` or `low`. enum: - normal - low example: normal nullable: true type: string x-enum-varnames: - NORMAL - LOW EventResponse: description: The object description of an event after being processed and stored by Datadog. properties: attributes: $ref: '#/components/schemas/EventResponseAttributes' id: description: the unique ID of the event. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: '#/components/schemas/EventType' type: object EventResponseAttributes: description: The object description of an event response attribute. properties: attributes: $ref: '#/components/schemas/EventAttributes' message: description: The message of the event. type: string tags: description: An array of tags associated with the event. example: - team:A items: description: The tag associated with the event. type: string type: array timestamp: description: The timestamp of the event. example: '2019-01-02T09:42:36.320Z' format: date-time type: string type: object EventStatusType: description: 'If an alert event is enabled, its status is one of the following: `failure`, `error`, `warning`, `info`, `success`, `user_update`, `recommendation`, or `snapshot`.' enum: - failure - error - warning - info - success - user_update - recommendation - snapshot example: info type: string x-enum-varnames: - FAILURE - ERROR - WARNING - INFO - SUCCESS - USER_UPDATE - RECOMMENDATION - SNAPSHOT EventType: default: event description: Type of the event. enum: - event example: event type: string x-enum-varnames: - EVENT EventsAggregation: default: count description: The type of aggregation that can be performed on events-based queries. enum: - count - cardinality - pc75 - pc90 - pc95 - pc98 - pc99 - sum - min - max - avg example: count type: string x-enum-varnames: - COUNT - CARDINALITY - PC75 - PC90 - PC95 - PC98 - PC99 - SUM - MIN - MAX - AVG EventsCompute: description: The instructions for what to compute for this query. properties: aggregation: $ref: '#/components/schemas/EventsAggregation' interval: description: Interval for compute in milliseconds. example: 60000 format: int64 type: integer metric: description: The "measure" attribute on which to perform the computation. type: string required: - aggregation type: object EventsDataSource: default: logs description: A data source that is powered by the Events Platform. enum: - logs - rum example: logs type: string x-enum-varnames: - LOGS - RUM EventsGroupBy: description: A dimension on which to split a query's results. properties: facet: description: The facet by which to split groups. example: '@error.type' type: string limit: default: 10 description: 'The maximum buckets to return for this group by. Note: at most 10000 buckets are allowed. If grouping by multiple facets, the product of limits must not exceed 10000.' example: 10 format: int32 maximum: 10000 type: integer sort: $ref: '#/components/schemas/EventsGroupBySort' required: - facet type: object EventsGroupBySort: description: The dimension by which to sort a query's results. properties: aggregation: $ref: '#/components/schemas/EventsAggregation' metric: description: The metric's calculated value which should be used to define the sort order of a query's results. example: '@duration' type: string order: $ref: '#/components/schemas/QuerySortOrder' type: $ref: '#/components/schemas/EventsSortType' required: - aggregation type: object EventsListRequest: description: The object sent with the request to retrieve a list of events from your organization. properties: filter: $ref: '#/components/schemas/EventsQueryFilter' options: $ref: '#/components/schemas/EventsQueryOptions' page: $ref: '#/components/schemas/EventsRequestPage' sort: $ref: '#/components/schemas/EventsSort' type: object EventsListResponse: description: The response object with all events matching the request and pagination information. properties: data: description: An array of events matching the request. items: $ref: '#/components/schemas/EventResponse' type: array links: $ref: '#/components/schemas/EventsListResponseLinks' meta: $ref: '#/components/schemas/EventsResponseMetadata' type: object EventsListResponseLinks: description: Links attributes. properties: next: description: 'Link for the next set of results. Note that the request can also be made using the POST endpoint.' example: https://app.datadoghq.com/api/v2/events?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object EventsQueryFilter: description: The search and filter query settings. properties: from: default: now-15m description: The minimum time for the requested events. Supports date math and regular timestamps in milliseconds. example: now-15m type: string query: default: '*' description: The search query following the event search syntax. example: service:web* AND @http.status_code:[200 TO 299] type: string to: default: now description: The maximum time for the requested events. Supports date math and regular timestamps in milliseconds. example: now type: string type: object EventsQueryGroupBys: description: The list of facets on which to split results. items: $ref: '#/components/schemas/EventsGroupBy' type: array EventsQueryOptions: description: 'The global query options that are used. Either provide a timezone or a time offset but not both, otherwise the query fails.' properties: timeOffset: description: The time offset to apply to the query in seconds. format: int64 type: integer timezone: default: UTC description: The timezone can be specified as GMT, UTC, an offset from UTC (like UTC+1), or as a Timezone Database identifier (like America/New_York). example: GMT type: string type: object EventsRequestPage: description: Pagination settings. properties: cursor: description: The returned paging point to use to get the next results. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string limit: default: 10 description: The maximum number of logs in the response. example: 25 format: int32 maximum: 1000 type: integer type: object EventsResponseMetadata: description: The metadata associated with a request. properties: elapsed: description: The time elapsed in milliseconds. example: 132 format: int64 type: integer page: $ref: '#/components/schemas/EventsResponseMetadataPage' request_id: description: The identifier of the request. example: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR type: string status: description: The request status. example: done type: string warnings: description: 'A list of warnings (non-fatal errors) encountered. Partial results might be returned if warnings are present in the response.' items: $ref: '#/components/schemas/EventsWarning' type: array type: object EventsResponseMetadataPage: description: Pagination attributes. properties: after: description: 'The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of the `page[cursor]`.' example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object EventsScalarQuery: description: An individual scalar events query. properties: compute: $ref: '#/components/schemas/EventsCompute' data_source: $ref: '#/components/schemas/EventsDataSource' group_by: $ref: '#/components/schemas/EventsQueryGroupBys' indexes: description: The indexes in which to search. example: - main items: description: The unique index name. example: main type: string type: array name: description: The variable name for use in formulas. type: string search: $ref: '#/components/schemas/EventsSearch' required: - data_source - compute type: object EventsSearch: description: Configuration of the search/filter for an events query. properties: query: description: The search/filter string for an events query. example: status:warn service:foo type: string type: object EventsSort: description: The sort parameters when querying events. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING EventsSortType: description: The type of sort to use on the calculated value. enum: - alphabetical - measure type: string x-enum-varnames: - ALPHABETICAL - MEASURE EventsTimeseriesQuery: description: An individual timeseries events query. properties: compute: $ref: '#/components/schemas/EventsCompute' data_source: $ref: '#/components/schemas/EventsDataSource' group_by: $ref: '#/components/schemas/EventsQueryGroupBys' indexes: description: The indexes in which to search. example: - main items: description: The unique index name. example: main type: string type: array name: description: The variable name for use in formulas. type: string search: $ref: '#/components/schemas/EventsSearch' required: - data_source - compute type: object EventsWarning: description: A warning message indicating something is wrong with the query. properties: code: description: A unique code for this type of warning. example: unknown_index type: string detail: description: A detailed explanation of this specific warning. example: 'indexes: foo, bar' type: string title: description: A short human-readable summary of the warning. example: One or several indexes are missing or invalid. Results hold data from the other indexes. type: string type: object FastlyAccounResponseAttributes: description: Attributes object of a Fastly account. properties: name: description: The name of the Fastly account. example: test-name type: string services: description: A list of services belonging to the parent account. items: $ref: '#/components/schemas/FastlyService' type: array required: - name type: object FastlyAccountCreateRequest: description: Payload schema when adding a Fastly account. properties: data: $ref: '#/components/schemas/FastlyAccountCreateRequestData' required: - data type: object FastlyAccountCreateRequestAttributes: description: Attributes object for creating a Fastly account. properties: api_key: description: The API key for the Fastly account. example: ABCDEFG123 type: string name: description: The name of the Fastly account. example: test-name type: string services: description: A list of services belonging to the parent account. items: $ref: '#/components/schemas/FastlyService' type: array required: - api_key - name type: object FastlyAccountCreateRequestData: description: Data object for creating a Fastly account. properties: attributes: $ref: '#/components/schemas/FastlyAccountCreateRequestAttributes' type: $ref: '#/components/schemas/FastlyAccountType' required: - attributes - type type: object FastlyAccountResponse: description: The expected response schema when getting a Fastly account. properties: data: $ref: '#/components/schemas/FastlyAccountResponseData' type: object FastlyAccountResponseData: description: Data object of a Fastly account. properties: attributes: $ref: '#/components/schemas/FastlyAccounResponseAttributes' id: description: The ID of the Fastly account, a hash of the account name. example: abc123 type: string type: $ref: '#/components/schemas/FastlyAccountType' required: - attributes - id - type type: object FastlyAccountType: default: fastly-accounts description: The JSON:API type for this API. Should always be `fastly-accounts`. enum: - fastly-accounts example: fastly-accounts type: string x-enum-varnames: - FASTLY_ACCOUNTS FastlyAccountUpdateRequest: description: Payload schema when updating a Fastly account. properties: data: $ref: '#/components/schemas/FastlyAccountUpdateRequestData' required: - data type: object FastlyAccountUpdateRequestAttributes: description: Attributes object for updating a Fastly account. properties: api_key: description: The API key of the Fastly account. example: ABCDEFG123 type: string name: description: The name of the Fastly account. type: string type: object FastlyAccountUpdateRequestData: description: Data object for updating a Fastly account. properties: attributes: $ref: '#/components/schemas/FastlyAccountUpdateRequestAttributes' type: $ref: '#/components/schemas/FastlyAccountType' type: object FastlyAccountsResponse: description: The expected response schema when getting Fastly accounts. properties: data: description: The JSON:API data schema. items: $ref: '#/components/schemas/FastlyAccountResponseData' type: array type: object FastlyService: description: The schema representation of a Fastly service. properties: id: description: The ID of the Fastly service example: 6abc7de6893AbcDe9fghIj type: string tags: description: A list of tags for the Fastly service. example: - myTag - myTag2:myValue items: type: string type: array required: - id type: object FastlyServiceAttributes: description: Attributes object for Fastly service requests. properties: tags: description: A list of tags for the Fastly service. example: - myTag - myTag2:myValue items: type: string type: array type: object FastlyServiceData: description: Data object for Fastly service requests. properties: attributes: $ref: '#/components/schemas/FastlyServiceAttributes' id: description: The ID of the Fastly service. example: abc123 type: string type: $ref: '#/components/schemas/FastlyServiceType' required: - id - type type: object FastlyServiceRequest: description: Payload schema for Fastly service requests. properties: data: $ref: '#/components/schemas/FastlyServiceData' required: - data type: object FastlyServiceResponse: description: The expected response schema when getting a Fastly service. properties: data: $ref: '#/components/schemas/FastlyServiceData' type: object FastlyServiceType: default: fastly-services description: The JSON:API type for this API. Should always be `fastly-services`. enum: - fastly-services example: fastly-services type: string x-enum-varnames: - FASTLY_SERVICES FastlyServicesResponse: description: The expected response schema when getting Fastly services. properties: data: description: The JSON:API data schema. items: $ref: '#/components/schemas/FastlyServiceData' type: array type: object Finding: description: A single finding without the message and resource configuration. properties: attributes: $ref: '#/components/schemas/FindingAttributes' id: $ref: '#/components/schemas/FindingID' type: $ref: '#/components/schemas/FindingType' type: object FindingAttributes: description: The JSON:API attributes of the finding. properties: datadog_link: $ref: '#/components/schemas/FindingDatadogLink' description: $ref: '#/components/schemas/FindingDescription' evaluation: $ref: '#/components/schemas/FindingEvaluation' evaluation_changed_at: $ref: '#/components/schemas/FindingEvaluationChangedAt' external_id: $ref: '#/components/schemas/FindingExternalId' mute: $ref: '#/components/schemas/FindingMute' resource: $ref: '#/components/schemas/FindingResource' resource_discovery_date: $ref: '#/components/schemas/FindingResourceDiscoveryDate' resource_type: $ref: '#/components/schemas/FindingResourceType' rule: $ref: '#/components/schemas/FindingRule' status: $ref: '#/components/schemas/FindingStatus' tags: $ref: '#/components/schemas/FindingTags' vulnerability_type: $ref: '#/components/schemas/FindingVulnerabilityType' type: object FindingDatadogLink: description: The Datadog relative link for this finding. example: /security/compliance?panels=cpfinding%7Cevent%7CruleId%3Adef-000-u5t%7CresourceId%3Ae8c9ab7c52ebd7bf2fdb4db641082d7d%7CtabId%3Aoverview type: string FindingDescription: description: The description and remediation steps for this finding. example: '## Remediation 1. In the console, go to **Storage Account**. 2. For each Storage Account, navigate to **Data Protection**. 3. Select **Set soft delete enabled** and enter the number of days to retain soft deleted data.' type: string FindingEvaluation: description: The evaluation of the finding. enum: - pass - fail example: pass type: string x-enum-varnames: - PASS - FAIL FindingEvaluationChangedAt: description: The date on which the evaluation for this finding changed (Unix ms). example: 1678721573794 format: int64 minimum: 1 type: integer FindingExternalId: description: The cloud-based ID for the resource related to the finding. example: arn:aws:s3:::my-example-bucket type: string FindingID: description: The unique ID for this finding. example: ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw== type: string FindingMute: additionalProperties: false description: Information about the mute status of this finding. properties: description: description: Additional information about the reason why this finding is muted or unmuted. example: To be resolved later type: string expiration_date: description: The expiration date of the mute or unmute action (Unix ms). example: 1778721573794 format: int64 type: integer muted: description: Whether this finding is muted or unmuted. example: true type: boolean reason: $ref: '#/components/schemas/FindingMuteReason' start_date: description: The start of the mute period. example: 1678721573794 format: int64 type: integer uuid: description: The ID of the user who muted or unmuted this finding. example: e51c9744-d158-11ec-ad23-da7ad0900002 type: string type: object FindingMuteReason: description: The reason why this finding is muted or unmuted. enum: - PENDING_FIX - FALSE_POSITIVE - ACCEPTED_RISK - NO_PENDING_FIX - HUMAN_ERROR - NO_LONGER_ACCEPTED_RISK - OTHER example: ACCEPTED_RISK type: string x-enum-varnames: - PENDING_FIX - FALSE_POSITIVE - ACCEPTED_RISK - NO_PENDING_FIX - HUMAN_ERROR - NO_LONGER_ACCEPTED_RISK - OTHER FindingResource: description: The resource name of this finding. example: my_resource_name type: string FindingResourceDiscoveryDate: description: The date on which the resource was discovered (Unix ms). example: 1678721573794 format: int64 minimum: 1 type: integer FindingResourceType: description: The resource type of this finding. example: azure_storage_account type: string FindingRule: additionalProperties: false description: The rule that triggered this finding. properties: id: description: The ID of the rule that triggered this finding. example: dv2-jzf-41i type: string name: description: The name of the rule that triggered this finding. example: Soft delete is enabled for Azure Storage type: string type: object FindingStatus: description: The status of the finding. enum: - critical - high - medium - low - info example: critical type: string x-enum-varnames: - CRITICAL - HIGH - MEDIUM - LOW - INFO FindingTags: description: The tags associated with this finding. example: - cloud_provider:aws - myTag:myValue items: description: The list of tags. type: string type: array FindingType: default: finding description: The JSON:API type for findings. enum: - finding example: finding type: string x-enum-varnames: - FINDING FindingVulnerabilityType: description: The vulnerability type of the finding. enum: - misconfiguration - attack_path - identity_risk - api_security example: misconfiguration type: string x-enum-varnames: - MISCONFIGURATION - ATTACK_PATH - IDENTITY_RISK - API_SECURITY FormulaLimit: description: 'Message for specifying limits to the number of values returned by a query. This limit is only for scalar queries and has no effect on timeseries queries.' properties: count: description: The number of results to which to limit. example: 10 format: int32 maximum: 2147483647 type: integer order: $ref: '#/components/schemas/QuerySortOrder' type: object FrameworkHandleAndVersionResponseData: description: Contains type and attributes for custom frameworks. properties: attributes: $ref: '#/components/schemas/CustomFrameworkDataHandleAndVersion' id: description: The ID of the custom framework. example: handle-version type: string type: $ref: '#/components/schemas/CustomFrameworkType' required: - id - type - attributes type: object FullAPIKey: description: Datadog API key. properties: attributes: $ref: '#/components/schemas/FullAPIKeyAttributes' id: description: ID of the API key. type: string relationships: $ref: '#/components/schemas/APIKeyRelationships' type: $ref: '#/components/schemas/APIKeysType' type: object FullAPIKeyAttributes: description: Attributes of a full API key. properties: category: description: The category of the API key. type: string created_at: description: Creation date of the API key. example: '2020-11-23T10:00:00.000Z' format: date-time readOnly: true type: string key: description: The API key. readOnly: true type: string last4: description: The last four characters of the API key. example: abcd maxLength: 4 minLength: 4 readOnly: true type: string modified_at: description: Date the API key was last modified. example: '2020-11-23T10:00:00.000Z' format: date-time readOnly: true type: string name: description: Name of the API key. example: API Key for submitting metrics type: string remote_config_read_enabled: description: The remote config read enabled status. type: boolean type: object FullApplicationKey: description: Datadog application key. properties: attributes: $ref: '#/components/schemas/FullApplicationKeyAttributes' id: description: ID of the application key. type: string relationships: $ref: '#/components/schemas/ApplicationKeyRelationships' type: $ref: '#/components/schemas/ApplicationKeysType' type: object FullApplicationKeyAttributes: description: Attributes of a full application key. properties: created_at: description: Creation date of the application key. example: '2020-11-23T10:00:00.000Z' format: date-time readOnly: true type: string key: description: The application key. readOnly: true type: string last4: description: The last four characters of the application key. example: abcd maxLength: 4 minLength: 4 readOnly: true type: string name: description: Name of the application key. example: Application Key for managing dashboards type: string scopes: description: Array of scopes to grant the application key. example: - dashboards_read - dashboards_write - dashboards_public_share items: description: Name of scope. type: string nullable: true type: array type: object FullCustomFrameworkData: description: Contains type and attributes for custom frameworks. properties: attributes: $ref: '#/components/schemas/FullCustomFrameworkDataAttributes' id: description: The ID of the custom framework. example: handle-version type: string type: $ref: '#/components/schemas/CustomFrameworkType' required: - id - type - attributes type: object FullCustomFrameworkDataAttributes: description: Full Framework Data Attributes. properties: handle: description: Framework Handle example: sec2 type: string icon_url: description: Framework Icon URL example: https://example.com/icon.png type: string name: description: Framework Name example: security-framework type: string requirements: description: Framework Requirements items: $ref: '#/components/schemas/CustomFrameworkRequirement' type: array version: description: Framework Version example: '2' type: string required: - handle - version - name - requirements type: object GCPMetricNamespaceConfig: description: Configuration for a GCP metric namespace. properties: disabled: default: false description: When disabled, Datadog does not collect metrics that are related to this GCP metric namespace. example: true type: boolean id: description: The id of the GCP metric namespace. example: aiplatform type: string type: object GCPSTSDelegateAccount: description: Datadog principal service account info. properties: attributes: $ref: '#/components/schemas/GCPSTSDelegateAccountAttributes' id: description: The ID of the delegate service account. example: ddgci-1a19n28hb1a812221893@datadog-gci-sts-us5-prod.iam.gserviceaccount.com type: string type: $ref: '#/components/schemas/GCPSTSDelegateAccountType' type: object GCPSTSDelegateAccountAttributes: description: Your delegate account attributes. properties: delegate_account_email: description: Your organization's Datadog principal email address. example: ddgci-1a19n28hb1a812221893@datadog-gci-sts-us5-prod.iam.gserviceaccount.com type: string type: object GCPSTSDelegateAccountResponse: description: Your delegate service account response data. properties: data: $ref: '#/components/schemas/GCPSTSDelegateAccount' type: object GCPSTSDelegateAccountType: default: gcp_sts_delegate description: The type of account. enum: - gcp_sts_delegate example: gcp_sts_delegate type: string x-enum-varnames: - GCP_STS_DELEGATE GCPSTSServiceAccount: description: Info on your service account. properties: attributes: $ref: '#/components/schemas/GCPSTSServiceAccountAttributes' id: description: Your service account's unique ID. example: d291291f-12c2-22g4-j290-123456678897 type: string meta: $ref: '#/components/schemas/GCPServiceAccountMeta' type: $ref: '#/components/schemas/GCPServiceAccountType' type: object GCPSTSServiceAccountAttributes: description: Attributes associated with your service account. properties: account_tags: description: Tags to be associated with GCP metrics and service checks from your account. items: description: Account Level Tag type: string type: array automute: description: Silence monitors for expected GCE instance shutdowns. type: boolean client_email: description: Your service account email address. example: datadog-service-account@test-project.iam.gserviceaccount.com type: string cloud_run_revision_filters: description: 'List of filters to limit the Cloud Run revisions that are pulled into Datadog by using tags. Only Cloud Run revision resources that apply to specified filters are imported into Datadog.' example: - $KEY:$VALUE items: description: Cloud Run Filters type: string type: array host_filters: description: Your Host Filters. items: description: Host Filters type: string type: array is_cspm_enabled: description: 'When enabled, Datadog will activate the Cloud Security Monitoring product for this service account. Note: This requires resource_collection_enabled to be set to true.' type: boolean is_per_project_quota_enabled: default: false description: When enabled, Datadog applies the `X-Goog-User-Project` header, attributing Google Cloud billing and quota usage to the project being monitored rather than the default service account project. example: true type: boolean is_resource_change_collection_enabled: default: false description: When enabled, Datadog scans for all resource change data in your Google Cloud environment. example: true type: boolean is_security_command_center_enabled: default: false description: 'When enabled, Datadog will attempt to collect Security Command Center Findings. Note: This requires additional permissions on the service account.' example: true type: boolean metric_namespace_configs: description: Configurations for GCP metric namespaces. example: - disabled: true id: aiplatform items: $ref: '#/components/schemas/GCPMetricNamespaceConfig' type: array resource_collection_enabled: description: When enabled, Datadog scans for all resources in your GCP environment. type: boolean type: object GCPSTSServiceAccountCreateRequest: description: Data on your newly generated service account. properties: data: $ref: '#/components/schemas/GCPSTSServiceAccountData' type: object GCPSTSServiceAccountData: description: Additional metadata on your generated service account. properties: attributes: $ref: '#/components/schemas/GCPSTSServiceAccountAttributes' type: $ref: '#/components/schemas/GCPServiceAccountType' type: object GCPSTSServiceAccountResponse: description: The account creation response. properties: data: $ref: '#/components/schemas/GCPSTSServiceAccount' type: object GCPSTSServiceAccountUpdateRequest: description: Service account info. properties: data: $ref: '#/components/schemas/GCPSTSServiceAccountUpdateRequestData' type: object GCPSTSServiceAccountUpdateRequestData: description: Data on your service account. properties: attributes: $ref: '#/components/schemas/GCPSTSServiceAccountAttributes' id: description: Your service account's unique ID. example: d291291f-12c2-22g4-j290-123456678897 type: string type: $ref: '#/components/schemas/GCPServiceAccountType' type: object GCPSTSServiceAccountsResponse: description: Object containing all your STS enabled accounts. properties: data: description: Array of GCP STS enabled service accounts. items: $ref: '#/components/schemas/GCPSTSServiceAccount' type: array type: object GCPServiceAccountMeta: description: Additional information related to your service account. properties: accessible_projects: description: The current list of projects accessible from your service account. items: description: List of GCP projects. type: string type: array type: object GCPServiceAccountType: default: gcp_service_account description: The type of account. enum: - gcp_service_account example: gcp_service_account type: string x-enum-varnames: - GCP_SERVICE_ACCOUNT GetActionConnectionResponse: description: The response for found connection properties: data: $ref: '#/components/schemas/ActionConnectionData' type: object GetAppResponse: description: The full app definition response object. properties: data: $ref: '#/components/schemas/GetAppResponseData' included: description: Data on the version of the app that was published. items: $ref: '#/components/schemas/Deployment' type: array meta: $ref: '#/components/schemas/AppMeta' relationship: $ref: '#/components/schemas/AppRelationship' type: object GetAppResponseData: description: The data object containing the app definition. properties: attributes: $ref: '#/components/schemas/GetAppResponseDataAttributes' id: description: The ID of the app. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: $ref: '#/components/schemas/AppDefinitionType' required: - id - type - attributes type: object GetAppResponseDataAttributes: description: The app definition attributes, such as name, description, and components. properties: components: description: The UI components that make up the app. items: $ref: '#/components/schemas/ComponentGrid' type: array description: description: A human-readable description for the app. type: string favorite: description: Whether the app is marked as a favorite by the current user. type: boolean name: description: The name of the app. type: string queries: description: An array of queries, such as external actions and state variables, that the app uses. items: $ref: '#/components/schemas/Query' type: array rootInstanceName: description: The name of the root component of the app. This must be a `grid` component that contains all other components. type: string tags: description: A list of tags for the app, which can be used to filter apps. example: - service:webshop-backend - team:webshop items: description: An individual tag for the app. type: string type: array type: object GetCustomFrameworkResponse: description: Response object to get a custom framework. properties: data: $ref: '#/components/schemas/FullCustomFrameworkData' required: - data type: object GetDataDeletionsResponseBody: description: The response from the get data deletion requests endpoint. properties: data: description: The list of data deletion requests that matches the query. items: $ref: '#/components/schemas/DataDeletionResponseItem' type: array meta: $ref: '#/components/schemas/DataDeletionResponseMeta' type: object GetDeviceAttributes: description: The device attributes properties: description: description: A description of the device. example: a device monitored with NDM type: string device_type: description: The type of the device. example: other type: string integration: description: The integration of the device. example: snmp type: string ip_address: description: The IP address of the device. example: 1.2.3.4 type: string location: description: The location of the device. example: paris type: string model: description: The model of the device. example: xx-123 type: string name: description: The name of the device. example: example device type: string os_hostname: description: The operating system hostname of the device. example: 1.0.2 type: string os_name: description: The operating system name of the device. example: example OS type: string os_version: description: The operating system version of the device. example: 1.0.2 type: string ping_status: description: The ping status of the device. example: unmonitored type: string product_name: description: The product name of the device. example: example device type: string serial_number: description: The serial number of the device. example: X12345 type: string status: description: The status of the device. example: ok type: string subnet: description: The subnet of the device. example: 1.2.3.4/24 type: string sys_object_id: description: The device `sys_object_id`. example: 1.3.6.1.4.1.99999 type: string tags: description: A list of tags associated with the device. example: - device_ip:1.2.3.4 - device_id:example:1.2.3.4 items: type: string type: array vendor: description: The vendor of the device. example: example vendor type: string version: description: The version of the device. example: 1.2.3 type: string type: object GetDeviceData: description: Get device response data. properties: attributes: $ref: '#/components/schemas/GetDeviceAttributes' id: description: The device ID example: example:1.2.3.4 type: string type: description: The type of the resource. The value should always be device. type: string type: object GetDeviceResponse: description: The `GetDevice` operation's response. properties: data: $ref: '#/components/schemas/GetDeviceData' type: object GetFindingResponse: description: The expected response schema when getting a finding. properties: data: $ref: '#/components/schemas/DetailedFinding' required: - data type: object GetInterfacesData: description: The interfaces list data properties: attributes: $ref: '#/components/schemas/InterfaceAttributes' id: description: The interface ID example: example:1.2.3.4:99 type: string type: description: The type of the resource. The value should always be interface. type: string type: object GetInterfacesResponse: description: The `GetInterfaces` operation's response. properties: data: description: Get Interfaces response items: $ref: '#/components/schemas/GetInterfacesData' type: array type: object GetResourceEvaluationFiltersResponse: description: The definition of `GetResourceEvaluationFiltersResponse` object. properties: data: $ref: '#/components/schemas/GetResourceEvaluationFiltersResponseData' required: - data type: object GetResourceEvaluationFiltersResponseData: description: The definition of `GetResourceFilterResponseData` object. properties: attributes: $ref: '#/components/schemas/ResourceFilterAttributes' id: description: The `data` `id`. example: csm_resource_filter type: string type: $ref: '#/components/schemas/ResourceFilterRequestType' type: object GetRuleVersionHistoryData: description: Data for the rule version history. properties: attributes: $ref: '#/components/schemas/RuleVersionHistory' id: description: ID of the rule. type: string type: $ref: '#/components/schemas/GetRuleVersionHistoryDataType' type: object GetRuleVersionHistoryDataType: description: Type of data. enum: - GetRuleVersionHistoryResponse type: string x-enum-varnames: - GETRULEVERSIONHISTORYRESPONSE GetRuleVersionHistoryResponse: description: Response for getting the rule version history. properties: data: $ref: '#/components/schemas/GetRuleVersionHistoryData' type: object GetSBOMResponse: description: The expected response schema when getting an SBOM. properties: data: $ref: '#/components/schemas/SBOM' required: - data type: object GetTeamMembershipsSort: description: Specifies the order of returned team memberships enum: - manager_name - -manager_name - name - -name - handle - -handle - email - -email type: string x-enum-varnames: - MANAGER_NAME - _MANAGER_NAME - NAME - _NAME - HANDLE - _HANDLE - EMAIL - _EMAIL GetWorkflowResponse: description: The response object after getting a workflow. properties: data: $ref: '#/components/schemas/WorkflowData' type: object GitCommitSHA: description: Git Commit SHA. example: 66adc9350f2cc9b250b69abddab733dd55e1a588 pattern: ^[a-fA-F0-9]{40,}$ type: string GitRepositoryURL: description: Git Repository URL example: https://github.com/organization/example-repository type: string GithubWebhookTrigger: description: Trigger a workflow from a GitHub webhook. To trigger a workflow from GitHub, you must set a `webhookSecret`. In your GitHub Webhook Settings, set the Payload URL to "base_url"/api/v2/workflows/"workflow_id"/webhook?orgId="org_id", select application/json for the content type, and be highly recommend enabling SSL verification for security. The workflow must be published. properties: rateLimit: $ref: '#/components/schemas/TriggerRateLimit' type: object GithubWebhookTriggerWrapper: description: Schema for a GitHub webhook-based trigger. properties: githubWebhookTrigger: $ref: '#/components/schemas/GithubWebhookTrigger' startStepNames: $ref: '#/components/schemas/StartStepNames' required: - githubWebhookTrigger type: object GroupScalarColumn: description: A column containing the tag keys and values in a group. properties: name: description: The name of the tag key or group. example: env type: string type: $ref: '#/components/schemas/ScalarColumnTypeGroup' values: description: The array of tag values for each group found for the results of the formulas or queries. example: - - production - - staging items: description: An individual tag value for a given group column. items: description: One tag value within a values array. example: production type: string type: array type: array type: object GroupTags: description: List of tags that apply to a single response value. items: description: A single tag that applies to a single response value. example: env:production type: string type: array HTTPBody: description: The definition of `HTTPBody` object. properties: content: description: Serialized body content example: '{"some-json": "with-value"}' type: string content_type: description: Content type of the body example: application/json type: string type: object HTTPCIAppError: description: List of errors. properties: detail: description: Error message. example: Malformed payload type: string status: description: Error code. example: '400' type: string title: description: Error title. example: Bad Request type: string type: object HTTPCIAppErrors: description: Errors occurred. properties: errors: description: Structured errors. items: $ref: '#/components/schemas/HTTPCIAppError' type: array type: object HTTPCredentials: description: The definition of `HTTPCredentials` object. oneOf: - $ref: '#/components/schemas/HTTPTokenAuth' HTTPCredentialsUpdate: description: The definition of `HTTPCredentialsUpdate` object. oneOf: - $ref: '#/components/schemas/HTTPTokenAuthUpdate' HTTPHeader: description: The definition of `HTTPHeader` object. properties: name: description: The `HTTPHeader` `name`. example: MyHttpHeader pattern: ^[A-Za-z][A-Za-z\\d\\-\\_]*$ type: string value: description: The `HTTPHeader` `value`. example: Some header value type: string required: - name - value type: object HTTPHeaderUpdate: description: The definition of `HTTPHeaderUpdate` object. properties: deleted: description: Should the header be deleted. type: boolean name: description: The `HTTPHeaderUpdate` `name`. example: MyHttpHeader pattern: ^[A-Za-z][A-Za-z\\d\\-\\_]*$ type: string value: description: The `HTTPHeaderUpdate` `value`. example: Updated Header Value type: string required: - name type: object HTTPIntegration: description: The definition of `HTTPIntegration` object. properties: base_url: description: Base HTTP url for the integration example: http://datadoghq.com type: string credentials: $ref: '#/components/schemas/HTTPCredentials' type: $ref: '#/components/schemas/HTTPIntegrationType' required: - type - base_url - credentials type: object HTTPIntegrationType: description: The definition of `HTTPIntegrationType` object. enum: - HTTP example: HTTP type: string x-enum-varnames: - HTTP HTTPIntegrationUpdate: description: The definition of `HTTPIntegrationUpdate` object. properties: base_url: description: Base HTTP url for the integration example: http://datadoghq.com type: string credentials: $ref: '#/components/schemas/HTTPCredentialsUpdate' type: $ref: '#/components/schemas/HTTPIntegrationType' required: - type type: object HTTPLog: description: Structured log message. items: $ref: '#/components/schemas/HTTPLogItem' type: array HTTPLogError: description: List of errors. properties: detail: description: Error message. example: Malformed payload type: string status: description: Error code. example: '400' type: string title: description: Error title. example: Bad Request type: string type: object HTTPLogErrors: description: Invalid query performed. properties: errors: description: Structured errors. items: $ref: '#/components/schemas/HTTPLogError' type: array type: object HTTPLogItem: additionalProperties: description: Additional log attributes. description: Logs that are sent over HTTP. properties: ddsource: description: 'The integration name associated with your log: the technology from which the log originated. When it matches an integration name, Datadog automatically installs the corresponding parsers and facets. See [reserved attributes](https://docs.datadoghq.com/logs/log_configuration/attributes_naming_convention/#reserved-attributes).' example: nginx type: string ddtags: description: Tags associated with your logs. example: env:staging,version:5.1 type: string hostname: description: The name of the originating host of the log. example: i-012345678 type: string message: description: 'The message [reserved attribute](https://docs.datadoghq.com/logs/log_configuration/attributes_naming_convention/#reserved-attributes) of your log. By default, Datadog ingests the value of the message attribute as the body of the log entry. That value is then highlighted and displayed in the Logstream, where it is indexed for full text search.' example: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World type: string service: description: 'The name of the application or service generating the log events. It is used to switch from Logs to APM, so make sure you define the same value when you use both products. See [reserved attributes](https://docs.datadoghq.com/logs/log_configuration/attributes_naming_convention/#reserved-attributes).' example: payment type: string required: - message type: object HTTPToken: description: The definition of `HTTPToken` object. properties: name: description: The `HTTPToken` `name`. example: MyToken pattern: ^[A-Za-z][A-Za-z\\d]*$ type: string type: $ref: '#/components/schemas/TokenType' value: description: The `HTTPToken` `value`. example: Some Token Value type: string required: - name - value - type type: object HTTPTokenAuth: description: The definition of `HTTPTokenAuth` object. properties: body: $ref: '#/components/schemas/HTTPBody' headers: description: The `HTTPTokenAuth` `headers`. items: $ref: '#/components/schemas/HTTPHeader' type: array tokens: description: The `HTTPTokenAuth` `tokens`. items: $ref: '#/components/schemas/HTTPToken' type: array type: $ref: '#/components/schemas/HTTPTokenAuthType' url_parameters: description: The `HTTPTokenAuth` `url_parameters`. items: $ref: '#/components/schemas/UrlParam' type: array required: - type type: object HTTPTokenAuthType: description: The definition of `HTTPTokenAuthType` object. enum: - HTTPTokenAuth example: HTTPTokenAuth type: string x-enum-varnames: - HTTPTOKENAUTH HTTPTokenAuthUpdate: description: The definition of `HTTPTokenAuthUpdate` object. properties: body: $ref: '#/components/schemas/HTTPBody' headers: description: The `HTTPTokenAuthUpdate` `headers`. items: $ref: '#/components/schemas/HTTPHeaderUpdate' type: array tokens: description: The `HTTPTokenAuthUpdate` `tokens`. items: $ref: '#/components/schemas/HTTPTokenUpdate' type: array type: $ref: '#/components/schemas/HTTPTokenAuthType' url_parameters: description: The `HTTPTokenAuthUpdate` `url_parameters`. items: $ref: '#/components/schemas/UrlParamUpdate' type: array required: - type type: object HTTPTokenUpdate: description: The definition of `HTTPTokenUpdate` object. properties: deleted: description: Should the header be deleted. type: boolean name: description: The `HTTPToken` `name`. example: MyToken pattern: ^[A-Za-z][A-Za-z\\d]*$ type: string type: $ref: '#/components/schemas/TokenType' value: description: The `HTTPToken` `value`. example: Some Token Value type: string required: - name - type - value type: object HistoricalJobDataType: description: Type of payload. enum: - historicalDetectionsJob type: string x-enum-varnames: - HISTORICALDETECTIONSJOB HistoricalJobListMeta: description: Metadata about the list of jobs. properties: totalCount: description: Number of jobs in the list. format: int32 maximum: 2147483647 type: integer type: object HistoricalJobOptions: description: Job options. properties: detectionMethod: $ref: '#/components/schemas/SecurityMonitoringRuleDetectionMethod' evaluationWindow: $ref: '#/components/schemas/SecurityMonitoringRuleEvaluationWindow' impossibleTravelOptions: $ref: '#/components/schemas/SecurityMonitoringRuleImpossibleTravelOptions' keepAlive: $ref: '#/components/schemas/SecurityMonitoringRuleKeepAlive' maxSignalDuration: $ref: '#/components/schemas/SecurityMonitoringRuleMaxSignalDuration' newValueOptions: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions' thirdPartyRuleOptions: $ref: '#/components/schemas/SecurityMonitoringRuleThirdPartyOptions' type: object HistoricalJobQuery: description: Query for selecting logs analyzed by the historical job. properties: aggregation: $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation' dataSource: $ref: '#/components/schemas/SecurityMonitoringStandardDataSource' distinctFields: description: Field for which the cardinality is measured. Sent as an array. items: description: Field. type: string type: array groupByFields: description: Fields to group by. items: description: Field. type: string type: array hasOptionalGroupByFields: description: When false, events without a group-by value are ignored by the query. When true, events with missing group-by fields are processed with `N/A`, replacing the missing values. example: false readOnly: true type: boolean metrics: description: Group of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values. items: description: Field. type: string type: array name: description: Name of the query. type: string query: description: Query to run on logs. example: a > 3 type: string type: object HistoricalJobResponse: description: Historical job response. properties: data: $ref: '#/components/schemas/HistoricalJobResponseData' type: object HistoricalJobResponseAttributes: description: Historical job attributes. properties: createdAt: description: Time when the job was created. type: string createdByHandle: description: The handle of the user who created the job. type: string createdByName: description: The name of the user who created the job. type: string createdFromRuleId: description: ID of the rule used to create the job (if it is created from a rule). type: string jobDefinition: $ref: '#/components/schemas/JobDefinition' jobName: description: Job name. type: string jobStatus: description: Job status. type: string modifiedAt: description: Last modification time of the job. type: string type: object HistoricalJobResponseData: description: Historical job response data. properties: attributes: $ref: '#/components/schemas/HistoricalJobResponseAttributes' id: description: ID of the job. type: string type: $ref: '#/components/schemas/HistoricalJobDataType' type: object HourlyUsage: description: Hourly usage for a product family for an org. properties: attributes: $ref: '#/components/schemas/HourlyUsageAttributes' id: description: Unique ID of the response. type: string type: $ref: '#/components/schemas/UsageTimeSeriesType' type: object HourlyUsageAttributes: description: Attributes of hourly usage for a product family for an org for a time period. properties: account_name: description: The account name. type: string account_public_id: description: The account public ID. type: string measurements: description: List of the measured usage values for the product family for the org for the time period. items: $ref: '#/components/schemas/HourlyUsageMeasurement' type: array org_name: description: The organization name. type: string product_family: description: The product for which usage is being reported. type: string public_id: description: The organization public ID. type: string region: description: The region of the Datadog instance that the organization belongs to. type: string timestamp: description: Datetime in ISO-8601 format, UTC. The hour for the usage. format: date-time type: string type: object HourlyUsageMeasurement: description: Usage amount for a given usage type. properties: usage_type: description: Type of usage. type: string value: description: Contains the number measured for the given usage_type during the hour. format: int64 nullable: true type: integer type: object HourlyUsageMetadata: description: The object containing document metadata. properties: pagination: $ref: '#/components/schemas/HourlyUsagePagination' type: object HourlyUsagePagination: description: The metadata for the current pagination. properties: next_record_id: description: The cursor to get the next results (if any). To make the next request, use the same parameters and add `next_record_id`. nullable: true type: string type: object HourlyUsageResponse: description: Hourly usage response. properties: data: description: Response containing hourly usage. items: $ref: '#/components/schemas/HourlyUsage' type: array meta: $ref: '#/components/schemas/HourlyUsageMetadata' type: object HourlyUsageType: description: Usage type that is being measured. enum: - app_sec_host_count - observability_pipelines_bytes_processed - lambda_traced_invocations_count example: observability_pipelines_bytes_processed type: string x-enum-varnames: - APP_SEC_HOST_COUNT - OBSERVABILITY_PIPELINES_BYTES_PROCESSSED - LAMBDA_TRACED_INVOCATIONS_COUNT ID: description: The ID of a notification rule. example: aaa-bbb-ccc type: string IPAllowlistAttributes: description: Attributes of the IP allowlist. properties: enabled: description: Whether the IP allowlist logic is enabled or not. type: boolean entries: description: Array of entries in the IP allowlist. items: $ref: '#/components/schemas/IPAllowlistEntry' type: array type: object IPAllowlistData: description: IP allowlist data. properties: attributes: $ref: '#/components/schemas/IPAllowlistAttributes' id: description: The unique identifier of the org. type: string type: $ref: '#/components/schemas/IPAllowlistType' required: - type type: object IPAllowlistEntry: description: IP allowlist entry object. properties: data: $ref: '#/components/schemas/IPAllowlistEntryData' required: - data type: object IPAllowlistEntryAttributes: description: Attributes of the IP allowlist entry. properties: cidr_block: description: The CIDR block describing the IP range of the entry. type: string created_at: description: Creation time of the entry. format: date-time readOnly: true type: string modified_at: description: Time of last entry modification. format: date-time readOnly: true type: string note: description: A note describing the IP allowlist entry. type: string type: object IPAllowlistEntryData: description: Data of the IP allowlist entry object. properties: attributes: $ref: '#/components/schemas/IPAllowlistEntryAttributes' id: description: The unique identifier of the IP allowlist entry. type: string type: $ref: '#/components/schemas/IPAllowlistEntryType' required: - type type: object IPAllowlistEntryType: default: ip_allowlist_entry description: IP allowlist Entry type. enum: - ip_allowlist_entry example: ip_allowlist_entry type: string x-enum-varnames: - IP_ALLOWLIST_ENTRY IPAllowlistResponse: description: Response containing information about the IP allowlist. properties: data: $ref: '#/components/schemas/IPAllowlistData' type: object IPAllowlistType: default: ip_allowlist description: IP allowlist type. enum: - ip_allowlist example: ip_allowlist type: string x-enum-varnames: - IP_ALLOWLIST IPAllowlistUpdateRequest: description: Update the IP allowlist. properties: data: $ref: '#/components/schemas/IPAllowlistData' required: - data type: object IdPMetadataFormData: description: The form data submitted to upload IdP metadata properties: idp_file: description: The IdP metadata XML file format: binary type: string x-mimetype: application/xml type: object IncidentAttachmentAttachmentType: description: The type of the incident attachment attributes. enum: - link - postmortem example: link type: string x-enum-varnames: - LINK - POSTMORTEM IncidentAttachmentAttributes: description: The attributes object for an attachment. oneOf: - $ref: '#/components/schemas/IncidentAttachmentPostmortemAttributes' - $ref: '#/components/schemas/IncidentAttachmentLinkAttributes' IncidentAttachmentData: description: A single incident attachment. example: attributes: attachment: documentUrl: '' title: Postmortem IR-123 attachment_type: postmortem id: 00000000-abcd-0002-0000-000000000000 relationships: last_modified_by_user: data: id: 00000000-0000-0000-cccc-000000000000 type: users type: incident_attachments properties: attributes: $ref: '#/components/schemas/IncidentAttachmentAttributes' id: description: A unique identifier that represents the incident attachment. example: 00000000-abcd-0001-0000-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentAttachmentRelationships' type: $ref: '#/components/schemas/IncidentAttachmentType' required: - type - attributes - id - relationships type: object IncidentAttachmentLinkAttachmentType: default: link description: The type of link attachment attributes. enum: - link example: link type: string x-enum-varnames: - LINK IncidentAttachmentLinkAttributes: description: The attributes object for a link attachment. properties: attachment: $ref: '#/components/schemas/IncidentAttachmentLinkAttributesAttachmentObject' attachment_type: $ref: '#/components/schemas/IncidentAttachmentLinkAttachmentType' modified: description: Timestamp when the incident attachment link was last modified. format: date-time readOnly: true type: string required: - attachment_type - attachment type: object IncidentAttachmentLinkAttributesAttachmentObject: description: The link attachment. properties: documentUrl: description: The URL of this link attachment. example: https://www.example.com/webstore-failure-runbook type: string title: description: The title of this link attachment. example: Runbook for webstore service failures type: string required: - documentUrl - title type: object IncidentAttachmentPostmortemAttachmentType: default: postmortem description: The type of postmortem attachment attributes. enum: - postmortem example: postmortem type: string x-enum-varnames: - POSTMORTEM IncidentAttachmentPostmortemAttributes: description: The attributes object for a postmortem attachment. properties: attachment: $ref: '#/components/schemas/IncidentAttachmentsPostmortemAttributesAttachmentObject' attachment_type: $ref: '#/components/schemas/IncidentAttachmentPostmortemAttachmentType' required: - attachment_type - attachment type: object IncidentAttachmentRelatedObject: description: The object related to an incident attachment. enum: - users type: string x-enum-varnames: - USERS IncidentAttachmentRelationships: description: The incident attachment's relationships. properties: last_modified_by_user: $ref: '#/components/schemas/RelationshipToUser' type: object IncidentAttachmentType: default: incident_attachments description: The incident attachment resource type. enum: - incident_attachments example: incident_attachments type: string x-enum-varnames: - INCIDENT_ATTACHMENTS IncidentAttachmentUpdateAttributes: description: Incident attachment attributes. oneOf: - $ref: '#/components/schemas/IncidentAttachmentPostmortemAttributes' - $ref: '#/components/schemas/IncidentAttachmentLinkAttributes' IncidentAttachmentUpdateData: description: A single incident attachment. properties: attributes: $ref: '#/components/schemas/IncidentAttachmentUpdateAttributes' id: description: A unique identifier that represents the incident attachment. example: 00000000-abcd-0001-0000-000000000000 type: string type: $ref: '#/components/schemas/IncidentAttachmentType' required: - type type: object IncidentAttachmentUpdateRequest: description: The update request for an incident's attachments. properties: data: description: 'An array of incident attachments. An attachment object without an "id" key indicates that you want to create that attachment. An attachment object without an "attributes" key indicates that you want to delete that attachment. An attachment object with both the "id" key and a populated "attributes" object indicates that you want to update that attachment.' example: - attributes: attachment: documentUrl: https://app.datadoghq.com/notebook/123 title: Postmortem IR-123 attachment_type: postmortem id: 00000000-abcd-0002-0000-000000000000 type: incident_attachments - attributes: attachment: documentUrl: https://www.example.com/webstore-failure-runbook title: Runbook for webstore service failures attachment_type: link type: incident_attachments - id: 00000000-abcd-0003-0000-000000000000 type: incident_attachments items: $ref: '#/components/schemas/IncidentAttachmentUpdateData' type: array required: - data type: object IncidentAttachmentUpdateResponse: description: The response object containing the created or updated incident attachments. properties: data: description: 'An array of incident attachments. Only the attachments that were created or updated by the request are returned.' example: - attributes: attachment: documentUrl: '' title: Postmortem IR-123 attachment_type: postmortem id: 00000000-abcd-0002-0000-000000000000 relationships: last_modified_by_user: data: id: 00000000-0000-0000-cccc-000000000000 type: users type: incident_attachments items: $ref: '#/components/schemas/IncidentAttachmentData' type: array included: description: Included related resources that the user requested. items: $ref: '#/components/schemas/IncidentAttachmentsResponseIncludedItem' type: array required: - data type: object IncidentAttachmentsPostmortemAttributesAttachmentObject: description: The postmortem attachment. properties: documentUrl: description: The URL of this notebook attachment. example: https://app.datadoghq.com/notebook/123 type: string title: description: The title of this postmortem attachment. example: Postmortem IR-123 type: string required: - documentUrl - title type: object IncidentAttachmentsResponse: description: The response object containing an incident's attachments. properties: data: description: An array of incident attachments. example: - attributes: attachment: documentUrl: '' title: Postmortem IR-123 attachment_type: postmortem id: 00000000-abcd-0002-0000-000000000000 relationships: last_modified_by_user: data: id: 00000000-0000-0000-cccc-000000000000 type: users type: incident_attachments items: $ref: '#/components/schemas/IncidentAttachmentData' type: array included: description: Included related resources that the user requested. items: $ref: '#/components/schemas/IncidentAttachmentsResponseIncludedItem' type: array required: - data type: object IncidentAttachmentsResponseIncludedItem: description: An object related to an attachment that is included in the response. oneOf: - $ref: '#/components/schemas/User' IncidentCreateAttributes: description: The incident's attributes for a create request. properties: customer_impact_scope: description: Required if `customer_impacted:"true"`. A summary of the impact customers experienced during the incident. example: Example customer impact scope type: string customer_impacted: description: A flag indicating whether the incident caused customer impact. example: false type: boolean fields: additionalProperties: $ref: '#/components/schemas/IncidentFieldAttributes' description: A condensed view of the user-defined fields for which to create initial selections. example: severity: type: dropdown value: SEV-5 type: object incident_type_uuid: description: A unique identifier that represents an incident type. The default incident type will be used if this property is not provided. example: 00000000-0000-0000-0000-000000000000 type: string initial_cells: description: An array of initial timeline cells to be placed at the beginning of the incident timeline. items: $ref: '#/components/schemas/IncidentTimelineCellCreateAttributes' type: array notification_handles: description: Notification handles that will be notified of the incident at creation. example: - display_name: Jane Doe handle: '@user@email.com' - display_name: Slack Channel handle: '@slack-channel' - display_name: Incident Workflow handle: '@workflow-from-incident' items: $ref: '#/components/schemas/IncidentNotificationHandle' type: array title: description: The title of the incident, which summarizes what happened. example: A test incident title type: string required: - title - customer_impacted type: object IncidentCreateData: description: Incident data for a create request. properties: attributes: $ref: '#/components/schemas/IncidentCreateAttributes' relationships: $ref: '#/components/schemas/IncidentCreateRelationships' type: $ref: '#/components/schemas/IncidentType' required: - type - attributes type: object IncidentCreateRelationships: description: The relationships the incident will have with other resources once created. properties: commander_user: $ref: '#/components/schemas/NullableRelationshipToUser' required: - commander_user type: object IncidentCreateRequest: description: Create request for an incident. properties: data: $ref: '#/components/schemas/IncidentCreateData' required: - data type: object IncidentFieldAttributes: description: Dynamic fields for which selections can be made, with field names as keys. oneOf: - $ref: '#/components/schemas/IncidentFieldAttributesSingleValue' - $ref: '#/components/schemas/IncidentFieldAttributesMultipleValue' IncidentFieldAttributesMultipleValue: description: A field with potentially multiple values selected. properties: type: $ref: '#/components/schemas/IncidentFieldAttributesValueType' value: description: The multiple values selected for this field. example: - '1.0' - '1.1' items: description: A value which has been selected for the parent field. example: '1.1' type: string nullable: true type: array type: object IncidentFieldAttributesSingleValue: description: A field with a single value selected. properties: type: $ref: '#/components/schemas/IncidentFieldAttributesSingleValueType' value: description: The single value selected for this field. example: SEV-1 nullable: true type: string type: object IncidentFieldAttributesSingleValueType: default: dropdown description: Type of the single value field definitions. enum: - dropdown - textbox example: dropdown type: string x-enum-varnames: - DROPDOWN - TEXTBOX IncidentFieldAttributesValueType: default: multiselect description: Type of the multiple value field definitions. enum: - multiselect - textarray - metrictag - autocomplete example: multiselect type: string x-enum-varnames: - MULTISELECT - TEXTARRAY - METRICTAG - AUTOCOMPLETE IncidentImpactsType: description: The incident impacts type. enum: - incident_impacts example: incident_impacts type: string x-enum-varnames: - INCIDENT_IMPACTS IncidentIntegrationMetadataAttributes: description: Incident integration metadata's attributes for a create request. properties: created: description: Timestamp when the incident todo was created. format: date-time readOnly: true type: string incident_id: description: UUID of the incident this integration metadata is connected to. example: 00000000-aaaa-0000-0000-000000000000 type: string integration_type: description: 'A number indicating the type of integration this metadata is for. 1 indicates Slack; 8 indicates Jira.' example: 1 format: int32 maximum: 9 type: integer metadata: $ref: '#/components/schemas/IncidentIntegrationMetadataMetadata' modified: description: Timestamp when the incident todo was last modified. format: date-time readOnly: true type: string status: description: 'A number indicating the status of this integration metadata. 0 indicates unknown; 1 indicates pending; 2 indicates complete; 3 indicates manually created; 4 indicates manually updated; 5 indicates failed.' format: int32 maximum: 5 type: integer required: - integration_type - metadata type: object IncidentIntegrationMetadataCreateData: description: Incident integration metadata data for a create request. properties: attributes: $ref: '#/components/schemas/IncidentIntegrationMetadataAttributes' type: $ref: '#/components/schemas/IncidentIntegrationMetadataType' required: - type - attributes type: object IncidentIntegrationMetadataCreateRequest: description: Create request for an incident integration metadata. properties: data: $ref: '#/components/schemas/IncidentIntegrationMetadataCreateData' required: - data type: object IncidentIntegrationMetadataListResponse: description: Response with a list of incident integration metadata. properties: data: description: An array of incident integration metadata. items: $ref: '#/components/schemas/IncidentIntegrationMetadataResponseData' type: array included: description: Included related resources that the user requested. items: $ref: '#/components/schemas/IncidentIntegrationMetadataResponseIncludedItem' readOnly: true type: array meta: $ref: '#/components/schemas/IncidentResponseMeta' required: - data type: object IncidentIntegrationMetadataMetadata: description: Incident integration metadata's metadata attribute. oneOf: - $ref: '#/components/schemas/SlackIntegrationMetadata' - $ref: '#/components/schemas/JiraIntegrationMetadata' - $ref: '#/components/schemas/MSTeamsIntegrationMetadata' IncidentIntegrationMetadataPatchData: description: Incident integration metadata data for a patch request. properties: attributes: $ref: '#/components/schemas/IncidentIntegrationMetadataAttributes' type: $ref: '#/components/schemas/IncidentIntegrationMetadataType' required: - type - attributes type: object IncidentIntegrationMetadataPatchRequest: description: Patch request for an incident integration metadata. properties: data: $ref: '#/components/schemas/IncidentIntegrationMetadataPatchData' required: - data type: object IncidentIntegrationMetadataResponse: description: Response with an incident integration metadata. properties: data: $ref: '#/components/schemas/IncidentIntegrationMetadataResponseData' included: description: Included related resources that the user requested. items: $ref: '#/components/schemas/IncidentIntegrationMetadataResponseIncludedItem' readOnly: true type: array required: - data type: object IncidentIntegrationMetadataResponseData: description: Incident integration metadata from a response. properties: attributes: $ref: '#/components/schemas/IncidentIntegrationMetadataAttributes' id: description: The incident integration metadata's ID. example: 00000000-0000-0000-1234-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentIntegrationRelationships' type: $ref: '#/components/schemas/IncidentIntegrationMetadataType' required: - id - type type: object IncidentIntegrationMetadataResponseIncludedItem: description: An object related to an incident integration metadata that is included in the response. oneOf: - $ref: '#/components/schemas/User' IncidentIntegrationMetadataType: default: incident_integrations description: Integration metadata resource type. enum: - incident_integrations example: incident_integrations type: string x-enum-varnames: - INCIDENT_INTEGRATIONS IncidentIntegrationRelationships: description: The incident's integration relationships from a response. properties: created_by_user: $ref: '#/components/schemas/RelationshipToUser' last_modified_by_user: $ref: '#/components/schemas/RelationshipToUser' type: object IncidentNonDatadogCreator: description: Incident's non Datadog creator. nullable: true properties: image_48_px: description: Non Datadog creator `48px` image. type: string name: description: Non Datadog creator name. type: string type: object IncidentNotificationHandle: description: A notification handle that will be notified at incident creation. properties: display_name: description: The name of the notified handle. example: Jane Doe type: string handle: description: The handle used for the notification. This includes an email address, Slack channel, or workflow. example: '@test.user@test.com' type: string type: object IncidentPostmortemType: default: incident_postmortems description: Incident postmortem resource type. enum: - incident_postmortems example: incident_postmortems type: string x-enum-varnames: - INCIDENT_POSTMORTEMS IncidentRelatedObject: description: Object related to an incident. enum: - users - attachments type: string x-enum-varnames: - USERS - ATTACHMENTS IncidentRespondersType: description: The incident responders type. enum: - incident_responders example: incident_responders type: string x-enum-varnames: - INCIDENT_RESPONDERS IncidentResponse: description: Response with an incident. properties: data: $ref: '#/components/schemas/IncidentResponseData' included: description: Included related resources that the user requested. items: $ref: '#/components/schemas/IncidentResponseIncludedItem' readOnly: true type: array required: - data type: object IncidentResponseAttributes: description: The incident's attributes from a response. properties: archived: description: Timestamp of when the incident was archived. format: date-time nullable: true readOnly: true type: string case_id: description: The incident case id. format: int64 nullable: true type: integer created: description: Timestamp when the incident was created. format: date-time readOnly: true type: string customer_impact_duration: description: 'Length of the incident''s customer impact in seconds. Equals the difference between `customer_impact_start` and `customer_impact_end`.' format: int64 readOnly: true type: integer customer_impact_end: description: Timestamp when customers were no longer impacted by the incident. format: date-time nullable: true type: string customer_impact_scope: description: A summary of the impact customers experienced during the incident. example: An example customer impact scope nullable: true type: string customer_impact_start: description: Timestamp when customers began being impacted by the incident. format: date-time nullable: true type: string customer_impacted: description: A flag indicating whether the incident caused customer impact. example: false type: boolean detected: description: Timestamp when the incident was detected. format: date-time nullable: true type: string fields: additionalProperties: $ref: '#/components/schemas/IncidentFieldAttributes' description: A condensed view of the user-defined fields attached to incidents. example: severity: type: dropdown value: SEV-5 type: object incident_type_uuid: description: A unique identifier that represents an incident type. example: 00000000-0000-0000-0000-000000000000 type: string modified: description: Timestamp when the incident was last modified. format: date-time readOnly: true type: string non_datadog_creator: $ref: '#/components/schemas/IncidentNonDatadogCreator' notification_handles: description: Notification handles that will be notified of the incident during update. example: - display_name: Jane Doe handle: '@user@email.com' - display_name: Slack Channel handle: '@slack-channel' - display_name: Incident Workflow handle: '@workflow-from-incident' items: $ref: '#/components/schemas/IncidentNotificationHandle' nullable: true type: array public_id: description: The monotonically increasing integer ID for the incident. example: 1 format: int64 type: integer resolved: description: Timestamp when the incident's state was last changed from active or stable to resolved or completed. format: date-time nullable: true type: string severity: $ref: '#/components/schemas/IncidentSeverity' state: description: The state incident. nullable: true type: string time_to_detect: description: 'The amount of time in seconds to detect the incident. Equals the difference between `customer_impact_start` and `detected`.' format: int64 readOnly: true type: integer time_to_internal_response: description: The amount of time in seconds to call incident after detection. Equals the difference of `detected` and `created`. format: int64 readOnly: true type: integer time_to_repair: description: The amount of time in seconds to resolve customer impact after detecting the issue. Equals the difference between `customer_impact_end` and `detected`. format: int64 readOnly: true type: integer time_to_resolve: description: The amount of time in seconds to resolve the incident after it was created. Equals the difference between `created` and `resolved`. format: int64 readOnly: true type: integer title: description: The title of the incident, which summarizes what happened. example: A test incident title type: string visibility: description: The incident visibility status. nullable: true type: string required: - title type: object IncidentResponseData: description: Incident data from a response. properties: attributes: $ref: '#/components/schemas/IncidentResponseAttributes' id: description: The incident's ID. example: 00000000-0000-0000-1234-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentResponseRelationships' type: $ref: '#/components/schemas/IncidentType' required: - id - type type: object IncidentResponseIncludedItem: description: An object related to an incident that is included in the response. oneOf: - $ref: '#/components/schemas/IncidentUserData' - $ref: '#/components/schemas/IncidentAttachmentData' IncidentResponseMeta: description: The metadata object containing pagination metadata. properties: pagination: $ref: '#/components/schemas/IncidentResponseMetaPagination' readOnly: true type: object IncidentResponseMetaPagination: description: Pagination properties. properties: next_offset: description: The index of the first element in the next page of results. Equal to page size added to the current offset. example: 1000 format: int64 type: integer offset: description: The index of the first element in the results. example: 10 format: int64 type: integer size: description: Maximum size of pages to return. example: 1000 format: int64 type: integer type: object IncidentResponseRelationships: description: The incident's relationships from a response. properties: attachments: $ref: '#/components/schemas/RelationshipToIncidentAttachment' commander_user: $ref: '#/components/schemas/NullableRelationshipToUser' created_by_user: $ref: '#/components/schemas/RelationshipToUser' impacts: $ref: '#/components/schemas/RelationshipToIncidentImpacts' integrations: $ref: '#/components/schemas/RelationshipToIncidentIntegrationMetadatas' last_modified_by_user: $ref: '#/components/schemas/RelationshipToUser' responders: $ref: '#/components/schemas/RelationshipToIncidentResponders' user_defined_fields: $ref: '#/components/schemas/RelationshipToIncidentUserDefinedFields' type: object IncidentSearchResponse: description: Response with incidents and facets. properties: data: $ref: '#/components/schemas/IncidentSearchResponseData' included: description: Included related resources that the user requested. items: $ref: '#/components/schemas/IncidentResponseIncludedItem' readOnly: true type: array meta: $ref: '#/components/schemas/IncidentSearchResponseMeta' required: - data type: object IncidentSearchResponseAttributes: description: Attributes returned by an incident search. properties: facets: $ref: '#/components/schemas/IncidentSearchResponseFacetsData' incidents: description: Incidents returned by the search. items: $ref: '#/components/schemas/IncidentSearchResponseIncidentsData' type: array total: description: Number of incidents returned by the search. example: 10 format: int32 maximum: 2147483647 type: integer required: - facets - incidents - total type: object IncidentSearchResponseData: description: Data returned by an incident search. properties: attributes: $ref: '#/components/schemas/IncidentSearchResponseAttributes' type: $ref: '#/components/schemas/IncidentSearchResultsType' type: object IncidentSearchResponseFacetCount: description: Count of the facet value appearing in search results. example: 5 format: int32 maximum: 2147483647 type: integer IncidentSearchResponseFacetsData: description: Facet data for incidents returned by a search query. properties: commander: description: Facet data for incident commander users. items: $ref: '#/components/schemas/IncidentSearchResponseUserFacetData' type: array created_by: description: Facet data for incident creator users. items: $ref: '#/components/schemas/IncidentSearchResponseUserFacetData' type: array fields: description: Facet data for incident property fields. items: $ref: '#/components/schemas/IncidentSearchResponsePropertyFieldFacetData' type: array impact: description: Facet data for incident impact attributes. items: $ref: '#/components/schemas/IncidentSearchResponseFieldFacetData' type: array last_modified_by: description: Facet data for incident last modified by users. items: $ref: '#/components/schemas/IncidentSearchResponseUserFacetData' type: array postmortem: description: Facet data for incident postmortem existence. items: $ref: '#/components/schemas/IncidentSearchResponseFieldFacetData' type: array responder: description: Facet data for incident responder users. items: $ref: '#/components/schemas/IncidentSearchResponseUserFacetData' type: array severity: description: Facet data for incident severity attributes. items: $ref: '#/components/schemas/IncidentSearchResponseFieldFacetData' type: array state: description: Facet data for incident state attributes. items: $ref: '#/components/schemas/IncidentSearchResponseFieldFacetData' type: array time_to_repair: description: Facet data for incident time to repair metrics. items: $ref: '#/components/schemas/IncidentSearchResponseNumericFacetData' type: array time_to_resolve: description: Facet data for incident time to resolve metrics. items: $ref: '#/components/schemas/IncidentSearchResponseNumericFacetData' type: array type: object IncidentSearchResponseFieldFacetData: description: Facet value and number of occurrences for a property field of an incident. properties: count: $ref: '#/components/schemas/IncidentSearchResponseFacetCount' name: description: The facet value appearing in search results. example: SEV-2 type: string type: object IncidentSearchResponseIncidentsData: description: Incident returned by the search. properties: data: $ref: '#/components/schemas/IncidentResponseData' required: - data type: object IncidentSearchResponseMeta: description: The metadata object containing pagination metadata. properties: pagination: $ref: '#/components/schemas/IncidentResponseMetaPagination' readOnly: true type: object IncidentSearchResponseNumericFacetData: description: Facet data numeric attributes of an incident. properties: aggregates: $ref: '#/components/schemas/IncidentSearchResponseNumericFacetDataAggregates' name: description: Name of the incident property field. example: time_to_repair type: string required: - name - aggregates type: object IncidentSearchResponseNumericFacetDataAggregates: description: Aggregate information for numeric incident data. properties: max: description: Maximum value of the numeric aggregates. example: 1234.0 format: double nullable: true type: number min: description: Minimum value of the numeric aggregates. example: 20.0 format: double nullable: true type: number type: object IncidentSearchResponsePropertyFieldFacetData: description: Facet data for the incident property fields. properties: aggregates: $ref: '#/components/schemas/IncidentSearchResponseNumericFacetDataAggregates' facets: description: Facet data for the property field of an incident. items: $ref: '#/components/schemas/IncidentSearchResponseFieldFacetData' type: array name: description: Name of the incident property field. example: Severity type: string required: - facets - name type: object IncidentSearchResponseUserFacetData: description: Facet data for user attributes of an incident. properties: count: $ref: '#/components/schemas/IncidentSearchResponseFacetCount' email: description: Email of the user. example: datadog.user@example.com type: string handle: description: Handle of the user. example: '@datadog.user@example.com' type: string name: description: Name of the user. example: Datadog User type: string uuid: description: ID of the user. example: 773b045d-ccf8-4808-bd3b-955ef6a8c940 type: string type: object IncidentSearchResultsType: default: incidents_search_results description: Incident search result type. enum: - incidents_search_results example: incidents_search_results type: string x-enum-varnames: - INCIDENTS_SEARCH_RESULTS IncidentSearchSortOrder: description: The ways searched incidents can be sorted. enum: - created - -created type: string x-enum-varnames: - CREATED_ASCENDING - CREATED_DESCENDING IncidentServiceCreateAttributes: description: The incident service's attributes for a create request. properties: name: description: Name of the incident service. example: an example service name type: string required: - name type: object IncidentServiceCreateData: description: Incident Service payload for create requests. properties: attributes: $ref: '#/components/schemas/IncidentServiceCreateAttributes' relationships: $ref: '#/components/schemas/IncidentServiceRelationships' type: $ref: '#/components/schemas/IncidentServiceType' required: - type type: object IncidentServiceCreateRequest: description: Create request with an incident service payload. properties: data: $ref: '#/components/schemas/IncidentServiceCreateData' required: - data type: object IncidentServiceIncludedItems: description: An object related to an incident service which is present in the included payload. oneOf: - $ref: '#/components/schemas/User' IncidentServiceRelationships: description: The incident service's relationships. properties: created_by: $ref: '#/components/schemas/RelationshipToUser' last_modified_by: $ref: '#/components/schemas/RelationshipToUser' readOnly: true type: object IncidentServiceResponse: description: Response with an incident service payload. properties: data: $ref: '#/components/schemas/IncidentServiceResponseData' included: description: Included objects from relationships. items: $ref: '#/components/schemas/IncidentServiceIncludedItems' readOnly: true type: array required: - data type: object IncidentServiceResponseAttributes: description: The incident service's attributes from a response. properties: created: description: Timestamp of when the incident service was created. format: date-time readOnly: true type: string modified: description: Timestamp of when the incident service was modified. format: date-time readOnly: true type: string name: description: Name of the incident service. example: service name type: string type: object IncidentServiceResponseData: description: Incident Service data from responses. properties: attributes: $ref: '#/components/schemas/IncidentServiceResponseAttributes' id: description: The incident service's ID. example: 00000000-0000-0000-0000-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentServiceRelationships' type: $ref: '#/components/schemas/IncidentServiceType' required: - id - type type: object IncidentServiceType: default: services description: Incident service resource type. enum: - services example: services type: string x-enum-varnames: - SERVICES IncidentServiceUpdateAttributes: description: The incident service's attributes for an update request. properties: name: description: Name of the incident service. example: an example service name type: string required: - name type: object IncidentServiceUpdateData: description: Incident Service payload for update requests. properties: attributes: $ref: '#/components/schemas/IncidentServiceUpdateAttributes' id: description: The incident service's ID. example: 00000000-0000-0000-0000-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentServiceRelationships' type: $ref: '#/components/schemas/IncidentServiceType' required: - type type: object IncidentServiceUpdateRequest: description: Update request with an incident service payload. properties: data: $ref: '#/components/schemas/IncidentServiceUpdateData' required: - data type: object IncidentServicesResponse: description: Response with a list of incident service payloads. properties: data: description: An array of incident services. example: - id: 00000000-0000-0000-0000-000000000000 type: services items: $ref: '#/components/schemas/IncidentServiceResponseData' type: array included: description: Included related resources which the user requested. items: $ref: '#/components/schemas/IncidentServiceIncludedItems' readOnly: true type: array meta: $ref: '#/components/schemas/IncidentResponseMeta' required: - data type: object IncidentSeverity: description: The incident severity. enum: - UNKNOWN - SEV-0 - SEV-1 - SEV-2 - SEV-3 - SEV-4 - SEV-5 example: UNKNOWN type: string x-enum-varnames: - UNKNOWN - SEV_0 - SEV_1 - SEV_2 - SEV_3 - SEV_4 - SEV_5 IncidentTeamCreateAttributes: description: The incident team's attributes for a create request. properties: name: description: Name of the incident team. example: team name type: string required: - name type: object IncidentTeamCreateData: description: Incident Team data for a create request. properties: attributes: $ref: '#/components/schemas/IncidentTeamCreateAttributes' relationships: $ref: '#/components/schemas/IncidentTeamRelationships' type: $ref: '#/components/schemas/IncidentTeamType' required: - type type: object IncidentTeamCreateRequest: description: Create request with an incident team payload. properties: data: $ref: '#/components/schemas/IncidentTeamCreateData' required: - data type: object IncidentTeamIncludedItems: description: An object related to an incident team which is present in the included payload. oneOf: - $ref: '#/components/schemas/User' IncidentTeamRelationships: description: The incident team's relationships. properties: created_by: $ref: '#/components/schemas/RelationshipToUser' last_modified_by: $ref: '#/components/schemas/RelationshipToUser' readOnly: true type: object IncidentTeamResponse: description: Response with an incident team payload. properties: data: $ref: '#/components/schemas/IncidentTeamResponseData' included: description: Included objects from relationships. items: $ref: '#/components/schemas/IncidentTeamIncludedItems' readOnly: true type: array required: - data type: object IncidentTeamResponseAttributes: description: The incident team's attributes from a response. properties: created: description: Timestamp of when the incident team was created. format: date-time readOnly: true type: string modified: description: Timestamp of when the incident team was modified. format: date-time readOnly: true type: string name: description: Name of the incident team. example: team name type: string type: object IncidentTeamResponseData: description: Incident Team data from a response. properties: attributes: $ref: '#/components/schemas/IncidentTeamResponseAttributes' id: description: The incident team's ID. example: 00000000-7ea3-0000-000a-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentTeamRelationships' type: $ref: '#/components/schemas/IncidentTeamType' type: object IncidentTeamType: default: teams description: Incident Team resource type. enum: - teams example: teams type: string x-enum-varnames: - TEAMS IncidentTeamUpdateAttributes: description: The incident team's attributes for an update request. properties: name: description: Name of the incident team. example: team name type: string required: - name type: object IncidentTeamUpdateData: description: Incident Team data for an update request. properties: attributes: $ref: '#/components/schemas/IncidentTeamUpdateAttributes' id: description: The incident team's ID. example: 00000000-7ea3-0000-0001-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentTeamRelationships' type: $ref: '#/components/schemas/IncidentTeamType' required: - type type: object IncidentTeamUpdateRequest: description: Update request with an incident team payload. properties: data: $ref: '#/components/schemas/IncidentTeamUpdateData' required: - data type: object IncidentTeamsResponse: description: Response with a list of incident team payloads. properties: data: description: An array of incident teams. example: - attributes: name: team name id: 00000000-7ea3-0000-0000-000000000000 type: teams items: $ref: '#/components/schemas/IncidentTeamResponseData' type: array included: description: Included related resources which the user requested. items: $ref: '#/components/schemas/IncidentTeamIncludedItems' readOnly: true type: array meta: $ref: '#/components/schemas/IncidentResponseMeta' required: - data type: object IncidentTimelineCellCreateAttributes: description: The timeline cell's attributes for a create request. oneOf: - $ref: '#/components/schemas/IncidentTimelineCellMarkdownCreateAttributes' IncidentTimelineCellMarkdownContentType: default: markdown description: Type of the Markdown timeline cell. enum: - markdown example: markdown type: string x-enum-varnames: - MARKDOWN IncidentTimelineCellMarkdownCreateAttributes: description: Timeline cell data for Markdown timeline cells for a create request. properties: cell_type: $ref: '#/components/schemas/IncidentTimelineCellMarkdownContentType' content: $ref: '#/components/schemas/IncidentTimelineCellMarkdownCreateAttributesContent' important: default: false description: A flag indicating whether the timeline cell is important and should be highlighted. example: false type: boolean required: - content - cell_type type: object IncidentTimelineCellMarkdownCreateAttributesContent: description: The Markdown timeline cell contents. properties: content: description: The Markdown content of the cell. example: An example timeline cell message. nullable: false type: string type: object IncidentTodoAnonymousAssignee: description: Anonymous assignee entity. properties: icon: description: URL for assignee's icon. example: https://a.slack-edge.com/80588/img/slackbot_48.png type: string id: description: Anonymous assignee's ID. example: USLACKBOT type: string name: description: Assignee's name. example: Slackbot type: string source: $ref: '#/components/schemas/IncidentTodoAnonymousAssigneeSource' required: - id - icon - name - source type: object IncidentTodoAnonymousAssigneeSource: default: slack description: The source of the anonymous assignee. enum: - slack - microsoft_teams example: slack type: string x-enum-varnames: - SLACK - MICROSOFT_TEAMS IncidentTodoAssignee: description: A todo assignee. example: '@test.user@test.com' oneOf: - $ref: '#/components/schemas/IncidentTodoAssigneeHandle' - $ref: '#/components/schemas/IncidentTodoAnonymousAssignee' IncidentTodoAssigneeArray: description: Array of todo assignees. example: - '@test.user@test.com' items: $ref: '#/components/schemas/IncidentTodoAssignee' type: array IncidentTodoAssigneeHandle: description: Assignee's @-handle. example: '@test.user@test.com' type: string IncidentTodoAttributes: description: Incident todo's attributes. properties: assignees: $ref: '#/components/schemas/IncidentTodoAssigneeArray' completed: description: Timestamp when the todo was completed. example: '2023-03-06T22:00:00.000000+00:00' nullable: true type: string content: description: The follow-up task's content. example: Restore lost data. type: string created: description: Timestamp when the incident todo was created. format: date-time readOnly: true type: string due_date: description: Timestamp when the todo should be completed by. example: '2023-07-10T05:00:00.000000+00:00' nullable: true type: string incident_id: description: UUID of the incident this todo is connected to. example: 00000000-aaaa-0000-0000-000000000000 type: string modified: description: Timestamp when the incident todo was last modified. format: date-time readOnly: true type: string required: - content - assignees type: object IncidentTodoCreateData: description: Incident todo data for a create request. properties: attributes: $ref: '#/components/schemas/IncidentTodoAttributes' type: $ref: '#/components/schemas/IncidentTodoType' required: - type - attributes type: object IncidentTodoCreateRequest: description: Create request for an incident todo. properties: data: $ref: '#/components/schemas/IncidentTodoCreateData' required: - data type: object IncidentTodoListResponse: description: Response with a list of incident todos. properties: data: description: An array of incident todos. items: $ref: '#/components/schemas/IncidentTodoResponseData' type: array included: description: Included related resources that the user requested. items: $ref: '#/components/schemas/IncidentTodoResponseIncludedItem' readOnly: true type: array meta: $ref: '#/components/schemas/IncidentResponseMeta' required: - data type: object IncidentTodoPatchData: description: Incident todo data for a patch request. properties: attributes: $ref: '#/components/schemas/IncidentTodoAttributes' type: $ref: '#/components/schemas/IncidentTodoType' required: - type - attributes type: object IncidentTodoPatchRequest: description: Patch request for an incident todo. properties: data: $ref: '#/components/schemas/IncidentTodoPatchData' required: - data type: object IncidentTodoRelationships: description: The incident's relationships from a response. properties: created_by_user: $ref: '#/components/schemas/RelationshipToUser' last_modified_by_user: $ref: '#/components/schemas/RelationshipToUser' type: object IncidentTodoResponse: description: Response with an incident todo. properties: data: $ref: '#/components/schemas/IncidentTodoResponseData' included: description: Included related resources that the user requested. items: $ref: '#/components/schemas/IncidentTodoResponseIncludedItem' readOnly: true type: array required: - data type: object IncidentTodoResponseData: description: Incident todo response data. properties: attributes: $ref: '#/components/schemas/IncidentTodoAttributes' id: description: The incident todo's ID. example: 00000000-0000-0000-1234-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentTodoRelationships' type: $ref: '#/components/schemas/IncidentTodoType' required: - id - type type: object IncidentTodoResponseIncludedItem: description: An object related to an incident todo that is included in the response. oneOf: - $ref: '#/components/schemas/User' IncidentTodoType: default: incident_todos description: Todo resource type. enum: - incident_todos example: incident_todos type: string x-enum-varnames: - INCIDENT_TODOS IncidentTrigger: description: Trigger a workflow from an Incident. For automatic triggering a handle must be configured and the workflow must be published. properties: rateLimit: $ref: '#/components/schemas/TriggerRateLimit' type: object IncidentTriggerWrapper: description: Schema for an Incident-based trigger. properties: incidentTrigger: $ref: '#/components/schemas/IncidentTrigger' startStepNames: $ref: '#/components/schemas/StartStepNames' required: - incidentTrigger type: object IncidentType: default: incidents description: Incident resource type. enum: - incidents example: incidents type: string x-enum-varnames: - INCIDENTS IncidentTypeAttributes: description: Incident type's attributes. properties: createdAt: description: Timestamp when the incident type was created. format: date-time readOnly: true type: string createdBy: description: A unique identifier that represents the user that created the incident type. example: 00000000-0000-0000-0000-000000000000 readOnly: true type: string description: description: Text that describes the incident type. example: Any incidents that harm (or have the potential to) the confidentiality, integrity, or availability of our data. type: string is_default: default: false description: If true, this incident type will be used as the default incident type if a type is not specified during the creation of incident resources. example: false type: boolean lastModifiedBy: description: A unique identifier that represents the user that last modified the incident type. example: 00000000-0000-0000-0000-000000000000 readOnly: true type: string modifiedAt: description: Timestamp when the incident type was last modified. format: date-time readOnly: true type: string name: description: The name of the incident type. example: Security Incident type: string prefix: description: The string that will be prepended to the incident title across the Datadog app. example: IR readOnly: true type: string required: - name type: object IncidentTypeCreateData: description: Incident type data for a create request. properties: attributes: $ref: '#/components/schemas/IncidentTypeAttributes' type: $ref: '#/components/schemas/IncidentTypeType' required: - type - attributes type: object IncidentTypeCreateRequest: description: Create request for an incident type. properties: data: $ref: '#/components/schemas/IncidentTypeCreateData' required: - data type: object IncidentTypeListResponse: description: Response with a list of incident types. properties: data: description: An array of incident type objects. items: $ref: '#/components/schemas/IncidentTypeObject' type: array required: - data type: object IncidentTypeObject: description: Incident type response data. properties: attributes: $ref: '#/components/schemas/IncidentTypeAttributes' id: description: The incident type's ID. example: 00000000-0000-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/IncidentTypeType' required: - id - type type: object IncidentTypePatchData: description: Incident type data for a patch request. properties: attributes: $ref: '#/components/schemas/IncidentTypeUpdateAttributes' id: description: The incident type's ID. example: 00000000-0000-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/IncidentTypeType' required: - id - type - attributes type: object IncidentTypePatchRequest: description: Patch request for an incident type. properties: data: $ref: '#/components/schemas/IncidentTypePatchData' required: - data type: object IncidentTypeResponse: description: Incident type response data. properties: data: $ref: '#/components/schemas/IncidentTypeObject' required: - data type: object IncidentTypeType: default: incident_types description: Incident type resource type. enum: - incident_types example: incident_types type: string x-enum-varnames: - INCIDENT_TYPES IncidentTypeUpdateAttributes: description: Incident type's attributes for updates. properties: createdAt: description: Timestamp when the incident type was created. format: date-time readOnly: true type: string createdBy: description: A unique identifier that represents the user that created the incident type. example: 00000000-0000-0000-0000-000000000000 readOnly: true type: string description: description: Text that describes the incident type. example: 'Any incidents that harm (or have the potential to) the confidentiality, integrity, or availability of our data. Note: This will notify the security team.' type: string is_default: description: When true, this incident type will be used as the default type when an incident type is not specified. example: false type: boolean lastModifiedBy: description: A unique identifier that represents the user that last modified the incident type. example: 00000000-0000-0000-0000-000000000000 readOnly: true type: string modifiedAt: description: Timestamp when the incident type was last modified. format: date-time readOnly: true type: string name: description: The name of the incident type. example: Security Incident type: string prefix: description: The string that will be prepended to the incident title across the Datadog app. example: IR readOnly: true type: string type: object IncidentUpdateAttributes: description: The incident's attributes for an update request. properties: customer_impact_end: description: Timestamp when customers were no longer impacted by the incident. format: date-time nullable: true type: string customer_impact_scope: description: A summary of the impact customers experienced during the incident. example: Example customer impact scope type: string customer_impact_start: description: Timestamp when customers began being impacted by the incident. format: date-time nullable: true type: string customer_impacted: description: A flag indicating whether the incident caused customer impact. example: false type: boolean detected: description: Timestamp when the incident was detected. format: date-time nullable: true type: string fields: additionalProperties: $ref: '#/components/schemas/IncidentFieldAttributes' description: A condensed view of the user-defined fields for which to update selections. example: severity: type: dropdown value: SEV-5 type: object notification_handles: description: Notification handles that will be notified of the incident during update. example: - display_name: Jane Doe handle: '@user@email.com' - display_name: Slack Channel handle: '@slack-channel' - display_name: Incident Workflow handle: '@workflow-from-incident' items: $ref: '#/components/schemas/IncidentNotificationHandle' type: array title: description: The title of the incident, which summarizes what happened. example: A test incident title type: string type: object IncidentUpdateData: description: Incident data for an update request. properties: attributes: $ref: '#/components/schemas/IncidentUpdateAttributes' id: description: The incident's ID. example: 00000000-0000-0000-4567-000000000000 type: string relationships: $ref: '#/components/schemas/IncidentUpdateRelationships' type: $ref: '#/components/schemas/IncidentType' required: - id - type type: object IncidentUpdateRelationships: description: The incident's relationships for an update request. properties: commander_user: $ref: '#/components/schemas/NullableRelationshipToUser' integrations: $ref: '#/components/schemas/RelationshipToIncidentIntegrationMetadatas' postmortem: $ref: '#/components/schemas/RelationshipToIncidentPostmortem' type: object IncidentUpdateRequest: description: Update request for an incident. properties: data: $ref: '#/components/schemas/IncidentUpdateData' required: - data type: object IncidentUserAttributes: description: Attributes of user object returned by the API. properties: email: description: Email of the user. type: string handle: description: Handle of the user. type: string icon: description: URL of the user's icon. type: string name: description: Name of the user. nullable: true type: string uuid: description: UUID of the user. type: string type: object IncidentUserData: description: User object returned by the API. properties: attributes: $ref: '#/components/schemas/IncidentUserAttributes' id: description: ID of the user. type: string type: $ref: '#/components/schemas/UsersType' type: object IncidentUserDefinedFieldType: description: The incident user defined fields type. enum: - user_defined_field example: user_defined_field type: string x-enum-varnames: - USER_DEFINED_FIELD IncidentsResponse: description: Response with a list of incidents. properties: data: description: An array of incidents. example: - attributes: created: '2020-04-21T15:34:08.627205+00:00' creation_idempotency_key: null customer_impact_duration: 0 customer_impact_end: null customer_impact_scope: null customer_impact_start: null customer_impacted: false detected: '2020-04-14T00:00:00+00:00' incident_type_uuid: 00000000-0000-0000-0000-000000000001 modified: '2020-09-17T14:16:58.696424+00:00' public_id: 1 resolved: null severity: SEV-1 time_to_detect: 0 time_to_internal_response: 0 time_to_repair: 0 time_to_resolve: 0 title: Example Incident id: 00000000-aaaa-0000-0000-000000000000 relationships: attachments: data: - id: 00000000-9999-0000-0000-000000000000 type: incident_attachments - id: 00000000-1234-0000-0000-000000000000 type: incident_attachments commander_user: data: id: 00000000-0000-0000-cccc-000000000000 type: users created_by_user: data: id: 00000000-0000-0000-cccc-000000000000 type: users integrations: data: - id: 00000000-0000-0000-4444-000000000000 type: incident_integrations - id: 00000000-0000-0000-5555-000000000000 type: incident_integrations last_modified_by_user: data: id: 00000000-0000-0000-cccc-000000000000 type: users type: incidents - attributes: created: '2020-04-21T15:34:08.627205+00:00' creation_idempotency_key: null customer_impact_duration: 0 customer_impact_end: null customer_impact_scope: null customer_impact_start: null customer_impacted: false detected: '2020-04-14T00:00:00+00:00' incident_type_uuid: 00000000-0000-0000-0000-000000000002 modified: '2020-09-17T14:16:58.696424+00:00' public_id: 2 resolved: null severity: SEV-5 time_to_detect: 0 time_to_internal_response: 0 time_to_repair: 0 time_to_resolve: 0 title: Example Incident 2 id: 00000000-1111-0000-0000-000000000000 relationships: attachments: data: - id: 00000000-9999-0000-0000-000000000000 type: incident_attachments commander_user: data: id: 00000000-aaaa-0000-0000-000000000000 type: users created_by_user: data: id: 00000000-aaaa-0000-0000-000000000000 type: users integrations: data: - id: 00000000-0000-0000-0001-000000000000 type: incident_integrations - id: 00000000-0000-0000-0002-000000000000 type: incident_integrations last_modified_by_user: data: id: 00000000-aaaa-0000-0000-000000000000 type: users type: incidents items: $ref: '#/components/schemas/IncidentResponseData' type: array included: description: Included related resources that the user requested. items: $ref: '#/components/schemas/IncidentResponseIncludedItem' readOnly: true type: array meta: $ref: '#/components/schemas/IncidentResponseMeta' required: - data type: object IncludeType: description: Supported include types. enum: - schema - raw_schema - oncall - incident - relation type: string x-enum-varnames: - SCHEMA - RAW_SCHEMA - ONCALL - INCIDENT - RELATION InputSchema: description: A list of input parameters for the workflow. These can be used as dynamic runtime values in your workflow. properties: parameters: description: The `InputSchema` `parameters`. items: $ref: '#/components/schemas/InputSchemaParameters' type: array type: object InputSchemaParameters: description: The definition of `InputSchemaParameters` object. properties: defaultValue: description: The `InputSchemaParameters` `defaultValue`. description: description: The `InputSchemaParameters` `description`. type: string label: description: The `InputSchemaParameters` `label`. type: string name: description: The `InputSchemaParameters` `name`. example: '' type: string type: $ref: '#/components/schemas/InputSchemaParametersType' required: - name - type type: object InputSchemaParametersType: description: The definition of `InputSchemaParametersType` object. enum: - STRING - NUMBER - BOOLEAN - OBJECT - ARRAY_STRING - ARRAY_NUMBER - ARRAY_BOOLEAN - ARRAY_OBJECT example: STRING type: string x-enum-varnames: - STRING - NUMBER - BOOLEAN - OBJECT - ARRAY_STRING - ARRAY_NUMBER - ARRAY_BOOLEAN - ARRAY_OBJECT IntakePayloadAccepted: description: The payload accepted for intake. properties: errors: description: A list of errors. items: description: An empty error list. type: string type: array type: object InterfaceAttributes: description: The interface attributes properties: alias: description: The interface alias example: interface_0 type: string description: description: The interface description example: a network interface type: string index: description: The interface index example: 0 format: int64 type: integer ip_addresses: description: The interface IP addresses example: - 1.1.1.1 - 1.1.1.2 items: type: string type: array mac_address: description: The interface MAC address example: 00:00:00:00:00:00 type: string name: description: The interface name example: if0 type: string status: $ref: '#/components/schemas/InterfaceAttributesStatus' type: object InterfaceAttributesStatus: description: The interface status enum: - up - down - warning - 'off' example: up type: string x-enum-varnames: - UP - DOWN - WARNING - 'OFF' JSONAPIErrorItem: description: API error response body properties: detail: description: A human-readable explanation specific to this occurrence of the error. example: Missing required attribute in body type: string meta: additionalProperties: {} description: Non-standard meta-information about the error type: object source: $ref: '#/components/schemas/JSONAPIErrorItemSource' status: description: Status code of the response. example: '400' type: string title: description: Short human-readable summary of the error. example: Bad Request type: string type: object JSONAPIErrorItemSource: description: References to the source of the error. properties: header: description: A string indicating the name of a single request header which caused the error. example: Authorization type: string parameter: description: A string indicating which URI query parameter caused the error. example: limit type: string pointer: description: A JSON pointer to the value in the request document that caused the error. example: /data/attributes/title type: string type: object JSONAPIErrorResponse: description: API error response. properties: errors: description: A list of errors. items: $ref: '#/components/schemas/JSONAPIErrorItem' type: array required: - errors type: object JiraIntegrationMetadata: description: Incident integration metadata for the Jira integration. properties: issues: description: Array of Jira issues in this integration metadata. example: [] items: $ref: '#/components/schemas/JiraIntegrationMetadataIssuesItem' type: array required: - issues type: object JiraIntegrationMetadataIssuesItem: description: Item in the Jira integration metadata issue array. properties: account: description: URL of issue's Jira account. example: https://example.atlassian.net type: string issue_key: description: Jira issue's issue key. example: PROJ-123 type: string issuetype_id: description: Jira issue's issue type. example: '1000' type: string project_key: description: Jira issue's project keys. example: PROJ type: string redirect_url: description: URL redirecting to the Jira issue. example: https://example.atlassian.net/browse/PROJ-123 type: string required: - project_key - account type: object JiraIssue: description: Jira issue attached to case nullable: true properties: result: $ref: '#/components/schemas/JiraIssueResult' status: $ref: '#/components/schemas/Case3rdPartyTicketStatus' readOnly: true type: object JiraIssueResult: description: Jira issue information properties: issue_id: description: Jira issue ID type: string issue_key: description: Jira issue key type: string issue_url: description: Jira issue URL type: string project_key: description: Jira project key type: string type: object JobCreateResponse: description: Run a historical job response. properties: data: $ref: '#/components/schemas/JobCreateResponseData' type: object JobCreateResponseData: description: The definition of `JobCreateResponseData` object. properties: id: description: ID of the created job. type: string type: $ref: '#/components/schemas/HistoricalJobDataType' type: object JobDefinition: description: Definition of a historical job. properties: calculatedFields: description: Calculated fields. items: $ref: '#/components/schemas/CalculatedField' type: array cases: description: Cases used for generating job results. items: $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate' type: array from: description: Starting time of data analyzed by the job. example: 1729843470000 format: int64 type: integer groupSignalsBy: description: Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. example: - service items: description: Field to group by. type: string type: array index: description: Index used to load the data. example: cloud_siem type: string message: description: Message for generated results. example: A large number of failed login attempts. type: string name: description: Job name. example: Excessive number of failed attempts. type: string options: $ref: '#/components/schemas/HistoricalJobOptions' queries: description: Queries for selecting logs analyzed by the job. items: $ref: '#/components/schemas/HistoricalJobQuery' type: array referenceTables: description: Reference tables used in the queries. items: $ref: '#/components/schemas/SecurityMonitoringReferenceTable' type: array tags: description: Tags for generated signals. items: type: string type: array thirdPartyCases: description: Cases for generating results from third-party detection method. Only available for third-party detection method. example: [] items: $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate' type: array to: description: Ending time of data analyzed by the job. example: 1729847070000 format: int64 type: integer type: description: Job type. type: string required: - from - to - index - name - cases - queries - message type: object JobDefinitionFromRule: description: Definition of a historical job based on a security monitoring rule. properties: caseIndex: description: Index of the rule case applied by the job. example: 0 format: int32 maximum: 9 type: integer from: description: Starting time of data analyzed by the job. example: 1729843470000 format: int64 type: integer id: description: ID of the detection rule used to create the job. example: abc-def-ghi type: string index: description: Index used to load the data. example: cloud_siem type: string notifications: description: Notifications sent when the job is completed. example: - '@sns-cloudtrail-results' items: type: string type: array to: description: Ending time of data analyzed by the job. example: 1729847070000 format: int64 type: integer required: - id - from - to - index - caseIndex type: object KindAttributes: description: Kind attributes. properties: description: description: Short description of the kind. type: string displayName: description: User friendly name of the kind. type: string name: description: The kind name. example: my-job minLength: 1 type: string type: object KindData: description: Schema that defines the structure of a Kind object in the Software Catalog. properties: attributes: $ref: '#/components/schemas/KindAttributes' id: description: A read-only globally unique identifier for the entity generated by Datadog. User supplied values are ignored. example: 4b163705-23c0-4573-b2fb-f6cea2163fcb minLength: 1 type: string meta: $ref: '#/components/schemas/KindMetadata' type: description: Kind. type: string type: object KindMetadata: description: Kind metadata. properties: createdAt: description: The creation time. type: string modifiedAt: description: The modification time. type: string type: object KindObj: description: Schema for kind. properties: description: description: Short description of the kind. type: string displayName: description: The display name of the kind. Automatically generated if not provided. type: string kind: description: The name of the kind to create or update. This must be in kebab-case format. example: my-job type: string required: - kind type: object KindRaw: description: Kind definition in raw JSON or YAML representation. example: 'kind: service displayName: Service description: A service entity in the catalog. ' type: string KindResponseData: description: List of kind responses. items: $ref: '#/components/schemas/KindData' type: array KindResponseMeta: description: Kind response metadata. properties: count: description: Total kinds count. format: int64 type: integer type: object Layer: description: Encapsulates a layer resource, holding attributes like rotation details, plus relationships to the members covering that layer. properties: attributes: $ref: '#/components/schemas/LayerAttributes' id: description: A unique identifier for this layer. type: string relationships: $ref: '#/components/schemas/LayerRelationships' type: $ref: '#/components/schemas/LayerType' required: - type type: object LayerAttributes: description: Describes key properties of a Layer, including rotation details, name, start/end times, and any restrictions. properties: effective_date: description: When the layer becomes active (ISO 8601). format: date-time type: string end_date: description: When the layer ceases to be active (ISO 8601). format: date-time type: string interval: $ref: '#/components/schemas/LayerAttributesInterval' name: description: The name of this layer. example: Weekend Layer type: string restrictions: description: An optional list of time restrictions for when this layer is in effect. items: $ref: '#/components/schemas/TimeRestriction' type: array rotation_start: description: The date/time when the rotation starts (ISO 8601). format: date-time type: string type: object LayerAttributesInterval: description: Defines how often the rotation repeats, using a combination of days and optional seconds. properties: days: description: The number of days in each rotation cycle. example: 1 format: int32 maximum: 400 type: integer seconds: description: Any additional seconds for the rotation cycle (up to 30 days). example: 300 format: int64 maximum: 2592000 type: integer type: object LayerRelationships: description: Holds references to objects related to the Layer entity, such as its members. properties: members: $ref: '#/components/schemas/LayerRelationshipsMembers' type: object LayerRelationshipsMembers: description: Holds an array of references to the members of a Layer, each containing member IDs. properties: data: description: The list of members who belong to this layer. items: $ref: '#/components/schemas/LayerRelationshipsMembersDataItems' type: array type: object LayerRelationshipsMembersDataItems: description: 'Represents a single member object in a layer''s `members` array, referencing a unique Datadog user ID.' properties: id: description: The unique user ID of the layer member. example: 00000000-0000-0000-0000-000000000002 type: string type: $ref: '#/components/schemas/LayerRelationshipsMembersDataItemsType' required: - type - id type: object LayerRelationshipsMembersDataItemsType: default: members description: Members resource type. enum: - members example: members type: string x-enum-varnames: - MEMBERS LayerType: default: layers description: Layers resource type. enum: - layers example: layers type: string x-enum-varnames: - LAYERS LeakedKey: description: The definition of LeakedKey object. properties: attributes: $ref: '#/components/schemas/LeakedKeyAttributes' id: description: The LeakedKey id. example: id type: string type: $ref: '#/components/schemas/LeakedKeyType' required: - attributes - id - type type: object LeakedKeyAttributes: description: The definition of LeakedKeyAttributes object. properties: date: description: The LeakedKeyAttributes date. example: '2017-07-21T17:32:28Z' format: date-time type: string leak_source: description: The LeakedKeyAttributes leak_source. type: string required: - date type: object LeakedKeyType: default: leaked_keys description: The definition of LeakedKeyType object. enum: - leaked_keys example: leaked_keys type: string x-enum-varnames: - LEAKED_KEYS Library: description: Vulnerability library. properties: name: description: Vulnerability library name. example: linux-aws-5.15 type: string version: description: Vulnerability library version. example: 5.15.0 type: string required: - name type: object Links: description: The JSON:API links related to pagination. properties: first: description: First page link. example: https://api.datadoghq.com/api/v2/security/vulnerabilities?page%5Bnumber%5D=1&page%5Btoken%5D=b82cef018aab81ed1d4bb4xb35xxfc065da7efa685fbcecdbd338f3015e3afabbbfa3a911b4984_721ee28a-zecb-4e45-9960-c42065b574f4 type: string last: description: Last page link. example: https://api.datadoghq.com/api/v2/security/vulnerabilities?page%5Bnumber%5D=15&page%5Btoken%5D=b82cef018aab81ed1d4bb4xb35xxfc065da7efa685fbcecdbd338f3015e3afabbbfa3a911b4984_721ee28a-zecb-4e45-9960-c42065b574f4 type: string next: description: Next page link. example: https://api.datadoghq.com/api/v2/security/vulnerabilities?page%5Bnumber%5D=16&page%5Btoken%5D=b82cef018aab81ed1d4bb4xb35xxfc065da7efa685fbcecdbd338f3015e3afabbbfa3a911b4984_721ee28a-zecb-4e45-9960-c42065b574f4 type: string previous: description: Previous page link. example: https://api.datadoghq.com/api/v2/security/vulnerabilities?page%5Bnumber%5D=14&page%5Btoken%5D=b82cef018aab81ed1d4bb4xb35xxfc065da7efa685fbcecdbd338f3015e3afabbbfa3a911b4984_721ee28a-zecb-4e45-9960-c42065b574f4 type: string self: description: Request link. example: https://api.datadoghq.com/api/v2/security/vulnerabilities?filter%5Btool%5D=Infra type: string required: - self - first - last type: object ListAPIsResponse: description: Response for `ListAPIs`. properties: data: description: List of API items. items: $ref: '#/components/schemas/ListAPIsResponseData' type: array meta: $ref: '#/components/schemas/ListAPIsResponseMeta' type: object ListAPIsResponseData: description: Data envelope for `ListAPIsResponse`. properties: attributes: $ref: '#/components/schemas/ListAPIsResponseDataAttributes' id: $ref: '#/components/schemas/ApiID' type: object ListAPIsResponseDataAttributes: description: Attributes for `ListAPIsResponseData`. properties: name: description: API name. example: Payments API type: string type: object ListAPIsResponseMeta: description: Metadata for `ListAPIsResponse`. properties: pagination: $ref: '#/components/schemas/ListAPIsResponseMetaPagination' type: object ListAPIsResponseMetaPagination: description: Pagination metadata information for `ListAPIsResponse`. properties: limit: description: Number of items in the current page. example: 20 format: int64 type: integer offset: description: Offset for pagination. example: 0 format: int64 type: integer total_count: description: Total number of items. example: 35 format: int64 type: integer type: object ListApplicationKeysResponse: description: Response for a list of application keys. properties: data: description: Array of application keys. items: $ref: '#/components/schemas/PartialApplicationKey' type: array included: description: Array of objects related to the application key. items: $ref: '#/components/schemas/ApplicationKeyResponseIncludedItem' type: array meta: $ref: '#/components/schemas/ApplicationKeyResponseMeta' type: object ListAppsResponse: description: A paginated list of apps matching the specified filters and sorting. properties: data: description: An array of app definitions. items: $ref: '#/components/schemas/ListAppsResponseDataItems' type: array included: description: Data on the version of the app that was published. items: $ref: '#/components/schemas/Deployment' type: array meta: $ref: '#/components/schemas/ListAppsResponseMeta' type: object ListAppsResponseDataItems: description: An app definition object. This contains only basic information about the app such as ID, name, and tags. properties: attributes: $ref: '#/components/schemas/ListAppsResponseDataItemsAttributes' id: description: The ID of the app. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string meta: $ref: '#/components/schemas/AppMeta' relationships: $ref: '#/components/schemas/ListAppsResponseDataItemsRelationships' type: $ref: '#/components/schemas/AppDefinitionType' required: - id - type - attributes type: object ListAppsResponseDataItemsAttributes: description: Basic information about the app such as name, description, and tags. properties: description: description: A human-readable description for the app. type: string favorite: description: Whether the app is marked as a favorite by the current user. type: boolean name: description: The name of the app. type: string selfService: description: Whether the app is enabled for use in the Datadog self-service hub. type: boolean tags: description: A list of tags for the app, which can be used to filter apps. example: - service:webshop-backend - team:webshop items: description: An individual tag for the app. type: string type: array type: object ListAppsResponseDataItemsRelationships: description: The app's publication information. properties: deployment: $ref: '#/components/schemas/DeploymentRelationship' type: object ListAppsResponseMeta: description: Pagination metadata. properties: page: $ref: '#/components/schemas/ListAppsResponseMetaPage' type: object ListAppsResponseMetaPage: description: Information on the total number of apps, to be used for pagination. properties: totalCount: description: The total number of apps under the Datadog organization, disregarding any filters applied. format: int64 type: integer totalFilteredCount: description: The total number of apps that match the specified filters. format: int64 type: integer type: object ListDevicesResponse: description: List devices response. properties: data: description: The list devices response data. items: $ref: '#/components/schemas/DevicesListData' type: array meta: $ref: '#/components/schemas/ListDevicesResponseMetadata' type: object ListDevicesResponseMetadata: description: Object describing meta attributes of response. properties: page: $ref: '#/components/schemas/ListDevicesResponseMetadataPage' type: object ListDevicesResponseMetadataPage: description: Pagination object. properties: total_filtered_count: description: Total count of devices matched by the filter. example: 1 format: int64 type: integer type: object ListDowntimesResponse: description: Response for retrieving all downtimes. properties: data: description: An array of downtimes. items: $ref: '#/components/schemas/DowntimeResponseData' type: array included: description: Array of objects related to the downtimes. items: $ref: '#/components/schemas/DowntimeResponseIncludedItem' type: array meta: $ref: '#/components/schemas/DowntimeMeta' type: object ListEntityCatalogResponse: description: List entity response. properties: data: $ref: '#/components/schemas/EntityResponseData' included: $ref: '#/components/schemas/ListEntityCatalogResponseIncluded' links: $ref: '#/components/schemas/ListEntityCatalogResponseLinks' meta: $ref: '#/components/schemas/EntityResponseMeta' type: object ListEntityCatalogResponseIncluded: description: List entity response included. items: $ref: '#/components/schemas/ListEntityCatalogResponseIncludedItem' type: array ListEntityCatalogResponseIncludedItem: description: List entity response included item. oneOf: - $ref: '#/components/schemas/EntityResponseIncludedSchema' - $ref: '#/components/schemas/EntityResponseIncludedRawSchema' - $ref: '#/components/schemas/EntityResponseIncludedRelatedEntity' - $ref: '#/components/schemas/EntityResponseIncludedOncall' - $ref: '#/components/schemas/EntityResponseIncludedIncident' ListEntityCatalogResponseLinks: description: List entity response links. properties: next: description: Next link. type: string previous: description: Previous link. type: string self: description: Current link. type: string type: object ListFindingsData: description: Array of findings. items: $ref: '#/components/schemas/Finding' type: array ListFindingsMeta: additionalProperties: false description: Metadata for pagination. properties: page: $ref: '#/components/schemas/ListFindingsPage' snapshot_timestamp: description: The point in time corresponding to the listed findings. example: 1678721573794 format: int64 minimum: 1 type: integer type: object ListFindingsPage: additionalProperties: false description: Pagination and findings count information. properties: cursor: description: The cursor used to paginate requests. example: eyJhZnRlciI6IkFRQUFBWWJiaEJXQS1OY1dqUUFBQUFCQldXSmlhRUpYUVVGQlJFSktkbTlDTUdaWFRVbDNRVUUiLCJ2YWx1ZXMiOlsiY3JpdGljYWwiXX0= type: string total_filtered_count: description: The total count of findings after the filter has been applied. example: 213 format: int64 type: integer type: object ListFindingsResponse: description: The expected response schema when listing findings. properties: data: $ref: '#/components/schemas/ListFindingsData' meta: $ref: '#/components/schemas/ListFindingsMeta' required: - data - meta type: object ListHistoricalJobsResponse: description: List of historical jobs. properties: data: description: Array containing the list of historical jobs. items: $ref: '#/components/schemas/HistoricalJobResponseData' type: array meta: $ref: '#/components/schemas/HistoricalJobListMeta' type: object ListKindCatalogResponse: description: List kind response. properties: data: $ref: '#/components/schemas/KindResponseData' meta: $ref: '#/components/schemas/KindResponseMeta' type: object ListPipelinesResponse: description: Represents the response payload containing a list of pipelines and associated metadata. properties: data: description: The `schema` `data`. items: $ref: '#/components/schemas/ObservabilityPipelineData' type: array meta: $ref: '#/components/schemas/ListPipelinesResponseMeta' required: - data type: object ListPipelinesResponseMeta: description: Metadata about the response. properties: totalCount: description: The total number of pipelines. example: 42 format: int64 type: integer type: object ListPowerpacksResponse: description: Response object which includes all powerpack configurations. properties: data: description: List of powerpack definitions. items: $ref: '#/components/schemas/PowerpackData' type: array included: description: Array of objects related to the users. items: $ref: '#/components/schemas/User' type: array links: $ref: '#/components/schemas/PowerpackResponseLinks' meta: $ref: '#/components/schemas/PowerpacksResponseMeta' type: object ListRelationCatalogResponse: description: List entity relation response. properties: data: $ref: '#/components/schemas/RelationResponseData' included: $ref: '#/components/schemas/ListRelationCatalogResponseIncluded' links: $ref: '#/components/schemas/ListRelationCatalogResponseLinks' meta: $ref: '#/components/schemas/RelationResponseMeta' type: object ListRelationCatalogResponseIncluded: description: List relation response included entities. items: $ref: '#/components/schemas/EntityData' type: array ListRelationCatalogResponseLinks: description: List relation response links. properties: next: description: Next link. example: /api/v2/catalog/relation?filter[from_ref]=service:service-catalog&include=entity&page[limit]=2&page[offset]=2 type: string previous: description: Previous link. type: string self: description: Current link. example: /api/v2/catalog/relation?filter[from_ref]=service:service-catalog&include=entity&page[limit]=2&page[offset]=0 type: string type: object ListRulesResponse: description: Scorecard rules response. properties: data: $ref: '#/components/schemas/ListRulesResponseData' links: $ref: '#/components/schemas/ListRulesResponseLinks' type: object ListRulesResponseData: description: Array of rule details. items: $ref: '#/components/schemas/ListRulesResponseDataItem' type: array ListRulesResponseDataItem: description: Rule details. properties: attributes: $ref: '#/components/schemas/RuleAttributes' id: $ref: '#/components/schemas/RuleId' relationships: $ref: '#/components/schemas/RelationshipToRule' type: $ref: '#/components/schemas/RuleType' type: object ListRulesResponseLinks: description: Links attributes. properties: next: description: Link for the next set of rules. example: /api/v2/scorecard/rules?page%5Blimit%5D=2&page%5Boffset%5D=2&page%5Bsize%5D=2 type: string type: object ListTagsResponse: description: List tags response. properties: data: $ref: '#/components/schemas/ListTagsResponseData' type: object ListTagsResponseData: description: The list tags response data. properties: attributes: $ref: '#/components/schemas/ListTagsResponseDataAttributes' id: description: The device ID example: example:1.2.3.4 type: string type: description: The type of the resource. The value should always be tags. type: string type: object ListTagsResponseDataAttributes: description: The definition of ListTagsResponseDataAttributes object. properties: tags: description: The list of tags example: - tag:test - tag:testbis items: type: string type: array type: object ListTeamsInclude: description: Included related resources optionally requested. enum: - team_links - user_team_permissions type: string x-enum-varnames: - TEAM_LINKS - USER_TEAM_PERMISSIONS ListTeamsSort: description: Specifies the order of the returned teams enum: - name - -name - user_count - -user_count type: string x-enum-varnames: - NAME - _NAME - USER_COUNT - _USER_COUNT ListVulnerabilitiesResponse: description: The expected response schema when listing vulnerabilities. properties: data: description: List of vulnerabilities. items: $ref: '#/components/schemas/Vulnerability' type: array links: $ref: '#/components/schemas/Links' meta: $ref: '#/components/schemas/Metadata' required: - data type: object ListVulnerableAssetsResponse: description: The expected response schema when listing vulnerable assets. properties: data: description: List of vulnerable assets. items: $ref: '#/components/schemas/Asset' type: array links: $ref: '#/components/schemas/Links' meta: $ref: '#/components/schemas/Metadata' required: - data type: object Log: description: Object description of a log after being processed and stored by Datadog. properties: attributes: $ref: '#/components/schemas/LogAttributes' id: description: Unique ID of the Log. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: '#/components/schemas/LogType' type: object LogAttributes: description: JSON object containing all log attributes and their associated values. properties: attributes: additionalProperties: {} description: JSON object of attributes from your log. example: customAttribute: 123 duration: 2345 type: object host: description: Name of the machine from where the logs are being sent. example: i-0123 type: string message: description: 'The message [reserved attribute](https://docs.datadoghq.com/logs/log_collection/#reserved-attributes) of your log. By default, Datadog ingests the value of the message attribute as the body of the log entry. That value is then highlighted and displayed in the Logstream, where it is indexed for full text search.' example: Host connected to remote type: string service: description: 'The name of the application or service generating the log events. It is used to switch from Logs to APM, so make sure you define the same value when you use both products.' example: agent type: string status: description: Status of the message associated with your log. example: INFO type: string tags: description: Array of tags associated with your log. example: - team:A items: description: Tag associated with your log. type: string type: array timestamp: description: Timestamp of your log. example: '2019-01-02T09:42:36.320Z' format: date-time type: string type: object LogType: default: log description: Type of the event. enum: - log example: log type: string x-enum-varnames: - LOG LogsAggregateBucket: description: A bucket values properties: by: additionalProperties: description: The values for each group by description: The key, value pairs for each group by example: '@state': success '@version': abc type: object computes: additionalProperties: $ref: '#/components/schemas/LogsAggregateBucketValue' description: A map of the metric name -> value for regular compute or list of values for a timeseries type: object type: object LogsAggregateBucketValue: description: A bucket value, can be either a timeseries or a single value oneOf: - $ref: '#/components/schemas/LogsAggregateBucketValueSingleString' - $ref: '#/components/schemas/LogsAggregateBucketValueSingleNumber' - $ref: '#/components/schemas/LogsAggregateBucketValueTimeseries' LogsAggregateBucketValueSingleNumber: description: A single number value format: double type: number LogsAggregateBucketValueSingleString: description: A single string value type: string LogsAggregateBucketValueTimeseries: description: A timeseries array items: $ref: '#/components/schemas/LogsAggregateBucketValueTimeseriesPoint' type: array x-generate-alias-as-model: true LogsAggregateBucketValueTimeseriesPoint: description: A timeseries point properties: time: description: The time value for this point example: '2020-06-08T11:55:00Z' type: string value: description: The value for this point example: 19 format: double type: number type: object LogsAggregateRequest: description: The object sent with the request to retrieve a list of logs from your organization. properties: compute: description: The list of metrics or timeseries to compute for the retrieved buckets. items: $ref: '#/components/schemas/LogsCompute' type: array filter: $ref: '#/components/schemas/LogsQueryFilter' group_by: description: The rules for the group by items: $ref: '#/components/schemas/LogsGroupBy' type: array options: $ref: '#/components/schemas/LogsQueryOptions' page: $ref: '#/components/schemas/LogsAggregateRequestPage' type: object LogsAggregateRequestPage: description: Paging settings properties: cursor: description: 'The returned paging point to use to get the next results. Note: at most 1000 results can be paged.' example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object LogsAggregateResponse: description: The response object for the logs aggregate API endpoint properties: data: $ref: '#/components/schemas/LogsAggregateResponseData' meta: $ref: '#/components/schemas/LogsResponseMetadata' type: object LogsAggregateResponseData: description: The query results properties: buckets: description: The list of matching buckets, one item per bucket items: $ref: '#/components/schemas/LogsAggregateBucket' type: array type: object LogsAggregateResponseStatus: description: The status of the response enum: - done - timeout example: done type: string x-enum-varnames: - DONE - TIMEOUT LogsAggregateSort: description: A sort rule example: aggregation: count order: asc properties: aggregation: $ref: '#/components/schemas/LogsAggregationFunction' metric: description: The metric to sort by (only used for `type=measure`) example: '@duration' type: string order: $ref: '#/components/schemas/LogsSortOrder' type: $ref: '#/components/schemas/LogsAggregateSortType' type: object LogsAggregateSortType: default: alphabetical description: The type of sorting algorithm enum: - alphabetical - measure type: string x-enum-varnames: - ALPHABETICAL - MEASURE LogsAggregationFunction: description: An aggregation function enum: - count - cardinality - pc75 - pc90 - pc95 - pc98 - pc99 - sum - min - max - avg - median example: pc90 type: string x-enum-varnames: - COUNT - CARDINALITY - PERCENTILE_75 - PERCENTILE_90 - PERCENTILE_95 - PERCENTILE_98 - PERCENTILE_99 - SUM - MIN - MAX - AVG - MEDIAN LogsArchive: description: The logs archive. properties: data: $ref: '#/components/schemas/LogsArchiveDefinition' type: object LogsArchiveAttributes: description: The attributes associated with the archive. properties: destination: $ref: '#/components/schemas/LogsArchiveDestination' include_tags: default: false description: 'To store the tags in the archive, set the value "true". If it is set to "false", the tags will be deleted when the logs are sent to the archive.' example: false type: boolean name: description: The archive name. example: Nginx Archive type: string query: description: The archive query/filter. Logs matching this query are included in the archive. example: source:nginx type: string rehydration_max_scan_size_in_gb: description: Maximum scan size for rehydration from this archive. example: 100 format: int64 nullable: true type: integer rehydration_tags: description: An array of tags to add to rehydrated logs from an archive. example: - team:intake - team:app items: description: A given tag in the `<KEY>:<VALUE>` format. type: string type: array state: $ref: '#/components/schemas/LogsArchiveState' required: - name - query - destination type: object LogsArchiveCreateRequest: description: The logs archive. properties: data: $ref: '#/components/schemas/LogsArchiveCreateRequestDefinition' type: object LogsArchiveCreateRequestAttributes: description: The attributes associated with the archive. properties: destination: $ref: '#/components/schemas/LogsArchiveCreateRequestDestination' include_tags: default: false description: 'To store the tags in the archive, set the value "true". If it is set to "false", the tags will be deleted when the logs are sent to the archive.' example: false type: boolean name: description: The archive name. example: Nginx Archive type: string query: description: The archive query/filter. Logs matching this query are included in the archive. example: source:nginx type: string rehydration_max_scan_size_in_gb: description: Maximum scan size for rehydration from this archive. example: 100 format: int64 nullable: true type: integer rehydration_tags: description: An array of tags to add to rehydrated logs from an archive. example: - team:intake - team:app items: description: A given tag in the `<KEY>:<VALUE>` format. type: string type: array required: - name - query - destination type: object LogsArchiveCreateRequestDefinition: description: The definition of an archive. properties: attributes: $ref: '#/components/schemas/LogsArchiveCreateRequestAttributes' type: default: archives description: The type of the resource. The value should always be archives. example: archives type: string required: - type type: object LogsArchiveCreateRequestDestination: description: An archive's destination. oneOf: - $ref: '#/components/schemas/LogsArchiveDestinationAzure' - $ref: '#/components/schemas/LogsArchiveDestinationGCS' - $ref: '#/components/schemas/LogsArchiveDestinationS3' LogsArchiveDefinition: description: The definition of an archive. properties: attributes: $ref: '#/components/schemas/LogsArchiveAttributes' id: description: The archive ID. example: a2zcMylnM4OCHpYusxIi3g readOnly: true type: string type: default: archives description: The type of the resource. The value should always be archives. example: archives readOnly: true type: string required: - type type: object LogsArchiveDestination: description: An archive's destination. nullable: true oneOf: - $ref: '#/components/schemas/LogsArchiveDestinationAzure' - $ref: '#/components/schemas/LogsArchiveDestinationGCS' - $ref: '#/components/schemas/LogsArchiveDestinationS3' type: object LogsArchiveDestinationAzure: description: The Azure archive destination. properties: container: description: The container where the archive will be stored. example: container-name type: string integration: $ref: '#/components/schemas/LogsArchiveIntegrationAzure' path: description: The archive path. type: string region: description: The region where the archive will be stored. type: string storage_account: description: The associated storage account. example: account-name type: string type: $ref: '#/components/schemas/LogsArchiveDestinationAzureType' required: - storage_account - container - integration - type type: object LogsArchiveDestinationAzureType: default: azure description: Type of the Azure archive destination. enum: - azure example: azure type: string x-enum-varnames: - AZURE LogsArchiveDestinationGCS: description: The GCS archive destination. properties: bucket: description: The bucket where the archive will be stored. example: bucket-name type: string integration: $ref: '#/components/schemas/LogsArchiveIntegrationGCS' path: description: The archive path. type: string type: $ref: '#/components/schemas/LogsArchiveDestinationGCSType' required: - bucket - integration - type type: object LogsArchiveDestinationGCSType: default: gcs description: Type of the GCS archive destination. enum: - gcs example: gcs type: string x-enum-varnames: - GCS LogsArchiveDestinationS3: description: The S3 archive destination. properties: bucket: description: The bucket where the archive will be stored. example: bucket-name type: string encryption: $ref: '#/components/schemas/LogsArchiveEncryptionS3' integration: $ref: '#/components/schemas/LogsArchiveIntegrationS3' path: description: The archive path. type: string storage_class: $ref: '#/components/schemas/LogsArchiveStorageClassS3Type' type: $ref: '#/components/schemas/LogsArchiveDestinationS3Type' required: - bucket - integration - type type: object LogsArchiveDestinationS3Type: default: s3 description: Type of the S3 archive destination. enum: - s3 example: s3 type: string x-enum-varnames: - S3 LogsArchiveEncryptionS3: description: The S3 encryption settings. properties: key: description: An Amazon Resource Name (ARN) used to identify an AWS KMS key. example: arn:aws:kms:us-east-1:012345678901:key/DatadogIntegrationRoleKms type: string type: $ref: '#/components/schemas/LogsArchiveEncryptionS3Type' required: - type type: object LogsArchiveEncryptionS3Type: description: Type of S3 encryption for a destination. enum: - NO_OVERRIDE - SSE_S3 - SSE_KMS example: SSE_S3 type: string x-enum-varnames: - NO_OVERRIDE - SSE_S3 - SSE_KMS LogsArchiveIntegrationAzure: description: The Azure archive's integration destination. properties: client_id: description: A client ID. example: aaaaaaaa-1a1a-1a1a-1a1a-aaaaaaaaaaaa type: string tenant_id: description: A tenant ID. example: aaaaaaaa-1a1a-1a1a-1a1a-aaaaaaaaaaaa type: string required: - tenant_id - client_id type: object LogsArchiveIntegrationGCS: description: The GCS archive's integration destination. properties: client_email: description: A client email. example: youremail@example.com type: string project_id: description: A project ID. example: project-id type: string required: - client_email type: object LogsArchiveIntegrationS3: description: The S3 Archive's integration destination. properties: account_id: description: The account ID for the integration. example: '123456789012' type: string role_name: description: The path of the integration. example: role-name type: string required: - role_name - account_id type: object LogsArchiveOrder: description: A ordered list of archive IDs. properties: data: $ref: '#/components/schemas/LogsArchiveOrderDefinition' type: object LogsArchiveOrderAttributes: description: The attributes associated with the archive order. properties: archive_ids: description: 'An ordered array of `<ARCHIVE_ID>` strings, the order of archive IDs in the array define the overall archives order for Datadog.' example: - a2zcMylnM4OCHpYusxIi1g - a2zcMylnM4OCHpYusxIi2g - a2zcMylnM4OCHpYusxIi3g items: description: A given archive ID. type: string type: array required: - archive_ids type: object LogsArchiveOrderDefinition: description: The definition of an archive order. properties: attributes: $ref: '#/components/schemas/LogsArchiveOrderAttributes' type: $ref: '#/components/schemas/LogsArchiveOrderDefinitionType' required: - type - attributes type: object LogsArchiveOrderDefinitionType: default: archive_order description: Type of the archive order definition. enum: - archive_order example: archive_order type: string x-enum-varnames: - ARCHIVE_ORDER LogsArchiveState: description: The state of the archive. enum: - UNKNOWN - WORKING - FAILING - WORKING_AUTH_LEGACY example: WORKING type: string x-enum-varnames: - UNKNOWN - WORKING - FAILING - WORKING_AUTH_LEGACY LogsArchiveStorageClassS3Type: default: STANDARD description: The storage class where the archive will be stored. enum: - STANDARD - STANDARD_IA - ONEZONE_IA - INTELLIGENT_TIERING - GLACIER_IR example: STANDARD type: string x-enum-varnames: - STANDARD - STANDARD_IA - ONEZONE_IA - INTELLIGENT_TIERING - GLACIER_IR LogsArchives: description: The available archives. properties: data: description: A list of archives. items: $ref: '#/components/schemas/LogsArchiveDefinition' type: array type: object LogsCompute: description: A compute rule to compute metrics or timeseries properties: aggregation: $ref: '#/components/schemas/LogsAggregationFunction' interval: description: 'The time buckets'' size (only used for type=timeseries) Defaults to a resolution of 150 points' example: 5m type: string metric: description: The metric to use example: '@duration' type: string type: $ref: '#/components/schemas/LogsComputeType' required: - aggregation type: object LogsComputeType: default: total description: The type of compute enum: - timeseries - total type: string x-enum-varnames: - TIMESERIES - TOTAL LogsGroupBy: description: A group by rule properties: facet: description: The name of the facet to use (required) example: host type: string histogram: $ref: '#/components/schemas/LogsGroupByHistogram' limit: default: 10 description: 'The maximum buckets to return for this group by. Note: at most 10000 buckets are allowed. If grouping by multiple facets, the product of limits must not exceed 10000.' format: int64 type: integer missing: $ref: '#/components/schemas/LogsGroupByMissing' sort: $ref: '#/components/schemas/LogsAggregateSort' total: $ref: '#/components/schemas/LogsGroupByTotal' required: - facet type: object LogsGroupByHistogram: description: 'Used to perform a histogram computation (only for measure facets). Note: at most 100 buckets are allowed, the number of buckets is (max - min)/interval.' properties: interval: description: The bin size of the histogram buckets example: 10 format: double type: number max: description: 'The maximum value for the measure used in the histogram (values greater than this one are filtered out)' example: 100 format: double type: number min: description: 'The minimum value for the measure used in the histogram (values smaller than this one are filtered out)' example: 50 format: double type: number required: - interval - min - max type: object LogsGroupByMissing: description: The value to use for logs that don't have the facet used to group by oneOf: - $ref: '#/components/schemas/LogsGroupByMissingString' - $ref: '#/components/schemas/LogsGroupByMissingNumber' LogsGroupByMissingNumber: description: The missing value to use if there is a number valued facet. format: double type: number LogsGroupByMissingString: description: The missing value to use if there is string valued facet. type: string LogsGroupByTotal: default: false description: A resulting object to put the given computes in over all the matching records. oneOf: - $ref: '#/components/schemas/LogsGroupByTotalBoolean' - $ref: '#/components/schemas/LogsGroupByTotalString' - $ref: '#/components/schemas/LogsGroupByTotalNumber' LogsGroupByTotalBoolean: description: If set to true, creates an additional bucket labeled "$facet_total" type: boolean LogsGroupByTotalNumber: description: A number to use as the key value for the total bucket format: double type: number LogsGroupByTotalString: description: A string to use as the key value for the total bucket type: string LogsListRequest: description: The request for a logs list. properties: filter: $ref: '#/components/schemas/LogsQueryFilter' options: $ref: '#/components/schemas/LogsQueryOptions' page: $ref: '#/components/schemas/LogsListRequestPage' sort: $ref: '#/components/schemas/LogsSort' type: object LogsListRequestPage: description: Paging attributes for listing logs. properties: cursor: description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string limit: default: 10 description: Maximum number of logs in the response. example: 25 format: int32 maximum: 1000 type: integer type: object LogsListResponse: description: Response object with all logs matching the request and pagination information. properties: data: description: Array of logs matching the request. items: $ref: '#/components/schemas/Log' type: array links: $ref: '#/components/schemas/LogsListResponseLinks' meta: $ref: '#/components/schemas/LogsResponseMetadata' type: object LogsListResponseLinks: description: Links attributes. properties: next: description: 'Link for the next set of results. Note that the request can also be made using the POST endpoint.' example: https://app.datadoghq.com/api/v2/logs/event?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object LogsMetricCompute: description: The compute rule to compute the log-based metric. properties: aggregation_type: $ref: '#/components/schemas/LogsMetricComputeAggregationType' include_percentiles: $ref: '#/components/schemas/LogsMetricComputeIncludePercentiles' path: description: The path to the value the log-based metric will aggregate on (only used if the aggregation type is a "distribution"). example: '@duration' type: string required: - aggregation_type type: object LogsMetricComputeAggregationType: description: The type of aggregation to use. enum: - count - distribution example: distribution type: string x-enum-varnames: - COUNT - DISTRIBUTION LogsMetricComputeIncludePercentiles: description: 'Toggle to include or exclude percentile aggregations for distribution metrics. Only present when the `aggregation_type` is `distribution`.' example: true type: boolean LogsMetricCreateAttributes: description: The object describing the Datadog log-based metric to create. properties: compute: $ref: '#/components/schemas/LogsMetricCompute' filter: $ref: '#/components/schemas/LogsMetricFilter' group_by: description: The rules for the group by. items: $ref: '#/components/schemas/LogsMetricGroupBy' type: array required: - compute type: object LogsMetricCreateData: description: The new log-based metric properties. properties: attributes: $ref: '#/components/schemas/LogsMetricCreateAttributes' id: $ref: '#/components/schemas/LogsMetricID' type: $ref: '#/components/schemas/LogsMetricType' required: - id - type - attributes type: object LogsMetricCreateRequest: description: The new log-based metric body. properties: data: $ref: '#/components/schemas/LogsMetricCreateData' required: - data type: object LogsMetricFilter: description: The log-based metric filter. Logs matching this filter will be aggregated in this metric. properties: query: default: '*' description: The search query - following the log search syntax. example: service:web* AND @http.status_code:[200 TO 299] type: string type: object LogsMetricGroupBy: description: A group by rule. properties: path: description: The path to the value the log-based metric will be aggregated over. example: '@http.status_code' type: string tag_name: description: Eventual name of the tag that gets created. By default, the path attribute is used as the tag name. example: status_code type: string required: - path type: object LogsMetricID: description: The name of the log-based metric. example: logs.page.load.count type: string LogsMetricResponse: description: The log-based metric object. properties: data: $ref: '#/components/schemas/LogsMetricResponseData' type: object LogsMetricResponseAttributes: description: The object describing a Datadog log-based metric. properties: compute: $ref: '#/components/schemas/LogsMetricResponseCompute' filter: $ref: '#/components/schemas/LogsMetricResponseFilter' group_by: description: The rules for the group by. items: $ref: '#/components/schemas/LogsMetricResponseGroupBy' type: array type: object LogsMetricResponseCompute: description: The compute rule to compute the log-based metric. properties: aggregation_type: $ref: '#/components/schemas/LogsMetricResponseComputeAggregationType' include_percentiles: $ref: '#/components/schemas/LogsMetricComputeIncludePercentiles' path: description: The path to the value the log-based metric will aggregate on (only used if the aggregation type is a "distribution"). example: '@duration' type: string type: object LogsMetricResponseComputeAggregationType: description: The type of aggregation to use. enum: - count - distribution example: distribution type: string x-enum-varnames: - COUNT - DISTRIBUTION LogsMetricResponseData: description: The log-based metric properties. properties: attributes: $ref: '#/components/schemas/LogsMetricResponseAttributes' id: $ref: '#/components/schemas/LogsMetricID' type: $ref: '#/components/schemas/LogsMetricType' type: object LogsMetricResponseFilter: description: The log-based metric filter. Logs matching this filter will be aggregated in this metric. properties: query: description: The search query - following the log search syntax. example: service:web* AND @http.status_code:[200 TO 299] type: string type: object LogsMetricResponseGroupBy: description: A group by rule. properties: path: description: The path to the value the log-based metric will be aggregated over. example: '@http.status_code' type: string tag_name: description: Eventual name of the tag that gets created. By default, the path attribute is used as the tag name. example: status_code type: string type: object LogsMetricType: default: logs_metrics description: The type of the resource. The value should always be logs_metrics. enum: - logs_metrics example: logs_metrics type: string x-enum-varnames: - LOGS_METRICS LogsMetricUpdateAttributes: description: The log-based metric properties that will be updated. properties: compute: $ref: '#/components/schemas/LogsMetricUpdateCompute' filter: $ref: '#/components/schemas/LogsMetricFilter' group_by: description: The rules for the group by. items: $ref: '#/components/schemas/LogsMetricGroupBy' type: array type: object LogsMetricUpdateCompute: description: The compute rule to compute the log-based metric. properties: include_percentiles: $ref: '#/components/schemas/LogsMetricComputeIncludePercentiles' type: object LogsMetricUpdateData: description: The new log-based metric properties. properties: attributes: $ref: '#/components/schemas/LogsMetricUpdateAttributes' type: $ref: '#/components/schemas/LogsMetricType' required: - type - attributes type: object LogsMetricUpdateRequest: description: The new log-based metric body. properties: data: $ref: '#/components/schemas/LogsMetricUpdateData' required: - data type: object LogsMetricsResponse: description: All the available log-based metric objects. properties: data: description: A list of log-based metric objects. items: $ref: '#/components/schemas/LogsMetricResponseData' type: array type: object LogsQueryFilter: description: The search and filter query settings properties: from: default: now-15m description: The minimum time for the requested logs, supports date math and regular timestamps (milliseconds). example: now-15m type: string indexes: default: - '*' description: For customers with multiple indexes, the indexes to search. Defaults to ['*'] which means all indexes. example: - main - web items: description: The name of a log index. type: string type: array query: default: '*' description: The search query - following the log search syntax. example: service:web* AND @http.status_code:[200 TO 299] type: string storage_tier: $ref: '#/components/schemas/LogsStorageTier' to: default: now description: The maximum time for the requested logs, supports date math and regular timestamps (milliseconds). example: now type: string type: object LogsQueryOptions: deprecated: true description: 'Global query options that are used during the query. Note: These fields are currently deprecated and do not affect the query results.' properties: timeOffset: description: The time offset (in seconds) to apply to the query. format: int64 type: integer timezone: default: UTC description: The timezone can be specified as GMT, UTC, an offset from UTC (like UTC+1), or as a Timezone Database identifier (like America/New_York). example: GMT type: string type: object LogsResponseMetadata: description: The metadata associated with a request properties: elapsed: description: The time elapsed in milliseconds example: 132 format: int64 type: integer page: $ref: '#/components/schemas/LogsResponseMetadataPage' request_id: description: The identifier of the request example: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR type: string status: $ref: '#/components/schemas/LogsAggregateResponseStatus' warnings: description: 'A list of warnings (non fatal errors) encountered, partial results might be returned if warnings are present in the response.' items: $ref: '#/components/schemas/LogsWarning' type: array type: object LogsResponseMetadataPage: description: Paging attributes. properties: after: description: 'The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of the `page[cursor]`.' example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object LogsSort: description: Sort parameters when querying logs. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING LogsSortOrder: description: The order to use, ascending or descending enum: - asc - desc example: asc type: string x-enum-varnames: - ASCENDING - DESCENDING LogsStorageTier: default: indexes description: Specifies storage type as indexes, online-archives or flex enum: - indexes - online-archives - flex example: indexes type: string x-enum-varnames: - INDEXES - ONLINE_ARCHIVES - FLEX LogsWarning: description: A warning message indicating something that went wrong with the query properties: code: description: A unique code for this type of warning example: unknown_index type: string detail: description: A detailed explanation of this specific warning example: 'indexes: foo, bar' type: string title: description: A short human-readable summary of the warning example: One or several indexes are missing or invalid, results hold data from the other indexes type: string type: object MSTeamsIntegrationMetadata: description: Incident integration metadata for the Microsoft Teams integration. properties: teams: description: Array of Microsoft Teams in this integration metadata. example: [] items: $ref: '#/components/schemas/MSTeamsIntegrationMetadataTeamsItem' type: array required: - teams type: object MSTeamsIntegrationMetadataTeamsItem: description: Item in the Microsoft Teams integration metadata teams array. properties: ms_channel_id: description: Microsoft Teams channel ID. example: 19:abc00abcdef00a0abcdef0abcdef0a@thread.tacv2 type: string ms_channel_name: description: Microsoft Teams channel name. example: incident-0001-example type: string ms_tenant_id: description: Microsoft Teams tenant ID. example: 00000000-abcd-0005-0000-000000000000 type: string redirect_url: description: URL redirecting to the Microsoft Teams channel. example: https://teams.microsoft.com/l/channel/19%3Aabc00abcdef00a0abcdef0abcdef0a%40thread.tacv2/conversations?groupId=12345678-abcd-dcba-abcd-1234567890ab&tenantId=00000000-abcd-0005-0000-000000000000 type: string required: - ms_tenant_id - ms_channel_id - ms_channel_name - redirect_url type: object Metadata: description: The metadata related to this request. properties: count: description: Number of entities included in the response. example: 150 format: int64 type: integer token: description: The token that identifies the request. example: b82cef018aab81ed1d4bb4xb35xxfc065da7efa685fbcecdbd338f3015e3afabbbfa3a911b4984_721ee28a-zecb-4e45-9960-c42065b574f4 type: string total: description: Total number of entities across all pages. example: 152431 format: int64 type: integer required: - count - total - token type: object Metric: description: Object for a single metric tag configuration. example: id: metric.foo.bar type: metrics properties: id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricType' type: object MetricActiveConfigurationType: default: actively_queried_configurations description: The metric actively queried configuration resource type. enum: - actively_queried_configurations example: actively_queried_configurations type: string x-enum-varnames: - ACTIVELY_QUERIED_CONFIGURATIONS MetricAllTags: description: Object for a single metric's indexed tags. properties: attributes: $ref: '#/components/schemas/MetricAllTagsAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricType' type: object MetricAllTagsAttributes: description: Object containing the definition of a metric's tags. properties: tags: description: List of indexed tag value pairs. example: - sport:golf - sport:football - animal:dog items: description: Tag key-value pairs. type: string type: array type: object MetricAllTagsResponse: description: Response object that includes a single metric's indexed tags. properties: data: $ref: '#/components/schemas/MetricAllTags' readOnly: true type: object MetricAssetAttributes: description: Assets related to the object, including title and url. properties: title: description: Title of the asset. type: string url: description: URL path of the asset. type: string type: object MetricAssetDashboardRelationship: description: An object of type `dashboard` that can be referenced in the `included` data. properties: id: $ref: '#/components/schemas/MetricDashboardID' type: $ref: '#/components/schemas/MetricDashboardType' type: object MetricAssetDashboardRelationships: description: An object containing the list of dashboards that can be referenced in the `included` data. properties: data: description: A list of dashboards that can be referenced in the `included` data. items: $ref: '#/components/schemas/MetricAssetDashboardRelationship' type: array type: object MetricAssetMonitorRelationship: description: An object of type `monitor` that can be referenced in the `included` data. properties: id: $ref: '#/components/schemas/MetricMonitorID' type: $ref: '#/components/schemas/MetricMonitorType' type: object MetricAssetMonitorRelationships: description: A object containing the list of monitors that can be referenced in the `included` data. properties: data: description: A list of monitors that can be referenced in the `included` data. items: $ref: '#/components/schemas/MetricAssetMonitorRelationship' type: array type: object MetricAssetNotebookRelationship: description: An object of type `notebook` that can be referenced in the `included` data. properties: id: $ref: '#/components/schemas/MetricNotebookID' type: $ref: '#/components/schemas/MetricNotebookType' type: object MetricAssetNotebookRelationships: description: An object containing the list of notebooks that can be referenced in the `included` data. properties: data: description: A list of notebooks that can be referenced in the `included` data. items: $ref: '#/components/schemas/MetricAssetNotebookRelationship' type: array type: object MetricAssetResponseData: description: Metric assets response data. properties: id: $ref: '#/components/schemas/MetricName' relationships: $ref: '#/components/schemas/MetricAssetResponseRelationships' type: $ref: '#/components/schemas/MetricType' required: - id - type type: object MetricAssetResponseIncluded: description: List of included assets with full set of attributes. oneOf: - $ref: '#/components/schemas/MetricDashboardAsset' - $ref: '#/components/schemas/MetricMonitorAsset' - $ref: '#/components/schemas/MetricNotebookAsset' - $ref: '#/components/schemas/MetricSLOAsset' MetricAssetResponseRelationships: description: Relationships to assets related to the metric. properties: dashboards: $ref: '#/components/schemas/MetricAssetDashboardRelationships' monitors: $ref: '#/components/schemas/MetricAssetMonitorRelationships' notebooks: $ref: '#/components/schemas/MetricAssetNotebookRelationships' slos: $ref: '#/components/schemas/MetricAssetSLORelationships' type: object MetricAssetSLORelationship: description: An object of type `slos` that can be referenced in the `included` data. properties: id: $ref: '#/components/schemas/MetricSLOID' type: $ref: '#/components/schemas/MetricSLOType' type: object MetricAssetSLORelationships: description: An object containing a list of SLOs that can be referenced in the `included` data. properties: data: description: A list of SLOs that can be referenced in the `included` data. items: $ref: '#/components/schemas/MetricAssetSLORelationship' type: array type: object MetricAssetsResponse: description: Response object that includes related dashboards, monitors, notebooks, and SLOs. properties: data: $ref: '#/components/schemas/MetricAssetResponseData' included: description: Array of objects related to the metric assets. items: $ref: '#/components/schemas/MetricAssetResponseIncluded' type: array type: object MetricBulkConfigureTagsType: default: metric_bulk_configure_tags description: The metric bulk configure tags resource. enum: - metric_bulk_configure_tags example: metric_bulk_configure_tags type: string x-enum-varnames: - BULK_MANAGE_TAGS MetricBulkTagConfigCreate: description: Request object to bulk configure tags for metrics matching the given prefix. properties: attributes: $ref: '#/components/schemas/MetricBulkTagConfigCreateAttributes' id: $ref: '#/components/schemas/MetricBulkTagConfigNamePrefix' type: $ref: '#/components/schemas/MetricBulkConfigureTagsType' required: - id - type type: object MetricBulkTagConfigCreateAttributes: description: Optional parameters for bulk creating metric tag configurations. properties: emails: $ref: '#/components/schemas/MetricBulkTagConfigEmailList' exclude_tags_mode: description: 'When set to true, the configuration will exclude the configured tags and include any other submitted tags. When set to false, the configuration will include the configured tags and exclude any other submitted tags. Defaults to false.' type: boolean include_actively_queried_tags_window: description: 'When provided, all tags that have been actively queried are configured (and, therefore, remain queryable) for each metric that matches the given prefix. Minimum value is 1 second, and maximum value is 7,776,000 seconds (90 days).' format: double maximum: 7776000 minimum: 1 type: number override_existing_configurations: description: 'When set to true, the configuration overrides any existing configurations for the given metric with the new set of tags in this configuration request. If false, old configurations are kept and are merged with the set of tags in this configuration request. Defaults to true.' type: boolean tags: $ref: '#/components/schemas/MetricBulkTagConfigTagNameList' type: object MetricBulkTagConfigCreateRequest: description: Wrapper object for a single bulk tag configuration request. properties: data: $ref: '#/components/schemas/MetricBulkTagConfigCreate' required: - data type: object MetricBulkTagConfigDelete: description: Request object to bulk delete all tag configurations for metrics matching the given prefix. properties: attributes: $ref: '#/components/schemas/MetricBulkTagConfigDeleteAttributes' id: $ref: '#/components/schemas/MetricBulkTagConfigNamePrefix' type: $ref: '#/components/schemas/MetricBulkConfigureTagsType' required: - id - type type: object MetricBulkTagConfigDeleteAttributes: description: Optional parameters for bulk deleting metric tag configurations. properties: emails: $ref: '#/components/schemas/MetricBulkTagConfigEmailList' type: object MetricBulkTagConfigDeleteRequest: description: Wrapper object for a single bulk tag deletion request. properties: data: $ref: '#/components/schemas/MetricBulkTagConfigDelete' required: - data type: object MetricBulkTagConfigEmailList: description: A list of account emails to notify when the configuration is applied. example: - sue@example.com - bob@example.com items: description: An email address. type: string type: array MetricBulkTagConfigNamePrefix: description: A text prefix to match against metric names. example: kafka.lag type: string MetricBulkTagConfigResponse: description: Wrapper for a single bulk tag configuration status response. properties: data: $ref: '#/components/schemas/MetricBulkTagConfigStatus' type: object MetricBulkTagConfigStatus: description: 'The status of a request to bulk configure metric tags. It contains the fields from the original request for reference.' properties: attributes: $ref: '#/components/schemas/MetricBulkTagConfigStatusAttributes' id: $ref: '#/components/schemas/MetricBulkTagConfigNamePrefix' type: $ref: '#/components/schemas/MetricBulkConfigureTagsType' required: - id - type type: object MetricBulkTagConfigStatusAttributes: description: Optional attributes for the status of a bulk tag configuration request. properties: emails: $ref: '#/components/schemas/MetricBulkTagConfigEmailList' exclude_tags_mode: description: 'When set to true, the configuration will exclude the configured tags and include any other submitted tags. When set to false, the configuration will include the configured tags and exclude any other submitted tags.' type: boolean status: description: The status of the request. example: Accepted type: string tags: $ref: '#/components/schemas/MetricBulkTagConfigTagNameList' type: object MetricBulkTagConfigTagNameList: description: A list of tag names to apply to the configuration. example: - host - pod_name - is_shadow items: description: A metric tag name. maxLength: 200 pattern: ^[A-Za-z][A-Za-z0-9\.\-\_:\/]*$ type: string type: array MetricContentEncoding: default: deflate description: HTTP header used to compress the media-type. enum: - deflate - zstd1 - gzip example: deflate type: string x-enum-varnames: - DEFLATE - ZSTD1 - GZIP MetricCustomAggregation: description: A time and space aggregation combination for use in query. example: space: sum time: sum properties: space: $ref: '#/components/schemas/MetricCustomSpaceAggregation' time: $ref: '#/components/schemas/MetricCustomTimeAggregation' required: - time - space type: object MetricCustomAggregations: description: Deprecated. You no longer need to configure specific time and space aggregations for Metrics Without Limits. example: - space: sum time: sum - space: sum time: count items: $ref: '#/components/schemas/MetricCustomAggregation' type: array MetricCustomSpaceAggregation: description: A space aggregation for use in query. enum: - avg - max - min - sum example: sum type: string x-enum-varnames: - AVG - MAX - MIN - SUM MetricCustomTimeAggregation: description: A time aggregation for use in query. enum: - avg - count - max - min - sum example: sum type: string x-enum-varnames: - AVG - COUNT - MAX - MIN - SUM MetricDashboardAsset: description: A dashboard object with title and popularity. properties: attributes: $ref: '#/components/schemas/MetricDashboardAttributes' id: $ref: '#/components/schemas/MetricDashboardID' type: $ref: '#/components/schemas/MetricDashboardType' required: - id - type type: object MetricDashboardAttributes: description: Attributes related to the dashboard, including title, popularity, and url. properties: popularity: description: Value from 0 to 5 that ranks popularity of the dashboard. format: double maximum: 5 minimum: 0 type: number title: description: Title of the asset. type: string url: description: URL path of the asset. type: string type: object MetricDashboardID: description: The related dashboard's ID. example: xxx-yyy-zzz type: string MetricDashboardType: description: Dashboard resource type. enum: - dashboards example: dashboards type: string x-enum-varnames: - DASHBOARDS MetricDistinctVolume: description: Object for a single metric's distinct volume. properties: attributes: $ref: '#/components/schemas/MetricDistinctVolumeAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricDistinctVolumeType' type: object MetricDistinctVolumeAttributes: description: Object containing the definition of a metric's distinct volume. properties: distinct_volume: description: Distinct volume for the given metric. example: 10 format: int64 type: integer type: object MetricDistinctVolumeType: default: distinct_metric_volumes description: The metric distinct volume type. enum: - distinct_metric_volumes example: distinct_metric_volumes type: string x-enum-varnames: - DISTINCT_METRIC_VOLUMES MetricEstimate: description: Object for a metric cardinality estimate. properties: attributes: $ref: '#/components/schemas/MetricEstimateAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricEstimateResourceType' type: object MetricEstimateAttributes: description: Object containing the definition of a metric estimate attribute. properties: estimate_type: $ref: '#/components/schemas/MetricEstimateType' estimated_at: description: Timestamp when the cardinality estimate was requested. example: '2022-04-27T09:48:37.463835Z' format: date-time type: string estimated_output_series: description: Estimated cardinality of the metric based on the queried configuration. example: 50 format: int64 type: integer type: object MetricEstimateResourceType: default: metric_cardinality_estimate description: The metric estimate resource type. enum: - metric_cardinality_estimate example: metric_cardinality_estimate type: string x-enum-varnames: - METRIC_CARDINALITY_ESTIMATE MetricEstimateResponse: description: Response object that includes metric cardinality estimates. properties: data: $ref: '#/components/schemas/MetricEstimate' type: object MetricEstimateType: default: count_or_gauge description: Estimate type based on the queried configuration. By default, `count_or_gauge` is returned. `distribution` is returned for distribution metrics without percentiles enabled. Lastly, `percentile` is returned if `filter[pct]=true` is queried with a distribution metric. enum: - count_or_gauge - distribution - percentile example: distribution type: string x-enum-varnames: - COUNT_OR_GAUGE - DISTRIBUTION - PERCENTILE MetricIngestedIndexedVolume: description: Object for a single metric's ingested and indexed volume. properties: attributes: $ref: '#/components/schemas/MetricIngestedIndexedVolumeAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricIngestedIndexedVolumeType' type: object MetricIngestedIndexedVolumeAttributes: description: Object containing the definition of a metric's ingested and indexed volume. properties: indexed_volume: description: Indexed volume for the given metric. example: 10 format: int64 type: integer ingested_volume: description: Ingested volume for the given metric. example: 20 format: int64 type: integer type: object MetricIngestedIndexedVolumeType: default: metric_volumes description: The metric ingested and indexed volume type. enum: - metric_volumes example: metric_volumes type: string x-enum-varnames: - METRIC_VOLUMES MetricIntakeType: description: The type of metric. The available types are `0` (unspecified), `1` (count), `2` (rate), and `3` (gauge). enum: - 0 - 1 - 2 - 3 format: int32 type: integer x-enum-varnames: - UNSPECIFIED - COUNT - RATE - GAUGE MetricMetaPage: description: Paging attributes. Only present if pagination query parameters were provided. properties: cursor: description: The cursor used to get the current results, if any. nullable: true type: string limit: description: Number of results returned format: int32 maximum: 20000 minimum: 0 type: integer next_cursor: description: The cursor used to get the next results, if any. nullable: true type: string type: $ref: '#/components/schemas/MetricMetaPageType' type: object MetricMetaPageType: default: cursor_limit description: Type of metric pagination. enum: - cursor_limit example: cursor_limit type: string x-enum-varnames: - CURSOR_LIMIT MetricMetadata: description: Metadata for the metric. properties: origin: $ref: '#/components/schemas/MetricOrigin' type: object MetricMonitorAsset: description: A monitor object with title. properties: attributes: $ref: '#/components/schemas/MetricAssetAttributes' id: $ref: '#/components/schemas/MetricMonitorID' type: $ref: '#/components/schemas/MetricMonitorType' required: - id - type type: object MetricMonitorID: description: The related monitor's ID. example: '1775073' type: string MetricMonitorType: description: Monitor resource type. enum: - monitors example: monitors type: string x-enum-varnames: - MONITORS MetricName: description: The metric name for this resource. example: test.metric.latency type: string MetricNotebookAsset: description: A notebook object with title. properties: attributes: $ref: '#/components/schemas/MetricAssetAttributes' id: $ref: '#/components/schemas/MetricNotebookID' type: $ref: '#/components/schemas/MetricNotebookType' required: - id - type type: object MetricNotebookID: description: The related notebook's ID. example: '12345' type: string MetricNotebookType: description: Notebook resource type. enum: - notebooks example: notebooks type: string x-enum-varnames: - NOTEBOOKS MetricOrigin: description: Metric origin information. properties: metric_type: default: 0 description: The origin metric type code format: int32 maximum: 1000 type: integer product: default: 0 description: The origin product code format: int32 maximum: 1000 type: integer service: default: 0 description: The origin service code format: int32 maximum: 1000 type: integer type: object MetricPaginationMeta: description: Response metadata object. properties: pagination: $ref: '#/components/schemas/MetricMetaPage' type: object MetricPayload: description: The metrics' payload. properties: series: description: A list of timeseries to submit to Datadog. example: - metric: system.load.1 points: - timestamp: 1475317847 value: 0.7 resources: - name: dummyhost type: host items: $ref: '#/components/schemas/MetricSeries' type: array required: - series type: object MetricPoint: description: A point object is of the form `{POSIX_timestamp, numeric_value}`. example: timestamp: 1575317847 value: 0.5 properties: timestamp: description: 'The timestamp should be in seconds and current. Current is defined as not more than 10 minutes in the future or more than 1 hour in the past.' format: int64 type: integer value: description: The numeric value format should be a 64bit float gauge-type value. format: double type: number type: object MetricResource: description: Metric resource. example: name: dummyhost type: host properties: name: description: The name of the resource. type: string type: description: The type of the resource. type: string type: object MetricSLOAsset: description: A SLO object with title. properties: attributes: $ref: '#/components/schemas/MetricAssetAttributes' id: $ref: '#/components/schemas/MetricSLOID' type: $ref: '#/components/schemas/MetricSLOType' required: - id - type type: object MetricSLOID: description: The SLO ID. example: 9ffef113b389520db54391d67d652dfb type: string MetricSLOType: description: SLO resource type. enum: - slos example: slos type: string x-enum-varnames: - SLOS MetricSeries: description: 'A metric to submit to Datadog. See [Datadog metrics](https://docs.datadoghq.com/developers/metrics/#custom-metrics-properties).' properties: interval: description: If the type of the metric is rate or count, define the corresponding interval in seconds. example: 20 format: int64 type: integer metadata: $ref: '#/components/schemas/MetricMetadata' metric: description: The name of the timeseries. example: system.load.1 type: string points: description: Points relating to a metric. All points must be objects with timestamp and a scalar value (cannot be a string). Timestamps should be in POSIX time in seconds, and cannot be more than ten minutes in the future or more than one hour in the past. example: - timestamp: 1575317847 value: 0.5 items: $ref: '#/components/schemas/MetricPoint' type: array resources: description: A list of resources to associate with this metric. items: $ref: '#/components/schemas/MetricResource' type: array source_type_name: description: The source type name. example: datadog type: string tags: description: A list of tags associated with the metric. example: - environment:test items: description: Individual tags. type: string type: array type: $ref: '#/components/schemas/MetricIntakeType' unit: description: The unit of point value. example: second type: string required: - metric - points type: object MetricSuggestedAggregations: description: List of aggregation combinations that have been actively queried. example: - space: sum time: sum - space: sum time: count items: $ref: '#/components/schemas/MetricCustomAggregation' type: array MetricSuggestedTagsAndAggregations: description: Object for a single metric's actively queried tags and aggregations. properties: attributes: $ref: '#/components/schemas/MetricSuggestedTagsAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricActiveConfigurationType' type: object MetricSuggestedTagsAndAggregationsResponse: description: Response object that includes a single metric's actively queried tags and aggregations. properties: data: $ref: '#/components/schemas/MetricSuggestedTagsAndAggregations' readOnly: true type: object MetricSuggestedTagsAttributes: description: Object containing the definition of a metric's actively queried tags and aggregations. properties: active_aggregations: $ref: '#/components/schemas/MetricSuggestedAggregations' active_tags: description: List of tag keys that have been actively queried. example: - app - datacenter items: description: Actively queried tag keys. type: string type: array type: object MetricTagConfiguration: description: Object for a single metric tag configuration. example: attributes: aggregations: - space: avg time: avg created_at: '2020-03-25T09:48:37.463835Z' metric_type: gauge modified_at: '2020-04-25T09:48:37.463835Z' tags: - app - datacenter id: http.request.latency type: manage_tags properties: attributes: $ref: '#/components/schemas/MetricTagConfigurationAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricTagConfigurationType' type: object MetricTagConfigurationAttributes: description: Object containing the definition of a metric tag configuration attributes. properties: aggregations: $ref: '#/components/schemas/MetricCustomAggregations' created_at: description: Timestamp when the tag configuration was created. example: '2020-03-25T09:48:37.463835Z' format: date-time type: string exclude_tags_mode: description: 'When set to true, the configuration will exclude the configured tags and include any other submitted tags. When set to false, the configuration will include the configured tags and exclude any other submitted tags. Defaults to false. Requires `tags` property.' type: boolean include_percentiles: description: 'Toggle to include or exclude percentile aggregations for distribution metrics. Only present when the `metric_type` is `distribution`.' example: true type: boolean metric_type: $ref: '#/components/schemas/MetricTagConfigurationMetricTypes' modified_at: description: Timestamp when the tag configuration was last modified. example: '2020-03-25T09:48:37.463835Z' format: date-time type: string tags: description: List of tag keys on which to group. example: - app - datacenter items: description: Tag keys to group by. type: string type: array type: object MetricTagConfigurationCreateAttributes: description: Object containing the definition of a metric tag configuration to be created. properties: aggregations: $ref: '#/components/schemas/MetricCustomAggregations' exclude_tags_mode: description: 'When set to true, the configuration will exclude the configured tags and include any other submitted tags. When set to false, the configuration will include the configured tags and exclude any other submitted tags. Defaults to false. Requires `tags` property.' type: boolean include_percentiles: description: 'Toggle to include/exclude percentiles for a distribution metric. Defaults to false. Can only be applied to metrics that have a `metric_type` of `distribution`.' example: true type: boolean metric_type: $ref: '#/components/schemas/MetricTagConfigurationMetricTypes' tags: default: [] description: A list of tag keys that will be queryable for your metric. example: - app - datacenter items: description: Tag keys to group by. type: string type: array required: - tags - metric_type type: object MetricTagConfigurationCreateData: description: Object for a single metric to be configure tags on. example: attributes: include_percentiles: false metric_type: distribution tags: - app - datacenter id: http.endpoint.request type: manage_tags properties: attributes: $ref: '#/components/schemas/MetricTagConfigurationCreateAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricTagConfigurationType' required: - id - type type: object MetricTagConfigurationCreateRequest: description: Request object that includes the metric that you would like to configure tags for. properties: data: $ref: '#/components/schemas/MetricTagConfigurationCreateData' required: - data type: object MetricTagConfigurationMetricTypeCategory: default: distribution description: The metric's type category. enum: - non_distribution - distribution example: distribution type: string x-enum-varnames: - NON_DISTRIBUTION - DISTRIBUTION MetricTagConfigurationMetricTypes: default: gauge description: The metric's type. enum: - gauge - count - rate - distribution example: count type: string x-enum-varnames: - GAUGE - COUNT - RATE - DISTRIBUTION MetricTagConfigurationResponse: description: Response object which includes a single metric's tag configuration. properties: data: $ref: '#/components/schemas/MetricTagConfiguration' readOnly: true type: object MetricTagConfigurationType: default: manage_tags description: The metric tag configuration resource type. enum: - manage_tags example: manage_tags type: string x-enum-varnames: - MANAGE_TAGS MetricTagConfigurationUpdateAttributes: description: Object containing the definition of a metric tag configuration to be updated. properties: aggregations: $ref: '#/components/schemas/MetricCustomAggregations' exclude_tags_mode: description: 'When set to true, the configuration will exclude the configured tags and include any other submitted tags. When set to false, the configuration will include the configured tags and exclude any other submitted tags. Defaults to false. Requires `tags` property.' type: boolean include_percentiles: description: 'Toggle to include/exclude percentiles for a distribution metric. Defaults to false. Can only be applied to metrics that have a `metric_type` of `distribution`.' example: true type: boolean tags: default: [] description: A list of tag keys that will be queryable for your metric. example: - app - datacenter items: description: Tag keys to group by. type: string type: array type: object MetricTagConfigurationUpdateData: description: Object for a single tag configuration to be edited. example: attributes: group_by: - app - datacenter include_percentiles: false id: http.endpoint.request type: manage_tags properties: attributes: $ref: '#/components/schemas/MetricTagConfigurationUpdateAttributes' id: $ref: '#/components/schemas/MetricName' type: $ref: '#/components/schemas/MetricTagConfigurationType' required: - id - type type: object MetricTagConfigurationUpdateRequest: description: Request object that includes the metric that you would like to edit the tag configuration on. properties: data: $ref: '#/components/schemas/MetricTagConfigurationUpdateData' required: - data type: object MetricType: default: metrics description: The metric resource type. enum: - metrics example: metrics type: string x-enum-varnames: - METRICS MetricVolumes: description: Possible response objects for a metric's volume. oneOf: - $ref: '#/components/schemas/MetricDistinctVolume' - $ref: '#/components/schemas/MetricIngestedIndexedVolume' MetricVolumesResponse: description: Response object which includes a single metric's volume. properties: data: $ref: '#/components/schemas/MetricVolumes' readOnly: true type: object MetricsAggregator: default: avg description: The type of aggregation that can be performed on metrics-based queries. enum: - avg - min - max - sum - last - percentile - mean - l2norm - area example: avg type: string x-enum-varnames: - AVG - MIN - MAX - SUM - LAST - PERCENTILE - MEAN - L2NORM - AREA MetricsAndMetricTagConfigurations: description: Object for a metrics and metric tag configurations. oneOf: - $ref: '#/components/schemas/Metric' - $ref: '#/components/schemas/MetricTagConfiguration' MetricsAndMetricTagConfigurationsResponse: description: Response object that includes metrics and metric tag configurations. properties: data: description: Array of metrics and metric tag configurations. items: $ref: '#/components/schemas/MetricsAndMetricTagConfigurations' type: array links: $ref: '#/components/schemas/MetricsListResponseLinks' meta: $ref: '#/components/schemas/MetricPaginationMeta' readOnly: true type: object MetricsDataSource: default: metrics description: A data source that is powered by the Metrics platform. enum: - metrics - cloud_cost example: metrics type: string x-enum-varnames: - METRICS - CLOUD_COST MetricsListResponseLinks: description: Pagination links. Only present if pagination query parameters were provided. properties: first: description: Link to the first page. type: string last: description: Link to the last page. nullable: true type: string next: description: Link to the next page. nullable: true type: string prev: description: Link to previous page. nullable: true type: string self: description: Link to current page. type: string type: object MetricsScalarQuery: description: An individual scalar metrics query. properties: aggregator: $ref: '#/components/schemas/MetricsAggregator' data_source: $ref: '#/components/schemas/MetricsDataSource' name: description: The variable name for use in formulas. type: string query: description: A classic metrics query string. example: avg:system.cpu.user{*} by {env} type: string required: - data_source - query - aggregator type: object MetricsTimeseriesQuery: description: An individual timeseries metrics query. properties: data_source: $ref: '#/components/schemas/MetricsDataSource' name: description: The variable name for use in formulas. type: string query: description: A classic metrics query string. example: avg:system.cpu.user{*} by {env} type: string required: - data_source - query type: object MicrosoftSentinelDestination: description: The `microsoft_sentinel` destination forwards logs to Microsoft Sentinel. properties: client_id: description: Azure AD client ID used for authentication. example: a1b2c3d4-5678-90ab-cdef-1234567890ab type: string dcr_immutable_id: description: The immutable ID of the Data Collection Rule (DCR). example: dcr-uuid-1234 type: string id: description: The unique identifier for this component. example: sentinel-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - filter-processor items: type: string type: array table: description: The name of the Log Analytics table where logs are sent. example: CustomLogsTable type: string tenant_id: description: Azure AD tenant ID. example: abcdef12-3456-7890-abcd-ef1234567890 type: string type: $ref: '#/components/schemas/MicrosoftSentinelDestinationType' required: - id - type - inputs - client_id - tenant_id - dcr_immutable_id - table type: object MicrosoftSentinelDestinationType: default: microsoft_sentinel description: The destination type. The value should always be `microsoft_sentinel`. enum: - microsoft_sentinel example: microsoft_sentinel type: string x-enum-varnames: - MICROSOFT_SENTINEL MicrosoftTeamsChannelInfoResponseAttributes: description: Channel attributes. properties: is_primary: description: Indicates if this is the primary channel. example: true maxLength: 255 type: boolean team_id: description: Team id. example: 00000000-0000-0000-0000-000000000000 maxLength: 255 type: string tenant_id: description: Tenant id. example: 00000000-0000-0000-0000-000000000001 maxLength: 255 type: string type: object MicrosoftTeamsChannelInfoResponseData: description: Channel data from a response. properties: attributes: $ref: '#/components/schemas/MicrosoftTeamsChannelInfoResponseAttributes' id: description: The ID of the channel. example: 19:b41k24b14bn1nwffkernfkwrnfneubgkr@thread.tacv2 maxLength: 255 minLength: 1 type: string type: $ref: '#/components/schemas/MicrosoftTeamsChannelInfoType' type: object MicrosoftTeamsChannelInfoType: default: ms-teams-channel-info description: Channel info resource type. enum: - ms-teams-channel-info example: ms-teams-channel-info type: string x-enum-varnames: - MS_TEAMS_CHANNEL_INFO MicrosoftTeamsCreateTenantBasedHandleRequest: description: Create tenant-based handle request. properties: data: $ref: '#/components/schemas/MicrosoftTeamsTenantBasedHandleRequestData' required: - data type: object MicrosoftTeamsCreateWorkflowsWebhookHandleRequest: description: Create Workflows webhook handle request. properties: data: $ref: '#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleRequestData' required: - data type: object MicrosoftTeamsGetChannelByNameResponse: description: Response with channel, team, and tenant ID information. properties: data: $ref: '#/components/schemas/MicrosoftTeamsChannelInfoResponseData' type: object MicrosoftTeamsTenantBasedHandleAttributes: description: Tenant-based handle attributes. properties: channel_id: description: Channel id. example: fake-channel-id maxLength: 255 type: string name: description: Tenant-based handle name. example: fake-handle-name maxLength: 255 type: string team_id: description: Team id. example: 00000000-0000-0000-0000-000000000000 maxLength: 255 type: string tenant_id: description: Tenant id. example: 00000000-0000-0000-0000-000000000001 maxLength: 255 type: string type: object MicrosoftTeamsTenantBasedHandleInfoResponseAttributes: description: Tenant-based handle attributes. properties: channel_id: description: Channel id. example: fake-channel-id maxLength: 255 type: string channel_name: description: Channel name. example: fake-channel-name maxLength: 255 type: string name: description: Tenant-based handle name. example: fake-handle-name maxLength: 255 type: string team_id: description: Team id. example: 00000000-0000-0000-0000-000000000000 maxLength: 255 type: string team_name: description: Team name. example: fake-team-name maxLength: 255 type: string tenant_id: description: Tenant id. example: 00000000-0000-0000-0000-000000000001 maxLength: 255 type: string tenant_name: description: Tenant name. example: fake-tenant-name maxLength: 255 type: string type: object MicrosoftTeamsTenantBasedHandleInfoResponseData: description: Tenant-based handle data from a response. properties: attributes: $ref: '#/components/schemas/MicrosoftTeamsTenantBasedHandleInfoResponseAttributes' id: description: The ID of the tenant-based handle. example: 596da4af-0563-4097-90ff-07230c3f9db3 maxLength: 100 minLength: 1 type: string type: $ref: '#/components/schemas/MicrosoftTeamsTenantBasedHandleInfoType' type: object MicrosoftTeamsTenantBasedHandleInfoType: default: ms-teams-tenant-based-handle-info description: Tenant-based handle resource type. enum: - ms-teams-tenant-based-handle-info example: ms-teams-tenant-based-handle-info type: string x-enum-varnames: - MS_TEAMS_TENANT_BASED_HANDLE_INFO MicrosoftTeamsTenantBasedHandleRequestAttributes: description: Tenant-based handle attributes. properties: channel_id: description: Channel id. example: fake-channel-id maxLength: 255 type: string name: description: Tenant-based handle name. example: fake-handle-name maxLength: 255 type: string team_id: description: Team id. example: 00000000-0000-0000-0000-000000000000 maxLength: 255 type: string tenant_id: description: Tenant id. example: 00000000-0000-0000-0000-000000000001 maxLength: 255 type: string required: - name - channel_id - team_id - tenant_id type: object MicrosoftTeamsTenantBasedHandleRequestData: description: Tenant-based handle data from a response. properties: attributes: $ref: '#/components/schemas/MicrosoftTeamsTenantBasedHandleRequestAttributes' type: $ref: '#/components/schemas/MicrosoftTeamsTenantBasedHandleType' required: - type - attributes type: object MicrosoftTeamsTenantBasedHandleResponse: description: Response of a tenant-based handle. properties: data: $ref: '#/components/schemas/MicrosoftTeamsTenantBasedHandleResponseData' required: - data type: object MicrosoftTeamsTenantBasedHandleResponseData: description: Tenant-based handle data from a response. properties: attributes: $ref: '#/components/schemas/MicrosoftTeamsTenantBasedHandleAttributes' id: description: The ID of the tenant-based handle. example: 596da4af-0563-4097-90ff-07230c3f9db3 maxLength: 100 minLength: 1 type: string type: $ref: '#/components/schemas/MicrosoftTeamsTenantBasedHandleType' type: object MicrosoftTeamsTenantBasedHandleType: default: tenant-based-handle description: Specifies the tenant-based handle resource type. enum: - tenant-based-handle example: tenant-based-handle type: string x-enum-varnames: - TENANT_BASED_HANDLE MicrosoftTeamsTenantBasedHandlesResponse: description: Response with a list of tenant-based handles. properties: data: description: An array of tenant-based handles. example: - attributes: channelId: 19:b41k24b14bn1nwffkernfkwrnfneubgkr@thread.tacv2 channelName: General name: general-handle teamId: 00000000-0000-0000-0000-000000000000 teamName: Example Team tenantId: 00000000-0000-0000-0000-000000000001 tenantName: Company, Inc. id: 596da4af-0563-4097-90ff-07230c3f9db3 type: ms-teams-tenant-based-handle-info - attributes: channelId: 19:b41k24b14bn1nwffkernfkwrnfneubgk1@thread.tacv2 channelName: General2 name: general-handle-2 teamId: 00000000-0000-0000-0000-000000000002 teamName: Example Team 2 tenantId: 00000000-0000-0000-0000-000000000003 tenantName: Company, Inc. id: 596da4af-0563-4097-90ff-07230c3f9db4 type: ms-teams-tenant-based-handle-info items: $ref: '#/components/schemas/MicrosoftTeamsTenantBasedHandleInfoResponseData' type: array required: - data type: object MicrosoftTeamsUpdateTenantBasedHandleRequest: description: Update tenant-based handle request. properties: data: $ref: '#/components/schemas/MicrosoftTeamsUpdateTenantBasedHandleRequestData' required: - data type: object MicrosoftTeamsUpdateTenantBasedHandleRequestData: description: Tenant-based handle data from a response. properties: attributes: $ref: '#/components/schemas/MicrosoftTeamsTenantBasedHandleAttributes' type: $ref: '#/components/schemas/MicrosoftTeamsTenantBasedHandleType' required: - type - attributes type: object MicrosoftTeamsUpdateWorkflowsWebhookHandleRequest: description: Update Workflows webhook handle request. properties: data: $ref: '#/components/schemas/MicrosoftTeamsUpdateWorkflowsWebhookHandleRequestData' required: - data type: object MicrosoftTeamsUpdateWorkflowsWebhookHandleRequestData: description: Workflows Webhook handle data from a response. properties: attributes: $ref: '#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleAttributes' type: $ref: '#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleType' required: - type - attributes type: object MicrosoftTeamsWorkflowsWebhookHandleAttributes: description: Workflows Webhook handle attributes. properties: name: description: Workflows Webhook handle name. example: fake-handle-name maxLength: 255 type: string url: description: Workflows Webhook URL. example: https://fake.url.com maxLength: 255 type: string type: object MicrosoftTeamsWorkflowsWebhookHandleRequestAttributes: description: Workflows Webhook handle attributes. properties: name: description: Workflows Webhook handle name. example: fake-handle-name maxLength: 255 type: string url: description: Workflows Webhook URL. example: https://fake.url.com maxLength: 255 type: string required: - name - url type: object MicrosoftTeamsWorkflowsWebhookHandleRequestData: description: Workflows Webhook handle data from a response. properties: attributes: $ref: '#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleRequestAttributes' type: $ref: '#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleType' required: - type - attributes type: object MicrosoftTeamsWorkflowsWebhookHandleResponse: description: Response of a Workflows webhook handle. properties: data: $ref: '#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleResponseData' required: - data type: object MicrosoftTeamsWorkflowsWebhookHandleResponseData: description: Workflows Webhook handle data from a response. properties: attributes: $ref: '#/components/schemas/MicrosoftTeamsWorkflowsWebhookResponseAttributes' id: description: The ID of the Workflows webhook handle. example: 596da4af-0563-4097-90ff-07230c3f9db3 maxLength: 100 minLength: 1 type: string type: $ref: '#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleType' type: object MicrosoftTeamsWorkflowsWebhookHandleType: default: workflows-webhook-handle description: Specifies the Workflows webhook handle resource type. enum: - workflows-webhook-handle example: workflows-webhook-handle type: string x-enum-varnames: - WORKFLOWS_WEBHOOK_HANDLE MicrosoftTeamsWorkflowsWebhookHandlesResponse: description: Response with a list of Workflows webhook handles. properties: data: description: An array of Workflows webhook handles. example: - attributes: name: general-handle id: 596da4af-0563-4097-90ff-07230c3f9db3 type: workflows-webhook-handle - attributes: name: general-handle-2 id: 596da4af-0563-4097-90ff-07230c3f9db4 type: workflows-webhook-handle items: $ref: '#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleResponseData' type: array required: - data type: object MicrosoftTeamsWorkflowsWebhookResponseAttributes: description: Workflows Webhook handle attributes. properties: name: description: Workflows Webhook handle name. example: fake-handle-name maxLength: 255 type: string type: object MonitorConfigPolicyAttributeCreateRequest: description: Policy and policy type for a monitor configuration policy. properties: policy: $ref: '#/components/schemas/MonitorConfigPolicyPolicyCreateRequest' policy_type: $ref: '#/components/schemas/MonitorConfigPolicyType' required: - policy_type - policy type: object MonitorConfigPolicyAttributeEditRequest: description: Policy and policy type for a monitor configuration policy. properties: policy: $ref: '#/components/schemas/MonitorConfigPolicyPolicy' policy_type: $ref: '#/components/schemas/MonitorConfigPolicyType' required: - policy_type - policy type: object MonitorConfigPolicyAttributeResponse: description: Policy and policy type for a monitor configuration policy. properties: policy: $ref: '#/components/schemas/MonitorConfigPolicyPolicy' policy_type: $ref: '#/components/schemas/MonitorConfigPolicyType' type: object MonitorConfigPolicyCreateData: description: A monitor configuration policy data. properties: attributes: $ref: '#/components/schemas/MonitorConfigPolicyAttributeCreateRequest' type: $ref: '#/components/schemas/MonitorConfigPolicyResourceType' required: - type - attributes type: object MonitorConfigPolicyCreateRequest: description: Request for creating a monitor configuration policy. properties: data: $ref: '#/components/schemas/MonitorConfigPolicyCreateData' required: - data type: object MonitorConfigPolicyEditData: description: A monitor configuration policy data. properties: attributes: $ref: '#/components/schemas/MonitorConfigPolicyAttributeEditRequest' id: description: ID of this monitor configuration policy. example: 00000000-0000-1234-0000-000000000000 type: string type: $ref: '#/components/schemas/MonitorConfigPolicyResourceType' required: - id - type - attributes type: object MonitorConfigPolicyEditRequest: description: Request for editing a monitor configuration policy. properties: data: $ref: '#/components/schemas/MonitorConfigPolicyEditData' required: - data type: object MonitorConfigPolicyListResponse: description: Response for retrieving all monitor configuration policies. properties: data: description: An array of monitor configuration policies. items: $ref: '#/components/schemas/MonitorConfigPolicyResponseData' type: array type: object MonitorConfigPolicyPolicy: description: Configuration for the policy. oneOf: - $ref: '#/components/schemas/MonitorConfigPolicyTagPolicy' MonitorConfigPolicyPolicyCreateRequest: description: Configuration for the policy. oneOf: - $ref: '#/components/schemas/MonitorConfigPolicyTagPolicyCreateRequest' MonitorConfigPolicyResourceType: default: monitor-config-policy description: Monitor configuration policy resource type. enum: - monitor-config-policy example: monitor-config-policy type: string x-enum-varnames: - MONITOR_CONFIG_POLICY MonitorConfigPolicyResponse: description: Response for retrieving a monitor configuration policy. properties: data: $ref: '#/components/schemas/MonitorConfigPolicyResponseData' type: object MonitorConfigPolicyResponseData: description: A monitor configuration policy data. properties: attributes: $ref: '#/components/schemas/MonitorConfigPolicyAttributeResponse' id: description: ID of this monitor configuration policy. example: 00000000-0000-1234-0000-000000000000 type: string type: $ref: '#/components/schemas/MonitorConfigPolicyResourceType' type: object MonitorConfigPolicyTagPolicy: description: Tag attributes of a monitor configuration policy. properties: tag_key: description: The key of the tag. example: datacenter maxLength: 255 type: string tag_key_required: description: If a tag key is required for monitor creation. example: true type: boolean valid_tag_values: description: Valid values for the tag. example: - prod - staging items: maxLength: 255 type: string type: array type: object MonitorConfigPolicyTagPolicyCreateRequest: description: Tag attributes of a monitor configuration policy. properties: tag_key: description: The key of the tag. example: datacenter maxLength: 255 type: string tag_key_required: description: If a tag key is required for monitor creation. example: true type: boolean valid_tag_values: description: Valid values for the tag. example: - prod - staging items: maxLength: 255 type: string type: array required: - tag_key - tag_key_required - valid_tag_values type: object MonitorConfigPolicyType: default: tag description: The monitor configuration policy type. enum: - tag example: tag type: string x-enum-varnames: - TAG MonitorDowntimeMatchResourceType: default: downtime_match description: Monitor Downtime Match resource type. enum: - downtime_match example: downtime_match type: string x-enum-varnames: - DOWNTIME_MATCH MonitorDowntimeMatchResponse: description: Response for retrieving all downtime matches for a monitor. properties: data: description: An array of downtime matches. items: $ref: '#/components/schemas/MonitorDowntimeMatchResponseData' type: array meta: $ref: '#/components/schemas/DowntimeMeta' type: object MonitorDowntimeMatchResponseAttributes: description: Downtime match details. properties: end: description: The end of the downtime. example: 2020-01-02 03:04:00+00:00 format: date-time nullable: true type: string groups: description: An array of groups associated with the downtime. example: - service:postgres - team:frontend items: description: An array of groups. example: service:postgres type: string type: array scope: $ref: '#/components/schemas/DowntimeScope' start: description: The start of the downtime. example: 2020-01-02 03:04:00+00:00 format: date-time type: string type: object MonitorDowntimeMatchResponseData: description: A downtime match. properties: attributes: $ref: '#/components/schemas/MonitorDowntimeMatchResponseAttributes' id: description: The downtime ID. example: 00000000-0000-1234-0000-000000000000 nullable: true type: string type: $ref: '#/components/schemas/MonitorDowntimeMatchResourceType' type: object MonitorNotificationRuleAttributes: additionalProperties: false description: Attributes of the monitor notification rule. properties: filter: $ref: '#/components/schemas/MonitorNotificationRuleFilter' name: $ref: '#/components/schemas/MonitorNotificationRuleName' recipients: $ref: '#/components/schemas/MonitorNotificationRuleRecipients' required: - name - recipients type: object MonitorNotificationRuleCreateRequest: description: Request for creating a monitor notification rule. properties: data: $ref: '#/components/schemas/MonitorNotificationRuleCreateRequestData' required: - data type: object MonitorNotificationRuleCreateRequestData: description: Object to create a monitor notification rule. properties: attributes: $ref: '#/components/schemas/MonitorNotificationRuleAttributes' type: $ref: '#/components/schemas/MonitorNotificationRuleResourceType' required: - attributes type: object MonitorNotificationRuleData: description: Monitor notification rule data. properties: attributes: $ref: '#/components/schemas/MonitorNotificationRuleResponseAttributes' id: $ref: '#/components/schemas/MonitorNotificationRuleId' relationships: $ref: '#/components/schemas/MonitorNotificationRuleRelationships' type: $ref: '#/components/schemas/MonitorNotificationRuleResourceType' type: object MonitorNotificationRuleFilter: description: Filter used to associate the notification rule with monitors. oneOf: - $ref: '#/components/schemas/MonitorNotificationRuleFilterTags' MonitorNotificationRuleFilterTags: additionalProperties: false description: Filter monitors by tags. Monitors must match all tags. properties: tags: description: A list of monitor tags. example: - team:product - host:abc items: maxLength: 255 type: string maxItems: 20 minItems: 1 type: array uniqueItems: true required: - tags type: object MonitorNotificationRuleId: description: The ID of the monitor notification rule. example: 00000000-0000-1234-0000-000000000000 type: string MonitorNotificationRuleListResponse: description: Response for retrieving all monitor notification rules. properties: data: description: A list of monitor notification rules. items: $ref: '#/components/schemas/MonitorNotificationRuleData' type: array included: description: Array of objects related to the monitor notification rules. items: $ref: '#/components/schemas/MonitorNotificationRuleResponseIncludedItem' type: array type: object MonitorNotificationRuleName: description: The name of the monitor notification rule. example: A notification rule name maxLength: 1000 minLength: 1 type: string MonitorNotificationRuleRecipients: description: A list of recipients to notify. Uses the same format as the monitor `message` field. Must not start with an '@'. example: - slack-test-channel - jira-test items: description: individual recipient. maxLength: 255 type: string maxItems: 20 minItems: 1 type: array uniqueItems: true MonitorNotificationRuleRelationships: description: All relationships associated with monitor notification rule. properties: created_by: $ref: '#/components/schemas/MonitorNotificationRuleRelationshipsCreatedBy' type: object MonitorNotificationRuleRelationshipsCreatedBy: description: The user who created the monitor notification rule. properties: data: $ref: '#/components/schemas/MonitorNotificationRuleRelationshipsCreatedByData' type: object MonitorNotificationRuleRelationshipsCreatedByData: description: Data for the user who created the monitor notification rule. nullable: true properties: id: description: User ID of the monitor notification rule creator. example: 00000000-0000-1234-0000-000000000000 type: string type: $ref: '#/components/schemas/UsersType' type: object MonitorNotificationRuleResourceType: default: monitor-notification-rule description: Monitor notification rule resource type. enum: - monitor-notification-rule example: monitor-notification-rule type: string x-enum-varnames: - MONITOR_NOTIFICATION_RULE MonitorNotificationRuleResponse: description: A monitor notification rule. properties: data: $ref: '#/components/schemas/MonitorNotificationRuleData' included: description: Array of objects related to the monitor notification rule that the user requested. items: $ref: '#/components/schemas/MonitorNotificationRuleResponseIncludedItem' type: array type: object MonitorNotificationRuleResponseAttributes: additionalProperties: {} description: Attributes of the monitor notification rule. properties: created: description: Creation time of the monitor notification rule. example: 2020-01-02 03:04:00+00:00 format: date-time type: string filter: $ref: '#/components/schemas/MonitorNotificationRuleFilter' modified: description: Time the monitor notification rule was last modified. example: 2020-01-02 03:04:00+00:00 format: date-time type: string name: $ref: '#/components/schemas/MonitorNotificationRuleName' recipients: $ref: '#/components/schemas/MonitorNotificationRuleRecipients' type: object MonitorNotificationRuleResponseIncludedItem: description: An object related to a monitor notification rule. oneOf: - $ref: '#/components/schemas/User' MonitorNotificationRuleUpdateRequest: description: Request for updating a monitor notification rule. properties: data: $ref: '#/components/schemas/MonitorNotificationRuleUpdateRequestData' required: - data type: object MonitorNotificationRuleUpdateRequestData: description: Object to update a monitor notification rule. properties: attributes: $ref: '#/components/schemas/MonitorNotificationRuleAttributes' id: $ref: '#/components/schemas/MonitorNotificationRuleId' type: $ref: '#/components/schemas/MonitorNotificationRuleResourceType' required: - id - attributes type: object MonitorTrigger: description: Trigger a workflow from a Monitor. For automatic triggering a handle must be configured and the workflow must be published. properties: rateLimit: $ref: '#/components/schemas/TriggerRateLimit' type: object MonitorTriggerWrapper: description: Schema for a Monitor-based trigger. properties: monitorTrigger: $ref: '#/components/schemas/MonitorTrigger' startStepNames: $ref: '#/components/schemas/StartStepNames' required: - monitorTrigger type: object MonitorType: description: Attributes from the monitor that triggered the event. nullable: true properties: created_at: description: The POSIX timestamp of the monitor's creation in nanoseconds. example: 1646318692000 format: int64 type: integer group_status: description: Monitor group status used when there is no `result_groups`. format: int32 maximum: 2147483647 type: integer groups: description: Groups to which the monitor belongs. items: description: A group. type: string type: array id: description: The monitor ID. format: int64 type: integer message: description: The monitor message. type: string modified: description: The monitor's last-modified timestamp. format: int64 type: integer name: description: The monitor name. type: string query: description: The query that triggers the alert. type: string tags: description: A list of tags attached to the monitor. example: - environment:test items: description: A tag. type: string type: array templated_name: description: The templated name of the monitor before resolving any template variables. type: string type: description: The monitor type. type: string type: object MonthlyCostAttributionAttributes: description: Cost Attribution by Tag for a given organization. properties: month: description: 'Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]`.' format: date-time type: string org_name: description: The name of the organization. type: string public_id: description: The organization public ID. type: string tag_config_source: description: The source of the cost attribution tag configuration and the selected tags in the format `<source_org_name>:::<selected tag 1>///<selected tag 2>///<selected tag 3>`. type: string tags: $ref: '#/components/schemas/CostAttributionTagNames' updated_at: description: Shows the most recent hour in the current months for all organizations for which all costs were calculated. type: string values: description: 'Fields in Cost Attribution by tag(s). Example: `infra_host_on_demand_cost`, `infra_host_committed_cost`, `infra_host_total_cost`, `infra_host_percentage_in_org`, `infra_host_percentage_in_account`.' type: object type: object MonthlyCostAttributionBody: description: Cost data. properties: attributes: $ref: '#/components/schemas/MonthlyCostAttributionAttributes' id: description: Unique ID of the response. type: string type: $ref: '#/components/schemas/CostAttributionType' type: object MonthlyCostAttributionMeta: description: The object containing document metadata. properties: aggregates: $ref: '#/components/schemas/CostAttributionAggregates' pagination: $ref: '#/components/schemas/MonthlyCostAttributionPagination' type: object MonthlyCostAttributionPagination: description: The metadata for the current pagination. properties: next_record_id: description: The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of the `next_record_id`. nullable: true type: string type: object MonthlyCostAttributionResponse: description: Response containing the monthly cost attribution by tag(s). properties: data: description: Response containing cost attribution. items: $ref: '#/components/schemas/MonthlyCostAttributionBody' type: array meta: $ref: '#/components/schemas/MonthlyCostAttributionMeta' type: object NotebookTriggerWrapper: description: Schema for a Notebook-based trigger. properties: notebookTrigger: description: Trigger a workflow from a Notebook. type: object startStepNames: $ref: '#/components/schemas/StartStepNames' required: - notebookTrigger type: object NotificationRule: description: 'Notification rules allow full control over notifications generated by the various Datadog security products. They allow users to define the conditions under which a notification should be generated (based on rule severities, rule types, rule tags, and so on), and the targets to notify. A notification rule is composed of a rule ID, a rule type, and the rule attributes. All fields are required. ' properties: attributes: $ref: '#/components/schemas/NotificationRuleAttributes' id: $ref: '#/components/schemas/ID' type: $ref: '#/components/schemas/NotificationRulesType' required: - attributes - id - type type: object NotificationRuleAttributes: description: Attributes of the notification rule. properties: created_at: $ref: '#/components/schemas/Date' created_by: $ref: '#/components/schemas/RuleUser' enabled: $ref: '#/components/schemas/Enabled' modified_at: $ref: '#/components/schemas/Date' modified_by: $ref: '#/components/schemas/RuleUser' name: $ref: '#/components/schemas/RuleName' selectors: $ref: '#/components/schemas/Selectors' targets: $ref: '#/components/schemas/Targets' time_aggregation: $ref: '#/components/schemas/TimeAggregation' version: $ref: '#/components/schemas/Version' required: - created_at - created_by - enabled - modified_at - modified_by - name - selectors - targets - version type: object NotificationRuleQuery: description: The query is composed of one or several key:value pairs, which can be used to filter security issues on tags and attributes. example: (source:production_service OR env:prod) type: string NotificationRuleResponse: description: Response object which includes a notification rule. properties: data: $ref: '#/components/schemas/NotificationRule' type: object NotificationRulesType: description: The rule type associated to notification rules. enum: - notification_rules example: notification_rules type: string x-enum-varnames: - NOTIFICATION_RULES NullableRelationshipToUser: description: Relationship to user. nullable: true properties: data: $ref: '#/components/schemas/NullableRelationshipToUserData' required: - data type: object NullableRelationshipToUserData: description: Relationship to user object. nullable: true properties: id: description: A unique identifier that represents the user. example: 00000000-0000-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/UsersType' required: - id - type type: object NullableUserRelationship: description: Relationship to user. nullable: true properties: data: $ref: '#/components/schemas/NullableUserRelationshipData' required: - data type: object NullableUserRelationshipData: description: Relationship to user object. nullable: true properties: id: description: A unique identifier that represents the user. example: 00000000-0000-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/UserResourceType' required: - id - type type: object ObservabilityPipeline: description: Top-level schema representing a pipeline. properties: data: $ref: '#/components/schemas/ObservabilityPipelineData' required: - data type: object ObservabilityPipelineAddEnvVarsProcessor: description: The `add_env_vars` processor adds environment variable values to log events. properties: id: description: The unique identifier for this component. Used to reference this processor in the pipeline. example: add-env-vars-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: service:my-service type: string inputs: description: A list of component IDs whose output is used as the input for this processor. example: - datadog-agent-source items: type: string type: array type: $ref: '#/components/schemas/ObservabilityPipelineAddEnvVarsProcessorType' variables: description: A list of environment variable mappings to apply to log fields. items: $ref: '#/components/schemas/ObservabilityPipelineAddEnvVarsProcessorVariable' type: array required: - id - type - include - inputs - variables type: object ObservabilityPipelineAddEnvVarsProcessorType: default: add_env_vars description: The processor type. The value should always be `add_env_vars`. enum: - add_env_vars example: add_env_vars type: string x-enum-varnames: - ADD_ENV_VARS ObservabilityPipelineAddEnvVarsProcessorVariable: description: Defines a mapping between an environment variable and a log field. properties: field: description: The target field in the log event. example: log.environment.region type: string name: description: The name of the environment variable to read. example: AWS_REGION type: string required: - field - name type: object ObservabilityPipelineAddFieldsProcessor: description: The `add_fields` processor adds static key-value fields to logs. properties: fields: description: A list of static fields (key-value pairs) that is added to each log event processed by this component. items: $ref: '#/components/schemas/ObservabilityPipelineFieldValue' type: array id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (for example, as the `input` to downstream components). example: add-fields-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: service:my-service type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - datadog-agent-source items: type: string type: array type: $ref: '#/components/schemas/ObservabilityPipelineAddFieldsProcessorType' required: - id - type - include - fields - inputs type: object ObservabilityPipelineAddFieldsProcessorType: default: add_fields description: The processor type. The value should always be `add_fields`. enum: - add_fields example: add_fields type: string x-enum-varnames: - ADD_FIELDS ObservabilityPipelineAmazonDataFirehoseSource: description: The `amazon_data_firehose` source ingests logs from AWS Data Firehose. properties: auth: $ref: '#/components/schemas/ObservabilityPipelineAwsAuth' id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: amazon-firehose-source type: string tls: $ref: '#/components/schemas/ObservabilityPipelineTls' type: $ref: '#/components/schemas/ObservabilityPipelineAmazonDataFirehoseSourceType' required: - id - type type: object ObservabilityPipelineAmazonDataFirehoseSourceType: default: amazon_data_firehose description: The source type. The value should always be `amazon_data_firehose`. enum: - amazon_data_firehose example: amazon_data_firehose type: string x-enum-varnames: - AMAZON_DATA_FIREHOSE ObservabilityPipelineAmazonOpenSearchDestination: description: The `amazon_opensearch` destination writes logs to Amazon OpenSearch. properties: auth: $ref: '#/components/schemas/ObservabilityPipelineAmazonOpenSearchDestinationAuth' bulk_index: description: The index to write logs to. example: logs-index type: string id: description: The unique identifier for this component. example: elasticsearch-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - filter-processor items: type: string type: array type: $ref: '#/components/schemas/ObservabilityPipelineAmazonOpenSearchDestinationType' required: - id - type - inputs - auth type: object ObservabilityPipelineAmazonOpenSearchDestinationAuth: description: 'Authentication settings for the Amazon OpenSearch destination. The `strategy` field determines whether basic or AWS-based authentication is used. ' properties: assume_role: description: The ARN of the role to assume (used with `aws` strategy). type: string aws_region: description: AWS region type: string external_id: description: External ID for the assumed role (used with `aws` strategy). type: string session_name: description: Session name for the assumed role (used with `aws` strategy). type: string strategy: $ref: '#/components/schemas/ObservabilityPipelineAmazonOpenSearchDestinationAuthStrategy' required: - strategy type: object ObservabilityPipelineAmazonOpenSearchDestinationAuthStrategy: description: The authentication strategy to use. enum: - basic - aws example: aws type: string x-enum-varnames: - BASIC - AWS ObservabilityPipelineAmazonOpenSearchDestinationType: default: amazon_opensearch description: The destination type. The value should always be `amazon_opensearch`. enum: - amazon_opensearch example: amazon_opensearch type: string x-enum-varnames: - AMAZON_OPENSEARCH ObservabilityPipelineAmazonS3Destination: description: The `amazon_s3` destination sends your logs in Datadog-rehydratable format to an Amazon S3 bucket for archiving. properties: auth: $ref: '#/components/schemas/ObservabilityPipelineAwsAuth' bucket: description: S3 bucket name. example: error-logs type: string id: description: Unique identifier for the destination component. example: amazon-s3-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - datadog-agent-source items: type: string type: array key_prefix: description: Optional prefix for object keys. type: string region: description: AWS region of the S3 bucket. example: us-east-1 type: string storage_class: $ref: '#/components/schemas/ObservabilityPipelineAmazonS3DestinationStorageClass' tls: $ref: '#/components/schemas/ObservabilityPipelineTls' type: $ref: '#/components/schemas/ObservabilityPipelineAmazonS3DestinationType' required: - id - type - inputs - bucket - region - storage_class type: object ObservabilityPipelineAmazonS3DestinationStorageClass: description: S3 storage class. enum: - STANDARD - REDUCED_REDUNDANCY - INTELLIGENT_TIERING - STANDARD_IA - EXPRESS_ONEZONE - ONEZONE_IA - GLACIER - GLACIER_IR - DEEP_ARCHIVE example: STANDARD type: string x-enum-varnames: - STANDARD - REDUCED_REDUNDANCY - INTELLIGENT_TIERING - STANDARD_IA - EXPRESS_ONEZONE - ONEZONE_IA - GLACIER - GLACIER_IR - DEEP_ARCHIVE ObservabilityPipelineAmazonS3DestinationType: default: amazon_s3 description: The destination type. Always `amazon_s3`. enum: - amazon_s3 example: amazon_s3 type: string x-enum-varnames: - AMAZON_S3 ObservabilityPipelineAmazonS3Source: description: 'The `amazon_s3` source ingests logs from an Amazon S3 bucket. It supports AWS authentication and TLS encryption. ' properties: auth: $ref: '#/components/schemas/ObservabilityPipelineAwsAuth' id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: aws-s3-source type: string region: description: AWS region where the S3 bucket resides. example: us-east-1 type: string tls: $ref: '#/components/schemas/ObservabilityPipelineTls' type: $ref: '#/components/schemas/ObservabilityPipelineAmazonS3SourceType' required: - id - type - region type: object ObservabilityPipelineAmazonS3SourceType: default: amazon_s3 description: The source type. Always `amazon_s3`. enum: - amazon_s3 example: amazon_s3 type: string x-enum-varnames: - AMAZON_S3 ObservabilityPipelineAwsAuth: description: "AWS authentication credentials used for accessing AWS services such as S3.\nIf omitted, the system\u2019s default credentials are used (for example, the IAM role and environment variables).\n" properties: assume_role: description: The Amazon Resource Name (ARN) of the role to assume. type: string external_id: description: A unique identifier for cross-account role assumption. type: string session_name: description: A session identifier used for logging and tracing the assumed role session. type: string type: object ObservabilityPipelineConfig: description: Specifies the pipeline's configuration, including its sources, processors, and destinations. properties: destinations: description: A list of destination components where processed logs are sent. example: - id: datadog-logs-destination inputs: - filter-processor type: datadog_logs items: $ref: '#/components/schemas/ObservabilityPipelineConfigDestinationItem' type: array processors: description: A list of processors that transform or enrich log data. example: - id: filter-processor include: service:my-service inputs: - datadog-agent-source type: filter items: $ref: '#/components/schemas/ObservabilityPipelineConfigProcessorItem' type: array sources: description: A list of configured data sources for the pipeline. example: - id: datadog-agent-source type: datadog_agent items: $ref: '#/components/schemas/ObservabilityPipelineConfigSourceItem' type: array required: - sources - destinations type: object ObservabilityPipelineConfigDestinationItem: description: A destination for the pipeline. oneOf: - $ref: '#/components/schemas/ObservabilityPipelineDatadogLogsDestination' - $ref: '#/components/schemas/ObservabilityPipelineAmazonS3Destination' - $ref: '#/components/schemas/ObservabilityPipelineGoogleCloudStorageDestination' - $ref: '#/components/schemas/ObservabilityPipelineSplunkHecDestination' - $ref: '#/components/schemas/ObservabilityPipelineSumoLogicDestination' - $ref: '#/components/schemas/ObservabilityPipelineElasticsearchDestination' - $ref: '#/components/schemas/ObservabilityPipelineRsyslogDestination' - $ref: '#/components/schemas/ObservabilityPipelineSyslogNgDestination' - $ref: '#/components/schemas/AzureStorageDestination' - $ref: '#/components/schemas/MicrosoftSentinelDestination' - $ref: '#/components/schemas/ObservabilityPipelineGoogleChronicleDestination' - $ref: '#/components/schemas/ObservabilityPipelineNewRelicDestination' - $ref: '#/components/schemas/ObservabilityPipelineSentinelOneDestination' - $ref: '#/components/schemas/ObservabilityPipelineOpenSearchDestination' - $ref: '#/components/schemas/ObservabilityPipelineAmazonOpenSearchDestination' ObservabilityPipelineConfigProcessorItem: description: A processor for the pipeline. oneOf: - $ref: '#/components/schemas/ObservabilityPipelineFilterProcessor' - $ref: '#/components/schemas/ObservabilityPipelineParseJSONProcessor' - $ref: '#/components/schemas/ObservabilityPipelineQuotaProcessor' - $ref: '#/components/schemas/ObservabilityPipelineAddFieldsProcessor' - $ref: '#/components/schemas/ObservabilityPipelineRemoveFieldsProcessor' - $ref: '#/components/schemas/ObservabilityPipelineRenameFieldsProcessor' - $ref: '#/components/schemas/ObservabilityPipelineGenerateMetricsProcessor' - $ref: '#/components/schemas/ObservabilityPipelineSampleProcessor' - $ref: '#/components/schemas/ObservabilityPipelineParseGrokProcessor' - $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessor' - $ref: '#/components/schemas/ObservabilityPipelineOcsfMapperProcessor' - $ref: '#/components/schemas/ObservabilityPipelineAddEnvVarsProcessor' - $ref: '#/components/schemas/ObservabilityPipelineDedupeProcessor' - $ref: '#/components/schemas/ObservabilityPipelineEnrichmentTableProcessor' - $ref: '#/components/schemas/ObservabilityPipelineReduceProcessor' - $ref: '#/components/schemas/ObservabilityPipelineThrottleProcessor' ObservabilityPipelineConfigSourceItem: description: A data source for the pipeline. oneOf: - $ref: '#/components/schemas/ObservabilityPipelineKafkaSource' - $ref: '#/components/schemas/ObservabilityPipelineDatadogAgentSource' - $ref: '#/components/schemas/ObservabilityPipelineSplunkTcpSource' - $ref: '#/components/schemas/ObservabilityPipelineSplunkHecSource' - $ref: '#/components/schemas/ObservabilityPipelineAmazonS3Source' - $ref: '#/components/schemas/ObservabilityPipelineFluentdSource' - $ref: '#/components/schemas/ObservabilityPipelineFluentBitSource' - $ref: '#/components/schemas/ObservabilityPipelineHttpServerSource' - $ref: '#/components/schemas/ObservabilityPipelineSumoLogicSource' - $ref: '#/components/schemas/ObservabilityPipelineRsyslogSource' - $ref: '#/components/schemas/ObservabilityPipelineSyslogNgSource' - $ref: '#/components/schemas/ObservabilityPipelineAmazonDataFirehoseSource' - $ref: '#/components/schemas/ObservabilityPipelineGooglePubSubSource' - $ref: '#/components/schemas/ObservabilityPipelineHttpClientSource' - $ref: '#/components/schemas/ObservabilityPipelineLogstashSource' ObservabilityPipelineData: description: "Contains the pipeline\u2019s ID, type, and configuration attributes." properties: attributes: $ref: '#/components/schemas/ObservabilityPipelineDataAttributes' id: description: Unique identifier for the pipeline. example: 3fa85f64-5717-4562-b3fc-2c963f66afa6 type: string type: default: pipelines description: The resource type identifier. For pipeline resources, this should always be set to `pipelines`. example: pipelines type: string required: - id - type - attributes type: object ObservabilityPipelineDataAttributes: description: "Defines the pipeline\u2019s name and its components (sources, processors, and destinations)." properties: config: $ref: '#/components/schemas/ObservabilityPipelineConfig' name: description: Name of the pipeline. example: Main Observability Pipeline type: string required: - name - config type: object ObservabilityPipelineDatadogAgentSource: description: The `datadog_agent` source collects logs from the Datadog Agent. properties: id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: datadog-agent-source type: string tls: $ref: '#/components/schemas/ObservabilityPipelineTls' type: $ref: '#/components/schemas/ObservabilityPipelineDatadogAgentSourceType' required: - id - type type: object ObservabilityPipelineDatadogAgentSourceType: default: datadog_agent description: The source type. The value should always be `datadog_agent`. enum: - datadog_agent example: datadog_agent type: string x-enum-varnames: - DATADOG_AGENT ObservabilityPipelineDatadogLogsDestination: description: The `datadog_logs` destination forwards logs to Datadog Log Management. properties: id: description: The unique identifier for this component. example: datadog-logs-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - filter-processor items: type: string type: array type: $ref: '#/components/schemas/ObservabilityPipelineDatadogLogsDestinationType' required: - id - type - inputs type: object ObservabilityPipelineDatadogLogsDestinationType: default: datadog_logs description: The destination type. The value should always be `datadog_logs`. enum: - datadog_logs example: datadog_logs type: string x-enum-varnames: - DATADOG_LOGS ObservabilityPipelineDecoding: description: The decoding format used to interpret incoming logs. enum: - bytes - gelf - json - syslog example: json type: string x-enum-varnames: - DECODE_BYTES - DECODE_GELF - DECODE_JSON - DECODE_SYSLOG ObservabilityPipelineDedupeProcessor: description: The `dedupe` processor removes duplicate fields in log events. properties: fields: description: A list of log field paths to check for duplicates. example: - log.message - log.error items: type: string type: array id: description: The unique identifier for this processor. example: dedupe-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: service:my-service type: string inputs: description: A list of component IDs whose output is used as the input for this processor. example: - parse-json-processor items: type: string type: array mode: $ref: '#/components/schemas/ObservabilityPipelineDedupeProcessorMode' type: $ref: '#/components/schemas/ObservabilityPipelineDedupeProcessorType' required: - id - type - include - inputs - fields - mode type: object ObservabilityPipelineDedupeProcessorMode: description: The deduplication mode to apply to the fields. enum: - match - ignore example: match type: string x-enum-varnames: - MATCH - IGNORE ObservabilityPipelineDedupeProcessorType: default: dedupe description: The processor type. The value should always be `dedupe`. enum: - dedupe example: dedupe type: string x-enum-varnames: - DEDUPE ObservabilityPipelineElasticsearchDestination: description: The `elasticsearch` destination writes logs to an Elasticsearch cluster. properties: api_version: $ref: '#/components/schemas/ObservabilityPipelineElasticsearchDestinationApiVersion' bulk_index: description: The index to write logs to in Elasticsearch. example: logs-index type: string id: description: The unique identifier for this component. example: elasticsearch-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - filter-processor items: type: string type: array type: $ref: '#/components/schemas/ObservabilityPipelineElasticsearchDestinationType' required: - id - type - inputs type: object ObservabilityPipelineElasticsearchDestinationApiVersion: description: The Elasticsearch API version to use. Set to `auto` to auto-detect. enum: - auto - v6 - v7 - v8 example: auto type: string x-enum-varnames: - AUTO - V6 - V7 - V8 ObservabilityPipelineElasticsearchDestinationType: default: elasticsearch description: The destination type. The value should always be `elasticsearch`. enum: - elasticsearch example: elasticsearch type: string x-enum-varnames: - ELASTICSEARCH ObservabilityPipelineEnrichmentTableFile: description: Defines a static enrichment table loaded from a CSV file. properties: encoding: $ref: '#/components/schemas/ObservabilityPipelineEnrichmentTableFileEncoding' key: description: Key fields used to look up enrichment values. items: $ref: '#/components/schemas/ObservabilityPipelineEnrichmentTableFileKeyItems' type: array path: description: Path to the CSV file. example: /etc/enrichment/lookup.csv type: string schema: description: Schema defining column names and their types. items: $ref: '#/components/schemas/ObservabilityPipelineEnrichmentTableFileSchemaItems' type: array required: - encoding - key - path - schema type: object ObservabilityPipelineEnrichmentTableFileEncoding: description: File encoding format. properties: delimiter: description: The `encoding` `delimiter`. example: ',' type: string includes_headers: description: The `encoding` `includes_headers`. example: true type: boolean type: $ref: '#/components/schemas/ObservabilityPipelineEnrichmentTableFileEncodingType' required: - type - delimiter - includes_headers type: object ObservabilityPipelineEnrichmentTableFileEncodingType: description: Specifies the encoding format (e.g., CSV) used for enrichment tables. enum: - csv example: csv type: string x-enum-varnames: - CSV ObservabilityPipelineEnrichmentTableFileKeyItems: description: Defines how to map log fields to enrichment table columns during lookups. properties: column: description: The `items` `column`. example: user_id type: string comparison: $ref: '#/components/schemas/ObservabilityPipelineEnrichmentTableFileKeyItemsComparison' field: description: The `items` `field`. example: log.user.id type: string required: - column - comparison - field type: object ObservabilityPipelineEnrichmentTableFileKeyItemsComparison: description: Defines how to compare key fields for enrichment table lookups. enum: - equals example: equals type: string x-enum-varnames: - EQUALS ObservabilityPipelineEnrichmentTableFileSchemaItems: description: Describes a single column and its type in an enrichment table schema. properties: column: description: The `items` `column`. example: region type: string type: $ref: '#/components/schemas/ObservabilityPipelineEnrichmentTableFileSchemaItemsType' required: - column - type type: object ObservabilityPipelineEnrichmentTableFileSchemaItemsType: description: Declares allowed data types for enrichment table columns. enum: - string - boolean - integer - float - date - timestamp example: string type: string x-enum-varnames: - STRING - BOOLEAN - INTEGER - FLOAT - DATE - TIMESTAMP ObservabilityPipelineEnrichmentTableGeoIp: description: Uses a GeoIP database to enrich logs based on an IP field. properties: key_field: description: Path to the IP field in the log. example: log.source.ip type: string locale: description: Locale used to resolve geographical names. example: en type: string path: description: Path to the GeoIP database file. example: /etc/geoip/GeoLite2-City.mmdb type: string required: - key_field - locale - path type: object ObservabilityPipelineEnrichmentTableProcessor: description: The `enrichment_table` processor enriches logs using a static CSV file or GeoIP database. properties: file: $ref: '#/components/schemas/ObservabilityPipelineEnrichmentTableFile' geoip: $ref: '#/components/schemas/ObservabilityPipelineEnrichmentTableGeoIp' id: description: The unique identifier for this processor. example: enrichment-table-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: source:my-source type: string inputs: description: A list of component IDs whose output is used as the input for this processor. example: - add-fields-processor items: type: string type: array target: description: Path where enrichment results should be stored in the log. example: enriched.geoip type: string type: $ref: '#/components/schemas/ObservabilityPipelineEnrichmentTableProcessorType' required: - id - type - include - inputs - target type: object ObservabilityPipelineEnrichmentTableProcessorType: default: enrichment_table description: The processor type. The value should always be `enrichment_table`. enum: - enrichment_table example: enrichment_table type: string x-enum-varnames: - ENRICHMENT_TABLE ObservabilityPipelineFieldValue: description: Represents a static key-value pair used in various processors. properties: name: description: The field name. example: field_name type: string value: description: The field value. example: field_value type: string required: - name - value type: object ObservabilityPipelineFilterProcessor: description: The `filter` processor allows conditional processing of logs based on a Datadog search query. Logs that match the `include` query are passed through; others are discarded. properties: id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (for example, as the `input` to downstream components). example: filter-processor type: string include: description: A Datadog search query used to determine which logs should pass through the filter. Logs that match this query continue to downstream components; others are dropped. example: service:my-service type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - datadog-agent-source items: type: string type: array type: $ref: '#/components/schemas/ObservabilityPipelineFilterProcessorType' required: - id - type - include - inputs type: object ObservabilityPipelineFilterProcessorType: default: filter description: The processor type. The value should always be `filter`. enum: - filter example: filter type: string x-enum-varnames: - FILTER ObservabilityPipelineFluentBitSource: description: The `fluent_bit` source ingests logs from Fluent Bit. properties: id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (for example, as the `input` to downstream components). example: fluent-source type: string tls: $ref: '#/components/schemas/ObservabilityPipelineTls' type: $ref: '#/components/schemas/ObservabilityPipelineFluentBitSourceType' required: - id - type type: object ObservabilityPipelineFluentBitSourceType: default: fluent_bit description: The source type. The value should always be `fluent_bit`. enum: - fluent_bit example: fluent_bit type: string x-enum-varnames: - FLUENT_BIT ObservabilityPipelineFluentdSource: description: The `fluentd` source ingests logs from a Fluentd-compatible service. properties: id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (for example, as the `input` to downstream components). example: fluent-source type: string tls: $ref: '#/components/schemas/ObservabilityPipelineTls' type: $ref: '#/components/schemas/ObservabilityPipelineFluentdSourceType' required: - id - type type: object ObservabilityPipelineFluentdSourceType: default: fluentd description: The source type. The value should always be `fluentd. enum: - fluentd example: fluentd type: string x-enum-varnames: - FLUENTD ObservabilityPipelineGcpAuth: description: 'GCP credentials used to authenticate with Google Cloud Storage. ' properties: credentials_file: description: Path to the GCP service account key file. example: /var/secrets/gcp-credentials.json type: string required: - credentials_file type: object ObservabilityPipelineGenerateMetricsProcessor: description: 'The `generate_datadog_metrics` processor creates custom metrics from logs and sends them to Datadog. Metrics can be counters, gauges, or distributions and optionally grouped by log fields. ' properties: id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline. example: generate-metrics-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: service:my-service type: string inputs: description: A list of component IDs whose output is used as the `input` for this processor. example: - source-id items: type: string type: array metrics: description: Configuration for generating individual metrics. items: $ref: '#/components/schemas/ObservabilityPipelineGeneratedMetric' type: array type: $ref: '#/components/schemas/ObservabilityPipelineGenerateMetricsProcessorType' required: - id - type - inputs - include - metrics type: object ObservabilityPipelineGenerateMetricsProcessorType: default: generate_datadog_metrics description: The processor type. Always `generate_datadog_metrics`. enum: - generate_datadog_metrics example: generate_datadog_metrics type: string x-enum-varnames: - GENERATE_DATADOG_METRICS ObservabilityPipelineGeneratedMetric: description: 'Defines a log-based custom metric, including its name, type, filter, value computation strategy, and optional grouping fields. ' properties: group_by: description: Optional fields used to group the metric series. example: - service - env items: type: string type: array include: description: Datadog filter query to match logs for metric generation. example: service:billing type: string metric_type: $ref: '#/components/schemas/ObservabilityPipelineGeneratedMetricMetricType' name: description: Name of the custom metric to be created. example: logs.processed type: string value: $ref: '#/components/schemas/ObservabilityPipelineMetricValue' required: - name - include - metric_type - value type: object ObservabilityPipelineGeneratedMetricIncrementByField: description: Strategy that increments a generated metric based on the value of a log field. properties: field: description: Name of the log field containing the numeric value to increment the metric by. example: errors type: string strategy: $ref: '#/components/schemas/ObservabilityPipelineGeneratedMetricIncrementByFieldStrategy' required: - strategy - field type: object ObservabilityPipelineGeneratedMetricIncrementByFieldStrategy: description: Uses a numeric field in the log event as the metric increment. enum: - increment_by_field example: increment_by_field type: string x-enum-varnames: - INCREMENT_BY_FIELD ObservabilityPipelineGeneratedMetricIncrementByOne: description: Strategy that increments a generated metric by one for each matching event. properties: strategy: $ref: '#/components/schemas/ObservabilityPipelineGeneratedMetricIncrementByOneStrategy' required: - strategy type: object ObservabilityPipelineGeneratedMetricIncrementByOneStrategy: description: Increments the metric by 1 for each matching event. enum: - increment_by_one example: increment_by_one type: string x-enum-varnames: - INCREMENT_BY_ONE ObservabilityPipelineGeneratedMetricMetricType: description: Type of metric to create. enum: - count - gauge - distribution example: count type: string x-enum-varnames: - COUNT - GAUGE - DISTRIBUTION ObservabilityPipelineGoogleChronicleDestination: description: The `google_chronicle` destination sends logs to Google Chronicle. properties: auth: $ref: '#/components/schemas/ObservabilityPipelineGcpAuth' customer_id: description: The Google Chronicle customer ID. example: abcdefg123456789 type: string encoding: $ref: '#/components/schemas/ObservabilityPipelineGoogleChronicleDestinationEncoding' id: description: The unique identifier for this component. example: google-chronicle-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - parse-json-processor items: type: string type: array log_type: description: The log type metadata associated with the Chronicle destination. example: nginx_logs type: string type: $ref: '#/components/schemas/ObservabilityPipelineGoogleChronicleDestinationType' required: - id - type - inputs - auth - customer_id type: object ObservabilityPipelineGoogleChronicleDestinationEncoding: description: The encoding format for the logs sent to Chronicle. enum: - json - raw_message example: json type: string x-enum-varnames: - JSON - RAW_MESSAGE ObservabilityPipelineGoogleChronicleDestinationType: default: google_chronicle description: The destination type. The value should always be `google_chronicle`. enum: - google_chronicle example: google_chronicle type: string x-enum-varnames: - GOOGLE_CHRONICLE ObservabilityPipelineGoogleCloudStorageDestination: description: 'The `google_cloud_storage` destination stores logs in a Google Cloud Storage (GCS) bucket. It requires a bucket name, GCP authentication, and metadata fields. ' properties: acl: $ref: '#/components/schemas/ObservabilityPipelineGoogleCloudStorageDestinationAcl' auth: $ref: '#/components/schemas/ObservabilityPipelineGcpAuth' bucket: description: Name of the GCS bucket. example: error-logs type: string id: description: Unique identifier for the destination component. example: gcs-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - datadog-agent-source items: type: string type: array key_prefix: description: Optional prefix for object keys within the GCS bucket. type: string metadata: description: Custom metadata to attach to each object uploaded to the GCS bucket. items: $ref: '#/components/schemas/ObservabilityPipelineMetadataEntry' type: array storage_class: $ref: '#/components/schemas/ObservabilityPipelineGoogleCloudStorageDestinationStorageClass' type: $ref: '#/components/schemas/ObservabilityPipelineGoogleCloudStorageDestinationType' required: - id - type - inputs - bucket - auth - storage_class - acl type: object ObservabilityPipelineGoogleCloudStorageDestinationAcl: description: Access control list setting for objects written to the bucket. enum: - private - project-private - public-read - authenticated-read - bucket-owner-read - bucket-owner-full-control example: private type: string x-enum-varnames: - PRIVATE - PROJECTNOT_PRIVATE - PUBLICNOT_READ - AUTHENTICATEDNOT_READ - BUCKETNOT_OWNERNOT_READ - BUCKETNOT_OWNERNOT_FULLNOT_CONTROL ObservabilityPipelineGoogleCloudStorageDestinationStorageClass: description: Storage class used for objects stored in GCS. enum: - STANDARD - NEARLINE - COLDLINE - ARCHIVE example: STANDARD type: string x-enum-varnames: - STANDARD - NEARLINE - COLDLINE - ARCHIVE ObservabilityPipelineGoogleCloudStorageDestinationType: default: google_cloud_storage description: The destination type. Always `google_cloud_storage`. enum: - google_cloud_storage example: google_cloud_storage type: string x-enum-varnames: - GOOGLE_CLOUD_STORAGE ObservabilityPipelineGooglePubSubSource: description: The `google_pubsub` source ingests logs from a Google Cloud Pub/Sub subscription. properties: auth: $ref: '#/components/schemas/ObservabilityPipelineGcpAuth' decoding: $ref: '#/components/schemas/ObservabilityPipelineDecoding' id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: google-pubsub-source type: string project: description: The GCP project ID that owns the Pub/Sub subscription. example: my-gcp-project type: string subscription: description: The Pub/Sub subscription name from which messages are consumed. example: logs-subscription type: string tls: $ref: '#/components/schemas/ObservabilityPipelineTls' type: $ref: '#/components/schemas/ObservabilityPipelineGooglePubSubSourceType' required: - id - type - auth - decoding - project - subscription type: object ObservabilityPipelineGooglePubSubSourceType: default: google_pubsub description: The source type. The value should always be `google_pubsub`. enum: - google_pubsub example: google_pubsub type: string x-enum-varnames: - GOOGLE_PUBSUB ObservabilityPipelineHttpClientSource: description: The `http_client` source scrapes logs from HTTP endpoints at regular intervals. properties: auth_strategy: $ref: '#/components/schemas/ObservabilityPipelineHttpClientSourceAuthStrategy' decoding: $ref: '#/components/schemas/ObservabilityPipelineDecoding' id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: http-client-source type: string scrape_interval_secs: description: The interval (in seconds) between HTTP scrape requests. example: 60 format: int64 type: integer scrape_timeout_secs: description: The timeout (in seconds) for each scrape request. example: 10 format: int64 type: integer tls: $ref: '#/components/schemas/ObservabilityPipelineTls' type: $ref: '#/components/schemas/ObservabilityPipelineHttpClientSourceType' required: - id - type - decoding type: object ObservabilityPipelineHttpClientSourceAuthStrategy: description: Optional authentication strategy for HTTP requests. enum: - basic - bearer example: basic type: string x-enum-varnames: - BASIC - BEARER ObservabilityPipelineHttpClientSourceType: default: http_client description: The source type. The value should always be `http_client`. enum: - http_client example: http_client type: string x-enum-varnames: - HTTP_CLIENT ObservabilityPipelineHttpServerSource: description: The `http_server` source collects logs over HTTP POST from external services. properties: auth_strategy: $ref: '#/components/schemas/ObservabilityPipelineHttpServerSourceAuthStrategy' decoding: $ref: '#/components/schemas/ObservabilityPipelineDecoding' id: description: Unique ID for the HTTP server source. example: http-server-source type: string tls: $ref: '#/components/schemas/ObservabilityPipelineTls' type: $ref: '#/components/schemas/ObservabilityPipelineHttpServerSourceType' required: - id - type - auth_strategy - decoding type: object ObservabilityPipelineHttpServerSourceAuthStrategy: description: HTTP authentication method. enum: - none - plain example: plain type: string x-enum-varnames: - NONE - PLAIN ObservabilityPipelineHttpServerSourceType: default: http_server description: The source type. The value should always be `http_server`. enum: - http_server example: http_server type: string x-enum-varnames: - HTTP_SERVER ObservabilityPipelineKafkaSource: description: The `kafka` source ingests data from Apache Kafka topics. properties: group_id: description: Consumer group ID used by the Kafka client. example: consumer-group-0 type: string id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: kafka-source type: string librdkafka_options: description: Optional list of advanced Kafka client configuration options, defined as key-value pairs. items: $ref: '#/components/schemas/ObservabilityPipelineKafkaSourceLibrdkafkaOption' type: array sasl: $ref: '#/components/schemas/ObservabilityPipelineKafkaSourceSasl' tls: $ref: '#/components/schemas/ObservabilityPipelineTls' topics: description: A list of Kafka topic names to subscribe to. The source ingests messages from each topic specified. example: - topic1 - topic2 items: type: string type: array type: $ref: '#/components/schemas/ObservabilityPipelineKafkaSourceType' required: - id - type - group_id - topics type: object ObservabilityPipelineKafkaSourceLibrdkafkaOption: description: Represents a key-value pair used to configure low-level `librdkafka` client options for Kafka sources, such as timeouts, buffer sizes, and security settings. properties: name: description: The name of the `librdkafka` configuration option to set. example: fetch.message.max.bytes type: string value: description: The value assigned to the specified `librdkafka` configuration option. example: '1048576' type: string required: - name - value type: object ObservabilityPipelineKafkaSourceSasl: description: Specifies the SASL mechanism for authenticating with a Kafka cluster. properties: mechanism: $ref: '#/components/schemas/ObservabilityPipelinePipelineKafkaSourceSaslMechanism' type: object ObservabilityPipelineKafkaSourceType: default: kafka description: The source type. The value should always be `kafka`. enum: - kafka example: kafka type: string x-enum-varnames: - KAFKA ObservabilityPipelineLogstashSource: description: The `logstash` source ingests logs from a Logstash forwarder. properties: id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: logstash-source type: string tls: $ref: '#/components/schemas/ObservabilityPipelineTls' type: $ref: '#/components/schemas/ObservabilityPipelineLogstashSourceType' required: - id - type type: object ObservabilityPipelineLogstashSourceType: default: logstash description: The source type. The value should always be `logstash`. enum: - logstash example: logstash type: string x-enum-varnames: - LOGSTASH ObservabilityPipelineMetadataEntry: description: A custom metadata entry. properties: name: description: The metadata key. example: environment type: string value: description: The metadata value. example: production type: string required: - name - value type: object ObservabilityPipelineMetricValue: description: Specifies how the value of the generated metric is computed. oneOf: - $ref: '#/components/schemas/ObservabilityPipelineGeneratedMetricIncrementByOne' - $ref: '#/components/schemas/ObservabilityPipelineGeneratedMetricIncrementByField' ObservabilityPipelineNewRelicDestination: description: The `new_relic` destination sends logs to the New Relic platform. properties: id: description: The unique identifier for this component. example: new-relic-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - parse-json-processor items: type: string type: array region: $ref: '#/components/schemas/ObservabilityPipelineNewRelicDestinationRegion' type: $ref: '#/components/schemas/ObservabilityPipelineNewRelicDestinationType' required: - id - type - inputs - region type: object ObservabilityPipelineNewRelicDestinationRegion: description: The New Relic region. enum: - us - eu example: us type: string x-enum-varnames: - US - EU ObservabilityPipelineNewRelicDestinationType: default: new_relic description: The destination type. The value should always be `new_relic`. enum: - new_relic example: new_relic type: string x-enum-varnames: - NEW_RELIC ObservabilityPipelineOcsfMapperProcessor: description: The `ocsf_mapper` processor transforms logs into the OCSF schema using a predefined mapping configuration. properties: id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline. example: ocsf-mapper-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: service:my-service type: string inputs: description: A list of component IDs whose output is used as the `input` for this processor. example: - filter-processor items: type: string type: array mappings: description: A list of mapping rules to convert events to the OCSF format. items: $ref: '#/components/schemas/ObservabilityPipelineOcsfMapperProcessorMapping' type: array type: $ref: '#/components/schemas/ObservabilityPipelineOcsfMapperProcessorType' required: - id - type - include - inputs - mappings type: object ObservabilityPipelineOcsfMapperProcessorMapping: description: Defines how specific events are transformed to OCSF using a mapping configuration. properties: include: description: A Datadog search query used to select the logs that this mapping should apply to. example: service:my-service type: string mapping: $ref: '#/components/schemas/ObservabilityPipelineOcsfMapperProcessorMappingMapping' required: - include - mapping type: object ObservabilityPipelineOcsfMapperProcessorMappingMapping: description: Defines a single mapping rule for transforming logs into the OCSF schema. oneOf: - $ref: '#/components/schemas/ObservabilityPipelineOcsfMappingLibrary' ObservabilityPipelineOcsfMapperProcessorType: default: ocsf_mapper description: The processor type. The value should always be `ocsf_mapper`. enum: - ocsf_mapper example: ocsf_mapper type: string x-enum-varnames: - OCSF_MAPPER ObservabilityPipelineOcsfMappingLibrary: description: Predefined library mappings for common log formats. enum: - CloudTrail Account Change - GCP Cloud Audit CreateBucket - GCP Cloud Audit CreateSink - GCP Cloud Audit SetIamPolicy - GCP Cloud Audit UpdateSink - Github Audit Log API Activity - Google Workspace Admin Audit addPrivilege - Microsoft 365 Defender Incident - Microsoft 365 Defender UserLoggedIn - Okta System Log Authentication - Palo Alto Networks Firewall Traffic example: CloudTrail Account Change type: string x-enum-varnames: - CLOUDTRAIL_ACCOUNT_CHANGE - GCP_CLOUD_AUDIT_CREATEBUCKET - GCP_CLOUD_AUDIT_CREATESINK - GCP_CLOUD_AUDIT_SETIAMPOLICY - GCP_CLOUD_AUDIT_UPDATESINK - GITHUB_AUDIT_LOG_API_ACTIVITY - GOOGLE_WORKSPACE_ADMIN_AUDIT_ADDPRIVILEGE - MICROSOFT_365_DEFENDER_INCIDENT - MICROSOFT_365_DEFENDER_USERLOGGEDIN - OKTA_SYSTEM_LOG_AUTHENTICATION - PALO_ALTO_NETWORKS_FIREWALL_TRAFFIC ObservabilityPipelineOpenSearchDestination: description: The `opensearch` destination writes logs to an OpenSearch cluster. properties: bulk_index: description: The index to write logs to. example: logs-index type: string id: description: The unique identifier for this component. example: opensearch-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - filter-processor items: type: string type: array type: $ref: '#/components/schemas/ObservabilityPipelineOpenSearchDestinationType' required: - id - type - inputs type: object ObservabilityPipelineOpenSearchDestinationType: default: opensearch description: The destination type. The value should always be `opensearch`. enum: - opensearch example: opensearch type: string x-enum-varnames: - OPENSEARCH ObservabilityPipelineParseGrokProcessor: description: The `parse_grok` processor extracts structured fields from unstructured log messages using Grok patterns. properties: disable_library_rules: default: false description: If set to `true`, disables the default Grok rules provided by Datadog. example: true type: boolean id: description: A unique identifier for this processor. example: parse-grok-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: service:my-service type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - datadog-agent-source items: type: string type: array rules: description: The list of Grok parsing rules. If multiple matching rules are provided, they are evaluated in order. The first successful match is applied. items: $ref: '#/components/schemas/ObservabilityPipelineParseGrokProcessorRule' type: array type: $ref: '#/components/schemas/ObservabilityPipelineParseGrokProcessorType' required: - id - type - include - inputs - rules type: object ObservabilityPipelineParseGrokProcessorRule: description: 'A Grok parsing rule used in the `parse_grok` processor. Each rule defines how to extract structured fields from a specific log field using Grok patterns. ' properties: match_rules: description: 'A list of Grok parsing rules that define how to extract fields from the source field. Each rule must contain a name and a valid Grok pattern. ' example: - name: MyParsingRule rule: '%{word:user} connected on %{date("MM/dd/yyyy"):date}' items: $ref: '#/components/schemas/ObservabilityPipelineParseGrokProcessorRuleMatchRule' type: array source: description: The name of the field in the log event to apply the Grok rules to. example: message type: string support_rules: description: 'A list of Grok helper rules that can be referenced by the parsing rules. ' example: - name: user rule: '%{word:user.name}' items: $ref: '#/components/schemas/ObservabilityPipelineParseGrokProcessorRuleSupportRule' type: array required: - source - match_rules - support_rules type: object ObservabilityPipelineParseGrokProcessorRuleMatchRule: description: 'Defines a Grok parsing rule, which extracts structured fields from log content using named Grok patterns. Each rule must have a unique name and a valid Datadog Grok pattern that will be applied to the source field. ' properties: name: description: The name of the rule. example: MyParsingRule type: string rule: description: The definition of the Grok rule. example: '%{word:user} connected on %{date("MM/dd/yyyy"):date}' type: string required: - name - rule type: object ObservabilityPipelineParseGrokProcessorRuleSupportRule: description: The Grok helper rule referenced in the parsing rules. properties: name: description: The name of the Grok helper rule. example: user type: string rule: description: The definition of the Grok helper rule. example: ' %{word:user.name}' type: string required: - name - rule type: object ObservabilityPipelineParseGrokProcessorType: default: parse_grok description: The processor type. The value should always be `parse_grok`. enum: - parse_grok example: parse_grok type: string x-enum-varnames: - PARSE_GROK ObservabilityPipelineParseJSONProcessor: description: The `parse_json` processor extracts JSON from a specified field and flattens it into the event. This is useful when logs contain embedded JSON as a string. properties: field: description: The name of the log field that contains a JSON string. example: message type: string id: description: A unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: parse-json-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: service:my-service type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - datadog-agent-source items: type: string type: array type: $ref: '#/components/schemas/ObservabilityPipelineParseJSONProcessorType' required: - id - type - include - field - inputs type: object ObservabilityPipelineParseJSONProcessorType: default: parse_json description: The processor type. The value should always be `parse_json`. enum: - parse_json example: parse_json type: string x-enum-varnames: - PARSE_JSON ObservabilityPipelinePipelineKafkaSourceSaslMechanism: description: SASL mechanism used for Kafka authentication. enum: - PLAIN - SCRAM-SHA-256 - SCRAM-SHA-512 type: string x-enum-varnames: - PLAIN - SCRAMNOT_SHANOT_256 - SCRAMNOT_SHANOT_512 ObservabilityPipelineQuotaProcessor: description: The Quota Processor measures logging traffic for logs that match a specified filter. When the configured daily quota is met, the processor can drop or alert. properties: drop_events: description: If set to `true`, logs that matched the quota filter and sent after the quota has been met are dropped; only logs that did not match the filter query continue through the pipeline. example: false type: boolean id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (for example, as the `input` to downstream components). example: quota-processor type: string ignore_when_missing_partitions: description: If `true`, the processor skips quota checks when partition fields are missing from the logs. type: boolean include: description: A Datadog search query used to determine which logs this processor targets. example: service:my-service type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - datadog-agent-source items: type: string type: array limit: $ref: '#/components/schemas/ObservabilityPipelineQuotaProcessorLimit' name: description: Name of the quota. example: MyQuota type: string overflow_action: $ref: '#/components/schemas/ObservabilityPipelineQuotaProcessorOverflowAction' overrides: description: A list of alternate quota rules that apply to specific sets of events, identified by matching field values. Each override can define a custom limit. items: $ref: '#/components/schemas/ObservabilityPipelineQuotaProcessorOverride' type: array partition_fields: description: A list of fields used to segment log traffic for quota enforcement. Quotas are tracked independently by unique combinations of these field values. items: type: string type: array type: $ref: '#/components/schemas/ObservabilityPipelineQuotaProcessorType' required: - id - type - include - name - drop_events - limit - inputs type: object ObservabilityPipelineQuotaProcessorLimit: description: The maximum amount of data or number of events allowed before the quota is enforced. Can be specified in bytes or events. properties: enforce: $ref: '#/components/schemas/ObservabilityPipelineQuotaProcessorLimitEnforceType' limit: description: The limit for quota enforcement. example: 1000 format: int64 type: integer required: - enforce - limit type: object ObservabilityPipelineQuotaProcessorLimitEnforceType: description: Unit for quota enforcement in bytes for data size or events for count. enum: - bytes - events example: bytes type: string x-enum-varnames: - BYTES - EVENTS ObservabilityPipelineQuotaProcessorOverflowAction: description: 'The action to take when the quota is exceeded. Options: - `drop`: Drop the event. - `no_action`: Let the event pass through. - `overflow_routing`: Route to an overflow destination. ' enum: - drop - no_action - overflow_routing example: drop type: string x-enum-varnames: - DROP - NO_ACTION - OVERFLOW_ROUTING ObservabilityPipelineQuotaProcessorOverride: description: Defines a custom quota limit that applies to specific log events based on matching field values. properties: fields: description: A list of field matchers used to apply a specific override. If an event matches all listed key-value pairs, the corresponding override limit is enforced. items: $ref: '#/components/schemas/ObservabilityPipelineFieldValue' type: array limit: $ref: '#/components/schemas/ObservabilityPipelineQuotaProcessorLimit' required: - fields - limit type: object ObservabilityPipelineQuotaProcessorType: default: quota description: The processor type. The value should always be `quota`. enum: - quota example: quota type: string x-enum-varnames: - QUOTA ObservabilityPipelineReduceProcessor: description: The `reduce` processor aggregates and merges logs based on matching keys and merge strategies. properties: group_by: description: A list of fields used to group log events for merging. example: - log.user.id - log.device.id items: type: string type: array id: description: The unique identifier for this processor. example: reduce-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: env:prod type: string inputs: description: A list of component IDs whose output is used as the input for this processor. example: - parse-json-processor items: type: string type: array merge_strategies: description: List of merge strategies defining how values from grouped events should be combined. items: $ref: '#/components/schemas/ObservabilityPipelineReduceProcessorMergeStrategy' type: array type: $ref: '#/components/schemas/ObservabilityPipelineReduceProcessorType' required: - id - type - include - inputs - group_by - merge_strategies type: object ObservabilityPipelineReduceProcessorMergeStrategy: description: Defines how a specific field should be merged across grouped events. properties: path: description: The field path in the log event. example: log.user.roles type: string strategy: $ref: '#/components/schemas/ObservabilityPipelineReduceProcessorMergeStrategyStrategy' required: - path - strategy type: object ObservabilityPipelineReduceProcessorMergeStrategyStrategy: description: The merge strategy to apply. enum: - discard - retain - sum - max - min - array - concat - concat_newline - concat_raw - shortest_array - longest_array - flat_unique example: flat_unique type: string x-enum-varnames: - DISCARD - RETAIN - SUM - MAX - MIN - ARRAY - CONCAT - CONCAT_NEWLINE - CONCAT_RAW - SHORTEST_ARRAY - LONGEST_ARRAY - FLAT_UNIQUE ObservabilityPipelineReduceProcessorType: default: reduce description: The processor type. The value should always be `reduce`. enum: - reduce example: reduce type: string x-enum-varnames: - REDUCE ObservabilityPipelineRemoveFieldsProcessor: description: The `remove_fields` processor deletes specified fields from logs. properties: fields: description: A list of field names to be removed from each log event. example: - field1 - field2 items: type: string type: array id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: remove-fields-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: service:my-service type: string inputs: description: The `PipelineRemoveFieldsProcessor` `inputs`. example: - datadog-agent-source items: type: string type: array type: $ref: '#/components/schemas/ObservabilityPipelineRemoveFieldsProcessorType' required: - id - type - include - fields - inputs type: object ObservabilityPipelineRemoveFieldsProcessorType: default: remove_fields description: The processor type. The value should always be `remove_fields`. enum: - remove_fields example: remove_fields type: string x-enum-varnames: - REMOVE_FIELDS ObservabilityPipelineRenameFieldsProcessor: description: The `rename_fields` processor changes field names. properties: fields: description: A list of rename rules specifying which fields to rename in the event, what to rename them to, and whether to preserve the original fields. items: $ref: '#/components/schemas/ObservabilityPipelineRenameFieldsProcessorField' type: array id: description: A unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: rename-fields-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: service:my-service type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - datadog-agent-source items: type: string type: array type: $ref: '#/components/schemas/ObservabilityPipelineRenameFieldsProcessorType' required: - id - type - include - fields - inputs type: object ObservabilityPipelineRenameFieldsProcessorField: description: Defines how to rename a field in log events. properties: destination: description: The field name to assign the renamed value to. example: destination_field type: string preserve_source: description: Indicates whether the original field, that is received from the source, should be kept (`true`) or removed (`false`) after renaming. example: false type: boolean source: description: The original field name in the log event that should be renamed. example: source_field type: string required: - source - destination - preserve_source type: object ObservabilityPipelineRenameFieldsProcessorType: default: rename_fields description: The processor type. The value should always be `rename_fields`. enum: - rename_fields example: rename_fields type: string x-enum-varnames: - RENAME_FIELDS ObservabilityPipelineRsyslogDestination: description: The `rsyslog` destination forwards logs to an external `rsyslog` server over TCP or UDP using the syslog protocol. properties: id: description: The unique identifier for this component. example: rsyslog-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - filter-processor items: type: string type: array keepalive: description: Optional socket keepalive duration in milliseconds. example: 60000 format: int64 minimum: 0 type: integer tls: $ref: '#/components/schemas/ObservabilityPipelineTls' type: $ref: '#/components/schemas/ObservabilityPipelineRsyslogDestinationType' required: - id - type - inputs type: object ObservabilityPipelineRsyslogDestinationType: default: rsyslog description: The destination type. The value should always be `rsyslog`. enum: - rsyslog example: rsyslog type: string x-enum-varnames: - RSYSLOG ObservabilityPipelineRsyslogSource: description: The `rsyslog` source listens for logs over TCP or UDP from an `rsyslog` server using the syslog protocol. properties: id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: rsyslog-source type: string mode: $ref: '#/components/schemas/ObservabilityPipelineSyslogSourceMode' tls: $ref: '#/components/schemas/ObservabilityPipelineTls' type: $ref: '#/components/schemas/ObservabilityPipelineRsyslogSourceType' required: - id - type - mode type: object ObservabilityPipelineRsyslogSourceType: default: rsyslog description: The source type. The value should always be `rsyslog`. enum: - rsyslog example: rsyslog type: string x-enum-varnames: - RSYSLOG ObservabilityPipelineSampleProcessor: description: The `sample` processor allows probabilistic sampling of logs at a fixed rate. properties: id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (for example, as the `input` to downstream components). example: sample-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: service:my-service type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - datadog-agent-source items: type: string type: array percentage: description: The percentage of logs to sample. example: 10.0 format: double type: number rate: description: Number of events to sample (1 in N). example: 10 format: int64 minimum: 1 type: integer type: $ref: '#/components/schemas/ObservabilityPipelineSampleProcessorType' required: - id - type - include - inputs type: object ObservabilityPipelineSampleProcessorType: default: sample description: The processor type. The value should always be `sample`. enum: - sample example: sample type: string x-enum-varnames: - SAMPLE ObservabilityPipelineSensitiveDataScannerProcessor: description: The `sensitive_data_scanner` processor detects and optionally redacts sensitive data in log events. properties: id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: sensitive-scanner type: string include: description: A Datadog search query used to determine which logs this processor targets. example: source:prod type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - parse-json-processor items: type: string type: array rules: description: A list of rules for identifying and acting on sensitive data patterns. items: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorRule' type: array type: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorType' required: - id - type - include - inputs - rules type: object ObservabilityPipelineSensitiveDataScannerProcessorAction: description: Defines what action to take when sensitive data is matched. oneOf: - $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorActionRedact' - $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorActionHash' - $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorActionPartialRedact' ObservabilityPipelineSensitiveDataScannerProcessorActionHash: description: Configuration for hashing matched sensitive values. properties: action: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorActionHashAction' options: description: The `ObservabilityPipelineSensitiveDataScannerProcessorActionHash` `options`. type: object required: - action type: object ObservabilityPipelineSensitiveDataScannerProcessorActionHashAction: description: Action type that replaces the matched sensitive data with a hashed representation, preserving structure while securing content. enum: - hash example: hash type: string x-enum-varnames: - HASH ObservabilityPipelineSensitiveDataScannerProcessorActionPartialRedact: description: Configuration for partially redacting matched sensitive data. properties: action: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorActionPartialRedactAction' options: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorActionPartialRedactOptions' required: - action - options type: object ObservabilityPipelineSensitiveDataScannerProcessorActionPartialRedactAction: description: Action type that redacts part of the sensitive data while preserving a configurable number of characters, typically used for masking purposes (e.g., show last 4 digits of a credit card). enum: - partial_redact example: partial_redact type: string x-enum-varnames: - PARTIAL_REDACT ObservabilityPipelineSensitiveDataScannerProcessorActionPartialRedactOptions: description: Controls how partial redaction is applied, including character count and direction. properties: characters: description: The `ObservabilityPipelineSensitiveDataScannerProcessorActionPartialRedactOptions` `characters`. example: 4 format: int64 type: integer direction: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorActionPartialRedactOptionsDirection' required: - characters - direction type: object ObservabilityPipelineSensitiveDataScannerProcessorActionPartialRedactOptionsDirection: description: Indicates whether to redact characters from the first or last part of the matched value. enum: - first - last example: last type: string x-enum-varnames: - FIRST - LAST ObservabilityPipelineSensitiveDataScannerProcessorActionRedact: description: Configuration for completely redacting matched sensitive data. properties: action: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorActionRedactAction' options: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorActionRedactOptions' required: - action - options type: object ObservabilityPipelineSensitiveDataScannerProcessorActionRedactAction: description: Action type that completely replaces the matched sensitive data with a fixed replacement string to remove all visibility. enum: - redact example: redact type: string x-enum-varnames: - REDACT ObservabilityPipelineSensitiveDataScannerProcessorActionRedactOptions: description: Configuration for fully redacting sensitive data. properties: replace: description: The `ObservabilityPipelineSensitiveDataScannerProcessorActionRedactOptions` `replace`. example: '***' type: string required: - replace type: object ObservabilityPipelineSensitiveDataScannerProcessorCustomPattern: description: Defines a custom regex-based pattern for identifying sensitive data in logs. properties: options: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorCustomPatternOptions' type: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorCustomPatternType' required: - type - options type: object ObservabilityPipelineSensitiveDataScannerProcessorCustomPatternOptions: description: Options for defining a custom regex pattern. properties: rule: description: A regular expression used to detect sensitive values. Must be a valid regex. example: \b\d{16}\b type: string required: - rule type: object ObservabilityPipelineSensitiveDataScannerProcessorCustomPatternType: description: Indicates a custom regular expression is used for matching. enum: - custom example: custom type: string x-enum-varnames: - CUSTOM ObservabilityPipelineSensitiveDataScannerProcessorKeywordOptions: description: Configuration for keywords used to reinforce sensitive data pattern detection. properties: keywords: description: A list of keywords to match near the sensitive pattern. example: - ssn - card - account items: type: string type: array proximity: description: Maximum number of tokens between a keyword and a sensitive value match. example: 5 format: int64 type: integer required: - keywords - proximity type: object ObservabilityPipelineSensitiveDataScannerProcessorLibraryPattern: description: "Specifies a pattern from Datadog\u2019s sensitive data detection library to match known sensitive data types." properties: options: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorLibraryPatternOptions' type: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorLibraryPatternType' required: - type - options type: object ObservabilityPipelineSensitiveDataScannerProcessorLibraryPatternOptions: description: Options for selecting a predefined library pattern and enabling keyword support. properties: id: description: Identifier for a predefined pattern from the sensitive data scanner pattern library. example: credit_card type: string use_recommended_keywords: description: Whether to augment the pattern with recommended keywords (optional). type: boolean required: - id type: object ObservabilityPipelineSensitiveDataScannerProcessorLibraryPatternType: description: Indicates that a predefined library pattern is used. enum: - library example: library type: string x-enum-varnames: - LIBRARY ObservabilityPipelineSensitiveDataScannerProcessorPattern: description: Pattern detection configuration for identifying sensitive data using either a custom regex or a library reference. oneOf: - $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorCustomPattern' - $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorLibraryPattern' ObservabilityPipelineSensitiveDataScannerProcessorRule: description: Defines a rule for detecting sensitive data, including matching pattern, scope, and the action to take. properties: keyword_options: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorKeywordOptions' name: description: A name identifying the rule. example: Redact Credit Card Numbers type: string on_match: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorAction' pattern: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorPattern' scope: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorScope' tags: description: Tags assigned to this rule for filtering and classification. example: - pii - ccn items: type: string type: array required: - name - tags - pattern - scope - on_match type: object ObservabilityPipelineSensitiveDataScannerProcessorScope: description: Determines which parts of the log the pattern-matching rule should be applied to. oneOf: - $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorScopeInclude' - $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorScopeExclude' - $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorScopeAll' ObservabilityPipelineSensitiveDataScannerProcessorScopeAll: description: Applies scanning across all available fields. properties: target: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorScopeAllTarget' required: - target type: object ObservabilityPipelineSensitiveDataScannerProcessorScopeAllTarget: description: Applies the rule to all fields. enum: - all example: all type: string x-enum-varnames: - ALL ObservabilityPipelineSensitiveDataScannerProcessorScopeExclude: description: Excludes specific fields from sensitive data scanning. properties: options: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorScopeOptions' target: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorScopeExcludeTarget' required: - target - options type: object ObservabilityPipelineSensitiveDataScannerProcessorScopeExcludeTarget: description: Excludes specific fields from processing. enum: - exclude example: exclude type: string x-enum-varnames: - EXCLUDE ObservabilityPipelineSensitiveDataScannerProcessorScopeInclude: description: Includes only specific fields for sensitive data scanning. properties: options: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorScopeOptions' target: $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessorScopeIncludeTarget' required: - target - options type: object ObservabilityPipelineSensitiveDataScannerProcessorScopeIncludeTarget: description: Applies the rule only to included fields. enum: - include example: include type: string x-enum-varnames: - INCLUDE ObservabilityPipelineSensitiveDataScannerProcessorScopeOptions: description: Fields to which the scope rule applies. properties: fields: description: The `ObservabilityPipelineSensitiveDataScannerProcessorScopeOptions` `fields`. example: - '' items: type: string type: array required: - fields type: object ObservabilityPipelineSensitiveDataScannerProcessorType: default: sensitive_data_scanner description: The processor type. The value should always be `sensitive_data_scanner`. enum: - sensitive_data_scanner example: sensitive_data_scanner type: string x-enum-varnames: - SENSITIVE_DATA_SCANNER ObservabilityPipelineSentinelOneDestination: description: The `sentinel_one` destination sends logs to SentinelOne. properties: id: description: The unique identifier for this component. example: sentinelone-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - filter-processor items: type: string type: array region: $ref: '#/components/schemas/ObservabilityPipelineSentinelOneDestinationRegion' type: $ref: '#/components/schemas/ObservabilityPipelineSentinelOneDestinationType' required: - id - type - inputs - region type: object ObservabilityPipelineSentinelOneDestinationRegion: description: The SentinelOne region to send logs to. enum: - us - eu - ca - data_set_us example: us type: string x-enum-varnames: - US - EU - CA - DATA_SET_US ObservabilityPipelineSentinelOneDestinationType: default: sentinel_one description: The destination type. The value should always be `sentinel_one`. enum: - sentinel_one example: sentinel_one type: string x-enum-varnames: - SENTINEL_ONE ObservabilityPipelineSpec: description: Input schema representing an observability pipeline configuration. Used in create and validate requests. properties: data: $ref: '#/components/schemas/ObservabilityPipelineSpecData' required: - data type: object ObservabilityPipelineSpecData: description: Contains the the pipeline configuration. properties: attributes: $ref: '#/components/schemas/ObservabilityPipelineDataAttributes' type: default: pipelines description: The resource type identifier. For pipeline resources, this should always be set to `pipelines`. example: pipelines type: string required: - type - attributes type: object ObservabilityPipelineSplunkHecDestination: description: 'The `splunk_hec` destination forwards logs to Splunk using the HTTP Event Collector (HEC). ' properties: auto_extract_timestamp: description: 'If `true`, Splunk tries to extract timestamps from incoming log events. If `false`, Splunk assigns the time the event was received. ' example: true type: boolean encoding: $ref: '#/components/schemas/ObservabilityPipelineSplunkHecDestinationEncoding' id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: splunk-hec-destination type: string index: description: Optional name of the Splunk index where logs are written. example: main type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - filter-processor items: type: string type: array sourcetype: description: The Splunk sourcetype to assign to log events. example: custom_sourcetype type: string type: $ref: '#/components/schemas/ObservabilityPipelineSplunkHecDestinationType' required: - id - type - inputs type: object ObservabilityPipelineSplunkHecDestinationEncoding: description: Encoding format for log events. enum: - json - raw_message example: json type: string x-enum-varnames: - JSON - RAW_MESSAGE ObservabilityPipelineSplunkHecDestinationType: default: splunk_hec description: The destination type. Always `splunk_hec`. enum: - splunk_hec example: splunk_hec type: string x-enum-varnames: - SPLUNK_HEC ObservabilityPipelineSplunkHecSource: description: 'The `splunk_hec` source implements the Splunk HTTP Event Collector (HEC) API. ' properties: id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: splunk-hec-source type: string tls: $ref: '#/components/schemas/ObservabilityPipelineTls' type: $ref: '#/components/schemas/ObservabilityPipelineSplunkHecSourceType' required: - id - type type: object ObservabilityPipelineSplunkHecSourceType: default: splunk_hec description: The source type. Always `splunk_hec`. enum: - splunk_hec example: splunk_hec type: string x-enum-varnames: - SPLUNK_HEC ObservabilityPipelineSplunkTcpSource: description: 'The `splunk_tcp` source receives logs from a Splunk Universal Forwarder over TCP. TLS is supported for secure transmission. ' properties: id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: splunk-tcp-source type: string tls: $ref: '#/components/schemas/ObservabilityPipelineTls' type: $ref: '#/components/schemas/ObservabilityPipelineSplunkTcpSourceType' required: - id - type type: object ObservabilityPipelineSplunkTcpSourceType: default: splunk_tcp description: The source type. Always `splunk_tcp`. enum: - splunk_tcp example: splunk_tcp type: string x-enum-varnames: - SPLUNK_TCP ObservabilityPipelineSumoLogicDestination: description: The `sumo_logic` destination forwards logs to Sumo Logic. properties: encoding: $ref: '#/components/schemas/ObservabilityPipelineSumoLogicDestinationEncoding' header_custom_fields: description: A list of custom headers to include in the request to Sumo Logic. items: $ref: '#/components/schemas/ObservabilityPipelineSumoLogicDestinationHeaderCustomFieldsItem' type: array header_host_name: description: Optional override for the host name header. example: host-123 type: string header_source_category: description: Optional override for the source category header. example: source-category type: string header_source_name: description: Optional override for the source name header. example: source-name type: string id: description: The unique identifier for this component. example: sumo-logic-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - filter-processor items: type: string type: array type: $ref: '#/components/schemas/ObservabilityPipelineSumoLogicDestinationType' required: - id - type - inputs type: object ObservabilityPipelineSumoLogicDestinationEncoding: description: The output encoding format. enum: - json - raw_message - logfmt example: json type: string x-enum-varnames: - JSON - RAW_MESSAGE - LOGFMT ObservabilityPipelineSumoLogicDestinationHeaderCustomFieldsItem: description: Single key-value pair used as a custom log header for Sumo Logic. properties: name: description: The header field name. example: X-Sumo-Category type: string value: description: The header field value. example: my-app-logs type: string required: - name - value type: object ObservabilityPipelineSumoLogicDestinationType: default: sumo_logic description: The destination type. The value should always be `sumo_logic`. enum: - sumo_logic example: sumo_logic type: string x-enum-varnames: - SUMO_LOGIC ObservabilityPipelineSumoLogicSource: description: The `sumo_logic` source receives logs from Sumo Logic collectors. properties: id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: sumo-logic-source type: string type: $ref: '#/components/schemas/ObservabilityPipelineSumoLogicSourceType' required: - id - type type: object ObservabilityPipelineSumoLogicSourceType: default: sumo_logic description: The source type. The value should always be `sumo_logic`. enum: - sumo_logic example: sumo_logic type: string x-enum-varnames: - SUMO_LOGIC ObservabilityPipelineSyslogNgDestination: description: The `syslog_ng` destination forwards logs to an external `syslog-ng` server over TCP or UDP using the syslog protocol. properties: id: description: The unique identifier for this component. example: syslog-ng-destination type: string inputs: description: A list of component IDs whose output is used as the `input` for this component. example: - filter-processor items: type: string type: array keepalive: description: Optional socket keepalive duration in milliseconds. example: 60000 format: int64 minimum: 0 type: integer tls: $ref: '#/components/schemas/ObservabilityPipelineTls' type: $ref: '#/components/schemas/ObservabilityPipelineSyslogNgDestinationType' required: - id - type - inputs type: object ObservabilityPipelineSyslogNgDestinationType: default: syslog_ng description: The destination type. The value should always be `syslog_ng`. enum: - syslog_ng example: syslog_ng type: string x-enum-varnames: - SYSLOG_NG ObservabilityPipelineSyslogNgSource: description: The `syslog_ng` source listens for logs over TCP or UDP from a `syslog-ng` server using the syslog protocol. properties: id: description: The unique identifier for this component. Used to reference this component in other parts of the pipeline (e.g., as input to downstream components). example: syslog-ng-source type: string mode: $ref: '#/components/schemas/ObservabilityPipelineSyslogSourceMode' tls: $ref: '#/components/schemas/ObservabilityPipelineTls' type: $ref: '#/components/schemas/ObservabilityPipelineSyslogNgSourceType' required: - id - type - mode type: object ObservabilityPipelineSyslogNgSourceType: default: syslog_ng description: The source type. The value should always be `syslog_ng`. enum: - syslog_ng example: syslog_ng type: string x-enum-varnames: - SYSLOG_NG ObservabilityPipelineSyslogSourceMode: description: Protocol used by the syslog source to receive messages. enum: - tcp - udp example: tcp type: string x-enum-varnames: - TCP - UDP ObservabilityPipelineThrottleProcessor: description: The `throttle` processor limits the number of events that pass through over a given time window. properties: group_by: description: Optional list of fields used to group events before the threshold has been reached. example: - log.user.id items: type: string type: array id: description: The unique identifier for this processor. example: throttle-processor type: string include: description: A Datadog search query used to determine which logs this processor targets. example: env:prod type: string inputs: description: A list of component IDs whose output is used as the input for this processor. example: - datadog-agent-source items: type: string type: array threshold: description: the number of events allowed in a given time window. Events sent after the threshold has been reached, are dropped. example: 1000 format: int64 type: integer type: $ref: '#/components/schemas/ObservabilityPipelineThrottleProcessorType' window: description: The time window in seconds over which the threshold applies. example: 60.0 format: double type: number required: - id - type - include - inputs - threshold - window type: object ObservabilityPipelineThrottleProcessorType: default: throttle description: The processor type. The value should always be `throttle`. enum: - throttle example: throttle type: string x-enum-varnames: - THROTTLE ObservabilityPipelineTls: description: Configuration for enabling TLS encryption between the pipeline component and external services. properties: ca_file: description: "Path to the Certificate Authority (CA) file used to validate the server\u2019s TLS certificate." type: string crt_file: description: Path to the TLS client certificate file used to authenticate the pipeline component with upstream or downstream services. example: /path/to/cert.crt type: string key_file: description: Path to the private key file associated with the TLS client certificate. Used for mutual TLS authentication. type: string required: - crt_file type: object OktaAccount: description: Schema for an Okta account. properties: attributes: $ref: '#/components/schemas/OktaAccountAttributes' id: description: The ID of the Okta account, a UUID hash of the account name. example: f749daaf-682e-4208-a38d-c9b43162c609 type: string type: $ref: '#/components/schemas/OktaAccountType' required: - attributes - type type: object OktaAccountAttributes: description: Attributes object for an Okta account. properties: api_key: description: The API key of the Okta account. type: string writeOnly: true auth_method: description: The authorization method for an Okta account. example: oauth type: string client_id: description: The Client ID of an Okta app integration. type: string client_secret: description: The client secret of an Okta app integration. type: string writeOnly: true domain: description: The domain of the Okta account. example: https://example.okta.com/ type: string name: description: The name of the Okta account. example: Okta-Prod type: string required: - auth_method - domain - name type: object OktaAccountRequest: description: Request object for an Okta account. properties: data: $ref: '#/components/schemas/OktaAccount' required: - data type: object OktaAccountResponse: description: Response object for an Okta account. properties: data: $ref: '#/components/schemas/OktaAccount' type: object OktaAccountResponseData: description: Data object of an Okta account properties: attributes: $ref: '#/components/schemas/OktaAccountAttributes' id: description: The ID of the Okta account, a UUID hash of the account name. example: f749daaf-682e-4208-a38d-c9b43162c609 type: string type: $ref: '#/components/schemas/OktaAccountType' required: - attributes - id - type type: object OktaAccountType: default: okta-accounts description: Account type for an Okta account. enum: - okta-accounts example: okta-accounts type: string x-enum-varnames: - OKTA_ACCOUNTS OktaAccountUpdateRequest: description: Payload schema when updating an Okta account. properties: data: $ref: '#/components/schemas/OktaAccountUpdateRequestData' required: - data type: object OktaAccountUpdateRequestAttributes: description: Attributes object for updating an Okta account. properties: api_key: description: The API key of the Okta account. type: string writeOnly: true auth_method: description: The authorization method for an Okta account. example: oauth type: string client_id: description: The Client ID of an Okta app integration. type: string client_secret: description: The client secret of an Okta app integration. type: string writeOnly: true domain: description: The domain associated with an Okta account. example: https://dev-test.okta.com/ type: string required: - auth_method - domain type: object OktaAccountUpdateRequestData: description: Data object for updating an Okta account. properties: attributes: $ref: '#/components/schemas/OktaAccountUpdateRequestAttributes' type: $ref: '#/components/schemas/OktaAccountType' type: object OktaAccountsResponse: description: The expected response schema when getting Okta accounts. properties: data: description: List of Okta accounts. items: $ref: '#/components/schemas/OktaAccountResponseData' type: array type: object OnCallPageTargetType: description: The kind of target, `team_id` | `team_handle` | `user_id`. enum: - team_id - team_handle - user_id example: team_id type: string x-enum-varnames: - TEAM_ID - TEAM_HANDLE - USER_ID OnDemandConcurrencyCap: description: On-demand concurrency cap. properties: attributes: $ref: '#/components/schemas/OnDemandConcurrencyCapAttributes' type: $ref: '#/components/schemas/OnDemandConcurrencyCapType' type: object OnDemandConcurrencyCapAttributes: description: On-demand concurrency cap attributes. properties: on_demand_concurrency_cap: description: Value of the on-demand concurrency cap. format: double type: number type: object OnDemandConcurrencyCapResponse: description: On-demand concurrency cap response. properties: data: $ref: '#/components/schemas/OnDemandConcurrencyCap' type: object OnDemandConcurrencyCapType: description: On-demand concurrency cap type. enum: - on_demand_concurrency_cap type: string x-enum-varnames: - ON_DEMAND_CONCURRENCY_CAP OpenAPIEndpoint: description: Endpoint info extracted from an `OpenAPI` specification. properties: method: description: The endpoint method. type: string path: description: The endpoint path. type: string type: object OpenAPIFile: description: Object for API data in an `OpenAPI` format as a file. properties: openapi_spec_file: description: Binary `OpenAPI` spec file format: binary type: string type: object OpsgenieServiceCreateAttributes: description: The Opsgenie service attributes for a create request. properties: custom_url: description: The custom URL for a custom region. example: https://example.com type: string name: description: The name for the Opsgenie service. example: fake-opsgenie-service-name maxLength: 100 type: string opsgenie_api_key: description: The Opsgenie API key for your Opsgenie service. example: 00000000-0000-0000-0000-000000000000 type: string region: $ref: '#/components/schemas/OpsgenieServiceRegionType' required: - name - opsgenie_api_key - region type: object OpsgenieServiceCreateData: description: Opsgenie service data for a create request. properties: attributes: $ref: '#/components/schemas/OpsgenieServiceCreateAttributes' type: $ref: '#/components/schemas/OpsgenieServiceType' required: - type - attributes type: object OpsgenieServiceCreateRequest: description: Create request for an Opsgenie service. properties: data: $ref: '#/components/schemas/OpsgenieServiceCreateData' required: - data type: object OpsgenieServiceRegionType: description: The region for the Opsgenie service. enum: - us - eu - custom example: us type: string x-enum-varnames: - US - EU - CUSTOM OpsgenieServiceResponse: description: Response of an Opsgenie service. properties: data: $ref: '#/components/schemas/OpsgenieServiceResponseData' required: - data type: object OpsgenieServiceResponseAttributes: description: The attributes from an Opsgenie service response. properties: custom_url: description: The custom URL for a custom region. example: null nullable: true type: string name: description: The name for the Opsgenie service. example: fake-opsgenie-service-name maxLength: 100 type: string region: $ref: '#/components/schemas/OpsgenieServiceRegionType' type: object OpsgenieServiceResponseData: description: Opsgenie service data from a response. properties: attributes: $ref: '#/components/schemas/OpsgenieServiceResponseAttributes' id: description: The ID of the Opsgenie service. example: 596da4af-0563-4097-90ff-07230c3f9db3 maxLength: 100 minLength: 1 type: string type: $ref: '#/components/schemas/OpsgenieServiceType' required: - id - type - attributes type: object OpsgenieServiceType: default: opsgenie-service description: Opsgenie service resource type. enum: - opsgenie-service example: opsgenie-service type: string x-enum-varnames: - OPSGENIE_SERVICE OpsgenieServiceUpdateAttributes: description: The Opsgenie service attributes for an update request. properties: custom_url: description: The custom URL for a custom region. example: https://example.com nullable: true type: string name: description: The name for the Opsgenie service. example: fake-opsgenie-service-name maxLength: 100 type: string opsgenie_api_key: description: The Opsgenie API key for your Opsgenie service. example: 00000000-0000-0000-0000-000000000000 type: string region: $ref: '#/components/schemas/OpsgenieServiceRegionType' type: object OpsgenieServiceUpdateData: description: Opsgenie service for an update request. properties: attributes: $ref: '#/components/schemas/OpsgenieServiceUpdateAttributes' id: description: The ID of the Opsgenie service. example: 596da4af-0563-4097-90ff-07230c3f9db3 maxLength: 100 minLength: 1 type: string type: $ref: '#/components/schemas/OpsgenieServiceType' required: - id - type - attributes type: object OpsgenieServiceUpdateRequest: description: Update request for an Opsgenie service. properties: data: $ref: '#/components/schemas/OpsgenieServiceUpdateData' required: - data type: object OpsgenieServicesResponse: description: Response with a list of Opsgenie services. properties: data: description: An array of Opsgenie services. example: - attributes: custom_url: null name: fake-opsgenie-service-name region: us id: 596da4af-0563-4097-90ff-07230c3f9db3 type: opsgenie-service - attributes: custom_url: null name: fake-opsgenie-service-name-2 region: eu id: 0d2937f1-b561-44fa-914a-99910f848014 type: opsgenie-service items: $ref: '#/components/schemas/OpsgenieServiceResponseData' type: array required: - data type: object OrderDirection: description: The sort direction for results. enum: - asc - desc example: asc type: string x-enum-varnames: - ASC - DESC OrgConfigGetResponse: description: A response with a single Org Config. properties: data: $ref: '#/components/schemas/OrgConfigRead' required: - data type: object OrgConfigListResponse: description: A response with multiple Org Configs. properties: data: description: An array of Org Configs. items: $ref: '#/components/schemas/OrgConfigRead' type: array required: - data type: object OrgConfigRead: description: A single Org Config. properties: attributes: $ref: '#/components/schemas/OrgConfigReadAttributes' id: description: A unique identifier for an Org Config. example: abcd1234 type: string type: $ref: '#/components/schemas/OrgConfigType' required: - id - type - attributes type: object OrgConfigReadAttributes: description: Readable attributes of an Org Config. properties: description: description: The description of an Org Config. example: Frobulate the turbo encabulator manifold type: string modified_at: description: The timestamp of the last Org Config update (if any). format: date-time nullable: true type: string name: description: The machine-friendly name of an Org Config. example: monitor_timezone type: string value: description: The value of an Org Config. value_type: description: The type of an Org Config value. example: bool type: string required: - name - description - value_type - value type: object OrgConfigType: description: Data type of an Org Config. enum: - org_configs example: org_configs type: string x-enum-varnames: - ORG_CONFIGS OrgConfigWrite: description: An Org Config write operation. properties: attributes: $ref: '#/components/schemas/OrgConfigWriteAttributes' type: $ref: '#/components/schemas/OrgConfigType' required: - type - attributes type: object OrgConfigWriteAttributes: description: Writable attributes of an Org Config. properties: value: description: The value of an Org Config. required: - value type: object OrgConfigWriteRequest: description: A request to update an Org Config. properties: data: $ref: '#/components/schemas/OrgConfigWrite' required: - data type: object Organization: description: Organization object. properties: attributes: $ref: '#/components/schemas/OrganizationAttributes' id: description: ID of the organization. type: string type: $ref: '#/components/schemas/OrganizationsType' required: - type type: object OrganizationAttributes: description: Attributes of the organization. properties: created_at: description: Creation time of the organization. format: date-time type: string description: description: Description of the organization. type: string disabled: description: Whether or not the organization is disabled. type: boolean modified_at: description: Time of last organization modification. format: date-time type: string name: description: Name of the organization. type: string public_id: description: Public ID of the organization. type: string sharing: description: Sharing type of the organization. type: string url: description: URL of the site that this organization exists at. type: string type: object OrganizationsType: default: orgs description: Organizations resource type. enum: - orgs example: orgs type: string x-enum-varnames: - ORGS OutboundEdge: description: The definition of `OutboundEdge` object. properties: branchName: description: The `OutboundEdge` `branchName`. example: '' type: string nextStepName: description: The `OutboundEdge` `nextStepName`. example: '' type: string required: - nextStepName - branchName type: object OutcomeType: default: outcome description: The JSON:API type for an outcome. enum: - outcome example: outcome type: string x-enum-varnames: - OUTCOME OutcomesBatchAttributes: description: The JSON:API attributes for a batched set of scorecard outcomes. properties: results: description: Set of scorecard outcomes to update. items: $ref: '#/components/schemas/OutcomesBatchRequestItem' type: array type: object OutcomesBatchRequest: description: Scorecard outcomes batch request. properties: data: $ref: '#/components/schemas/OutcomesBatchRequestData' type: object OutcomesBatchRequestData: description: Scorecard outcomes batch request data. properties: attributes: $ref: '#/components/schemas/OutcomesBatchAttributes' type: $ref: '#/components/schemas/OutcomesBatchType' type: object OutcomesBatchRequestItem: description: Scorecard outcome for a specific rule, for a given service within a batched update. properties: remarks: description: Any remarks regarding the scorecard rule's evaluation, and supports HTML hyperlinks. example: 'See: <a href="https://app.datadoghq.com/services">Services</a>' type: string rule_id: $ref: '#/components/schemas/RuleId' service_name: description: The unique name for a service in the catalog. example: my-service type: string state: $ref: '#/components/schemas/State' required: - rule_id - service_name - state type: object OutcomesBatchResponse: description: Scorecard outcomes batch response. properties: data: $ref: '#/components/schemas/OutcomesBatchResponseData' meta: $ref: '#/components/schemas/OutcomesBatchResponseMeta' required: - data - meta type: object OutcomesBatchResponseAttributes: description: The JSON:API attributes for an outcome. properties: created_at: description: Creation time of the rule outcome. format: date-time type: string modified_at: description: Time of last rule outcome modification. format: date-time type: string remarks: description: Any remarks regarding the scorecard rule's evaluation, and supports HTML hyperlinks. example: 'See: <a href="https://app.datadoghq.com/services">Services</a>' type: string service_name: description: The unique name for a service in the catalog. example: my-service type: string state: $ref: '#/components/schemas/State' type: object OutcomesBatchResponseData: description: List of rule outcomes which were affected during the bulk operation. items: $ref: '#/components/schemas/OutcomesResponseDataItem' type: array OutcomesBatchResponseMeta: description: Metadata pertaining to the bulk operation. properties: total_received: description: Total number of scorecard results received during the bulk operation. format: int64 type: integer total_updated: description: Total number of scorecard results modified during the bulk operation. format: int64 type: integer type: object OutcomesBatchType: default: batched-outcome description: The JSON:API type for scorecard outcomes. enum: - batched-outcome example: batched-outcome type: string x-enum-varnames: - BATCHED_OUTCOME OutcomesResponse: description: Scorecard outcomes - the result of a rule for a service. properties: data: $ref: '#/components/schemas/OutcomesResponseData' included: $ref: '#/components/schemas/OutcomesResponseIncluded' links: $ref: '#/components/schemas/OutcomesResponseLinks' type: object OutcomesResponseData: description: List of rule outcomes. items: $ref: '#/components/schemas/OutcomesResponseDataItem' type: array OutcomesResponseDataItem: description: A single rule outcome. properties: attributes: $ref: '#/components/schemas/OutcomesBatchResponseAttributes' id: description: The unique ID for a rule outcome. type: string relationships: $ref: '#/components/schemas/RuleOutcomeRelationships' type: $ref: '#/components/schemas/OutcomeType' type: object OutcomesResponseIncluded: description: Array of rule details. items: $ref: '#/components/schemas/OutcomesResponseIncludedItem' type: array OutcomesResponseIncludedItem: description: Attributes of the included rule. properties: attributes: $ref: '#/components/schemas/OutcomesResponseIncludedRuleAttributes' id: $ref: '#/components/schemas/RuleId' type: $ref: '#/components/schemas/RuleType' type: object OutcomesResponseIncludedRuleAttributes: description: Details of a rule. properties: name: description: Name of the rule. example: Team Defined type: string scorecard_name: description: The scorecard name to which this rule must belong. example: Observability Best Practices type: string type: object OutcomesResponseLinks: description: Links attributes. properties: next: description: Link for the next set of results. example: /api/v2/scorecard/outcomes?include=rule&page%5Blimit%5D=100&page%5Boffset%5D=100 type: string type: object OutputSchema: description: A list of output parameters for the workflow. properties: parameters: description: The `OutputSchema` `parameters`. items: $ref: '#/components/schemas/OutputSchemaParameters' type: array type: object OutputSchemaParameters: description: The definition of `OutputSchemaParameters` object. properties: defaultValue: description: The `OutputSchemaParameters` `defaultValue`. description: description: The `OutputSchemaParameters` `description`. type: string label: description: The `OutputSchemaParameters` `label`. type: string name: description: The `OutputSchemaParameters` `name`. example: '' type: string type: $ref: '#/components/schemas/OutputSchemaParametersType' value: description: The `OutputSchemaParameters` `value`. required: - name - type type: object OutputSchemaParametersType: description: The definition of `OutputSchemaParametersType` object. enum: - STRING - NUMBER - BOOLEAN - OBJECT - ARRAY_STRING - ARRAY_NUMBER - ARRAY_BOOLEAN - ARRAY_OBJECT example: STRING type: string x-enum-varnames: - STRING - NUMBER - BOOLEAN - OBJECT - ARRAY_STRING - ARRAY_NUMBER - ARRAY_BOOLEAN - ARRAY_OBJECT PageUrgency: default: high description: On-Call Page urgency level. enum: - low - high example: high type: string x-enum-varnames: - LOW - HIGH Pagination: description: Pagination object. properties: total_count: description: Total count. format: int64 type: integer total_filtered_count: description: Total count of elements matched by the filter. format: int64 type: integer type: object Parameter: description: The definition of `Parameter` object. properties: name: description: The `Parameter` `name`. example: '' type: string value: description: The `Parameter` `value`. required: - name - value type: object PartialAPIKey: description: Partial Datadog API key. properties: attributes: $ref: '#/components/schemas/PartialAPIKeyAttributes' id: description: ID of the API key. type: string relationships: $ref: '#/components/schemas/APIKeyRelationships' type: $ref: '#/components/schemas/APIKeysType' type: object PartialAPIKeyAttributes: description: Attributes of a partial API key. properties: category: description: The category of the API key. type: string created_at: description: Creation date of the API key. example: '2020-11-23T10:00:00.000Z' readOnly: true type: string last4: description: The last four characters of the API key. example: abcd maxLength: 4 minLength: 4 readOnly: true type: string modified_at: description: Date the API key was last modified. example: '2020-11-23T10:00:00.000Z' readOnly: true type: string name: description: Name of the API key. example: API Key for submitting metrics type: string remote_config_read_enabled: description: The remote config read enabled status. type: boolean type: object PartialApplicationKey: description: Partial Datadog application key. properties: attributes: $ref: '#/components/schemas/PartialApplicationKeyAttributes' id: description: ID of the application key. type: string relationships: $ref: '#/components/schemas/ApplicationKeyRelationships' type: $ref: '#/components/schemas/ApplicationKeysType' type: object PartialApplicationKeyAttributes: description: Attributes of a partial application key. properties: created_at: description: Creation date of the application key. example: '2020-11-23T10:00:00.000Z' readOnly: true type: string last4: description: The last four characters of the application key. example: abcd maxLength: 4 minLength: 4 readOnly: true type: string name: description: Name of the application key. example: Application Key for managing dashboards type: string scopes: description: Array of scopes to grant the application key. example: - dashboards_read - dashboards_write - dashboards_public_share items: description: Name of scope. type: string nullable: true type: array type: object PartialApplicationKeyResponse: description: Response for retrieving a partial application key. properties: data: $ref: '#/components/schemas/PartialApplicationKey' included: description: Array of objects related to the application key. items: $ref: '#/components/schemas/ApplicationKeyResponseIncludedItem' type: array type: object PatchNotificationRuleParameters: description: Body of the notification rule patch request. properties: data: $ref: '#/components/schemas/PatchNotificationRuleParametersData' type: object PatchNotificationRuleParametersData: description: 'Data of the notification rule patch request: the rule ID, the rule type, and the rule attributes. All fields are required.' properties: attributes: $ref: '#/components/schemas/PatchNotificationRuleParametersDataAttributes' id: $ref: '#/components/schemas/ID' type: $ref: '#/components/schemas/NotificationRulesType' required: - attributes - id - type type: object PatchNotificationRuleParametersDataAttributes: description: Attributes of the notification rule patch request. It is required to update the version of the rule when patching it. properties: enabled: $ref: '#/components/schemas/Enabled' name: $ref: '#/components/schemas/RuleName' selectors: $ref: '#/components/schemas/Selectors' targets: $ref: '#/components/schemas/Targets' time_aggregation: $ref: '#/components/schemas/TimeAggregation' version: $ref: '#/components/schemas/Version' type: object Permission: description: Permission object. properties: attributes: $ref: '#/components/schemas/PermissionAttributes' id: description: ID of the permission. type: string type: $ref: '#/components/schemas/PermissionsType' required: - type type: object PermissionAttributes: description: Attributes of a permission. properties: created: description: Creation time of the permission. format: date-time type: string description: description: Description of the permission. type: string display_name: description: Displayed name for the permission. type: string display_type: description: Display type. type: string group_name: description: Name of the permission group. type: string name: description: Name of the permission. type: string restricted: description: Whether or not the permission is restricted. type: boolean type: object PermissionsResponse: description: Payload with API-returned permissions. properties: data: description: Array of permissions. items: $ref: '#/components/schemas/Permission' type: array type: object PermissionsType: default: permissions description: Permissions resource type. enum: - permissions example: permissions type: string x-enum-varnames: - PERMISSIONS Powerpack: description: Powerpacks are templated groups of dashboard widgets you can save from an existing dashboard and turn into reusable packs in the widget tray. properties: data: $ref: '#/components/schemas/PowerpackData' type: object PowerpackAttributes: description: Powerpack attribute object. properties: description: description: Description of this powerpack. example: Powerpack for ABC type: string group_widget: $ref: '#/components/schemas/PowerpackGroupWidget' name: description: Name of the powerpack. example: Sample Powerpack type: string tags: description: List of tags to identify this powerpack. example: - tag:foo1 items: maxLength: 80 type: string maxItems: 8 type: array template_variables: description: List of template variables for this powerpack. example: - defaults: - '*' name: test items: $ref: '#/components/schemas/PowerpackTemplateVariable' type: array required: - group_widget - name type: object PowerpackData: description: Powerpack data object. properties: attributes: $ref: '#/components/schemas/PowerpackAttributes' id: description: ID of the powerpack. type: string relationships: $ref: '#/components/schemas/PowerpackRelationships' type: description: Type of widget, must be powerpack. example: powerpack type: string type: object PowerpackGroupWidget: description: Powerpack group widget definition object. properties: definition: $ref: '#/components/schemas/PowerpackGroupWidgetDefinition' layout: $ref: '#/components/schemas/PowerpackGroupWidgetLayout' live_span: $ref: '#/components/schemas/WidgetLiveSpan' required: - definition type: object PowerpackGroupWidgetDefinition: description: Powerpack group widget object. properties: layout_type: description: Layout type of widgets. example: ordered type: string show_title: description: Boolean indicating whether powerpack group title should be visible or not. example: true type: boolean title: description: Name for the group widget. example: Sample Powerpack type: string type: description: Type of widget, must be group. example: group type: string widgets: description: Widgets inside the powerpack. example: - definition: content: example type: note layout: height: 5 width: 10 x: 0 y: 0 items: $ref: '#/components/schemas/PowerpackInnerWidgets' type: array required: - widgets - layout_type - type type: object PowerpackGroupWidgetLayout: description: Powerpack group widget layout. properties: height: description: The height of the widget. Should be a non-negative integer. example: 0 format: int64 minimum: 0 type: integer width: description: The width of the widget. Should be a non-negative integer. example: 0 format: int64 minimum: 0 type: integer x: description: The position of the widget on the x (horizontal) axis. Should be a non-negative integer. example: 0 format: int64 minimum: 0 type: integer y: description: The position of the widget on the y (vertical) axis. Should be a non-negative integer. example: 0 format: int64 minimum: 0 type: integer required: - x - y - width - height type: object PowerpackInnerWidgetLayout: description: Powerpack inner widget layout. properties: height: description: The height of the widget. Should be a non-negative integer. example: 0 format: int64 minimum: 0 type: integer width: description: The width of the widget. Should be a non-negative integer. example: 0 format: int64 minimum: 0 type: integer x: description: The position of the widget on the x (horizontal) axis. Should be a non-negative integer. example: 0 format: int64 minimum: 0 type: integer y: description: The position of the widget on the y (vertical) axis. Should be a non-negative integer. example: 0 format: int64 minimum: 0 type: integer required: - x - y - width - height type: object PowerpackInnerWidgets: description: Powerpack group widget definition of individual widgets. properties: definition: additionalProperties: {} description: Information about widget. example: definition: content: example type: note type: object layout: $ref: '#/components/schemas/PowerpackInnerWidgetLayout' required: - definition type: object PowerpackRelationships: description: Powerpack relationship object. properties: author: $ref: '#/components/schemas/RelationshipToUser' type: object PowerpackResponse: description: Response object which includes a single powerpack configuration. properties: data: $ref: '#/components/schemas/PowerpackData' included: description: Array of objects related to the users. items: $ref: '#/components/schemas/User' type: array readOnly: true type: object PowerpackResponseLinks: description: Links attributes. properties: first: description: Link to last page. type: string last: description: Link to first page. example: https://app.datadoghq.com/api/v2/powerpacks?page[offset]=0&page[limit]=25 nullable: true type: string next: description: Link for the next set of results. example: https://app.datadoghq.com/api/v2/powerpacks?page[offset]=25&page[limit]=25 type: string prev: description: Link for the previous set of results. nullable: true type: string self: description: Link to current page. example: https://app.datadoghq.com/api/v2/powerpacks type: string type: object PowerpackTemplateVariable: description: Powerpack template variables. properties: available_values: description: The list of values that the template variable drop-down is limited to. example: - my-host - host1 - host2 items: description: Template variable value. type: string nullable: true type: array defaults: description: One or many template variable default values within the saved view, which are unioned together using `OR` if more than one is specified. items: description: One or many default values of the template variable. minLength: 1 type: string type: array name: description: The name of the variable. example: datacenter type: string prefix: description: The tag prefix associated with the variable. Only tags with this prefix appear in the variable drop-down. example: host nullable: true type: string required: - name type: object PowerpacksResponseMeta: description: Powerpack response metadata. properties: pagination: $ref: '#/components/schemas/PowerpacksResponseMetaPagination' type: object PowerpacksResponseMetaPagination: description: Powerpack response pagination metadata. properties: first_offset: description: The first offset. format: int64 type: integer last_offset: description: The last offset. format: int64 nullable: true type: integer limit: description: Pagination limit. format: int64 type: integer next_offset: description: The next offset. format: int64 type: integer offset: description: The offset. format: int64 type: integer prev_offset: description: The previous offset. format: int64 type: integer total: description: Total results. format: int64 type: integer type: description: Offset type. type: string type: object ProcessSummariesMeta: description: Response metadata object. properties: page: $ref: '#/components/schemas/ProcessSummariesMetaPage' type: object ProcessSummariesMetaPage: description: Paging attributes. properties: after: description: 'The cursor used to get the next results, if any. To make the next request, use the same parameters with the addition of the `page[cursor]`.' example: 911abf1204838d9cdfcb9a96d0b6a1bd03e1b514074f1ce1737c4cbd type: string size: description: Number of results returned. format: int32 maximum: 10000 minimum: 0 type: integer type: object ProcessSummariesResponse: description: List of process summaries. properties: data: description: Array of process summary objects. items: $ref: '#/components/schemas/ProcessSummary' type: array meta: $ref: '#/components/schemas/ProcessSummariesMeta' type: object ProcessSummary: description: Process summary object. properties: attributes: $ref: '#/components/schemas/ProcessSummaryAttributes' id: description: Process ID. type: string type: $ref: '#/components/schemas/ProcessSummaryType' type: object ProcessSummaryAttributes: description: Attributes for a process summary. properties: cmdline: description: Process command line. type: string host: description: Host running the process. type: string pid: description: Process ID. format: int64 type: integer ppid: description: Parent process ID. format: int64 type: integer start: description: Time the process was started. type: string tags: description: List of tags associated with the process. items: description: A tag associated with the process. type: string type: array timestamp: description: Time the process was seen. type: string user: description: Process owner. type: string type: object ProcessSummaryType: default: process description: Type of process summary. enum: - process example: process type: string x-enum-varnames: - PROCESS Project: description: A Project properties: attributes: $ref: '#/components/schemas/ProjectAttributes' id: description: The Project's identifier example: aeadc05e-98a8-11ec-ac2c-da7ad0900001 type: string relationships: $ref: '#/components/schemas/ProjectRelationships' type: $ref: '#/components/schemas/ProjectResourceType' required: - id - type - attributes type: object ProjectAttributes: description: Project attributes properties: key: description: The project's key example: CASEM type: string name: description: Project's name type: string type: object ProjectCreate: description: Project create properties: attributes: $ref: '#/components/schemas/ProjectCreateAttributes' type: $ref: '#/components/schemas/ProjectResourceType' required: - attributes - type type: object ProjectCreateAttributes: description: Project creation attributes properties: key: description: Project's key. Cannot be "CASE" example: SEC type: string name: description: name example: Security Investigation type: string required: - name - key type: object ProjectCreateRequest: description: Project create request properties: data: $ref: '#/components/schemas/ProjectCreate' required: - data type: object ProjectRelationship: description: Relationship to project properties: data: $ref: '#/components/schemas/ProjectRelationshipData' required: - data type: object ProjectRelationshipData: description: Relationship to project object properties: id: description: A unique identifier that represents the project example: e555e290-ed65-49bd-ae18-8acbfcf18db7 type: string type: $ref: '#/components/schemas/ProjectResourceType' required: - id - type type: object ProjectRelationships: description: Project relationships properties: member_team: $ref: '#/components/schemas/RelationshipToTeamLinks' member_user: $ref: '#/components/schemas/UsersRelationship' type: object ProjectResourceType: default: project description: Project resource type enum: - project example: project type: string x-enum-varnames: - PROJECT ProjectResponse: description: Project response properties: data: $ref: '#/components/schemas/Project' type: object ProjectedCost: description: Projected Cost data. properties: attributes: $ref: '#/components/schemas/ProjectedCostAttributes' id: description: Unique ID of the response. type: string type: $ref: '#/components/schemas/ProjectedCostType' type: object ProjectedCostAttributes: description: Projected Cost attributes data. properties: account_name: description: The account name. type: string account_public_id: description: The account public ID. type: string charges: description: List of charges data reported for the requested month. items: $ref: '#/components/schemas/ChargebackBreakdown' type: array date: description: The month requested. format: date-time type: string org_name: description: The organization name. type: string projected_total_cost: description: The total projected cost of products for the month. format: double type: number public_id: description: The organization public ID. type: string region: description: The region of the Datadog instance that the organization belongs to. type: string type: object ProjectedCostResponse: description: Projected Cost response. properties: data: description: Response containing Projected Cost. items: $ref: '#/components/schemas/ProjectedCost' type: array type: object ProjectedCostType: default: projected_cost description: Type of cost data. enum: - projected_cost example: projected_cost type: string x-enum-varnames: - PROJECt_COST ProjectsResponse: description: Response with projects properties: data: description: Projects response data items: $ref: '#/components/schemas/Project' type: array type: object PublishAppResponse: description: The response object after an app is successfully published. properties: data: $ref: '#/components/schemas/Deployment' type: object Query: description: A data query used by an app. This can take the form of an external action, a data transformation, or a state variable. oneOf: - $ref: '#/components/schemas/ActionQuery' - $ref: '#/components/schemas/DataTransform' - $ref: '#/components/schemas/StateVariable' QueryFormula: description: A formula for calculation based on one or more queries. properties: formula: description: Formula string, referencing one or more queries with their name property. example: a+b type: string limit: $ref: '#/components/schemas/FormulaLimit' required: - formula type: object QuerySortOrder: default: desc description: Direction of sort. enum: - asc - desc type: string x-enum-varnames: - ASC - DESC RUMAggregateBucketValue: description: A bucket value, can be either a timeseries or a single value. oneOf: - $ref: '#/components/schemas/RUMAggregateBucketValueSingleString' - $ref: '#/components/schemas/RUMAggregateBucketValueSingleNumber' - $ref: '#/components/schemas/RUMAggregateBucketValueTimeseries' RUMAggregateBucketValueSingleNumber: description: A single number value. format: double type: number RUMAggregateBucketValueSingleString: description: A single string value. type: string RUMAggregateBucketValueTimeseries: description: A timeseries array. items: $ref: '#/components/schemas/RUMAggregateBucketValueTimeseriesPoint' type: array x-generate-alias-as-model: true RUMAggregateBucketValueTimeseriesPoint: description: A timeseries point. properties: time: description: The time value for this point. example: '2020-06-08T11:55:00.123Z' format: date-time type: string value: description: The value for this point. example: 19 format: double type: number type: object RUMAggregateRequest: description: The object sent with the request to retrieve aggregation buckets of RUM events from your organization. properties: compute: description: The list of metrics or timeseries to compute for the retrieved buckets. items: $ref: '#/components/schemas/RUMCompute' type: array filter: $ref: '#/components/schemas/RUMQueryFilter' group_by: description: The rules for the group by. items: $ref: '#/components/schemas/RUMGroupBy' type: array options: $ref: '#/components/schemas/RUMQueryOptions' page: $ref: '#/components/schemas/RUMQueryPageOptions' type: object RUMAggregateSort: description: A sort rule. example: aggregation: count order: asc properties: aggregation: $ref: '#/components/schemas/RUMAggregationFunction' metric: description: The metric to sort by (only used for `type=measure`). example: '@duration' type: string order: $ref: '#/components/schemas/RUMSortOrder' type: $ref: '#/components/schemas/RUMAggregateSortType' type: object RUMAggregateSortType: default: alphabetical description: The type of sorting algorithm. enum: - alphabetical - measure type: string x-enum-varnames: - ALPHABETICAL - MEASURE RUMAggregationBucketsResponse: description: The query results. properties: buckets: description: The list of matching buckets, one item per bucket. items: $ref: '#/components/schemas/RUMBucketResponse' type: array type: object RUMAggregationFunction: description: An aggregation function. enum: - count - cardinality - pc75 - pc90 - pc95 - pc98 - pc99 - sum - min - max - avg - median example: pc90 type: string x-enum-varnames: - COUNT - CARDINALITY - PERCENTILE_75 - PERCENTILE_90 - PERCENTILE_95 - PERCENTILE_98 - PERCENTILE_99 - SUM - MIN - MAX - AVG - MEDIAN RUMAnalyticsAggregateResponse: description: The response object for the RUM events aggregate API endpoint. properties: data: $ref: '#/components/schemas/RUMAggregationBucketsResponse' links: $ref: '#/components/schemas/RUMResponseLinks' meta: $ref: '#/components/schemas/RUMResponseMetadata' type: object RUMApplication: description: RUM application. properties: attributes: $ref: '#/components/schemas/RUMApplicationAttributes' id: description: RUM application ID. example: abcd1234-0000-0000-abcd-1234abcd5678 type: string type: $ref: '#/components/schemas/RUMApplicationType' required: - attributes - id - type type: object RUMApplicationAttributes: description: RUM application attributes. properties: application_id: description: ID of the RUM application. example: abcd1234-0000-0000-abcd-1234abcd5678 type: string client_token: description: Client token of the RUM application. example: abcd1234efgh5678ijkl90abcd1234efgh0 type: string created_at: description: Timestamp in ms of the creation date. example: 1659479836169 format: int64 type: integer created_by_handle: description: Handle of the creator user. example: john.doe type: string hash: description: Hash of the RUM application. Optional. type: string is_active: description: Indicates if the RUM application is active. example: true type: boolean name: description: Name of the RUM application. example: my_rum_application type: string org_id: description: Org ID of the RUM application. example: 999 format: int32 maximum: 2147483647 type: integer type: description: Type of the RUM application. Supported values are `browser`, `ios`, `android`, `react-native`, `flutter`, `roku`, `electron`, `unity`, `kotlin-multiplatform`. example: browser type: string updated_at: description: Timestamp in ms of the last update date. example: 1659479836169 format: int64 type: integer updated_by_handle: description: Handle of the updater user. example: jane.doe type: string required: - application_id - client_token - created_at - created_by_handle - name - org_id - type - updated_at - updated_by_handle type: object RUMApplicationCreate: description: RUM application creation. properties: attributes: $ref: '#/components/schemas/RUMApplicationCreateAttributes' type: $ref: '#/components/schemas/RUMApplicationCreateType' required: - attributes - type type: object RUMApplicationCreateAttributes: description: RUM application creation attributes. properties: name: description: Name of the RUM application. example: my_new_rum_application type: string type: description: Type of the RUM application. Supported values are `browser`, `ios`, `android`, `react-native`, `flutter`, `roku`, `electron`, `unity`, `kotlin-multiplatform`. example: browser type: string required: - name type: object RUMApplicationCreateRequest: description: RUM application creation request attributes. properties: data: $ref: '#/components/schemas/RUMApplicationCreate' required: - data type: object RUMApplicationCreateType: default: rum_application_create description: RUM application creation type. enum: - rum_application_create example: rum_application_create type: string x-enum-varnames: - RUM_APPLICATION_CREATE RUMApplicationList: description: RUM application list. properties: attributes: $ref: '#/components/schemas/RUMApplicationListAttributes' id: description: RUM application ID. example: abcd1234-0000-0000-abcd-1234abcd5678 type: string type: $ref: '#/components/schemas/RUMApplicationListType' required: - attributes - type type: object RUMApplicationListAttributes: description: RUM application list attributes. properties: application_id: description: ID of the RUM application. example: abcd1234-0000-0000-abcd-1234abcd5678 type: string created_at: description: Timestamp in ms of the creation date. example: 1659479836169 format: int64 type: integer created_by_handle: description: Handle of the creator user. example: john.doe type: string hash: description: Hash of the RUM application. Optional. type: string is_active: description: Indicates if the RUM application is active. example: true type: boolean name: description: Name of the RUM application. example: my_rum_application type: string org_id: description: Org ID of the RUM application. example: 999 format: int32 maximum: 2147483647 type: integer type: description: Type of the RUM application. Supported values are `browser`, `ios`, `android`, `react-native`, `flutter`, `roku`, `electron`, `unity`, `kotlin-multiplatform`. example: browser type: string updated_at: description: Timestamp in ms of the last update date. example: 1659479836169 format: int64 type: integer updated_by_handle: description: Handle of the updater user. example: jane.doe type: string required: - application_id - created_at - created_by_handle - name - org_id - type - updated_at - updated_by_handle type: object RUMApplicationListType: default: rum_application description: RUM application list type. enum: - rum_application example: rum_application type: string x-enum-varnames: - RUM_APPLICATION RUMApplicationResponse: description: RUM application response. properties: data: $ref: '#/components/schemas/RUMApplication' type: object RUMApplicationType: default: rum_application description: RUM application response type. enum: - rum_application example: rum_application type: string x-enum-varnames: - RUM_APPLICATION RUMApplicationUpdate: description: RUM application update. properties: attributes: $ref: '#/components/schemas/RUMApplicationUpdateAttributes' id: description: RUM application ID. example: abcd1234-0000-0000-abcd-1234abcd5678 type: string type: $ref: '#/components/schemas/RUMApplicationUpdateType' required: - id - type type: object RUMApplicationUpdateAttributes: description: RUM application update attributes. properties: name: description: Name of the RUM application. example: updated_name_for_my_existing_rum_application type: string type: description: Type of the RUM application. Supported values are `browser`, `ios`, `android`, `react-native`, `flutter`, `roku`, `electron`, `unity`, `kotlin-multiplatform`. example: browser type: string type: object RUMApplicationUpdateRequest: description: RUM application update request. properties: data: $ref: '#/components/schemas/RUMApplicationUpdate' required: - data type: object RUMApplicationUpdateType: default: rum_application_update description: RUM application update type. enum: - rum_application_update example: rum_application_update type: string x-enum-varnames: - RUM_APPLICATION_UPDATE RUMApplicationsResponse: description: RUM applications response. properties: data: description: RUM applications array response. items: $ref: '#/components/schemas/RUMApplicationList' type: array type: object RUMBucketResponse: description: Bucket values. properties: by: additionalProperties: description: The values for each group-by. type: string description: The key-value pairs for each group-by. example: '@session.type': user '@type': view type: object computes: additionalProperties: $ref: '#/components/schemas/RUMAggregateBucketValue' description: A map of the metric name to value for regular compute, or a list of values for a timeseries. type: object type: object RUMCompute: description: A compute rule to compute metrics or timeseries. properties: aggregation: $ref: '#/components/schemas/RUMAggregationFunction' interval: description: 'The time buckets'' size (only used for type=timeseries) Defaults to a resolution of 150 points.' example: 5m type: string metric: description: The metric to use. example: '@duration' type: string type: $ref: '#/components/schemas/RUMComputeType' required: - aggregation type: object RUMComputeType: default: total description: The type of compute. enum: - timeseries - total type: string x-enum-varnames: - TIMESERIES - TOTAL RUMEvent: description: Object description of a RUM event after being processed and stored by Datadog. properties: attributes: $ref: '#/components/schemas/RUMEventAttributes' id: description: Unique ID of the event. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: '#/components/schemas/RUMEventType' type: object RUMEventAttributes: description: JSON object containing all event attributes and their associated values. properties: attributes: additionalProperties: {} description: JSON object of attributes from RUM events. example: customAttribute: 123 duration: 2345 type: object service: description: 'The name of the application or service generating RUM events. It is used to switch from RUM to APM, so make sure you define the same value when you use both products.' example: web-app type: string tags: description: Array of tags associated with your event. example: - team:A items: description: Tag associated with your event. type: string type: array timestamp: description: Timestamp of your event. example: '2019-01-02T09:42:36.320Z' format: date-time type: string type: object RUMEventType: default: rum description: Type of the event. enum: - rum example: rum type: string x-enum-varnames: - RUM RUMEventsResponse: description: Response object with all events matching the request and pagination information. properties: data: description: Array of events matching the request. items: $ref: '#/components/schemas/RUMEvent' type: array links: $ref: '#/components/schemas/RUMResponseLinks' meta: $ref: '#/components/schemas/RUMResponseMetadata' type: object RUMGroupBy: description: A group-by rule. properties: facet: description: The name of the facet to use (required). example: '@view.time_spent' type: string histogram: $ref: '#/components/schemas/RUMGroupByHistogram' limit: default: 10 description: The maximum buckets to return for this group-by. format: int64 type: integer missing: $ref: '#/components/schemas/RUMGroupByMissing' sort: $ref: '#/components/schemas/RUMAggregateSort' total: $ref: '#/components/schemas/RUMGroupByTotal' required: - facet type: object RUMGroupByHistogram: description: 'Used to perform a histogram computation (only for measure facets). Note: At most 100 buckets are allowed, the number of buckets is (max - min)/interval.' properties: interval: description: The bin size of the histogram buckets. example: 10 format: double type: number max: description: 'The maximum value for the measure used in the histogram (values greater than this one are filtered out).' example: 100 format: double type: number min: description: 'The minimum value for the measure used in the histogram (values smaller than this one are filtered out).' example: 50 format: double type: number required: - interval - min - max type: object RUMGroupByMissing: description: The value to use for logs that don't have the facet used to group by. oneOf: - $ref: '#/components/schemas/RUMGroupByMissingString' - $ref: '#/components/schemas/RUMGroupByMissingNumber' RUMGroupByMissingNumber: description: The missing value to use if there is a number valued facet. format: double type: number RUMGroupByMissingString: description: The missing value to use if there is string valued facet. type: string RUMGroupByTotal: default: false description: A resulting object to put the given computes in over all the matching records. oneOf: - $ref: '#/components/schemas/RUMGroupByTotalBoolean' - $ref: '#/components/schemas/RUMGroupByTotalString' - $ref: '#/components/schemas/RUMGroupByTotalNumber' RUMGroupByTotalBoolean: description: If set to true, creates an additional bucket labeled "$facet_total". type: boolean RUMGroupByTotalNumber: description: A number to use as the key value for the total bucket. format: double type: number RUMGroupByTotalString: description: A string to use as the key value for the total bucket. type: string RUMQueryFilter: description: The search and filter query settings. properties: from: default: now-15m description: The minimum time for the requested events; supports date (in [ISO 8601](https://www.w3.org/TR/NOTE-datetime) format with full date, hours, minutes, and the `Z` UTC indicator - seconds and fractional seconds are optional), math, and regular timestamps (in milliseconds). example: now-15m type: string query: default: '*' description: The search query following the RUM search syntax. example: '@type:session AND @session.type:user' type: string to: default: now description: The maximum time for the requested events; supports date (in [ISO 8601](https://www.w3.org/TR/NOTE-datetime) format with full date, hours, minutes, and the `Z` UTC indicator - seconds and fractional seconds are optional), math, and regular timestamps (in milliseconds). example: now type: string type: object RUMQueryOptions: description: 'Global query options that are used during the query. Note: Only supply timezone or time offset, not both. Otherwise, the query fails.' properties: time_offset: description: The time offset (in seconds) to apply to the query. format: int64 type: integer timezone: default: UTC description: The timezone can be specified as GMT, UTC, an offset from UTC (like UTC+1), or as a Timezone Database identifier (like America/New_York). example: GMT type: string type: object RUMQueryPageOptions: description: Paging attributes for listing events. properties: cursor: description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string limit: default: 10 description: Maximum number of events in the response. example: 25 format: int32 maximum: 1000 type: integer type: object RUMResponseLinks: description: Links attributes. properties: next: description: 'Link for the next set of results. Note that the request can also be made using the POST endpoint.' example: https://app.datadoghq.com/api/v2/rum/event?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object RUMResponseMetadata: description: The metadata associated with a request. properties: elapsed: description: The time elapsed in milliseconds. example: 132 format: int64 type: integer page: $ref: '#/components/schemas/RUMResponsePage' request_id: description: The identifier of the request. example: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR type: string status: $ref: '#/components/schemas/RUMResponseStatus' warnings: description: 'A list of warnings (non-fatal errors) encountered. Partial results may return if warnings are present in the response.' items: $ref: '#/components/schemas/RUMWarning' type: array type: object RUMResponsePage: description: Paging attributes. properties: after: description: The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of `page[cursor]`. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object RUMResponseStatus: description: The status of the response. enum: - done - timeout example: done type: string x-enum-varnames: - DONE - TIMEOUT RUMSearchEventsRequest: description: The request for a RUM events list. properties: filter: $ref: '#/components/schemas/RUMQueryFilter' options: $ref: '#/components/schemas/RUMQueryOptions' page: $ref: '#/components/schemas/RUMQueryPageOptions' sort: $ref: '#/components/schemas/RUMSort' type: object RUMSort: description: Sort parameters when querying events. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING RUMSortOrder: description: The order to use, ascending or descending. enum: - asc - desc example: asc type: string x-enum-varnames: - ASCENDING - DESCENDING RUMWarning: description: A warning message indicating something that went wrong with the query. properties: code: description: A unique code for this type of warning. example: unknown_index type: string detail: description: A detailed explanation of this specific warning. example: 'indexes: foo, bar' type: string title: description: A short human-readable summary of the warning. example: One or several indexes are missing or invalid, results hold data from the other indexes type: string type: object ReadinessGate: description: Used to merge multiple branches into a single branch. properties: thresholdType: $ref: '#/components/schemas/ReadinessGateThresholdType' required: - thresholdType type: object ReadinessGateThresholdType: description: The definition of `ReadinessGateThresholdType` object. enum: - ANY - ALL example: ANY type: string x-enum-varnames: - ANY - ALL RelationAttributes: description: Relation attributes. properties: from: $ref: '#/components/schemas/RelationEntity' to: $ref: '#/components/schemas/RelationEntity' type: $ref: '#/components/schemas/RelationType' type: object RelationEntity: description: Relation entity reference. properties: kind: description: Entity kind. type: string name: description: Entity name. type: string namespace: description: Entity namespace. type: string type: object RelationIncludeType: description: Supported include types for relations. enum: - entity - schema type: string x-enum-varnames: - ENTITY - SCHEMA RelationMeta: description: Relation metadata. properties: createdAt: description: Relation creation time. format: date-time type: string definedBy: description: Relation defined by. type: string modifiedAt: description: Relation modification time. format: date-time type: string source: description: Relation source. type: string type: object RelationRelationships: description: Relation relationships. properties: fromEntity: $ref: '#/components/schemas/RelationToEntity' toEntity: $ref: '#/components/schemas/RelationToEntity' type: object RelationResponse: description: Relation response data. properties: attributes: $ref: '#/components/schemas/RelationAttributes' id: description: Relation ID. type: string meta: $ref: '#/components/schemas/RelationMeta' relationships: $ref: '#/components/schemas/RelationRelationships' subtype: description: Relation subtype. type: string type: $ref: '#/components/schemas/RelationResponseType' type: object RelationResponseData: description: Array of relation responses items: $ref: '#/components/schemas/RelationResponse' type: array RelationResponseMeta: description: Relation response metadata. properties: count: description: Total relations count. format: int64 type: integer includeCount: description: Total included data count. format: int64 type: integer type: object RelationResponseType: description: Relation type. enum: - relation type: string x-enum-varnames: - RELATION RelationToEntity: description: Relation to entity. properties: data: $ref: '#/components/schemas/RelationshipItem' meta: $ref: '#/components/schemas/EntityMeta' type: object RelationType: description: Supported relation types. enum: - RelationTypeOwns - RelationTypeOwnedBy - RelationTypeDependsOn - RelationTypeDependencyOf - RelationTypePartsOf - RelationTypeHasPart - RelationTypeOtherOwns - RelationTypeOtherOwnedBy - RelationTypeImplementedBy - RelationTypeImplements type: string x-enum-varnames: - RELATIONTYPEOWNS - RELATIONTYPEOWNEDBY - RELATIONTYPEDEPENDSON - RELATIONTYPEDEPENDENCYOF - RELATIONTYPEPARTSOF - RELATIONTYPEHASPART - RELATIONTYPEOTHEROWNS - RELATIONTYPEOTHEROWNEDBY - RELATIONTYPEIMPLEMENTEDBY - RELATIONTYPEIMPLEMENTS RelationshipArray: description: Relationships. items: $ref: '#/components/schemas/RelationshipItem' type: array RelationshipItem: description: Relationship entry. properties: id: description: Associated data ID. type: string type: description: Relationship type. type: string type: object RelationshipToIncidentAttachment: description: A relationship reference for attachments. properties: data: description: An array of incident attachments. items: $ref: '#/components/schemas/RelationshipToIncidentAttachmentData' type: array required: - data type: object RelationshipToIncidentAttachmentData: description: The attachment relationship data. properties: id: description: A unique identifier that represents the attachment. example: 00000000-0000-abcd-1000-000000000000 type: string type: $ref: '#/components/schemas/IncidentAttachmentType' required: - id - type type: object RelationshipToIncidentImpactData: description: Relationship to impact object. properties: id: description: A unique identifier that represents the impact. example: 00000000-0000-0000-2345-000000000000 type: string type: $ref: '#/components/schemas/IncidentImpactsType' required: - id - type type: object RelationshipToIncidentImpacts: description: Relationship to impacts. properties: data: description: An array of incident impacts. items: $ref: '#/components/schemas/RelationshipToIncidentImpactData' type: array required: - data type: object RelationshipToIncidentIntegrationMetadataData: description: A relationship reference for an integration metadata object. example: id: 00000000-abcd-0002-0000-000000000000 type: incident_integrations properties: id: description: A unique identifier that represents the integration metadata. example: 00000000-abcd-0001-0000-000000000000 type: string type: $ref: '#/components/schemas/IncidentIntegrationMetadataType' required: - id - type type: object RelationshipToIncidentIntegrationMetadatas: description: A relationship reference for multiple integration metadata objects. example: data: - id: 00000000-abcd-0005-0000-000000000000 type: incident_integrations - id: 00000000-abcd-0006-0000-000000000000 type: incident_integrations properties: data: description: Integration metadata relationship array example: - id: 00000000-abcd-0003-0000-000000000000 type: incident_integrations - id: 00000000-abcd-0004-0000-000000000000 type: incident_integrations items: $ref: '#/components/schemas/RelationshipToIncidentIntegrationMetadataData' type: array required: - data type: object RelationshipToIncidentPostmortem: description: A relationship reference for postmortems. example: data: id: 00000000-0000-abcd-3000-000000000000 type: incident_postmortems properties: data: $ref: '#/components/schemas/RelationshipToIncidentPostmortemData' required: - data type: object RelationshipToIncidentPostmortemData: description: The postmortem relationship data. example: id: 00000000-0000-abcd-2000-000000000000 type: incident_postmortems properties: id: description: A unique identifier that represents the postmortem. example: 00000000-0000-abcd-1000-000000000000 type: string type: $ref: '#/components/schemas/IncidentPostmortemType' required: - id - type type: object RelationshipToIncidentResponderData: description: Relationship to impact object. properties: id: description: A unique identifier that represents the responder. example: 00000000-0000-0000-2345-000000000000 type: string type: $ref: '#/components/schemas/IncidentRespondersType' required: - id - type type: object RelationshipToIncidentResponders: description: Relationship to incident responders. properties: data: description: An array of incident responders. items: $ref: '#/components/schemas/RelationshipToIncidentResponderData' type: array required: - data type: object RelationshipToIncidentUserDefinedFieldData: description: Relationship to impact object. properties: id: description: A unique identifier that represents the responder. example: 00000000-0000-0000-2345-000000000000 type: string type: $ref: '#/components/schemas/IncidentUserDefinedFieldType' required: - id - type type: object RelationshipToIncidentUserDefinedFields: description: Relationship to incident user defined fields. properties: data: description: An array of user defined fields. items: $ref: '#/components/schemas/RelationshipToIncidentUserDefinedFieldData' type: array required: - data type: object RelationshipToOrganization: description: Relationship to an organization. properties: data: $ref: '#/components/schemas/RelationshipToOrganizationData' required: - data type: object RelationshipToOrganizationData: description: Relationship to organization object. properties: id: description: ID of the organization. example: 00000000-0000-beef-0000-000000000000 type: string type: $ref: '#/components/schemas/OrganizationsType' required: - id - type type: object RelationshipToOrganizations: description: Relationship to organizations. properties: data: description: Relationships to organization objects. example: [] items: $ref: '#/components/schemas/RelationshipToOrganizationData' type: array required: - data type: object RelationshipToOutcome: description: The JSON:API relationship to a scorecard outcome. properties: data: $ref: '#/components/schemas/RelationshipToOutcomeData' type: object RelationshipToOutcomeData: description: The JSON:API relationship to an outcome, which returns the related rule id. properties: id: $ref: '#/components/schemas/RuleId' type: $ref: '#/components/schemas/RuleType' type: object RelationshipToPermission: description: Relationship to a permissions object. properties: data: $ref: '#/components/schemas/RelationshipToPermissionData' type: object RelationshipToPermissionData: description: Relationship to permission object. properties: id: description: ID of the permission. type: string type: $ref: '#/components/schemas/PermissionsType' type: object RelationshipToPermissions: description: Relationship to multiple permissions objects. properties: data: description: Relationships to permission objects. items: $ref: '#/components/schemas/RelationshipToPermissionData' type: array type: object RelationshipToRole: description: Relationship to role. properties: data: $ref: '#/components/schemas/RelationshipToRoleData' type: object RelationshipToRoleData: description: Relationship to role object. properties: id: description: The unique identifier of the role. example: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: string type: $ref: '#/components/schemas/RolesType' type: object RelationshipToRoles: description: Relationship to roles. properties: data: description: An array containing type and the unique identifier of a role. items: $ref: '#/components/schemas/RelationshipToRoleData' type: array type: object RelationshipToRule: description: Scorecard create rule response relationship. properties: scorecard: $ref: '#/components/schemas/RelationshipToRuleData' type: object RelationshipToRuleData: description: Relationship data for a rule. properties: data: $ref: '#/components/schemas/RelationshipToRuleDataObject' type: object RelationshipToRuleDataObject: description: Rule relationship data. properties: id: description: The unique ID for a scorecard. example: q8MQxk8TCqrHnWkp type: string type: $ref: '#/components/schemas/ScorecardType' type: object RelationshipToSAMLAssertionAttribute: description: AuthN Mapping relationship to SAML Assertion Attribute. properties: data: $ref: '#/components/schemas/RelationshipToSAMLAssertionAttributeData' required: - data type: object RelationshipToSAMLAssertionAttributeData: description: Data of AuthN Mapping relationship to SAML Assertion Attribute. properties: id: description: The ID of the SAML assertion attribute. example: '0' type: string type: $ref: '#/components/schemas/SAMLAssertionAttributesType' required: - id - type type: object RelationshipToTeam: description: Relationship to team. properties: data: $ref: '#/components/schemas/RelationshipToTeamData' type: object RelationshipToTeamData: description: Relationship to Team object. properties: id: description: The unique identifier of the team. example: f9bb8444-af7f-11ec-ac2c-da7ad0900001 type: string type: $ref: '#/components/schemas/TeamType' type: object RelationshipToTeamLinkData: description: Relationship between a link and a team properties: id: description: The team link's identifier example: f9bb8444-af7f-11ec-ac2c-da7ad0900001 type: string type: $ref: '#/components/schemas/TeamLinkType' required: - id - type type: object RelationshipToTeamLinks: description: Relationship between a team and a team link properties: data: description: Related team links items: $ref: '#/components/schemas/RelationshipToTeamLinkData' type: array links: $ref: '#/components/schemas/TeamRelationshipsLinks' type: object RelationshipToUser: description: Relationship to user. properties: data: $ref: '#/components/schemas/RelationshipToUserData' required: - data type: object RelationshipToUserData: description: Relationship to user object. properties: id: description: A unique identifier that represents the user. example: 00000000-0000-0000-2345-000000000000 type: string type: $ref: '#/components/schemas/UsersType' required: - id - type type: object RelationshipToUserTeamPermission: description: Relationship between a user team permission and a team properties: data: $ref: '#/components/schemas/RelationshipToUserTeamPermissionData' links: $ref: '#/components/schemas/TeamRelationshipsLinks' type: object RelationshipToUserTeamPermissionData: description: Related user team permission data properties: id: description: The ID of the user team permission example: UserTeamPermissions-aeadc05e-98a8-11ec-ac2c-da7ad0900001-416595 type: string type: $ref: '#/components/schemas/UserTeamPermissionType' required: - id - type type: object RelationshipToUserTeamTeam: description: Relationship between team membership and team properties: data: $ref: '#/components/schemas/RelationshipToUserTeamTeamData' required: - data type: object RelationshipToUserTeamTeamData: description: The team associated with the membership properties: id: description: The ID of the team associated with the membership example: d7e15d9d-d346-43da-81d8-3d9e71d9a5e9 type: string type: $ref: '#/components/schemas/UserTeamTeamType' required: - id - type type: object RelationshipToUserTeamUser: description: Relationship between team membership and user properties: data: $ref: '#/components/schemas/RelationshipToUserTeamUserData' required: - data type: object RelationshipToUserTeamUserData: description: A user's relationship with a team properties: id: description: The ID of the user associated with the team example: b8626d7e-cedd-11eb-abf5-da7ad0900001 type: string type: $ref: '#/components/schemas/UserTeamUserType' required: - id - type type: object RelationshipToUsers: description: Relationship to users. properties: data: description: Relationships to user objects. example: [] items: $ref: '#/components/schemas/RelationshipToUserData' type: array required: - data type: object Remediation: description: Vulnerability remediation. properties: auto_solvable: description: Whether the vulnerability can be resolved when recompiling the package or not. example: false type: boolean avoided_advisories: description: Avoided advisories. items: $ref: '#/components/schemas/Advisory' type: array fixed_advisories: description: Remediation fixed advisories. items: $ref: '#/components/schemas/Advisory' type: array library_name: description: Library name remediating the vulnerability. example: stdlib type: string library_version: description: Library version remediating the vulnerability. example: Upgrade to a version >= 1.20.0 type: string new_advisories: description: New advisories. items: $ref: '#/components/schemas/Advisory' type: array remaining_advisories: description: Remaining advisories. items: $ref: '#/components/schemas/Advisory' type: array type: description: Remediation type. example: text type: string required: - type - library_name - library_version - auto_solvable - fixed_advisories - remaining_advisories - new_advisories - avoided_advisories type: object ReorderRetentionFiltersRequest: description: A list of retention filters to reorder. properties: data: description: A list of retention filters objects. items: $ref: '#/components/schemas/RetentionFilterWithoutAttributes' type: array required: - data type: object ResourceFilterAttributes: description: Attributes of a resource filter. example: aws: '123456789': - environment:production - team:devops azure: sub-001: - app:frontend gcp: project-abc: - region:us-central1 properties: cloud_provider: additionalProperties: additionalProperties: items: description: Tag filter in format "key:value" example: environment:production type: string type: array type: object description: A map of cloud provider names (e.g., "aws", "gcp", "azure") to a map of account/resource IDs and their associated tag filters. type: object uuid: description: The UUID of the resource filter. type: string required: - cloud_provider type: object ResourceFilterRequestType: description: Constant string to identify the request type. enum: - csm_resource_filter example: csm_resource_filter type: string x-enum-varnames: - CSM_RESOURCE_FILTER ResponseMetaAttributes: description: Object describing meta attributes of response. properties: page: $ref: '#/components/schemas/Pagination' type: object RestrictionPolicy: description: Restriction policy object. properties: attributes: $ref: '#/components/schemas/RestrictionPolicyAttributes' id: description: The identifier, always equivalent to the value specified in the `resource_id` path parameter. example: dashboard:abc-def-ghi type: string type: $ref: '#/components/schemas/RestrictionPolicyType' required: - type - id - attributes type: object RestrictionPolicyAttributes: description: Restriction policy attributes. example: bindings: [] properties: bindings: description: An array of bindings. items: $ref: '#/components/schemas/RestrictionPolicyBinding' type: array required: - bindings type: object RestrictionPolicyBinding: description: Specifies which principals are associated with a relation. properties: principals: description: 'An array of principals. A principal is a subject or group of subjects. Each principal is formatted as `type:id`. Supported types: `role`, `team`, `user`, and `org`. The org ID can be obtained through the api/v2/current_user API. The user principal type accepts service account IDs.' example: - role:00000000-0000-1111-0000-000000000000 items: description: 'Subject or group of subjects. Each principal is formatted as `type:id`. Supported types: `role`, `team`, `user`, and `org`. The org ID can be obtained through the api/v2/current_user API. The user principal type accepts service account IDs.' type: string type: array relation: description: The role/level of access. example: editor type: string required: - relation - principals type: object RestrictionPolicyResponse: description: Response containing information about a single restriction policy. properties: data: $ref: '#/components/schemas/RestrictionPolicy' required: - data type: object RestrictionPolicyType: default: restriction_policy description: Restriction policy type. enum: - restriction_policy example: restriction_policy type: string x-enum-varnames: - RESTRICTION_POLICY RestrictionPolicyUpdateRequest: description: Update request for a restriction policy. properties: data: $ref: '#/components/schemas/RestrictionPolicy' required: - data type: object RetentionFilter: description: The definition of the retention filter. properties: attributes: $ref: '#/components/schemas/RetentionFilterAttributes' id: description: The ID of the retention filter. example: 7RBOb7dLSYWI01yc3pIH8w type: string type: $ref: '#/components/schemas/ApmRetentionFilterType' required: - id - type - attributes type: object RetentionFilterAll: description: The definition of the retention filter. properties: attributes: $ref: '#/components/schemas/RetentionFilterAllAttributes' id: description: The ID of the retention filter. example: 7RBOb7dLSYWI01yc3pIH8w type: string type: $ref: '#/components/schemas/ApmRetentionFilterType' required: - id - type - attributes type: object RetentionFilterAllAttributes: description: The attributes of the retention filter. properties: created_at: description: The creation timestamp of the retention filter. format: int64 type: integer created_by: description: The creator of the retention filter. type: string editable: description: Shows whether the filter can be edited. example: true type: boolean enabled: description: The status of the retention filter (Enabled/Disabled). example: true type: boolean execution_order: description: The execution order of the retention filter. format: int64 type: integer filter: $ref: '#/components/schemas/SpansFilter' filter_type: $ref: '#/components/schemas/RetentionFilterAllType' modified_at: description: The modification timestamp of the retention filter. format: int64 type: integer modified_by: description: The modifier of the retention filter. type: string name: description: The name of the retention filter. example: my retention filter type: string rate: description: 'Sample rate to apply to spans going through this retention filter. A value of 1.0 keeps all spans matching the query.' example: 1.0 format: double type: number trace_rate: description: 'Sample rate to apply to traces containing spans going through this retention filter. A value of 1.0 keeps all traces with spans matching the query.' example: 1.0 format: double type: number type: object RetentionFilterAllType: default: spans-sampling-processor description: The type of retention filter. enum: - spans-sampling-processor - spans-errors-sampling-processor - spans-appsec-sampling-processor example: spans-sampling-processor type: string x-enum-varnames: - SPANS_SAMPLING_PROCESSOR - SPANS_ERRORS_SAMPLING_PROCESSOR - SPANS_APPSEC_SAMPLING_PROCESSOR RetentionFilterAttributes: description: The attributes of the retention filter. properties: created_at: description: The creation timestamp of the retention filter. format: int64 type: integer created_by: description: The creator of the retention filter. type: string editable: description: Shows whether the filter can be edited. example: true type: boolean enabled: description: The status of the retention filter (Enabled/Disabled). example: true type: boolean execution_order: description: The execution order of the retention filter. format: int64 type: integer filter: $ref: '#/components/schemas/SpansFilter' filter_type: $ref: '#/components/schemas/RetentionFilterType' modified_at: description: The modification timestamp of the retention filter. format: int64 type: integer modified_by: description: The modifier of the retention filter. type: string name: description: The name of the retention filter. example: my retention filter type: string rate: description: 'Sample rate to apply to spans going through this retention filter. A value of 1.0 keeps all spans matching the query.' example: 1.0 format: double type: number trace_rate: description: 'Sample rate to apply to traces containing spans going through this retention filter. A value of 1.0 keeps all traces with spans matching the query.' example: 1.0 format: double type: number type: object RetentionFilterCreateAttributes: description: The object describing the configuration of the retention filter to create/update. properties: enabled: description: Enable/Disable the retention filter. example: true type: boolean filter: $ref: '#/components/schemas/SpansFilterCreate' filter_type: $ref: '#/components/schemas/RetentionFilterType' name: description: The name of the retention filter. example: my retention filter type: string rate: description: 'Sample rate to apply to spans going through this retention filter. A value of 1.0 keeps all spans matching the query.' example: 1.0 format: double type: number trace_rate: description: 'Sample rate to apply to traces containing spans going through this retention filter. A value of 1.0 keeps all traces with spans matching the query.' example: 1.0 format: double type: number required: - name - filter - enabled - filter_type - rate type: object RetentionFilterCreateData: description: The body of the retention filter to be created. properties: attributes: $ref: '#/components/schemas/RetentionFilterCreateAttributes' type: $ref: '#/components/schemas/ApmRetentionFilterType' required: - attributes - type type: object RetentionFilterCreateRequest: description: The body of the retention filter to be created. properties: data: $ref: '#/components/schemas/RetentionFilterCreateData' required: - data type: object RetentionFilterCreateResponse: description: The retention filters definition. properties: data: $ref: '#/components/schemas/RetentionFilter' type: object RetentionFilterResponse: description: The retention filters definition. properties: data: $ref: '#/components/schemas/RetentionFilterAll' type: object RetentionFilterType: default: spans-sampling-processor description: The type of retention filter. The value should always be spans-sampling-processor. enum: - spans-sampling-processor example: spans-sampling-processor type: string x-enum-varnames: - SPANS_SAMPLING_PROCESSOR RetentionFilterUpdateAttributes: description: The object describing the configuration of the retention filter to create/update. properties: enabled: description: Enable/Disable the retention filter. example: true type: boolean filter: $ref: '#/components/schemas/SpansFilterCreate' filter_type: $ref: '#/components/schemas/RetentionFilterAllType' name: description: The name of the retention filter. example: my retention filter type: string rate: description: 'Sample rate to apply to spans going through this retention filter. A value of 1.0 keeps all spans matching the query.' example: 1.0 format: double type: number trace_rate: description: 'Sample rate to apply to traces containing spans going through this retention filter. A value of 1.0 keeps all traces with spans matching the query.' example: 1.0 format: double type: number required: - name - filter - enabled - filter_type - rate type: object RetentionFilterUpdateData: description: The body of the retention filter to be updated. properties: attributes: $ref: '#/components/schemas/RetentionFilterUpdateAttributes' id: description: The ID of the retention filter. example: retention-filter-id type: string type: $ref: '#/components/schemas/ApmRetentionFilterType' required: - id - attributes - type type: object RetentionFilterUpdateRequest: description: The body of the retention filter to be updated. properties: data: $ref: '#/components/schemas/RetentionFilterUpdateData' required: - data type: object RetentionFilterWithoutAttributes: description: The retention filter object . properties: id: description: The ID of the retention filter. example: 7RBOb7dLSYWI01yc3pIH8w type: string type: $ref: '#/components/schemas/ApmRetentionFilterType' required: - id - type type: object RetentionFiltersResponse: description: An ordered list of retention filters. properties: data: description: A list of retention filters objects. items: $ref: '#/components/schemas/RetentionFilterAll' type: array required: - data type: object RetryStrategy: description: The definition of `RetryStrategy` object. properties: kind: $ref: '#/components/schemas/RetryStrategyKind' linear: $ref: '#/components/schemas/RetryStrategyLinear' required: - kind type: object RetryStrategyKind: description: The definition of `RetryStrategyKind` object. enum: - RETRY_STRATEGY_LINEAR example: RETRY_STRATEGY_LINEAR type: string x-enum-varnames: - RETRY_STRATEGY_LINEAR RetryStrategyLinear: description: The definition of `RetryStrategyLinear` object. properties: interval: description: The `RetryStrategyLinear` `interval`. The expected format is the number of seconds ending with an s. For example, 1 day is 86400s example: '' type: string maxRetries: description: The `RetryStrategyLinear` `maxRetries`. example: 0.0 format: double type: number required: - interval - maxRetries type: object Role: description: Role object returned by the API. properties: attributes: $ref: '#/components/schemas/RoleAttributes' id: description: The unique identifier of the role. type: string relationships: $ref: '#/components/schemas/RoleResponseRelationships' type: $ref: '#/components/schemas/RolesType' required: - type type: object RoleAttributes: description: Attributes of the role. properties: created_at: description: Creation time of the role. format: date-time readOnly: true type: string modified_at: description: Time of last role modification. format: date-time readOnly: true type: string name: description: The name of the role. The name is neither unique nor a stable identifier of the role. type: string user_count: description: Number of users with that role. format: int64 readOnly: true type: integer type: object RoleClone: description: Data for the clone role request. properties: attributes: $ref: '#/components/schemas/RoleCloneAttributes' type: $ref: '#/components/schemas/RolesType' required: - type - attributes type: object RoleCloneAttributes: description: Attributes required to create a new role by cloning an existing one. properties: name: description: Name of the new role that is cloned. example: cloned-role type: string required: - name type: object RoleCloneRequest: description: Request to create a role by cloning an existing role. properties: data: $ref: '#/components/schemas/RoleClone' required: - data type: object RoleCreateAttributes: description: Attributes of the created role. properties: created_at: description: Creation time of the role. format: date-time readOnly: true type: string modified_at: description: Time of last role modification. format: date-time readOnly: true type: string name: description: Name of the role. example: developers type: string required: - name type: object RoleCreateData: description: Data related to the creation of a role. properties: attributes: $ref: '#/components/schemas/RoleCreateAttributes' relationships: $ref: '#/components/schemas/RoleRelationships' type: $ref: '#/components/schemas/RolesType' required: - attributes type: object RoleCreateRequest: description: Create a role. properties: data: $ref: '#/components/schemas/RoleCreateData' required: - data type: object RoleCreateResponse: description: Response containing information about a created role. properties: data: $ref: '#/components/schemas/RoleCreateResponseData' type: object RoleCreateResponseData: description: Role object returned by the API. properties: attributes: $ref: '#/components/schemas/RoleCreateAttributes' id: description: The unique identifier of the role. type: string relationships: $ref: '#/components/schemas/RoleResponseRelationships' type: $ref: '#/components/schemas/RolesType' required: - type type: object RoleRelationships: description: Relationships of the role object. properties: permissions: $ref: '#/components/schemas/RelationshipToPermissions' type: object RoleResponse: description: Response containing information about a single role. properties: data: $ref: '#/components/schemas/Role' type: object RoleResponseRelationships: description: Relationships of the role object returned by the API. properties: permissions: $ref: '#/components/schemas/RelationshipToPermissions' type: object RoleUpdateAttributes: description: Attributes of the role. properties: created_at: description: Creation time of the role. format: date-time readOnly: true type: string modified_at: description: Time of last role modification. format: date-time readOnly: true type: string name: description: Name of the role. type: string user_count: description: The user count. format: int32 maximum: 2147483647 type: integer type: object RoleUpdateData: description: Data related to the update of a role. properties: attributes: $ref: '#/components/schemas/RoleUpdateAttributes' id: description: The unique identifier of the role. example: 00000000-0000-1111-0000-000000000000 type: string relationships: $ref: '#/components/schemas/RoleRelationships' type: $ref: '#/components/schemas/RolesType' required: - attributes - type - id type: object RoleUpdateRequest: description: Update a role. properties: data: $ref: '#/components/schemas/RoleUpdateData' required: - data type: object RoleUpdateResponse: description: Response containing information about an updated role. properties: data: $ref: '#/components/schemas/RoleUpdateResponseData' type: object RoleUpdateResponseData: description: Role object returned by the API. properties: attributes: $ref: '#/components/schemas/RoleUpdateAttributes' id: description: The unique identifier of the role. type: string relationships: $ref: '#/components/schemas/RoleResponseRelationships' type: $ref: '#/components/schemas/RolesType' required: - type type: object RolesResponse: description: Response containing information about multiple roles. properties: data: description: Array of returned roles. items: $ref: '#/components/schemas/Role' type: array meta: $ref: '#/components/schemas/ResponseMetaAttributes' type: object RolesSort: default: name description: Sorting options for roles. enum: - name - -name - modified_at - -modified_at - user_count - -user_count type: string x-enum-varnames: - NAME_ASCENDING - NAME_DESCENDING - MODIFIED_AT_ASCENDING - MODIFIED_AT_DESCENDING - USER_COUNT_ASCENDING - USER_COUNT_DESCENDING RolesType: default: roles description: Roles type. enum: - roles example: roles type: string x-enum-varnames: - ROLES RoutingRule: description: Represents a routing rule, including its attributes, relationships, and unique identifier. properties: attributes: $ref: '#/components/schemas/RoutingRuleAttributes' id: description: Specifies the unique identifier of this routing rule. type: string relationships: $ref: '#/components/schemas/RoutingRuleRelationships' type: $ref: '#/components/schemas/RoutingRuleType' required: - type type: object RoutingRuleAction: description: Defines an action that is executed when a routing rule matches certain criteria. oneOf: - $ref: '#/components/schemas/SendSlackMessageAction' - $ref: '#/components/schemas/SendTeamsMessageAction' RoutingRuleAttributes: description: Defines the configurable attributes of a routing rule, such as actions, query, time restriction, and urgency. properties: actions: description: Specifies the list of actions to perform when the routing rule matches. items: $ref: '#/components/schemas/RoutingRuleAction' type: array query: description: Defines the query or condition that triggers this routing rule. type: string time_restriction: $ref: '#/components/schemas/TimeRestrictions' nullable: true urgency: $ref: '#/components/schemas/Urgency' type: object RoutingRuleRelationships: description: Specifies relationships for a routing rule, linking to associated policy resources. properties: policy: $ref: '#/components/schemas/RoutingRuleRelationshipsPolicy' type: object RoutingRuleRelationshipsPolicy: description: Defines the relationship that links a routing rule to a policy. properties: data: $ref: '#/components/schemas/RoutingRuleRelationshipsPolicyData' nullable: true type: object RoutingRuleRelationshipsPolicyData: description: Represents the policy data reference, containing the policy's ID and resource type. properties: id: description: Specifies the unique identifier of the policy. example: '' type: string type: $ref: '#/components/schemas/RoutingRuleRelationshipsPolicyDataType' required: - type - id type: object RoutingRuleRelationshipsPolicyDataType: default: policies description: Indicates that the resource is of type 'policies'. enum: - policies example: policies type: string x-enum-varnames: - POLICIES RoutingRuleType: default: team_routing_rules description: Team routing rules resource type. enum: - team_routing_rules example: team_routing_rules type: string x-enum-varnames: - TEAM_ROUTING_RULES RuleAttributes: description: Details of a rule. properties: category: deprecated: true description: The scorecard name to which this rule must belong. type: string created_at: description: Creation time of the rule outcome. format: date-time type: string custom: description: Defines if the rule is a custom rule. type: boolean description: description: Explanation of the rule. type: string enabled: description: If enabled, the rule is calculated as part of the score. example: true type: boolean modified_at: description: Time of the last rule outcome modification. format: date-time type: string name: description: Name of the rule. example: Team Defined type: string owner: description: Owner of the rule. type: string scorecard_name: description: The scorecard name to which this rule must belong. example: Deployments automated via Deployment Trains type: string type: object RuleId: description: The unique ID for a scorecard rule. example: q8MQxk8TCqrHnWkx type: string RuleName: description: Name of the notification rule. example: Rule 1 type: string RuleOutcomeRelationships: description: The JSON:API relationship to a scorecard rule. properties: rule: $ref: '#/components/schemas/RelationshipToOutcome' type: object RuleSeverity: description: Severity of a security rule. enum: - critical - high - medium - low - unknown - info example: critical type: string x-enum-varnames: - CRITICAL - HIGH - MEDIUM - LOW - UNKNOWN - INFO RuleType: default: rule description: The JSON:API type for scorecard rules. enum: - rule example: rule type: string x-enum-varnames: - RULE RuleTypes: description: Security rule types used as filters in security rules. example: - misconfiguration - attack_path items: $ref: '#/components/schemas/RuleTypesItems' type: array RuleTypesItems: description: 'Security rule type which can be used in security rules. Signal-based notification rules can filter signals based on rule types application_security, log_detection, workload_security, signal_correlation, cloud_configuration and infrastructure_configuration. Vulnerability-based notification rules can filter vulnerabilities based on rule types application_code_vulnerability, application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration, and api_security.' enum: - application_security - log_detection - workload_security - signal_correlation - cloud_configuration - infrastructure_configuration - application_code_vulnerability - application_library_vulnerability - attack_path - container_image_vulnerability - identity_risk - misconfiguration - api_security type: string x-enum-varnames: - APPLICATION_SECURITY - LOG_DETECTION - WORKLOAD_SECURITY - SIGNAL_CORRELATION - CLOUD_CONFIGURATION - INFRASTRUCTURE_CONFIGURATION - APPLICATION_CODE_VULNERABILITY - APPLICATION_LIBRARY_VULNERABILITY - ATTACK_PATH - CONTAINER_IMAGE_VULNERABILITY - IDENTITY_RISK - MISCONFIGURATION - API_SECURITY RuleUser: description: User creating or modifying a rule. properties: handle: description: The user handle. example: john.doe@domain.com type: string name: description: The user name. example: John Doe type: string type: object RuleVersionHistory: description: Response object containing the version history of a rule. properties: count: description: The number of rule versions. format: int32 maximum: 2147483647 type: integer data: additionalProperties: $ref: '#/components/schemas/RuleVersions' description: A rule version with a list of updates. description: The `RuleVersionHistory` `data`. type: object type: object RuleVersionUpdate: description: A change in a rule version. properties: change: description: The new value of the field. example: cloud_provider:aws type: string field: description: The field that was changed. example: Tags type: string type: $ref: '#/components/schemas/RuleVersionUpdateType' type: object RuleVersionUpdateType: description: The type of change. enum: - create - update - delete type: string x-enum-varnames: - CREATE - UPDATE - DELETE RuleVersions: description: A rule version with a list of updates. properties: changes: description: A list of changes. items: $ref: '#/components/schemas/RuleVersionUpdate' type: array rule: $ref: '#/components/schemas/SecurityMonitoringRuleResponse' type: object RumMetricCompute: description: The compute rule to compute the rum-based metric. properties: aggregation_type: $ref: '#/components/schemas/RumMetricComputeAggregationType' include_percentiles: $ref: '#/components/schemas/RumMetricComputeIncludePercentiles' path: description: 'The path to the value the rum-based metric will aggregate on. Only present when `aggregation_type` is `distribution`.' example: '@duration' type: string required: - aggregation_type type: object RumMetricComputeAggregationType: description: The type of aggregation to use. enum: - count - distribution example: distribution type: string x-enum-varnames: - COUNT - DISTRIBUTION RumMetricComputeIncludePercentiles: description: 'Toggle to include or exclude percentile aggregations for distribution metrics. Only present when `aggregation_type` is `distribution`.' example: true type: boolean RumMetricCreateAttributes: description: The object describing the Datadog rum-based metric to create. properties: compute: $ref: '#/components/schemas/RumMetricCompute' event_type: $ref: '#/components/schemas/RumMetricEventType' filter: $ref: '#/components/schemas/RumMetricFilter' group_by: description: The rules for the group by. items: $ref: '#/components/schemas/RumMetricGroupBy' type: array uniqueness: $ref: '#/components/schemas/RumMetricUniqueness' required: - event_type - compute type: object RumMetricCreateData: description: The new rum-based metric properties. properties: attributes: $ref: '#/components/schemas/RumMetricCreateAttributes' id: $ref: '#/components/schemas/RumMetricID' type: $ref: '#/components/schemas/RumMetricType' required: - id - type - attributes type: object RumMetricCreateRequest: description: The new rum-based metric body. properties: data: $ref: '#/components/schemas/RumMetricCreateData' required: - data type: object RumMetricEventType: description: The type of RUM events to filter on. enum: - session - view - action - error - resource - long_task - vital example: session type: string x-enum-varnames: - SESSION - VIEW - ACTION - ERROR - RESOURCE - LONG_TASK - VITAL RumMetricFilter: description: The rum-based metric filter. Events matching this filter will be aggregated in this metric. properties: query: default: '*' description: The search query - following the RUM search syntax. example: '@service:web-ui: ' type: string required: - query type: object RumMetricGroupBy: description: A group by rule. properties: path: description: The path to the value the rum-based metric will be aggregated over. example: '@browser.name' type: string tag_name: description: Eventual name of the tag that gets created. By default, `path` is used as the tag name. example: browser_name type: string required: - path type: object RumMetricID: description: The name of the rum-based metric. example: rum.sessions.webui.count type: string RumMetricResponse: description: The rum-based metric object. properties: data: $ref: '#/components/schemas/RumMetricResponseData' type: object RumMetricResponseAttributes: description: The object describing a Datadog rum-based metric. properties: compute: $ref: '#/components/schemas/RumMetricResponseCompute' event_type: $ref: '#/components/schemas/RumMetricEventType' filter: $ref: '#/components/schemas/RumMetricResponseFilter' group_by: description: The rules for the group by. items: $ref: '#/components/schemas/RumMetricResponseGroupBy' type: array uniqueness: $ref: '#/components/schemas/RumMetricResponseUniqueness' type: object RumMetricResponseCompute: description: The compute rule to compute the rum-based metric. properties: aggregation_type: $ref: '#/components/schemas/RumMetricComputeAggregationType' include_percentiles: $ref: '#/components/schemas/RumMetricComputeIncludePercentiles' path: description: 'The path to the value the rum-based metric will aggregate on. Only present when `aggregation_type` is `distribution`.' example: '@duration' type: string type: object RumMetricResponseData: description: The rum-based metric properties. properties: attributes: $ref: '#/components/schemas/RumMetricResponseAttributes' id: $ref: '#/components/schemas/RumMetricID' type: $ref: '#/components/schemas/RumMetricType' type: object RumMetricResponseFilter: description: The rum-based metric filter. RUM events matching this filter will be aggregated in this metric. properties: query: description: The search query - following the RUM search syntax. example: service:web* AND @http.status_code:[200 TO 299] type: string type: object RumMetricResponseGroupBy: description: A group by rule. properties: path: description: The path to the value the rum-based metric will be aggregated over. example: '@http.status_code' type: string tag_name: description: Eventual name of the tag that gets created. By default, `path` is used as the tag name. example: status_code type: string type: object RumMetricResponseUniqueness: description: The rule to count updatable events. Is only set if `event_type` is `session` or `view`. properties: when: $ref: '#/components/schemas/RumMetricUniquenessWhen' type: object RumMetricType: default: rum_metrics description: The type of the resource. The value should always be rum_metrics. enum: - rum_metrics example: rum_metrics type: string x-enum-varnames: - RUM_METRICS RumMetricUniqueness: description: The rule to count updatable events. Is only set if `event_type` is `sessions` or `views`. properties: when: $ref: '#/components/schemas/RumMetricUniquenessWhen' required: - when type: object RumMetricUniquenessWhen: description: When to count updatable events. `match` when the event is first seen, or `end` when the event is complete. enum: - match - end example: match type: string x-enum-varnames: - WHEN_MATCH - WHEN_END RumMetricUpdateAttributes: description: The rum-based metric properties that will be updated. properties: compute: $ref: '#/components/schemas/RumMetricUpdateCompute' filter: $ref: '#/components/schemas/RumMetricFilter' group_by: description: The rules for the group by. items: $ref: '#/components/schemas/RumMetricGroupBy' type: array type: object RumMetricUpdateCompute: description: The compute rule to compute the rum-based metric. properties: include_percentiles: $ref: '#/components/schemas/RumMetricComputeIncludePercentiles' type: object RumMetricUpdateData: description: The new rum-based metric properties. properties: attributes: $ref: '#/components/schemas/RumMetricUpdateAttributes' id: $ref: '#/components/schemas/RumMetricID' type: $ref: '#/components/schemas/RumMetricType' required: - type - attributes type: object RumMetricUpdateRequest: description: The new rum-based metric body. properties: data: $ref: '#/components/schemas/RumMetricUpdateData' required: - data type: object RumMetricsResponse: description: All the available rum-based metric objects. properties: data: description: A list of rum-based metric objects. items: $ref: '#/components/schemas/RumMetricResponseData' type: array type: object RumRetentionFilterAttributes: description: The object describing attributes of a RUM retention filter. properties: enabled: $ref: '#/components/schemas/RumRetentionFilterEnabled' event_type: $ref: '#/components/schemas/RumRetentionFilterEventType' name: $ref: '#/components/schemas/RunRetentionFilterName' query: $ref: '#/components/schemas/RumRetentionFilterQuery' sample_rate: $ref: '#/components/schemas/RumRetentionFilterSampleRate' type: object RumRetentionFilterCreateAttributes: description: The object describing attributes of a RUM retention filter to create. properties: enabled: $ref: '#/components/schemas/RumRetentionFilterEnabled' event_type: $ref: '#/components/schemas/RumRetentionFilterEventType' name: $ref: '#/components/schemas/RunRetentionFilterName' query: $ref: '#/components/schemas/RumRetentionFilterQuery' sample_rate: $ref: '#/components/schemas/RumRetentionFilterSampleRate' required: - event_type - name - sample_rate type: object RumRetentionFilterCreateData: description: The new RUM retention filter properties to create. properties: attributes: $ref: '#/components/schemas/RumRetentionFilterCreateAttributes' type: $ref: '#/components/schemas/RumRetentionFilterType' required: - type - attributes type: object RumRetentionFilterCreateRequest: description: The RUM retention filter body to create. properties: data: $ref: '#/components/schemas/RumRetentionFilterCreateData' required: - data type: object RumRetentionFilterData: description: The RUM retention filter. properties: attributes: $ref: '#/components/schemas/RumRetentionFilterAttributes' id: $ref: '#/components/schemas/RumRetentionFilterID' type: $ref: '#/components/schemas/RumRetentionFilterType' type: object RumRetentionFilterEnabled: description: Whether the retention filter is enabled. example: true type: boolean RumRetentionFilterEventType: description: The type of RUM events to filter on. enum: - session - view - action - error - resource - long_task - vital example: session type: string x-enum-varnames: - SESSION - VIEW - ACTION - ERROR - RESOURCE - LONG_TASK - VITAL RumRetentionFilterID: description: ID of retention filter in UUID. example: 051601eb-54a0-abc0-03f9-cc02efa18892 type: string RumRetentionFilterQuery: description: The query string for a RUM retention filter. example: '@session.has_replay:true' type: string RumRetentionFilterResponse: description: The RUM retention filter object. properties: data: $ref: '#/components/schemas/RumRetentionFilterData' type: object RumRetentionFilterSampleRate: description: The sample rate for a RUM retention filter, between 0 and 100. example: 25 format: int64 maximum: 100 minimum: 0 type: integer RumRetentionFilterType: default: retention_filters description: The type of the resource. The value should always be retention_filters. enum: - retention_filters example: retention_filters type: string x-enum-varnames: - RETENTION_FILTERS RumRetentionFilterUpdateAttributes: description: The object describing attributes of a RUM retention filter to update. properties: enabled: $ref: '#/components/schemas/RumRetentionFilterEnabled' event_type: $ref: '#/components/schemas/RumRetentionFilterEventType' name: $ref: '#/components/schemas/RunRetentionFilterName' query: $ref: '#/components/schemas/RumRetentionFilterQuery' sample_rate: $ref: '#/components/schemas/RumRetentionFilterSampleRate' type: object RumRetentionFilterUpdateData: description: The new RUM retention filter properties to update. properties: attributes: $ref: '#/components/schemas/RumRetentionFilterUpdateAttributes' id: $ref: '#/components/schemas/RumRetentionFilterID' type: $ref: '#/components/schemas/RumRetentionFilterType' required: - id - type - attributes type: object RumRetentionFilterUpdateRequest: description: The RUM retention filter body to update. properties: data: $ref: '#/components/schemas/RumRetentionFilterUpdateData' required: - data type: object RumRetentionFiltersOrderData: description: The RUM retention filter data for ordering. properties: id: $ref: '#/components/schemas/RumRetentionFilterID' type: $ref: '#/components/schemas/RumRetentionFilterType' required: - id - type type: object RumRetentionFiltersOrderRequest: description: 'The list of RUM retention filter IDs along with their corresponding type to reorder. All retention filter IDs should be included in the list created for a RUM application.' properties: data: description: A list of RUM retention filter IDs along with type. items: $ref: '#/components/schemas/RumRetentionFiltersOrderData' type: array type: object RumRetentionFiltersOrderResponse: description: The list of RUM retention filter IDs along with type. properties: data: description: A list of RUM retention filter IDs along with type. items: $ref: '#/components/schemas/RumRetentionFiltersOrderData' type: array type: object RumRetentionFiltersResponse: description: All RUM retention filters for a RUM application. properties: data: description: A list of RUM retention filters. items: $ref: '#/components/schemas/RumRetentionFilterData' type: array type: object RunHistoricalJobRequest: description: Run a historical job request. properties: data: $ref: '#/components/schemas/RunHistoricalJobRequestData' type: object RunHistoricalJobRequestAttributes: description: Run a historical job request. properties: fromRule: $ref: '#/components/schemas/JobDefinitionFromRule' id: description: Request ID. type: string jobDefinition: $ref: '#/components/schemas/JobDefinition' type: object RunHistoricalJobRequestData: description: Data for running a historical job request. properties: attributes: $ref: '#/components/schemas/RunHistoricalJobRequestAttributes' type: $ref: '#/components/schemas/RunHistoricalJobRequestDataType' type: object RunHistoricalJobRequestDataType: description: Type of data. enum: - historicalDetectionsJobCreate type: string x-enum-varnames: - HISTORICALDETECTIONSJOBCREATE RunRetentionFilterName: description: The name of a RUM retention filter. example: Retention filter for session type: string SAMLAssertionAttribute: description: SAML assertion attribute. properties: attributes: $ref: '#/components/schemas/SAMLAssertionAttributeAttributes' id: description: The ID of the SAML assertion attribute. example: '0' type: string type: $ref: '#/components/schemas/SAMLAssertionAttributesType' required: - id - type type: object SAMLAssertionAttributeAttributes: description: Key/Value pair of attributes used in SAML assertion attributes. properties: attribute_key: description: Key portion of a key/value pair of the attribute sent from the Identity Provider. example: member-of type: string attribute_value: description: Value portion of a key/value pair of the attribute sent from the Identity Provider. example: Development type: string type: object SAMLAssertionAttributesType: default: saml_assertion_attributes description: SAML assertion attributes resource type. enum: - saml_assertion_attributes example: saml_assertion_attributes type: string x-enum-varnames: - SAML_ASSERTION_ATTRIBUTES SBOM: description: A single SBOM properties: attributes: $ref: '#/components/schemas/SBOMAttributes' id: description: The unique ID for this SBOM (it is equivalent to the `asset_name` or `asset_name@repo_digest` (Image) example: github.com/datadog/datadog-agent type: string type: $ref: '#/components/schemas/SBOMType' type: object SBOMAttributes: description: The JSON:API attributes of the SBOM. properties: bomFormat: description: Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOM do not have a filename convention nor does JSON schema support namespaces. This value MUST be `CycloneDX`. example: CycloneDX type: string components: description: A list of software and hardware components. items: $ref: '#/components/schemas/SBOMComponent' type: array metadata: $ref: '#/components/schemas/SBOMMetadata' serialNumber: description: Every BOM generated has a unique serial number, even if the contents of the BOM have not changed overt time. The serial number follows [RFC-4122](https://datatracker.ietf.org/doc/html/rfc4122) example: urn:uuid:f7119d2f-1vgh-24b5-91f0-12010db72da7 type: string specVersion: $ref: '#/components/schemas/SpecVersion' version: description: It increments when a BOM is modified. The default value is 1. example: 1 format: int64 type: integer required: - bomFormat - specVersion - components - metadata - serialNumber - version type: object SBOMComponent: description: Software or hardware component. properties: bom-ref: description: An optional identifier that can be used to reference the component elsewhere in the BOM. example: pkg:golang/google.golang.org/grpc@1.68.1 type: string name: description: The name of the component. This will often be a shortened, single name of the component. example: google.golang.org/grpc type: string purl: description: Specifies the package-url (purl). The purl, if specified, MUST be valid and conform to the [specification](https://github.com/package-url/purl-spec). example: pkg:golang/google.golang.org/grpc@1.68.1 type: string type: $ref: '#/components/schemas/SBOMComponentType' version: description: The component version. example: 1.68.1 type: string required: - type - name - version type: object SBOMComponentType: description: The SBOM component type enum: - application - container - data - device - device-driver - file - firmware - framework - library - machine-learning-model - operating-system - platform example: application type: string x-enum-varnames: - APPLICATION - CONTAINER - DATA - DEVICE - DEVICE_DRIVER - FILE - FIRMWARE - FRAMEWORK - LIBRARY - MACHINE_LEARNING_MODEL - OPERATING_SYSTEM - PLATFORM SBOMMetadata: description: Provides additional information about a BOM. properties: component: $ref: '#/components/schemas/SBOMMetadataComponent' type: object SBOMMetadataComponent: description: The component that the BOM describes. properties: name: description: The name of the component. This will often be a shortened, single name of the component. example: github.com/datadog/datadog-agent type: string type: description: Specifies the type of the component. example: application type: string type: object SBOMType: description: The JSON:API type. enum: - sboms example: sboms type: string x-enum-varnames: - SBOMS SLOReportInterval: description: The frequency at which report data is to be generated. enum: - daily - weekly - monthly example: weekly type: string x-enum-varnames: - DAILY - WEEKLY - MONTHLY SLOReportPostResponse: description: The SLO report response. properties: data: $ref: '#/components/schemas/SLOReportPostResponseData' type: object SLOReportPostResponseData: description: The data portion of the SLO report response. properties: id: description: The ID of the report job. example: dc8d92aa-e0af-11ee-af21-1feeaccaa3a3 type: string type: description: The type of ID. example: report_id type: string type: object SLOReportStatus: description: The status of the SLO report job. enum: - in_progress - completed - completed_with_errors - failed example: completed type: string x-enum-varnames: - IN_PROGRESS - COMPLETED - COMPLETED_WITH_ERRORS - FAILED SLOReportStatusGetResponse: description: The SLO report status response. properties: data: $ref: '#/components/schemas/SLOReportStatusGetResponseData' type: object SLOReportStatusGetResponseAttributes: description: The attributes portion of the SLO report status response. properties: status: $ref: '#/components/schemas/SLOReportStatus' type: object SLOReportStatusGetResponseData: description: The data portion of the SLO report status response. properties: attributes: $ref: '#/components/schemas/SLOReportStatusGetResponseAttributes' id: description: The ID of the report job. example: dc8d92aa-e0af-11ee-af21-1feeaccaa3a3 type: string type: description: The type of ID. example: report_id type: string type: object ScalarColumn: description: A single column in a scalar query response. oneOf: - $ref: '#/components/schemas/GroupScalarColumn' - $ref: '#/components/schemas/DataScalarColumn' ScalarColumnTypeGroup: default: group description: The type of column present for groups. enum: - group example: group type: string x-enum-varnames: - GROUP ScalarColumnTypeNumber: default: number description: The type of column present for numbers. enum: - number example: number type: string x-enum-varnames: - NUMBER ScalarFormulaQueryRequest: description: A wrapper request around one scalar query to be executed. properties: data: $ref: '#/components/schemas/ScalarFormulaRequest' required: - data type: object ScalarFormulaQueryResponse: description: A message containing one or more responses to scalar queries. properties: data: $ref: '#/components/schemas/ScalarResponse' errors: description: An error generated when processing a request. type: string type: object ScalarFormulaRequest: description: A single scalar query to be executed. properties: attributes: $ref: '#/components/schemas/ScalarFormulaRequestAttributes' type: $ref: '#/components/schemas/ScalarFormulaRequestType' required: - type - attributes type: object ScalarFormulaRequestAttributes: description: The object describing a scalar formula request. properties: formulas: description: List of formulas to be calculated and returned as responses. items: $ref: '#/components/schemas/QueryFormula' type: array from: description: Start date (inclusive) of the query in milliseconds since the Unix epoch. example: 1568899800000 format: int64 type: integer queries: $ref: '#/components/schemas/ScalarFormulaRequestQueries' to: description: End date (exclusive) of the query in milliseconds since the Unix epoch. example: 1568923200000 format: int64 type: integer required: - to - from - queries type: object ScalarFormulaRequestQueries: description: List of queries to be run and used as inputs to the formulas. example: - aggregator: avg data_source: metrics query: avg:system.cpu.user{*} by {env} items: $ref: '#/components/schemas/ScalarQuery' type: array ScalarFormulaRequestType: default: scalar_request description: The type of the resource. The value should always be scalar_request. enum: - scalar_request example: scalar_request type: string x-enum-varnames: - SCALAR_REQUEST ScalarFormulaResponseAtrributes: description: The object describing a scalar response. properties: columns: description: List of response columns, each corresponding to an individual formula or query in the request and with values in parallel arrays matching the series list. items: $ref: '#/components/schemas/ScalarColumn' type: array type: object ScalarFormulaResponseType: default: scalar_response description: The type of the resource. The value should always be scalar_response. enum: - scalar_response example: scalar_response type: string x-enum-varnames: - SCALAR_RESPONSE ScalarMeta: description: Metadata for the resulting numerical values. properties: unit: description: 'Detailed information about the unit. First element describes the "primary unit" (for example, `bytes` in `bytes per second`). The second element describes the "per unit" (for example, `second` in `bytes per second`). If the second element is not present, the API returns null.' items: $ref: '#/components/schemas/Unit' nullable: true type: array type: object ScalarQuery: description: An individual scalar query to one of the basic Datadog data sources. example: aggregator: avg data_source: metrics query: avg:system.cpu.user{*} by {env} oneOf: - $ref: '#/components/schemas/MetricsScalarQuery' - $ref: '#/components/schemas/EventsScalarQuery' ScalarResponse: description: A message containing the response to a scalar query. properties: attributes: $ref: '#/components/schemas/ScalarFormulaResponseAtrributes' type: $ref: '#/components/schemas/ScalarFormulaResponseType' type: object Schedule: description: Top-level container for a schedule object, including both the `data` payload and any related `included` resources (such as teams, layers, or members). example: data: attributes: name: On-Call Schedule time_zone: America/New_York id: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d relationships: layers: data: - id: 00000000-0000-0000-0000-000000000001 type: layers teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: schedules included: - attributes: avatar: '' description: Team 1 description handle: team1 name: Team 1 id: 00000000-da3a-0000-0000-000000000000 type: teams - attributes: effective_date: '2025-02-03T05:00:00Z' end_date: '2025-12-31T00:00:00Z' interval: days: 1 name: Layer 1 restrictions: - end_day: friday end_time: '17:00:00' start_day: monday start_time: 09:00:00 rotation_start: '2025-02-01T00:00:00Z' id: 00000000-0000-0000-0000-000000000001 relationships: members: data: - id: 00000000-0000-0000-0000-000000000002 type: members type: layers - id: 00000000-0000-0000-0000-000000000002 relationships: user: data: id: 00000000-aba1-0000-0000-000000000000 type: users type: members - attributes: email: foo@bar.com name: User 1 id: 00000000-aba1-0000-0000-000000000000 type: users properties: data: $ref: '#/components/schemas/ScheduleData' included: description: Any additional resources related to this schedule, such as teams and layers. items: $ref: '#/components/schemas/ScheduleDataIncludedItem' type: array type: object ScheduleCreateRequest: description: The top-level request body for schedule creation, wrapping a `data` object. example: data: attributes: layers: - effective_date: '2025-02-03T05:00:00Z' end_date: '2025-12-31T00:00:00Z' interval: days: 1 members: - user: id: 00000000-aba1-0000-0000-000000000000 name: Layer 1 restrictions: - end_day: friday end_time: '17:00:00' start_day: monday start_time: 09:00:00 rotation_start: '2025-02-01T00:00:00Z' name: On-Call Schedule time_zone: America/New_York relationships: teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: schedules properties: data: $ref: '#/components/schemas/ScheduleCreateRequestData' required: - data type: object ScheduleCreateRequestData: description: The core data wrapper for creating a schedule, encompassing attributes, relationships, and the resource type. properties: attributes: $ref: '#/components/schemas/ScheduleCreateRequestDataAttributes' relationships: $ref: '#/components/schemas/ScheduleCreateRequestDataRelationships' type: $ref: '#/components/schemas/ScheduleCreateRequestDataType' required: - type - attributes type: object ScheduleCreateRequestDataAttributes: description: Describes the main attributes for creating a new schedule, including name, layers, and time zone. properties: layers: description: The layers of On-Call coverage that define rotation intervals and restrictions. items: $ref: '#/components/schemas/ScheduleCreateRequestDataAttributesLayersItems' type: array name: description: A human-readable name for the new schedule. example: Team A On-Call type: string time_zone: description: The time zone in which the schedule is defined. example: America/New_York type: string required: - name - time_zone - layers type: object ScheduleCreateRequestDataAttributesLayersItems: description: Describes a schedule layer, including rotation intervals, members, restrictions, and timeline settings. properties: effective_date: description: The date/time when this layer becomes active (in ISO 8601). example: '2025-01-01T00:00:00Z' format: date-time type: string end_date: description: The date/time after which this layer no longer applies (in ISO 8601). format: date-time type: string interval: $ref: '#/components/schemas/LayerAttributesInterval' members: description: A list of members who participate in this layer's rotation. items: $ref: '#/components/schemas/ScheduleRequestDataAttributesLayersItemsMembersItems' type: array name: description: The name of this layer. example: Primary On-Call Layer type: string restrictions: description: Zero or more time-based restrictions (for example, only weekdays, during business hours). items: $ref: '#/components/schemas/TimeRestriction' type: array rotation_start: description: The date/time when the rotation for this layer starts (in ISO 8601). example: '2025-01-01T00:00:00Z' format: date-time type: string required: - name - interval - rotation_start - effective_date - members type: object ScheduleCreateRequestDataRelationships: description: Gathers relationship objects for the schedule creation request, including the teams to associate. properties: teams: $ref: '#/components/schemas/DataRelationshipsTeams' type: object ScheduleCreateRequestDataType: default: schedules description: Schedules resource type. enum: - schedules example: schedules type: string x-enum-varnames: - SCHEDULES ScheduleData: description: Represents the primary data object for a schedule, linking attributes and relationships. properties: attributes: $ref: '#/components/schemas/ScheduleDataAttributes' id: description: The schedule's unique identifier. example: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: string relationships: $ref: '#/components/schemas/ScheduleDataRelationships' type: $ref: '#/components/schemas/ScheduleDataType' required: - type type: object ScheduleDataAttributes: description: Provides core properties of a schedule object such as its name and time zone. properties: name: description: A short name for the schedule. example: Primary On-Call type: string time_zone: description: The time zone in which this schedule operates. example: America/New_York type: string type: object ScheduleDataIncludedItem: description: Any additional resources related to this schedule, such as teams and layers. oneOf: - $ref: '#/components/schemas/TeamReference' - $ref: '#/components/schemas/Layer' - $ref: '#/components/schemas/ScheduleMember' - $ref: '#/components/schemas/ScheduleUser' ScheduleDataRelationships: description: Groups the relationships for a schedule object, referencing layers and teams. properties: layers: $ref: '#/components/schemas/ScheduleDataRelationshipsLayers' teams: $ref: '#/components/schemas/DataRelationshipsTeams' type: object ScheduleDataRelationshipsLayers: description: Associates layers with this schedule in a data structure. properties: data: description: An array of layer references for this schedule. items: $ref: '#/components/schemas/ScheduleDataRelationshipsLayersDataItems' type: array type: object ScheduleDataRelationshipsLayersDataItems: description: Relates a layer to this schedule, identified by `id` and `type` (must be `layers`). properties: id: description: The unique identifier of the layer in this relationship. example: 00000000-0000-0000-0000-000000000001 type: string type: $ref: '#/components/schemas/ScheduleDataRelationshipsLayersDataItemsType' required: - type - id type: object ScheduleDataRelationshipsLayersDataItemsType: default: layers description: Layers resource type. enum: - layers example: layers type: string x-enum-varnames: - LAYERS ScheduleDataType: default: schedules description: Schedules resource type. enum: - schedules example: schedules type: string x-enum-varnames: - SCHEDULES ScheduleMember: description: Represents a single member entry in a schedule, referencing a specific user. properties: id: description: The unique identifier for this schedule member. type: string relationships: $ref: '#/components/schemas/ScheduleMemberRelationships' type: $ref: '#/components/schemas/ScheduleMemberType' required: - type type: object ScheduleMemberRelationships: description: Defines relationships for a schedule member, primarily referencing a single user. properties: user: $ref: '#/components/schemas/ScheduleMemberRelationshipsUser' type: object ScheduleMemberRelationshipsUser: description: Wraps the user data reference for a schedule member. properties: data: $ref: '#/components/schemas/ScheduleMemberRelationshipsUserData' required: - data type: object ScheduleMemberRelationshipsUserData: description: Points to the user data associated with this schedule member, including an ID and type. properties: id: description: The user's unique identifier. example: 00000000-aba1-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/ScheduleMemberRelationshipsUserDataType' required: - type - id type: object ScheduleMemberRelationshipsUserDataType: default: users description: Users resource type. enum: - users example: users type: string x-enum-varnames: - USERS ScheduleMemberType: default: members description: Schedule Members resource type. enum: - members example: members type: string x-enum-varnames: - MEMBERS ScheduleRequestDataAttributesLayersItemsMembersItems: description: Defines a single member within a schedule layer, including the reference to the underlying user. properties: user: $ref: '#/components/schemas/ScheduleRequestDataAttributesLayersItemsMembersItemsUser' type: object ScheduleRequestDataAttributesLayersItemsMembersItemsUser: description: Identifies the user participating in this layer as a single object with an `id`. properties: id: description: The user's ID. example: 00000000-aba1-0000-0000-000000000000 type: string type: object ScheduleTarget: description: Represents a schedule target for an escalation policy step, including its ID and resource type. properties: id: description: Specifies the unique identifier of the schedule resource. example: 00000000-aba1-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/ScheduleTargetType' required: - type - id type: object ScheduleTargetType: default: schedules description: Indicates that the resource is of type `schedules`. enum: - schedules example: schedules type: string x-enum-varnames: - SCHEDULES ScheduleTrigger: description: Trigger a workflow from a Schedule. The workflow must be published. properties: rruleExpression: description: Recurrence rule expression for scheduling. example: '' type: string required: - rruleExpression type: object ScheduleTriggerWrapper: description: Schema for a Schedule-based trigger. properties: scheduleTrigger: $ref: '#/components/schemas/ScheduleTrigger' startStepNames: $ref: '#/components/schemas/StartStepNames' required: - scheduleTrigger type: object ScheduleUpdateRequest: description: A top-level wrapper for a schedule update request, referring to the `data` object with the new details. example: data: attributes: layers: - effective_date: '2025-02-03T05:00:00Z' end_date: '2025-12-31T00:00:00Z' interval: seconds: 300 members: - user: id: 00000000-aba1-0000-0000-000000000000 name: Layer 1 restrictions: - end_day: friday end_time: '17:00:00' start_day: monday start_time: 09:00:00 rotation_start: '2025-02-01T00:00:00Z' name: On-Call Schedule Updated time_zone: America/New_York id: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d relationships: teams: data: - id: 00000000-da3a-0000-0000-000000000000 type: teams type: schedules properties: data: $ref: '#/components/schemas/ScheduleUpdateRequestData' required: - data type: object ScheduleUpdateRequestData: description: Contains all data needed to update an existing schedule, including its attributes (such as name and time zone) and any relationships to teams. properties: attributes: $ref: '#/components/schemas/ScheduleUpdateRequestDataAttributes' id: description: The ID of the schedule to be updated. example: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: string relationships: $ref: '#/components/schemas/ScheduleUpdateRequestDataRelationships' type: $ref: '#/components/schemas/ScheduleUpdateRequestDataType' required: - type - id - attributes type: object ScheduleUpdateRequestDataAttributes: description: Defines the updatable attributes for a schedule, such as name, time zone, and layers. properties: layers: description: The updated list of layers (rotations) for this schedule. items: $ref: '#/components/schemas/ScheduleUpdateRequestDataAttributesLayersItems' type: array name: description: A short name for the schedule. example: Primary On-Call type: string time_zone: description: The time zone used when interpreting rotation times. example: America/New_York type: string required: - name - time_zone - layers type: object ScheduleUpdateRequestDataAttributesLayersItems: description: 'Represents a layer within a schedule update, including rotation details, members, and optional restrictions.' properties: effective_date: description: When this updated layer takes effect (ISO 8601 format). example: '2025-02-03T05:00:00Z' format: date-time type: string end_date: description: When this updated layer should stop being active (ISO 8601 format). example: '2025-12-31T00:00:00Z' format: date-time type: string id: description: A unique identifier for the layer being updated. example: 00000000-0000-0000-0000-000000000001 type: string interval: $ref: '#/components/schemas/LayerAttributesInterval' members: description: The members assigned to this layer. items: $ref: '#/components/schemas/ScheduleRequestDataAttributesLayersItemsMembersItems' type: array name: description: The name for this layer (for example, "Secondary Coverage"). example: Primary On-Call Layer type: string restrictions: description: Any time restrictions that define when this layer is active. items: $ref: '#/components/schemas/TimeRestriction' type: array rotation_start: description: The date/time at which the rotation begins (ISO 8601 format). example: '2025-02-01T00:00:00Z' format: date-time type: string required: - effective_date - interval - members - name - rotation_start type: object ScheduleUpdateRequestDataRelationships: description: Houses relationships for the schedule update, typically referencing teams. properties: teams: $ref: '#/components/schemas/DataRelationshipsTeams' type: object ScheduleUpdateRequestDataType: default: schedules description: Schedules resource type. enum: - schedules example: schedules type: string x-enum-varnames: - SCHEDULES ScheduleUser: description: Represents a user object in the context of a schedule, including their `id`, type, and basic attributes. properties: attributes: $ref: '#/components/schemas/ScheduleUserAttributes' id: description: The unique user identifier. type: string type: $ref: '#/components/schemas/ScheduleUserType' required: - type type: object ScheduleUserAttributes: description: Provides basic user information for a schedule, including a name and email address. properties: email: description: The user's email address. example: jane.doe@example.com type: string name: description: The user's name. example: Jane Doe type: string status: $ref: '#/components/schemas/UserAttributesStatus' type: object ScheduleUserType: default: users description: Users resource type. enum: - users example: users type: string x-enum-varnames: - USERS ScorecardType: default: scorecard description: The JSON:API type for scorecard. enum: - scorecard example: scorecard type: string x-enum-varnames: - SCORECARD SecurityFilter: description: The security filter's properties. properties: attributes: $ref: '#/components/schemas/SecurityFilterAttributes' id: $ref: '#/components/schemas/SecurityFilterID' type: $ref: '#/components/schemas/SecurityFilterType' type: object SecurityFilterAttributes: description: The object describing a security filter. properties: exclusion_filters: description: The list of exclusion filters applied in this security filter. items: $ref: '#/components/schemas/SecurityFilterExclusionFilterResponse' type: array filtered_data_type: $ref: '#/components/schemas/SecurityFilterFilteredDataType' is_builtin: description: Whether the security filter is the built-in filter. example: false type: boolean is_enabled: description: Whether the security filter is enabled. example: false type: boolean name: description: The security filter name. example: Custom security filter type: string query: description: The security filter query. Logs accepted by this query will be accepted by this filter. example: service:api type: string version: description: The version of the security filter. example: 1 format: int32 maximum: 2147483647 type: integer type: object SecurityFilterCreateAttributes: description: Object containing the attributes of the security filter to be created. properties: exclusion_filters: description: Exclusion filters to exclude some logs from the security filter. example: - name: Exclude staging query: source:staging items: $ref: '#/components/schemas/SecurityFilterExclusionFilter' type: array filtered_data_type: $ref: '#/components/schemas/SecurityFilterFilteredDataType' is_enabled: description: Whether the security filter is enabled. example: true type: boolean name: description: The name of the security filter. example: Custom security filter type: string query: description: The query of the security filter. example: service:api type: string required: - name - query - exclusion_filters - filtered_data_type - is_enabled type: object SecurityFilterCreateData: description: Object for a single security filter. properties: attributes: $ref: '#/components/schemas/SecurityFilterCreateAttributes' type: $ref: '#/components/schemas/SecurityFilterType' required: - type - attributes type: object SecurityFilterCreateRequest: description: Request object that includes the security filter that you would like to create. properties: data: $ref: '#/components/schemas/SecurityFilterCreateData' required: - data type: object SecurityFilterExclusionFilter: description: Exclusion filter for the security filter. example: name: Exclude staging query: source:staging properties: name: description: Exclusion filter name. example: Exclude staging type: string query: description: Exclusion filter query. Logs that match this query are excluded from the security filter. example: source:staging type: string required: - name - query type: object SecurityFilterExclusionFilterResponse: description: A single exclusion filter. properties: name: description: The exclusion filter name. example: Exclude staging type: string query: description: The exclusion filter query. example: source:staging type: string type: object SecurityFilterFilteredDataType: description: The filtered data type. enum: - logs example: logs type: string x-enum-varnames: - LOGS SecurityFilterID: description: The ID of the security filter. example: 3dd-0uc-h1s type: string SecurityFilterMeta: description: Optional metadata associated to the response. properties: warning: description: A warning message. example: All the security filters are disabled. As a result, no logs are being analyzed. type: string type: object SecurityFilterResponse: description: Response object which includes a single security filter. properties: data: $ref: '#/components/schemas/SecurityFilter' meta: $ref: '#/components/schemas/SecurityFilterMeta' type: object SecurityFilterType: default: security_filters description: The type of the resource. The value should always be `security_filters`. enum: - security_filters example: security_filters type: string x-enum-varnames: - SECURITY_FILTERS SecurityFilterUpdateAttributes: description: The security filters properties to be updated. properties: exclusion_filters: description: Exclusion filters to exclude some logs from the security filter. example: [] items: $ref: '#/components/schemas/SecurityFilterExclusionFilter' type: array filtered_data_type: $ref: '#/components/schemas/SecurityFilterFilteredDataType' is_enabled: description: Whether the security filter is enabled. example: true type: boolean name: description: The name of the security filter. example: Custom security filter type: string query: description: The query of the security filter. example: service:api type: string version: description: The version of the security filter to update. example: 1 format: int32 maximum: 2147483647 type: integer type: object SecurityFilterUpdateData: description: The new security filter properties. properties: attributes: $ref: '#/components/schemas/SecurityFilterUpdateAttributes' type: $ref: '#/components/schemas/SecurityFilterType' required: - type - attributes type: object SecurityFilterUpdateRequest: description: The new security filter body. properties: data: $ref: '#/components/schemas/SecurityFilterUpdateData' required: - data type: object SecurityFiltersResponse: description: All the available security filters objects. properties: data: description: A list of security filters objects. items: $ref: '#/components/schemas/SecurityFilter' type: array meta: $ref: '#/components/schemas/SecurityFilterMeta' type: object SecurityMonitoringFilter: description: The rule's suppression filter. properties: action: $ref: '#/components/schemas/SecurityMonitoringFilterAction' query: description: Query for selecting logs to apply the filtering action. type: string type: object SecurityMonitoringFilterAction: description: The type of filtering action. enum: - require - suppress type: string x-enum-varnames: - REQUIRE - SUPPRESS SecurityMonitoringListRulesResponse: description: List of rules. properties: data: description: Array containing the list of rules. items: $ref: '#/components/schemas/SecurityMonitoringRuleResponse' type: array meta: $ref: '#/components/schemas/ResponseMetaAttributes' type: object SecurityMonitoringReferenceTable: description: Reference tables used in the queries. properties: checkPresence: description: Whether to include or exclude the matched values. type: boolean columnName: description: The name of the column in the reference table. type: string logFieldPath: description: The field in the log to match against the reference table. type: string ruleQueryName: description: The name of the query to apply the reference table to. type: string tableName: description: The name of the reference table. type: string type: object SecurityMonitoringRuleCase: description: Case when signal is generated. properties: actions: description: Action to perform for each rule case. items: $ref: '#/components/schemas/SecurityMonitoringRuleCaseAction' type: array condition: description: 'A rule case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated based on the event counts in the previously defined queries.' type: string name: description: Name of the case. type: string notifications: description: Notification targets for each rule case. items: description: Notification. type: string type: array status: $ref: '#/components/schemas/SecurityMonitoringRuleSeverity' type: object SecurityMonitoringRuleCaseAction: description: Action to perform when a signal is triggered. Only available for Application Security rule type. properties: options: $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionOptions' type: $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionType' type: object SecurityMonitoringRuleCaseActionOptions: additionalProperties: {} description: Options for the rule action properties: duration: description: Duration of the action in seconds. 0 indicates no expiration. example: 0 format: int64 minimum: 0 type: integer userBehaviorName: $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionOptionsUserBehaviorName' type: object SecurityMonitoringRuleCaseActionOptionsUserBehaviorName: description: Used with the case action of type 'user_behavior'. The value specified in this field is applied as a risk tag to all users affected by the rule. type: string SecurityMonitoringRuleCaseActionType: description: The action type. enum: - block_ip - block_user - user_behavior type: string x-enum-varnames: - BLOCK_IP - BLOCK_USER - USER_BEHAVIOR SecurityMonitoringRuleCaseCreate: description: Case when signal is generated. properties: actions: description: Action to perform for each rule case. items: $ref: '#/components/schemas/SecurityMonitoringRuleCaseAction' type: array condition: description: 'A case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated based on the event counts in the previously defined queries.' type: string name: description: Name of the case. type: string notifications: description: Notification targets. items: description: Notification. type: string type: array status: $ref: '#/components/schemas/SecurityMonitoringRuleSeverity' required: - status type: object SecurityMonitoringRuleConvertPayload: description: Convert a rule from JSON to Terraform. oneOf: - $ref: '#/components/schemas/SecurityMonitoringStandardRulePayload' - $ref: '#/components/schemas/SecurityMonitoringSignalRulePayload' SecurityMonitoringRuleConvertResponse: description: Result of the convert rule request containing Terraform content. properties: terraformContent: description: Terraform string as a result of converting the rule from JSON. type: string type: object SecurityMonitoringRuleCreatePayload: description: Create a new rule. oneOf: - $ref: '#/components/schemas/SecurityMonitoringStandardRuleCreatePayload' - $ref: '#/components/schemas/SecurityMonitoringSignalRuleCreatePayload' - $ref: '#/components/schemas/CloudConfigurationRuleCreatePayload' SecurityMonitoringRuleDecreaseCriticalityBasedOnEnv: description: 'If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce signal noise. The severity is decreased by one level: `CRITICAL` in production becomes `HIGH` in non-production, `HIGH` becomes `MEDIUM` and so on. `INFO` remains `INFO`. The decrement is applied when the environment tag of the signal starts with `staging`, `test` or `dev`.' example: false type: boolean SecurityMonitoringRuleDetectionMethod: description: The detection method. enum: - threshold - new_value - anomaly_detection - impossible_travel - hardcoded - third_party - anomaly_threshold type: string x-enum-varnames: - THRESHOLD - NEW_VALUE - ANOMALY_DETECTION - IMPOSSIBLE_TRAVEL - HARDCODED - THIRD_PARTY - ANOMALY_THRESHOLD SecurityMonitoringRuleEvaluationWindow: description: 'A time window is specified to match when at least one of the cases matches true. This is a sliding window and evaluates in real time. For third party detection method, this field is not used.' enum: - 0 - 60 - 300 - 600 - 900 - 1800 - 3600 - 7200 - 10800 - 21600 - 43200 - 86400 format: int32 type: integer x-enum-varnames: - ZERO_MINUTES - ONE_MINUTE - FIVE_MINUTES - TEN_MINUTES - FIFTEEN_MINUTES - THIRTY_MINUTES - ONE_HOUR - TWO_HOURS - THREE_HOURS - SIX_HOURS - TWELVE_HOURS - ONE_DAY SecurityMonitoringRuleHardcodedEvaluatorType: description: Hardcoded evaluator type. enum: - log4shell type: string x-enum-varnames: - LOG4SHELL SecurityMonitoringRuleImpossibleTravelOptions: description: Options on impossible travel detection method. properties: baselineUserLocations: $ref: '#/components/schemas/SecurityMonitoringRuleImpossibleTravelOptionsBaselineUserLocations' type: object SecurityMonitoringRuleImpossibleTravelOptionsBaselineUserLocations: description: 'If true, signals are suppressed for the first 24 hours. In that time, Datadog learns the user''s regular access locations. This can be helpful to reduce noise and infer VPN usage or credentialed API access.' example: true type: boolean SecurityMonitoringRuleKeepAlive: description: 'Once a signal is generated, the signal will remain "open" if a case is matched at least once within this keep alive window. For third party detection method, this field is not used.' enum: - 0 - 60 - 300 - 600 - 900 - 1800 - 3600 - 7200 - 10800 - 21600 - 43200 - 86400 format: int32 type: integer x-enum-varnames: - ZERO_MINUTES - ONE_MINUTE - FIVE_MINUTES - TEN_MINUTES - FIFTEEN_MINUTES - THIRTY_MINUTES - ONE_HOUR - TWO_HOURS - THREE_HOURS - SIX_HOURS - TWELVE_HOURS - ONE_DAY SecurityMonitoringRuleMaxSignalDuration: description: 'A signal will "close" regardless of the query being matched once the time exceeds the maximum duration. This time is calculated from the first seen timestamp.' enum: - 0 - 60 - 300 - 600 - 900 - 1800 - 3600 - 7200 - 10800 - 21600 - 43200 - 86400 format: int32 type: integer x-enum-varnames: - ZERO_MINUTES - ONE_MINUTE - FIVE_MINUTES - TEN_MINUTES - FIFTEEN_MINUTES - THIRTY_MINUTES - ONE_HOUR - TWO_HOURS - THREE_HOURS - SIX_HOURS - TWELVE_HOURS - ONE_DAY SecurityMonitoringRuleNewValueOptions: description: Options on new value detection method. properties: forgetAfter: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsForgetAfter' learningDuration: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsLearningDuration' learningMethod: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsLearningMethod' learningThreshold: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsLearningThreshold' type: object SecurityMonitoringRuleNewValueOptionsForgetAfter: description: The duration in days after which a learned value is forgotten. enum: - 1 - 2 - 7 - 14 - 21 - 28 format: int32 type: integer x-enum-varnames: - ONE_DAY - TWO_DAYS - ONE_WEEK - TWO_WEEKS - THREE_WEEKS - FOUR_WEEKS SecurityMonitoringRuleNewValueOptionsLearningDuration: default: 0 description: 'The duration in days during which values are learned, and after which signals will be generated for values that weren''t learned. If set to 0, a signal will be generated for all new values after the first value is learned.' enum: - 0 - 1 - 7 format: int32 type: integer x-enum-varnames: - ZERO_DAYS - ONE_DAY - SEVEN_DAYS SecurityMonitoringRuleNewValueOptionsLearningMethod: default: duration description: The learning method used to determine when signals should be generated for values that weren't learned. enum: - duration - threshold type: string x-enum-varnames: - DURATION - THRESHOLD SecurityMonitoringRuleNewValueOptionsLearningThreshold: default: 0 description: A number of occurrences after which signals will be generated for values that weren't learned. enum: - 0 - 1 format: int32 type: integer x-enum-varnames: - ZERO_OCCURRENCES - ONE_OCCURRENCE SecurityMonitoringRuleOptions: description: Options. properties: complianceRuleOptions: $ref: '#/components/schemas/CloudConfigurationComplianceRuleOptions' decreaseCriticalityBasedOnEnv: $ref: '#/components/schemas/SecurityMonitoringRuleDecreaseCriticalityBasedOnEnv' detectionMethod: $ref: '#/components/schemas/SecurityMonitoringRuleDetectionMethod' evaluationWindow: $ref: '#/components/schemas/SecurityMonitoringRuleEvaluationWindow' hardcodedEvaluatorType: $ref: '#/components/schemas/SecurityMonitoringRuleHardcodedEvaluatorType' impossibleTravelOptions: $ref: '#/components/schemas/SecurityMonitoringRuleImpossibleTravelOptions' keepAlive: $ref: '#/components/schemas/SecurityMonitoringRuleKeepAlive' maxSignalDuration: $ref: '#/components/schemas/SecurityMonitoringRuleMaxSignalDuration' newValueOptions: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions' thirdPartyRuleOptions: $ref: '#/components/schemas/SecurityMonitoringRuleThirdPartyOptions' type: object SecurityMonitoringRuleQuery: description: Query for matching rule. oneOf: - $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery' - $ref: '#/components/schemas/SecurityMonitoringSignalRuleQuery' SecurityMonitoringRuleQueryAggregation: description: The aggregation type. enum: - count - cardinality - sum - max - new_value - geo_data - event_count - none type: string x-enum-varnames: - COUNT - CARDINALITY - SUM - MAX - NEW_VALUE - GEO_DATA - EVENT_COUNT - NONE SecurityMonitoringRuleQueryPayload: description: Payload to test a rule query with the expected result. properties: expectedResult: description: Expected result of the test. example: true type: boolean index: description: Index of the query under test. example: 0 format: int64 minimum: 0 type: integer payload: $ref: '#/components/schemas/SecurityMonitoringRuleQueryPayloadData' type: object SecurityMonitoringRuleQueryPayloadData: additionalProperties: {} description: Payload used to test the rule query. properties: ddsource: description: Source of the payload. example: nginx type: string ddtags: description: Tags associated with your data. example: env:staging,version:5.1 type: string hostname: description: The name of the originating host of the log. example: i-012345678 type: string message: description: The message of the payload. example: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World type: string service: description: The name of the application or service generating the data. example: payment type: string type: object SecurityMonitoringRuleResponse: description: Create a new rule. oneOf: - $ref: '#/components/schemas/SecurityMonitoringStandardRuleResponse' - $ref: '#/components/schemas/SecurityMonitoringSignalRuleResponse' SecurityMonitoringRuleSeverity: description: Severity of the Security Signal. enum: - info - low - medium - high - critical example: critical type: string x-enum-varnames: - INFO - LOW - MEDIUM - HIGH - CRITICAL SecurityMonitoringRuleTestPayload: description: Test a rule. oneOf: - $ref: '#/components/schemas/SecurityMonitoringStandardRuleTestPayload' SecurityMonitoringRuleTestRequest: description: Test the rule queries of a rule (rule property is ignored when applied to an existing rule) properties: rule: $ref: '#/components/schemas/SecurityMonitoringRuleTestPayload' ruleQueryPayloads: description: Data payloads used to test rules query with the expected result. items: $ref: '#/components/schemas/SecurityMonitoringRuleQueryPayload' type: array type: object SecurityMonitoringRuleTestResponse: description: Result of the test of the rule queries. properties: results: description: 'Assert results are returned in the same order as the rule query payloads. For each payload, it returns True if the result matched the expected result, False otherwise.' items: type: boolean type: array type: object SecurityMonitoringRuleThirdPartyOptions: description: Options on third party detection method. properties: defaultNotifications: description: Notification targets for the logs that do not correspond to any of the cases. items: description: Notification. type: string type: array defaultStatus: $ref: '#/components/schemas/SecurityMonitoringRuleSeverity' rootQueries: description: Queries to be combined with third party case queries. Each of them can have different group by fields, to aggregate differently based on the type of alert. items: $ref: '#/components/schemas/SecurityMonitoringThirdPartyRootQuery' type: array signalTitleTemplate: description: A template for the signal title; if omitted, the title is generated based on the case name. type: string type: object SecurityMonitoringRuleTypeCreate: description: The rule type. enum: - application_security - log_detection - workload_security type: string x-enum-varnames: - APPLICATION_SECURITY - LOG_DETECTION - WORKLOAD_SECURITY SecurityMonitoringRuleTypeRead: description: The rule type. enum: - log_detection - infrastructure_configuration - workload_security - cloud_configuration - application_security type: string x-enum-varnames: - LOG_DETECTION - INFRASTRUCTURE_CONFIGURATION - WORKLOAD_SECURITY - CLOUD_CONFIGURATION - APPLICATION_SECURITY SecurityMonitoringRuleTypeTest: description: The rule type. enum: - log_detection type: string x-enum-varnames: - LOG_DETECTION SecurityMonitoringRuleUpdatePayload: description: Update an existing rule. properties: cases: description: Cases for generating signals. items: $ref: '#/components/schemas/SecurityMonitoringRuleCase' type: array complianceSignalOptions: $ref: '#/components/schemas/CloudConfigurationRuleComplianceSignalOptions' filters: description: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array groupSignalsBy: description: Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. example: - service items: description: Field to group by. type: string type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. example: true type: boolean isEnabled: description: Whether the rule is enabled. type: boolean message: description: Message for generated signals. type: string name: description: Name of the rule. type: string options: $ref: '#/components/schemas/SecurityMonitoringRuleOptions' queries: description: Queries for selecting logs which are part of the rule. items: $ref: '#/components/schemas/SecurityMonitoringRuleQuery' type: array referenceTables: description: Reference tables for the rule. items: $ref: '#/components/schemas/SecurityMonitoringReferenceTable' type: array tags: description: Tags for generated signals. items: description: Tag. type: string type: array thirdPartyCases: description: Cases for generating signals from third-party rules. Only available for third-party rules. example: [] items: $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCase' type: array version: description: The version of the rule being updated. example: 1 format: int32 maximum: 2147483647 type: integer type: object SecurityMonitoringRuleValidatePayload: description: Validate a rule. oneOf: - $ref: '#/components/schemas/SecurityMonitoringStandardRulePayload' - $ref: '#/components/schemas/SecurityMonitoringSignalRulePayload' - $ref: '#/components/schemas/CloudConfigurationRulePayload' SecurityMonitoringSignal: description: Object description of a security signal. properties: attributes: $ref: '#/components/schemas/SecurityMonitoringSignalAttributes' id: description: The unique ID of the security signal. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: '#/components/schemas/SecurityMonitoringSignalType' type: object SecurityMonitoringSignalArchiveComment: description: Optional comment to display on archived signals. type: string SecurityMonitoringSignalArchiveReason: description: Reason a signal is archived. enum: - none - false_positive - testing_or_maintenance - investigated_case_opened - other type: string x-enum-varnames: - NONE - FALSE_POSITIVE - TESTING_OR_MAINTENANCE - INVESTIGATED_CASE_OPENED - OTHER SecurityMonitoringSignalAssigneeUpdateAttributes: description: Attributes describing the new assignee of a security signal. properties: assignee: $ref: '#/components/schemas/SecurityMonitoringTriageUser' version: $ref: '#/components/schemas/SecurityMonitoringSignalVersion' required: - assignee type: object SecurityMonitoringSignalAssigneeUpdateData: description: Data containing the patch for changing the assignee of a signal. properties: attributes: $ref: '#/components/schemas/SecurityMonitoringSignalAssigneeUpdateAttributes' required: - attributes type: object SecurityMonitoringSignalAssigneeUpdateRequest: description: Request body for changing the assignee of a given security monitoring signal. properties: data: $ref: '#/components/schemas/SecurityMonitoringSignalAssigneeUpdateData' required: - data type: object SecurityMonitoringSignalAttributes: additionalProperties: {} description: 'The object containing all signal attributes and their associated values.' properties: custom: additionalProperties: {} description: A JSON object of attributes in the security signal. example: workflow: first_seen: '2020-06-23T14:46:01.000Z' last_seen: '2020-06-23T14:46:49.000Z' rule: id: 0f5-e0c-805 name: 'Brute Force Attack Grouped By User ' version: 12 type: object message: description: The message in the security signal defined by the rule that generated the signal. example: Detect Account Take Over (ATO) through brute force attempts type: string tags: description: An array of tags associated with the security signal. example: - security:attack - technique:T1110-brute-force items: description: The tag associated with the security signal. type: string type: array timestamp: description: The timestamp of the security signal. example: '2019-01-02T09:42:36.320Z' format: date-time type: string type: object SecurityMonitoringSignalIncidentIds: description: Array of incidents that are associated with this signal. example: - 2066 items: description: Public ID attribute of the incident that is associated with the signal. example: 2066 format: int64 type: integer type: array SecurityMonitoringSignalIncidentsUpdateAttributes: description: Attributes describing the new list of related signals for a security signal. properties: incident_ids: $ref: '#/components/schemas/SecurityMonitoringSignalIncidentIds' version: $ref: '#/components/schemas/SecurityMonitoringSignalVersion' required: - incident_ids type: object SecurityMonitoringSignalIncidentsUpdateData: description: Data containing the patch for changing the related incidents of a signal. properties: attributes: $ref: '#/components/schemas/SecurityMonitoringSignalIncidentsUpdateAttributes' required: - attributes type: object SecurityMonitoringSignalIncidentsUpdateRequest: description: Request body for changing the related incidents of a given security monitoring signal. properties: data: $ref: '#/components/schemas/SecurityMonitoringSignalIncidentsUpdateData' required: - data type: object SecurityMonitoringSignalListRequest: description: The request for a security signal list. properties: filter: $ref: '#/components/schemas/SecurityMonitoringSignalListRequestFilter' page: $ref: '#/components/schemas/SecurityMonitoringSignalListRequestPage' sort: $ref: '#/components/schemas/SecurityMonitoringSignalsSort' type: object SecurityMonitoringSignalListRequestFilter: description: Search filters for listing security signals. properties: from: description: The minimum timestamp for requested security signals. example: '2019-01-02T09:42:36.320Z' format: date-time type: string query: description: Search query for listing security signals. example: security:attack status:high type: string to: description: The maximum timestamp for requested security signals. example: '2019-01-03T09:42:36.320Z' format: date-time type: string type: object SecurityMonitoringSignalListRequestPage: description: The paging attributes for listing security signals. properties: cursor: description: A list of results using the cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string limit: default: 10 description: The maximum number of security signals in the response. example: 25 format: int32 maximum: 1000 type: integer type: object SecurityMonitoringSignalMetadataType: default: signal_metadata description: The type of event. enum: - signal_metadata example: signal_metadata type: string x-enum-varnames: - SIGNAL_METADATA SecurityMonitoringSignalResponse: description: Security Signal response data object. properties: data: $ref: '#/components/schemas/SecurityMonitoringSignal' type: object SecurityMonitoringSignalRuleCreatePayload: description: Create a new signal correlation rule. properties: cases: description: Cases for generating signals. example: [] items: $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate' type: array filters: description: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. example: true type: boolean isEnabled: description: Whether the rule is enabled. example: true type: boolean message: description: Message for generated signals. example: '' type: string name: description: The name of the rule. example: My security monitoring rule. type: string options: $ref: '#/components/schemas/SecurityMonitoringRuleOptions' queries: description: Queries for selecting signals which are part of the rule. example: [] items: $ref: '#/components/schemas/SecurityMonitoringSignalRuleQuery' type: array tags: description: Tags for generated signals. example: - env:prod - team:security items: description: Tag. type: string type: array type: $ref: '#/components/schemas/SecurityMonitoringSignalRuleType' required: - name - isEnabled - queries - options - cases - message type: object SecurityMonitoringSignalRulePayload: description: The payload of a signal correlation rule. properties: cases: description: Cases for generating signals. example: [] items: $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate' type: array filters: description: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. example: true type: boolean isEnabled: description: Whether the rule is enabled. example: true type: boolean message: description: Message for generated signals. example: '' type: string name: description: The name of the rule. example: My security monitoring rule. type: string options: $ref: '#/components/schemas/SecurityMonitoringRuleOptions' queries: description: Queries for selecting signals which are part of the rule. example: [] items: $ref: '#/components/schemas/SecurityMonitoringSignalRuleQuery' type: array tags: description: Tags for generated signals. example: - env:prod - team:security items: description: Tag. type: string type: array type: $ref: '#/components/schemas/SecurityMonitoringSignalRuleType' required: - name - isEnabled - queries - options - cases - message type: object SecurityMonitoringSignalRuleQuery: description: Query for matching rule on signals. properties: aggregation: $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation' correlatedByFields: description: Fields to group by. items: description: Field. type: string type: array correlatedQueryIndex: description: Index of the rule query used to retrieve the correlated field. format: int32 maximum: 9 type: integer metrics: description: Group of target fields to aggregate over. items: description: Field. type: string type: array name: description: Name of the query. type: string ruleId: description: Rule ID to match on signals. example: org-ru1-e1d type: string required: - ruleId type: object SecurityMonitoringSignalRuleResponse: description: Rule. properties: cases: description: Cases for generating signals. items: $ref: '#/components/schemas/SecurityMonitoringRuleCase' type: array createdAt: description: When the rule was created, timestamp in milliseconds. format: int64 type: integer creationAuthorId: description: User ID of the user who created the rule. format: int64 type: integer deprecationDate: description: When the rule will be deprecated, timestamp in milliseconds. format: int64 type: integer filters: description: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. type: boolean id: description: The ID of the rule. type: string isDefault: description: Whether the rule is included by default. type: boolean isDeleted: description: Whether the rule has been deleted. type: boolean isEnabled: description: Whether the rule is enabled. type: boolean message: description: Message for generated signals. type: string name: description: The name of the rule. type: string options: $ref: '#/components/schemas/SecurityMonitoringRuleOptions' queries: description: Queries for selecting logs which are part of the rule. items: $ref: '#/components/schemas/SecurityMonitoringSignalRuleResponseQuery' type: array tags: description: Tags for generated signals. items: description: Tag. type: string type: array type: $ref: '#/components/schemas/SecurityMonitoringSignalRuleType' updateAuthorId: description: User ID of the user who updated the rule. format: int64 type: integer version: description: The version of the rule. format: int64 type: integer type: object SecurityMonitoringSignalRuleResponseQuery: description: Query for matching rule on signals. properties: aggregation: $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation' correlatedByFields: description: Fields to correlate by. items: description: Field. type: string type: array correlatedQueryIndex: description: Index of the rule query used to retrieve the correlated field. format: int32 maximum: 9 type: integer defaultRuleId: description: Default Rule ID to match on signals. example: d3f-ru1-e1d type: string distinctFields: description: Field for which the cardinality is measured. Sent as an array. items: description: Field. type: string type: array groupByFields: description: Fields to group by. items: description: Field. type: string type: array metrics: description: Group of target fields to aggregate over. items: description: Field. type: string type: array name: description: Name of the query. type: string ruleId: description: Rule ID to match on signals. example: org-ru1-e1d type: string type: object SecurityMonitoringSignalRuleType: description: The rule type. enum: - signal_correlation type: string x-enum-varnames: - SIGNAL_CORRELATION SecurityMonitoringSignalState: description: The new triage state of the signal. enum: - open - archived - under_review example: open type: string x-enum-varnames: - OPEN - ARCHIVED - UNDER_REVIEW SecurityMonitoringSignalStateUpdateAttributes: description: Attributes describing the change of state of a security signal. properties: archive_comment: $ref: '#/components/schemas/SecurityMonitoringSignalArchiveComment' archive_reason: $ref: '#/components/schemas/SecurityMonitoringSignalArchiveReason' state: $ref: '#/components/schemas/SecurityMonitoringSignalState' version: $ref: '#/components/schemas/SecurityMonitoringSignalVersion' required: - state type: object SecurityMonitoringSignalStateUpdateData: description: Data containing the patch for changing the state of a signal. properties: attributes: $ref: '#/components/schemas/SecurityMonitoringSignalStateUpdateAttributes' id: description: The unique ID of the security signal. type: $ref: '#/components/schemas/SecurityMonitoringSignalMetadataType' required: - attributes type: object SecurityMonitoringSignalStateUpdateRequest: description: Request body for changing the state of a given security monitoring signal. properties: data: $ref: '#/components/schemas/SecurityMonitoringSignalStateUpdateData' required: - data type: object SecurityMonitoringSignalTriageAttributes: description: Attributes describing a triage state update operation over a security signal. properties: archive_comment: $ref: '#/components/schemas/SecurityMonitoringSignalArchiveComment' archive_comment_timestamp: description: Timestamp of the last edit to the comment. format: int64 minimum: 0 type: integer archive_comment_user: $ref: '#/components/schemas/SecurityMonitoringTriageUser' archive_reason: $ref: '#/components/schemas/SecurityMonitoringSignalArchiveReason' assignee: $ref: '#/components/schemas/SecurityMonitoringTriageUser' incident_ids: $ref: '#/components/schemas/SecurityMonitoringSignalIncidentIds' state: $ref: '#/components/schemas/SecurityMonitoringSignalState' state_update_timestamp: description: Timestamp of the last update to the signal state. format: int64 minimum: 0 type: integer state_update_user: $ref: '#/components/schemas/SecurityMonitoringTriageUser' required: - assignee - state - incident_ids type: object SecurityMonitoringSignalTriageUpdateData: description: Data containing the updated triage attributes of the signal. properties: attributes: $ref: '#/components/schemas/SecurityMonitoringSignalTriageAttributes' id: description: The unique ID of the security signal. type: string type: $ref: '#/components/schemas/SecurityMonitoringSignalMetadataType' type: object SecurityMonitoringSignalTriageUpdateResponse: description: The response returned after all triage operations, containing the updated signal triage data. properties: data: $ref: '#/components/schemas/SecurityMonitoringSignalTriageUpdateData' required: - data type: object SecurityMonitoringSignalType: default: signal description: The type of event. enum: - signal example: signal type: string x-enum-varnames: - SIGNAL SecurityMonitoringSignalVersion: description: Version of the updated signal. If server side version is higher, update will be rejected. format: int64 type: integer SecurityMonitoringSignalsListResponse: description: 'The response object with all security signals matching the request and pagination information.' properties: data: description: An array of security signals matching the request. items: $ref: '#/components/schemas/SecurityMonitoringSignal' type: array links: $ref: '#/components/schemas/SecurityMonitoringSignalsListResponseLinks' meta: $ref: '#/components/schemas/SecurityMonitoringSignalsListResponseMeta' type: object SecurityMonitoringSignalsListResponseLinks: description: Links attributes. properties: next: description: 'The link for the next set of results. **Note**: The request can also be made using the POST endpoint.' example: https://app.datadoghq.com/api/v2/security_monitoring/signals?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object SecurityMonitoringSignalsListResponseMeta: description: Meta attributes. properties: page: $ref: '#/components/schemas/SecurityMonitoringSignalsListResponseMetaPage' type: object SecurityMonitoringSignalsListResponseMetaPage: description: Paging attributes. properties: after: description: 'The cursor used to get the next results, if any. To make the next request, use the same parameters with the addition of the `page[cursor]`.' example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object SecurityMonitoringSignalsSort: description: The sort parameters used for querying security signals. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING SecurityMonitoringStandardDataSource: default: logs description: Source of events, either logs, audit trail, or Datadog events. enum: - logs - audit - app_sec_spans - spans - security_runtime - network - events example: logs type: string x-enum-varnames: - LOGS - AUDIT - APP_SEC_SPANS - SPANS - SECURITY_RUNTIME - NETWORK - EVENTS SecurityMonitoringStandardRuleCreatePayload: description: Create a new rule. properties: cases: description: Cases for generating signals. example: [] items: $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate' type: array filters: description: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array groupSignalsBy: description: Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. example: - service items: description: Field to group by. type: string type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. example: true type: boolean isEnabled: description: Whether the rule is enabled. example: true type: boolean message: description: Message for generated signals. example: '' type: string name: description: The name of the rule. example: My security monitoring rule. type: string options: $ref: '#/components/schemas/SecurityMonitoringRuleOptions' queries: description: Queries for selecting logs which are part of the rule. example: [] items: $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery' type: array referenceTables: description: Reference tables for the rule. items: $ref: '#/components/schemas/SecurityMonitoringReferenceTable' type: array tags: description: Tags for generated signals. example: - env:prod - team:security items: description: Tag. type: string type: array thirdPartyCases: description: Cases for generating signals from third-party rules. Only available for third-party rules. example: [] items: $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate' type: array type: $ref: '#/components/schemas/SecurityMonitoringRuleTypeCreate' required: - name - isEnabled - queries - options - cases - message type: object SecurityMonitoringStandardRulePayload: description: The payload of a rule. properties: cases: description: Cases for generating signals. example: [] items: $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate' type: array filters: description: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array groupSignalsBy: description: Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. example: - service items: description: Field to group by. type: string type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. example: true type: boolean isEnabled: description: Whether the rule is enabled. example: true type: boolean message: description: Message for generated signals. example: '' type: string name: description: The name of the rule. example: My security monitoring rule. type: string options: $ref: '#/components/schemas/SecurityMonitoringRuleOptions' queries: description: Queries for selecting logs which are part of the rule. example: [] items: $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery' type: array referenceTables: description: Reference tables for the rule. items: $ref: '#/components/schemas/SecurityMonitoringReferenceTable' type: array tags: description: Tags for generated signals. example: - env:prod - team:security items: description: Tag. type: string type: array thirdPartyCases: description: Cases for generating signals from third-party rules. Only available for third-party rules. example: [] items: $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate' type: array type: $ref: '#/components/schemas/SecurityMonitoringRuleTypeCreate' required: - name - isEnabled - queries - options - cases - message type: object SecurityMonitoringStandardRuleQuery: description: Query for matching rule. properties: aggregation: $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation' dataSource: $ref: '#/components/schemas/SecurityMonitoringStandardDataSource' distinctFields: description: Field for which the cardinality is measured. Sent as an array. items: description: Field. type: string type: array groupByFields: description: Fields to group by. items: description: Field. type: string type: array hasOptionalGroupByFields: description: When false, events without a group-by value are ignored by the rule. When true, events with missing group-by fields are processed with `N/A`, replacing the missing values. example: false readOnly: true type: boolean metric: deprecated: true description: '(Deprecated) The target field to aggregate over when using the sum or max aggregations. `metrics` field should be used instead.' type: string metrics: description: Group of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values. items: description: Field. type: string type: array name: description: Name of the query. type: string query: description: Query to run on logs. example: a > 3 type: string type: object SecurityMonitoringStandardRuleResponse: description: Rule. properties: cases: description: Cases for generating signals. items: $ref: '#/components/schemas/SecurityMonitoringRuleCase' type: array complianceSignalOptions: $ref: '#/components/schemas/CloudConfigurationRuleComplianceSignalOptions' createdAt: description: When the rule was created, timestamp in milliseconds. format: int64 type: integer creationAuthorId: description: User ID of the user who created the rule. format: int64 type: integer defaultTags: description: Default Tags for default rules (included in tags) example: - security:attacks items: description: Default Tag. type: string type: array deprecationDate: description: When the rule will be deprecated, timestamp in milliseconds. format: int64 type: integer filters: description: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array groupSignalsBy: description: Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. example: - service items: description: Field to group by. type: string type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. type: boolean id: description: The ID of the rule. type: string isDefault: description: Whether the rule is included by default. type: boolean isDeleted: description: Whether the rule has been deleted. type: boolean isEnabled: description: Whether the rule is enabled. type: boolean message: description: Message for generated signals. type: string name: description: The name of the rule. type: string options: $ref: '#/components/schemas/SecurityMonitoringRuleOptions' queries: description: Queries for selecting logs which are part of the rule. items: $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery' type: array referenceTables: description: Reference tables for the rule. items: $ref: '#/components/schemas/SecurityMonitoringReferenceTable' type: array tags: description: Tags for generated signals. items: description: Tag. type: string type: array thirdPartyCases: description: Cases for generating signals from third-party rules. Only available for third-party rules. example: [] items: $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCase' type: array type: $ref: '#/components/schemas/SecurityMonitoringRuleTypeRead' updateAuthorId: description: User ID of the user who updated the rule. format: int64 type: integer updatedAt: description: The date the rule was last updated, in milliseconds. format: int64 type: integer version: description: The version of the rule. format: int64 type: integer type: object SecurityMonitoringStandardRuleTestPayload: description: The payload of a rule to test properties: cases: description: Cases for generating signals. example: [] items: $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate' type: array filters: description: Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array groupSignalsBy: description: Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. example: - service items: description: Field to group by. type: string type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. example: true type: boolean isEnabled: description: Whether the rule is enabled. example: true type: boolean message: description: Message for generated signals. example: '' type: string name: description: The name of the rule. example: My security monitoring rule. type: string options: $ref: '#/components/schemas/SecurityMonitoringRuleOptions' queries: description: Queries for selecting logs which are part of the rule. example: [] items: $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery' type: array referenceTables: description: Reference tables for the rule. items: $ref: '#/components/schemas/SecurityMonitoringReferenceTable' type: array tags: description: Tags for generated signals. example: - env:prod - team:security items: description: Tag. type: string type: array thirdPartyCases: description: Cases for generating signals from third-party rules. Only available for third-party rules. example: [] items: $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate' type: array type: $ref: '#/components/schemas/SecurityMonitoringRuleTypeTest' required: - name - isEnabled - queries - options - cases - message type: object SecurityMonitoringSuppression: description: The suppression rule's properties. properties: attributes: $ref: '#/components/schemas/SecurityMonitoringSuppressionAttributes' id: $ref: '#/components/schemas/SecurityMonitoringSuppressionID' type: $ref: '#/components/schemas/SecurityMonitoringSuppressionType' type: object SecurityMonitoringSuppressionAttributes: description: The attributes of the suppression rule. properties: creation_date: description: A Unix millisecond timestamp given the creation date of the suppression rule. format: int64 type: integer creator: $ref: '#/components/schemas/SecurityMonitoringUser' data_exclusion_query: description: An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule. example: source:cloudtrail account_id:12345 type: string description: description: A description for the suppression rule. example: This rule suppresses low-severity signals in staging environments. type: string editable: description: Whether the suppression rule is editable. example: true type: boolean enabled: description: Whether the suppression rule is enabled. example: true type: boolean expiration_date: description: A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. example: 1703187336000 format: int64 type: integer name: description: The name of the suppression rule. example: Custom suppression type: string rule_query: description: The rule query of the suppression rule, with the same syntax as the search bar for detection rules. example: type:log_detection source:cloudtrail type: string start_date: description: A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals. example: 1703187336000 format: int64 type: integer suppression_query: description: The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer. example: env:staging status:low type: string update_date: description: A Unix millisecond timestamp given the update date of the suppression rule. format: int64 type: integer updater: $ref: '#/components/schemas/SecurityMonitoringUser' version: description: The version of the suppression rule; it starts at 1, and is incremented at each update. example: 42 format: int32 maximum: 2147483647 type: integer type: object SecurityMonitoringSuppressionCreateAttributes: description: Object containing the attributes of the suppression rule to be created. properties: data_exclusion_query: description: An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule. example: source:cloudtrail account_id:12345 type: string description: description: A description for the suppression rule. example: This rule suppresses low-severity signals in staging environments. type: string enabled: description: Whether the suppression rule is enabled. example: true type: boolean expiration_date: description: A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. example: 1703187336000 format: int64 type: integer name: description: The name of the suppression rule. example: Custom suppression type: string rule_query: description: The rule query of the suppression rule, with the same syntax as the search bar for detection rules. example: type:log_detection source:cloudtrail type: string start_date: description: A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals. example: 1703187336000 format: int64 type: integer suppression_query: description: The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer. example: env:staging status:low type: string required: - name - enabled - rule_query type: object SecurityMonitoringSuppressionCreateData: description: Object for a single suppression rule. properties: attributes: $ref: '#/components/schemas/SecurityMonitoringSuppressionCreateAttributes' type: $ref: '#/components/schemas/SecurityMonitoringSuppressionType' required: - type - attributes type: object SecurityMonitoringSuppressionCreateRequest: description: Request object that includes the suppression rule that you would like to create. properties: data: $ref: '#/components/schemas/SecurityMonitoringSuppressionCreateData' required: - data type: object SecurityMonitoringSuppressionID: description: The ID of the suppression rule. example: 3dd-0uc-h1s type: string SecurityMonitoringSuppressionResponse: description: Response object containing a single suppression rule. properties: data: $ref: '#/components/schemas/SecurityMonitoringSuppression' type: object SecurityMonitoringSuppressionType: default: suppressions description: The type of the resource. The value should always be `suppressions`. enum: - suppressions example: suppressions type: string x-enum-varnames: - SUPPRESSIONS SecurityMonitoringSuppressionUpdateAttributes: description: The suppression rule properties to be updated. properties: data_exclusion_query: description: An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule. example: source:cloudtrail account_id:12345 type: string description: description: A description for the suppression rule. example: This rule suppresses low-severity signals in staging environments. type: string enabled: description: Whether the suppression rule is enabled. example: true type: boolean expiration_date: description: A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. If unset, the expiration date of the suppression rule is left untouched. If set to `null`, the expiration date is removed. example: 1703187336000 format: int64 nullable: true type: integer name: description: The name of the suppression rule. example: Custom suppression type: string rule_query: description: The rule query of the suppression rule, with the same syntax as the search bar for detection rules. example: type:log_detection source:cloudtrail type: string start_date: description: A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals. If unset, the start date of the suppression rule is left untouched. If set to `null`, the start date is removed. example: 1703187336000 format: int64 nullable: true type: integer suppression_query: description: The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer. example: env:staging status:low type: string version: description: The current version of the suppression. This is optional, but it can help prevent concurrent modifications. format: int32 maximum: 2147483647 type: integer type: object SecurityMonitoringSuppressionUpdateData: description: The new suppression properties; partial updates are supported. properties: attributes: $ref: '#/components/schemas/SecurityMonitoringSuppressionUpdateAttributes' type: $ref: '#/components/schemas/SecurityMonitoringSuppressionType' required: - type - attributes type: object SecurityMonitoringSuppressionUpdateRequest: description: Request object containing the fields to update on the suppression rule. properties: data: $ref: '#/components/schemas/SecurityMonitoringSuppressionUpdateData' required: - data type: object SecurityMonitoringSuppressionsResponse: description: Response object containing the available suppression rules. properties: data: description: A list of suppressions objects. items: $ref: '#/components/schemas/SecurityMonitoringSuppression' type: array type: object SecurityMonitoringThirdPartyRootQuery: description: A query to be combined with the third party case query. properties: groupByFields: description: Fields to group by. items: description: Field. type: string type: array query: description: Query to run on logs. example: source:cloudtrail type: string type: object SecurityMonitoringThirdPartyRuleCase: description: Case when signal is generated by a third party rule. properties: name: description: Name of the case. type: string notifications: description: Notification targets for each rule case. items: description: Notification. type: string type: array query: description: A query to map a third party event to this case. type: string status: $ref: '#/components/schemas/SecurityMonitoringRuleSeverity' type: object SecurityMonitoringThirdPartyRuleCaseCreate: description: Case when a signal is generated by a third party rule. properties: name: description: Name of the case. type: string notifications: description: Notification targets for each case. items: description: Notification. type: string type: array query: description: A query to map a third party event to this case. type: string status: $ref: '#/components/schemas/SecurityMonitoringRuleSeverity' required: - status type: object SecurityMonitoringTriageUser: description: Object representing a given user entity. properties: handle: description: The handle for this user account. type: string icon: description: Gravatar icon associated to the user. example: /path/to/matching/gravatar/icon readOnly: true type: string id: description: Numerical ID assigned by Datadog to this user account. format: int64 type: integer name: description: The name for this user account. nullable: true type: string uuid: description: UUID assigned by Datadog to this user account. example: 773b045d-ccf8-4808-bd3b-955ef6a8c940 type: string required: - uuid type: object SecurityMonitoringUser: description: A user. properties: handle: description: The handle of the user. example: john.doe@datadoghq.com type: string name: description: The name of the user. example: John Doe nullable: true type: string type: object SecurityTrigger: description: Trigger a workflow from a Security Signal or Finding. For automatic triggering a handle must be configured and the workflow must be published. properties: rateLimit: $ref: '#/components/schemas/TriggerRateLimit' type: object SecurityTriggerWrapper: description: Schema for a Security-based trigger. properties: securityTrigger: $ref: '#/components/schemas/SecurityTrigger' startStepNames: $ref: '#/components/schemas/StartStepNames' required: - securityTrigger type: object Selectors: description: 'Selectors are used to filter security issues for which notifications should be generated. Users can specify rule severities, rule types, a query to filter security issues on tags and attributes, and the trigger source. Only the trigger_source field is required.' properties: query: $ref: '#/components/schemas/NotificationRuleQuery' rule_types: $ref: '#/components/schemas/RuleTypes' severities: description: The security rules severities to consider. items: $ref: '#/components/schemas/RuleSeverity' type: array trigger_source: $ref: '#/components/schemas/TriggerSource' required: - trigger_source type: object SelfServiceTriggerWrapper: description: Schema for a Self Service-based trigger. properties: selfServiceTrigger: description: Trigger a workflow from Self Service. type: object startStepNames: $ref: '#/components/schemas/StartStepNames' required: - selfServiceTrigger type: object SendSlackMessageAction: description: Sends a message to a Slack channel. properties: channel: description: The channel ID. example: CHANNEL type: string type: $ref: '#/components/schemas/SendSlackMessageActionType' workspace: description: The workspace ID. example: WORKSPACE type: string required: - type - channel - workspace type: object SendSlackMessageActionType: default: send_slack_message description: Indicates that the action is a send Slack message action. enum: - send_slack_message example: send_slack_message type: string x-enum-varnames: - SEND_SLACK_MESSAGE SendTeamsMessageAction: description: Sends a message to a Microsoft Teams channel. properties: channel: description: The channel ID. example: CHANNEL type: string team: description: The team ID. example: TEAM type: string tenant: description: The tenant ID. example: TENANT type: string type: $ref: '#/components/schemas/SendTeamsMessageActionType' required: - type - channel - tenant - team type: object SendTeamsMessageActionType: default: send_teams_message description: Indicates that the action is a send Microsoft Teams message action. enum: - send_teams_message example: send_teams_message type: string x-enum-varnames: - SEND_TEAMS_MESSAGE SensitiveDataScannerConfigRequest: description: Group reorder request. properties: data: $ref: '#/components/schemas/SensitiveDataScannerReorderConfig' meta: $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly' required: - data - meta type: object SensitiveDataScannerConfiguration: description: A Sensitive Data Scanner configuration. properties: id: description: ID of the configuration. type: string type: $ref: '#/components/schemas/SensitiveDataScannerConfigurationType' type: object SensitiveDataScannerConfigurationData: description: A Sensitive Data Scanner configuration data. properties: data: $ref: '#/components/schemas/SensitiveDataScannerConfiguration' type: object SensitiveDataScannerConfigurationRelationships: description: Relationships of the configuration. properties: groups: $ref: '#/components/schemas/SensitiveDataScannerGroupList' type: object SensitiveDataScannerConfigurationType: default: sensitive_data_scanner_configuration description: Sensitive Data Scanner configuration type. enum: - sensitive_data_scanner_configuration example: sensitive_data_scanner_configuration type: string x-enum-varnames: - SENSITIVE_DATA_SCANNER_CONFIGURATIONS SensitiveDataScannerCreateGroupResponse: description: Create group response. properties: data: $ref: '#/components/schemas/SensitiveDataScannerGroupResponse' meta: $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly' type: object SensitiveDataScannerCreateRuleResponse: description: Create rule response. properties: data: $ref: '#/components/schemas/SensitiveDataScannerRuleResponse' meta: $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly' type: object SensitiveDataScannerFilter: description: Filter for the Scanning Group. properties: query: description: Query to filter the events. type: string type: object SensitiveDataScannerGetConfigIncludedArray: description: Included objects from relationships. items: $ref: '#/components/schemas/SensitiveDataScannerGetConfigIncludedItem' type: array SensitiveDataScannerGetConfigIncludedItem: description: An object related to the configuration. oneOf: - $ref: '#/components/schemas/SensitiveDataScannerRuleIncludedItem' - $ref: '#/components/schemas/SensitiveDataScannerGroupIncludedItem' SensitiveDataScannerGetConfigResponse: description: Get all groups response. properties: data: $ref: '#/components/schemas/SensitiveDataScannerGetConfigResponseData' included: $ref: '#/components/schemas/SensitiveDataScannerGetConfigIncludedArray' meta: $ref: '#/components/schemas/SensitiveDataScannerMeta' type: object SensitiveDataScannerGetConfigResponseData: description: Response data related to the scanning groups. properties: attributes: additionalProperties: {} description: Attributes of the Sensitive Data configuration. type: object id: description: ID of the configuration. type: string relationships: $ref: '#/components/schemas/SensitiveDataScannerConfigurationRelationships' type: $ref: '#/components/schemas/SensitiveDataScannerConfigurationType' type: object SensitiveDataScannerGroup: description: A scanning group. properties: id: description: ID of the group. type: string type: $ref: '#/components/schemas/SensitiveDataScannerGroupType' type: object SensitiveDataScannerGroupAttributes: description: Attributes of the Sensitive Data Scanner group. properties: description: description: Description of the group. type: string filter: $ref: '#/components/schemas/SensitiveDataScannerFilter' is_enabled: description: Whether or not the group is enabled. type: boolean name: description: Name of the group. type: string product_list: description: List of products the scanning group applies. items: $ref: '#/components/schemas/SensitiveDataScannerProduct' type: array type: object SensitiveDataScannerGroupCreate: description: Data related to the creation of a group. properties: attributes: $ref: '#/components/schemas/SensitiveDataScannerGroupAttributes' relationships: $ref: '#/components/schemas/SensitiveDataScannerGroupRelationships' type: $ref: '#/components/schemas/SensitiveDataScannerGroupType' required: - type - attributes type: object SensitiveDataScannerGroupCreateRequest: description: Create group request. properties: data: $ref: '#/components/schemas/SensitiveDataScannerGroupCreate' meta: $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly' type: object SensitiveDataScannerGroupData: description: A scanning group data. properties: data: $ref: '#/components/schemas/SensitiveDataScannerGroup' type: object SensitiveDataScannerGroupDeleteRequest: description: Delete group request. properties: meta: $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly' required: - meta type: object SensitiveDataScannerGroupDeleteResponse: description: Delete group response. properties: meta: $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly' type: object SensitiveDataScannerGroupIncludedItem: description: A Scanning Group included item. properties: attributes: $ref: '#/components/schemas/SensitiveDataScannerGroupAttributes' id: description: ID of the group. type: string relationships: $ref: '#/components/schemas/SensitiveDataScannerGroupRelationships' type: $ref: '#/components/schemas/SensitiveDataScannerGroupType' type: object SensitiveDataScannerGroupItem: description: Data related to a Sensitive Data Scanner Group. properties: id: description: ID of the group. type: string type: $ref: '#/components/schemas/SensitiveDataScannerGroupType' type: object SensitiveDataScannerGroupList: description: List of groups, ordered. properties: data: description: List of groups. The order is important. items: $ref: '#/components/schemas/SensitiveDataScannerGroupItem' type: array type: object SensitiveDataScannerGroupRelationships: description: Relationships of the group. properties: configuration: $ref: '#/components/schemas/SensitiveDataScannerConfigurationData' rules: $ref: '#/components/schemas/SensitiveDataScannerRuleData' type: object SensitiveDataScannerGroupResponse: description: Response data related to the creation of a group. properties: attributes: $ref: '#/components/schemas/SensitiveDataScannerGroupAttributes' id: description: ID of the group. type: string relationships: $ref: '#/components/schemas/SensitiveDataScannerGroupRelationships' type: $ref: '#/components/schemas/SensitiveDataScannerGroupType' type: object SensitiveDataScannerGroupType: default: sensitive_data_scanner_group description: Sensitive Data Scanner group type. enum: - sensitive_data_scanner_group example: sensitive_data_scanner_group type: string x-enum-varnames: - SENSITIVE_DATA_SCANNER_GROUP SensitiveDataScannerGroupUpdate: description: Data related to the update of a group. properties: attributes: $ref: '#/components/schemas/SensitiveDataScannerGroupAttributes' id: description: ID of the group. type: string relationships: $ref: '#/components/schemas/SensitiveDataScannerGroupRelationships' type: $ref: '#/components/schemas/SensitiveDataScannerGroupType' type: object SensitiveDataScannerGroupUpdateRequest: description: Update group request. properties: data: $ref: '#/components/schemas/SensitiveDataScannerGroupUpdate' meta: $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly' required: - data - meta type: object SensitiveDataScannerGroupUpdateResponse: description: Update group response. properties: meta: $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly' type: object SensitiveDataScannerIncludedKeywordConfiguration: description: 'Object defining a set of keywords and a number of characters that help reduce noise. You can provide a list of keywords you would like to check within a defined proximity of the matching pattern. If any of the keywords are found within the proximity check, the match is kept. If none are found, the match is discarded.' properties: character_count: description: 'The number of characters behind a match detected by Sensitive Data Scanner to look for the keywords defined. `character_count` should be greater than the maximum length of a keyword defined for a rule.' example: 30 format: int64 maximum: 50 minimum: 1 type: integer keywords: description: 'Keyword list that will be checked during scanning in order to validate a match. The number of keywords in the list must be less than or equal to 30.' example: - credit card - cc items: type: string type: array use_recommended_keywords: description: 'Should the rule use the underlying standard pattern keyword configuration. If set to `true`, the rule must be tied to a standard pattern. If set to `false`, the specified keywords and `character_count` are applied.' type: boolean required: - keywords - character_count type: object SensitiveDataScannerMeta: description: Meta response containing information about the API. properties: count_limit: description: Maximum number of scanning rules allowed for the org. format: int64 type: integer group_count_limit: description: Maximum number of scanning groups allowed for the org. format: int64 type: integer has_highlight_enabled: default: true deprecated: true description: (Deprecated) Whether or not scanned events are highlighted in Logs or RUM for the org. type: boolean has_multi_pass_enabled: deprecated: true description: (Deprecated) Whether or not scanned events have multi-pass enabled. type: boolean is_pci_compliant: description: Whether or not the org is compliant to the payment card industry standard. type: boolean version: description: Version of the API. example: 0 format: int64 minimum: 0 type: integer type: object SensitiveDataScannerMetaVersionOnly: description: Meta payload containing information about the API. properties: version: description: Version of the API (optional). example: 0 format: int64 minimum: 0 type: integer type: object SensitiveDataScannerProduct: default: logs description: Datadog product onto which Sensitive Data Scanner can be activated. enum: - logs - rum - events - apm type: string x-enum-varnames: - LOGS - RUM - EVENTS - APM SensitiveDataScannerReorderConfig: description: Data related to the reordering of scanning groups. properties: id: description: ID of the configuration. type: string relationships: $ref: '#/components/schemas/SensitiveDataScannerConfigurationRelationships' type: $ref: '#/components/schemas/SensitiveDataScannerConfigurationType' type: object SensitiveDataScannerReorderGroupsResponse: description: Group reorder response. properties: meta: $ref: '#/components/schemas/SensitiveDataScannerMeta' type: object SensitiveDataScannerRule: description: Rule item included in the group. properties: id: description: ID of the rule. type: string type: $ref: '#/components/schemas/SensitiveDataScannerRuleType' type: object SensitiveDataScannerRuleAttributes: description: Attributes of the Sensitive Data Scanner rule. properties: description: description: Description of the rule. type: string excluded_namespaces: description: Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array. example: - admin.name items: type: string type: array included_keyword_configuration: $ref: '#/components/schemas/SensitiveDataScannerIncludedKeywordConfiguration' is_enabled: description: Whether or not the rule is enabled. type: boolean name: description: Name of the rule. type: string namespaces: description: 'Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.' example: - admin items: type: string type: array pattern: description: Not included if there is a relationship to a standard pattern. type: string priority: description: Integer from 1 (high) to 5 (low) indicating rule issue severity. format: int64 maximum: 5 minimum: 1 type: integer tags: description: List of tags. items: type: string type: array text_replacement: $ref: '#/components/schemas/SensitiveDataScannerTextReplacement' type: object SensitiveDataScannerRuleCreate: description: Data related to the creation of a rule. properties: attributes: $ref: '#/components/schemas/SensitiveDataScannerRuleAttributes' relationships: $ref: '#/components/schemas/SensitiveDataScannerRuleRelationships' type: $ref: '#/components/schemas/SensitiveDataScannerRuleType' required: - type - attributes - relationships type: object SensitiveDataScannerRuleCreateRequest: description: Create rule request. properties: data: $ref: '#/components/schemas/SensitiveDataScannerRuleCreate' meta: $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly' required: - data - meta type: object SensitiveDataScannerRuleData: description: Rules included in the group. properties: data: description: Rules included in the group. The order is important. items: $ref: '#/components/schemas/SensitiveDataScannerRule' type: array type: object SensitiveDataScannerRuleDeleteRequest: description: Delete rule request. properties: meta: $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly' required: - meta type: object SensitiveDataScannerRuleDeleteResponse: description: Delete rule response. properties: meta: $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly' type: object SensitiveDataScannerRuleIncludedItem: description: A Scanning Rule included item. properties: attributes: $ref: '#/components/schemas/SensitiveDataScannerRuleAttributes' id: description: ID of the rule. type: string relationships: $ref: '#/components/schemas/SensitiveDataScannerRuleRelationships' type: $ref: '#/components/schemas/SensitiveDataScannerRuleType' type: object SensitiveDataScannerRuleRelationships: description: Relationships of a scanning rule. properties: group: $ref: '#/components/schemas/SensitiveDataScannerGroupData' standard_pattern: $ref: '#/components/schemas/SensitiveDataScannerStandardPatternData' type: object SensitiveDataScannerRuleResponse: description: Response data related to the creation of a rule. properties: attributes: $ref: '#/components/schemas/SensitiveDataScannerRuleAttributes' id: description: ID of the rule. type: string relationships: $ref: '#/components/schemas/SensitiveDataScannerRuleRelationships' type: $ref: '#/components/schemas/SensitiveDataScannerRuleType' type: object SensitiveDataScannerRuleType: default: sensitive_data_scanner_rule description: Sensitive Data Scanner rule type. enum: - sensitive_data_scanner_rule example: sensitive_data_scanner_rule type: string x-enum-varnames: - SENSITIVE_DATA_SCANNER_RULE SensitiveDataScannerRuleUpdate: description: Data related to the update of a rule. properties: attributes: $ref: '#/components/schemas/SensitiveDataScannerRuleAttributes' id: description: ID of the rule. type: string relationships: $ref: '#/components/schemas/SensitiveDataScannerRuleRelationships' type: $ref: '#/components/schemas/SensitiveDataScannerRuleType' type: object SensitiveDataScannerRuleUpdateRequest: description: Update rule request. properties: data: $ref: '#/components/schemas/SensitiveDataScannerRuleUpdate' meta: $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly' required: - data - meta type: object SensitiveDataScannerRuleUpdateResponse: description: Update rule response. properties: meta: $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly' type: object SensitiveDataScannerStandardPattern: description: Data containing the standard pattern id. properties: id: description: ID of the standard pattern. type: string type: $ref: '#/components/schemas/SensitiveDataScannerStandardPatternType' type: object SensitiveDataScannerStandardPatternAttributes: description: Attributes of the Sensitive Data Scanner standard pattern. properties: description: description: Description of the standard pattern. type: string included_keywords: description: List of included keywords. items: type: string type: array name: description: Name of the standard pattern. type: string pattern: deprecated: true description: (Deprecated) Regex to match, optionally documented for older standard rules. Refer to the `description` field to understand what the rule does. type: string priority: description: Integer from 1 (high) to 5 (low) indicating standard pattern issue severity. format: int64 maximum: 5 minimum: 1 type: integer tags: description: List of tags. items: type: string type: array type: object SensitiveDataScannerStandardPatternData: description: A standard pattern. properties: data: $ref: '#/components/schemas/SensitiveDataScannerStandardPattern' type: object SensitiveDataScannerStandardPatternType: default: sensitive_data_scanner_standard_pattern description: Sensitive Data Scanner standard pattern type. enum: - sensitive_data_scanner_standard_pattern example: sensitive_data_scanner_standard_pattern type: string x-enum-varnames: - SENSITIVE_DATA_SCANNER_STANDARD_PATTERN SensitiveDataScannerStandardPatternsResponse: description: List Standard patterns response. items: $ref: '#/components/schemas/SensitiveDataScannerStandardPatternsResponseItem' type: array SensitiveDataScannerStandardPatternsResponseData: description: List Standard patterns response data. properties: data: $ref: '#/components/schemas/SensitiveDataScannerStandardPatternsResponse' type: object SensitiveDataScannerStandardPatternsResponseItem: description: Standard pattern item. properties: attributes: $ref: '#/components/schemas/SensitiveDataScannerStandardPatternAttributes' id: description: ID of the standard pattern. type: string type: $ref: '#/components/schemas/SensitiveDataScannerStandardPatternType' type: object SensitiveDataScannerTextReplacement: description: Object describing how the scanned event will be replaced. properties: number_of_chars: description: 'Required if type == ''partial_replacement_from_beginning'' or ''partial_replacement_from_end''. It must be > 0.' format: int64 minimum: 0 type: integer replacement_string: description: Required if type == 'replacement_string'. type: string type: $ref: '#/components/schemas/SensitiveDataScannerTextReplacementType' type: object SensitiveDataScannerTextReplacementType: default: none description: 'Type of the replacement text. None means no replacement. hash means the data will be stubbed. replacement_string means that one can chose a text to replace the data. partial_replacement_from_beginning allows a user to partially replace the data from the beginning, and partial_replacement_from_end on the other hand, allows to replace data from the end.' enum: - none - hash - replacement_string - partial_replacement_from_beginning - partial_replacement_from_end type: string x-enum-varnames: - NONE - HASH - REPLACEMENT_STRING - PARTIAL_REPLACEMENT_FROM_BEGINNING - PARTIAL_REPLACEMENT_FROM_END ServiceAccountCreateAttributes: description: Attributes of the created user. properties: email: description: The email of the user. example: jane.doe@example.com type: string name: description: The name of the user. type: string service_account: description: Whether the user is a service account. Must be true. example: true type: boolean title: description: The title of the user. type: string required: - email - service_account type: object ServiceAccountCreateData: description: Object to create a service account User. properties: attributes: $ref: '#/components/schemas/ServiceAccountCreateAttributes' relationships: $ref: '#/components/schemas/UserRelationships' type: $ref: '#/components/schemas/UsersType' required: - attributes - type type: object ServiceAccountCreateRequest: description: Create a service account. properties: data: $ref: '#/components/schemas/ServiceAccountCreateData' required: - data type: object ServiceDefinitionCreateResponse: description: Create service definitions response. properties: data: description: Create service definitions response payload. items: $ref: '#/components/schemas/ServiceDefinitionData' type: array type: object ServiceDefinitionData: description: Service definition data. properties: attributes: $ref: '#/components/schemas/ServiceDefinitionDataAttributes' id: description: Service definition id. type: string type: description: Service definition type. type: string type: object ServiceDefinitionDataAttributes: description: Service definition attributes. properties: meta: $ref: '#/components/schemas/ServiceDefinitionMeta' schema: $ref: '#/components/schemas/ServiceDefinitionSchema' type: object ServiceDefinitionGetResponse: description: Get service definition response. properties: data: $ref: '#/components/schemas/ServiceDefinitionData' type: object ServiceDefinitionMeta: description: Metadata about a service definition. properties: github-html-url: description: GitHub HTML URL. type: string ingested-schema-version: description: Ingestion schema version. type: string ingestion-source: description: Ingestion source of the service definition. type: string last-modified-time: description: Last modified time of the service definition. type: string origin: description: User defined origin of the service definition. type: string origin-detail: description: User defined origin's detail of the service definition. type: string warnings: description: A list of schema validation warnings. items: $ref: '#/components/schemas/ServiceDefinitionMetaWarnings' type: array type: object ServiceDefinitionMetaWarnings: description: Schema validation warnings. properties: instance-location: description: The warning instance location. type: string keyword-location: description: The warning keyword location. type: string message: description: The warning message. type: string type: object ServiceDefinitionRaw: description: Service Definition in raw JSON/YAML representation. example: '--- schema-version: v2 dd-service: my-service ' type: string ServiceDefinitionSchema: description: Service definition schema. oneOf: - $ref: '#/components/schemas/ServiceDefinitionV1' - $ref: '#/components/schemas/ServiceDefinitionV2' - $ref: '#/components/schemas/ServiceDefinitionV2Dot1' - $ref: '#/components/schemas/ServiceDefinitionV2Dot2' ServiceDefinitionSchemaVersions: description: Schema versions enum: - v1 - v2 - v2.1 - v2.2 type: string x-enum-varnames: - V1 - V2 - V2_1 - V2_2 ServiceDefinitionV1: deprecated: true description: Deprecated - Service definition V1 for providing additional service metadata and integrations. properties: contact: $ref: '#/components/schemas/ServiceDefinitionV1Contact' extensions: additionalProperties: {} description: Extensions to V1 schema. example: myorg/extension: extensionValue type: object external-resources: description: A list of external links related to the services. items: $ref: '#/components/schemas/ServiceDefinitionV1Resource' type: array info: $ref: '#/components/schemas/ServiceDefinitionV1Info' integrations: $ref: '#/components/schemas/ServiceDefinitionV1Integrations' org: $ref: '#/components/schemas/ServiceDefinitionV1Org' schema-version: $ref: '#/components/schemas/ServiceDefinitionV1Version' tags: description: A set of custom tags. example: - my:tag - service:tag items: type: string type: array required: - schema-version - info type: object ServiceDefinitionV1Contact: description: Contact information about the service. properties: email: description: "Service owner\u2019s email." example: contact@datadoghq.com type: string slack: description: "Service owner\u2019s Slack channel." example: https://yourcompany.slack.com/archives/channel123 type: string type: object ServiceDefinitionV1Info: description: Basic information about a service. properties: dd-service: description: Unique identifier of the service. Must be unique across all services and is used to match with a service in Datadog. example: myservice type: string description: description: A short description of the service. example: A shopping cart service type: string display-name: description: A friendly name of the service. example: My Service type: string service-tier: description: Service tier. example: Tier 1 type: string required: - dd-service type: object ServiceDefinitionV1Integrations: description: Third party integrations that Datadog supports. properties: pagerduty: $ref: '#/components/schemas/ServiceDefinitionV1Pagerduty' type: object ServiceDefinitionV1Org: description: Org related information about the service. properties: application: description: App feature this service supports. example: E-Commerce type: string team: description: Team that owns the service. example: my-team type: string type: object ServiceDefinitionV1Pagerduty: description: PagerDuty service URL for the service. example: https://my-org.pagerduty.com/service-directory/PMyService type: string ServiceDefinitionV1Resource: description: Service's external links. properties: name: description: Link name. example: Runbook type: string type: $ref: '#/components/schemas/ServiceDefinitionV1ResourceType' url: description: Link URL. example: https://my-runbook type: string required: - name - type - url type: object ServiceDefinitionV1ResourceType: description: Link type. enum: - doc - wiki - runbook - url - repo - dashboard - oncall - code - link example: runbook type: string x-enum-varnames: - DOC - WIKI - RUNBOOK - URL - REPO - DASHBOARD - ONCALL - CODE - LINK ServiceDefinitionV1Version: default: v1 description: Schema version being used. enum: - v1 example: v1 type: string x-enum-varnames: - V1 ServiceDefinitionV2: description: Service definition V2 for providing service metadata and integrations. properties: contacts: description: A list of contacts related to the services. items: $ref: '#/components/schemas/ServiceDefinitionV2Contact' type: array dd-service: description: Unique identifier of the service. Must be unique across all services and is used to match with a service in Datadog. example: my-service type: string dd-team: description: Experimental feature. A Team handle that matches a Team in the Datadog Teams product. example: my-team type: string docs: description: A list of documentation related to the services. items: $ref: '#/components/schemas/ServiceDefinitionV2Doc' type: array extensions: additionalProperties: {} description: Extensions to V2 schema. example: myorg/extension: extensionValue type: object integrations: $ref: '#/components/schemas/ServiceDefinitionV2Integrations' links: description: A list of links related to the services. items: $ref: '#/components/schemas/ServiceDefinitionV2Link' type: array repos: description: A list of code repositories related to the services. items: $ref: '#/components/schemas/ServiceDefinitionV2Repo' type: array schema-version: $ref: '#/components/schemas/ServiceDefinitionV2Version' tags: description: A set of custom tags. example: - my:tag - service:tag items: type: string type: array team: description: Team that owns the service. example: my-team type: string required: - schema-version - dd-service type: object ServiceDefinitionV2Contact: description: Service owner's contacts information. oneOf: - $ref: '#/components/schemas/ServiceDefinitionV2Email' - $ref: '#/components/schemas/ServiceDefinitionV2Slack' - $ref: '#/components/schemas/ServiceDefinitionV2MSTeams' ServiceDefinitionV2Doc: description: Service documents. properties: name: description: Document name. example: Architecture type: string provider: description: Document provider. example: google drive type: string url: description: Document URL. example: https://gdrive/mydoc type: string required: - name - url type: object ServiceDefinitionV2Dot1: description: Service definition v2.1 for providing service metadata and integrations. properties: application: description: Identifier for a group of related services serving a product feature, which the service is a part of. example: my-app type: string contacts: description: A list of contacts related to the services. items: $ref: '#/components/schemas/ServiceDefinitionV2Dot1Contact' type: array dd-service: description: Unique identifier of the service. Must be unique across all services and is used to match with a service in Datadog. example: my-service type: string description: description: A short description of the service. example: My service description type: string extensions: additionalProperties: {} description: Extensions to v2.1 schema. example: myorg/extension: extensionValue type: object integrations: $ref: '#/components/schemas/ServiceDefinitionV2Dot1Integrations' lifecycle: description: The current life cycle phase of the service. example: sandbox type: string links: description: A list of links related to the services. items: $ref: '#/components/schemas/ServiceDefinitionV2Dot1Link' type: array schema-version: $ref: '#/components/schemas/ServiceDefinitionV2Dot1Version' tags: description: A set of custom tags. example: - my:tag - service:tag items: type: string type: array team: description: Team that owns the service. It is used to locate a team defined in Datadog Teams if it exists. example: my-team type: string tier: description: Importance of the service. example: High type: string required: - schema-version - dd-service type: object ServiceDefinitionV2Dot1Contact: description: Service owner's contacts information. oneOf: - $ref: '#/components/schemas/ServiceDefinitionV2Dot1Email' - $ref: '#/components/schemas/ServiceDefinitionV2Dot1Slack' - $ref: '#/components/schemas/ServiceDefinitionV2Dot1MSTeams' ServiceDefinitionV2Dot1Email: description: Service owner's email. properties: contact: description: Contact value. example: contact@datadoghq.com type: string name: description: Contact email. example: Team Email type: string type: $ref: '#/components/schemas/ServiceDefinitionV2Dot1EmailType' required: - type - contact type: object ServiceDefinitionV2Dot1EmailType: description: Contact type. enum: - email example: email type: string x-enum-varnames: - EMAIL ServiceDefinitionV2Dot1Integrations: description: Third party integrations that Datadog supports. properties: opsgenie: $ref: '#/components/schemas/ServiceDefinitionV2Dot1Opsgenie' pagerduty: $ref: '#/components/schemas/ServiceDefinitionV2Dot1Pagerduty' type: object ServiceDefinitionV2Dot1Link: description: Service's external links. properties: name: description: Link name. example: Runbook type: string provider: description: Link provider. example: Github type: string type: $ref: '#/components/schemas/ServiceDefinitionV2Dot1LinkType' url: description: Link URL. example: https://my-runbook type: string required: - name - type - url type: object ServiceDefinitionV2Dot1LinkType: description: Link type. enum: - doc - repo - runbook - dashboard - other example: runbook type: string x-enum-varnames: - DOC - REPO - RUNBOOK - DASHBOARD - OTHER ServiceDefinitionV2Dot1MSTeams: description: Service owner's Microsoft Teams. properties: contact: description: Contact value. example: https://teams.microsoft.com/myteam type: string name: description: Contact Microsoft Teams. example: My team channel type: string type: $ref: '#/components/schemas/ServiceDefinitionV2Dot1MSTeamsType' required: - type - contact type: object ServiceDefinitionV2Dot1MSTeamsType: description: Contact type. enum: - microsoft-teams example: microsoft-teams type: string x-enum-varnames: - MICROSOFT_TEAMS ServiceDefinitionV2Dot1Opsgenie: description: Opsgenie integration for the service. properties: region: $ref: '#/components/schemas/ServiceDefinitionV2Dot1OpsgenieRegion' service-url: description: Opsgenie service url. example: https://my-org.opsgenie.com/service/123e4567-e89b-12d3-a456-426614174000 type: string required: - service-url type: object ServiceDefinitionV2Dot1OpsgenieRegion: description: Opsgenie instance region. enum: - US - EU example: US type: string x-enum-varnames: - US - EU ServiceDefinitionV2Dot1Pagerduty: description: PagerDuty integration for the service. properties: service-url: description: PagerDuty service url. example: https://my-org.pagerduty.com/service-directory/PMyService type: string type: object ServiceDefinitionV2Dot1Slack: description: Service owner's Slack channel. properties: contact: description: Slack Channel. example: https://yourcompany.slack.com/archives/channel123 type: string name: description: Contact Slack. example: Team Slack type: string type: $ref: '#/components/schemas/ServiceDefinitionV2Dot1SlackType' required: - type - contact type: object ServiceDefinitionV2Dot1SlackType: description: Contact type. enum: - slack example: slack type: string x-enum-varnames: - SLACK ServiceDefinitionV2Dot1Version: default: v2.1 description: Schema version being used. enum: - v2.1 example: v2.1 type: string x-enum-varnames: - V2_1 ServiceDefinitionV2Dot2: description: Service definition v2.2 for providing service metadata and integrations. properties: application: description: Identifier for a group of related services serving a product feature, which the service is a part of. example: my-app type: string ci-pipeline-fingerprints: description: A set of CI fingerprints. example: - j88xdEy0J5lc - eZ7LMljCk8vo items: type: string type: array contacts: description: A list of contacts related to the services. items: $ref: '#/components/schemas/ServiceDefinitionV2Dot2Contact' type: array dd-service: description: Unique identifier of the service. Must be unique across all services and is used to match with a service in Datadog. example: my-service type: string description: description: A short description of the service. example: My service description type: string extensions: additionalProperties: {} description: Extensions to v2.2 schema. example: myorg/extension: extensionValue type: object integrations: $ref: '#/components/schemas/ServiceDefinitionV2Dot2Integrations' languages: description: 'The service''s programming language. Datadog recognizes the following languages: `dotnet`, `go`, `java`, `js`, `php`, `python`, `ruby`, and `c++`.' example: - dotnet - go - java - js - php - python - ruby - c++ items: type: string type: array lifecycle: description: The current life cycle phase of the service. example: sandbox type: string links: description: A list of links related to the services. items: $ref: '#/components/schemas/ServiceDefinitionV2Dot2Link' type: array schema-version: $ref: '#/components/schemas/ServiceDefinitionV2Dot2Version' tags: description: A set of custom tags. example: - my:tag - service:tag items: type: string type: array team: description: Team that owns the service. It is used to locate a team defined in Datadog Teams if it exists. example: my-team type: string tier: description: Importance of the service. example: High type: string type: $ref: '#/components/schemas/ServiceDefinitionV2Dot2Type' required: - schema-version - dd-service type: object ServiceDefinitionV2Dot2Contact: description: Service owner's contacts information. properties: contact: description: Contact value. example: https://teams.microsoft.com/myteam type: string name: description: Contact Name. example: My team channel type: string type: description: 'Contact type. Datadog recognizes the following types: `email`, `slack`, and `microsoft-teams`.' example: slack type: string required: - type - contact type: object ServiceDefinitionV2Dot2Integrations: description: Third party integrations that Datadog supports. properties: opsgenie: $ref: '#/components/schemas/ServiceDefinitionV2Dot2Opsgenie' pagerduty: $ref: '#/components/schemas/ServiceDefinitionV2Dot2Pagerduty' type: object ServiceDefinitionV2Dot2Link: description: Service's external links. properties: name: description: Link name. example: Runbook type: string provider: description: Link provider. example: Github type: string type: description: 'Link type. Datadog recognizes the following types: `runbook`, `doc`, `repo`, `dashboard`, and `other`.' example: runbook type: string url: description: Link URL. example: https://my-runbook type: string required: - name - type - url type: object ServiceDefinitionV2Dot2Opsgenie: description: Opsgenie integration for the service. properties: region: $ref: '#/components/schemas/ServiceDefinitionV2Dot2OpsgenieRegion' service-url: description: Opsgenie service url. example: https://my-org.opsgenie.com/service/123e4567-e89b-12d3-a456-426614174000 type: string required: - service-url type: object ServiceDefinitionV2Dot2OpsgenieRegion: description: Opsgenie instance region. enum: - US - EU example: US type: string x-enum-varnames: - US - EU ServiceDefinitionV2Dot2Pagerduty: description: PagerDuty integration for the service. properties: service-url: description: PagerDuty service url. example: https://my-org.pagerduty.com/service-directory/PMyService type: string type: object ServiceDefinitionV2Dot2Type: description: The type of service. example: web type: string ServiceDefinitionV2Dot2Version: default: v2.2 description: Schema version being used. enum: - v2.2 example: v2.2 type: string x-enum-varnames: - V2_2 ServiceDefinitionV2Email: description: Service owner's email. properties: contact: description: Contact value. example: contact@datadoghq.com type: string name: description: Contact email. example: Team Email type: string type: $ref: '#/components/schemas/ServiceDefinitionV2EmailType' required: - type - contact type: object ServiceDefinitionV2EmailType: description: Contact type. enum: - email example: email type: string x-enum-varnames: - EMAIL ServiceDefinitionV2Integrations: description: Third party integrations that Datadog supports. properties: opsgenie: $ref: '#/components/schemas/ServiceDefinitionV2Opsgenie' pagerduty: $ref: '#/components/schemas/ServiceDefinitionV2Pagerduty' type: object ServiceDefinitionV2Link: description: Service's external links. properties: name: description: Link name. example: Runbook type: string type: $ref: '#/components/schemas/ServiceDefinitionV2LinkType' url: description: Link URL. example: https://my-runbook type: string required: - name - type - url type: object ServiceDefinitionV2LinkType: description: Link type. enum: - doc - wiki - runbook - url - repo - dashboard - oncall - code - link example: runbook type: string x-enum-varnames: - DOC - WIKI - RUNBOOK - URL - REPO - DASHBOARD - ONCALL - CODE - LINK ServiceDefinitionV2MSTeams: description: Service owner's Microsoft Teams. properties: contact: description: Contact value. example: https://teams.microsoft.com/myteam type: string name: description: Contact Microsoft Teams. example: My team channel type: string type: $ref: '#/components/schemas/ServiceDefinitionV2MSTeamsType' required: - type - contact type: object ServiceDefinitionV2MSTeamsType: description: Contact type. enum: - microsoft-teams example: microsoft-teams type: string x-enum-varnames: - MICROSOFT_TEAMS ServiceDefinitionV2Opsgenie: description: Opsgenie integration for the service. properties: region: $ref: '#/components/schemas/ServiceDefinitionV2OpsgenieRegion' service-url: description: Opsgenie service url. example: https://my-org.opsgenie.com/service/123e4567-e89b-12d3-a456-426614174000 type: string required: - service-url type: object ServiceDefinitionV2OpsgenieRegion: description: Opsgenie instance region. enum: - US - EU example: US type: string x-enum-varnames: - US - EU ServiceDefinitionV2Pagerduty: description: PagerDuty service URL for the service. example: https://my-org.pagerduty.com/service-directory/PMyService type: string ServiceDefinitionV2Repo: description: Service code repositories. properties: name: description: Repository name. example: Source Code type: string provider: description: Repository provider. example: GitHub type: string url: description: Repository URL. example: https://github.com/DataDog/schema type: string required: - name - url type: object ServiceDefinitionV2Slack: description: Service owner's Slack channel. properties: contact: description: Slack Channel. example: https://yourcompany.slack.com/archives/channel123 type: string name: description: Contact Slack. example: Team Slack type: string type: $ref: '#/components/schemas/ServiceDefinitionV2SlackType' required: - type - contact type: object ServiceDefinitionV2SlackType: description: Contact type. enum: - slack example: slack type: string x-enum-varnames: - SLACK ServiceDefinitionV2Version: default: v2 description: Schema version being used. enum: - v2 example: v2 type: string x-enum-varnames: - V2 ServiceDefinitionsCreateRequest: description: Create service definitions request. oneOf: - $ref: '#/components/schemas/ServiceDefinitionV2Dot2' - $ref: '#/components/schemas/ServiceDefinitionV2Dot1' - $ref: '#/components/schemas/ServiceDefinitionV2' - $ref: '#/components/schemas/ServiceDefinitionRaw' ServiceDefinitionsListResponse: description: Create service definitions response. properties: data: description: Data representing service definitions. items: $ref: '#/components/schemas/ServiceDefinitionData' type: array type: object ServiceNowTicket: description: ServiceNow ticket attached to case nullable: true properties: result: $ref: '#/components/schemas/ServiceNowTicketResult' status: $ref: '#/components/schemas/Case3rdPartyTicketStatus' readOnly: true type: object ServiceNowTicketResult: description: ServiceNow ticket information properties: sys_target_link: description: Link to the Incident created on ServiceNow type: string type: object Shift: description: The definition of `Shift` object. example: data: attributes: end: '2025-05-07T03:53:01.206662873Z' start: '2025-05-07T02:53:01.206662814Z' id: 00000000-0000-0000-0000-000000000000 relationships: user: data: id: 00000000-aba1-0000-0000-000000000000 type: users type: shifts included: - attributes: email: foo@bar.com name: User 1 status: '' id: 00000000-aba1-0000-0000-000000000000 type: users properties: data: $ref: '#/components/schemas/ShiftData' nullable: true included: description: The `Shift` `included`. items: $ref: '#/components/schemas/ShiftIncluded' type: array type: object ShiftData: description: The definition of `ShiftData` object. properties: attributes: $ref: '#/components/schemas/ShiftDataAttributes' id: description: The `ShiftData` `id`. type: string relationships: $ref: '#/components/schemas/ShiftDataRelationships' type: $ref: '#/components/schemas/ShiftDataType' required: - type type: object ShiftDataAttributes: description: The definition of `ShiftDataAttributes` object. properties: end: description: The end time of the shift. format: date-time type: string start: description: The start time of the shift. format: date-time type: string type: object ShiftDataRelationships: description: The definition of `ShiftDataRelationships` object. properties: user: $ref: '#/components/schemas/ShiftDataRelationshipsUser' type: object ShiftDataRelationshipsUser: description: Defines the relationship between a shift and the user who is working that shift. properties: data: $ref: '#/components/schemas/ShiftDataRelationshipsUserData' required: - data type: object ShiftDataRelationshipsUserData: description: Represents a reference to the user assigned to this shift, containing the user's ID and resource type. properties: id: description: Specifies the unique identifier of the user. example: 00000000-0000-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/ShiftDataRelationshipsUserDataType' required: - type - id type: object ShiftDataRelationshipsUserDataType: default: users description: Indicates that the related resource is of type 'users'. enum: - users example: users type: string x-enum-varnames: - USERS ShiftDataType: default: shifts description: Indicates that the resource is of type 'shifts'. enum: - shifts example: shifts type: string x-enum-varnames: - SHIFTS ShiftIncluded: description: The definition of `ShiftIncluded` object. oneOf: - $ref: '#/components/schemas/ScheduleUser' SingleAggregatedConnectionResponseArray: description: List of aggregated connections. example: data: - attributes: bytes_sent_by_client: 100 bytes_sent_by_server: 200 group_bys: client_team: - networks server_service: - hucklebuck packets_sent_by_client: 10 packets_sent_by_server: 20 rtt_micro_seconds: 800 tcp_closed_connections: 30 tcp_established_connections: 40 tcp_refusals: 7 tcp_resets: 5 tcp_retransmits: 30 tcp_timeouts: 6 id: client_team:networks, server_service:hucklebuck type: aggregated_connection properties: data: description: Array of aggregated connection objects. items: $ref: '#/components/schemas/SingleAggregatedConnectionResponseData' type: array type: object SingleAggregatedConnectionResponseData: description: Object describing an aggregated connection. properties: attributes: $ref: '#/components/schemas/SingleAggregatedConnectionResponseDataAttributes' id: description: A unique identifier for the aggregated connection based on the group by values. type: string type: $ref: '#/components/schemas/SingleAggregatedConnectionResponseDataType' type: object SingleAggregatedConnectionResponseDataAttributes: description: Attributes for an aggregated connection. properties: bytes_sent_by_client: description: The total number of bytes sent by the client over the given period. format: int64 type: integer bytes_sent_by_server: description: The total number of bytes sent by the server over the given period. format: int64 type: integer group_bys: additionalProperties: description: The values for each group by. items: type: string type: array description: The key, value pairs for each group by. type: object packets_sent_by_client: description: The total number of packets sent by the client over the given period. format: int64 type: integer packets_sent_by_server: description: The total number of packets sent by the server over the given period. format: int64 type: integer rtt_micro_seconds: description: Measured as TCP smoothed round trip time in microseconds (the time between a TCP frame being sent and acknowledged). format: int64 type: integer tcp_closed_connections: description: The number of TCP connections in a closed state. Measured in connections per second from the client. format: int64 type: integer tcp_established_connections: description: The number of TCP connections in an established state. Measured in connections per second from the client. format: int64 type: integer tcp_refusals: description: The number of TCP connections that were refused by the server. Typically this indicates an attempt to connect to an IP/port that is not receiving connections, or a firewall/security misconfiguration. format: int64 type: integer tcp_resets: description: The number of TCP connections that were reset by the server. format: int64 type: integer tcp_retransmits: description: TCP Retransmits represent detected failures that are retransmitted to ensure delivery. Measured in count of retransmits from the client. format: int64 type: integer tcp_timeouts: description: The number of TCP connections that timed out from the perspective of the operating system. This can indicate general connectivity and latency issues. format: int64 type: integer type: object SingleAggregatedConnectionResponseDataType: default: aggregated_connection description: Aggregated connection resource type. enum: - aggregated_connection type: string x-enum-varnames: - AGGREGATED_CONNECTION SlackIntegrationMetadata: description: Incident integration metadata for the Slack integration. properties: channels: description: Array of Slack channels in this integration metadata. example: [] items: $ref: '#/components/schemas/SlackIntegrationMetadataChannelItem' type: array required: - channels type: object SlackIntegrationMetadataChannelItem: description: Item in the Slack integration metadata channel array. properties: channel_id: description: Slack channel ID. example: C0123456789 type: string channel_name: description: Name of the Slack channel. example: '#example-channel-name' type: string redirect_url: description: URL redirecting to the Slack channel. example: https://slack.com/app_redirect?channel=C0123456789&team=T01234567 type: string team_id: description: Slack team ID. example: T01234567 type: string required: - channel_id - channel_name - redirect_url type: object SlackTriggerWrapper: description: Schema for a Slack-based trigger. properties: slackTrigger: description: Trigger a workflow from Slack. The workflow must be published. type: object startStepNames: $ref: '#/components/schemas/StartStepNames' required: - slackTrigger type: object SloReportCreateRequest: description: The SLO report request body. properties: data: $ref: '#/components/schemas/SloReportCreateRequestData' required: - data type: object SloReportCreateRequestAttributes: description: The attributes portion of the SLO report request. properties: from_ts: description: The `from` timestamp for the report in epoch seconds. example: 1690901870 format: int64 type: integer interval: $ref: '#/components/schemas/SLOReportInterval' query: description: The query string used to filter SLO results. Some examples of queries include `service:<service-name>` and `slo-name`. example: slo_type:metric type: string timezone: description: The timezone used to determine the start and end of each interval. For example, weekly intervals start at 12am on Sunday in the specified timezone. example: America/New_York type: string to_ts: description: The `to` timestamp for the report in epoch seconds. example: 1706803070 format: int64 type: integer required: - query - from_ts - to_ts type: object SloReportCreateRequestData: description: The data portion of the SLO report request. properties: attributes: $ref: '#/components/schemas/SloReportCreateRequestAttributes' required: - attributes type: object SoftwareCatalogTriggerWrapper: description: Schema for a Software Catalog-based trigger. properties: softwareCatalogTrigger: description: Trigger a workflow from Software Catalog. type: object startStepNames: $ref: '#/components/schemas/StartStepNames' required: - softwareCatalogTrigger type: object SortDirection: default: desc description: The direction to sort by. enum: - desc - asc type: string x-enum-varnames: - DESC - ASC Span: description: Object description of a spans after being processed and stored by Datadog. properties: attributes: $ref: '#/components/schemas/SpansAttributes' id: description: Unique ID of the Span. example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA type: string type: $ref: '#/components/schemas/SpansType' type: object SpansAggregateBucket: description: Spans aggregate. properties: attributes: $ref: '#/components/schemas/SpansAggregateBucketAttributes' id: description: ID of the spans aggregate. type: string type: $ref: '#/components/schemas/SpansAggregateBucketType' type: object SpansAggregateBucketAttributes: description: A bucket values. properties: by: additionalProperties: description: The values for each group by. description: The key, value pairs for each group by. example: '@state': success '@version': abc type: object compute: description: The compute data. type: object computes: additionalProperties: $ref: '#/components/schemas/SpansAggregateBucketValue' description: A map of the metric name -> value for regular compute or list of values for a timeseries. type: object type: object SpansAggregateBucketType: description: The spans aggregate bucket type. enum: - bucket example: bucket type: string x-enum-varnames: - BUCKET SpansAggregateBucketValue: description: A bucket value, can be either a timeseries or a single value. oneOf: - $ref: '#/components/schemas/SpansAggregateBucketValueSingleString' - $ref: '#/components/schemas/SpansAggregateBucketValueSingleNumber' - $ref: '#/components/schemas/SpansAggregateBucketValueTimeseries' SpansAggregateBucketValueSingleNumber: description: A single number value. format: double type: number SpansAggregateBucketValueSingleString: description: A single string value. type: string SpansAggregateBucketValueTimeseries: description: A timeseries array. items: $ref: '#/components/schemas/SpansAggregateBucketValueTimeseriesPoint' type: array x-generate-alias-as-model: true SpansAggregateBucketValueTimeseriesPoint: description: A timeseries point. properties: time: description: The time value for this point. example: '2023-06-08T11:55:00Z' type: string value: description: The value for this point. example: 19 format: double type: number type: object SpansAggregateData: description: The object containing the query content. properties: attributes: $ref: '#/components/schemas/SpansAggregateRequestAttributes' type: $ref: '#/components/schemas/SpansAggregateRequestType' type: object SpansAggregateRequest: description: The object sent with the request to retrieve a list of aggregated spans from your organization. properties: data: $ref: '#/components/schemas/SpansAggregateData' type: object SpansAggregateRequestAttributes: description: The object containing all the query parameters. properties: compute: description: The list of metrics or timeseries to compute for the retrieved buckets. items: $ref: '#/components/schemas/SpansCompute' type: array filter: $ref: '#/components/schemas/SpansQueryFilter' group_by: description: The rules for the group by. items: $ref: '#/components/schemas/SpansGroupBy' type: array options: $ref: '#/components/schemas/SpansQueryOptions' type: object SpansAggregateRequestType: default: aggregate_request description: The type of resource. The value should always be aggregate_request. enum: - aggregate_request example: aggregate_request type: string x-enum-varnames: - AGGREGATE_REQUEST SpansAggregateResponse: description: The response object for the spans aggregate API endpoint. properties: data: description: The list of matching buckets, one item per bucket. items: $ref: '#/components/schemas/SpansAggregateBucket' type: array meta: $ref: '#/components/schemas/SpansAggregateResponseMetadata' type: object SpansAggregateResponseMetadata: description: The metadata associated with a request. properties: elapsed: description: The time elapsed in milliseconds. example: 132 format: int64 type: integer request_id: description: The identifier of the request. example: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR type: string status: $ref: '#/components/schemas/SpansAggregateResponseStatus' warnings: description: 'A list of warnings (non fatal errors) encountered, partial results might be returned if warnings are present in the response.' items: $ref: '#/components/schemas/SpansWarning' type: array type: object SpansAggregateResponseStatus: description: The status of the response. enum: - done - timeout example: done type: string x-enum-varnames: - DONE - TIMEOUT SpansAggregateSort: description: A sort rule. example: aggregation: count order: asc properties: aggregation: $ref: '#/components/schemas/SpansAggregationFunction' metric: description: The metric to sort by (only used for `type=measure`). example: '@duration' type: string order: $ref: '#/components/schemas/SpansSortOrder' type: $ref: '#/components/schemas/SpansAggregateSortType' type: object SpansAggregateSortType: default: alphabetical description: The type of sorting algorithm. enum: - alphabetical - measure type: string x-enum-varnames: - ALPHABETICAL - MEASURE SpansAggregationFunction: description: An aggregation function. enum: - count - cardinality - pc75 - pc90 - pc95 - pc98 - pc99 - sum - min - max - avg - median example: pc90 type: string x-enum-varnames: - COUNT - CARDINALITY - PERCENTILE_75 - PERCENTILE_90 - PERCENTILE_95 - PERCENTILE_98 - PERCENTILE_99 - SUM - MIN - MAX - AVG - MEDIAN SpansAttributes: description: JSON object containing all span attributes and their associated values. properties: attributes: additionalProperties: {} description: JSON object of attributes from your span. example: customAttribute: 123 duration: 2345 type: object custom: additionalProperties: {} description: JSON object of custom spans data. type: object end_timestamp: description: End timestamp of your span. example: '2023-01-02T09:42:36.420Z' format: date-time type: string env: description: Name of the environment from where the spans are being sent. example: prod type: string host: description: Name of the machine from where the spans are being sent. example: i-0123 type: string ingestion_reason: description: The reason why the span was ingested. example: rule type: string parent_id: description: Id of the span that's parent of this span. example: '0' type: string resource_hash: description: Unique identifier of the resource. example: a12345678b91c23d type: string resource_name: description: The name of the resource. example: agent type: string retained_by: description: The reason why the span was indexed. example: retention_filter type: string service: description: 'The name of the application or service generating the span events. It is used to switch from APM to Logs, so make sure you define the same value when you use both products.' example: agent type: string single_span: description: Whether or not the span was collected as a stand-alone span. Always associated to "single_span" ingestion_reason if true. example: true type: boolean span_id: description: Id of the span. example: '1234567890987654321' type: string start_timestamp: description: Start timestamp of your span. example: '2023-01-02T09:42:36.320Z' format: date-time type: string tags: description: Array of tags associated with your span. example: - team:A items: description: Tag associated with your span. type: string type: array trace_id: description: Id of the trace to which the span belongs. example: '1234567890987654321' type: string type: description: The type of the span. example: web type: string type: object SpansCompute: description: A compute rule to compute metrics or timeseries. properties: aggregation: $ref: '#/components/schemas/SpansAggregationFunction' interval: description: 'The time buckets'' size (only used for type=timeseries) Defaults to a resolution of 150 points.' example: 5m type: string metric: description: The metric to use. example: '@duration' type: string type: $ref: '#/components/schemas/SpansComputeType' required: - aggregation type: object SpansComputeType: default: total description: The type of compute. enum: - timeseries - total type: string x-enum-varnames: - TIMESERIES - TOTAL SpansFilter: description: The spans filter used to index spans. properties: query: description: The search query - following the [span search syntax](https://docs.datadoghq.com/tracing/trace_explorer/query_syntax/). example: '@http.status_code:200 service:my-service' type: string type: object SpansFilterCreate: description: The spans filter. Spans matching this filter will be indexed and stored. properties: query: description: The search query - following the [span search syntax](https://docs.datadoghq.com/tracing/trace_explorer/query_syntax/). example: '@http.status_code:200 service:my-service' type: string required: - query type: object SpansGroupBy: description: A group by rule. properties: facet: description: The name of the facet to use (required). example: host type: string histogram: $ref: '#/components/schemas/SpansGroupByHistogram' limit: default: 10 description: The maximum buckets to return for this group by. format: int64 type: integer missing: $ref: '#/components/schemas/SpansGroupByMissing' sort: $ref: '#/components/schemas/SpansAggregateSort' total: $ref: '#/components/schemas/SpansGroupByTotal' required: - facet type: object SpansGroupByHistogram: description: 'Used to perform a histogram computation (only for measure facets). Note: At most 100 buckets are allowed, the number of buckets is (max - min)/interval.' properties: interval: description: The bin size of the histogram buckets. example: 10 format: double type: number max: description: 'The maximum value for the measure used in the histogram (values greater than this one are filtered out).' example: 100 format: double type: number min: description: 'The minimum value for the measure used in the histogram (values smaller than this one are filtered out).' example: 50 format: double type: number required: - interval - min - max type: object SpansGroupByMissing: description: The value to use for spans that don't have the facet used to group by. oneOf: - $ref: '#/components/schemas/SpansGroupByMissingString' - $ref: '#/components/schemas/SpansGroupByMissingNumber' SpansGroupByMissingNumber: description: The missing value to use if there is a number valued facet. format: double type: number SpansGroupByMissingString: description: The missing value to use if there is string valued facet. type: string SpansGroupByTotal: default: false description: A resulting object to put the given computes in over all the matching records. oneOf: - $ref: '#/components/schemas/SpansGroupByTotalBoolean' - $ref: '#/components/schemas/SpansGroupByTotalString' - $ref: '#/components/schemas/SpansGroupByTotalNumber' SpansGroupByTotalBoolean: description: If set to true, creates an additional bucket labeled "$facet_total". type: boolean SpansGroupByTotalNumber: description: A number to use as the key value for the total bucket. format: double type: number SpansGroupByTotalString: description: A string to use as the key value for the total bucket. type: string SpansListRequest: description: The request for a spans list. properties: data: $ref: '#/components/schemas/SpansListRequestData' type: object SpansListRequestAttributes: description: The object containing all the query parameters. properties: filter: $ref: '#/components/schemas/SpansQueryFilter' options: $ref: '#/components/schemas/SpansQueryOptions' page: $ref: '#/components/schemas/SpansListRequestPage' sort: $ref: '#/components/schemas/SpansSort' type: object SpansListRequestData: description: The object containing the query content. properties: attributes: $ref: '#/components/schemas/SpansListRequestAttributes' type: $ref: '#/components/schemas/SpansListRequestType' type: object SpansListRequestPage: description: Paging attributes for listing spans. properties: cursor: description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string limit: default: 10 description: Maximum number of spans in the response. example: 25 format: int32 maximum: 1000 type: integer type: object SpansListRequestType: default: search_request description: The type of resource. The value should always be search_request. enum: - search_request example: search_request type: string x-enum-varnames: - SEARCH_REQUEST SpansListResponse: description: Response object with all spans matching the request and pagination information. properties: data: description: Array of spans matching the request. items: $ref: '#/components/schemas/Span' type: array links: $ref: '#/components/schemas/SpansListResponseLinks' meta: $ref: '#/components/schemas/SpansListResponseMetadata' type: object SpansListResponseLinks: description: Links attributes. properties: next: description: 'Link for the next set of results. Note that the request can also be made using the POST endpoint.' example: https://app.datadoghq.com/api/v2/spans/event?filter[query]=foo&page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object SpansListResponseMetadata: description: The metadata associated with a request. properties: elapsed: description: The time elapsed in milliseconds. example: 132 format: int64 type: integer page: $ref: '#/components/schemas/SpansResponseMetadataPage' request_id: description: The identifier of the request. example: MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR type: string status: $ref: '#/components/schemas/SpansAggregateResponseStatus' warnings: description: 'A list of warnings (non fatal errors) encountered, partial results might be returned if warnings are present in the response.' items: $ref: '#/components/schemas/SpansWarning' type: array type: object SpansMetricCompute: description: The compute rule to compute the span-based metric. properties: aggregation_type: $ref: '#/components/schemas/SpansMetricComputeAggregationType' include_percentiles: $ref: '#/components/schemas/SpansMetricComputeIncludePercentiles' path: description: The path to the value the span-based metric will aggregate on (only used if the aggregation type is a "distribution"). example: '@duration' type: string required: - aggregation_type type: object SpansMetricComputeAggregationType: description: The type of aggregation to use. enum: - count - distribution example: distribution type: string x-enum-varnames: - COUNT - DISTRIBUTION SpansMetricComputeIncludePercentiles: description: 'Toggle to include or exclude percentile aggregations for distribution metrics. Only present when the `aggregation_type` is `distribution`.' example: false type: boolean SpansMetricCreateAttributes: description: The object describing the Datadog span-based metric to create. properties: compute: $ref: '#/components/schemas/SpansMetricCompute' filter: $ref: '#/components/schemas/SpansMetricFilter' group_by: description: The rules for the group by. items: $ref: '#/components/schemas/SpansMetricGroupBy' type: array required: - compute type: object SpansMetricCreateData: description: The new span-based metric properties. properties: attributes: $ref: '#/components/schemas/SpansMetricCreateAttributes' id: $ref: '#/components/schemas/SpansMetricID' type: $ref: '#/components/schemas/SpansMetricType' required: - id - type - attributes type: object SpansMetricCreateRequest: description: The new span-based metric body. properties: data: $ref: '#/components/schemas/SpansMetricCreateData' required: - data type: object SpansMetricFilter: description: The span-based metric filter. Spans matching this filter will be aggregated in this metric. properties: query: default: '*' description: The search query - following the span search syntax. example: '@http.status_code:200 service:my-service' type: string type: object SpansMetricGroupBy: description: A group by rule. properties: path: description: The path to the value the span-based metric will be aggregated over. example: resource_name type: string tag_name: description: Eventual name of the tag that gets created. By default, the path attribute is used as the tag name. example: resource_name type: string required: - path type: object SpansMetricID: description: The name of the span-based metric. example: my.metric type: string SpansMetricResponse: description: The span-based metric object. properties: data: $ref: '#/components/schemas/SpansMetricResponseData' type: object SpansMetricResponseAttributes: description: The object describing a Datadog span-based metric. properties: compute: $ref: '#/components/schemas/SpansMetricResponseCompute' filter: $ref: '#/components/schemas/SpansMetricResponseFilter' group_by: description: The rules for the group by. items: $ref: '#/components/schemas/SpansMetricResponseGroupBy' type: array type: object SpansMetricResponseCompute: description: The compute rule to compute the span-based metric. properties: aggregation_type: $ref: '#/components/schemas/SpansMetricComputeAggregationType' include_percentiles: $ref: '#/components/schemas/SpansMetricComputeIncludePercentiles' path: description: The path to the value the span-based metric will aggregate on (only used if the aggregation type is a "distribution"). example: '@duration' type: string type: object SpansMetricResponseData: description: The span-based metric properties. properties: attributes: $ref: '#/components/schemas/SpansMetricResponseAttributes' id: $ref: '#/components/schemas/SpansMetricID' type: $ref: '#/components/schemas/SpansMetricType' type: object SpansMetricResponseFilter: description: The span-based metric filter. Spans matching this filter will be aggregated in this metric. properties: query: description: The search query - following the span search syntax. example: '@http.status_code:200 service:my-service' type: string type: object SpansMetricResponseGroupBy: description: A group by rule. properties: path: description: The path to the value the span-based metric will be aggregated over. example: resource_name type: string tag_name: description: Eventual name of the tag that gets created. By default, the path attribute is used as the tag name. example: resource_name type: string type: object SpansMetricType: default: spans_metrics description: The type of resource. The value should always be spans_metrics. enum: - spans_metrics example: spans_metrics type: string x-enum-varnames: - SPANS_METRICS SpansMetricUpdateAttributes: description: The span-based metric properties that will be updated. properties: compute: $ref: '#/components/schemas/SpansMetricUpdateCompute' filter: $ref: '#/components/schemas/SpansMetricFilter' group_by: description: The rules for the group by. items: $ref: '#/components/schemas/SpansMetricGroupBy' type: array type: object SpansMetricUpdateCompute: description: The compute rule to compute the span-based metric. properties: include_percentiles: $ref: '#/components/schemas/SpansMetricComputeIncludePercentiles' type: object SpansMetricUpdateData: description: The new span-based metric properties. properties: attributes: $ref: '#/components/schemas/SpansMetricUpdateAttributes' type: $ref: '#/components/schemas/SpansMetricType' required: - type - attributes type: object SpansMetricUpdateRequest: description: The new span-based metric body. properties: data: $ref: '#/components/schemas/SpansMetricUpdateData' required: - data type: object SpansMetricsResponse: description: All the available span-based metric objects. properties: data: description: A list of span-based metric objects. items: $ref: '#/components/schemas/SpansMetricResponseData' type: array type: object SpansQueryFilter: description: The search and filter query settings. properties: from: default: now-15m description: The minimum time for the requested spans, supports date-time ISO8601, date math, and regular timestamps (milliseconds). example: now-15m type: string query: default: '*' description: The search query - following the span search syntax. example: service:web* AND @http.status_code:[200 TO 299] type: string to: default: now description: The maximum time for the requested spans, supports date-time ISO8601, date math, and regular timestamps (milliseconds). example: now type: string type: object SpansQueryOptions: description: 'Global query options that are used during the query. Note: You should only supply timezone or time offset but not both otherwise the query will fail.' properties: timeOffset: description: The time offset (in seconds) to apply to the query. format: int64 type: integer timezone: default: UTC description: The timezone can be specified as GMT, UTC, an offset from UTC (like UTC+1), or as a Timezone Database identifier (like America/New_York). example: GMT type: string type: object SpansResponseMetadataPage: description: Paging attributes. properties: after: description: 'The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of the `page[cursor]`.' example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== type: string type: object SpansSort: description: Sort parameters when querying spans. enum: - timestamp - -timestamp type: string x-enum-varnames: - TIMESTAMP_ASCENDING - TIMESTAMP_DESCENDING SpansSortOrder: description: The order to use, ascending or descending. enum: - asc - desc example: asc type: string x-enum-varnames: - ASCENDING - DESCENDING SpansType: default: spans description: Type of the span. enum: - spans example: spans type: string x-enum-varnames: - SPANS SpansWarning: description: A warning message indicating something that went wrong with the query. properties: code: description: A unique code for this type of warning. example: unknown_index type: string detail: description: A detailed explanation of this specific warning. example: 'indexes: foo, bar' type: string title: description: A short human-readable summary of the warning. example: One or several indexes are missing or invalid, results hold data from the other indexes type: string type: object Spec: description: The spec defines what the workflow does. properties: annotations: description: A list of annotations used in the workflow. These are like sticky notes for your workflow! items: $ref: '#/components/schemas/Annotation' type: array connectionEnvs: description: A list of connections or connection groups used in the workflow. items: $ref: '#/components/schemas/ConnectionEnv' type: array handle: description: Unique identifier used to trigger workflows automatically in Datadog. type: string inputSchema: $ref: '#/components/schemas/InputSchema' outputSchema: $ref: '#/components/schemas/OutputSchema' steps: description: A `Step` is a sub-component of a workflow. Each `Step` performs an action. items: $ref: '#/components/schemas/Step' type: array triggers: description: The list of triggers that activate this workflow. At least one trigger is required, and each trigger type may appear at most once. items: $ref: '#/components/schemas/Trigger' type: array type: object SpecVersion: description: The version of the CycloneDX specification a BOM conforms to. enum: - '1.0' - '1.1' - '1.2' - '1.3' - '1.4' - '1.5' example: '1.5' type: string x-enum-varnames: - ONE_ZERO - ONE_ONE - ONE_TWO - ONE_THREE - ONE_FOUR - ONE_FIVE StartStepNames: description: A list of steps that run first after a trigger fires. example: - '' items: description: The `StartStepNames` `items`. type: string type: array State: description: The state of the rule evaluation. enum: - pass - fail - skip example: pass type: string x-enum-varnames: - PASS - FAIL - SKIP StateVariable: description: A variable, which can be set and read by other components in the app. properties: id: description: The ID of the state variable. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string name: description: A unique identifier for this state variable. This name is also used to access the variable's value throughout the app. example: ordersToSubmit type: string properties: $ref: '#/components/schemas/StateVariableProperties' type: $ref: '#/components/schemas/StateVariableType' required: - id - name - type - properties type: object StateVariableProperties: description: The properties of the state variable. properties: defaultValue: description: The default value of the state variable. example: ${['order_3145', 'order_4920']} type: object StateVariableType: default: stateVariable description: The state variable type. enum: - stateVariable example: stateVariable type: string x-enum-varnames: - STATEVARIABLE Step: description: A Step is a sub-component of a workflow. Each Step performs an action. properties: actionId: description: The unique identifier of an action. example: '' type: string completionGate: $ref: '#/components/schemas/CompletionGate' connectionLabel: description: The unique identifier of a connection defined in the spec. type: string display: $ref: '#/components/schemas/StepDisplay' errorHandlers: description: The `Step` `errorHandlers`. items: $ref: '#/components/schemas/ErrorHandler' type: array name: description: Name of the step. example: '' type: string outboundEdges: description: A list of subsequent actions to run. items: $ref: '#/components/schemas/OutboundEdge' type: array parameters: description: A list of inputs for an action. items: $ref: '#/components/schemas/Parameter' type: array readinessGate: $ref: '#/components/schemas/ReadinessGate' required: - name - actionId type: object StepDisplay: description: The definition of `StepDisplay` object. properties: bounds: $ref: '#/components/schemas/StepDisplayBounds' type: object StepDisplayBounds: description: The definition of `StepDisplayBounds` object. properties: x: description: The `bounds` `x`. format: double type: number y: description: The `bounds` `y`. format: double type: number type: object TagFilter: description: Tag filter for the budget's entries. properties: tag_key: description: The key of the tag. example: service type: string tag_value: description: The value of the tag. example: ec2 type: string type: object TagsEventAttribute: description: Array of tags associated with your event. example: - team:A items: description: Tag associated with your event. type: string type: array Targets: description: 'List of recipients to notify when a notification rule is triggered. Many different target types are supported, such as email addresses, Slack channels, and PagerDuty services. The appropriate integrations need to be properly configured to send notifications to the specified targets.' example: - '@john.doe@email.com' items: description: Recipients to notify. type: string type: array Team: description: A team properties: attributes: $ref: '#/components/schemas/TeamAttributes' id: description: The team's identifier example: aeadc05e-98a8-11ec-ac2c-da7ad0900001 type: string relationships: $ref: '#/components/schemas/TeamRelationships' type: $ref: '#/components/schemas/TeamType' required: - attributes - id - type type: object TeamAttributes: description: Team attributes properties: avatar: description: Unicode representation of the avatar for the team, limited to a single grapheme example: "\U0001F951" nullable: true type: string banner: description: Banner selection for the team format: int64 nullable: true type: integer created_at: description: Creation date of the team format: date-time type: string description: description: Free-form markdown description/content for the team's homepage nullable: true type: string handle: description: The team's identifier example: example-team maxLength: 195 type: string hidden_modules: description: Collection of hidden modules for the team items: description: String identifier of the module type: string type: array link_count: description: The number of links belonging to the team format: int32 maximum: 2147483647 readOnly: true type: integer modified_at: description: Modification date of the team format: date-time type: string name: description: The name of the team example: Example Team maxLength: 200 type: string summary: description: A brief summary of the team, derived from the `description` maxLength: 120 nullable: true type: string user_count: description: The number of users belonging to the team format: int32 maximum: 2147483647 readOnly: true type: integer visible_modules: description: Collection of visible modules for the team items: description: String identifier of the module type: string type: array required: - handle - name type: object TeamCreate: description: Team create properties: attributes: $ref: '#/components/schemas/TeamCreateAttributes' relationships: $ref: '#/components/schemas/TeamCreateRelationships' type: $ref: '#/components/schemas/TeamType' required: - attributes - type type: object TeamCreateAttributes: description: Team creation attributes properties: avatar: description: Unicode representation of the avatar for the team, limited to a single grapheme example: "\U0001F951" nullable: true type: string banner: description: Banner selection for the team format: int64 nullable: true type: integer description: description: Free-form markdown description/content for the team's homepage type: string handle: description: The team's identifier example: example-team maxLength: 195 type: string hidden_modules: description: Collection of hidden modules for the team items: description: String identifier of the module type: string type: array name: description: The name of the team example: Example Team maxLength: 200 type: string visible_modules: description: Collection of visible modules for the team items: description: String identifier of the module type: string type: array required: - handle - name type: object TeamCreateRelationships: description: Relationships formed with the team on creation properties: users: $ref: '#/components/schemas/RelationshipToUsers' type: object TeamCreateRequest: description: Request to create a team properties: data: $ref: '#/components/schemas/TeamCreate' required: - data type: object TeamIncluded: description: Included resources related to the team oneOf: - $ref: '#/components/schemas/User' - $ref: '#/components/schemas/TeamLink' - $ref: '#/components/schemas/UserTeamPermission' TeamLink: description: Team link properties: attributes: $ref: '#/components/schemas/TeamLinkAttributes' id: description: The team link's identifier example: b8626d7e-cedd-11eb-abf5-da7ad0900001 type: string type: $ref: '#/components/schemas/TeamLinkType' required: - attributes - id - type type: object TeamLinkAttributes: description: Team link attributes properties: label: description: The link's label example: Link label maxLength: 256 type: string position: description: The link's position, used to sort links for the team format: int32 maximum: 2147483647 type: integer team_id: description: ID of the team the link is associated with readOnly: true type: string url: description: The URL for the link example: https://example.com type: string required: - label - url type: object TeamLinkCreate: description: Team link create properties: attributes: $ref: '#/components/schemas/TeamLinkAttributes' type: $ref: '#/components/schemas/TeamLinkType' required: - attributes - type type: object TeamLinkCreateRequest: description: Team link create request properties: data: $ref: '#/components/schemas/TeamLinkCreate' required: - data type: object TeamLinkResponse: description: Team link response properties: data: $ref: '#/components/schemas/TeamLink' type: object TeamLinkType: default: team_links description: Team link type enum: - team_links example: team_links type: string x-enum-varnames: - TEAM_LINKS TeamLinksResponse: description: Team links response properties: data: description: Team links response data items: $ref: '#/components/schemas/TeamLink' type: array type: object TeamOnCallResponders: description: Root object representing a team's on-call responder configuration. example: data: id: 111ee23r-aaaaa-aaaa-aaww-1234wertsd23 relationships: escalations: data: - id: 111ee23r-aaaaa-aaaa-aaww-1234wertsd23 type: escalation_policy_steps responders: data: - id: 111ee23r-aaaaa-aaaa-aaww-1234wertsd23 type: users type: team_oncall_responders included: - attributes: email: test@test.com name: Test User status: active id: 111ee23r-aaaaa-aaaa-aaww-1234wertsd23 type: users - id: 111ee23r-aaaaa-aaaa-aaww-1234wertsd23 relationships: responders: data: - id: 111ee23r-aaaaa-aaaa-aaww-1234wertsd23 type: users type: escalation_policy_steps properties: data: $ref: '#/components/schemas/TeamOnCallRespondersData' included: description: The `TeamOnCallResponders` `included`. items: $ref: '#/components/schemas/TeamOnCallRespondersIncluded' type: array type: object TeamOnCallRespondersData: description: Defines the main on-call responder object for a team, including relationships and metadata. properties: id: description: Unique identifier of the on-call responder configuration. type: string relationships: $ref: '#/components/schemas/TeamOnCallRespondersDataRelationships' type: $ref: '#/components/schemas/TeamOnCallRespondersDataType' required: - type type: object TeamOnCallRespondersDataRelationships: description: Relationship objects linked to a team's on-call responder configuration, including escalations and responders. properties: escalations: $ref: '#/components/schemas/TeamOnCallRespondersDataRelationshipsEscalations' responders: $ref: '#/components/schemas/TeamOnCallRespondersDataRelationshipsResponders' type: object TeamOnCallRespondersDataRelationshipsEscalations: description: Defines the escalation policy steps linked to the team's on-call configuration. properties: data: description: Array of escalation step references. items: $ref: '#/components/schemas/TeamOnCallRespondersDataRelationshipsEscalationsDataItems' type: array type: object TeamOnCallRespondersDataRelationshipsEscalationsDataItems: description: Represents a link to a specific escalation policy step associated with the on-call team. properties: id: description: Unique identifier of the escalation step. example: '' type: string type: $ref: '#/components/schemas/TeamOnCallRespondersDataRelationshipsEscalationsDataItemsType' required: - type - id type: object TeamOnCallRespondersDataRelationshipsEscalationsDataItemsType: default: escalation_policy_steps description: Identifies the resource type for escalation policy steps linked to a team's on-call configuration. enum: - escalation_policy_steps example: escalation_policy_steps type: string x-enum-varnames: - ESCALATION_POLICY_STEPS TeamOnCallRespondersDataRelationshipsResponders: description: Defines the list of users assigned as on-call responders for the team. properties: data: description: Array of user references associated as responders. items: $ref: '#/components/schemas/TeamOnCallRespondersDataRelationshipsRespondersDataItems' type: array type: object TeamOnCallRespondersDataRelationshipsRespondersDataItems: description: Represents a user responder associated with the on-call team. properties: id: description: Unique identifier of the responder. example: '' type: string type: $ref: '#/components/schemas/TeamOnCallRespondersDataRelationshipsRespondersDataItemsType' required: - type - id type: object TeamOnCallRespondersDataRelationshipsRespondersDataItemsType: default: users description: Identifies the resource type for individual user entities associated with on-call response. enum: - users example: users type: string x-enum-varnames: - USERS TeamOnCallRespondersDataType: default: team_oncall_responders description: Represents the resource type for a group of users assigned to handle on-call duties within a team. enum: - team_oncall_responders example: team_oncall_responders type: string x-enum-varnames: - TEAM_ONCALL_RESPONDERS TeamOnCallRespondersIncluded: description: Represents an union of related resources included in the response, such as users and escalation steps. oneOf: - $ref: '#/components/schemas/User' - $ref: '#/components/schemas/Escalation' TeamPermissionSetting: description: Team permission setting properties: attributes: $ref: '#/components/schemas/TeamPermissionSettingAttributes' id: description: The team permission setting's identifier example: TeamPermission-aeadc05e-98a8-11ec-ac2c-da7ad0900001-edit type: string type: $ref: '#/components/schemas/TeamPermissionSettingType' required: - id - type type: object TeamPermissionSettingAttributes: description: Team permission setting attributes properties: action: $ref: '#/components/schemas/TeamPermissionSettingSerializerAction' editable: description: Whether or not the permission setting is editable by the current user readOnly: true type: boolean options: $ref: '#/components/schemas/TeamPermissionSettingValues' title: description: The team permission name readOnly: true type: string value: $ref: '#/components/schemas/TeamPermissionSettingValue' type: object TeamPermissionSettingResponse: description: Team permission setting response properties: data: $ref: '#/components/schemas/TeamPermissionSetting' type: object TeamPermissionSettingSerializerAction: description: The identifier for the action enum: - manage_membership - edit readOnly: true type: string x-enum-varnames: - MANAGE_MEMBERSHIP - EDIT TeamPermissionSettingType: default: team_permission_settings description: Team permission setting type enum: - team_permission_settings example: team_permission_settings type: string x-enum-varnames: - TEAM_PERMISSION_SETTINGS TeamPermissionSettingUpdate: description: Team permission setting update properties: attributes: $ref: '#/components/schemas/TeamPermissionSettingUpdateAttributes' type: $ref: '#/components/schemas/TeamPermissionSettingType' required: - type type: object TeamPermissionSettingUpdateAttributes: description: Team permission setting update attributes properties: value: $ref: '#/components/schemas/TeamPermissionSettingValue' type: object TeamPermissionSettingUpdateRequest: description: Team permission setting update request properties: data: $ref: '#/components/schemas/TeamPermissionSettingUpdate' required: - data type: object TeamPermissionSettingValue: description: What type of user is allowed to perform the specified action enum: - admins - members - organization - user_access_manage - teams_manage type: string x-enum-varnames: - ADMINS - MEMBERS - ORGANIZATION - USER_ACCESS_MANAGE - TEAMS_MANAGE TeamPermissionSettingValues: description: Possible values for action items: $ref: '#/components/schemas/TeamPermissionSettingValue' readOnly: true type: array TeamPermissionSettingsResponse: description: Team permission settings response properties: data: description: Team permission settings response data items: $ref: '#/components/schemas/TeamPermissionSetting' type: array type: object TeamReference: description: Provides a reference to a team, including ID, type, and basic attributes/relationships. properties: attributes: $ref: '#/components/schemas/TeamReferenceAttributes' id: description: The team's unique identifier. type: string type: $ref: '#/components/schemas/TeamReferenceType' required: - type type: object TeamReferenceAttributes: description: Encapsulates the basic attributes of a Team reference, such as name, handle, and an optional avatar or description. properties: avatar: description: URL or reference for the team's avatar (if available). type: string description: description: A short text describing the team. type: string handle: description: A unique handle/slug for the team. type: string name: description: The full, human-readable name of the team. type: string type: object TeamReferenceType: default: teams description: Teams resource type. enum: - teams example: teams type: string x-enum-varnames: - TEAMS TeamRelationships: description: Resources related to a team properties: team_links: $ref: '#/components/schemas/RelationshipToTeamLinks' user_team_permissions: $ref: '#/components/schemas/RelationshipToUserTeamPermission' type: object TeamRelationshipsLinks: description: Links attributes. properties: related: description: Related link. example: /api/v2/team/c75a4a8e-20c7-11ee-a3a5-da7ad0900002/links type: string type: object TeamResponse: description: Response with a team properties: data: $ref: '#/components/schemas/Team' type: object TeamRoutingRules: description: Represents a complete set of team routing rules, including data and optionally included related resources. example: data: id: 27590dae-47be-4a7d-9abf-8f4e45124020 relationships: rules: data: - id: 03aff2d6-6cbf-496c-997f-a857bbe9a94a type: team_routing_rules - id: 03aff2d6-6cbf-496c-997f-a857bbe9a94a type: team_routing_rules type: team_routing_rules included: - attributes: actions: null query: tags.service:test time_restriction: restrictions: - end_day: monday end_time: '17:00:00' start_day: monday start_time: 09:00:00 - end_day: tuesday end_time: '17:00:00' start_day: tuesday start_time: 09:00:00 time_zone: '' urgency: high id: 03aff2d6-6cbf-496c-997f-a857bbe9a94a relationships: policy: data: null type: team_routing_rules properties: data: $ref: '#/components/schemas/TeamRoutingRulesData' included: description: Provides related routing rules or other included resources. items: $ref: '#/components/schemas/TeamRoutingRulesIncluded' type: array type: object TeamRoutingRulesData: description: Represents the top-level data object for team routing rules, containing the ID, relationships, and resource type. properties: id: description: Specifies the unique identifier of this team routing rules record. type: string relationships: $ref: '#/components/schemas/TeamRoutingRulesDataRelationships' type: $ref: '#/components/schemas/TeamRoutingRulesDataType' required: - type type: object TeamRoutingRulesDataRelationships: description: Specifies relationships for team routing rules, including rule references. properties: rules: $ref: '#/components/schemas/TeamRoutingRulesDataRelationshipsRules' type: object TeamRoutingRulesDataRelationshipsRules: description: Holds references to a set of routing rules in a relationship. properties: data: description: An array of references to the routing rules associated with this team. items: $ref: '#/components/schemas/TeamRoutingRulesDataRelationshipsRulesDataItems' type: array type: object TeamRoutingRulesDataRelationshipsRulesDataItems: description: Defines a relationship item to link a routing rule by its ID and type. properties: id: description: Specifies the unique identifier for the related routing rule. example: '' type: string type: $ref: '#/components/schemas/TeamRoutingRulesDataRelationshipsRulesDataItemsType' required: - type - id type: object TeamRoutingRulesDataRelationshipsRulesDataItemsType: default: team_routing_rules description: Indicates that the resource is of type 'team_routing_rules'. enum: - team_routing_rules example: team_routing_rules type: string x-enum-varnames: - TEAM_ROUTING_RULES TeamRoutingRulesDataType: default: team_routing_rules description: Team routing rules resource type. enum: - team_routing_rules example: team_routing_rules type: string x-enum-varnames: - TEAM_ROUTING_RULES TeamRoutingRulesIncluded: description: Represents additional included resources for team routing rules, such as associated routing rules. oneOf: - $ref: '#/components/schemas/RoutingRule' TeamRoutingRulesRequest: description: Represents a request to create or update team routing rules, including the data payload. example: data: attributes: rules: - actions: null policy_id: '' query: tags.service:test time_restriction: restrictions: - end_day: monday end_time: '17:00:00' start_day: monday start_time: 09:00:00 - end_day: tuesday end_time: '17:00:00' start_day: tuesday start_time: 09:00:00 time_zone: '' urgency: high - actions: - channel: channel type: send_slack_message workspace: workspace policy_id: fad4eee1-13f5-40d8-886b-4e56d8d5d1c6 query: '' time_restriction: null urgency: low id: 27590dae-47be-4a7d-9abf-8f4e45124020 type: team_routing_rules properties: data: $ref: '#/components/schemas/TeamRoutingRulesRequestData' type: object TeamRoutingRulesRequestData: description: Holds the data necessary to create or update team routing rules, including attributes, ID, and resource type. properties: attributes: $ref: '#/components/schemas/TeamRoutingRulesRequestDataAttributes' id: description: Specifies the unique identifier for this set of team routing rules. type: string type: $ref: '#/components/schemas/TeamRoutingRulesRequestDataType' required: - type type: object TeamRoutingRulesRequestDataAttributes: description: Represents the attributes of a request to update or create team routing rules. properties: rules: description: A list of routing rule items that define how incoming pages should be handled. items: $ref: '#/components/schemas/TeamRoutingRulesRequestRule' type: array type: object TeamRoutingRulesRequestDataType: default: team_routing_rules description: Team routing rules resource type. enum: - team_routing_rules example: team_routing_rules type: string x-enum-varnames: - TEAM_ROUTING_RULES TeamRoutingRulesRequestRule: description: Defines an individual routing rule item that contains the rule data for the request. properties: actions: description: Specifies the list of actions to perform when the routing rule is matched. items: $ref: '#/components/schemas/RoutingRuleAction' type: array policy_id: description: Identifies the policy to be applied when this routing rule matches. type: string query: description: Defines the query or condition that triggers this routing rule. type: string time_restriction: $ref: '#/components/schemas/TimeRestrictions' urgency: $ref: '#/components/schemas/Urgency' type: object TeamTarget: description: Represents a team target for an escalation policy step, including the team's ID and resource type. properties: id: description: Specifies the unique identifier of the team resource. example: 00000000-aba1-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/TeamTargetType' required: - type - id type: object TeamTargetType: default: teams description: Indicates that the resource is of type `teams`. enum: - teams example: teams type: string x-enum-varnames: - TEAMS TeamType: default: team description: Team type enum: - team example: team type: string x-enum-varnames: - TEAM TeamUpdate: description: Team update request properties: attributes: $ref: '#/components/schemas/TeamUpdateAttributes' relationships: $ref: '#/components/schemas/TeamUpdateRelationships' type: $ref: '#/components/schemas/TeamType' required: - attributes - type type: object TeamUpdateAttributes: description: Team update attributes properties: avatar: description: Unicode representation of the avatar for the team, limited to a single grapheme example: "\U0001F951" nullable: true type: string banner: description: Banner selection for the team format: int64 nullable: true type: integer description: description: Free-form markdown description/content for the team's homepage type: string handle: description: The team's identifier example: example-team maxLength: 195 type: string hidden_modules: description: Collection of hidden modules for the team items: description: String identifier of the module type: string type: array name: description: The name of the team example: Example Team maxLength: 200 type: string visible_modules: description: Collection of visible modules for the team items: description: String identifier of the module type: string type: array required: - handle - name type: object TeamUpdateRelationships: description: Team update relationships properties: team_links: $ref: '#/components/schemas/RelationshipToTeamLinks' type: object TeamUpdateRequest: description: Team update request properties: data: $ref: '#/components/schemas/TeamUpdate' required: - data type: object TeamsField: description: Supported teams field. enum: - id - name - handle - summary - description - avatar - banner - visible_modules - hidden_modules - created_at - modified_at - user_count - link_count - team_links - user_team_permissions type: string x-enum-varnames: - ID - NAME - HANDLE - SUMMARY - DESCRIPTION - AVATAR - BANNER - VISIBLE_MODULES - HIDDEN_MODULES - CREATED_AT - MODIFIED_AT - USER_COUNT - LINK_COUNT - TEAM_LINKS - USER_TEAM_PERMISSIONS TeamsResponse: description: Response with multiple teams properties: data: description: Teams response data items: $ref: '#/components/schemas/Team' type: array included: description: Resources related to the team items: $ref: '#/components/schemas/TeamIncluded' type: array links: $ref: '#/components/schemas/TeamsResponseLinks' meta: $ref: '#/components/schemas/TeamsResponseMeta' type: object TeamsResponseLinks: description: Teams response links. properties: first: description: First link. type: string last: description: Last link. nullable: true type: string next: description: Next link. type: string prev: description: Previous link. nullable: true type: string self: description: Current link. type: string type: object TeamsResponseMeta: description: Teams response metadata. properties: pagination: $ref: '#/components/schemas/TeamsResponseMetaPagination' type: object TeamsResponseMetaPagination: description: Teams response metadata. properties: first_offset: description: The first offset. format: int64 type: integer last_offset: description: The last offset. format: int64 type: integer limit: description: Pagination limit. format: int64 type: integer next_offset: description: The next offset. format: int64 type: integer offset: description: The offset. format: int64 type: integer prev_offset: description: The previous offset. format: int64 type: integer total: description: Total results. format: int64 type: integer type: description: Offset type. type: string type: object TimeAggregation: description: 'Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. Results are aggregated over a selected time frame using a rolling window, which updates with each new evaluation. Notifications are only sent for new issues discovered during the window. Time aggregation is only available for vulnerability-based notification rules. When omitted or set to 0, no aggregation is done.' example: 86400 format: int64 type: integer TimeRestriction: description: Defines a single time restriction rule with start and end times and the applicable weekdays. properties: end_day: $ref: '#/components/schemas/Weekday' end_time: description: Specifies the ending time for this restriction. type: string start_day: $ref: '#/components/schemas/Weekday' start_time: description: Specifies the starting time for this restriction. type: string type: object TimeRestrictions: description: Holds time zone information and a list of time restrictions for a routing rule. properties: restrictions: description: Defines the list of time-based restrictions. items: $ref: '#/components/schemas/TimeRestriction' type: array time_zone: description: Specifies the time zone applicable to the restrictions. example: '' type: string required: - time_zone - restrictions type: object TimeseriesFormulaQueryRequest: description: A request wrapper around a single timeseries query to be executed. properties: data: $ref: '#/components/schemas/TimeseriesFormulaRequest' required: - data type: object TimeseriesFormulaQueryResponse: description: A message containing one response to a timeseries query made with timeseries formula query request. properties: data: $ref: '#/components/schemas/TimeseriesResponse' errors: description: The error generated by the request. type: string type: object TimeseriesFormulaRequest: description: A single timeseries query to be executed. properties: attributes: $ref: '#/components/schemas/TimeseriesFormulaRequestAttributes' type: $ref: '#/components/schemas/TimeseriesFormulaRequestType' required: - type - attributes type: object TimeseriesFormulaRequestAttributes: description: The object describing a timeseries formula request. properties: formulas: description: List of formulas to be calculated and returned as responses. items: $ref: '#/components/schemas/QueryFormula' type: array from: description: Start date (inclusive) of the query in milliseconds since the Unix epoch. example: 1568899800000 format: int64 type: integer interval: description: 'A time interval in milliseconds. May be overridden by a larger interval if the query would result in too many points for the specified timeframe. Defaults to a reasonable interval for the given timeframe.' example: 5000 format: int64 type: integer queries: $ref: '#/components/schemas/TimeseriesFormulaRequestQueries' to: description: End date (exclusive) of the query in milliseconds since the Unix epoch. example: 1568923200000 format: int64 type: integer required: - to - from - queries type: object TimeseriesFormulaRequestQueries: description: List of queries to be run and used as inputs to the formulas. example: - data_source: metrics query: avg:system.cpu.user{*} by {env} items: $ref: '#/components/schemas/TimeseriesQuery' type: array TimeseriesFormulaRequestType: default: timeseries_request description: The type of the resource. The value should always be timeseries_request. enum: - timeseries_request example: timeseries_request type: string x-enum-varnames: - TIMESERIES_REQUEST TimeseriesFormulaResponseType: default: timeseries_response description: The type of the resource. The value should always be timeseries_response. enum: - timeseries_response example: timeseries_response type: string x-enum-varnames: - TIMESERIES_RESPONSE TimeseriesQuery: description: An individual timeseries query to one of the basic Datadog data sources. example: data_source: metrics query: avg:system.cpu.user{*} by {env} oneOf: - $ref: '#/components/schemas/MetricsTimeseriesQuery' - $ref: '#/components/schemas/EventsTimeseriesQuery' TimeseriesResponse: description: A message containing the response to a timeseries query. properties: attributes: $ref: '#/components/schemas/TimeseriesResponseAttributes' type: $ref: '#/components/schemas/TimeseriesFormulaResponseType' type: object TimeseriesResponseAttributes: description: The object describing a timeseries response. properties: series: $ref: '#/components/schemas/TimeseriesResponseSeriesList' times: $ref: '#/components/schemas/TimeseriesResponseTimes' values: $ref: '#/components/schemas/TimeseriesResponseValuesList' type: object TimeseriesResponseSeries: description: '' properties: group_tags: $ref: '#/components/schemas/GroupTags' query_index: description: The index of the query in the "formulas" array (or "queries" array if no "formulas" was specified). example: 0 format: int32 maximum: 2147483647 type: integer unit: description: 'Detailed information about the unit. The first element describes the "primary unit" (for example, `bytes` in `bytes per second`). The second element describes the "per unit" (for example, `second` in `bytes per second`). If the second element is not present, the API returns null.' items: $ref: '#/components/schemas/Unit' nullable: true type: array type: object TimeseriesResponseSeriesList: description: Array of response series. The index here corresponds to the index in the `formulas` or `queries` array from the request. items: $ref: '#/components/schemas/TimeseriesResponseSeries' type: array TimeseriesResponseTimes: description: Array of times, 1-1 match with individual values arrays. items: description: Start date (inclusive) of the query in seconds since the Unix epoch. example: 1568899800000 format: int64 type: integer type: array TimeseriesResponseValues: description: Array of values for an individual formula or query. example: - 1575317847.0 - 0.5 items: description: An individual value for a given time. format: double nullable: true type: number type: array TimeseriesResponseValuesList: description: Array of value-arrays. The index here corresponds to the index in the `formulas` or `queries` array from the request. items: $ref: '#/components/schemas/TimeseriesResponseValues' type: array TokenName: description: Name for tokens. example: MyTokenName pattern: ^[A-Za-z][A-Za-z\\d]*$ type: string TokenType: description: The definition of `TokenType` object. enum: - SECRET example: SECRET type: string x-enum-varnames: - SECRET Trigger: description: One of the triggers that can start the execution of a workflow. oneOf: - $ref: '#/components/schemas/APITriggerWrapper' - $ref: '#/components/schemas/AppTriggerWrapper' - $ref: '#/components/schemas/CaseTriggerWrapper' - $ref: '#/components/schemas/ChangeEventTriggerWrapper' - $ref: '#/components/schemas/DatabaseMonitoringTriggerWrapper' - $ref: '#/components/schemas/DashboardTriggerWrapper' - $ref: '#/components/schemas/GithubWebhookTriggerWrapper' - $ref: '#/components/schemas/IncidentTriggerWrapper' - $ref: '#/components/schemas/MonitorTriggerWrapper' - $ref: '#/components/schemas/NotebookTriggerWrapper' - $ref: '#/components/schemas/ScheduleTriggerWrapper' - $ref: '#/components/schemas/SecurityTriggerWrapper' - $ref: '#/components/schemas/SelfServiceTriggerWrapper' - $ref: '#/components/schemas/SlackTriggerWrapper' - $ref: '#/components/schemas/SoftwareCatalogTriggerWrapper' - $ref: '#/components/schemas/WorkflowTriggerWrapper' TriggerRateLimit: description: Defines a rate limit for a trigger. properties: count: description: The `TriggerRateLimit` `count`. format: int64 type: integer interval: description: The `TriggerRateLimit` `interval`. The expected format is the number of seconds ending with an s. For example, 1 day is 86400s type: string type: object TriggerSource: description: 'The type of security issues on which the rule applies. Notification rules based on security signals need to use the trigger source "security_signals", while notification rules based on security vulnerabilities need to use the trigger source "security_findings".' enum: - security_findings - security_signals example: security_findings type: string x-enum-varnames: - SECURITY_FINDINGS - SECURITY_SIGNALS Unit: description: Object containing the metric unit family, scale factor, name, and short name. nullable: true properties: family: description: Unit family, allows for conversion between units of the same family, for scaling. example: time type: string name: description: Unit name example: minute type: string plural: description: Plural form of the unit name. example: minutes type: string scale_factor: description: Factor for scaling between units of the same family. example: 60.0 format: double type: number short_name: description: Abbreviation of the unit. example: min type: string type: object UnpublishAppResponse: description: The response object after an app is successfully unpublished. properties: data: $ref: '#/components/schemas/Deployment' type: object UpdateActionConnectionRequest: description: Request used to update an action connection. properties: data: $ref: '#/components/schemas/ActionConnectionDataUpdate' required: - data type: object UpdateActionConnectionResponse: description: The response for an updated connection. properties: data: $ref: '#/components/schemas/ActionConnectionData' type: object UpdateAppRequest: description: A request object for updating an existing app. example: data: attributes: components: - events: [] name: grid0 properties: children: - events: [] name: gridCell0 properties: children: - events: [] name: calloutValue0 properties: isDisabled: false isLoading: false isVisible: true label: CPU Usage size: sm style: vivid_yellow unit: kB value: '42' type: calloutValue isVisible: 'true' layout: default: height: 8 width: 2 x: 0 y: 0 type: gridCell type: grid description: This is a simple example app name: Example App queries: [] rootInstanceName: grid0 id: 9e20cbaf-68da-45a6-9ccf-54193ac29fa5 type: appDefinitions properties: data: $ref: '#/components/schemas/UpdateAppRequestData' type: object UpdateAppRequestData: description: The data object containing the new app definition. Any fields not included in the request remain unchanged. properties: attributes: $ref: '#/components/schemas/UpdateAppRequestDataAttributes' id: description: The ID of the app to update. The app ID must match the ID in the URL path. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: $ref: '#/components/schemas/AppDefinitionType' required: - type type: object UpdateAppRequestDataAttributes: description: App definition attributes to be updated, such as name, description, and components. properties: components: description: The new UI components that make up the app. If this field is set, all existing components are replaced with the new components under this field. items: $ref: '#/components/schemas/ComponentGrid' type: array description: description: The new human-readable description for the app. type: string name: description: The new name of the app. type: string queries: description: The new array of queries, such as external actions and state variables, that the app uses. If this field is set, all existing queries are replaced with the new queries under this field. items: $ref: '#/components/schemas/Query' type: array rootInstanceName: description: The new name of the root component of the app. This must be a `grid` component that contains all other components. type: string tags: description: The new list of tags for the app, which can be used to filter apps. If this field is set, any existing tags not included in the request are removed. example: - service:webshop-backend - team:webshop items: description: An individual tag for the app. type: string type: array type: object UpdateAppResponse: description: The response object after an app is successfully updated. properties: data: $ref: '#/components/schemas/UpdateAppResponseData' included: description: Data on the version of the app that was published. items: $ref: '#/components/schemas/Deployment' type: array meta: $ref: '#/components/schemas/AppMeta' relationship: $ref: '#/components/schemas/AppRelationship' type: object UpdateAppResponseData: description: The data object containing the updated app definition. properties: attributes: $ref: '#/components/schemas/UpdateAppResponseDataAttributes' id: description: The ID of the updated app. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 format: uuid type: string type: $ref: '#/components/schemas/AppDefinitionType' required: - id - type - attributes type: object UpdateAppResponseDataAttributes: description: The updated app definition attributes, such as name, description, and components. properties: components: description: The UI components that make up the app. items: $ref: '#/components/schemas/ComponentGrid' type: array description: description: The human-readable description for the app. type: string favorite: description: Whether the app is marked as a favorite by the current user. type: boolean name: description: The name of the app. type: string queries: description: An array of queries, such as external actions and state variables, that the app uses. items: $ref: '#/components/schemas/Query' type: array rootInstanceName: description: The name of the root component of the app. This must be a `grid` component that contains all other components. type: string tags: description: A list of tags for the app, which can be used to filter apps. example: - service:webshop-backend - team:webshop items: description: An individual tag for the app. type: string type: array type: object UpdateCustomFrameworkRequest: description: Request object to update a custom framework. properties: data: $ref: '#/components/schemas/CustomFrameworkData' required: - data type: object UpdateCustomFrameworkResponse: description: Response object to update a custom framework. properties: data: $ref: '#/components/schemas/FrameworkHandleAndVersionResponseData' required: - data type: object UpdateOpenAPIResponse: description: Response for `UpdateOpenAPI`. properties: data: $ref: '#/components/schemas/UpdateOpenAPIResponseData' type: object UpdateOpenAPIResponseAttributes: description: Attributes for `UpdateOpenAPI`. properties: failed_endpoints: description: List of endpoints which couldn't be parsed. items: $ref: '#/components/schemas/OpenAPIEndpoint' type: array type: object UpdateOpenAPIResponseData: description: Data envelope for `UpdateOpenAPIResponse`. properties: attributes: $ref: '#/components/schemas/UpdateOpenAPIResponseAttributes' id: $ref: '#/components/schemas/ApiID' type: object UpdateResourceEvaluationFiltersRequest: description: Request object to update a resource filter. properties: data: $ref: '#/components/schemas/UpdateResourceEvaluationFiltersRequestData' required: - data type: object UpdateResourceEvaluationFiltersRequestData: description: The definition of `UpdateResourceFilterRequestData` object. properties: attributes: $ref: '#/components/schemas/ResourceFilterAttributes' id: description: The `UpdateResourceEvaluationFiltersRequestData` `id`. example: csm_resource_filter type: string type: $ref: '#/components/schemas/ResourceFilterRequestType' required: - attributes - type type: object UpdateResourceEvaluationFiltersResponse: description: The definition of `UpdateResourceEvaluationFiltersResponse` object. properties: data: $ref: '#/components/schemas/UpdateResourceEvaluationFiltersResponseData' required: - data type: object UpdateResourceEvaluationFiltersResponseData: description: The definition of `UpdateResourceFilterResponseData` object. properties: attributes: $ref: '#/components/schemas/ResourceFilterAttributes' id: description: The `data` `id`. example: csm_resource_filter type: string type: $ref: '#/components/schemas/ResourceFilterRequestType' required: - attributes - type type: object UpdateRuleRequest: description: Request to update a scorecard rule. properties: data: $ref: '#/components/schemas/UpdateRuleRequestData' type: object UpdateRuleRequestData: description: Data for the request to update a scorecard rule. properties: attributes: $ref: '#/components/schemas/RuleAttributes' type: $ref: '#/components/schemas/RuleType' type: object UpdateRuleResponse: description: The response from a rule update request. properties: data: $ref: '#/components/schemas/UpdateRuleResponseData' type: object UpdateRuleResponseData: description: The data for a rule update response. properties: attributes: $ref: '#/components/schemas/RuleAttributes' id: $ref: '#/components/schemas/RuleId' relationships: $ref: '#/components/schemas/RelationshipToRule' type: $ref: '#/components/schemas/RuleType' type: object UpdateWorkflowRequest: description: A request object for updating an existing workflow. example: data: attributes: description: A sample workflow. name: Example Workflow published: true spec: annotations: - display: bounds: height: 150 width: 300 x: -375 y: -0.5 id: 99999999-9999-9999-9999-999999999999 markdownTextAnnotation: text: Example annotation. connectionEnvs: - connections: - connectionId: 11111111-1111-1111-1111-111111111111 label: INTEGRATION_DATADOG env: default handle: my-handle inputSchema: parameters: - defaultValue: default name: input type: STRING outputSchema: parameters: - name: output type: ARRAY_OBJECT value: '{{ Steps.Step1 }}' steps: - actionId: com.datadoghq.dd.monitor.listMonitors connectionLabel: INTEGRATION_DATADOG name: Step1 outboundEdges: - branchName: main nextStepName: Step2 parameters: - name: tags value: service:monitoring - actionId: com.datadoghq.core.noop name: Step2 triggers: - monitorTrigger: rateLimit: count: 1 interval: 3600s startStepNames: - Step1 - githubWebhookTrigger: {} startStepNames: - Step1 tags: - team:infra - service:monitoring - foo:bar id: 22222222-2222-2222-2222-222222222222 type: workflows properties: data: $ref: '#/components/schemas/WorkflowDataUpdate' required: - data type: object UpdateWorkflowResponse: description: The response object after updating a workflow. properties: data: $ref: '#/components/schemas/WorkflowDataUpdate' type: object UpsertCatalogEntityRequest: description: Create or update entity request. oneOf: - $ref: '#/components/schemas/EntityV3' - $ref: '#/components/schemas/EntityRaw' UpsertCatalogEntityResponse: description: Upsert entity response. properties: data: $ref: '#/components/schemas/EntityResponseData' included: $ref: '#/components/schemas/UpsertCatalogEntityResponseIncluded' meta: $ref: '#/components/schemas/EntityResponseMeta' type: object UpsertCatalogEntityResponseIncluded: description: Upsert entity response included. items: $ref: '#/components/schemas/UpsertCatalogEntityResponseIncludedItem' type: array UpsertCatalogEntityResponseIncludedItem: description: Upsert entity response included item. oneOf: - $ref: '#/components/schemas/EntityResponseIncludedSchema' UpsertCatalogKindRequest: description: Create or update kind request. oneOf: - $ref: '#/components/schemas/KindObj' - $ref: '#/components/schemas/KindRaw' UpsertCatalogKindResponse: description: Upsert kind response. properties: data: $ref: '#/components/schemas/KindResponseData' meta: $ref: '#/components/schemas/KindResponseMeta' type: object Urgency: description: Specifies the level of urgency for a routing rule (low, high, or dynamic). enum: - low - high - dynamic example: low type: string x-enum-varnames: - LOW - HIGH - DYNAMIC UrlParam: description: The definition of `UrlParam` object. properties: name: $ref: '#/components/schemas/TokenName' example: MyUrlParameter value: description: The `UrlParam` `value`. example: Some Url Parameter value type: string required: - name - value type: object UrlParamUpdate: description: The definition of `UrlParamUpdate` object. properties: deleted: description: Should the header be deleted. type: boolean name: $ref: '#/components/schemas/TokenName' example: MyUrlParameter value: description: The `UrlParamUpdate` `value`. example: Some Url Parameter value type: string required: - name type: object UsageApplicationSecurityMonitoringResponse: description: Application Security Monitoring usage response. properties: data: description: Response containing Application Security Monitoring usage. items: $ref: '#/components/schemas/UsageDataObject' type: array type: object UsageAttributesObject: description: Usage attributes data. properties: org_name: description: The organization name. type: string product_family: description: The product for which usage is being reported. type: string public_id: description: The organization public ID. type: string region: description: The region of the Datadog instance that the organization belongs to. type: string timeseries: description: List of usage data reported for each requested hour. items: $ref: '#/components/schemas/UsageTimeSeriesObject' type: array usage_type: $ref: '#/components/schemas/HourlyUsageType' type: object UsageDataObject: description: Usage data. properties: attributes: $ref: '#/components/schemas/UsageAttributesObject' id: description: Unique ID of the response. type: string type: $ref: '#/components/schemas/UsageTimeSeriesType' type: object UsageLambdaTracedInvocationsResponse: description: Lambda Traced Invocations usage response. properties: data: description: Response containing Lambda Traced Invocations usage. items: $ref: '#/components/schemas/UsageDataObject' type: array type: object UsageObservabilityPipelinesResponse: description: Observability Pipelines usage response. properties: data: description: Response containing Observability Pipelines usage. items: $ref: '#/components/schemas/UsageDataObject' type: array type: object UsageTimeSeriesObject: description: Usage timeseries data. properties: timestamp: description: Datetime in ISO-8601 format, UTC. The hour for the usage. format: date-time type: string value: description: Contains the number measured for the given usage_type during the hour. format: int64 nullable: true type: integer type: object UsageTimeSeriesType: default: usage_timeseries description: Type of usage data. enum: - usage_timeseries example: usage_timeseries type: string x-enum-varnames: - USAGE_TIMESERIES User: description: User object returned by the API. properties: attributes: $ref: '#/components/schemas/UserAttributes' id: description: ID of the user. type: string relationships: $ref: '#/components/schemas/UserResponseRelationships' type: $ref: '#/components/schemas/UsersType' type: object UserAttributes: description: Attributes of user object returned by the API. properties: created_at: description: Creation time of the user. format: date-time type: string disabled: description: Whether the user is disabled. type: boolean email: description: Email of the user. type: string handle: description: Handle of the user. type: string icon: description: URL of the user's icon. type: string mfa_enabled: description: If user has MFA enabled. readOnly: true type: boolean modified_at: description: Time that the user was last modified. format: date-time type: string name: description: Name of the user. nullable: true type: string service_account: description: Whether the user is a service account. type: boolean status: description: Status of the user. type: string title: description: Title of the user. nullable: true type: string verified: description: Whether the user is verified. type: boolean type: object UserAttributesStatus: description: The user's status. enum: - active - deactivated - pending type: string x-enum-varnames: - ACTIVE - DEACTIVATED - PENDING UserCreateAttributes: description: Attributes of the created user. properties: email: description: The email of the user. example: jane.doe@example.com type: string name: description: The name of the user. type: string title: description: The title of the user. type: string required: - email type: object UserCreateData: description: Object to create a user. properties: attributes: $ref: '#/components/schemas/UserCreateAttributes' relationships: $ref: '#/components/schemas/UserRelationships' type: $ref: '#/components/schemas/UsersType' required: - attributes - type type: object UserCreateRequest: description: Create a user. properties: data: $ref: '#/components/schemas/UserCreateData' required: - data type: object UserInvitationData: description: Object to create a user invitation. properties: relationships: $ref: '#/components/schemas/UserInvitationRelationships' type: $ref: '#/components/schemas/UserInvitationsType' required: - type - relationships type: object UserInvitationDataAttributes: description: Attributes of a user invitation. properties: created_at: description: Creation time of the user invitation. format: date-time type: string expires_at: description: Time of invitation expiration. format: date-time type: string invite_type: description: Type of invitation. type: string uuid: description: UUID of the user invitation. type: string type: object UserInvitationRelationships: description: Relationships data for user invitation. properties: user: $ref: '#/components/schemas/RelationshipToUser' required: - user type: object UserInvitationResponse: description: User invitation as returned by the API. properties: data: $ref: '#/components/schemas/UserInvitationResponseData' type: object UserInvitationResponseData: description: Object of a user invitation returned by the API. properties: attributes: $ref: '#/components/schemas/UserInvitationDataAttributes' id: description: ID of the user invitation. type: string relationships: $ref: '#/components/schemas/UserInvitationRelationships' type: $ref: '#/components/schemas/UserInvitationsType' type: object UserInvitationsRequest: description: Object to invite users to join the organization. properties: data: description: List of user invitations. example: [] items: $ref: '#/components/schemas/UserInvitationData' type: array required: - data type: object UserInvitationsResponse: description: User invitations as returned by the API. properties: data: description: Array of user invitations. items: $ref: '#/components/schemas/UserInvitationResponseData' type: array type: object UserInvitationsType: default: user_invitations description: User invitations type. enum: - user_invitations example: user_invitations type: string x-enum-varnames: - USER_INVITATIONS UserRelationshipData: description: Relationship to user object. properties: id: description: A unique identifier that represents the user. example: 00000000-0000-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/UserResourceType' required: - id - type type: object UserRelationships: description: Relationships of the user object. properties: roles: $ref: '#/components/schemas/RelationshipToRoles' type: object UserResourceType: default: user description: User resource type. enum: - user example: user type: string x-enum-varnames: - USER UserResponse: description: Response containing information about a single user. properties: data: $ref: '#/components/schemas/User' included: description: Array of objects related to the user. items: $ref: '#/components/schemas/UserResponseIncludedItem' type: array type: object UserResponseIncludedItem: description: An object related to a user. oneOf: - $ref: '#/components/schemas/Organization' - $ref: '#/components/schemas/Permission' - $ref: '#/components/schemas/Role' UserResponseRelationships: description: Relationships of the user object returned by the API. properties: org: $ref: '#/components/schemas/RelationshipToOrganization' other_orgs: $ref: '#/components/schemas/RelationshipToOrganizations' other_users: $ref: '#/components/schemas/RelationshipToUsers' roles: $ref: '#/components/schemas/RelationshipToRoles' type: object UserTarget: description: Represents a user target for an escalation policy step, including the user's ID and resource type. properties: id: description: Specifies the unique identifier of the user resource. example: 00000000-aba1-0000-0000-000000000000 type: string type: $ref: '#/components/schemas/UserTargetType' required: - type - id type: object UserTargetType: default: users description: Indicates that the resource is of type `users`. enum: - users example: users type: string x-enum-varnames: - USERS UserTeam: description: A user's relationship with a team properties: attributes: $ref: '#/components/schemas/UserTeamAttributes' id: description: The ID of a user's relationship with a team example: TeamMembership-aeadc05e-98a8-11ec-ac2c-da7ad0900001-38835 type: string relationships: $ref: '#/components/schemas/UserTeamRelationships' type: $ref: '#/components/schemas/UserTeamType' required: - id - type type: object UserTeamAttributes: description: Team membership attributes properties: provisioned_by: description: 'The mechanism responsible for provisioning the team relationship. Possible values: null for added by a user, "service_account" if added by a service account, and "saml_mapping" if provisioned via SAML mapping.' nullable: true readOnly: true type: string provisioned_by_id: description: UUID of the User or Service Account who provisioned this team membership, or null if provisioned via SAML mapping. nullable: true readOnly: true type: string role: $ref: '#/components/schemas/UserTeamRole' type: object UserTeamCreate: description: A user's relationship with a team properties: attributes: $ref: '#/components/schemas/UserTeamAttributes' relationships: $ref: '#/components/schemas/UserTeamRelationships' type: $ref: '#/components/schemas/UserTeamType' required: - type type: object UserTeamIncluded: description: Included resources related to the team membership oneOf: - $ref: '#/components/schemas/User' - $ref: '#/components/schemas/Team' UserTeamPermission: description: A user's permissions for a given team properties: attributes: $ref: '#/components/schemas/UserTeamPermissionAttributes' id: description: The user team permission's identifier example: UserTeamPermissions-aeadc05e-98a8-11ec-ac2c-da7ad0900001-416595 type: string type: $ref: '#/components/schemas/UserTeamPermissionType' required: - id - type type: object UserTeamPermissionAttributes: description: User team permission attributes properties: permissions: description: Object of team permission actions and boolean values that a logged in user can perform on this team. readOnly: true type: object type: object UserTeamPermissionType: default: user_team_permissions description: User team permission type enum: - user_team_permissions example: user_team_permissions type: string x-enum-varnames: - USER_TEAM_PERMISSIONS UserTeamRelationships: description: Relationship between membership and a user properties: team: $ref: '#/components/schemas/RelationshipToUserTeamTeam' user: $ref: '#/components/schemas/RelationshipToUserTeamUser' type: object UserTeamRequest: description: Team membership request properties: data: $ref: '#/components/schemas/UserTeamCreate' required: - data type: object UserTeamResponse: description: Team membership response properties: data: $ref: '#/components/schemas/UserTeam' included: description: Resources related to the team memberships items: $ref: '#/components/schemas/UserTeamIncluded' type: array type: object UserTeamRole: description: The user's role within the team enum: - admin nullable: true type: string x-enum-varnames: - ADMIN UserTeamTeamType: default: team description: User team team type enum: - team example: team type: string x-enum-varnames: - TEAM UserTeamType: default: team_memberships description: Team membership type enum: - team_memberships example: team_memberships type: string x-enum-varnames: - TEAM_MEMBERSHIPS UserTeamUpdate: description: A user's relationship with a team properties: attributes: $ref: '#/components/schemas/UserTeamAttributes' type: $ref: '#/components/schemas/UserTeamType' required: - type type: object UserTeamUpdateRequest: description: Team membership request properties: data: $ref: '#/components/schemas/UserTeamUpdate' required: - data type: object UserTeamUserType: default: users description: User team user type enum: - users example: users type: string x-enum-varnames: - USERS UserTeamsResponse: description: Team memberships response properties: data: description: Team memberships response data items: $ref: '#/components/schemas/UserTeam' type: array included: description: Resources related to the team memberships items: $ref: '#/components/schemas/UserTeamIncluded' type: array links: $ref: '#/components/schemas/TeamsResponseLinks' meta: $ref: '#/components/schemas/TeamsResponseMeta' type: object UserUpdateAttributes: description: Attributes of the edited user. properties: disabled: description: If the user is enabled or disabled. type: boolean email: description: The email of the user. type: string name: description: The name of the user. type: string type: object UserUpdateData: description: Object to update a user. properties: attributes: $ref: '#/components/schemas/UserUpdateAttributes' id: description: ID of the user. example: 00000000-0000-feed-0000-000000000000 type: string type: $ref: '#/components/schemas/UsersType' required: - attributes - type - id type: object UserUpdateRequest: description: Update a user. properties: data: $ref: '#/components/schemas/UserUpdateData' required: - data type: object UsersRelationship: description: Relationship to users. properties: data: description: Relationships to user objects. example: [] items: $ref: '#/components/schemas/UserRelationshipData' type: array required: - data type: object UsersResponse: description: Response containing information about multiple users. properties: data: description: Array of returned users. items: $ref: '#/components/schemas/User' type: array included: description: Array of objects related to the users. items: $ref: '#/components/schemas/UserResponseIncludedItem' type: array meta: $ref: '#/components/schemas/ResponseMetaAttributes' readOnly: true type: object UsersType: default: users description: Users resource type. enum: - users example: users type: string x-enum-varnames: - USERS ValidationError: description: Represents a single validation error, including a human-readable title and metadata. properties: meta: $ref: '#/components/schemas/ValidationErrorMeta' title: description: A short, human-readable summary of the error. example: Field 'region' is required type: string required: - title - meta type: object ValidationErrorMeta: description: Describes additional metadata for validation errors, including field names and error messages. properties: field: description: The field name that caused the error. example: region type: string id: description: The ID of the component in which the error occurred. example: datadog-agent-source type: string message: description: The detailed error message. example: Field 'region' is required type: string required: - message type: object ValidationResponse: description: Response containing validation errors. example: errors: - meta: field: region id: datadog-agent-source message: Field 'region' is required title: Field 'region' is required properties: errors: description: The `ValidationResponse` `errors`. items: $ref: '#/components/schemas/ValidationError' type: array type: object Version: description: Version of the notification rule. It is updated when the rule is modified. example: 1 format: int64 type: integer VulnerabilitiesType: description: The JSON:API type. enum: - vulnerabilities example: vulnerabilities type: string x-enum-varnames: - VULNERABILITIES Vulnerability: description: A single vulnerability properties: attributes: $ref: '#/components/schemas/VulnerabilityAttributes' id: description: The unique ID for this vulnerability. example: 3ecdfea798f2ce8f6e964805a344945f type: string relationships: $ref: '#/components/schemas/VulnerabilityRelationships' type: $ref: '#/components/schemas/VulnerabilitiesType' required: - id - type - attributes - relationships type: object VulnerabilityAttributes: description: The JSON:API attributes of the vulnerability. properties: advisory_id: description: Vulnerability advisory ID. example: TRIVY-CVE-2023-0615 type: string code_location: $ref: '#/components/schemas/CodeLocation' cve_list: description: Vulnerability CVE list. example: - CVE-2023-0615 items: example: CVE-2023-0615 type: string type: array cvss: $ref: '#/components/schemas/VulnerabilityCvss' dependency_locations: $ref: '#/components/schemas/VulnerabilityDependencyLocations' description: description: Vulnerability description. example: LDAP Injection is a security vulnerability that occurs when untrusted user input is improperly handled and directly incorporated into LDAP queries without appropriate sanitization or validation. This vulnerability enables attackers to manipulate LDAP queries and potentially gain unauthorized access, modify data, or extract sensitive information from the directory server. By exploiting the LDAP injection vulnerability, attackers can execute malicious commands, bypass authentication mechanisms, and perform unauthorized actions within the directory service. type: string ecosystem: $ref: '#/components/schemas/VulnerabilityEcosystem' exposure_time: description: Vulnerability exposure time in seconds. example: 5618604 format: int64 type: integer first_detection: description: First detection of the vulnerability in [RFC 3339](https://datatracker.ietf.org/doc/html/rfc3339) format example: 2024-09-19 21:23:08+00:00 type: string fix_available: description: Whether the vulnerability has a remediation or not. example: false type: boolean language: description: Vulnerability language. example: ubuntu type: string last_detection: description: Last detection of the vulnerability in [RFC 3339](https://datatracker.ietf.org/doc/html/rfc3339) format example: 2024-09-01 21:23:08+00:00 type: string library: $ref: '#/components/schemas/Library' remediations: description: List of remediations. items: $ref: '#/components/schemas/Remediation' type: array repo_digests: description: Vulnerability `repo_digest` list (when the vulnerability is related to `Image` asset). items: example: sha256:0ae7da091191787229d321e3638e39c319a97d6e20f927d465b519d699215bf7 type: string type: array risks: $ref: '#/components/schemas/VulnerabilityRisks' status: $ref: '#/components/schemas/VulnerabilityStatus' title: description: Vulnerability title. example: LDAP Injection type: string tool: $ref: '#/components/schemas/VulnerabilityTool' type: $ref: '#/components/schemas/VulnerabilityType' required: - type - cvss - status - tool - title - description - cve_list - risks - language - first_detection - last_detection - exposure_time - remediations - fix_available type: object VulnerabilityCvss: description: Vulnerability severities. properties: base: $ref: '#/components/schemas/CVSS' datadog: $ref: '#/components/schemas/CVSS' required: - base - datadog type: object VulnerabilityDependencyLocations: description: Static library vulnerability location. properties: block: $ref: '#/components/schemas/DependencyLocation' name: $ref: '#/components/schemas/DependencyLocation' version: $ref: '#/components/schemas/DependencyLocation' required: - block type: object VulnerabilityEcosystem: description: The related vulnerability asset ecosystem. enum: - PyPI - Maven - NuGet - Npm - RubyGems - Go - Packagist - Ddeb - Rpm - Apk - Windows type: string x-enum-varnames: - PYPI - MAVEN - NUGET - NPM - RUBY_GEMS - GO - PACKAGIST - D_DEB - RPM - APK - WINDOWS VulnerabilityRelationships: description: Related entities object. properties: affects: $ref: '#/components/schemas/VulnerabilityRelationshipsAffects' required: - affects type: object VulnerabilityRelationshipsAffects: description: Relationship type. properties: data: $ref: '#/components/schemas/VulnerabilityRelationshipsAffectsData' required: - data type: object VulnerabilityRelationshipsAffectsData: description: Asset affected by this vulnerability. properties: id: description: The unique ID for this related asset. example: Repository|github.com/DataDog/datadog-agent.git type: string type: $ref: '#/components/schemas/AssetEntityType' required: - id - type type: object VulnerabilityRisks: description: Vulnerability risks. properties: epss: $ref: '#/components/schemas/EPSS' exploit_available: description: Vulnerability public exploit availability. example: false type: boolean exploit_sources: description: Vulnerability exploit sources. example: - NIST items: example: NIST type: string type: array exploitation_probability: description: Vulnerability exploitation probability. example: false type: boolean poc_exploit_available: description: Vulnerability POC exploit availability. example: false type: boolean required: - exploitation_probability - poc_exploit_available - exploit_available - exploit_sources type: object VulnerabilitySeverity: description: The vulnerability severity. enum: - Unknown - None - Low - Medium - High - Critical example: Medium type: string x-enum-varnames: - UNKNOWN - NONE - LOW - MEDIUM - HIGH - CRITICAL VulnerabilityStatus: description: The vulnerability status. enum: - Open - Muted - Remediated - InProgress - AutoClosed example: Open type: string x-enum-varnames: - OPEN - MUTED - REMEDIATED - INPROGRESS - AUTOCLOSED VulnerabilityTool: description: The vulnerability tool. enum: - IAST - SCA - Infra example: SCA type: string x-enum-varnames: - IAST - SCA - INFRA VulnerabilityType: description: The vulnerability type. enum: - AdminConsoleActive - CodeInjection - CommandInjection - ComponentWithKnownVulnerability - DangerousWorkflows - DefaultAppDeployed - DefaultHtmlEscapeInvalid - DirectoryListingLeak - EmailHtmlInjection - EndOfLife - HardcodedPassword - HardcodedSecret - HeaderInjection - HstsHeaderMissing - InsecureAuthProtocol - InsecureCookie - InsecureJspLayout - LdapInjection - MaliciousPackage - MandatoryRemediation - NoHttpOnlyCookie - NoSameSiteCookie - NoSqlMongoDbInjection - PathTraversal - ReflectionInjection - RiskyLicense - SessionRewriting - SessionTimeout - SqlInjection - Ssrf - StackTraceLeak - TrustBoundaryViolation - Unmaintained - UntrustedDeserialization - UnvalidatedRedirect - VerbTampering - WeakCipher - WeakHash - WeakRandomness - XContentTypeHeaderMissing - XPathInjection - Xss example: WeakCipher type: string x-enum-varnames: - ADMIN_CONSOLE_ACTIVE - CODE_INJECTION - COMMAND_INJECTION - COMPONENT_WITH_KNOWN_VULNERABILITY - DANGEROUS_WORKFLOWS - DEFAULT_APP_DEPLOYED - DEFAULT_HTML_ESCAPE_INVALID - DIRECTORY_LISTING_LEAK - EMAIL_HTML_INJECTION - END_OF_LIFE - HARDCODED_PASSWORD - HARDCODED_SECRET - HEADER_INJECTION - HSTS_HEADER_MISSING - INSECURE_AUTH_PROTOCOL - INSECURE_COOKIE - INSECURE_JSP_LAYOUT - LDAP_INJECTION - MALICIOUS_PACKAGE - MANDATORY_REMEDIATION - NO_HTTP_ONLY_COOKIE - NO_SAME_SITE_COOKIE - NO_SQL_MONGO_DB_INJECTION - PATH_TRAVERSAL - REFLECTION_INJECTION - RISKY_LICENSE - SESSION_REWRITING - SESSION_TIMEOUT - SQL_INJECTION - SSRF - STACK_TRACE_LEAK - TRUST_BOUNDARY_VIOLATION - UNMAINTAINED - UNTRUSTED_DESERIALIZATION - UNVALIDATED_REDIRECT - VERB_TAMPERING - WEAK_CIPHER - WEAK_HASH - WEAK_RANDOMNESS - X_CONTENT_TYPE_HEADER_MISSING - X_PATH_INJECTION - XSS Weekday: description: A day of the week. enum: - monday - tuesday - wednesday - thursday - friday - saturday - sunday type: string x-enum-varnames: - MONDAY - TUESDAY - WEDNESDAY - THURSDAY - FRIDAY - SATURDAY - SUNDAY WidgetLiveSpan: description: The available timeframes depend on the widget you are using. enum: - 1m - 5m - 10m - 15m - 30m - 1h - 4h - 1d - 2d - 1w - 1mo - 3mo - 6mo - 1y - alert example: 5m type: string x-enum-varnames: - PAST_ONE_MINUTE - PAST_FIVE_MINUTES - PAST_TEN_MINUTES - PAST_FIFTEEN_MINUTES - PAST_THIRTY_MINUTES - PAST_ONE_HOUR - PAST_FOUR_HOURS - PAST_ONE_DAY - PAST_TWO_DAYS - PAST_ONE_WEEK - PAST_ONE_MONTH - PAST_THREE_MONTHS - PAST_SIX_MONTHS - PAST_ONE_YEAR - ALERT WorkflowData: description: Data related to the workflow. properties: attributes: $ref: '#/components/schemas/WorkflowDataAttributes' id: description: The workflow identifier readOnly: true type: string relationships: $ref: '#/components/schemas/WorkflowDataRelationships' type: $ref: '#/components/schemas/WorkflowDataType' required: - type - attributes type: object WorkflowDataAttributes: description: The definition of `WorkflowDataAttributes` object. properties: createdAt: description: When the workflow was created. format: date-time readOnly: true type: string description: description: Description of the workflow. type: string name: description: Name of the workflow. example: '' type: string published: description: Set the workflow to published or unpublished. Workflows in an unpublished state will only be executable via manual runs. Automatic triggers such as Schedule will not execute the workflow until it is published. type: boolean spec: $ref: '#/components/schemas/Spec' tags: description: Tags of the workflow. items: type: string type: array updatedAt: description: When the workflow was last updated. format: date-time readOnly: true type: string webhookSecret: description: If a Webhook trigger is defined on this workflow, a webhookSecret is required and should be provided here. type: string writeOnly: true required: - name - spec type: object WorkflowDataRelationships: description: The definition of `WorkflowDataRelationships` object. properties: creator: $ref: '#/components/schemas/WorkflowUserRelationship' owner: $ref: '#/components/schemas/WorkflowUserRelationship' readOnly: true type: object WorkflowDataType: description: The definition of `WorkflowDataType` object. enum: - workflows example: workflows type: string x-enum-varnames: - WORKFLOWS WorkflowDataUpdate: description: Data related to the workflow being updated. properties: attributes: $ref: '#/components/schemas/WorkflowDataUpdateAttributes' id: description: The workflow identifier type: string relationships: $ref: '#/components/schemas/WorkflowDataRelationships' type: $ref: '#/components/schemas/WorkflowDataType' required: - type - attributes type: object WorkflowDataUpdateAttributes: description: The definition of `WorkflowDataUpdateAttributes` object. properties: createdAt: description: When the workflow was created. format: date-time readOnly: true type: string description: description: Description of the workflow. type: string name: description: Name of the workflow. type: string published: description: Set the workflow to published or unpublished. Workflows in an unpublished state will only be executable via manual runs. Automatic triggers such as Schedule will not execute the workflow until it is published. type: boolean spec: $ref: '#/components/schemas/Spec' tags: description: Tags of the workflow. items: type: string type: array updatedAt: description: When the workflow was last updated. format: date-time readOnly: true type: string webhookSecret: description: If a Webhook trigger is defined on this workflow, a webhookSecret is required and should be provided here. type: string writeOnly: true type: object WorkflowInstanceCreateMeta: description: Additional information for creating a workflow instance. properties: payload: additionalProperties: {} description: The input parameters to the workflow. type: object type: object WorkflowInstanceCreateRequest: description: Request used to create a workflow instance. properties: meta: $ref: '#/components/schemas/WorkflowInstanceCreateMeta' type: object WorkflowInstanceCreateResponse: additionalProperties: {} description: Response returned upon successful workflow instance creation. properties: data: $ref: '#/components/schemas/WorkflowInstanceCreateResponseData' type: object WorkflowInstanceCreateResponseData: additionalProperties: {} description: Data about the created workflow instance. properties: id: description: The ID of the workflow execution. It can be used to fetch the execution status. type: string type: object WorkflowInstanceListItem: additionalProperties: {} description: An item in the workflow instances list. properties: id: description: The ID of the workflow instance type: string type: object WorkflowListInstancesResponse: additionalProperties: {} description: Response returned when listing workflow instances. properties: data: description: A list of workflow instances. items: $ref: '#/components/schemas/WorkflowInstanceListItem' type: array meta: $ref: '#/components/schemas/WorkflowListInstancesResponseMeta' type: object WorkflowListInstancesResponseMeta: additionalProperties: {} description: Metadata about the instances list properties: page: $ref: '#/components/schemas/WorkflowListInstancesResponseMetaPage' type: object WorkflowListInstancesResponseMetaPage: additionalProperties: {} description: Page information for the list instances response. properties: totalCount: description: The total count of items. format: int64 type: integer type: object WorkflowTriggerWrapper: description: Schema for a Workflow-based trigger. properties: startStepNames: $ref: '#/components/schemas/StartStepNames' workflowTrigger: description: Trigger a workflow from the Datadog UI. Only required if no other trigger exists. type: object required: - workflowTrigger type: object WorkflowUserRelationship: description: The definition of `WorkflowUserRelationship` object. properties: data: $ref: '#/components/schemas/WorkflowUserRelationshipData' type: object WorkflowUserRelationshipData: description: The definition of `WorkflowUserRelationshipData` object. properties: id: description: The user identifier example: '' type: string type: $ref: '#/components/schemas/WorkflowUserRelationshipType' required: - type - id type: object WorkflowUserRelationshipType: description: The definition of `WorkflowUserRelationshipType` object. enum: - users example: users type: string x-enum-varnames: - USERS WorklflowCancelInstanceResponse: description: Information about the canceled instance. properties: data: $ref: '#/components/schemas/WorklflowCancelInstanceResponseData' type: object WorklflowCancelInstanceResponseData: description: Data about the canceled instance. properties: id: description: The id of the canceled instance type: string type: object WorklflowGetInstanceResponse: additionalProperties: {} description: The state of the given workflow instance. properties: data: $ref: '#/components/schemas/WorklflowGetInstanceResponseData' type: object WorklflowGetInstanceResponseData: additionalProperties: {} description: The data of the instance response. properties: attributes: $ref: '#/components/schemas/WorklflowGetInstanceResponseDataAttributes' type: object WorklflowGetInstanceResponseDataAttributes: additionalProperties: {} description: The attributes of the instance response data. properties: id: description: The id of the instance. type: string type: object XRayServicesIncludeAll: description: Include all services. properties: include_all: description: Include all services. example: false type: boolean required: - include_all type: object XRayServicesIncludeOnly: description: Include only these services. Defaults to `[]`. nullable: true properties: include_only: description: Include only these services. example: - AWS/AppSync items: example: AWS/AppSync type: string type: array required: - include_only type: object XRayServicesList: description: AWS X-Ray services to collect traces from. Defaults to `include_only`. oneOf: - $ref: '#/components/schemas/XRayServicesIncludeAll' - $ref: '#/components/schemas/XRayServicesIncludeOnly' securitySchemes: AuthZ: description: This API uses OAuth 2 with the implicit grant flow. flows: authorizationCode: authorizationUrl: /oauth2/v1/authorize scopes: apm_api_catalog_read: View API catalog and API definitions. apm_api_catalog_write: Add, modify, and delete API catalog definitions. apm_read: Read and query APM and Trace Analytics. apm_service_catalog_read: View service catalog and service definitions. apm_service_catalog_write: Add, modify, and delete service catalog definitions when those definitions are maintained by Datadog. appsec_vm_read: View infrastructure, application code, and library vulnerabilities. This does not restrict API or inventory SQL access to the vulnerability data source. billing_read: View your organization's billing information. cases_read: View Cases. cases_write: Create and update cases. ci_visibility_pipelines_write: Create CI Visibility pipeline spans using the API. ci_visibility_read: View CI Visibility. cloud_cost_management_read: View Cloud Cost pages and the cloud cost data source in dashboards and notebooks. For more details, see the Cloud Cost Management docs. cloud_cost_management_write: Configure cloud cost accounts and global customizations. For more details, see the Cloud Cost Management docs. code_analysis_read: View Code Analysis. continuous_profiler_pgo_read: Read and query Continuous Profiler data for Profile-Guided Optimization (PGO). create_webhooks: Create webhooks integrations. dashboards_embed_share: Create, modify, and delete shared dashboards with share type 'embed'. dashboards_invite_share: Create, modify, and delete shared dashboards with share type 'invite'. dashboards_public_share: Generate public and authenticated links to share dashboards or embeddable graphs externally. dashboards_read: View dashboards. dashboards_write: Create and change dashboards. data_scanner_read: View Data Scanner configurations. data_scanner_write: Edit Data Scanner configurations. embeddable_graphs_share: Generate public links to share embeddable graphs externally. events_read: Read Events data. hosts_read: List hosts and their attributes. incident_notification_settings_write: Configure Incidents Notification settings. incident_read: View incidents in Datadog. incident_settings_write: Configure Incident Settings. incident_write: Create, view, and manage incidents in Datadog. metrics_read: View custom metrics. monitor_config_policy_write: Edit and delete monitor configuration. monitors_downtime: Set downtimes to suppress alerts from any monitor in an organization. Mute and unmute monitors. The ability to write monitors is not required to set downtimes. monitors_read: View monitors. monitors_write: Edit, delete, and resolve individual monitors. org_management: Edit org configurations, including authentication and certain security preferences such as configuring SAML, renaming an org, configuring allowed login methods, creating child orgs, subscribing & unsubscribing from apps in the marketplace, and enabling & disabling Remote Configuration for the entire organization. security_comments_read: Read comments of vulnerabilities. security_monitoring_filters_read: Read Security Filters. security_monitoring_filters_write: Create, edit, and delete Security Filters. security_monitoring_findings_read: View a list of findings that include both misconfigurations and identity risks. security_monitoring_notification_profiles_read: View Rule Security Notification rules. security_monitoring_notification_profiles_write: Create, edit, and delete Security Notification rules. security_monitoring_rules_read: Read Detection Rules. security_monitoring_rules_write: Create and edit Detection Rules. security_monitoring_signals_read: View Security Signals. security_monitoring_suppressions_read: Read Rule Suppressions. security_monitoring_suppressions_write: Write Rule Suppressions. security_pipelines_read: View Security Pipelines. security_pipelines_write: Create, edit, and delete CSM Security Pipelines. slos_corrections: Apply, edit, and delete SLO status corrections. A user with this permission can make status corrections, even if they do not have permission to edit those SLOs. slos_read: View SLOs and status corrections. slos_write: Create, edit, and delete SLOs. synthetics_global_variable_read: View, search, and use Synthetics global variables. synthetics_global_variable_write: Create, edit, and delete global variables for Synthetics. synthetics_private_location_read: View, search, and use Synthetics private locations. synthetics_private_location_write: Create and delete private locations in addition to having access to the associated installation guidelines. synthetics_read: List and view configured Synthetic tests and test results. synthetics_write: Create, edit, and delete Synthetic tests. teams_manage: Manage Teams. Create, delete, rename, and edit metadata of all Teams. To control Team membership across all Teams, use the User Access Manage permission. teams_read: Read Teams data. A User with this permission can view Team names, metadata, and which Users are on each Team. test_optimization_read: View Test Optimization. timeseries_query: Query Timeseries data. usage_read: View your organization's usage and usage attribution. user_access_invite: Invite other users to your organization. user_access_manage: Disable users, manage user roles, manage SAML-to-role mappings, and configure logs restriction queries. user_access_read: View users and their roles and settings. workflows_read: View workflows. workflows_run: Run workflows. workflows_write: Create, edit, and delete workflows. tokenUrl: /oauth2/v1/token type: oauth2 apiKeyAuth: description: Your Datadog API Key. in: header name: DD-API-KEY type: apiKey x-env-name: DD_API_KEY appKeyAuth: description: Your Datadog APP Key. in: header name: DD-APPLICATION-KEY type: apiKey x-env-name: DD_APP_KEY bearerAuth: scheme: bearer type: http x-env-name: DD_BEARER_TOKEN info: contact: email: support@datadoghq.com name: Datadog Support url: https://www.datadoghq.com/support/ description: Collection of all Datadog Public endpoints. title: Datadog API V2 Collection version: '1.0' openapi: 3.0.0 paths: /api/v2/actions/connections: post: description: Create a new Action Connection operationId: CreateActionConnection requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateActionConnectionRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/CreateActionConnectionResponse' description: Successfully created Action Connection '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '429': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Too Many Request summary: Create a new Action Connection tags: - Action Connection /api/v2/actions/connections/{connection_id}: delete: description: Delete an existing Action Connection operationId: DeleteActionConnection parameters: - $ref: '#/components/parameters/ConnectionId' responses: '204': description: The resource was deleted successfully. '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Not Found '429': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Too Many Request summary: Delete an existing Action Connection tags: - Action Connection x-permission: operator: OR permissions: - connection_write get: description: Get an existing Action Connection operationId: GetActionConnection parameters: - $ref: '#/components/parameters/ConnectionId' responses: '200': content: application/json: schema: $ref: '#/components/schemas/GetActionConnectionResponse' description: Successfully get Action Connection '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Not Found '429': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Too Many Request summary: Get an existing Action Connection tags: - Action Connection patch: description: Update an existing Action Connection operationId: UpdateActionConnection parameters: - $ref: '#/components/parameters/ConnectionId' requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateActionConnectionRequest' description: Update an existing Action Connection request body required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/UpdateActionConnectionResponse' description: Successfully updated Action Connection '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Not Found '429': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Too Many Request summary: Update an existing Action Connection tags: - Action Connection /api/v2/agentless_scanning/accounts/aws: get: description: Fetches the scan options configured for AWS accounts. operationId: ListAwsScanOptions responses: '200': content: application/json: schema: $ref: '#/components/schemas/AwsScanOptionsListResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get AWS Scan Options tags: - Agentless Scanning post: description: Activate Agentless scan options for an AWS account. operationId: CreateAwsScanOptions requestBody: content: application/json: schema: $ref: '#/components/schemas/AwsScanOptionsCreateRequest' description: The definition of the new scan options. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/AwsScanOptionsResponse' description: Agentless scan options enabled successfully. '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Post AWS Scan Options tags: - Agentless Scanning x-codegen-request-body-name: body /api/v2/agentless_scanning/accounts/aws/{account_id}: delete: description: Delete Agentless scan options for an AWS account. operationId: DeleteAwsScanOptions parameters: - $ref: '#/components/parameters/AwsAccountId' responses: '204': description: No Content '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete AWS Scan Options tags: - Agentless Scanning patch: description: Update the Agentless scan options for an activated account. operationId: UpdateAwsScanOptions parameters: - $ref: '#/components/parameters/AwsAccountId' requestBody: content: application/json: schema: $ref: '#/components/schemas/AwsScanOptionsUpdateRequest' description: New definition of the scan options. required: true responses: '204': description: No Content '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Patch AWS Scan Options tags: - Agentless Scanning x-codegen-request-body-name: body /api/v2/agentless_scanning/ondemand/aws: get: description: Fetches the most recent 1000 AWS on demand tasks. operationId: ListAwsOnDemandTasks responses: '200': content: application/json: schema: $ref: '#/components/schemas/AwsOnDemandListResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get AWS On Demand tasks tags: - Agentless Scanning x-permission: operator: OR permissions: - security_monitoring_findings_read post: description: Trigger the scan of an AWS resource with a high priority. Agentless scanning must be activated for the AWS account containing the resource to scan. operationId: CreateAwsOnDemandTask requestBody: content: application/json: schema: $ref: '#/components/schemas/AwsOnDemandCreateRequest' description: The definition of the on demand task. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/AwsOnDemandResponse' description: AWS on demand task created successfully. '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Post an AWS on demand task tags: - Agentless Scanning x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_findings_write /api/v2/agentless_scanning/ondemand/aws/{task_id}: get: description: Fetch the data of a specific on demand task. operationId: GetAwsOnDemandTask parameters: - $ref: '#/components/parameters/OnDemandTaskId' responses: '200': content: application/json: schema: $ref: '#/components/schemas/AwsOnDemandResponse' description: OK. '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get AWS On Demand task by id tags: - Agentless Scanning x-permission: operator: OR permissions: - security_monitoring_findings_read /api/v2/api_keys: get: description: List all API keys available for your account. operationId: ListAPIKeys parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - $ref: '#/components/parameters/APIKeysSortParameter' - $ref: '#/components/parameters/APIKeyFilterParameter' - $ref: '#/components/parameters/APIKeyFilterCreatedAtStartParameter' - $ref: '#/components/parameters/APIKeyFilterCreatedAtEndParameter' - $ref: '#/components/parameters/APIKeyFilterModifiedAtStartParameter' - $ref: '#/components/parameters/APIKeyFilterModifiedAtEndParameter' - $ref: '#/components/parameters/APIKeyIncludeParameter' - $ref: '#/components/parameters/APIKeyReadConfigReadEnabledParameter' - $ref: '#/components/parameters/APIKeyCategoryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/APIKeysResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all API keys tags: - Key Management x-permission: operator: OR permissions: - api_keys_read post: description: Create an API key. operationId: CreateAPIKey requestBody: content: application/json: schema: $ref: '#/components/schemas/APIKeyCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/APIKeyResponse' description: Created '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create an API key tags: - Key Management x-codegen-request-body-name: body x-permission: operator: OR permissions: - api_keys_write /api/v2/api_keys/{api_key_id}: delete: description: Delete an API key. operationId: DeleteAPIKey parameters: - $ref: '#/components/parameters/APIKeyId' responses: '204': description: No Content '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete an API key tags: - Key Management x-permission: operator: OR permissions: - api_keys_delete get: description: Get an API key. operationId: GetAPIKey parameters: - $ref: '#/components/parameters/APIKeyId' - $ref: '#/components/parameters/APIKeyIncludeParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/APIKeyResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get API key tags: - Key Management x-permission: operator: OR permissions: - api_keys_read patch: description: Update an API key. operationId: UpdateAPIKey parameters: - $ref: '#/components/parameters/APIKeyId' requestBody: content: application/json: schema: $ref: '#/components/schemas/APIKeyUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/APIKeyResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Edit an API key tags: - Key Management x-codegen-request-body-name: body x-permission: operator: OR permissions: - api_keys_write /api/v2/apicatalog/api: get: deprecated: true description: List APIs and their IDs. operationId: ListAPIs parameters: - description: Filter APIs by name in: query name: query required: false schema: example: payments type: string - description: Number of items per page. in: query name: page[limit] required: false schema: default: 20 format: int64 minimum: 1 type: integer - description: Offset for pagination. in: query name: page[offset] required: false schema: default: 0 format: int64 minimum: 0 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListAPIsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_api_catalog_read summary: List APIs tags: - API Management x-permission: operator: OR permissions: - apm_api_catalog_read x-unstable: '**Note**: This endpoint is deprecated.' /api/v2/apicatalog/api/{id}: delete: deprecated: true description: Delete a specific API by ID. operationId: DeleteOpenAPI parameters: - description: ID of the API to delete in: path name: id required: true schema: $ref: '#/components/schemas/ApiID' responses: '204': description: API deleted successfully '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: API not found error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_api_catalog_write summary: Delete an API tags: - API Management x-permission: operator: OR permissions: - apm_api_catalog_write x-unstable: '**Note**: This endpoint is deprecated.' /api/v2/apicatalog/api/{id}/openapi: get: deprecated: true description: Retrieve information about a specific API in [OpenAPI](https://spec.openapis.org/oas/latest.html) format file. operationId: GetOpenAPI parameters: - description: ID of the API to retrieve in: path name: id required: true schema: $ref: '#/components/schemas/ApiID' responses: '200': content: multipart/form-data: schema: format: binary type: string description: OK '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: API not found error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_api_catalog_read summary: Get an API tags: - API Management x-permission: operator: OR permissions: - apm_api_catalog_read x-unstable: '**Note**: This endpoint is deprecated.' put: deprecated: true description: 'Update information about a specific API. The given content will replace all API content of the given ID. The ID is returned by the create API, or can be found in the URL in the API catalog UI. ' operationId: UpdateOpenAPI parameters: - description: ID of the API to modify in: path name: id required: true schema: $ref: '#/components/schemas/ApiID' requestBody: content: multipart/form-data: schema: $ref: '#/components/schemas/OpenAPIFile' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/UpdateOpenAPIResponse' description: API updated successfully '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: API not found error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_api_catalog_write summary: Update an API tags: - API Management x-permission: operator: OR permissions: - apm_api_catalog_write x-unstable: '**Note**: This endpoint is deprecated.' /api/v2/apicatalog/openapi: post: deprecated: true description: 'Create a new API from the [OpenAPI](https://spec.openapis.org/oas/latest.html) specification given. See the [API Catalog documentation](https://docs.datadoghq.com/api_catalog/add_metadata/) for additional information about the possible metadata. It returns the created API ID. ' operationId: CreateOpenAPI requestBody: content: multipart/form-data: schema: $ref: '#/components/schemas/OpenAPIFile' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/CreateOpenAPIResponse' description: API created successfully '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_api_catalog_write summary: Create a new API tags: - API Management x-permission: operator: OR permissions: - apm_api_catalog_write x-unstable: '**Note**: This endpoint is deprecated.' /api/v2/apm/config/metrics: get: description: Get the list of configured span-based metrics with their definitions. operationId: ListSpansMetrics responses: '200': content: application/json: schema: $ref: '#/components/schemas/SpansMetricsResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all span-based metrics tags: - Spans Metrics x-permission: operator: OR permissions: - apm_read post: description: 'Create a metric based on your ingested spans in your organization. Returns the span-based metric object from the request body when the request is successful.' operationId: CreateSpansMetric requestBody: content: application/json: schema: $ref: '#/components/schemas/SpansMetricCreateRequest' description: The definition of the new span-based metric. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SpansMetricResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a span-based metric tags: - Spans Metrics x-codegen-request-body-name: body x-permission: operator: OR permissions: - apm_generate_metrics /api/v2/apm/config/metrics/{metric_id}: delete: description: Delete a specific span-based metric from your organization. operationId: DeleteSpansMetric parameters: - $ref: '#/components/parameters/SpansMetricIDParameter' responses: '204': description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a span-based metric tags: - Spans Metrics x-permission: operator: OR permissions: - apm_generate_metrics get: description: Get a specific span-based metric from your organization. operationId: GetSpansMetric parameters: - $ref: '#/components/parameters/SpansMetricIDParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/SpansMetricResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a span-based metric tags: - Spans Metrics x-permission: operator: OR permissions: - apm_read patch: description: 'Update a specific span-based metric from your organization. Returns the span-based metric object from the request body when the request is successful.' operationId: UpdateSpansMetric parameters: - $ref: '#/components/parameters/SpansMetricIDParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/SpansMetricUpdateRequest' description: New definition of the span-based metric. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SpansMetricResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a span-based metric tags: - Spans Metrics x-codegen-request-body-name: body x-permission: operator: OR permissions: - apm_generate_metrics /api/v2/apm/config/retention-filters: get: description: Get the list of APM retention filters. operationId: ListApmRetentionFilters responses: '200': content: application/json: schema: $ref: '#/components/schemas/RetentionFiltersResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List all APM retention filters tags: - APM Retention Filters x-permission: operator: OR permissions: - apm_retention_filter_read - apm_pipelines_read post: description: 'Create a retention filter to index spans in your organization. Returns the retention filter definition when the request is successful. Default filters with types spans-errors-sampling-processor and spans-appsec-sampling-processor cannot be created.' operationId: CreateApmRetentionFilter requestBody: content: application/json: schema: $ref: '#/components/schemas/RetentionFilterCreateRequest' description: The definition of the new retention filter. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RetentionFilterCreateResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a retention filter tags: - APM Retention Filters x-codegen-request-body-name: body x-permission: operator: OR permissions: - apm_retention_filter_write - apm_pipelines_write /api/v2/apm/config/retention-filters-execution-order: put: description: Re-order the execution order of retention filters. operationId: ReorderApmRetentionFilters requestBody: content: application/json: schema: $ref: '#/components/schemas/ReorderRetentionFiltersRequest' description: The list of retention filters in the new order. required: true responses: '200': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Re-order retention filters tags: - APM Retention Filters x-codegen-request-body-name: body x-permission: operator: OR permissions: - apm_retention_filter_write - apm_pipelines_write /api/v2/apm/config/retention-filters/{filter_id}: delete: description: 'Delete a specific retention filter from your organization. Default filters with types spans-errors-sampling-processor and spans-appsec-sampling-processor cannot be deleted.' operationId: DeleteApmRetentionFilter parameters: - $ref: '#/components/parameters/RetentionFilterIdParam' responses: '200': description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a retention filter tags: - APM Retention Filters x-permission: operator: OR permissions: - apm_retention_filter_write - apm_pipelines_write get: description: Get an APM retention filter. operationId: GetApmRetentionFilter parameters: - $ref: '#/components/parameters/RetentionFilterIdParam' responses: '200': content: application/json: schema: $ref: '#/components/schemas/RetentionFilterResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a given APM retention filter tags: - APM Retention Filters x-permission: operator: OR permissions: - apm_retention_filter_read - apm_pipelines_read put: description: 'Update a retention filter from your organization. Default filters (filters with types spans-errors-sampling-processor and spans-appsec-sampling-processor) cannot be renamed or removed.' operationId: UpdateApmRetentionFilter parameters: - $ref: '#/components/parameters/RetentionFilterIdParam' requestBody: content: application/json: schema: $ref: '#/components/schemas/RetentionFilterUpdateRequest' description: The updated definition of the retention filter. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RetentionFilterResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a retention filter tags: - APM Retention Filters x-codegen-request-body-name: body x-permission: operator: OR permissions: - apm_retention_filter_write - apm_pipelines_write /api/v2/app-builder/apps: delete: description: Delete multiple apps in a single request from a list of app IDs. operationId: DeleteApps requestBody: content: application/json: schema: $ref: '#/components/schemas/DeleteAppsRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/DeleteAppsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete Multiple Apps tags: - App Builder x-permission: operator: OR permissions: - apps_write get: description: List all apps, with optional filters and sorting. This endpoint is paginated. Only basic app information such as the app ID, name, and description is returned by this endpoint. operationId: ListApps parameters: - description: The number of apps to return per page. in: query name: limit required: false schema: format: int64 type: integer - description: The page number to return. in: query name: page required: false schema: format: int64 type: integer - description: Filter apps by the app creator. Usually the user's email. in: query name: filter[user_name] required: false schema: type: string - description: Filter apps by the app creator's UUID. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 in: query name: filter[user_uuid] required: false schema: format: uuid type: string - description: Filter by app name. in: query name: filter[name] required: false schema: type: string - description: Filter apps by the app name or the app creator. in: query name: filter[query] required: false schema: type: string - description: Filter apps by whether they are published. in: query name: filter[deployed] required: false schema: type: boolean - description: Filter apps by tags. in: query name: filter[tags] required: false schema: type: string - description: Filter apps by whether you have added them to your favorites. in: query name: filter[favorite] required: false schema: type: boolean - description: Filter apps by whether they are enabled for self-service. in: query name: filter[self_service] required: false schema: type: boolean - description: The fields and direction to sort apps by. explode: false in: query name: sort required: false schema: items: $ref: '#/components/schemas/AppsSortField' type: array style: form responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListAppsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List Apps tags: - App Builder x-permission: operator: OR permissions: - apps_run post: description: Create a new app, returning the app ID. operationId: CreateApp requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateAppRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/CreateAppResponse' description: Created '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create App tags: - App Builder x-permission: operator: AND permissions: - apps_write - connections_resolve - workflows_run /api/v2/app-builder/apps/{app_id}: delete: description: Delete a single app. operationId: DeleteApp parameters: - description: The ID of the app to delete. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 in: path name: app_id required: true schema: format: uuid type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/DeleteAppResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Not Found '410': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Gone '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete App tags: - App Builder x-permission: operator: OR permissions: - apps_write get: description: Get the full definition of an app. operationId: GetApp parameters: - description: The ID of the app to retrieve. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 in: path name: app_id required: true schema: format: uuid type: string - description: The version number of the app to retrieve. If not specified, the latest version is returned. Version numbers start at 1 and increment with each update. The special values `latest` and `deployed` can be used to retrieve the latest version or the published version, respectively. in: query name: version required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/GetAppResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Not Found '410': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Gone '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get App tags: - App Builder x-permission: operator: AND permissions: - apps_run - connections_read patch: description: Update an existing app. This creates a new version of the app. operationId: UpdateApp parameters: - description: The ID of the app to update. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 in: path name: app_id required: true schema: format: uuid type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateAppRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/UpdateAppResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update App tags: - App Builder x-permission: operator: AND permissions: - apps_write - connections_resolve - workflows_run /api/v2/app-builder/apps/{app_id}/deployment: delete: description: Unpublish an app, removing the live version of the app. Unpublishing creates a new instance of a `deployment` object on the app, with a nil `app_version_id` (`00000000-0000-0000-0000-000000000000`). The app can still be updated and published again in the future. operationId: UnpublishApp parameters: - description: The ID of the app to unpublish. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 in: path name: app_id required: true schema: format: uuid type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/UnpublishAppResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Unpublish App tags: - App Builder x-permission: operator: OR permissions: - apps_write post: description: Publish an app for use by other users. To ensure the app is accessible to the correct users, you also need to set a [Restriction Policy](https://docs.datadoghq.com/api/latest/restriction-policies/) on the app if a policy does not yet exist. operationId: PublishApp parameters: - description: The ID of the app to publish. example: 65bb1f25-52e1-4510-9f8d-22d1516ed693 in: path name: app_id required: true schema: format: uuid type: string responses: '201': content: application/json: schema: $ref: '#/components/schemas/PublishAppResponse' description: Created '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Publish App tags: - App Builder x-permission: operator: OR permissions: - apps_write /api/v2/application_keys: get: description: List all application keys available for your org operationId: ListApplicationKeys parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - $ref: '#/components/parameters/ApplicationKeysSortParameter' - $ref: '#/components/parameters/ApplicationKeyFilterParameter' - $ref: '#/components/parameters/ApplicationKeyFilterCreatedAtStartParameter' - $ref: '#/components/parameters/ApplicationKeyFilterCreatedAtEndParameter' - $ref: '#/components/parameters/ApplicationKeyIncludeParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListApplicationKeysResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all application keys tags: - Key Management x-permission: operator: OR permissions: - org_app_keys_read /api/v2/application_keys/{app_key_id}: delete: description: Delete an application key operationId: DeleteApplicationKey parameters: - $ref: '#/components/parameters/ApplicationKeyID' responses: '204': description: No Content '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete an application key tags: - Key Management x-codegen-request-body-name: body x-permission: operator: OR permissions: - org_app_keys_write get: description: Get an application key for your org. operationId: GetApplicationKey parameters: - $ref: '#/components/parameters/ApplicationKeyID' - $ref: '#/components/parameters/ApplicationKeyIncludeParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get an application key tags: - Key Management x-permission: operator: OR permissions: - org_app_keys_read patch: description: Edit an application key operationId: UpdateApplicationKey parameters: - $ref: '#/components/parameters/ApplicationKeyID' requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Edit an application key tags: - Key Management x-codegen-request-body-name: body x-permission: operator: OR permissions: - org_app_keys_write /api/v2/audit/events: get: description: 'List endpoint returns events that match a Audit Logs search query. [Results are paginated][1]. Use this endpoint to see your latest Audit Logs events. [1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination' operationId: ListAuditLogs parameters: - description: Search query following Audit Logs syntax. example: '@type:session @application_id:xxxx' in: query name: filter[query] required: false schema: type: string - description: Minimum timestamp for requested events. example: '2019-01-02T09:42:36.320Z' in: query name: filter[from] required: false schema: format: date-time type: string - description: Maximum timestamp for requested events. example: '2019-01-03T09:42:36.320Z' in: query name: filter[to] required: false schema: format: date-time type: string - description: Order of events in results. in: query name: sort required: false schema: $ref: '#/components/schemas/AuditLogsSort' - description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== in: query name: page[cursor] required: false schema: type: string - description: Maximum number of events in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuditLogsEventsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a list of Audit Logs events tags: - Audit x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data x-permission: operator: OR permissions: - audit_logs_read /api/v2/audit/events/search: post: description: 'List endpoint returns Audit Logs events that match an Audit search query. [Results are paginated][1]. Use this endpoint to build complex Audit Logs events filtering and search. [1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination' operationId: SearchAuditLogs requestBody: content: application/json: schema: $ref: '#/components/schemas/AuditLogsSearchEventsRequest' required: false responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuditLogsEventsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Search Audit Logs events tags: - Audit x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data x-permission: operator: OR permissions: - audit_logs_read /api/v2/authn_mappings: get: description: List all AuthN Mappings in the org. operationId: ListAuthNMappings parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - description: Sort AuthN Mappings depending on the given field. in: query name: sort required: false schema: $ref: '#/components/schemas/AuthNMappingsSort' - description: Filter all mappings by the given string. in: query name: filter required: false schema: type: string - description: Filter by mapping resource type. Defaults to "role" if not specified. in: query name: resource_type schema: $ref: '#/components/schemas/AuthNMappingResourceType' responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthNMappingsResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List all AuthN Mappings tags: - AuthN Mappings x-permission: operator: OPEN permissions: [] post: description: Create an AuthN Mapping. operationId: CreateAuthNMapping requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthNMappingCreateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthNMappingResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create an AuthN Mapping tags: - AuthN Mappings x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_access_manage /api/v2/authn_mappings/{authn_mapping_id}: delete: description: Delete an AuthN Mapping specified by AuthN Mapping UUID. operationId: DeleteAuthNMapping parameters: - $ref: '#/components/parameters/AuthNMappingID' responses: '204': description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete an AuthN Mapping tags: - AuthN Mappings x-permission: operator: OR permissions: - user_access_manage get: description: Get an AuthN Mapping specified by the AuthN Mapping UUID. operationId: GetAuthNMapping parameters: - $ref: '#/components/parameters/AuthNMappingID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthNMappingResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get an AuthN Mapping by UUID tags: - AuthN Mappings x-permission: operator: OPEN permissions: [] patch: description: Edit an AuthN Mapping. operationId: UpdateAuthNMapping parameters: - $ref: '#/components/parameters/AuthNMappingID' requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthNMappingUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuthNMappingResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '409': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Conflict '422': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unprocessable Entity '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Edit an AuthN Mapping tags: - AuthN Mappings x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_access_manage /api/v2/cases: get: description: Search cases. operationId: SearchCases parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - $ref: '#/components/parameters/CaseSortableFieldParameter' - description: Search query in: query name: filter required: false schema: example: status:open (team:case-management OR team:event-management) type: string - description: Specify if order is ascending or not in: query name: sort[asc] required: false schema: default: false type: boolean responses: '200': content: application/json: schema: $ref: '#/components/schemas/CasesResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_read summary: Search cases tags: - Case Management x-pagination: limitParam: page[size] pageParam: page[number] resultsPath: data post: description: Create a Case operationId: CreateCase requestBody: content: application/json: schema: $ref: '#/components/schemas/CaseCreateRequest' description: Case payload required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/CaseResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Create a case tags: - Case Management /api/v2/cases/projects: get: description: Get all projects. operationId: GetProjects responses: '200': content: application/json: schema: $ref: '#/components/schemas/ProjectsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_read summary: Get all projects tags: - Case Management post: description: Create a project. operationId: CreateProject requestBody: content: application/json: schema: $ref: '#/components/schemas/ProjectCreateRequest' description: Project payload required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/ProjectResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Create a project tags: - Case Management /api/v2/cases/projects/{project_id}: delete: description: Remove a project using the project's `id`. operationId: DeleteProject parameters: - $ref: '#/components/parameters/ProjectIDPathParameter' responses: '204': description: No Content '403': $ref: '#/components/responses/ForbiddenResponse' '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Remove a project tags: - Case Management get: description: Get the details of a project by `project_id`. operationId: GetProject parameters: - $ref: '#/components/parameters/ProjectIDPathParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ProjectResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_read summary: Get the details of a project tags: - Case Management /api/v2/cases/{case_id}: get: description: Get the details of case by `case_id` operationId: GetCase parameters: - $ref: '#/components/parameters/CaseIDPathParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/CaseResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_read summary: Get the details of a case tags: - Case Management /api/v2/cases/{case_id}/archive: post: description: Archive case operationId: ArchiveCase parameters: - $ref: '#/components/parameters/CaseIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/CaseEmptyRequest' description: Archive case payload required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CaseResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Archive case tags: - Case Management /api/v2/cases/{case_id}/assign: post: description: Assign case to a user operationId: AssignCase parameters: - $ref: '#/components/parameters/CaseIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/CaseAssignRequest' description: Assign case payload required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CaseResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Assign case tags: - Case Management /api/v2/cases/{case_id}/priority: post: description: Update case priority operationId: UpdatePriority parameters: - $ref: '#/components/parameters/CaseIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/CaseUpdatePriorityRequest' description: Case priority update payload required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CaseResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Update case priority tags: - Case Management /api/v2/cases/{case_id}/status: post: description: Update case status operationId: UpdateStatus parameters: - $ref: '#/components/parameters/CaseIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/CaseUpdateStatusRequest' description: Case status update payload required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CaseResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Update case status tags: - Case Management /api/v2/cases/{case_id}/unarchive: post: description: Unarchive case operationId: UnarchiveCase parameters: - $ref: '#/components/parameters/CaseIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/CaseEmptyRequest' description: Unarchive case payload required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CaseResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Unarchive case tags: - Case Management /api/v2/cases/{case_id}/unassign: post: description: Unassign case operationId: UnassignCase parameters: - $ref: '#/components/parameters/CaseIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/CaseEmptyRequest' description: Unassign case payload required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CaseResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cases_write summary: Unassign case tags: - Case Management /api/v2/catalog/entity: get: description: Get a list of entities from Software Catalog. operationId: ListCatalogEntity parameters: - $ref: '#/components/parameters/PageOffset' - description: Maximum number of entities in the response. example: 100 in: query name: page[limit] required: false schema: default: 100 format: int64 type: integer - $ref: '#/components/parameters/FilterByID' - $ref: '#/components/parameters/FilterByRef' - $ref: '#/components/parameters/FilterByName' - $ref: '#/components/parameters/FilterByKind' - $ref: '#/components/parameters/FilterByOwner' - $ref: '#/components/parameters/FilterByRelationType' - $ref: '#/components/parameters/FilterByExcludeSnapshot' - $ref: '#/components/parameters/Include' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListEntityCatalogResponse' description: OK '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_read summary: Get a list of entities tags: - Software Catalog x-pagination: limitParam: page[limit] pageOffsetParam: page[offset] resultsPath: data post: description: Create or update entities in Software Catalog. operationId: UpsertCatalogEntity requestBody: content: application/json: schema: $ref: '#/components/schemas/UpsertCatalogEntityRequest' description: Entity YAML or JSON. required: true responses: '202': content: application/json: schema: $ref: '#/components/schemas/UpsertCatalogEntityResponse' description: ACCEPTED '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Create or update entities tags: - Software Catalog x-codegen-request-body-name: body /api/v2/catalog/entity/{entity_id}: delete: description: Delete a single entity in Software Catalog. operationId: DeleteCatalogEntity parameters: - $ref: '#/components/parameters/EntityID' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Delete a single entity tags: - Software Catalog /api/v2/catalog/kind: get: description: Get a list of entity kinds from Software Catalog. operationId: ListCatalogKind parameters: - $ref: '#/components/parameters/PageOffset' - description: Maximum number of kinds in the response. example: 100 in: query name: page[limit] required: false schema: default: 100 format: int64 type: integer - $ref: '#/components/parameters/FilterByID' - $ref: '#/components/parameters/FilterByName' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListKindCatalogResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_read summary: Get a list of entity kinds tags: - Software Catalog x-pagination: limitParam: page[limit] pageOffsetParam: page[offset] resultsPath: data post: description: Create or update kinds in Software Catalog. operationId: UpsertCatalogKind requestBody: content: application/json: schema: $ref: '#/components/schemas/UpsertCatalogKindRequest' description: Kind YAML or JSON. required: true responses: '202': content: application/json: schema: $ref: '#/components/schemas/UpsertCatalogKindResponse' description: ACCEPTED '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Create or update kinds tags: - Software Catalog x-codegen-request-body-name: body /api/v2/catalog/kind/{kind_id}: delete: description: Delete a single kind in Software Catalog. operationId: DeleteCatalogKind parameters: - $ref: '#/components/parameters/KindID' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Delete a single kind tags: - Software Catalog /api/v2/catalog/relation: get: description: Get a list of entity relations from Software Catalog. operationId: ListCatalogRelation parameters: - $ref: '#/components/parameters/PageOffset' - description: Maximum number of relations in the response. example: 100 in: query name: page[limit] required: false schema: default: 100 format: int64 type: integer - $ref: '#/components/parameters/FilterRelationByType' - $ref: '#/components/parameters/FilterRelationByFromRef' - $ref: '#/components/parameters/FilterRelationByToRef' - $ref: '#/components/parameters/RelationInclude' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListRelationCatalogResponse' description: OK '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_read summary: Get a list of entity relations tags: - Software Catalog x-pagination: limitParam: page[limit] pageOffsetParam: page[offset] resultsPath: data /api/v2/ci/pipeline: post: description: 'Send your pipeline event to your Datadog platform over HTTP. For details about how pipeline executions are modeled and what execution types we support, see [Pipeline Data Model And Execution Types](https://docs.datadoghq.com/continuous_integration/guides/pipeline_data_model/). Pipeline events can be submitted with a timestamp that is up to 18 hours in the past.' operationId: CreateCIAppPipelineEvent requestBody: content: application/json: schema: $ref: '#/components/schemas/CIAppCreatePipelineEventRequest' required: true responses: '202': content: application/json: schema: type: object description: Request accepted for processing '400': content: application/json: schema: $ref: '#/components/schemas/HTTPCIAppErrors' description: Bad Request '401': content: application/json: schema: $ref: '#/components/schemas/HTTPCIAppErrors' description: Unauthorized '403': content: application/json: schema: $ref: '#/components/schemas/HTTPCIAppErrors' description: Forbidden '408': content: application/json: schema: $ref: '#/components/schemas/HTTPCIAppErrors' description: Request Timeout '413': content: application/json: schema: $ref: '#/components/schemas/HTTPCIAppErrors' description: Payload Too Large '429': content: application/json: schema: $ref: '#/components/schemas/HTTPCIAppErrors' description: Too Many Requests '500': content: application/json: schema: $ref: '#/components/schemas/HTTPCIAppErrors' description: Internal Server Error '503': content: application/json: schema: $ref: '#/components/schemas/HTTPCIAppErrors' description: Service Unavailable security: - apiKeyAuth: [] summary: Send pipeline event tags: - CI Visibility Pipelines x-codegen-request-body-name: body /api/v2/ci/pipelines/analytics/aggregate: post: description: Use this API endpoint to aggregate CI Visibility pipeline events into buckets of computed metrics and timeseries. operationId: AggregateCIAppPipelineEvents requestBody: content: application/json: schema: $ref: '#/components/schemas/CIAppPipelinesAggregateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CIAppPipelinesAnalyticsAggregateResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - ci_visibility_read summary: Aggregate pipelines events tags: - CI Visibility Pipelines x-codegen-request-body-name: body x-permission: operator: OR permissions: - ci_visibility_read /api/v2/ci/pipelines/events: get: description: 'List endpoint returns CI Visibility pipeline events that match a [search query](https://docs.datadoghq.com/continuous_integration/explorer/search_syntax/). [Results are paginated similarly to logs](https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination). Use this endpoint to see your latest pipeline events.' operationId: ListCIAppPipelineEvents parameters: - description: Search query following log syntax. example: '@ci.provider.name:github @ci.pipeline.name:Pull Request Labeler' in: query name: filter[query] required: false schema: type: string - description: Minimum timestamp for requested events. example: '2019-01-02T09:42:36.320Z' in: query name: filter[from] required: false schema: format: date-time type: string - description: Maximum timestamp for requested events. example: '2019-01-03T09:42:36.320Z' in: query name: filter[to] required: false schema: format: date-time type: string - description: Order of events in results. in: query name: sort required: false schema: $ref: '#/components/schemas/CIAppSort' - description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== in: query name: page[cursor] required: false schema: type: string - description: Maximum number of events in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/CIAppPipelineEventsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - ci_visibility_read summary: Get a list of pipelines events tags: - CI Visibility Pipelines x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data x-permission: operator: OR permissions: - ci_visibility_read /api/v2/ci/pipelines/events/search: post: description: 'List endpoint returns CI Visibility pipeline events that match a [search query](https://docs.datadoghq.com/continuous_integration/explorer/search_syntax/). [Results are paginated similarly to logs](https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination). Use this endpoint to build complex events filtering and search.' operationId: SearchCIAppPipelineEvents requestBody: content: application/json: schema: $ref: '#/components/schemas/CIAppPipelineEventsRequest' required: false responses: '200': content: application/json: schema: $ref: '#/components/schemas/CIAppPipelineEventsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - ci_visibility_read summary: Search pipelines events tags: - CI Visibility Pipelines x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data x-permission: operator: OR permissions: - ci_visibility_read /api/v2/ci/tests/analytics/aggregate: post: description: The API endpoint to aggregate CI Visibility test events into buckets of computed metrics and timeseries. operationId: AggregateCIAppTestEvents requestBody: content: application/json: schema: $ref: '#/components/schemas/CIAppTestsAggregateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CIAppTestsAnalyticsAggregateResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - ci_visibility_read summary: Aggregate tests events tags: - CI Visibility Tests x-codegen-request-body-name: body x-permission: operator: OR permissions: - ci_visibility_read /api/v2/ci/tests/events: get: description: 'List endpoint returns CI Visibility test events that match a [search query](https://docs.datadoghq.com/continuous_integration/explorer/search_syntax/). [Results are paginated similarly to logs](https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination). Use this endpoint to see your latest test events.' operationId: ListCIAppTestEvents parameters: - description: Search query following log syntax. example: '@test.name:test_foo @test.suite:github.com/DataDog/dd-go/model' in: query name: filter[query] required: false schema: type: string - description: Minimum timestamp for requested events. example: '2019-01-02T09:42:36.320Z' in: query name: filter[from] required: false schema: format: date-time type: string - description: Maximum timestamp for requested events. example: '2019-01-03T09:42:36.320Z' in: query name: filter[to] required: false schema: format: date-time type: string - description: Order of events in results. in: query name: sort required: false schema: $ref: '#/components/schemas/CIAppSort' - description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== in: query name: page[cursor] required: false schema: type: string - description: Maximum number of events in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/CIAppTestEventsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - ci_visibility_read summary: Get a list of tests events tags: - CI Visibility Tests x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data x-permission: operator: OR permissions: - ci_visibility_read /api/v2/ci/tests/events/search: post: description: 'List endpoint returns CI Visibility test events that match a [search query](https://docs.datadoghq.com/continuous_integration/explorer/search_syntax/). [Results are paginated similarly to logs](https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination). Use this endpoint to build complex events filtering and search.' operationId: SearchCIAppTestEvents requestBody: content: application/json: schema: $ref: '#/components/schemas/CIAppTestEventsRequest' required: false responses: '200': content: application/json: schema: $ref: '#/components/schemas/CIAppTestEventsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - ci_visibility_read summary: Search tests events tags: - CI Visibility Tests x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data x-permission: operator: OR permissions: - ci_visibility_read /api/v2/cloud_security_management/custom_frameworks: post: description: Create a custom framework. operationId: CreateCustomFramework requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateCustomFrameworkRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CreateCustomFrameworkResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' '500': $ref: '#/components/responses/BadRequestResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read - security_monitoring_rules_write summary: Create a custom framework tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: AND permissions: - security_monitoring_rules_read - security_monitoring_rules_write /api/v2/cloud_security_management/custom_frameworks/{handle}/{version}: delete: description: Delete a custom framework. operationId: DeleteCustomFramework parameters: - $ref: '#/components/parameters/CustomFrameworkHandle' - $ref: '#/components/parameters/CustomFrameworkVersion' responses: '200': content: application/json: schema: $ref: '#/components/schemas/DeleteCustomFrameworkResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' '500': $ref: '#/components/responses/BadRequestResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read - security_monitoring_rules_write summary: Delete a custom framework tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: AND permissions: - security_monitoring_rules_read - security_monitoring_rules_write get: description: Get a custom framework. operationId: GetCustomFramework parameters: - $ref: '#/components/parameters/CustomFrameworkHandle' - $ref: '#/components/parameters/CustomFrameworkVersion' responses: '200': content: application/json: schema: $ref: '#/components/schemas/GetCustomFrameworkResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' '500': $ref: '#/components/responses/BadRequestResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read summary: Get a custom framework tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_rules_read put: description: Update a custom framework. operationId: UpdateCustomFramework parameters: - $ref: '#/components/parameters/CustomFrameworkHandle' - $ref: '#/components/parameters/CustomFrameworkVersion' requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateCustomFrameworkRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/UpdateCustomFrameworkResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' '500': $ref: '#/components/responses/BadRequestResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read - security_monitoring_rules_write summary: Update a custom framework tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: AND permissions: - security_monitoring_rules_read - security_monitoring_rules_write /api/v2/cloud_security_management/resource_filters: get: description: List resource filters. operationId: GetResourceEvaluationFilters parameters: - $ref: '#/components/parameters/ResourceFilterProvider' - $ref: '#/components/parameters/ResourceFilterAccountID' - $ref: '#/components/parameters/SkipCache' responses: '200': content: application/json: schema: $ref: '#/components/schemas/GetResourceEvaluationFiltersResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_read summary: List resource filters tags: - Security Monitoring x-permission: operator: OR permissions: - security_monitoring_filters_read put: description: Update resource filters. operationId: UpdateResourceEvaluationFilters requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateResourceEvaluationFiltersRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/UpdateResourceEvaluationFiltersResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_write summary: Update resource filters tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_filters_write /api/v2/container_images: get: description: Get all Container Images for your organization. operationId: ListContainerImages parameters: - description: Comma-separated list of tags to filter Container Images by. example: short_image:redis,status:running in: query name: filter[tags] required: false schema: type: string - description: Comma-separated list of tags to group Container Images by. example: registry,image_tags in: query name: group_by required: false schema: type: string - description: Attribute to sort Container Images by. example: container_count in: query name: sort required: false schema: type: string - description: Maximum number of results returned. in: query name: page[size] required: false schema: default: 1000 format: int32 maximum: 10000 minimum: 1 type: integer - description: 'String to query the next page of results. This key is provided with each valid response from the API in `meta.pagination.next_cursor`.' in: query name: page[cursor] required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/ContainerImagesResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get all Container Images tags: - Container Images x-pagination: cursorParam: page[cursor] cursorPath: meta.pagination.next_cursor limitParam: page[size] resultsPath: data x-permission: operator: OPEN permissions: [] /api/v2/containers: get: description: Get all containers for your organization. operationId: ListContainers parameters: - description: Comma-separated list of tags to filter containers by. example: env:prod,short_image:cassandra in: query name: filter[tags] required: false schema: type: string - description: Comma-separated list of tags to group containers by. example: datacenter,cluster in: query name: group_by required: false schema: type: string - description: Attribute to sort containers by. example: started_at in: query name: sort required: false schema: type: string - description: Maximum number of results returned. in: query name: page[size] required: false schema: default: 1000 format: int32 maximum: 10000 minimum: 1 type: integer - description: 'String to query the next page of results. This key is provided with each valid response from the API in `meta.pagination.next_cursor`.' in: query name: page[cursor] required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/ContainersResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get All Containers tags: - Containers x-pagination: cursorParam: page[cursor] cursorPath: meta.pagination.next_cursor limitParam: page[size] resultsPath: data x-permission: operator: OPEN permissions: [] /api/v2/cost/aws_cur_config: get: description: List the AWS CUR configs. operationId: ListCostAWSCURConfigs responses: '200': content: application/json: schema: $ref: '#/components/schemas/AwsCURConfigsResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: List Cloud Cost Management AWS CUR configs tags: - Cloud Cost Management x-permission: operator: OR permissions: - cloud_cost_management_read post: description: Create a Cloud Cost Management account for an AWS CUR config. operationId: CreateCostAWSCURConfig requestBody: content: application/json: schema: $ref: '#/components/schemas/AwsCURConfigPostRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/AwsCURConfigResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Create Cloud Cost Management AWS CUR config tags: - Cloud Cost Management x-permission: operator: OR permissions: - cloud_cost_management_write /api/v2/cost/aws_cur_config/{cloud_account_id}: delete: description: Archive a Cloud Cost Management Account. operationId: DeleteCostAWSCURConfig parameters: - $ref: '#/components/parameters/CloudAccountID' responses: '204': description: No Content '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Delete Cloud Cost Management AWS CUR config tags: - Cloud Cost Management x-permission: operator: OR permissions: - cloud_cost_management_write patch: description: Update the status (active/archived) and/or account filtering configuration of an AWS CUR config. operationId: UpdateCostAWSCURConfig parameters: - $ref: '#/components/parameters/CloudAccountID' requestBody: content: application/json: schema: $ref: '#/components/schemas/AwsCURConfigPatchRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/AwsCURConfigsResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Update Cloud Cost Management AWS CUR config tags: - Cloud Cost Management x-permission: operator: OR permissions: - cloud_cost_management_write /api/v2/cost/azure_uc_config: get: description: List the Azure configs. operationId: ListCostAzureUCConfigs responses: '200': content: application/json: schema: $ref: '#/components/schemas/AzureUCConfigsResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: List Cloud Cost Management Azure configs tags: - Cloud Cost Management x-permission: operator: OR permissions: - cloud_cost_management_read post: description: Create a Cloud Cost Management account for an Azure config. operationId: CreateCostAzureUCConfigs requestBody: content: application/json: schema: $ref: '#/components/schemas/AzureUCConfigPostRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/AzureUCConfigPairsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Create Cloud Cost Management Azure configs tags: - Cloud Cost Management x-permission: operator: OR permissions: - cloud_cost_management_write /api/v2/cost/azure_uc_config/{cloud_account_id}: delete: description: Archive a Cloud Cost Management Account. operationId: DeleteCostAzureUCConfig parameters: - $ref: '#/components/parameters/CloudAccountID' responses: '204': description: No Content '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Delete Cloud Cost Management Azure config tags: - Cloud Cost Management x-permission: operator: OR permissions: - cloud_cost_management_write patch: description: Update the status of an Azure config (active/archived). operationId: UpdateCostAzureUCConfigs parameters: - $ref: '#/components/parameters/CloudAccountID' requestBody: content: application/json: schema: $ref: '#/components/schemas/AzureUCConfigPatchRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/AzureUCConfigPairsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Update Cloud Cost Management Azure config tags: - Cloud Cost Management x-permission: operator: OR permissions: - cloud_cost_management_write /api/v2/cost/budget: put: description: Create a new budget or update an existing one. operationId: UpsertBudget requestBody: content: application/json: schema: $ref: '#/components/schemas/BudgetWithEntries' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/BudgetWithEntries' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Create or update a budget tags: - Cloud Cost Management /api/v2/cost/budget/{budget_id}: delete: description: Delete a budget. operationId: DeleteBudget parameters: - $ref: '#/components/parameters/BudgetID' responses: '204': description: No Content '400': $ref: '#/components/responses/BadRequestResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Delete a budget tags: - Cloud Cost Management get: description: Get a budget. operationId: GetBudget parameters: - $ref: '#/components/parameters/BudgetID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/BudgetWithEntries' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: Get a budget tags: - Cloud Cost Management /api/v2/cost/budgets: get: description: List budgets. operationId: ListBudgets responses: '200': content: application/json: schema: $ref: '#/components/schemas/BudgetArray' description: OK '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: List budgets tags: - Cloud Cost Management /api/v2/cost/custom_costs: get: description: List the Custom Costs files. operationId: ListCustomCostsFiles responses: '200': content: application/json: schema: $ref: '#/components/schemas/CustomCostsFileListResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: List Custom Costs files tags: - Cloud Cost Management put: description: Upload a Custom Costs file. operationId: UploadCustomCostsFile requestBody: content: application/json: schema: $ref: '#/components/schemas/CustomCostsFileUploadRequest' required: true responses: '202': content: application/json: schema: $ref: '#/components/schemas/CustomCostsFileUploadResponse' description: Accepted '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Upload Custom Costs file tags: - Cloud Cost Management /api/v2/cost/custom_costs/{file_id}: delete: description: Delete the specified Custom Costs file. operationId: DeleteCustomCostsFile parameters: - $ref: '#/components/parameters/FileID' responses: '204': description: No Content '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_write summary: Delete Custom Costs file tags: - Cloud Cost Management get: description: Fetch the specified Custom Costs file. operationId: GetCustomCostsFile parameters: - $ref: '#/components/parameters/FileID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/CustomCostsFileGetResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - cloud_cost_management_read summary: Get Custom Costs file tags: - Cloud Cost Management /api/v2/cost_by_tag/active_billing_dimensions: get: description: Get active billing dimensions for cost attribution. Cost data for a given month becomes available no later than the 19th of the following month. operationId: GetActiveBillingDimensions responses: '200': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/ActiveBillingDimensionsResponse' description: OK '400': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden - User is not authorized '429': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get active billing dimensions for cost attribution tags: - Usage Metering x-permission: operator: OR permissions: - usage_read /api/v2/cost_by_tag/monthly_cost_attribution: get: description: "Get monthly cost attribution by tag across multi-org and single root-org accounts.\nCost Attribution data for a given month becomes available no later than the 19th of the following month.\nThis API endpoint is paginated. To make sure you receive all records, check if the value of `next_record_id` is\nset in the response. If it is, make another request and pass `next_record_id` as a parameter.\nPseudo code example:\n```\nresponse := GetMonthlyCostAttribution(start_month, end_month)\ncursor := response.metadata.pagination.next_record_id\nWHILE cursor != null BEGIN\n sleep(5 seconds) # Avoid running into rate limit\n response := GetMonthlyCostAttribution(start_month, end_month, next_record_id=cursor)\n \ cursor := response.metadata.pagination.next_record_id\nEND\n```\n\nThis endpoint is only accessible for [parent-level organizations](https://docs.datadoghq.com/account_management/multi_organization/). This endpoint is not available in the Government (US1-FED) site." operationId: GetMonthlyCostAttribution parameters: - description: 'Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost beginning in this month.' in: query name: start_month required: true schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost ending this month.' in: query name: end_month required: false schema: format: date-time type: string - description: 'Comma-separated list specifying cost types (e.g., `<billing_dimension>_on_demand_cost`, `<billing_dimension>_committed_cost`, `<billing_dimension>_total_cost`) and the proportions (`<billing_dimension>_percentage_in_org`, `<billing_dimension>_percentage_in_account`). Use `*` to retrieve all fields. Example: `infra_host_on_demand_cost,infra_host_percentage_in_account` To obtain the complete list of active billing dimensions that can be used to replace `<billing_dimension>` in the field names, make a request to the [Get active billing dimensions API](https://docs.datadoghq.com/api/latest/usage-metering/#get-active-billing-dimensions-for-cost-attribution).' in: query name: fields required: true schema: type: string - description: 'The direction to sort by: `[desc, asc]`.' in: query name: sort_direction required: false schema: $ref: '#/components/schemas/SortDirection' - description: 'The billing dimension to sort by. Always sorted by total cost. Example: `infra_host`.' in: query name: sort_name required: false schema: type: string - description: 'Comma separated list of tag keys used to group cost. If no value is provided the cost will not be broken down by tags. To see which tags are available, look for the value of `tag_config_source` in the API response.' in: query name: tag_breakdown_keys required: false schema: type: string - description: List following results with a next_record_id provided in the previous query. in: query name: next_record_id required: false schema: type: string - description: Include child org cost in the response. Defaults to `true`. in: query name: include_descendants required: false schema: default: true type: boolean responses: '200': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/MonthlyCostAttributionResponse' description: OK '400': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden - User is not authorized '429': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read - billing_read summary: Get Monthly Cost Attribution tags: - Usage Metering x-permission: operator: AND permissions: - usage_read - billing_read /api/v2/csm/onboarding/agents: get: description: Get the list of all CSM Agents running on your hosts and containers. operationId: ListAllCSMAgents parameters: - description: The page index for pagination (zero-based). in: query name: page required: false schema: example: 2 format: int32 maximum: 1000000 minimum: 0 type: integer - description: The number of items to include in a single page. in: query name: size required: false schema: example: 12 format: int32 maximum: 100 minimum: 0 type: integer - description: A search query string to filter results (for example, `hostname:COMP-T2H4J27423`). in: query name: query required: false schema: example: hostname:COMP-T2H4J27423 type: string - description: The sort direction for results. Use `asc` for ascending or `desc` for descending. in: query name: order_direction required: false schema: $ref: '#/components/schemas/OrderDirection' responses: '200': content: application/json: schema: $ref: '#/components/schemas/CsmAgentsResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all CSM Agents tags: - CSM Agents /api/v2/csm/onboarding/coverage_analysis/cloud_accounts: get: description: 'Get the CSM Coverage Analysis of your Cloud Accounts. This is calculated based on the number of your Cloud Accounts that are scanned for security issues.' operationId: GetCSMCloudAccountsCoverageAnalysis responses: '200': content: application/json: schema: $ref: '#/components/schemas/CsmCloudAccountsCoverageAnalysisResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get the CSM Cloud Accounts Coverage Analysis tags: - CSM Coverage Analysis /api/v2/csm/onboarding/coverage_analysis/hosts_and_containers: get: description: 'Get the CSM Coverage Analysis of your Hosts and Containers. This is calculated based on the number of agents running on your Hosts and Containers with CSM feature(s) enabled.' operationId: GetCSMHostsAndContainersCoverageAnalysis responses: '200': content: application/json: schema: $ref: '#/components/schemas/CsmHostsAndContainersCoverageAnalysisResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get the CSM Hosts and Containers Coverage Analysis tags: - CSM Coverage Analysis /api/v2/csm/onboarding/coverage_analysis/serverless: get: description: 'Get the CSM Coverage Analysis of your Serverless Resources. This is calculated based on the number of agents running on your Serverless Resources with CSM feature(s) enabled.' operationId: GetCSMServerlessCoverageAnalysis responses: '200': content: application/json: schema: $ref: '#/components/schemas/CsmServerlessCoverageAnalysisResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get the CSM Serverless Coverage Analysis tags: - CSM Coverage Analysis /api/v2/csm/onboarding/serverless/agents: get: description: Get the list of all CSM Serverless Agents running on your hosts and containers. operationId: ListAllCSMServerlessAgents parameters: - description: The page index for pagination (zero-based). in: query name: page required: false schema: example: 2 format: int32 maximum: 1000000 minimum: 0 type: integer - description: The number of items to include in a single page. in: query name: size required: false schema: example: 12 format: int32 maximum: 100 minimum: 0 type: integer - description: A search query string to filter results (for example, `hostname:COMP-T2H4J27423`). in: query name: query required: false schema: example: hostname:COMP-T2H4J27423 type: string - description: The sort direction for results. Use `asc` for ascending or `desc` for descending. in: query name: order_direction required: false schema: $ref: '#/components/schemas/OrderDirection' responses: '200': content: application/json: schema: $ref: '#/components/schemas/CsmAgentsResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all CSM Serverless Agents tags: - CSM Agents /api/v2/current_user/application_keys: get: description: List all application keys available for current user operationId: ListCurrentUserApplicationKeys parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - $ref: '#/components/parameters/ApplicationKeysSortParameter' - $ref: '#/components/parameters/ApplicationKeyFilterParameter' - $ref: '#/components/parameters/ApplicationKeyFilterCreatedAtStartParameter' - $ref: '#/components/parameters/ApplicationKeyFilterCreatedAtEndParameter' - $ref: '#/components/parameters/ApplicationKeyIncludeParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListApplicationKeysResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all application keys owned by current user tags: - Key Management x-permission: operator: OR permissions: - user_app_keys post: description: Create an application key for current user operationId: CreateCurrentUserApplicationKey requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyResponse' description: Created '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create an application key for current user tags: - Key Management x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_app_keys /api/v2/current_user/application_keys/{app_key_id}: delete: description: Delete an application key owned by current user operationId: DeleteCurrentUserApplicationKey parameters: - $ref: '#/components/parameters/ApplicationKeyID' responses: '204': description: No Content '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete an application key owned by current user tags: - Key Management x-permission: operator: OR permissions: - user_app_keys get: description: Get an application key owned by current user operationId: GetCurrentUserApplicationKey parameters: - $ref: '#/components/parameters/ApplicationKeyID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get one application key owned by current user tags: - Key Management x-permission: operator: OR permissions: - user_app_keys patch: description: Edit an application key owned by current user operationId: UpdateCurrentUserApplicationKey parameters: - $ref: '#/components/parameters/ApplicationKeyID' requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Edit an application key owned by current user tags: - Key Management x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_app_keys /api/v2/dashboard/lists/manual/{dashboard_list_id}/dashboards: delete: description: Delete dashboards from an existing dashboard list. operationId: DeleteDashboardListItems parameters: - description: ID of the dashboard list to delete items from. in: path name: dashboard_list_id required: true schema: format: int64 type: integer requestBody: content: application/json: schema: $ref: '#/components/schemas/DashboardListDeleteItemsRequest' description: Dashboards to delete from the dashboard list. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/DashboardListDeleteItemsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete items from a dashboard list tags: - Dashboard Lists x-codegen-request-body-name: body get: description: "Fetch the dashboard list\u2019s dashboard definitions." operationId: GetDashboardListItems parameters: - description: ID of the dashboard list to get items from. in: path name: dashboard_list_id required: true schema: format: int64 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/DashboardListItems' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - dashboards_read summary: Get items of a Dashboard List tags: - Dashboard Lists x-permission: operator: OR permissions: - dashboards_read post: description: Add dashboards to an existing dashboard list. operationId: CreateDashboardListItems parameters: - description: ID of the dashboard list to add items to. in: path name: dashboard_list_id required: true schema: format: int64 type: integer requestBody: content: application/json: schema: $ref: '#/components/schemas/DashboardListAddItemsRequest' description: Dashboards to add to the dashboard list. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/DashboardListAddItemsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Add Items to a Dashboard List tags: - Dashboard Lists x-codegen-request-body-name: body put: description: Update dashboards of an existing dashboard list. operationId: UpdateDashboardListItems parameters: - description: ID of the dashboard list to update items from. in: path name: dashboard_list_id required: true schema: format: int64 type: integer requestBody: content: application/json: schema: $ref: '#/components/schemas/DashboardListUpdateItemsRequest' description: New dashboards of the dashboard list. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/DashboardListUpdateItemsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update items of a dashboard list tags: - Dashboard Lists x-codegen-request-body-name: body /api/v2/deletion/data/{product}: post: description: Creates a data deletion request by providing a query and a timeframe targeting the proper data. operationId: CreateDataDeletionRequest parameters: - $ref: '#/components/parameters/ProductName' requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateDataDeletionRequestBody' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CreateDataDeletionResponseBody' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '412': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Precondition failed error '429': $ref: '#/components/responses/TooManyRequestsResponse' '500': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Internal server error security: - apiKeyAuth: [] appKeyAuth: [] summary: Creates a data deletion request tags: - Data Deletion x-permission: operator: OR permissions: - rum_delete_data - logs_delete_data x-unstable: '**Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/deletion/requests: get: description: Gets a list of data deletion requests based on several filter parameters. operationId: GetDataDeletionRequests parameters: - description: The next page of the previous search. If the next_page parameter is included, the rest of the query elements are ignored. example: cGFnZTI= in: query name: next_page required: false schema: type: string - description: Retrieve only the requests related to the given product. example: logs in: query name: product required: false schema: type: string - description: Retrieve only the requests that matches the given query. example: service:xyz host:abc in: query name: query required: false schema: type: string - description: Retrieve only the requests with the given status. example: pending in: query name: status required: false schema: type: string - description: Sets the page size of the search. example: '50' in: query name: page_size required: false schema: default: 50 format: int64 maximum: 50 minimum: 1 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/GetDataDeletionsResponseBody' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' '500': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Internal server error security: - apiKeyAuth: [] appKeyAuth: [] summary: Gets a list of data deletion requests tags: - Data Deletion x-permission: operator: OR permissions: - rum_delete_data - logs_delete_data x-unstable: '**Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/deletion/requests/{id}/cancel: put: description: Cancels a data deletion request by providing its ID. operationId: CancelDataDeletionRequest parameters: - $ref: '#/components/parameters/RequestId' responses: '200': content: application/json: schema: $ref: '#/components/schemas/CancelDataDeletionResponseBody' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '412': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Precondition failed error '429': $ref: '#/components/responses/TooManyRequestsResponse' '500': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Internal server error security: - apiKeyAuth: [] appKeyAuth: [] summary: Cancels a data deletion request tags: - Data Deletion x-permission: operator: OR permissions: - rum_delete_data - logs_delete_data x-unstable: '**Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/domain_allowlist: get: description: Get the domain allowlist for an organization. operationId: GetDomainAllowlist responses: '200': content: application/json: schema: $ref: '#/components/schemas/DomainAllowlistResponse' description: OK '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management summary: Get Domain Allowlist tags: - Domain Allowlist x-permission: operator: OR permissions: - org_management patch: description: Update the domain allowlist for an organization. operationId: PatchDomainAllowlist requestBody: content: application/json: schema: $ref: '#/components/schemas/DomainAllowlistRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/DomainAllowlistResponse' description: OK '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management summary: Sets Domain Allowlist tags: - Domain Allowlist x-permission: operator: OR permissions: - org_management /api/v2/dora/deployment: post: description: 'Use this API endpoint to provide data about deployments for DORA metrics. This is necessary for: - Deployment Frequency - Change Lead Time - Change Failure Rate' operationId: CreateDORADeployment requestBody: content: application/json: schema: $ref: '#/components/schemas/DORADeploymentRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/DORADeploymentResponse' description: OK '202': content: application/json: schema: $ref: '#/components/schemas/DORADeploymentResponse' description: OK - but delayed due to incident '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] summary: Send a deployment event for DORA Metrics tags: - DORA Metrics x-codegen-request-body-name: body /api/v2/dora/deployments: post: description: Use this API endpoint to get a list of deployment events. operationId: ListDORADeployments requestBody: content: application/json: schema: $ref: '#/components/schemas/DORAListDeploymentsRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/DORAListResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] summary: Get a list of deployment events tags: - DORA Metrics x-codegen-request-body-name: body x-permission: operator: OR permissions: - dora_metrics_read /api/v2/dora/deployments/{deployment_id}: get: description: Use this API endpoint to get a deployment event. operationId: GetDORADeployment parameters: - description: The ID of the deployment event. in: path name: deployment_id required: true schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/DORAFetchResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] - appKeyAuth: [] summary: Get a deployment event tags: - DORA Metrics x-codegen-request-body-name: body x-permission: operator: OR permissions: - dora_metrics_read /api/v2/dora/failure: post: description: 'Use this API endpoint to provide failure data for DORA metrics. This is necessary for: - Change Failure Rate - Time to Restore' operationId: CreateDORAFailure requestBody: content: application/json: schema: $ref: '#/components/schemas/DORAFailureRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/DORAFailureResponse' description: OK '202': content: application/json: schema: $ref: '#/components/schemas/DORAFailureResponse' description: OK - but delayed due to incident '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] summary: Send a failure event for DORA Metrics tags: - DORA Metrics x-codegen-request-body-name: body /api/v2/dora/failures: post: description: Use this API endpoint to get a list of failure events. operationId: ListDORAFailures requestBody: content: application/json: schema: $ref: '#/components/schemas/DORAListFailuresRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/DORAListResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] summary: Get a list of failure events tags: - DORA Metrics x-codegen-request-body-name: body x-permission: operator: OR permissions: - dora_metrics_read /api/v2/dora/failures/{failure_id}: get: description: Use this API endpoint to get a failure event. operationId: GetDORAFailure parameters: - description: The ID of the failure event. in: path name: failure_id required: true schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/DORAFetchResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] - appKeyAuth: [] summary: Get a failure event tags: - DORA Metrics x-codegen-request-body-name: body x-permission: operator: OR permissions: - dora_metrics_read /api/v2/dora/incident: post: deprecated: true description: '**Note**: This endpoint is deprecated. Please use `/api/v2/dora/failure` instead. Use this API endpoint to provide failure data for DORA metrics. This is necessary for: - Change Failure Rate - Time to Restore' operationId: CreateDORAIncident requestBody: content: application/json: schema: $ref: '#/components/schemas/DORAFailureRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/DORAFailureResponse' description: OK '202': content: application/json: schema: $ref: '#/components/schemas/DORAFailureResponse' description: OK - but delayed due to incident '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad Request '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] summary: Send an incident event for DORA Metrics tags: - DORA Metrics x-codegen-request-body-name: body /api/v2/downtime: get: description: Get all scheduled downtimes. operationId: ListDowntimes parameters: - description: Only return downtimes that are active when the request is made. in: query name: current_only required: false schema: type: boolean - description: 'Comma-separated list of resource paths for related resources to include in the response. Supported resource paths are `created_by` and `monitor`.' in: query name: include required: false schema: example: created_by,monitor type: string - $ref: '#/components/parameters/PageOffset' - description: Maximum number of downtimes in the response. example: 100 in: query name: page[limit] required: false schema: default: 30 format: int64 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListDowntimesResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_downtime summary: Get all downtimes tags: - Downtimes x-pagination: limitParam: page[limit] pageOffsetParam: page[offset] resultsPath: data x-permission: operator: OR permissions: - monitors_downtime post: description: Schedule a downtime. operationId: CreateDowntime requestBody: content: application/json: schema: $ref: '#/components/schemas/DowntimeCreateRequest' description: Schedule a downtime request body. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/DowntimeResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_downtime summary: Schedule a downtime tags: - Downtimes x-codegen-request-body-name: body x-permission: operator: OR permissions: - monitors_downtime /api/v2/downtime/{downtime_id}: delete: description: 'Cancel a downtime. **Note**: Downtimes canceled through the API are no longer active, but are retained for approximately two days before being permanently removed. The downtime may still appear in search results until it is permanently removed.' operationId: CancelDowntime parameters: - description: ID of the downtime to cancel. in: path name: downtime_id required: true schema: example: 00000000-0000-1234-0000-000000000000 type: string responses: '204': description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Downtime not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_downtime summary: Cancel a downtime tags: - Downtimes x-permission: operator: OR permissions: - monitors_downtime get: description: Get downtime detail by `downtime_id`. operationId: GetDowntime parameters: - description: ID of the downtime to fetch. in: path name: downtime_id required: true schema: example: 00000000-0000-1234-0000-000000000000 type: string - description: 'Comma-separated list of resource paths for related resources to include in the response. Supported resource paths are `created_by` and `monitor`.' in: query name: include required: false schema: example: created_by,monitor type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/DowntimeResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_downtime summary: Get a downtime tags: - Downtimes x-permission: operator: OR permissions: - monitors_downtime patch: description: Update a downtime by `downtime_id`. operationId: UpdateDowntime parameters: - description: ID of the downtime to update. in: path name: downtime_id required: true schema: example: 00e000000-0000-1234-0000-000000000000 type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/DowntimeUpdateRequest' description: Update a downtime request body. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/DowntimeResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Downtime not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_downtime summary: Update a downtime tags: - Downtimes x-codegen-request-body-name: body x-permission: operator: OR permissions: - monitors_downtime /api/v2/events: get: description: 'List endpoint returns events that match an events search query. [Results are paginated similarly to logs](https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination). Use this endpoint to see your latest events.' operationId: ListEvents parameters: - description: Search query following events syntax. in: query name: filter[query] required: false schema: type: string - description: Minimum timestamp for requested events, in milliseconds. in: query name: filter[from] required: false schema: type: string - description: Maximum timestamp for requested events, in milliseconds. in: query name: filter[to] required: false schema: type: string - description: Order of events in results. in: query name: sort required: false schema: $ref: '#/components/schemas/EventsSort' - description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== in: query name: page[cursor] required: false schema: type: string - description: Maximum number of events in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/EventsListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - events_read summary: Get a list of events tags: - Events x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data x-permission: operator: OR permissions: - events_read post: description: "This endpoint allows you to post events.\n\n\u2705 **Only events with the `change` category** are in General Availability. See [Change Tracking](https://docs.datadoghq.com/change_tracking) for more details.\n\n\u274C For use cases involving other event categories, please use the V1 endpoint." operationId: CreateEvent requestBody: content: application/json: examples: json-request-body: value: data: attributes: attributes: author: name: datadog@datadog.com type: user change_metadata: dd: team: datadog_team user_email: datadog@datadog.com user_id: datadog_user_id user_name: datadog_username resource_link: datadog.com/feature/fallback_payments_test changed_resource: name: fallback_payments_test type: feature_flag impacted_resources: - name: payments_api type: service new_value: enabled: true percentage: 50% rule: datacenter: devcycle.us1.prod prev_value: enabled: true percentage: 10% rule: datacenter: devcycle.us1.prod category: change message: payment_processed feature flag has been enabled tags: - env:test title: payment_processed feature flag updated type: event schema: $ref: '#/components/schemas/EventCreateRequestPayload' description: Event request object required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/EventCreateResponsePayload' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] summary: Post an event tags: - Events x-codegen-request-body-name: body /api/v2/events/search: post: description: 'List endpoint returns events that match an events search query. [Results are paginated similarly to logs](https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination). Use this endpoint to build complex events filtering and search.' operationId: SearchEvents requestBody: content: application/json: schema: $ref: '#/components/schemas/EventsListRequest' required: false responses: '200': content: application/json: schema: $ref: '#/components/schemas/EventsListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Search events tags: - Events x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data x-permission: operator: OR permissions: - events_read /api/v2/incidents: get: description: Get all incidents for the user's organization. operationId: ListIncidents parameters: - $ref: '#/components/parameters/IncidentIncludeQueryParameter' - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageOffset' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of incidents tags: - Incidents x-pagination: limitParam: page[size] pageOffsetParam: page[offset] resultsPath: data x-permission: operator: OR permissions: - incident_read x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' post: description: Create an incident. operationId: CreateIncident requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentCreateRequest' description: Incident payload. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/IncidentResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Create an incident tags: - Incidents x-codegen-request-body-name: body x-permission: operator: OR permissions: - incident_write x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/incidents/config/types: get: description: Get all incident types. operationId: ListIncidentTypes parameters: - $ref: '#/components/parameters/IncidentTypeIncludeDeletedParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentTypeListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of incident types tags: - Incidents x-permission: operator: OR permissions: - incident_read x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' post: description: Create an incident type. operationId: CreateIncidentType requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentTypeCreateRequest' description: Incident type payload. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/IncidentTypeResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Create an incident type tags: - Incidents x-codegen-request-body-name: body x-permission: operator: OR permissions: - incident_settings_write x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/incidents/config/types/{incident_type_id}: delete: description: Delete an incident type. operationId: DeleteIncidentType parameters: - $ref: '#/components/parameters/IncidentTypeIDPathParameter' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Delete an incident type tags: - Incidents x-codegen-request-body-name: body x-permission: operator: OR permissions: - incident_settings_write x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' get: description: Get incident type details. operationId: GetIncidentType parameters: - $ref: '#/components/parameters/IncidentTypeIDPathParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentTypeResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get incident type details tags: - Incidents x-permission: operator: OR permissions: - incident_read x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' patch: description: Update an incident type. operationId: UpdateIncidentType parameters: - $ref: '#/components/parameters/IncidentTypeIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentTypePatchRequest' description: Incident type payload. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentTypeResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Update an incident type tags: - Incidents x-codegen-request-body-name: body x-permission: operator: OR permissions: - incident_settings_write x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/incidents/search: get: description: Search for incidents matching a certain query. operationId: SearchIncidents parameters: - $ref: '#/components/parameters/IncidentSearchIncludeQueryParameter' - $ref: '#/components/parameters/IncidentSearchQueryQueryParameter' - $ref: '#/components/parameters/IncidentSearchSortQueryParameter' - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageOffset' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentSearchResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Search for incidents tags: - Incidents x-pagination: limitParam: page[size] pageOffsetParam: page[offset] resultsPath: data.attributes.incidents x-permission: operator: OR permissions: - incident_read x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/incidents/{incident_id}: delete: description: Deletes an existing incident from the users organization. operationId: DeleteIncident parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Delete an existing incident tags: - Incidents x-permission: operator: OR permissions: - incident_write x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' get: description: Get the details of an incident by `incident_id`. operationId: GetIncident parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' - $ref: '#/components/parameters/IncidentIncludeQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get the details of an incident tags: - Incidents x-permission: operator: OR permissions: - incident_read x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' patch: description: Updates an incident. Provide only the attributes that should be updated as this request is a partial update. operationId: UpdateIncident parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' - $ref: '#/components/parameters/IncidentIncludeQueryParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentUpdateRequest' description: Incident Payload. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Update an existing incident tags: - Incidents x-codegen-request-body-name: body x-permission: operator: OR permissions: - incident_write x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/incidents/{incident_id}/attachments: get: description: Get all attachments for a given incident. operationId: ListIncidentAttachments parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' - $ref: '#/components/parameters/IncidentAttachmentIncludeQueryParameter' - $ref: '#/components/parameters/IncidentAttachmentFilterQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentAttachmentsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a list of attachments tags: - Incidents x-permission: operator: OR permissions: - incident_read x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' patch: description: The bulk update endpoint for creating, updating, and deleting attachments for a given incident. operationId: UpdateIncidentAttachments parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' - $ref: '#/components/parameters/IncidentAttachmentIncludeQueryParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentAttachmentUpdateRequest' description: Incident Attachment Payload. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentAttachmentUpdateResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create, update, and delete incident attachments tags: - Incidents x-codegen-request-body-name: body x-permission: operator: OR permissions: - incident_write x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/incidents/{incident_id}/relationships/integrations: get: description: Get all integration metadata for an incident. operationId: ListIncidentIntegrations parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentIntegrationMetadataListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of an incident's integration metadata tags: - Incidents x-permission: operator: OR permissions: - incident_read x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' post: description: Create an incident integration metadata. operationId: CreateIncidentIntegration parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentIntegrationMetadataCreateRequest' description: Incident integration metadata payload. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/IncidentIntegrationMetadataResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Create an incident integration metadata tags: - Incidents x-codegen-request-body-name: body x-permission: operator: OR permissions: - incident_write x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/incidents/{incident_id}/relationships/integrations/{integration_metadata_id}: delete: description: Delete an incident integration metadata. operationId: DeleteIncidentIntegration parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' - $ref: '#/components/parameters/IncidentIntegrationMetadataIDPathParameter' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Delete an incident integration metadata tags: - Incidents x-codegen-request-body-name: body x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' get: description: Get incident integration metadata details. operationId: GetIncidentIntegration parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' - $ref: '#/components/parameters/IncidentIntegrationMetadataIDPathParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentIntegrationMetadataResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get incident integration metadata details tags: - Incidents x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' patch: description: Update an existing incident integration metadata. operationId: UpdateIncidentIntegration parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' - $ref: '#/components/parameters/IncidentIntegrationMetadataIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentIntegrationMetadataPatchRequest' description: Incident integration metadata payload. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentIntegrationMetadataResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Update an existing incident integration metadata tags: - Incidents x-codegen-request-body-name: body x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/incidents/{incident_id}/relationships/todos: get: description: Get all todos for an incident. operationId: ListIncidentTodos parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentTodoListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of an incident's todos tags: - Incidents x-permission: operator: OR permissions: - incident_read x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' post: description: Create an incident todo. operationId: CreateIncidentTodo parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentTodoCreateRequest' description: Incident todo payload. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/IncidentTodoResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Create an incident todo tags: - Incidents x-codegen-request-body-name: body x-permission: operator: OR permissions: - incident_write x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/incidents/{incident_id}/relationships/todos/{todo_id}: delete: description: Delete an incident todo. operationId: DeleteIncidentTodo parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' - $ref: '#/components/parameters/IncidentTodoIDPathParameter' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Delete an incident todo tags: - Incidents x-permission: operator: OR permissions: - incident_write x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' get: description: Get incident todo details. operationId: GetIncidentTodo parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' - $ref: '#/components/parameters/IncidentTodoIDPathParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentTodoResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get incident todo details tags: - Incidents x-permission: operator: OR permissions: - incident_read x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' patch: description: Update an incident todo. operationId: UpdateIncidentTodo parameters: - $ref: '#/components/parameters/IncidentIDPathParameter' - $ref: '#/components/parameters/IncidentTodoIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentTodoPatchRequest' description: Incident todo payload. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentTodoResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_write summary: Update an incident todo tags: - Incidents x-codegen-request-body-name: body x-permission: operator: OR permissions: - incident_write x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/integration/aws/accounts: get: description: Get a list of AWS Account Integration Configs. operationId: ListAWSAccounts parameters: - description: Optional query parameter to filter accounts by AWS Account ID. If not provided, all accounts are returned. example: '123456789012' in: query name: aws_account_id required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/AWSAccountsResponse' description: AWS Accounts List object '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List all AWS integrations tags: - AWS Integration x-permission: operator: OR permissions: - aws_configuration_read x-unstable: '**Note: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).**' post: description: Create a new AWS Account Integration Config. operationId: CreateAWSAccount requestBody: content: application/json: schema: $ref: '#/components/schemas/AWSAccountCreateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/AWSAccountResponse' description: AWS Account object '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create an AWS integration tags: - AWS Integration x-codegen-request-body-name: body x-permission: operator: OR permissions: - aws_configurations_manage x-unstable: '**Note: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).**' /api/v2/integration/aws/accounts/{aws_account_config_id}: delete: description: Delete an AWS Account Integration Config by config ID. operationId: DeleteAWSAccount parameters: - $ref: '#/components/parameters/AWSAccountConfigIDPathParameter' responses: '204': description: No Content '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete an AWS integration tags: - AWS Integration x-permission: operator: OR permissions: - aws_configurations_manage x-unstable: '**Note: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).**' get: description: Get an AWS Account Integration Config by config ID. operationId: GetAWSAccount parameters: - $ref: '#/components/parameters/AWSAccountConfigIDPathParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/AWSAccountResponse' description: AWS Account object '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get an AWS integration by config ID tags: - AWS Integration x-permission: operator: OR permissions: - aws_configuration_read x-unstable: '**Note: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).**' patch: description: Update an AWS Account Integration Config by config ID. operationId: UpdateAWSAccount parameters: - $ref: '#/components/parameters/AWSAccountConfigIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/AWSAccountUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/AWSAccountResponse' description: AWS Account object '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update an AWS integration tags: - AWS Integration x-codegen-request-body-name: body x-permission: operator: OR permissions: - aws_configuration_edit x-unstable: '**Note: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).**' /api/v2/integration/aws/available_namespaces: get: description: Get a list of available AWS CloudWatch namespaces that can send metrics to Datadog. operationId: ListAWSNamespaces responses: '200': content: application/json: schema: $ref: '#/components/schemas/AWSNamespacesResponse' description: AWS Namespaces List object '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List available namespaces tags: - AWS Integration x-permission: operator: OR permissions: - aws_configuration_read x-unstable: '**Note: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).**' /api/v2/integration/aws/generate_new_external_id: post: description: Generate a new external ID for AWS role-based authentication. operationId: CreateNewAWSExternalID responses: '200': content: application/json: schema: $ref: '#/components/schemas/AWSNewExternalIDResponse' description: AWS External ID object '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Generate a new external ID tags: - AWS Integration x-permission: operator: OR permissions: - aws_configuration_edit x-unstable: '**Note: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).**' /api/v2/integration/aws/logs/services: get: description: Get a list of AWS services that can send logs to Datadog. operationId: ListAWSLogsServices responses: '200': content: application/json: schema: $ref: '#/components/schemas/AWSLogsServicesResponse' description: AWS Logs Services List object '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get list of AWS log ready services tags: - AWS Logs Integration x-permission: operator: OR permissions: - aws_configuration_read x-unstable: '**Note: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).**' /api/v2/integration/gcp/accounts: get: description: List all GCP STS-enabled service accounts configured in your Datadog account. operationId: ListGCPSTSAccounts responses: '200': content: application/json: schema: $ref: '#/components/schemas/GCPSTSServiceAccountsResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List all GCP STS-enabled service accounts tags: - GCP Integration x-permission: operator: OR permissions: - gcp_configuration_read post: description: Create a new entry within Datadog for your STS enabled service account. operationId: CreateGCPSTSAccount requestBody: content: application/json: schema: $ref: '#/components/schemas/GCPSTSServiceAccountCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/GCPSTSServiceAccountResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a new entry for your service account tags: - GCP Integration x-codegen-request-body-name: body x-permission: operator: OR permissions: - gcp_configurations_manage /api/v2/integration/gcp/accounts/{account_id}: delete: description: Delete an STS enabled GCP account from within Datadog. operationId: DeleteGCPSTSAccount parameters: - $ref: '#/components/parameters/GCPSTSServiceAccountID' responses: '204': description: No Content '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete an STS enabled GCP Account tags: - GCP Integration x-permission: operator: OR permissions: - gcp_configurations_manage patch: description: Update an STS enabled service account. operationId: UpdateGCPSTSAccount parameters: - $ref: '#/components/parameters/GCPSTSServiceAccountID' requestBody: content: application/json: schema: $ref: '#/components/schemas/GCPSTSServiceAccountUpdateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/GCPSTSServiceAccountResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update STS Service Account tags: - GCP Integration x-codegen-request-body-name: body x-permission: operator: OR permissions: - gcp_configuration_edit /api/v2/integration/gcp/sts_delegate: get: description: List your Datadog-GCP STS delegate account configured in your Datadog account. operationId: GetGCPSTSDelegate responses: '200': content: application/json: schema: $ref: '#/components/schemas/GCPSTSDelegateAccountResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List delegate account tags: - GCP Integration x-codegen-request-body-name: body x-permission: operator: OR permissions: - gcp_configuration_read post: description: Create a Datadog GCP principal. operationId: MakeGCPSTSDelegate requestBody: content: application/json: schema: example: {} type: object description: Create a delegate service account within Datadog. required: false responses: '200': content: application/json: schema: $ref: '#/components/schemas/GCPSTSDelegateAccountResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a Datadog GCP principal tags: - GCP Integration x-codegen-request-body-name: body x-permission: operator: OR permissions: - gcp_configuration_edit /api/v2/integration/ms-teams/configuration/channel/{tenant_name}/{team_name}/{channel_name}: get: description: Get the tenant, team, and channel ID of a channel in the Datadog Microsoft Teams integration. operationId: GetChannelByName parameters: - $ref: '#/components/parameters/MicrosoftTeamsTenantNamePathParameter' - $ref: '#/components/parameters/MicrosoftTeamsTeamNamePathParameter' - $ref: '#/components/parameters/MicrosoftTeamsChannelNamePathParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/MicrosoftTeamsGetChannelByNameResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get channel information by name tags: - Microsoft Teams Integration /api/v2/integration/ms-teams/configuration/tenant-based-handles: get: description: Get a list of all tenant-based handles from the Datadog Microsoft Teams integration. operationId: ListTenantBasedHandles parameters: - $ref: '#/components/parameters/MicrosoftTeamsTenantIDQueryParameter' - $ref: '#/components/parameters/MicrosoftTeamsHandleNameQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/MicrosoftTeamsTenantBasedHandlesResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '412': $ref: '#/components/responses/PreconditionFailedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all tenant-based handles tags: - Microsoft Teams Integration post: description: Create a tenant-based handle in the Datadog Microsoft Teams integration. operationId: CreateTenantBasedHandle requestBody: content: application/json: schema: $ref: '#/components/schemas/MicrosoftTeamsCreateTenantBasedHandleRequest' description: Tenant-based handle payload. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/MicrosoftTeamsTenantBasedHandleResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConflictResponse' '412': $ref: '#/components/responses/PreconditionFailedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create tenant-based handle tags: - Microsoft Teams Integration x-codegen-request-body-name: body /api/v2/integration/ms-teams/configuration/tenant-based-handles/{handle_id}: delete: description: Delete a tenant-based handle from the Datadog Microsoft Teams integration. operationId: DeleteTenantBasedHandle parameters: - $ref: '#/components/parameters/MicrosoftTeamsTenantBasedHandleIDPathParameter' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '412': $ref: '#/components/responses/PreconditionFailedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete tenant-based handle tags: - Microsoft Teams Integration get: description: Get the tenant, team, and channel information of a tenant-based handle from the Datadog Microsoft Teams integration. operationId: GetTenantBasedHandle parameters: - $ref: '#/components/parameters/MicrosoftTeamsTenantBasedHandleIDPathParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/MicrosoftTeamsTenantBasedHandleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '412': $ref: '#/components/responses/PreconditionFailedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get tenant-based handle information tags: - Microsoft Teams Integration patch: description: Update a tenant-based handle from the Datadog Microsoft Teams integration. operationId: UpdateTenantBasedHandle parameters: - $ref: '#/components/parameters/MicrosoftTeamsTenantBasedHandleIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/MicrosoftTeamsUpdateTenantBasedHandleRequest' description: Tenant-based handle payload. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/MicrosoftTeamsTenantBasedHandleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConflictResponse' '412': $ref: '#/components/responses/PreconditionFailedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update tenant-based handle tags: - Microsoft Teams Integration x-codegen-request-body-name: body /api/v2/integration/ms-teams/configuration/workflows-webhook-handles: get: description: Get a list of all Workflows webhook handles from the Datadog Microsoft Teams integration. operationId: ListWorkflowsWebhookHandles parameters: - $ref: '#/components/parameters/MicrosoftTeamsWorkflowsWebhookHandleNameQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandlesResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '412': $ref: '#/components/responses/PreconditionFailedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all Workflows webhook handles tags: - Microsoft Teams Integration post: description: Create a Workflows webhook handle in the Datadog Microsoft Teams integration. operationId: CreateWorkflowsWebhookHandle requestBody: content: application/json: schema: $ref: '#/components/schemas/MicrosoftTeamsCreateWorkflowsWebhookHandleRequest' description: Workflows Webhook handle payload. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConflictResponse' '412': $ref: '#/components/responses/PreconditionFailedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create Workflows webhook handle tags: - Microsoft Teams Integration x-codegen-request-body-name: body /api/v2/integration/ms-teams/configuration/workflows-webhook-handles/{handle_id}: delete: description: Delete a Workflows webhook handle from the Datadog Microsoft Teams integration. operationId: DeleteWorkflowsWebhookHandle parameters: - $ref: '#/components/parameters/MicrosoftTeamsWorkflowsWebhookHandleIDPathParameter' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '412': $ref: '#/components/responses/PreconditionFailedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete Workflows webhook handle tags: - Microsoft Teams Integration get: description: Get the name of a Workflows webhook handle from the Datadog Microsoft Teams integration. operationId: GetWorkflowsWebhookHandle parameters: - $ref: '#/components/parameters/MicrosoftTeamsWorkflowsWebhookHandleIDPathParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '412': $ref: '#/components/responses/PreconditionFailedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get Workflows webhook handle information tags: - Microsoft Teams Integration patch: description: Update a Workflows webhook handle from the Datadog Microsoft Teams integration. operationId: UpdateWorkflowsWebhookHandle parameters: - $ref: '#/components/parameters/MicrosoftTeamsWorkflowsWebhookHandleIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/MicrosoftTeamsUpdateWorkflowsWebhookHandleRequest' description: Workflows Webhook handle payload. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/MicrosoftTeamsWorkflowsWebhookHandleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConflictResponse' '412': $ref: '#/components/responses/PreconditionFailedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update Workflows webhook handle tags: - Microsoft Teams Integration x-codegen-request-body-name: body /api/v2/integration/opsgenie/services: get: description: Get a list of all services from the Datadog Opsgenie integration. operationId: ListOpsgenieServices responses: '200': content: application/json: schema: $ref: '#/components/schemas/OpsgenieServicesResponse' description: OK '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all service objects tags: - Opsgenie Integration x-permission: operator: OR permissions: - integrations_read post: description: Create a new service object in the Opsgenie integration. operationId: CreateOpsgenieService requestBody: content: application/json: schema: $ref: '#/components/schemas/OpsgenieServiceCreateRequest' description: Opsgenie service payload required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/OpsgenieServiceResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a new service object tags: - Opsgenie Integration x-codegen-request-body-name: body x-permission: operator: OR permissions: - manage_integrations /api/v2/integration/opsgenie/services/{integration_service_id}: delete: description: Delete a single service object in the Datadog Opsgenie integration. operationId: DeleteOpsgenieService parameters: - $ref: '#/components/parameters/OpsgenieServiceIDPathParameter' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a single service object tags: - Opsgenie Integration x-permission: operator: OR permissions: - manage_integrations get: description: Get a single service from the Datadog Opsgenie integration. operationId: GetOpsgenieService parameters: - $ref: '#/components/parameters/OpsgenieServiceIDPathParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/OpsgenieServiceResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a single service object tags: - Opsgenie Integration x-permission: operator: OR permissions: - integrations_read patch: description: Update a single service object in the Datadog Opsgenie integration. operationId: UpdateOpsgenieService parameters: - $ref: '#/components/parameters/OpsgenieServiceIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/OpsgenieServiceUpdateRequest' description: Opsgenie service payload. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/OpsgenieServiceResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a single service object tags: - Opsgenie Integration x-codegen-request-body-name: body x-permission: operator: OR permissions: - manage_integrations /api/v2/integrations/cloudflare/accounts: get: description: List Cloudflare accounts. operationId: ListCloudflareAccounts responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudflareAccountsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List Cloudflare accounts tags: - Cloudflare Integration x-permission: operator: OR permissions: - integrations_read post: description: Create a Cloudflare account. operationId: CreateCloudflareAccount requestBody: content: application/json: schema: $ref: '#/components/schemas/CloudflareAccountCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/CloudflareAccountResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Add Cloudflare account tags: - Cloudflare Integration x-codegen-request-body-name: body x-permission: operator: OR permissions: - manage_integrations /api/v2/integrations/cloudflare/accounts/{account_id}: delete: description: Delete a Cloudflare account. operationId: DeleteCloudflareAccount parameters: - description: None in: path name: account_id required: true schema: type: string responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete Cloudflare account tags: - Cloudflare Integration x-permission: operator: OR permissions: - manage_integrations get: description: Get a Cloudflare account. operationId: GetCloudflareAccount parameters: - description: None in: path name: account_id required: true schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudflareAccountResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get Cloudflare account tags: - Cloudflare Integration x-permission: operator: OR permissions: - integrations_read patch: description: Update a Cloudflare account. operationId: UpdateCloudflareAccount parameters: - description: None in: path name: account_id required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CloudflareAccountUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudflareAccountResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update Cloudflare account tags: - Cloudflare Integration x-codegen-request-body-name: body x-permission: operator: OR permissions: - manage_integrations /api/v2/integrations/confluent-cloud/accounts: get: description: List Confluent accounts. operationId: ListConfluentAccount responses: '200': content: application/json: schema: $ref: '#/components/schemas/ConfluentAccountsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List Confluent accounts tags: - Confluent Cloud x-permission: operator: OR permissions: - integrations_read post: description: Create a Confluent account. operationId: CreateConfluentAccount requestBody: content: application/json: schema: $ref: '#/components/schemas/ConfluentAccountCreateRequest' description: Confluent payload required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/ConfluentAccountResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Add Confluent account tags: - Confluent Cloud x-codegen-request-body-name: body x-permission: operator: OR permissions: - manage_integrations /api/v2/integrations/confluent-cloud/accounts/{account_id}: delete: description: Delete a Confluent account with the provided account ID. operationId: DeleteConfluentAccount parameters: - $ref: '#/components/parameters/ConfluentAccountID' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete Confluent account tags: - Confluent Cloud x-permission: operator: OR permissions: - manage_integrations get: description: Get the Confluent account with the provided account ID. operationId: GetConfluentAccount parameters: - $ref: '#/components/parameters/ConfluentAccountID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ConfluentAccountResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get Confluent account tags: - Confluent Cloud x-permission: operator: OR permissions: - integrations_read patch: description: Update the Confluent account with the provided account ID. operationId: UpdateConfluentAccount parameters: - $ref: '#/components/parameters/ConfluentAccountID' requestBody: content: application/json: schema: $ref: '#/components/schemas/ConfluentAccountUpdateRequest' description: Confluent payload required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/ConfluentAccountResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update Confluent account tags: - Confluent Cloud x-codegen-request-body-name: body x-permission: operator: OR permissions: - manage_integrations /api/v2/integrations/confluent-cloud/accounts/{account_id}/resources: get: description: Get a Confluent resource for the account associated with the provided ID. operationId: ListConfluentResource parameters: - $ref: '#/components/parameters/ConfluentAccountID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ConfluentResourcesResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List Confluent Account resources tags: - Confluent Cloud x-permission: operator: OR permissions: - integrations_read post: description: Create a Confluent resource for the account associated with the provided ID. operationId: CreateConfluentResource parameters: - $ref: '#/components/parameters/ConfluentAccountID' requestBody: content: application/json: schema: $ref: '#/components/schemas/ConfluentResourceRequest' description: Confluent payload required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/ConfluentResourceResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Add resource to Confluent account tags: - Confluent Cloud x-codegen-request-body-name: body x-permission: operator: OR permissions: - manage_integrations /api/v2/integrations/confluent-cloud/accounts/{account_id}/resources/{resource_id}: delete: description: Delete a Confluent resource with the provided resource id for the account associated with the provided account ID. operationId: DeleteConfluentResource parameters: - $ref: '#/components/parameters/ConfluentAccountID' - $ref: '#/components/parameters/ConfluentResourceID' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete resource from Confluent account tags: - Confluent Cloud x-permission: operator: OR permissions: - manage_integrations get: description: Get a Confluent resource with the provided resource id for the account associated with the provided account ID. operationId: GetConfluentResource parameters: - $ref: '#/components/parameters/ConfluentAccountID' - $ref: '#/components/parameters/ConfluentResourceID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ConfluentResourceResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get resource from Confluent account tags: - Confluent Cloud x-permission: operator: OR permissions: - integrations_read patch: description: Update a Confluent resource with the provided resource id for the account associated with the provided account ID. operationId: UpdateConfluentResource parameters: - $ref: '#/components/parameters/ConfluentAccountID' - $ref: '#/components/parameters/ConfluentResourceID' requestBody: content: application/json: schema: $ref: '#/components/schemas/ConfluentResourceRequest' description: Confluent payload required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/ConfluentResourceResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update resource in Confluent account tags: - Confluent Cloud x-codegen-request-body-name: body x-permission: operator: OR permissions: - manage_integrations /api/v2/integrations/fastly/accounts: get: description: List Fastly accounts. operationId: ListFastlyAccounts responses: '200': content: application/json: schema: $ref: '#/components/schemas/FastlyAccountsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List Fastly accounts tags: - Fastly Integration x-permission: operator: OR permissions: - integrations_read post: description: Create a Fastly account. operationId: CreateFastlyAccount requestBody: content: application/json: schema: $ref: '#/components/schemas/FastlyAccountCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/FastlyAccountResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Add Fastly account tags: - Fastly Integration x-codegen-request-body-name: body x-permission: operator: OR permissions: - manage_integrations /api/v2/integrations/fastly/accounts/{account_id}: delete: description: Delete a Fastly account. operationId: DeleteFastlyAccount parameters: - $ref: '#/components/parameters/FastlyAccountID' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete Fastly account tags: - Fastly Integration x-permission: operator: OR permissions: - manage_integrations get: description: Get a Fastly account. operationId: GetFastlyAccount parameters: - $ref: '#/components/parameters/FastlyAccountID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/FastlyAccountResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get Fastly account tags: - Fastly Integration x-permission: operator: OR permissions: - integrations_read patch: description: Update a Fastly account. operationId: UpdateFastlyAccount parameters: - $ref: '#/components/parameters/FastlyAccountID' requestBody: content: application/json: schema: $ref: '#/components/schemas/FastlyAccountUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/FastlyAccountResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update Fastly account tags: - Fastly Integration x-codegen-request-body-name: body x-permission: operator: OR permissions: - manage_integrations /api/v2/integrations/fastly/accounts/{account_id}/services: get: description: List Fastly services for an account. operationId: ListFastlyServices parameters: - $ref: '#/components/parameters/FastlyAccountID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/FastlyServicesResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List Fastly services tags: - Fastly Integration x-permission: operator: OR permissions: - integrations_read post: description: Create a Fastly service for an account. operationId: CreateFastlyService parameters: - $ref: '#/components/parameters/FastlyAccountID' requestBody: content: application/json: schema: $ref: '#/components/schemas/FastlyServiceRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/FastlyServiceResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Add Fastly service tags: - Fastly Integration x-codegen-request-body-name: body x-permission: operator: OR permissions: - manage_integrations /api/v2/integrations/fastly/accounts/{account_id}/services/{service_id}: delete: description: Delete a Fastly service for an account. operationId: DeleteFastlyService parameters: - $ref: '#/components/parameters/FastlyAccountID' - $ref: '#/components/parameters/FastlyServiceID' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete Fastly service tags: - Fastly Integration x-permission: operator: OR permissions: - manage_integrations get: description: Get a Fastly service for an account. operationId: GetFastlyService parameters: - $ref: '#/components/parameters/FastlyAccountID' - $ref: '#/components/parameters/FastlyServiceID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/FastlyServiceResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get Fastly service tags: - Fastly Integration x-permission: operator: OR permissions: - integrations_read patch: description: Update a Fastly service for an account. operationId: UpdateFastlyService parameters: - $ref: '#/components/parameters/FastlyAccountID' - $ref: '#/components/parameters/FastlyServiceID' requestBody: content: application/json: schema: $ref: '#/components/schemas/FastlyServiceRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/FastlyServiceResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update Fastly service tags: - Fastly Integration x-codegen-request-body-name: body x-permission: operator: OR permissions: - manage_integrations /api/v2/integrations/okta/accounts: get: description: List Okta accounts. operationId: ListOktaAccounts responses: '200': content: application/json: schema: $ref: '#/components/schemas/OktaAccountsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List Okta accounts tags: - Okta Integration x-permission: operator: OR permissions: - integrations_read post: description: Create an Okta account. operationId: CreateOktaAccount requestBody: content: application/json: schema: $ref: '#/components/schemas/OktaAccountRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/OktaAccountResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Add Okta account tags: - Okta Integration x-codegen-request-body-name: body x-permission: operator: OR permissions: - manage_integrations /api/v2/integrations/okta/accounts/{account_id}: delete: description: Delete an Okta account. operationId: DeleteOktaAccount parameters: - description: None in: path name: account_id required: true schema: type: string responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete Okta account tags: - Okta Integration x-permission: operator: OR permissions: - manage_integrations get: description: Get an Okta account. operationId: GetOktaAccount parameters: - description: None in: path name: account_id required: true schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/OktaAccountResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get Okta account tags: - Okta Integration x-permission: operator: OR permissions: - integrations_read patch: description: Update an Okta account. operationId: UpdateOktaAccount parameters: - description: None in: path name: account_id required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/OktaAccountUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/OktaAccountResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update Okta account tags: - Okta Integration x-codegen-request-body-name: body x-permission: operator: OR permissions: - manage_integrations /api/v2/ip_allowlist: get: description: Returns the IP allowlist and its enabled or disabled state. operationId: GetIPAllowlist responses: '200': content: application/json: schema: $ref: '#/components/schemas/IPAllowlistResponse' description: OK '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management summary: Get IP Allowlist tags: - IP Allowlist x-permission: operator: OR permissions: - org_management patch: description: Edit the entries in the IP allowlist, and enable or disable it. operationId: UpdateIPAllowlist requestBody: content: application/json: schema: $ref: '#/components/schemas/IPAllowlistUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/IPAllowlistResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - org_management summary: Update IP Allowlist tags: - IP Allowlist x-codegen-request-body-name: body x-permission: operator: OR permissions: - org_management /api/v2/logs: post: description: 'Send your logs to your Datadog platform over HTTP. Limits per HTTP request are: - Maximum content size per payload (uncompressed): 5MB - Maximum size for a single log: 1MB - Maximum array size if sending multiple logs in an array: 1000 entries Any log exceeding 1MB is accepted and truncated by Datadog: - For a single log request, the API truncates the log at 1MB and returns a 2xx. - For a multi-logs request, the API processes all logs, truncates only logs larger than 1MB, and returns a 2xx. Datadog recommends sending your logs compressed. Add the `Content-Encoding: gzip` header to the request when sending compressed logs. Log events can be submitted with a timestamp that is up to 18 hours in the past. The status codes answered by the HTTP API are: - 202: Accepted: the request has been accepted for processing - 400: Bad request (likely an issue in the payload formatting) - 401: Unauthorized (likely a missing API Key) - 403: Permission issue (likely using an invalid API Key) - 408: Request Timeout, request should be retried after some time - 413: Payload too large (batch is above 5MB uncompressed) - 429: Too Many Requests, request should be retried after some time - 500: Internal Server Error, the server encountered an unexpected condition that prevented it from fulfilling the request, request should be retried after some time - 503: Service Unavailable, the server is not ready to handle the request probably because it is overloaded, request should be retried after some time' operationId: SubmitLog parameters: - description: HTTP header used to compress the media-type. in: header name: Content-Encoding required: false schema: $ref: '#/components/schemas/ContentEncoding' - description: Log tags can be passed as query parameters with `text/plain` content type. example: env:prod,user:my-user in: query name: ddtags required: false schema: type: string requestBody: content: application/json: examples: multi-json-messages: description: Pass multiple log objects at once. summary: Multi JSON Messages value: - ddsource: nginx ddtags: env:staging,version:5.1 hostname: i-012345678 message: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello service: payment - ddsource: nginx ddtags: env:staging,version:5.1 hostname: i-012345679 message: 2019-11-19T14:37:58,995 INFO [process.name][20081] World service: payment simple-json-message: description: Log attributes can be passed as `key:value` pairs in valid JSON messages. summary: Simple JSON Message value: ddsource: nginx ddtags: env:staging,version:5.1 hostname: i-012345678 message: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World service: payment schema: $ref: '#/components/schemas/HTTPLog' application/logplex-1: examples: multi-raw-message: description: Submit log messages. summary: Multi Logplex Messages value: '2019-11-19T14:37:58,995 INFO [process.name][20081] Hello 2019-11-19T14:37:58,995 INFO [process.name][20081] World' simple-logplex-message: description: Submit log string. summary: Simple Logplex Message value: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World schema: type: string text/plain: examples: multi-raw-message: description: Submit log string. summary: Multi Raw Messages value: '2019-11-19T14:37:58,995 INFO [process.name][20081] Hello 2019-11-19T14:37:58,995 INFO [process.name][20081] World ' simple-raw-message: description: 'Submit log string. Log attributes can be passed as query parameters in the URL. This enables the addition of tags or the source by using the `ddtags` and `ddsource` parameters: `?host=my-hostname&service=my-service&ddsource=my-source&ddtags=env:prod,user:my-user`.' summary: Simple Raw Message value: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World schema: type: string description: Log to send (JSON format). required: true responses: '202': content: application/json: schema: type: object description: Request accepted for processing (always 202 empty JSON). '400': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Bad Request '401': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Unauthorized '403': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Forbidden '408': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Request Timeout '413': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Payload Too Large '429': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Too Many Requests '500': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Internal Server Error '503': content: application/json: schema: $ref: '#/components/schemas/HTTPLogErrors' description: Service Unavailable security: - apiKeyAuth: [] servers: - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: The regional site for customers. enum: - datadoghq.com - us3.datadoghq.com - us5.datadoghq.com - ap1.datadoghq.com - datadoghq.eu - ddog-gov.com subdomain: default: http-intake.logs description: The subdomain where the API is deployed. - url: '{protocol}://{name}' variables: name: default: http-intake.logs.datadoghq.com description: Full site DNS name. protocol: default: https description: The protocol for accessing the API. - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: Any Datadog deployment. subdomain: default: http-intake.logs description: The subdomain where the API is deployed. summary: Send logs tags: - Logs x-codegen-request-body-name: body /api/v2/logs/analytics/aggregate: post: description: The API endpoint to aggregate events into buckets and compute metrics and timeseries. operationId: AggregateLogs requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsAggregateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsAggregateResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Aggregate events tags: - Logs x-codegen-request-body-name: body x-permission: operator: OR permissions: - logs_read_data /api/v2/logs/config/archive-order: get: description: 'Get the current order of your archives. This endpoint takes no JSON arguments.' operationId: GetLogsArchiveOrder responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsArchiveOrder' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get archive order tags: - Logs Archives x-permission: operator: OR permissions: - logs_read_config put: description: 'Update the order of your archives. Since logs are processed sequentially, reordering an archive may change the structure and content of the data processed by other archives. **Note**: Using the `PUT` method updates your archive''s order by replacing the current order with the new one.' operationId: UpdateLogsArchiveOrder requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsArchiveOrder' description: An object containing the new ordered list of archive IDs. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsArchiveOrder' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '422': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unprocessable Entity '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update archive order tags: - Logs Archives x-codegen-request-body-name: body x-permission: operator: OR permissions: - logs_write_archives /api/v2/logs/config/archives: get: description: Get the list of configured logs archives with their definitions. operationId: ListLogsArchives responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsArchives' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all archives tags: - Logs Archives x-permission: operator: OR permissions: - logs_read_archives post: description: Create an archive in your organization. operationId: CreateLogsArchive requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsArchiveCreateRequest' description: The definition of the new archive. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsArchive' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create an archive tags: - Logs Archives x-codegen-request-body-name: body x-permission: operator: OR permissions: - logs_write_archives /api/v2/logs/config/archives/{archive_id}: delete: description: Delete a given archive from your organization. operationId: DeleteLogsArchive parameters: - $ref: '#/components/parameters/ArchiveID' responses: '204': description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete an archive tags: - Logs Archives x-permission: operator: OR permissions: - logs_write_archives get: description: Get a specific archive from your organization. operationId: GetLogsArchive parameters: - $ref: '#/components/parameters/ArchiveID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsArchive' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get an archive tags: - Logs Archives x-permission: operator: OR permissions: - logs_read_archives put: description: 'Update a given archive configuration. **Note**: Using this method updates your archive configuration by **replacing** your current configuration with the new one sent to your Datadog organization.' operationId: UpdateLogsArchive parameters: - $ref: '#/components/parameters/ArchiveID' requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsArchiveCreateRequest' description: New definition of the archive. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsArchive' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update an archive tags: - Logs Archives x-codegen-request-body-name: body x-permission: operator: OR permissions: - logs_write_archives /api/v2/logs/config/archives/{archive_id}/readers: delete: description: Removes a role from an archive. ([Roles API](https://docs.datadoghq.com/api/v2/roles/)) operationId: RemoveRoleFromArchive parameters: - $ref: '#/components/parameters/ArchiveID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RelationshipToRole' required: true responses: '204': description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Revoke role from an archive tags: - Logs Archives x-codegen-request-body-name: body x-permission: operator: OR permissions: - logs_write_archives get: description: Returns all read roles a given archive is restricted to. operationId: ListArchiveReadRoles parameters: - $ref: '#/components/parameters/ArchiveID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/RolesResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List read roles for an archive tags: - Logs Archives x-codegen-request-body-name: body x-permission: operator: OR permissions: - logs_read_config post: description: Adds a read role to an archive. ([Roles API](https://docs.datadoghq.com/api/v2/roles/)) operationId: AddReadRoleToArchive parameters: - $ref: '#/components/parameters/ArchiveID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RelationshipToRole' required: true responses: '204': description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Grant role to an archive tags: - Logs Archives x-codegen-request-body-name: body x-permission: operator: OR permissions: - logs_write_archives /api/v2/logs/config/custom-destinations: get: description: Get the list of configured custom destinations in your organization with their definitions. operationId: ListLogsCustomDestinations responses: '200': content: application/json: schema: $ref: '#/components/schemas/CustomDestinationsResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all custom destinations tags: - Logs Custom Destinations x-permission: operator: OR permissions: - logs_read_data - logs_read_config post: description: Create a custom destination in your organization. operationId: CreateLogsCustomDestination requestBody: content: application/json: schema: $ref: '#/components/schemas/CustomDestinationCreateRequest' description: The definition of the new custom destination. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CustomDestinationResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a custom destination tags: - Logs Custom Destinations x-codegen-request-body-name: body x-permission: operator: OR permissions: - logs_write_forwarding_rules /api/v2/logs/config/custom-destinations/{custom_destination_id}: delete: description: Delete a specific custom destination in your organization. operationId: DeleteLogsCustomDestination parameters: - $ref: '#/components/parameters/CustomDestinationId' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a custom destination tags: - Logs Custom Destinations x-permission: operator: OR permissions: - logs_write_forwarding_rules get: description: Get a specific custom destination in your organization. operationId: GetLogsCustomDestination parameters: - $ref: '#/components/parameters/CustomDestinationId' responses: '200': content: application/json: schema: $ref: '#/components/schemas/CustomDestinationResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a custom destination tags: - Logs Custom Destinations x-permission: operator: OR permissions: - logs_read_data - logs_read_config patch: description: Update the given fields of a specific custom destination in your organization. operationId: UpdateLogsCustomDestination parameters: - $ref: '#/components/parameters/CustomDestinationId' requestBody: content: application/json: schema: $ref: '#/components/schemas/CustomDestinationUpdateRequest' description: New definition of the custom destination's fields. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CustomDestinationResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a custom destination tags: - Logs Custom Destinations x-codegen-request-body-name: body x-permission: operator: OR permissions: - logs_write_forwarding_rules /api/v2/logs/config/metrics: get: description: Get the list of configured log-based metrics with their definitions. operationId: ListLogsMetrics responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsMetricsResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all log-based metrics tags: - Logs Metrics x-permission: operator: OR permissions: - logs_read_config post: description: 'Create a metric based on your ingested logs in your organization. Returns the log-based metric object from the request body when the request is successful.' operationId: CreateLogsMetric requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsMetricCreateRequest' description: The definition of the new log-based metric. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsMetricResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a log-based metric tags: - Logs Metrics x-codegen-request-body-name: body x-permission: operator: OR permissions: - logs_generate_metrics /api/v2/logs/config/metrics/{metric_id}: delete: description: Delete a specific log-based metric from your organization. operationId: DeleteLogsMetric parameters: - $ref: '#/components/parameters/MetricID' responses: '204': description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a log-based metric tags: - Logs Metrics x-permission: operator: OR permissions: - logs_generate_metrics get: description: Get a specific log-based metric from your organization. operationId: GetLogsMetric parameters: - $ref: '#/components/parameters/MetricID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsMetricResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a log-based metric tags: - Logs Metrics x-permission: operator: OR permissions: - logs_read_config patch: description: 'Update a specific log-based metric from your organization. Returns the log-based metric object from the request body when the request is successful.' operationId: UpdateLogsMetric parameters: - $ref: '#/components/parameters/MetricID' requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsMetricUpdateRequest' description: New definition of the log-based metric. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsMetricResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a log-based metric tags: - Logs Metrics x-codegen-request-body-name: body x-permission: operator: OR permissions: - logs_generate_metrics /api/v2/logs/events: get: description: 'List endpoint returns logs that match a log search query. [Results are paginated][1]. Use this endpoint to search and filter your logs. **If you are considering archiving logs for your organization, consider use of the Datadog archive capabilities instead of the log list API. See [Datadog Logs Archive documentation][2].** [1]: /logs/guide/collect-multiple-logs-with-pagination [2]: https://docs.datadoghq.com/logs/archives' operationId: ListLogsGet parameters: - description: Search query following logs syntax. example: '@datacenter:us @role:db' in: query name: filter[query] required: false schema: type: string - description: 'For customers with multiple indexes, the indexes to search. Defaults to ''*'' which means all indexes' example: - main - web explode: false in: query name: filter[indexes] required: false schema: items: description: The name of a log index. type: string type: array - description: Minimum timestamp for requested logs. example: '2019-01-02T09:42:36.320Z' in: query name: filter[from] required: false schema: format: date-time type: string - description: Maximum timestamp for requested logs. example: '2019-01-03T09:42:36.320Z' in: query name: filter[to] required: false schema: format: date-time type: string - description: Specifies the storage type to be used example: indexes in: query name: filter[storage_tier] required: false schema: $ref: '#/components/schemas/LogsStorageTier' - description: Order of logs in results. in: query name: sort required: false schema: $ref: '#/components/schemas/LogsSort' - description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== in: query name: page[cursor] required: false schema: type: string - description: Maximum number of logs in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Search logs (GET) tags: - Logs x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data x-permission: operator: OR permissions: - logs_read_data /api/v2/logs/events/search: post: description: 'List endpoint returns logs that match a log search query. [Results are paginated][1]. Use this endpoint to search and filter your logs. **If you are considering archiving logs for your organization, consider use of the Datadog archive capabilities instead of the log list API. See [Datadog Logs Archive documentation][2].** [1]: /logs/guide/collect-multiple-logs-with-pagination [2]: https://docs.datadoghq.com/logs/archives' operationId: ListLogs requestBody: content: application/json: schema: $ref: '#/components/schemas/LogsListRequest' required: false responses: '200': content: application/json: schema: $ref: '#/components/schemas/LogsListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Search logs (POST) tags: - Logs x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data x-permission: operator: OR permissions: - logs_read_data /api/v2/metrics: get: description: "Returns all metrics that can be configured in the Metrics Summary page or with Metrics without Limits\u2122 (matching additional filters if specified).\nOptionally, paginate by using the `page[cursor]` and/or `page[size]` query parameters.\nTo fetch the first page, pass in a query parameter with either a valid `page[size]` or an empty cursor like `page[cursor]=`. To fetch the next page, pass in the `next_cursor` value from the response as the new `page[cursor]` value.\nOnce the `meta.pagination.next_cursor` value is null, all pages have been retrieved." operationId: ListTagConfigurations parameters: - description: Filter custom metrics that have configured tags. example: true in: query name: filter[configured] required: false schema: type: boolean - description: Filter tag configurations by configured tags. example: app in: query name: filter[tags_configured] required: false schema: description: Tag keys to filter by. type: string - description: Filter metrics by metric type. in: query name: filter[metric_type] required: false schema: $ref: '#/components/schemas/MetricTagConfigurationMetricTypeCategory' - description: 'Filter distributions with additional percentile aggregations enabled or disabled.' example: true in: query name: filter[include_percentiles] required: false schema: type: boolean - description: '(Preview) Filter custom metrics that have or have not been queried in the specified window[seconds]. If no window is provided or the window is less than 2 hours, a default of 2 hours will be applied.' example: true in: query name: filter[queried] required: false schema: type: boolean - description: 'Filter metrics that have been submitted with the given tags. Supports boolean and wildcard expressions. Can only be combined with the filter[queried] filter.' example: env IN (staging,test) AND service:web in: query name: filter[tags] required: false schema: type: string - description: (Preview) Filter metrics that are used in dashboards, monitors, notebooks, SLOs. example: true in: query name: filter[related_assets] required: false schema: type: boolean - description: 'The number of seconds of look back (from now) to apply to a filter[tag] or filter[queried] query. Default value is 3600 (1 hour), maximum value is 2,592,000 (30 days).' example: 3600 in: query name: window[seconds] required: false schema: format: int64 type: integer - description: Maximum number of results returned. in: query name: page[size] required: false schema: default: 10000 format: int32 maximum: 10000 minimum: 1 type: integer - description: 'String to query the next page of results. This key is provided with each valid response from the API in `meta.pagination.next_cursor`. Once the `meta.pagination.next_cursor` key is null, all pages have been retrieved.' in: query name: page[cursor] required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricsAndMetricTagConfigurationsResponse' description: Success '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - metrics_read summary: Get a list of metrics tags: - Metrics x-pagination: cursorParam: page[cursor] cursorPath: meta.pagination.next_cursor limitParam: page[size] resultsPath: data x-permission: operator: OR permissions: - metrics_read /api/v2/metrics/config/bulk-tags: delete: description: 'Delete all custom lists of queryable tag keys for a set of existing count, gauge, rate, and distribution metrics. Metrics are selected by passing a metric name prefix. Results can be sent to a set of account email addresses, just like the same operation in the Datadog web app. Can only be used with application keys of users with the `Manage Tags for Metrics` permission.' operationId: DeleteBulkTagsMetricsConfiguration requestBody: content: application/json: schema: $ref: '#/components/schemas/MetricBulkTagConfigDeleteRequest' required: true responses: '202': content: application/json: schema: $ref: '#/components/schemas/MetricBulkTagConfigResponse' description: Accepted '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests summary: Delete tags for multiple metrics tags: - Metrics x-codegen-request-body-name: body x-permission: operator: OR permissions: - metric_tags_write post: description: 'Create and define a list of queryable tag keys for a set of existing count, gauge, rate, and distribution metrics. Metrics are selected by passing a metric name prefix. Use the Delete method of this API path to remove tag configurations. Results can be sent to a set of account email addresses, just like the same operation in the Datadog web app. If multiple calls include the same metric, the last configuration applied (not by submit order) is used, do not expect deterministic ordering of concurrent calls. The `exclude_tags_mode` value will set all metrics that match the prefix to the same exclusion state, metric tag configurations do not support mixed inclusion and exclusion for tags on the same metric. Can only be used with application keys of users with the `Manage Tags for Metrics` permission.' operationId: CreateBulkTagsMetricsConfiguration requestBody: content: application/json: schema: $ref: '#/components/schemas/MetricBulkTagConfigCreateRequest' required: true responses: '202': content: application/json: schema: $ref: '#/components/schemas/MetricBulkTagConfigResponse' description: Accepted '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests summary: Configure tags for multiple metrics tags: - Metrics x-codegen-request-body-name: body x-permission: operator: OR permissions: - metric_tags_write /api/v2/metrics/{metric_name}/active-configurations: get: description: List tags and aggregations that are actively queried on dashboards, notebooks, monitors, the Metrics Explorer, and using the API for a given metric name. operationId: ListActiveMetricConfigurations parameters: - $ref: '#/components/parameters/MetricName' - description: 'The number of seconds of look back (from now). Default value is 604,800 (1 week), minimum value is 7200 (2 hours), maximum value is 2,630,000 (1 month).' example: 7200 in: query name: window[seconds] required: false schema: format: int64 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricSuggestedTagsAndAggregationsResponse' description: Success '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests summary: List active tags and aggregations tags: - Metrics x-permission: operator: OR permissions: - metrics_read /api/v2/metrics/{metric_name}/all-tags: get: description: View indexed tag key-value pairs for a given metric name over the previous hour. operationId: ListTagsByMetricName parameters: - $ref: '#/components/parameters/MetricName' responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricAllTagsResponse' description: Success '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - metrics_read summary: List tags by metric name tags: - Metrics x-permission: operator: OR permissions: - metrics_read /api/v2/metrics/{metric_name}/assets: get: description: Returns dashboards, monitors, notebooks, and SLOs that a metric is stored in, if any. Updated every 24 hours. operationId: ListMetricAssets parameters: - $ref: '#/components/parameters/MetricName' responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricAssetsResponse' description: Success '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Related Assets to a Metric tags: - Metrics /api/v2/metrics/{metric_name}/estimate: get: description: Returns the estimated cardinality for a metric with a given tag, percentile and number of aggregations configuration using Metrics without Limits&trade;. operationId: EstimateMetricsOutputSeries parameters: - $ref: '#/components/parameters/MetricName' - description: Filtered tag keys that the metric is configured to query with. example: app,host in: query name: filter[groups] required: false schema: type: string - description: The number of hours of look back (from now) to estimate cardinality with. If unspecified, it defaults to 0 hours. example: 49 in: query name: filter[hours_ago] required: false schema: format: int32 maximum: 2147483647 minimum: 49 type: integer - description: Deprecated. Number of aggregations has no impact on volume. example: 1 in: query name: filter[num_aggregations] required: false schema: format: int32 maximum: 9 type: integer - description: A boolean, for distribution metrics only, to estimate cardinality if the metric includes additional percentile aggregators. example: true in: query name: filter[pct] required: false schema: type: boolean - description: A window, in hours, from the look back to estimate cardinality with. The minimum and default is 1 hour. example: 6 in: query name: filter[timespan_h] required: false schema: format: int32 maximum: 2147483647 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricEstimateResponse' description: Success '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests summary: Tag Configuration Cardinality Estimator tags: - Metrics x-permission: operator: OPEN permissions: [] /api/v2/metrics/{metric_name}/tags: delete: description: 'Deletes a metric''s tag configuration. Can only be used with application keys from users with the `Manage Tags for Metrics` permission.' operationId: DeleteTagConfiguration parameters: - $ref: '#/components/parameters/MetricName' responses: '204': description: No Content '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests summary: Delete a tag configuration tags: - Metrics x-permission: operator: OR permissions: - metric_tags_write get: description: Returns the tag configuration for the given metric name. operationId: ListTagConfigurationByName parameters: - $ref: '#/components/parameters/MetricName' responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricTagConfigurationResponse' description: Success '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - metrics_read summary: List tag configuration by name tags: - Metrics x-permission: operator: OR permissions: - metrics_read patch: description: 'Update the tag configuration of a metric or percentile aggregations of a distribution metric or custom aggregations of a count, rate, or gauge metric. By setting `exclude_tags_mode` to true the behavior is changed from an allow-list to a deny-list, and tags in the defined list will not be queryable. Can only be used with application keys from users with the `Manage Tags for Metrics` permission. This endpoint requires a tag configuration to be created first.' operationId: UpdateTagConfiguration parameters: - $ref: '#/components/parameters/MetricName' requestBody: content: application/json: schema: $ref: '#/components/schemas/MetricTagConfigurationUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricTagConfigurationResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '422': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unprocessable Entity '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests summary: Update a tag configuration tags: - Metrics x-codegen-request-body-name: body x-permission: operator: OR permissions: - metric_tags_write post: description: 'Create and define a list of queryable tag keys for an existing count/gauge/rate/distribution metric. Optionally, include percentile aggregations on any distribution metric. By setting `exclude_tags_mode` to true, the behavior is changed from an allow-list to a deny-list, and tags in the defined list are not queryable. Can only be used with application keys of users with the `Manage Tags for Metrics` permission.' operationId: CreateTagConfiguration parameters: - $ref: '#/components/parameters/MetricName' requestBody: content: application/json: schema: $ref: '#/components/schemas/MetricTagConfigurationCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/MetricTagConfigurationResponse' description: Created '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '409': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Conflict '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests summary: Create a tag configuration tags: - Metrics x-codegen-request-body-name: body x-permission: operator: OR permissions: - metric_tags_write /api/v2/metrics/{metric_name}/volumes: get: description: 'View distinct metrics volumes for the given metric name. Custom metrics generated in-app from other products will return `null` for ingested volumes.' operationId: ListVolumesByMetricName parameters: - $ref: '#/components/parameters/MetricName' responses: '200': content: application/json: schema: $ref: '#/components/schemas/MetricVolumesResponse' description: Success '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too Many Requests summary: List distinct metric volumes by metric name tags: - Metrics x-permission: operator: OPEN permissions: [] /api/v2/monitor/notification_rule: get: description: Returns a list of all monitor notification rules. operationId: GetMonitorNotificationRules parameters: - description: 'Comma-separated list of resource paths for related resources to include in the response. Supported resource path is `created_by`.' in: query name: include required: false schema: example: created_by type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/MonitorNotificationRuleListResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_read summary: Get all monitor notification rules tags: - Monitors x-permission: operator: OR permissions: - monitors_read x-unstable: '**Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' post: description: Creates a monitor notification rule. operationId: CreateMonitorNotificationRule requestBody: content: application/json: schema: $ref: '#/components/schemas/MonitorNotificationRuleCreateRequest' description: Request body to create a monitor notification rule. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/MonitorNotificationRuleResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitor_config_policy_write summary: Create a monitor notification rule tags: - Monitors x-permission: operator: OR permissions: - monitor_config_policy_write x-unstable: '**Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/monitor/notification_rule/{rule_id}: delete: description: Deletes a monitor notification rule by `rule_id`. operationId: DeleteMonitorNotificationRule parameters: - description: ID of the monitor notification rule to delete. in: path name: rule_id required: true schema: type: string responses: '204': description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitor_config_policy_write summary: Delete a monitor notification rule tags: - Monitors x-permission: operator: OR permissions: - monitor_config_policy_write x-unstable: '**Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' get: description: Returns a monitor notification rule by `rule_id`. operationId: GetMonitorNotificationRule parameters: - description: ID of the monitor notification rule to fetch. in: path name: rule_id required: true schema: type: string - description: 'Comma-separated list of resource paths for related resources to include in the response. Supported resource path is `created_by`.' in: query name: include required: false schema: example: created_by type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/MonitorNotificationRuleResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_read summary: Get a monitor notification rule tags: - Monitors x-permission: operator: OR permissions: - monitors_read x-unstable: '**Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' patch: description: Updates a monitor notification rule by `rule_id`. operationId: UpdateMonitorNotificationRule parameters: - description: ID of the monitor notification rule to update. in: path name: rule_id required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/MonitorNotificationRuleUpdateRequest' description: Request body to update the monitor notification rule. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/MonitorNotificationRuleResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitor_config_policy_write summary: Update a monitor notification rule tags: - Monitors x-codegen-request-body-name: body x-permission: operator: OR permissions: - monitor_config_policy_write x-unstable: '**Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/monitor/policy: get: description: Get all monitor configuration policies. operationId: ListMonitorConfigPolicies responses: '200': content: application/json: schema: $ref: '#/components/schemas/MonitorConfigPolicyListResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_read summary: Get all monitor configuration policies tags: - Monitors x-permission: operator: OR permissions: - monitors_read post: description: Create a monitor configuration policy. operationId: CreateMonitorConfigPolicy requestBody: content: application/json: schema: $ref: '#/components/schemas/MonitorConfigPolicyCreateRequest' description: Create a monitor configuration policy request body. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/MonitorConfigPolicyResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a monitor configuration policy tags: - Monitors x-codegen-request-body-name: body x-permission: operator: OR permissions: - monitor_config_policy_write /api/v2/monitor/policy/{policy_id}: delete: description: Delete a monitor configuration policy. operationId: DeleteMonitorConfigPolicy parameters: - description: ID of the monitor configuration policy. in: path name: policy_id required: true schema: example: 00000000-0000-1234-0000-000000000000 type: string responses: '204': description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a monitor configuration policy tags: - Monitors x-permission: operator: OR permissions: - monitor_config_policy_write get: description: Get a monitor configuration policy by `policy_id`. operationId: GetMonitorConfigPolicy parameters: - description: ID of the monitor configuration policy. in: path name: policy_id required: true schema: example: 00000000-0000-1234-0000-000000000000 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/MonitorConfigPolicyResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_read summary: Get a monitor configuration policy tags: - Monitors x-permission: operator: OR permissions: - monitors_read patch: description: Edit a monitor configuration policy. operationId: UpdateMonitorConfigPolicy parameters: - description: ID of the monitor configuration policy. in: path name: policy_id required: true schema: example: 00000000-0000-1234-0000-000000000000 type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/MonitorConfigPolicyEditRequest' description: Description of the update. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/MonitorConfigPolicyResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '422': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unprocessable Entity '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Edit a monitor configuration policy tags: - Monitors x-codegen-request-body-name: body x-permission: operator: OR permissions: - monitor_config_policy_write /api/v2/monitor/{monitor_id}/downtime_matches: get: description: Get all active downtimes for the specified monitor. operationId: ListMonitorDowntimes parameters: - description: The id of the monitor. in: path name: monitor_id required: true schema: format: int64 type: integer - $ref: '#/components/parameters/PageOffset' - description: Maximum number of downtimes in the response. example: 100 in: query name: page[limit] required: false schema: default: 30 format: int64 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/MonitorDowntimeMatchResponse' description: OK '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Monitor Not Found error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - monitors_downtime summary: Get active downtimes for a monitor tags: - Downtimes x-codegen-request-body-name: body x-pagination: limitParam: page[limit] pageOffsetParam: page[offset] resultsPath: data x-permission: operator: OR permissions: - monitors_downtime /api/v2/ndm/devices: get: description: Get the list of devices. operationId: ListDevices parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - description: The field to sort the devices by. example: status in: query name: sort required: false schema: type: string - description: Filter devices by tag. example: status:ok in: query name: filter[tag] required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListDevicesResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get the list of devices tags: - Network Device Monitoring x-pagination: limitParam: page[size] pageParam: page[number] resultsPath: data /api/v2/ndm/devices/{device_id}: get: description: Get the device details. operationId: GetDevice parameters: - description: The id of the device to fetch. example: example:1.2.3.4 in: path name: device_id required: true schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/GetDeviceResponse' description: OK '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get the device details tags: - Network Device Monitoring /api/v2/ndm/interfaces: get: description: Get the list of interfaces of the device. operationId: GetInterfaces parameters: - description: The ID of the device to get interfaces from. example: example:1.2.3.4 in: query name: device_id required: true schema: type: string - description: Whether to get the IP addresses of the interfaces. example: true in: query name: get_ip_addresses required: false schema: type: boolean responses: '200': content: application/json: schema: $ref: '#/components/schemas/GetInterfacesResponse' description: OK '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get the list of interfaces of the device tags: - Network Device Monitoring /api/v2/ndm/tags/devices/{device_id}: get: description: Get the list of tags for a device. operationId: ListDeviceUserTags parameters: - description: The id of the device to fetch tags for. example: example:1.2.3.4 in: path name: device_id required: true schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListTagsResponse' description: OK '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get the list of tags for a device tags: - Network Device Monitoring patch: description: Update the tags for a device. operationId: UpdateDeviceUserTags parameters: - description: The id of the device to update tags for. example: example:1.2.3.4 in: path name: device_id required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ListTagsResponse' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListTagsResponse' description: OK '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update the tags for a device tags: - Network Device Monitoring /api/v2/network/connections/aggregate: get: description: Get all aggregated connections. operationId: GetAggregatedConnections parameters: - description: Unix timestamp (number of seconds since epoch) of the start of the query window. If not provided, the start of the query window is 15 minutes before the `to` timestamp. If neither `from` nor `to` are provided, the query window is `[now - 15m, now]`. in: query name: from schema: format: int64 type: integer - description: Unix timestamp (number of seconds since epoch) of the end of the query window. If not provided, the end of the query window is the current time. If neither `from` nor `to` are provided, the query window is `[now - 15m, now]`. in: query name: to schema: format: int64 type: integer - description: Comma-separated list of fields to group connections by. in: query name: group_by schema: type: string - description: Comma-separated list of tags to filter connections by. in: query name: tags schema: type: string - description: The number of connections to be returned. The maximum value is 5000. in: query name: limit schema: default: 100 format: int32 maximum: 5000 minimum: 1 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/SingleAggregatedConnectionResponseArray' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all aggregated connections tags: - Cloud Network Monitoring x-unstable: '**Note**: This endpoint is in Preview. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/on-call/escalation-policies: post: description: Create a new On-Call escalation policy operationId: CreateOnCallEscalationPolicy parameters: - description: 'Comma-separated list of included relationships to be returned. Allowed values: `teams`, `steps`, `steps.targets`.' in: query name: include schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/EscalationPolicyCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/EscalationPolicy' description: Created '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create On-Call escalation policy tags: - On-Call x-permission: operator: AND permissions: - on_call_write /api/v2/on-call/escalation-policies/{policy_id}: delete: description: Delete an On-Call escalation policy operationId: DeleteOnCallEscalationPolicy parameters: - description: The ID of the escalation policy in: path name: policy_id required: true schema: example: a3000000-0000-0000-0000-000000000000 type: string responses: '204': description: No Content '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete On-Call escalation policy tags: - On-Call x-permission: operator: AND permissions: - on_call_write get: description: Get an On-Call escalation policy operationId: GetOnCallEscalationPolicy parameters: - description: The ID of the escalation policy in: path name: policy_id required: true schema: example: a3000000-0000-0000-0000-000000000000 type: string - description: 'Comma-separated list of included relationships to be returned. Allowed values: `teams`, `steps`, `steps.targets`.' in: query name: include schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/EscalationPolicy' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get On-Call escalation policy tags: - On-Call x-permission: operator: AND permissions: - on_call_read put: description: Update an On-Call escalation policy operationId: UpdateOnCallEscalationPolicy parameters: - description: The ID of the escalation policy in: path name: policy_id required: true schema: example: a3000000-0000-0000-0000-000000000000 type: string - description: 'Comma-separated list of included relationships to be returned. Allowed values: `teams`, `steps`, `steps.targets`.' in: query name: include schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/EscalationPolicyUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/EscalationPolicy' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Update On-Call escalation policy tags: - On-Call x-permission: operator: AND permissions: - on_call_write /api/v2/on-call/pages: post: description: 'Trigger a new On-Call Page. ' operationId: CreateOnCallPage requestBody: content: application/json: schema: $ref: '#/components/schemas/CreatePageRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CreatePageResponse' description: OK. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] servers: - url: https://{site} variables: site: default: navy.oncall.datadoghq.com description: The globally available endpoint for On-Call. enum: - saffron.oncall.datadoghq.com - navy.oncall.datadoghq.com - coral.oncall.datadoghq.com - teal.oncall.datadoghq.com - beige.oncall.datadoghq.eu - url: '{protocol}://{name}' variables: name: default: api.datadoghq.com description: Full site DNS name. protocol: default: https description: The protocol for accessing the API. - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: Any Datadog deployment. subdomain: default: api description: The subdomain where the API is deployed. summary: Create On-Call Page tags: - On-Call Paging /api/v2/on-call/pages/{page_id}/acknowledge: post: description: 'Acknowledges an On-Call Page. ' operationId: AcknowledgeOnCallPage parameters: - description: The page ID. in: path name: page_id required: true schema: example: 15e74b8b-f865-48d0-bcc5-453323ed2c8f format: uuid type: string responses: '202': description: Accepted. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] servers: - url: https://{site} variables: site: default: navy.oncall.datadoghq.com description: The globally available endpoint for On-Call. enum: - saffron.oncall.datadoghq.com - navy.oncall.datadoghq.com - coral.oncall.datadoghq.com - teal.oncall.datadoghq.com - beige.oncall.datadoghq.eu - url: '{protocol}://{name}' variables: name: default: api.datadoghq.com description: Full site DNS name. protocol: default: https description: The protocol for accessing the API. - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: Any Datadog deployment. subdomain: default: api description: The subdomain where the API is deployed. summary: Acknowledge On-Call Page tags: - On-Call Paging /api/v2/on-call/pages/{page_id}/escalate: post: description: 'Escalates an On-Call Page. ' operationId: EscalateOnCallPage parameters: - description: The page ID. in: path name: page_id required: true schema: example: 15e74b8b-f865-48d0-bcc5-453323ed2c8f format: uuid type: string responses: '202': description: Accepted. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] servers: - url: https://{site} variables: site: default: navy.oncall.datadoghq.com description: The globally available endpoint for On-Call. enum: - saffron.oncall.datadoghq.com - navy.oncall.datadoghq.com - coral.oncall.datadoghq.com - teal.oncall.datadoghq.com - beige.oncall.datadoghq.eu - url: '{protocol}://{name}' variables: name: default: api.datadoghq.com description: Full site DNS name. protocol: default: https description: The protocol for accessing the API. - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: Any Datadog deployment. subdomain: default: api description: The subdomain where the API is deployed. summary: Escalate On-Call Page tags: - On-Call Paging /api/v2/on-call/pages/{page_id}/resolve: post: description: 'Resolves an On-Call Page. ' operationId: ResolveOnCallPage parameters: - description: The page ID. in: path name: page_id required: true schema: example: 15e74b8b-f865-48d0-bcc5-453323ed2c8f format: uuid type: string responses: '202': description: Accepted. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] servers: - url: https://{site} variables: site: default: navy.oncall.datadoghq.com description: The globally available endpoint for On-Call. enum: - saffron.oncall.datadoghq.com - navy.oncall.datadoghq.com - coral.oncall.datadoghq.com - teal.oncall.datadoghq.com - beige.oncall.datadoghq.eu - url: '{protocol}://{name}' variables: name: default: api.datadoghq.com description: Full site DNS name. protocol: default: https description: The protocol for accessing the API. - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: Any Datadog deployment. subdomain: default: api description: The subdomain where the API is deployed. summary: Resolve On-Call Page tags: - On-Call Paging /api/v2/on-call/schedules: post: description: Create a new On-Call schedule operationId: CreateOnCallSchedule parameters: - description: 'Comma-separated list of included relationships to be returned. Allowed values: `teams`, `layers`, `layers.members`, `layers.members.user`.' in: query name: include schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ScheduleCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/Schedule' description: Created '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Create On-Call schedule tags: - On-Call x-permission: operator: AND permissions: - on_call_write /api/v2/on-call/schedules/{schedule_id}: delete: description: Delete an On-Call schedule operationId: DeleteOnCallSchedule parameters: - description: The ID of the schedule in: path name: schedule_id required: true schema: example: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: string responses: '204': description: No Content '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete On-Call schedule tags: - On-Call x-permission: operator: AND permissions: - on_call_write get: description: Get an On-Call schedule operationId: GetOnCallSchedule parameters: - description: 'Comma-separated list of included relationships to be returned. Allowed values: `teams`, `layers`, `layers.members`, `layers.members.user`.' in: query name: include schema: type: string - description: The ID of the schedule in: path name: schedule_id required: true schema: example: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/Schedule' description: OK '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get On-Call schedule tags: - On-Call x-permission: operator: AND permissions: - on_call_read put: description: Update a new On-Call schedule operationId: UpdateOnCallSchedule parameters: - description: 'Comma-separated list of included relationships to be returned. Allowed values: `teams`, `layers`, `layers.members`, `layers.members.user`.' in: query name: include schema: type: string - description: The ID of the schedule in: path name: schedule_id required: true schema: example: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ScheduleUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/Schedule' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Update On-Call schedule tags: - On-Call x-permission: operator: AND permissions: - on_call_write /api/v2/on-call/schedules/{schedule_id}/on-call: get: description: Retrieves the user who is on-call for the specified schedule at a given time. operationId: GetScheduleOnCallUser parameters: - description: 'Specifies related resources to include in the response as a comma-separated list. Allowed value: `user`.' in: query name: include schema: type: string - description: The ID of the schedule. in: path name: schedule_id required: true schema: example: 3653d3c6-0c75-11ea-ad28-fb5701eabc7d type: string - description: Retrieves the on-call user at the given timestamp (ISO-8601). Defaults to the current time if omitted." in: query name: filter[at_ts] schema: example: '2025-05-07T02:53:01Z' type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/Shift' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get the schedule on-call user tags: - On-Call /api/v2/on-call/teams/{team_id}/on-call: get: description: Get a team's on-call users at a given time operationId: GetTeamOnCallUsers parameters: - description: 'Comma-separated list of included relationships to be returned. Allowed values: `responders`, `escalations`, `escalations.responders`.' in: query name: include schema: type: string - description: The team ID in: path name: team_id required: true schema: example: 27590dae-47be-4a7d-9abf-8f4e45124020 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/TeamOnCallResponders' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get team on-call users tags: - On-Call /api/v2/on-call/teams/{team_id}/routing-rules: get: description: Get a team's On-Call routing rules operationId: GetOnCallTeamRoutingRules parameters: - description: The team ID in: path name: team_id required: true schema: example: 27590dae-47be-4a7d-9abf-8f4e45124020 type: string - description: 'Comma-separated list of included relationships to be returned. Allowed values: `rules`, `rules.policy`.' in: query name: include schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/TeamRoutingRules' description: OK '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get On-Call team routing rules tags: - On-Call x-permission: operator: AND permissions: - on_call_read put: description: Set a team's On-Call routing rules operationId: SetOnCallTeamRoutingRules parameters: - description: The team ID in: path name: team_id required: true schema: example: 27590dae-47be-4a7d-9abf-8f4e45124020 type: string - description: 'Comma-separated list of included relationships to be returned. Allowed values: `rules`, `rules.policy`.' in: query name: include schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/TeamRoutingRulesRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/TeamRoutingRules' description: OK '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Set On-Call team routing rules tags: - On-Call x-permission: operator: AND permissions: - on_call_write /api/v2/org_configs: get: description: Returns all Org Configs (name, description, and value). operationId: ListOrgConfigs responses: '200': content: application/json: schema: $ref: '#/components/schemas/OrgConfigListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List Org Configs tags: - Organizations x-permission: operator: OPEN permissions: [] /api/v2/org_configs/{org_config_name}: get: description: Return the name, description, and value of a specific Org Config. operationId: GetOrgConfig parameters: - $ref: '#/components/parameters/OrgConfigName' responses: '200': content: application/json: schema: $ref: '#/components/schemas/OrgConfigGetResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a specific Org Config value tags: - Organizations x-permission: operator: OPEN permissions: [] patch: description: Update the value of a specific Org Config. operationId: UpdateOrgConfig parameters: - $ref: '#/components/parameters/OrgConfigName' requestBody: content: application/json: schema: $ref: '#/components/schemas/OrgConfigWriteRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/OrgConfigGetResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a specific Org Config tags: - Organizations x-permission: operator: OR permissions: - org_management /api/v2/permissions: get: description: Returns a list of all permissions, including name, description, and ID. operationId: ListPermissions responses: '200': content: application/json: schema: $ref: '#/components/schemas/PermissionsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: List permissions tags: - Roles x-permission: operator: OR permissions: - user_access_read /api/v2/posture_management/findings: get: description: "Get a list of findings. These include both misconfigurations and identity risks.\n\n**Note**: To filter and return only identity risks, add the following query parameter: `?filter[tags]=dd_rule_type:ciem`\n\n### Filtering\n\nFilters can be applied by appending query parameters to the URL.\n\n - Using a single filter: `?filter[attribute_key]=attribute_value`\n - Chaining filters: `?filter[attribute_key]=attribute_value&filter[attribute_key]=attribute_value...`\n \ - Filtering on tags: `?filter[tags]=tag_key:tag_value&filter[tags]=tag_key_2:tag_value_2`\n\nHere, `attribute_key` can be any of the filter keys described further below.\n\nQuery parameters of type `integer` support comparison operators (`>`, `>=`, `<`, `<=`). This is particularly useful when filtering by `evaluation_changed_at` or `resource_discovery_timestamp`. For example: `?filter[evaluation_changed_at]=>20123123121`.\n\nYou can also use the negation operator on strings. For example, use `filter[resource_type]=-aws*` to filter for any non-AWS resources.\n\nThe operator must come after the equal sign. For example, to filter with the `>=` operator, add the operator after the equal sign: `filter[evaluation_changed_at]=>=1678809373257`.\n\nQuery parameters must be only among the documented ones and with values of correct types. Duplicated query parameters (e.g. `filter[status]=low&filter[status]=info`) are not allowed.\n\n### Additional extension fields\n\nAdditional extension fields are available for some findings.\n\nThe data is available when you include the query parameter `?detailed_findings=true` in the request.\n\nThe following fields are available for findings:\n- `external_id`: The resource external ID related to the finding.\n- `description`: The description and remediation steps for the finding.\n- `datadog_link`: The Datadog relative link for the finding.\n\n### Response\n\nThe response includes an array of finding objects, pagination metadata, and a count of items that match the query.\n\nEach finding object contains the following:\n\n- The finding ID that can be used in a `GetFinding` request to retrieve the full finding details.\n- Core attributes, including status, evaluation, high-level resource details, muted state, and rule details.\n- `evaluation_changed_at` and `resource_discovery_date` time stamps.\n- An array of associated tags.\n" operationId: ListFindings parameters: - description: Limit the number of findings returned. Must be <= 1000. example: 50 in: query name: page[limit] required: false schema: default: 100 format: int64 maximum: 1000 minimum: 1 type: integer - description: Return findings for a given snapshot of time (Unix ms). example: 1678721573794 in: query name: snapshot_timestamp required: false schema: format: int64 minimum: 1 type: integer - description: Return the next page of findings pointed to by the cursor. example: eyJhZnRlciI6IkFRQUFBWWJiaEJXQS1OY1dqUUFBQUFCQldXSmlhRUpYUVVGQlJFSktkbTlDTUdaWFRVbDNRVUUiLCJ2YWx1ZXMiOlsiY3JpdGljYWwiXX0= in: query name: page[cursor] required: false schema: type: string - description: Return findings that have these associated tags (repeatable). example: filter[tags]=cloud_provider:aws&filter[tags]=aws_account:999999999999 in: query name: filter[tags] required: false schema: type: string - description: Return findings that have changed from pass to fail or vice versa on a specified date (Unix ms) or date range (using comparison operators). example: '>=1678721573794' in: query name: filter[evaluation_changed_at] required: false schema: type: string - description: Set to `true` to return findings that are muted. Set to `false` to return unmuted findings. in: query name: filter[muted] required: false schema: type: boolean - description: Return findings for the specified rule ID. in: query name: filter[rule_id] required: false schema: type: string - description: Return findings for the specified rule. in: query name: filter[rule_name] required: false schema: type: string - description: Return only findings for the specified resource type. in: query name: filter[resource_type] required: false schema: type: string - description: Return findings that were found on a specified date (Unix ms) or date range (using comparison operators). example: '>=1678721573794' in: query name: filter[discovery_timestamp] required: false schema: type: string - description: Return only `pass` or `fail` findings. example: pass in: query name: filter[evaluation] required: false schema: $ref: '#/components/schemas/FindingEvaluation' - description: Return only findings with the specified status. example: critical in: query name: filter[status] required: false schema: $ref: '#/components/schemas/FindingStatus' - description: Return findings that match the selected vulnerability types (repeatable). example: - misconfiguration explode: true in: query name: filter[vulnerability_type] required: false schema: items: $ref: '#/components/schemas/FindingVulnerabilityType' type: array - description: Return additional fields for some findings. example: - true in: query name: detailed_findings required: false schema: type: boolean responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListFindingsResponse' description: OK '400': $ref: '#/components/responses/FindingsBadRequestResponse' '403': $ref: '#/components/responses/FindingsForbiddenResponse' '404': $ref: '#/components/responses/FindingsNotFoundResponse' '429': $ref: '#/components/responses/FindingsTooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_findings_read summary: List findings tags: - Security Monitoring x-pagination: cursorParam: page[cursor] cursorPath: meta.page.cursor limitParam: page[limit] resultsPath: data x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' patch: description: Mute or unmute findings. operationId: MuteFindings requestBody: content: application/json: schema: $ref: '#/components/schemas/BulkMuteFindingsRequest' description: "### Attributes\n\nAll findings are updated with the same attributes. The request body must include at least two attributes: `muted` and `reason`.\nThe allowed reasons depend on whether the finding is being muted or unmuted:\n \ - To mute a finding: `PENDING_FIX`, `FALSE_POSITIVE`, `ACCEPTED_RISK`, `OTHER`.\n - To unmute a finding : `NO_PENDING_FIX`, `HUMAN_ERROR`, `NO_LONGER_ACCEPTED_RISK`, `OTHER`.\n\n### Meta\n\nThe request body must include a list of the finding IDs to be updated.\n" required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/BulkMuteFindingsResponse' description: OK '400': $ref: '#/components/responses/FindingsBadRequestResponse' '403': $ref: '#/components/responses/FindingsForbiddenResponse' '404': $ref: '#/components/responses/FindingsNotFoundResponse' '422': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: 'Invalid Request: The server understands the request syntax but cannot process it due to invalid data.' '429': $ref: '#/components/responses/FindingsTooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] summary: Mute or unmute a batch of findings tags: - Security Monitoring x-codegen-request-body-name: body x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/posture_management/findings/{finding_id}: get: description: Returns a single finding with message and resource configuration. operationId: GetFinding parameters: - description: The ID of the finding. in: path name: finding_id required: true schema: type: string - description: Return the finding for a given snapshot of time (Unix ms). example: 1678721573794 in: query name: snapshot_timestamp required: false schema: format: int64 minimum: 1 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/GetFindingResponse' description: OK '400': $ref: '#/components/responses/FindingsBadRequestResponse' '403': $ref: '#/components/responses/FindingsForbiddenResponse' '404': $ref: '#/components/responses/FindingsNotFoundResponse' '429': $ref: '#/components/responses/FindingsTooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_findings_read summary: Get a finding tags: - Security Monitoring x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/powerpacks: get: description: Get a list of all powerpacks. operationId: ListPowerpacks parameters: - description: Maximum number of powerpacks in the response. example: 25 in: query name: page[limit] required: false schema: default: 25 format: int64 maximum: 1000 type: integer - $ref: '#/components/parameters/PageOffset' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListPowerpacksResponse' description: OK '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - dashboards_read summary: Get all powerpacks tags: - Powerpack x-pagination: limitParam: page[limit] pageOffsetParam: page[offset] resultsPath: data x-permission: operator: OR permissions: - dashboards_read post: description: Create a powerpack. operationId: CreatePowerpack requestBody: content: application/json: schema: $ref: '#/components/schemas/Powerpack' description: Create a powerpack request body. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/PowerpackResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - dashboards_write summary: Create a new powerpack tags: - Powerpack x-codegen-request-body-name: body x-permission: operator: OR permissions: - dashboards_write /api/v2/powerpacks/{powerpack_id}: delete: description: Delete a powerpack. operationId: DeletePowerpack parameters: - description: Powerpack id in: path name: powerpack_id required: true schema: type: string responses: '204': description: OK '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Powerpack Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - dashboards_write summary: Delete a powerpack tags: - Powerpack x-permission: operator: OR permissions: - dashboards_write get: description: Get a powerpack. operationId: GetPowerpack parameters: - description: ID of the powerpack. in: path name: powerpack_id required: true schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/PowerpackResponse' description: OK '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Powerpack Not Found. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - dashboards_read summary: Get a Powerpack tags: - Powerpack x-permission: operator: OR permissions: - dashboards_read patch: description: Update a powerpack. operationId: UpdatePowerpack parameters: - description: ID of the powerpack. in: path name: powerpack_id required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Powerpack' description: Update a powerpack request body. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/PowerpackResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Powerpack Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - dashboards_write summary: Update a powerpack tags: - Powerpack x-codegen-request-body-name: body x-permission: operator: OR permissions: - dashboards_write /api/v2/processes: get: description: Get all processes for your organization. operationId: ListProcesses parameters: - description: String to search processes by. in: query name: search required: false schema: type: string - description: Comma-separated list of tags to filter processes by. example: account:prod,user:admin in: query name: tags required: false schema: type: string - description: 'Unix timestamp (number of seconds since epoch) of the start of the query window. If not provided, the start of the query window will be 15 minutes before the `to` timestamp. If neither `from` nor `to` are provided, the query window will be `[now - 15m, now]`.' in: query name: from required: false schema: format: int64 type: integer - description: 'Unix timestamp (number of seconds since epoch) of the end of the query window. If not provided, the end of the query window will be 15 minutes after the `from` timestamp. If neither `from` nor `to` are provided, the query window will be `[now - 15m, now]`.' in: query name: to required: false schema: format: int64 type: integer - description: Maximum number of results returned. in: query name: page[limit] required: false schema: default: 1000 format: int32 maximum: 10000 minimum: 1 type: integer - description: 'String to query the next page of results. This key is provided with each valid response from the API in `meta.page.after`.' in: query name: page[cursor] required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/ProcessSummariesResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get all processes tags: - Processes x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data x-permission: operator: OPEN permissions: [] /api/v2/query/scalar: post: description: 'Query scalar values (as seen on Query Value, Table, and Toplist widgets). Multiple data sources are supported with the ability to process the data using formulas and functions.' operationId: QueryScalarData requestBody: content: application/json: schema: $ref: '#/components/schemas/ScalarFormulaQueryRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/ScalarFormulaQueryResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - timeseries_query summary: Query scalar data across multiple products tags: - Metrics x-codegen-request-body-name: body x-permission: operator: OR permissions: - timeseries_query /api/v2/query/timeseries: post: description: 'Query timeseries data across various data sources and process the data by applying formulas and functions.' operationId: QueryTimeseriesData requestBody: content: application/json: schema: $ref: '#/components/schemas/TimeseriesFormulaQueryRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/TimeseriesFormulaQueryResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - timeseries_query summary: Query timeseries data across multiple products tags: - Metrics x-codegen-request-body-name: body x-permission: operator: OR permissions: - timeseries_query /api/v2/remote_config/products/asm/waf/custom_rules: get: description: Retrieve a list of WAF custom rule. operationId: ListApplicationSecurityWAFCustomRules responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleListResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List all WAF custom rules tags: - Application Security post: description: Create a new WAF custom rule with the given parameters. operationId: CreateApplicationSecurityWafCustomRule requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleCreateRequest' description: The definition of the new WAF Custom Rule. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleResponse' description: Created '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConcurrentModificationResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a WAF custom rule tags: - Application Security x-codegen-request-body-name: body /api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id}: delete: description: Delete a specific WAF custom rule. operationId: DeleteApplicationSecurityWafCustomRule parameters: - $ref: '#/components/parameters/ApplicationSecurityWafCustomRuleIDParam' responses: '204': description: No Content '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConcurrentModificationResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a WAF Custom Rule tags: - Application Security x-terraform-resource: appsec_waf_custom_rule get: description: Retrieve a WAF custom rule by ID. operationId: GetApplicationSecurityWafCustomRule parameters: - $ref: '#/components/parameters/ApplicationSecurityWafCustomRuleIDParam' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a WAF custom rule tags: - Application Security x-terraform-resource: appsec_waf_custom_rule put: description: 'Update a specific WAF custom Rule. Returns the Custom Rule object when the request is successful.' operationId: UpdateApplicationSecurityWafCustomRule parameters: - $ref: '#/components/parameters/ApplicationSecurityWafCustomRuleIDParam' requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleUpdateRequest' description: New definition of the WAF Custom Rule. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationSecurityWafCustomRuleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConcurrentModificationResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a WAF Custom Rule tags: - Application Security x-codegen-request-body-name: body x-terraform-resource: appsec_waf_custom_rule /api/v2/remote_config/products/asm/waf/exclusion_filters: get: description: Retrieve a list of WAF exclusion filters. operationId: ListApplicationSecurityWafExclusionFilters responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFiltersResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List all WAF exclusion filters tags: - Application Security x-permission: operator: AND permissions: - appsec_protect_read x-terraform-resource: appsec_waf_exclusion_filter post: description: 'Create a new WAF exclusion filter with the given parameters. A request matched by an exclusion filter will be ignored by the Application Security WAF product. Go to https://app.datadoghq.com/security/appsec/passlist to review existing exclusion filters (also called passlist entries).' operationId: CreateApplicationSecurityWafExclusionFilter requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterCreateRequest' description: The definition of the new WAF exclusion filter. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConcurrentModificationResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a WAF exclusion filter tags: - Application Security x-codegen-request-body-name: body x-permission: operator: AND permissions: - appsec_protect_write x-terraform-resource: appsec_waf_exclusion_filter /api/v2/remote_config/products/asm/waf/exclusion_filters/{exclusion_filter_id}: delete: description: Delete a specific WAF exclusion filter using its identifier. operationId: DeleteApplicationSecurityWafExclusionFilter parameters: - $ref: '#/components/parameters/ApplicationSecurityWafExclusionFilterID' responses: '204': description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConcurrentModificationResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a WAF exclusion filter tags: - Application Security x-permission: operator: AND permissions: - appsec_protect_write x-terraform-resource: appsec_waf_exclusion_filter get: description: Retrieve a specific WAF exclusion filter using its identifier. operationId: GetApplicationSecurityWafExclusionFilter parameters: - $ref: '#/components/parameters/ApplicationSecurityWafExclusionFilterID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a WAF exclusion filter tags: - Application Security x-permission: operator: AND permissions: - appsec_protect_read x-terraform-resource: appsec_waf_exclusion_filter put: description: 'Update a specific WAF exclusion filter using its identifier. Returns the exclusion filter object when the request is successful.' operationId: UpdateApplicationSecurityWafExclusionFilter parameters: - $ref: '#/components/parameters/ApplicationSecurityWafExclusionFilterID' requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterUpdateRequest' description: The exclusion filter to update. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/ApplicationSecurityWafExclusionFilterResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConcurrentModificationResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a WAF exclusion filter tags: - Application Security x-codegen-request-body-name: body x-permission: operator: AND permissions: - appsec_protect_write x-terraform-resource: appsec_waf_exclusion_filter /api/v2/remote_config/products/cws/agent_rules: get: description: 'Get the list of Workload Protection agent rules. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.' operationId: ListCSMThreatsAgentRules parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityQueryAgentPolicyID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRulesListResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all Workload Protection agent rules tags: - CSM Threats post: description: 'Create a new Workload Protection agent rule with the given parameters. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.' operationId: CreateCSMThreatsAgentRule requestBody: content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreateRequest' description: The definition of the new agent rule required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a Workload Protection agent rule tags: - CSM Threats x-codegen-request-body-name: body /api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}: delete: description: 'Delete a specific Workload Protection agent rule. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.' operationId: DeleteCSMThreatsAgentRule parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' - $ref: '#/components/parameters/CloudWorkloadSecurityQueryAgentPolicyID' responses: '204': description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a Workload Protection agent rule tags: - CSM Threats get: description: 'Get the details of a specific Workload Protection agent rule. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.' operationId: GetCSMThreatsAgentRule parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' - $ref: '#/components/parameters/CloudWorkloadSecurityQueryAgentPolicyID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a Workload Protection agent rule tags: - CSM Threats patch: description: 'Update a specific Workload Protection Agent rule. Returns the agent rule object when the request is successful. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.' operationId: UpdateCSMThreatsAgentRule parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' - $ref: '#/components/parameters/CloudWorkloadSecurityQueryAgentPolicyID' requestBody: content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateRequest' description: New definition of the agent rule required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConcurrentModificationResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a Workload Protection agent rule tags: - CSM Threats x-codegen-request-body-name: body /api/v2/remote_config/products/cws/policy: get: description: 'Get the list of Workload Protection policies. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.' operationId: ListCSMThreatsAgentPolicies responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentPoliciesListResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all Workload Protection policies tags: - CSM Threats post: description: 'Create a new Workload Protection policy with the given parameters. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.' operationId: CreateCSMThreatsAgentPolicy requestBody: content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentPolicyCreateRequest' description: The definition of the new Agent policy required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentPolicyResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a Workload Protection policy tags: - CSM Threats x-codegen-request-body-name: body /api/v2/remote_config/products/cws/policy/download: get: description: 'The download endpoint generates a Workload Protection policy file from your currently active Workload Protection agent rules, and downloads them as a `.policy` file. This file can then be deployed to your agents to update the policy running in your environment. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.' operationId: DownloadCSMThreatsPolicy responses: '200': content: application/zip: schema: format: binary type: string description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Download the Workload Protection policy tags: - CSM Threats /api/v2/remote_config/products/cws/policy/{policy_id}: delete: description: 'Delete a specific Workload Protection policy. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.' operationId: DeleteCSMThreatsAgentPolicy parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityPathAgentPolicyID' responses: '202': description: OK '204': description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a Workload Protection policy tags: - CSM Threats get: description: 'Get the details of a specific Workload Protection policy. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.' operationId: GetCSMThreatsAgentPolicy parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityPathAgentPolicyID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentPolicyResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a Workload Protection policy tags: - CSM Threats patch: description: 'Update a specific Workload Protection policy. Returns the policy object when the request is successful. **Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.' operationId: UpdateCSMThreatsAgentPolicy parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityPathAgentPolicyID' requestBody: content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentPolicyUpdateRequest' description: New definition of the Agent policy required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentPolicyResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConcurrentModificationResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a Workload Protection policy tags: - CSM Threats x-codegen-request-body-name: body /api/v2/remote_config/products/obs_pipelines/pipelines: get: description: Retrieve a list of pipelines. operationId: ListPipelines parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListPipelinesResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List pipelines tags: - Observability Pipelines x-permission: operator: OR permissions: - observability_pipelines_read x-unstable: '**Note**: This endpoint is in Preview.' post: description: Create a new pipeline. operationId: CreatePipeline requestBody: content: application/json: schema: $ref: '#/components/schemas/ObservabilityPipelineSpec' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/ObservabilityPipeline' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a new pipeline tags: - Observability Pipelines x-permission: operator: OR permissions: - observability_pipelines_deploy x-unstable: '**Note**: This endpoint is in Preview.' /api/v2/remote_config/products/obs_pipelines/pipelines/validate: post: description: 'Validates a pipeline configuration without creating or updating any resources. Returns a list of validation errors, if any. ' operationId: ValidatePipeline requestBody: content: application/json: schema: $ref: '#/components/schemas/ObservabilityPipelineSpec' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/ValidationResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Validate an observability pipeline tags: - Observability Pipelines x-permission: operator: OR permissions: - observability_pipelines_read x-unstable: '**Note**: This endpoint is in Preview.' /api/v2/remote_config/products/obs_pipelines/pipelines/{pipeline_id}: delete: description: Delete a pipeline. operationId: DeletePipeline parameters: - description: The ID of the pipeline to delete. in: path name: pipeline_id required: true schema: type: string responses: '204': description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '409': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Conflict '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a pipeline tags: - Observability Pipelines x-permission: operator: OR permissions: - observability_pipelines_delete x-unstable: '**Note**: This endpoint is in Preview.' get: description: Get a specific pipeline by its ID. operationId: GetPipeline parameters: - description: The ID of the pipeline to retrieve. in: path name: pipeline_id required: true schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/ObservabilityPipeline' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a specific pipeline tags: - Observability Pipelines x-permission: operator: OR permissions: - observability_pipelines_read x-unstable: '**Note**: This endpoint is in Preview.' put: description: Update a pipeline. operationId: UpdatePipeline parameters: - description: The ID of the pipeline to update. in: path name: pipeline_id required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ObservabilityPipeline' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/ObservabilityPipeline' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a pipeline tags: - Observability Pipelines x-permission: operator: OR permissions: - observability_pipelines_deploy x-unstable: '**Note**: This endpoint is in Preview.' /api/v2/restriction_policy/{resource_id}: delete: description: Deletes the restriction policy associated with a specified resource. operationId: DeleteRestrictionPolicy parameters: - $ref: '#/components/parameters/ResourceID' responses: '204': description: No Content '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete a restriction policy tags: - Restriction Policies x-permission: operator: OPEN permissions: [] get: description: Retrieves the restriction policy associated with a specified resource. operationId: GetRestrictionPolicy parameters: - $ref: '#/components/parameters/ResourceID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/RestrictionPolicyResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get a restriction policy tags: - Restriction Policies x-permission: operator: OPEN permissions: [] post: description: 'Updates the restriction policy associated with a resource. #### Supported resources Restriction policies can be applied to the following resources: - Dashboards: `dashboard` - Integration Accounts: `integration-account` - Integration Services: `integration-service` - Integration Webhooks: `integration-webhook` - Notebooks: `notebook` - Powerpacks: `powerpack` - Reference Tables: `reference-table` - Security Rules: `security-rule` - Service Level Objectives: `slo` - Synthetic Global Variables: `synthetics-global-variable` - Synthetic Tests: `synthetics-test` - Synthetic Private Locations: `synthetics-private-location` - Monitors: `monitor` - Workflows: `workflow` - App Builder Apps: `app-builder-app` - Connections: `connection` - Connection Groups: `connection-group` - RUM Applications: `rum-application` #### Supported relations for resources Resource Type | Supported Relations ----------------------------|-------------------------- Dashboards | `viewer`, `editor` Integration Accounts | `viewer`, `editor` Integration Services | `viewer`, `editor` Integration Webhooks | `viewer`, `editor` Notebooks | `viewer`, `editor` Powerpacks | `viewer`, `editor` Security Rules | `viewer`, `editor` Service Level Objectives | `viewer`, `editor` Synthetic Global Variables | `viewer`, `editor` Synthetic Tests | `viewer`, `editor` Synthetic Private Locations | `viewer`, `editor` Monitors | `viewer`, `editor` Reference Tables | `viewer`, `editor` Workflows | `viewer`, `runner`, `editor` App Builder Apps | `viewer`, `editor` Connections | `viewer`, `resolver`, `editor` Connection Groups | `viewer`, `editor` RUM Application | `viewer`, `editor`' operationId: UpdateRestrictionPolicy parameters: - $ref: '#/components/parameters/ResourceID' - description: Allows admins (users with the `user_access_manage` permission) to remove their own access from the resource if set to `true`. By default, this is set to `false`, preventing admins from locking themselves out. in: query name: allow_self_lockout required: false schema: type: boolean requestBody: content: application/json: schema: $ref: '#/components/schemas/RestrictionPolicyUpdateRequest' description: Restriction policy payload required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RestrictionPolicyResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Update a restriction policy tags: - Restriction Policies x-codegen-request-body-name: body x-permission: operator: OPEN permissions: [] /api/v2/roles: get: description: Returns all roles, including their names and their unique identifiers. operationId: ListRoles parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - description: 'Sort roles depending on the given field. Sort order is **ascending** by default. Sort order is **descending** if the field is prefixed by a negative sign, for example: `sort=-name`.' in: query name: sort required: false schema: $ref: '#/components/schemas/RolesSort' - description: Filter all roles by the given string. in: query name: filter required: false schema: type: string - description: Filter all roles by the given list of role IDs. in: query name: filter[id] required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/RolesResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: List roles tags: - Roles x-permission: operator: OR permissions: - user_access_read post: description: Create a new role for your organization. operationId: CreateRole requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleCreateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RoleCreateResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Create role tags: - Roles x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_access_manage /api/v2/roles/{role_id}: delete: description: Disables a role. operationId: DeleteRole parameters: - $ref: '#/components/parameters/RoleID' responses: '204': description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Delete role tags: - Roles x-codegen-request-body-name: body get: description: "Get a role in the organization specified by the role\u2019s `role_id`." operationId: GetRole parameters: - $ref: '#/components/parameters/RoleID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/RoleResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: Get a role tags: - Roles x-codegen-request-body-name: body patch: description: Edit a role. Can only be used with application keys belonging to administrators. operationId: UpdateRole parameters: - $ref: '#/components/parameters/RoleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RoleUpdateResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '422': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unprocessable Entity '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Update a role tags: - Roles x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_access_manage /api/v2/roles/{role_id}/clone: post: description: Clone an existing role operationId: CloneRole parameters: - $ref: '#/components/parameters/RoleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleCloneRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RoleResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '409': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Conflict '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Create a new role by cloning an existing role tags: - Roles x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_access_manage /api/v2/roles/{role_id}/permissions: delete: description: Removes a permission from a role. operationId: RemovePermissionFromRole parameters: - $ref: '#/components/parameters/RoleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RelationshipToPermission' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/PermissionsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Revoke permission tags: - Roles x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_access_manage get: description: Returns a list of all permissions for a single role. operationId: ListRolePermissions parameters: - $ref: '#/components/parameters/RoleID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/PermissionsResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: List permissions for a role tags: - Roles x-codegen-request-body-name: body post: description: Adds a permission to a role. operationId: AddPermissionToRole parameters: - $ref: '#/components/parameters/RoleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RelationshipToPermission' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/PermissionsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Grant permission to a role tags: - Roles x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_access_manage /api/v2/roles/{role_id}/users: delete: description: Removes a user from a role. operationId: RemoveUserFromRole parameters: - $ref: '#/components/parameters/RoleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RelationshipToUser' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/UsersResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Remove a user from a role tags: - Roles x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_access_manage get: description: Gets all users of a role. operationId: ListRoleUsers parameters: - $ref: '#/components/parameters/RoleID' - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - description: 'User attribute to order results by. Sort order is **ascending** by default. Sort order is **descending** if the field is prefixed by a negative sign, for example `sort=-name`. Options: `name`, `email`, `status`.' in: query name: sort required: false schema: default: name type: string - description: Filter all users by the given string. Defaults to no filtering. in: query name: filter required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/UsersResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: Get all users of a role tags: - Roles post: description: Adds a user to a role. operationId: AddUserToRole parameters: - $ref: '#/components/parameters/RoleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/RelationshipToUser' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/UsersResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Add a user to a role tags: - Roles x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_access_manage /api/v2/rum/analytics/aggregate: post: description: The API endpoint to aggregate RUM events into buckets of computed metrics and timeseries. operationId: AggregateRUMEvents requestBody: content: application/json: schema: $ref: '#/components/schemas/RUMAggregateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RUMAnalyticsAggregateResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Aggregate RUM events tags: - RUM x-codegen-request-body-name: body x-permission: operator: OPEN permissions: [] /api/v2/rum/applications: get: description: List all the RUM applications in your organization. operationId: GetRUMApplications responses: '200': content: application/json: schema: $ref: '#/components/schemas/RUMApplicationsResponse' description: OK '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List all the RUM applications tags: - RUM x-permission: operator: OR permissions: - rum_apps_read post: description: Create a new RUM application in your organization. operationId: CreateRUMApplication requestBody: content: application/json: schema: $ref: '#/components/schemas/RUMApplicationCreateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RUMApplicationResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a new RUM application tags: - RUM x-codegen-request-body-name: body x-permission: operator: OR permissions: - rum_apps_write /api/v2/rum/applications/{app_id}/relationships/retention_filters: patch: description: 'Order RUM retention filters for a RUM application. Returns RUM retention filter objects without attributes from the request body when the request is successful.' operationId: OrderRetentionFilters parameters: - $ref: '#/components/parameters/RumApplicationIDParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/RumRetentionFiltersOrderRequest' description: New definition of the RUM retention filter. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RumRetentionFiltersOrderResponse' description: Ordered '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Order RUM retention filters tags: - Rum Retention Filters x-codegen-request-body-name: body /api/v2/rum/applications/{app_id}/retention_filters: get: description: Get the list of RUM retention filters for a RUM application. operationId: ListRetentionFilters parameters: - $ref: '#/components/parameters/RumApplicationIDParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/RumRetentionFiltersResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all RUM retention filters tags: - Rum Retention Filters post: description: 'Create a RUM retention filter for a RUM application. Returns RUM retention filter objects from the request body when the request is successful.' operationId: CreateRetentionFilter parameters: - $ref: '#/components/parameters/RumApplicationIDParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/RumRetentionFilterCreateRequest' description: The definition of the new RUM retention filter. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/RumRetentionFilterResponse' description: Created '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a RUM retention filter tags: - Rum Retention Filters x-codegen-request-body-name: body /api/v2/rum/applications/{app_id}/retention_filters/{rf_id}: delete: description: Delete a RUM retention filter for a RUM application. operationId: DeleteRetentionFilter parameters: - $ref: '#/components/parameters/RumApplicationIDParameter' - $ref: '#/components/parameters/RumRetentionFilterIDParameter' responses: '204': description: No Content '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a RUM retention filter tags: - Rum Retention Filters get: description: Get a RUM retention filter for a RUM application. operationId: GetRetentionFilter parameters: - $ref: '#/components/parameters/RumApplicationIDParameter' - $ref: '#/components/parameters/RumRetentionFilterIDParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/RumRetentionFilterResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a RUM retention filter tags: - Rum Retention Filters patch: description: 'Update a RUM retention filter for a RUM application. Returns RUM retention filter objects from the request body when the request is successful.' operationId: UpdateRetentionFilter parameters: - $ref: '#/components/parameters/RumApplicationIDParameter' - $ref: '#/components/parameters/RumRetentionFilterIDParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/RumRetentionFilterUpdateRequest' description: New definition of the RUM retention filter. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RumRetentionFilterResponse' description: Updated '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a RUM retention filter tags: - Rum Retention Filters x-codegen-request-body-name: body /api/v2/rum/applications/{id}: delete: description: Delete an existing RUM application in your organization. operationId: DeleteRUMApplication parameters: - description: RUM application ID. in: path name: id required: true schema: type: string responses: '204': description: No Content '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a RUM application tags: - RUM x-permission: operator: OR permissions: - rum_apps_write get: description: Get the RUM application with given ID in your organization. operationId: GetRUMApplication parameters: - description: RUM application ID. in: path name: id required: true schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/RUMApplicationResponse' description: OK '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a RUM application tags: - RUM x-permission: operator: OR permissions: - rum_apps_read patch: description: Update the RUM application with given ID in your organization. operationId: UpdateRUMApplication parameters: - description: RUM application ID. in: path name: id required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/RUMApplicationUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RUMApplicationResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '404': $ref: '#/components/responses/NotFoundResponse' '422': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unprocessable Entity. '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a RUM application tags: - RUM x-codegen-request-body-name: body x-permission: operator: OR permissions: - rum_apps_write /api/v2/rum/config/metrics: get: description: Get the list of configured rum-based metrics with their definitions. operationId: ListRumMetrics responses: '200': content: application/json: schema: $ref: '#/components/schemas/RumMetricsResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all rum-based metrics tags: - Rum Metrics post: description: 'Create a metric based on your organization''s RUM data. Returns the rum-based metric object from the request body when the request is successful.' operationId: CreateRumMetric requestBody: content: application/json: schema: $ref: '#/components/schemas/RumMetricCreateRequest' description: The definition of the new rum-based metric. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/RumMetricResponse' description: Created '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a rum-based metric tags: - Rum Metrics x-codegen-request-body-name: body /api/v2/rum/config/metrics/{metric_id}: delete: description: Delete a specific rum-based metric from your organization. operationId: DeleteRumMetric parameters: - $ref: '#/components/parameters/RumMetricIDParameter' responses: '204': description: No Content '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a rum-based metric tags: - Rum Metrics get: description: Get a specific rum-based metric from your organization. operationId: GetRumMetric parameters: - $ref: '#/components/parameters/RumMetricIDParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/RumMetricResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a rum-based metric tags: - Rum Metrics patch: description: 'Update a specific rum-based metric from your organization. Returns the rum-based metric object from the request body when the request is successful.' operationId: UpdateRumMetric parameters: - $ref: '#/components/parameters/RumMetricIDParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/RumMetricUpdateRequest' description: New definition of the rum-based metric. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RumMetricResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a rum-based metric tags: - Rum Metrics x-codegen-request-body-name: body /api/v2/rum/events: get: description: 'List endpoint returns events that match a RUM search query. [Results are paginated][1]. Use this endpoint to see your latest RUM events. [1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination' operationId: ListRUMEvents parameters: - description: Search query following RUM syntax. example: '@type:session @application_id:xxxx' in: query name: filter[query] required: false schema: type: string - description: Minimum timestamp for requested events. example: '2019-01-02T09:42:36.320Z' in: query name: filter[from] required: false schema: format: date-time type: string - description: Maximum timestamp for requested events. example: '2019-01-03T09:42:36.320Z' in: query name: filter[to] required: false schema: format: date-time type: string - description: Order of events in results. in: query name: sort required: false schema: $ref: '#/components/schemas/RUMSort' - description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== in: query name: page[cursor] required: false schema: type: string - description: Maximum number of events in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/RUMEventsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get a list of RUM events tags: - RUM x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data x-permission: operator: OPEN permissions: [] /api/v2/rum/events/search: post: description: 'List endpoint returns RUM events that match a RUM search query. [Results are paginated][1]. Use this endpoint to build complex RUM events filtering and search. [1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination' operationId: SearchRUMEvents requestBody: content: application/json: schema: $ref: '#/components/schemas/RUMSearchEventsRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/RUMEventsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Search RUM events tags: - RUM x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data x-permission: operator: OPEN permissions: [] /api/v2/saml_configurations/idp_metadata: post: description: 'Endpoint for uploading IdP metadata for SAML setup. Use this endpoint to upload or replace IdP metadata for SAML login configuration.' operationId: UploadIdPMetadata requestBody: content: multipart/form-data: schema: $ref: '#/components/schemas/IdPMetadataFormData' required: true responses: '200': description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Upload IdP metadata tags: - Organizations x-codegen-request-body-name: body x-permission: operator: OR permissions: - org_management /api/v2/scorecard/outcomes: get: description: Fetches all rule outcomes. operationId: ListScorecardOutcomes parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageOffset' - description: Include related rule details in the response. in: query name: include required: false schema: example: rule type: string - description: Return only specified values in the outcome attributes. in: query name: fields[outcome] required: false schema: example: state, service_name type: string - description: Return only specified values in the included rule details. in: query name: fields[rule] required: false schema: example: name type: string - description: Filter the outcomes on a specific service name. in: query name: filter[outcome][service_name] required: false schema: example: web-store type: string - description: Filter the outcomes by a specific state. in: query name: filter[outcome][state] required: false schema: example: fail type: string - description: Filter outcomes on whether a rule is enabled/disabled. in: query name: filter[rule][enabled] required: false schema: example: true type: boolean - description: Filter outcomes based on rule ID. in: query name: filter[rule][id] required: false schema: example: f4485c79-0762-449c-96cf-c31e54a659f6 type: string - description: Filter outcomes based on rule name. in: query name: filter[rule][name] required: false schema: example: SLOs Defined type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/OutcomesResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_read summary: List all rule outcomes tags: - Service Scorecards x-pagination: limitParam: page[size] pageOffsetParam: page[offset] resultsPath: data x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/scorecard/outcomes/batch: post: description: Sets multiple service-rule outcomes in a single batched request. operationId: CreateScorecardOutcomesBatch requestBody: content: application/json: schema: $ref: '#/components/schemas/OutcomesBatchRequest' description: Set of scorecard outcomes. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/OutcomesBatchResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Create outcomes batch tags: - Service Scorecards x-codegen-request-body-name: body x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/scorecard/rules: get: description: Fetch all rules. operationId: ListScorecardRules parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageOffset' - description: Include related scorecard details in the response. in: query name: include required: false schema: example: scorecard type: string - description: Filter the rules on a rule ID. in: query name: filter[rule][id] required: false schema: example: 37d2f990-c885-4972-949b-8b798213a166 type: string - description: Filter for enabled rules only. in: query name: filter[rule][enabled] required: false schema: example: true type: boolean - description: Filter for custom rules only. in: query name: filter[rule][custom] required: false schema: example: true type: boolean - description: Filter rules on the rule name. in: query name: filter[rule][name] required: false schema: example: Code Repos Defined type: string - description: Filter rules on the rule description. in: query name: filter[rule][description] required: false schema: example: Identifying type: string - description: Return only specific fields in the response for rule attributes. in: query name: fields[rule] required: false schema: example: name, description type: string - description: Return only specific fields in the included response for scorecard attributes. in: query name: fields[scorecard] required: false schema: example: name type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListRulesResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_read summary: List all rules tags: - Service Scorecards x-pagination: limitParam: page[size] pageOffsetParam: page[offset] resultsPath: data x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' post: description: Creates a new rule. operationId: CreateScorecardRule requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateRuleRequest' description: Rule attributes. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/CreateRuleResponse' description: Created '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Create a new rule tags: - Service Scorecards x-codegen-request-body-name: body x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/scorecard/rules/{rule_id}: delete: description: Deletes a single rule. operationId: DeleteScorecardRule parameters: - $ref: '#/components/parameters/RuleId' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Delete a rule tags: - Service Scorecards x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' put: description: Updates an existing rule. operationId: UpdateScorecardRule parameters: - $ref: '#/components/parameters/RuleId' requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateRuleRequest' description: Rule attributes. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/UpdateRuleResponse' description: Rule updated successfully '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Update an existing rule tags: - Service Scorecards x-codegen-request-body-name: body x-unstable: '**Note**: This endpoint is in public beta. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/security/assets: get: description: 'Get a list of vulnerable assets. ### Pagination Please review the [Pagination section for the "List Vulnerabilities"](#pagination) endpoint. ### Filtering Please review the [Filtering section for the "List Vulnerabilities"](#filtering) endpoint. ### Metadata Please review the [Metadata section for the "List Vulnerabilities"](#metadata) endpoint. ' operationId: ListVulnerableAssets parameters: - description: Its value must come from the `links` section of the response of the first request. Do not manually edit it. example: b82cef018aab81ed1d4bb4xb35xxfc065da7efa685fbcecdbd338f3015e3afabbbfa3a911b4984_721ee28a-zecb-4e45-9960-c42065b574f4 in: query name: page[token] required: false schema: type: string - description: The page number to be retrieved. It should be equal or greater than `1` example: 1 in: query name: page[number] required: false schema: format: int64 minimum: 1 type: integer - description: Filter by name. example: datadog-agent in: query name: filter[name] required: false schema: type: string - description: Filter by type. example: Host in: query name: filter[type] required: false schema: $ref: '#/components/schemas/AssetType' - description: Filter by the first version of the asset since it has been vulnerable. example: v1.15.1 in: query name: filter[version.first] required: false schema: type: string - description: Filter by the last detected version of the asset. example: v1.15.1 in: query name: filter[version.last] required: false schema: type: string - description: Filter by the repository url associated to the asset. example: github.com/DataDog/datadog-agent.git in: query name: filter[repository_url] required: false schema: type: string - description: Filter whether the asset is in production or not. example: false in: query name: filter[risks.in_production] required: false schema: type: boolean - description: Filter whether the asset (Service) is under attack or not. example: false in: query name: filter[risks.under_attack] required: false schema: type: boolean - description: Filter whether the asset (Host) is publicly accessible or not. example: false in: query name: filter[risks.is_publicly_accessible] required: false schema: type: boolean - description: Filter whether the asset (Host) has privileged access or not. example: false in: query name: filter[risks.has_privileged_access] required: false schema: type: boolean - description: Filter whether the asset (Host) has access to sensitive data or not. example: false in: query name: filter[risks.has_access_to_sensitive_data] required: false schema: type: boolean - description: Filter by environment. example: staging in: query name: filter[environments] required: false schema: type: string - description: Filter by architecture. example: arm64 in: query name: filter[arch] required: false schema: type: string - description: Filter by operating system name. example: ubuntu in: query name: filter[operating_system.name] required: false schema: type: string - description: Filter by operating system version. example: '24.04' in: query name: filter[operating_system.version] required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListVulnerableAssetsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: 'Bad request: The server cannot process the request due to invalid syntax in the request.' '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: 'Forbidden: Access denied' '404': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: 'Not found: There is no request associated with the provided token.' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - appsec_vm_read summary: List vulnerable assets tags: - Security Monitoring x-unstable: '**Note**: This endpoint is a private preview. If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).' /api/v2/security/cloud_workload/policy/download: get: description: 'The download endpoint generates a Workload Protection policy file from your currently active Workload Protection agent rules, and downloads them as a `.policy` file. This file can then be deployed to your agents to update the policy running in your environment. **Note**: This endpoint should only be used for the Government (US1-FED) site.' operationId: DownloadCloudWorkloadPolicyFile responses: '200': content: application/yaml: schema: format: binary type: string description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Download the Workload Protection policy (US1-FED) tags: - CSM Threats x-permission: operator: OR permissions: - security_monitoring_cws_agent_rules_read /api/v2/security/sboms/{asset_type}: get: description: 'Get a single SBOM related to an asset by its type and name. ' operationId: GetSBOM parameters: - description: The type of the asset for the SBOM request. example: Repository in: path name: asset_type required: true schema: $ref: '#/components/schemas/AssetType' - description: The name of the asset for the SBOM request. example: github.com/datadog/datadog-agent in: query name: filter[asset_name] required: true schema: type: string - description: The container image `repo_digest` for the SBOM request. When the requested asset type is 'Image', this filter is mandatory. example: sha256:0ae7da091191787229d321e3638e39c319a97d6e20f927d465b519d699215bf7 in: query name: filter[repo_digest] required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/GetSBOMResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: 'Bad request: The server cannot process the request due to invalid syntax in the request.' '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: 'Forbidden: Access denied' '404': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: 'Not found: asset not found' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - appsec_vm_read summary: Get SBOM tags: - Security Monitoring x-unstable: '**Note**: This endpoint is a private preview. If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).' /api/v2/security/signals/notification_rules: get: description: Returns the list of notification rules for security signals. operationId: GetSignalNotificationRules responses: '200': $ref: '#/components/responses/NotificationRulesList' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_notification_profiles_read summary: Get the list of signal-based notification rules tags: - Security Monitoring x-permission: operator: OR permissions: - security_monitoring_notification_profiles_read post: description: Create a new notification rule for security signals and return the created rule. operationId: CreateSignalNotificationRule requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateNotificationRuleParameters' description: 'The body of the create notification rule request is composed of the rule type and the rule attributes: the rule name, the selectors, the notification targets, and the rule enabled status. ' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/NotificationRuleResponse' description: Successfully created the notification rule. '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_notification_profiles_write summary: Create a new signal-based notification rule tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_notification_profiles_write /api/v2/security/signals/notification_rules/{id}: delete: description: Delete a notification rule for security signals. operationId: DeleteSignalNotificationRule parameters: - description: ID of the notification rule. in: path name: id required: true schema: type: string responses: '204': description: Rule successfully deleted. '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_notification_profiles_write summary: Delete a signal-based notification rule tags: - Security Monitoring x-permission: operator: OR permissions: - security_monitoring_notification_profiles_write get: description: Get the details of a notification rule for security signals. operationId: GetSignalNotificationRule parameters: - description: ID of the notification rule. in: path name: id required: true schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationRuleResponse' description: Notification rule details. '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_notification_profiles_read summary: Get details of a signal-based notification rule tags: - Security Monitoring x-permission: operator: OR permissions: - security_monitoring_notification_profiles_read patch: description: Partially update the notification rule. All fields are optional; if a field is not provided, it is not updated. operationId: PatchSignalNotificationRule parameters: - description: ID of the notification rule. in: path name: id required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchNotificationRuleParameters' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationRuleResponse' description: Notification rule successfully patched. '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '422': $ref: '#/components/responses/UnprocessableEntityResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_notification_profiles_write summary: Patch a signal-based notification rule tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_notification_profiles_write /api/v2/security/vulnerabilities: get: description: "Get a list of vulnerabilities.\n\n### Pagination\n\nPagination is enabled by default in both `vulnerabilities` and `assets`. The size of the page varies depending on the endpoint and cannot be modified. To automate the request of the next page, you can use the links section in the response.\n\nThis endpoint will return paginated responses. The pages are stored in the links section of the response:\n\n```JSON\n{\n \"data\": [...],\n \"meta\": {...},\n \ \"links\": {\n \"self\": \"https://.../api/v2/security/vulnerabilities\",\n \ \"first\": \"https://.../api/v2/security/vulnerabilities?page[number]=1&page[token]=abc\",\n \ \"last\": \"https://.../api/v2/security/vulnerabilities?page[number]=43&page[token]=abc\",\n \ \"next\": \"https://.../api/v2/security/vulnerabilities?page[number]=2&page[token]=abc\"\n \ }\n}\n```\n\n\n- `links.previous` is empty if the first page is requested.\n- `links.next` is empty if the last page is requested.\n\n#### Token\n\nVulnerabilities can be created, updated or deleted at any point in time.\n\nUpon the first request, a token is created to ensure consistency across subsequent paginated requests.\n\nA token is valid only for 24 hours.\n\n#### First request\n\nWe consider a request to be the first request when there is no `page[token]` parameter.\n\nThe response of this first request contains the newly created token in the `links` section.\n\nThis token can then be used in the subsequent paginated requests.\n\n#### Subsequent requests\n\nAny request containing valid `page[token]` and `page[number]` parameters will be considered a subsequent request.\n\nIf the `token` is invalid, a `404` response will be returned.\n\nIf the page `number` is invalid, a `400` response will be returned.\n\n### Filtering\n\nThe request can include some filter parameters to filter the data to be retrieved. The format of the filter parameters follows the [JSON:API format](https://jsonapi.org/format/#fetching-filtering): `filter[$prop_name]`, where `prop_name` is the property name in the entity being filtered by.\n\nAll filters can include multiple values, where data will be filtered with an OR clause: `filter[title]=Title1,Title2` will filter all vulnerabilities where title is equal to `Title1` OR `Title2`.\n\nString filters are case sensitive.\n\nBoolean filters accept `true` or `false` as values.\n\nNumber filters must include an operator as a second filter input: `filter[$prop_name][$operator]`. For example, for the vulnerabilities endpoint: `filter[cvss.base.score][lte]=8`.\n\nAvailable operators are: `eq` (==), `lt` (<), `lte` (<=), `gt` (>) and `gte` (>=).\n\n### Metadata\n\nFollowing [JSON:API format](https://jsonapi.org/format/#document-meta), object including non-standard meta-information.\n\nThis endpoint includes the meta member in the response. For more details on each of the properties included in this section, check the endpoints response tables.\n\n```JSON\n{\n \"data\": [...],\n \"meta\": {\n \"total\": 1500,\n \"count\": 18732,\n \"token\": \"some_token\"\n \ },\n \"links\": {...}\n}\n```\n" operationId: ListVulnerabilities parameters: - description: Its value must come from the `links` section of the response of the first request. Do not manually edit it. example: b82cef018aab81ed1d4bb4xb35xxfc065da7efa685fbcecdbd338f3015e3afabbbfa3a911b4984_721ee28a-zecb-4e45-9960-c42065b574f4 in: query name: page[token] required: false schema: type: string - description: The page number to be retrieved. It should be equal or greater than `1` example: 1 in: query name: page[number] required: false schema: format: int64 minimum: 1 type: integer - description: Filter by vulnerability type. example: WeakCipher in: query name: filter[type] required: false schema: $ref: '#/components/schemas/VulnerabilityType' - description: Filter by vulnerability base (i.e. from the original advisory) severity score. example: 5.5 in: query name: filter[cvss.base.score][`$op`] required: false schema: format: double maximum: 10 minimum: 0 type: number - description: Filter by vulnerability base severity. example: Medium in: query name: filter[cvss.base.severity] required: false schema: $ref: '#/components/schemas/VulnerabilitySeverity' - description: Filter by vulnerability base CVSS vector. example: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H in: query name: filter[cvss.base.vector] required: false schema: type: string - description: Filter by vulnerability Datadog severity score. example: 4.3 in: query name: filter[cvss.datadog.score][`$op`] required: false schema: format: double maximum: 10 minimum: 0 type: number - description: Filter by vulnerability Datadog severity. example: Medium in: query name: filter[cvss.datadog.severity] required: false schema: $ref: '#/components/schemas/VulnerabilitySeverity' - description: Filter by vulnerability Datadog CVSS vector. example: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:L/MAC:H/MPR:L/MUI:N/MS:U/MC:N/MI:N/MA:H in: query name: filter[cvss.datadog.vector] required: false schema: type: string - description: Filter by the status of the vulnerability. example: Open in: query name: filter[status] required: false schema: $ref: '#/components/schemas/VulnerabilityStatus' - description: Filter by the tool of the vulnerability. example: SCA in: query name: filter[tool] required: false schema: $ref: '#/components/schemas/VulnerabilityTool' - description: Filter by library name. example: linux-aws-5.15 in: query name: filter[library.name] required: false schema: type: string - description: Filter by library version. example: 5.15.0 in: query name: filter[library.version] required: false schema: type: string - description: Filter by advisory ID. example: TRIVY-CVE-2023-0615 in: query name: filter[advisory_id] required: false schema: type: string - description: Filter by exploitation probability. example: false in: query name: filter[risks.exploitation_probability] required: false schema: type: boolean - description: Filter by POC exploit availability. example: false in: query name: filter[risks.poc_exploit_available] required: false schema: type: boolean - description: Filter by public exploit availability. example: false in: query name: filter[risks.exploit_available] required: false schema: type: boolean - description: Filter by vulnerability [EPSS](https://www.first.org/epss/) severity score. example: 0.00042 in: query name: filter[risks.epss.score][`$op`] required: false schema: format: double maximum: 1 minimum: 0 type: number - description: Filter by vulnerability [EPSS](https://www.first.org/epss/) severity. example: Low in: query name: filter[risks.epss.severity] required: false schema: $ref: '#/components/schemas/VulnerabilitySeverity' - description: Filter by language. example: ubuntu in: query name: filter[language] required: false schema: type: string - description: Filter by ecosystem. example: Deb in: query name: filter[ecosystem] required: false schema: $ref: '#/components/schemas/VulnerabilityEcosystem' - description: Filter by vulnerability location. example: com.example.Class:100 in: query name: filter[code_location.location] required: false schema: type: string - description: Filter by vulnerability file path. example: src/Class.java:100 in: query name: filter[code_location.file_path] required: false schema: type: string - description: Filter by method. example: FooBar in: query name: filter[code_location.method] required: false schema: type: string - description: Filter by fix availability. example: false in: query name: filter[fix_available] required: false schema: type: boolean - description: Filter by vulnerability `repo_digest` (when the vulnerability is related to `Image` asset). example: sha256:0ae7da091191787229d321e3638e39c319a97d6e20f927d465b519d699215bf7 in: query name: filter[repo_digests] required: false schema: type: string - description: Filter by asset name. example: datadog-agent in: query name: filter[asset.name] required: false schema: type: string - description: Filter by asset type. example: Host in: query name: filter[asset.type] required: false schema: $ref: '#/components/schemas/AssetType' - description: Filter by the first version of the asset this vulnerability has been detected on. example: v1.15.1 in: query name: filter[asset.version.first] required: false schema: type: string - description: Filter by the last version of the asset this vulnerability has been detected on. example: v1.15.1 in: query name: filter[asset.version.last] required: false schema: type: string - description: Filter by the repository url associated to the asset. example: github.com/DataDog/datadog-agent.git in: query name: filter[asset.repository_url] required: false schema: type: string - description: Filter whether the asset is in production or not. example: false in: query name: filter[asset.risks.in_production] required: false schema: type: boolean - description: Filter whether the asset is under attack or not. example: false in: query name: filter[asset.risks.under_attack] required: false schema: type: boolean - description: Filter whether the asset is publicly accessible or not. example: false in: query name: filter[asset.risks.is_publicly_accessible] required: false schema: type: boolean - description: Filter whether the asset is publicly accessible or not. example: false in: query name: filter[asset.risks.has_privileged_access] required: false schema: type: boolean - description: Filter whether the asset has access to sensitive data or not. example: false in: query name: filter[asset.risks.has_access_to_sensitive_data] required: false schema: type: boolean - description: Filter by asset environments. example: staging in: query name: filter[asset.environments] required: false schema: type: string - description: Filter by asset architecture. example: arm64 in: query name: filter[asset.arch] required: false schema: type: string - description: Filter by asset operating system name. example: ubuntu in: query name: filter[asset.operating_system.name] required: false schema: type: string - description: Filter by asset operating system version. example: '24.04' in: query name: filter[asset.operating_system.version] required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListVulnerabilitiesResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: 'Bad request: The server cannot process the request due to invalid syntax in the request.' '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: 'Forbidden: Access denied' '404': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: 'Not found: There is no request associated with the provided token.' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - appsec_vm_read summary: List vulnerabilities tags: - Security Monitoring x-unstable: '**Note**: This endpoint is a private preview. If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).' /api/v2/security/vulnerabilities/notification_rules: get: description: Returns the list of notification rules for security vulnerabilities. operationId: GetVulnerabilityNotificationRules responses: '200': $ref: '#/components/responses/NotificationRulesList' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_notification_profiles_read summary: Get the list of vulnerability notification rules tags: - Security Monitoring x-permission: operator: OR permissions: - security_monitoring_notification_profiles_read post: description: Create a new notification rule for security vulnerabilities and return the created rule. operationId: CreateVulnerabilityNotificationRule requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateNotificationRuleParameters' description: 'The body of the create notification rule request is composed of the rule type and the rule attributes: the rule name, the selectors, the notification targets, and the rule enabled status. ' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/NotificationRuleResponse' description: Successfully created the notification rule. '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_notification_profiles_write summary: Create a new vulnerability-based notification rule tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_notification_profiles_write /api/v2/security/vulnerabilities/notification_rules/{id}: delete: description: Delete a notification rule for security vulnerabilities. operationId: DeleteVulnerabilityNotificationRule parameters: - description: ID of the notification rule. in: path name: id required: true schema: type: string responses: '204': description: Rule successfully deleted. '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_notification_profiles_write summary: Delete a vulnerability-based notification rule tags: - Security Monitoring x-permission: operator: OR permissions: - security_monitoring_notification_profiles_write get: description: Get the details of a notification rule for security vulnerabilities. operationId: GetVulnerabilityNotificationRule parameters: - description: ID of the notification rule. in: path name: id required: true schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationRuleResponse' description: Notification rule details. '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_notification_profiles_read summary: Get details of a vulnerability notification rule tags: - Security Monitoring x-permission: operator: OR permissions: - security_monitoring_notification_profiles_read patch: description: Partially update the notification rule. All fields are optional; if a field is not provided, it is not updated. operationId: PatchVulnerabilityNotificationRule parameters: - description: ID of the notification rule. in: path name: id required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/PatchNotificationRuleParameters' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/NotificationRuleResponse' description: Notification rule successfully patched. '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '422': $ref: '#/components/responses/UnprocessableEntityResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_notification_profiles_write summary: Patch a vulnerability-based notification rule tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_notification_profiles_write /api/v2/security_monitoring/cloud_workload_security/agent_rules: get: description: 'Get the list of agent rules. **Note**: This endpoint should only be used for the Government (US1-FED) site.' operationId: ListCloudWorkloadSecurityAgentRules responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRulesListResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get all Workload Protection agent rules (US1-FED) tags: - CSM Threats x-permission: operator: OR permissions: - security_monitoring_cws_agent_rules_read post: description: 'Create a new agent rule with the given parameters. **Note**: This endpoint should only be used for the Government (US1-FED) site.' operationId: CreateCloudWorkloadSecurityAgentRule requestBody: content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreateRequest' description: The definition of the new agent rule required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a Workload Protection agent rule (US1-FED) tags: - CSM Threats x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_cws_agent_rules_write /api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}: delete: description: 'Delete a specific agent rule. **Note**: This endpoint should only be used for the Government (US1-FED) site.' operationId: DeleteCloudWorkloadSecurityAgentRule parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' responses: '204': description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete a Workload Protection agent rule (US1-FED) tags: - CSM Threats x-permission: operator: OR permissions: - security_monitoring_cws_agent_rules_write get: description: 'Get the details of a specific agent rule. **Note**: This endpoint should only be used for the Government (US1-FED) site.' operationId: GetCloudWorkloadSecurityAgentRule parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a Workload Protection agent rule (US1-FED) tags: - CSM Threats x-permission: operator: OR permissions: - security_monitoring_cws_agent_rules_read patch: description: 'Update a specific agent rule. Returns the agent rule object when the request is successful. **Note**: This endpoint should only be used for the Government (US1-FED) site.' operationId: UpdateCloudWorkloadSecurityAgentRule parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateRequest' description: New definition of the agent rule required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConcurrentModificationResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update a Workload Protection agent rule (US1-FED) tags: - CSM Threats x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_cws_agent_rules_write /api/v2/security_monitoring/configuration/security_filters: get: description: Get the list of configured security filters with their definitions. operationId: ListSecurityFilters responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityFiltersResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_read summary: Get all security filters tags: - Security Monitoring x-permission: operator: OR permissions: - security_monitoring_filters_read post: description: 'Create a security filter. See the [security filter guide](https://docs.datadoghq.com/security_platform/guide/how-to-setup-security-filters-using-security-monitoring-api/) for more examples.' operationId: CreateSecurityFilter requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityFilterCreateRequest' description: The definition of the new security filter. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityFilterResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_write summary: Create a security filter tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_filters_write /api/v2/security_monitoring/configuration/security_filters/{security_filter_id}: delete: description: Delete a specific security filter. operationId: DeleteSecurityFilter parameters: - $ref: '#/components/parameters/SecurityFilterID' responses: '204': description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_write summary: Delete a security filter tags: - Security Monitoring x-permission: operator: OR permissions: - security_monitoring_filters_write get: description: 'Get the details of a specific security filter. See the [security filter guide](https://docs.datadoghq.com/security_platform/guide/how-to-setup-security-filters-using-security-monitoring-api/) for more examples.' operationId: GetSecurityFilter parameters: - $ref: '#/components/parameters/SecurityFilterID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityFilterResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_read summary: Get a security filter tags: - Security Monitoring x-permission: operator: OR permissions: - security_monitoring_filters_read patch: description: 'Update a specific security filter. Returns the security filter object when the request is successful.' operationId: UpdateSecurityFilter parameters: - $ref: '#/components/parameters/SecurityFilterID' requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityFilterUpdateRequest' description: New definition of the security filter. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityFilterResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConcurrentModificationResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_filters_write summary: Update a security filter tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_filters_write /api/v2/security_monitoring/configuration/suppressions: get: description: Get the list of all suppression rules. operationId: ListSecurityMonitoringSuppressions responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSuppressionsResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_suppressions_read summary: Get all suppression rules tags: - Security Monitoring post: description: Create a new suppression rule. operationId: CreateSecurityMonitoringSuppression requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSuppressionCreateRequest' description: The definition of the new suppression rule. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSuppressionResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_suppressions_write summary: Create a suppression rule tags: - Security Monitoring x-codegen-request-body-name: body /api/v2/security_monitoring/configuration/suppressions/{suppression_id}: delete: description: Delete a specific suppression rule. operationId: DeleteSecurityMonitoringSuppression parameters: - $ref: '#/components/parameters/SecurityMonitoringSuppressionID' responses: '204': description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_suppressions_write summary: Delete a suppression rule tags: - Security Monitoring get: description: Get the details of a specific suppression rule. operationId: GetSecurityMonitoringSuppression parameters: - $ref: '#/components/parameters/SecurityMonitoringSuppressionID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSuppressionResponse' description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_suppressions_read summary: Get a suppression rule tags: - Security Monitoring patch: description: Update a specific suppression rule. operationId: UpdateSecurityMonitoringSuppression parameters: - $ref: '#/components/parameters/SecurityMonitoringSuppressionID' requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSuppressionUpdateRequest' description: New definition of the suppression rule. Supports partial updates. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSuppressionResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConcurrentModificationResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_suppressions_write summary: Update a suppression rule tags: - Security Monitoring /api/v2/security_monitoring/rules: get: description: List rules. operationId: ListSecurityMonitoringRules parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringListRulesResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read summary: List rules tags: - Security Monitoring x-permission: operator: OR permissions: - security_monitoring_rules_read post: description: Create a detection rule. operationId: CreateSecurityMonitoringRule requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleCreatePayload' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Create a detection rule tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_rules_write /api/v2/security_monitoring/rules/convert: post: description: 'Convert a rule that doesn''t (yet) exist from JSON to Terraform for datadog provider resource datadog_security_monitoring_rule.' operationId: ConvertSecurityMonitoringRuleFromJSONToTerraform requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleConvertPayload' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleConvertResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/ConcurrentModificationResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Convert a rule from JSON to Terraform tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_rules_write /api/v2/security_monitoring/rules/test: post: description: Test a rule. operationId: TestSecurityMonitoringRule requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleTestRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleTestResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/ConcurrentModificationResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Test a rule tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_rules_write /api/v2/security_monitoring/rules/validation: post: description: Validate a detection rule. operationId: ValidateSecurityMonitoringRule requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleValidatePayload' required: true responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Validate a detection rule tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_rules_write /api/v2/security_monitoring/rules/{rule_id}: delete: description: Delete an existing rule. Default rules cannot be deleted. operationId: DeleteSecurityMonitoringRule parameters: - $ref: '#/components/parameters/SecurityMonitoringRuleID' responses: '204': description: OK '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Delete an existing rule tags: - Security Monitoring x-permission: operator: OR permissions: - security_monitoring_rules_write get: description: Get a rule's details. operationId: GetSecurityMonitoringRule parameters: - $ref: '#/components/parameters/SecurityMonitoringRuleID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleResponse' description: OK '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read summary: Get a rule's details tags: - Security Monitoring x-permission: operator: OR permissions: - security_monitoring_rules_read put: description: 'Update an existing rule. When updating `cases`, `queries` or `options`, the whole field must be included. For example, when modifying a query all queries must be included. Default rules can only be updated to be enabled, to change notifications, or to update the tags (default tags cannot be removed).' operationId: UpdateSecurityMonitoringRule parameters: - $ref: '#/components/parameters/SecurityMonitoringRuleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleUpdatePayload' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/ConcurrentModificationResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Update an existing rule tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_rules_write /api/v2/security_monitoring/rules/{rule_id}/convert: get: description: 'Convert an existing rule from JSON to Terraform for datadog provider resource datadog_security_monitoring_rule.' operationId: ConvertExistingSecurityMonitoringRule parameters: - $ref: '#/components/parameters/SecurityMonitoringRuleID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleConvertResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read summary: Convert an existing rule from JSON to Terraform tags: - Security Monitoring x-permission: operator: OR permissions: - security_monitoring_rules_read /api/v2/security_monitoring/rules/{rule_id}/test: post: description: Test an existing rule. operationId: TestExistingSecurityMonitoringRule parameters: - $ref: '#/components/parameters/SecurityMonitoringRuleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleTestRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringRuleTestResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/ConcurrentModificationResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Test an existing rule tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_rules_write /api/v2/security_monitoring/rules/{rule_id}/version_history: get: description: Get a rule's version history. operationId: GetRuleVersionHistory parameters: - $ref: '#/components/parameters/SecurityMonitoringRuleID' - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' responses: '200': content: application/json: schema: $ref: '#/components/schemas/GetRuleVersionHistoryResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get a rule's version history tags: - Security Monitoring x-permission: operator: OR permissions: - security_monitoring_rules_read x-unstable: '**Note**: This endpoint is in beta and may be subject to changes.' /api/v2/security_monitoring/signals: get: description: 'The list endpoint returns security signals that match a search query. Both this endpoint and the POST endpoint can be used interchangeably when listing security signals.' operationId: ListSecurityMonitoringSignals parameters: - description: The search query for security signals. example: security:attack status:high in: query name: filter[query] required: false schema: type: string - description: The minimum timestamp for requested security signals. example: '2019-01-02T09:42:36.320Z' in: query name: filter[from] required: false schema: format: date-time type: string - description: The maximum timestamp for requested security signals. example: '2019-01-03T09:42:36.320Z' in: query name: filter[to] required: false schema: format: date-time type: string - description: The order of the security signals in results. in: query name: sort required: false schema: $ref: '#/components/schemas/SecurityMonitoringSignalsSort' - description: A list of results using the cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== in: query name: page[cursor] required: false schema: type: string - description: The maximum number of security signals in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_signals_read summary: Get a quick list of security signals tags: - Security Monitoring x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data x-permission: operator: OR permissions: - security_monitoring_signals_read /api/v2/security_monitoring/signals/search: post: description: 'Returns security signals that match a search query. Both this endpoint and the GET endpoint can be used interchangeably for listing security signals.' operationId: SearchSecurityMonitoringSignals requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalListRequest' required: false responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_signals_read summary: Get a list of security signals tags: - Security Monitoring x-codegen-request-body-name: body x-pagination: cursorParam: body.page.cursor cursorPath: meta.page.after limitParam: body.page.limit resultsPath: data x-permission: operator: OR permissions: - security_monitoring_signals_read /api/v2/security_monitoring/signals/{signal_id}: get: description: Get a signal's details. operationId: GetSecurityMonitoringSignal parameters: - $ref: '#/components/parameters/SignalID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalResponse' description: OK '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_signals_read summary: Get a signal's details tags: - Security Monitoring x-permission: operator: OR permissions: - security_monitoring_signals_read /api/v2/security_monitoring/signals/{signal_id}/assignee: patch: description: Modify the triage assignee of a security signal. operationId: EditSecurityMonitoringSignalAssignee parameters: - $ref: '#/components/parameters/SignalID' requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalAssigneeUpdateRequest' description: Attributes describing the signal update. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Modify the triage assignee of a security signal tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_signals_write /api/v2/security_monitoring/signals/{signal_id}/incidents: patch: description: Change the related incidents for a security signal. operationId: EditSecurityMonitoringSignalIncidents parameters: - $ref: '#/components/parameters/SignalID' requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalIncidentsUpdateRequest' description: Attributes describing the signal update. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Change the related incidents of a security signal tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_signals_write /api/v2/security_monitoring/signals/{signal_id}/state: patch: description: Change the triage state of a security signal. operationId: EditSecurityMonitoringSignalState parameters: - $ref: '#/components/parameters/SignalID' requestBody: content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalStateUpdateRequest' description: Attributes describing the signal update. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Change the triage state of a security signal tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_signals_write /api/v2/sensitive-data-scanner/config: get: description: List all the Scanning groups in your organization. operationId: ListScanningGroups responses: '200': content: application/json: schema: $ref: '#/components/schemas/SensitiveDataScannerGetConfigResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List Scanning Groups tags: - Sensitive Data Scanner x-permission: operator: OR permissions: - data_scanner_read patch: description: Reorder the list of groups. operationId: ReorderScanningGroups requestBody: content: application/json: schema: $ref: '#/components/schemas/SensitiveDataScannerConfigRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SensitiveDataScannerReorderGroupsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Reorder Groups tags: - Sensitive Data Scanner x-codegen-request-body-name: body x-permission: operator: OR permissions: - data_scanner_write /api/v2/sensitive-data-scanner/config/groups: post: description: 'Create a scanning group. The request MAY include a configuration relationship. A rules relationship can be omitted entirely, but if it is included it MUST be null or an empty array (rules cannot be created at the same time). The new group will be ordered last within the configuration.' operationId: CreateScanningGroup requestBody: content: application/json: schema: $ref: '#/components/schemas/SensitiveDataScannerGroupCreateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SensitiveDataScannerCreateGroupResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create Scanning Group tags: - Sensitive Data Scanner x-codegen-request-body-name: body x-permission: operator: OR permissions: - data_scanner_write /api/v2/sensitive-data-scanner/config/groups/{group_id}: delete: description: Delete a given group. operationId: DeleteScanningGroup parameters: - $ref: '#/components/parameters/SensitiveDataScannerGroupID' requestBody: content: application/json: schema: $ref: '#/components/schemas/SensitiveDataScannerGroupDeleteRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SensitiveDataScannerGroupDeleteResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete Scanning Group tags: - Sensitive Data Scanner x-codegen-request-body-name: body x-permission: operator: OR permissions: - data_scanner_write patch: description: 'Update a group, including the order of the rules. Rules within the group are reordered by including a rules relationship. If the rules relationship is present, its data section MUST contain linkages for all of the rules currently in the group, and MUST NOT contain any others.' operationId: UpdateScanningGroup parameters: - $ref: '#/components/parameters/SensitiveDataScannerGroupID' requestBody: content: application/json: schema: $ref: '#/components/schemas/SensitiveDataScannerGroupUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SensitiveDataScannerGroupUpdateResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update Scanning Group tags: - Sensitive Data Scanner x-codegen-request-body-name: body x-permission: operator: OR permissions: - data_scanner_write /api/v2/sensitive-data-scanner/config/rules: post: description: 'Create a scanning rule in a sensitive data scanner group, ordered last. The posted rule MUST include a group relationship. It MUST include either a standard_pattern relationship or a regex attribute, but not both. If included_attributes is empty or missing, we will scan all attributes except excluded_attributes. If both are missing, we will scan the whole event.' operationId: CreateScanningRule requestBody: content: application/json: schema: $ref: '#/components/schemas/SensitiveDataScannerRuleCreateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SensitiveDataScannerCreateRuleResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create Scanning Rule tags: - Sensitive Data Scanner x-codegen-request-body-name: body x-permission: operator: OR permissions: - data_scanner_write /api/v2/sensitive-data-scanner/config/rules/{rule_id}: delete: description: Delete a given rule. operationId: DeleteScanningRule parameters: - $ref: '#/components/parameters/SensitiveDataScannerRuleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/SensitiveDataScannerRuleDeleteRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SensitiveDataScannerRuleDeleteResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete Scanning Rule tags: - Sensitive Data Scanner x-codegen-request-body-name: body x-permission: operator: OR permissions: - data_scanner_write patch: description: 'Update a scanning rule. The request body MUST NOT include a standard_pattern relationship, as that relationship is non-editable. Trying to edit the regex attribute of a rule with a standard_pattern relationship will also result in an error.' operationId: UpdateScanningRule parameters: - $ref: '#/components/parameters/SensitiveDataScannerRuleID' requestBody: content: application/json: schema: $ref: '#/components/schemas/SensitiveDataScannerRuleUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SensitiveDataScannerRuleUpdateResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Update Scanning Rule tags: - Sensitive Data Scanner x-codegen-request-body-name: body x-permission: operator: OR permissions: - data_scanner_write /api/v2/sensitive-data-scanner/config/standard-patterns: get: description: Returns all standard patterns. operationId: ListStandardPatterns responses: '200': content: application/json: schema: $ref: '#/components/schemas/SensitiveDataScannerStandardPatternsResponseData' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication Error '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List standard patterns tags: - Sensitive Data Scanner x-permission: operator: OR permissions: - data_scanner_read /api/v2/series: post: description: "The metrics end-point allows you to post time-series data that can be graphed on Datadog\u2019s dashboards.\nThe maximum payload size is 500 kilobytes (512000 bytes). Compressed payloads must have a decompressed size of less than 5 megabytes (5242880 bytes).\n\nIf you\u2019re submitting metrics directly to the Datadog API without using DogStatsD, expect:\n\n- 64 bits for the timestamp\n- 64 bits for the value\n- 20 bytes for the metric names\n- 50 bytes for the timeseries\n- The full payload is approximately 100 bytes.\n\nHost name is one of the resources in the Resources field." operationId: SubmitMetrics parameters: - description: HTTP header used to compress the media-type. in: header name: Content-Encoding required: false schema: $ref: '#/components/schemas/MetricContentEncoding' requestBody: content: application/json: examples: dynamic-points: description: "Post time-series data that can be graphed on Datadog\u2019s dashboards." externalValue: examples/metrics/dynamic-points.json.sh summary: Dynamic Points x-variables: NOW: $(date +%s) schema: $ref: '#/components/schemas/MetricPayload' required: true responses: '202': content: application/json: schema: $ref: '#/components/schemas/IntakePayloadAccepted' description: Payload accepted '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '408': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Request timeout '413': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Payload too large '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] summary: Submit metrics tags: - Metrics x-codegen-request-body-name: body /api/v2/service_accounts: post: description: Create a service account for your organization. operationId: CreateServiceAccount requestBody: content: application/json: schema: $ref: '#/components/schemas/ServiceAccountCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create a service account tags: - Service Accounts x-codegen-request-body-name: body x-permission: operator: OR permissions: - service_account_write /api/v2/service_accounts/{service_account_id}/application_keys: get: description: List all application keys available for this service account. operationId: ListServiceAccountApplicationKeys parameters: - $ref: '#/components/parameters/ServiceAccountID' - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - $ref: '#/components/parameters/ApplicationKeysSortParameter' - $ref: '#/components/parameters/ApplicationKeyFilterParameter' - $ref: '#/components/parameters/ApplicationKeyFilterCreatedAtStartParameter' - $ref: '#/components/parameters/ApplicationKeyFilterCreatedAtEndParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListApplicationKeysResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: List application keys for this service account tags: - Service Accounts x-permission: operator: OR permissions: - service_account_write post: description: Create an application key for this service account. operationId: CreateServiceAccountApplicationKey parameters: - $ref: '#/components/parameters/ServiceAccountID' requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyResponse' description: Created '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Create an application key for this service account tags: - Service Accounts x-codegen-request-body-name: body x-permission: operator: OR permissions: - service_account_write /api/v2/service_accounts/{service_account_id}/application_keys/{app_key_id}: delete: description: Delete an application key owned by this service account. operationId: DeleteServiceAccountApplicationKey parameters: - $ref: '#/components/parameters/ServiceAccountID' - $ref: '#/components/parameters/ApplicationKeyID' responses: '204': description: No Content '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Delete an application key for this service account tags: - Service Accounts x-permission: operator: OR permissions: - service_account_write get: description: Get an application key owned by this service account. operationId: GetServiceAccountApplicationKey parameters: - $ref: '#/components/parameters/ServiceAccountID' - $ref: '#/components/parameters/ApplicationKeyID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/PartialApplicationKeyResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get one application key for this service account tags: - Service Accounts x-permission: operator: OR permissions: - service_account_write patch: description: Edit an application key owned by this service account. operationId: UpdateServiceAccountApplicationKey parameters: - $ref: '#/components/parameters/ServiceAccountID' - $ref: '#/components/parameters/ApplicationKeyID' requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/PartialApplicationKeyResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Edit an application key for this service account tags: - Service Accounts x-codegen-request-body-name: body x-permission: operator: OR permissions: - service_account_write /api/v2/services: get: deprecated: true description: Get all incident services uploaded for the requesting user's organization. If the `include[users]` query parameter is provided, the included attribute will contain the users related to these incident services. operationId: ListIncidentServices parameters: - $ref: '#/components/parameters/IncidentServiceIncludeQueryParameter' - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageOffset' - $ref: '#/components/parameters/IncidentServiceSearchQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentServicesResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of all incident services tags: - Incident Services x-permission: operator: OR permissions: - incident_read x-unstable: '**Note**: This endpoint is deprecated.' post: deprecated: true description: Creates a new incident service. operationId: CreateIncidentService requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentServiceCreateRequest' description: Incident Service Payload. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/IncidentServiceResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Create a new incident service tags: - Incident Services x-codegen-request-body-name: body x-permission: operator: OR permissions: - incident_settings_write x-unstable: '**Note**: This endpoint is deprecated.' /api/v2/services/definitions: get: description: Get a list of all service definitions from the Datadog Service Catalog. operationId: ListServiceDefinitions parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - $ref: '#/components/parameters/SchemaVersion' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ServiceDefinitionsListResponse' description: OK '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_read summary: Get all service definitions tags: - Service Definition x-pagination: limitParam: page[size] pageParam: page[number] resultsPath: data x-permission: operator: OR permissions: - apm_service_catalog_read post: description: Create or update service definition in the Datadog Service Catalog. operationId: CreateOrUpdateServiceDefinitions requestBody: content: application/json: schema: $ref: '#/components/schemas/ServiceDefinitionsCreateRequest' description: Service Definition YAML/JSON. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/ServiceDefinitionCreateResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Create or update service definition tags: - Service Definition x-codegen-request-body-name: body x-permission: operator: OR permissions: - apm_service_catalog_write /api/v2/services/definitions/{service_name}: delete: description: Delete a single service definition in the Datadog Service Catalog. operationId: DeleteServiceDefinition parameters: - $ref: '#/components/parameters/ServiceName' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_write summary: Delete a single service definition tags: - Service Definition x-permission: operator: OR permissions: - apm_service_catalog_write get: description: Get a single service definition from the Datadog Service Catalog. operationId: GetServiceDefinition parameters: - $ref: '#/components/parameters/ServiceName' - $ref: '#/components/parameters/SchemaVersion' responses: '200': content: application/json: schema: $ref: '#/components/schemas/ServiceDefinitionGetResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_service_catalog_read summary: Get a single service definition tags: - Service Definition x-permission: operator: OR permissions: - apm_service_catalog_read /api/v2/services/{service_id}: delete: deprecated: true description: Deletes an existing incident service. operationId: DeleteIncidentService parameters: - $ref: '#/components/parameters/IncidentServiceIDPathParameter' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Delete an existing incident service tags: - Incident Services x-permission: operator: OR permissions: - incident_settings_write x-unstable: '**Note**: This endpoint is deprecated.' get: deprecated: true description: 'Get details of an incident service. If the `include[users]` query parameter is provided, the included attribute will contain the users related to these incident services.' operationId: GetIncidentService parameters: - $ref: '#/components/parameters/IncidentServiceIDPathParameter' - $ref: '#/components/parameters/IncidentServiceIncludeQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentServiceResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get details of an incident service tags: - Incident Services x-permission: operator: OR permissions: - incident_read x-unstable: '**Note**: This endpoint is deprecated.' patch: deprecated: true description: Updates an existing incident service. Only provide the attributes which should be updated as this request is a partial update. operationId: UpdateIncidentService parameters: - $ref: '#/components/parameters/IncidentServiceIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentServiceUpdateRequest' description: Incident Service Payload. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentServiceResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Update an existing incident service tags: - Incident Services x-codegen-request-body-name: body x-permission: operator: OR permissions: - incident_settings_write x-unstable: '**Note**: This endpoint is deprecated.' /api/v2/siem-historical-detections/jobs: get: description: List historical jobs. operationId: ListHistoricalJobs parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - description: The order of the jobs in results. example: status in: query name: sort required: false schema: type: string - description: Query used to filter items from the fetched list. example: security:attack status:high in: query name: filter[query] required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/ListHistoricalJobsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: List historical jobs tags: - Security Monitoring x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' post: description: Run a historical job. operationId: RunHistoricalJob requestBody: content: application/json: schema: $ref: '#/components/schemas/RunHistoricalJobRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/JobCreateResponse' description: Status created '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/ConcurrentModificationResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Run a historical job tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_rules_write x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' /api/v2/siem-historical-detections/jobs/signal_convert: post: description: Convert a job result to a signal. operationId: ConvertJobResultToSignal requestBody: content: application/json: schema: $ref: '#/components/schemas/ConvertJobResultsToSignalsRequest' required: true responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/ConcurrentModificationResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Convert a job result to a signal tags: - Security Monitoring x-codegen-request-body-name: body x-permission: operator: OR permissions: - security_monitoring_signals_write x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' /api/v2/siem-historical-detections/jobs/{job_id}: delete: description: Delete an existing job. operationId: DeleteHistoricalJob parameters: - $ref: '#/components/parameters/HistoricalJobID' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/ConcurrentModificationResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Delete an existing job tags: - Security Monitoring x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' get: description: Get a job's details. operationId: GetHistoricalJob parameters: - $ref: '#/components/parameters/HistoricalJobID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/HistoricalJobResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_read summary: Get a job's details tags: - Security Monitoring x-permission: operator: OR permissions: - security_monitoring_rules_read x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' /api/v2/siem-historical-detections/jobs/{job_id}/cancel: patch: description: Cancel a historical job. operationId: CancelHistoricalJob parameters: - $ref: '#/components/parameters/HistoricalJobID' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/ConcurrentModificationResponse' '403': $ref: '#/components/responses/NotAuthorizedResponse' '404': $ref: '#/components/responses/NotFoundResponse' '409': $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - security_monitoring_rules_write summary: Cancel a historical job tags: - Security Monitoring x-permission: operator: OR permissions: - security_monitoring_rules_write x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' /api/v2/slo/report: post: description: 'Create a job to generate an SLO report. The report job is processed asynchronously and eventually results in a CSV report being available for download. Check the status of the job and download the CSV report using the returned `report_id`.' operationId: CreateSLOReportJob requestBody: content: application/json: schema: $ref: '#/components/schemas/SloReportCreateRequest' description: Create SLO report job request body. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SLOReportPostResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - slos_read summary: Create a new SLO report tags: - Service Level Objectives x-codegen-request-body-name: body x-permission: operator: OR permissions: - slos_read x-unstable: '**Note**: This feature is in private beta. To request access, use the request access form in the [Service Level Objectives](https://docs.datadoghq.com/service_management/service_level_objectives/#slo-csv-export) docs.' /api/v2/slo/report/{report_id}/download: get: description: 'Download an SLO report. This can only be performed after the report job has completed. Reports are not guaranteed to exist indefinitely. Datadog recommends that you download the report as soon as it is available.' operationId: GetSLOReport parameters: - $ref: '#/components/parameters/ReportID' responses: '200': content: text/csv: schema: type: string description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - slos_read summary: Get SLO report tags: - Service Level Objectives x-unstable: '**Note**: This feature is in private beta. To request access, use the request access form in the [Service Level Objectives](https://docs.datadoghq.com/service_management/service_level_objectives/#slo-csv-export) docs.' /api/v2/slo/report/{report_id}/status: get: description: Get the status of the SLO report job. operationId: GetSLOReportJobStatus parameters: - $ref: '#/components/parameters/ReportID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/SLOReportStatusGetResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not Found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - slos_read summary: Get SLO report status tags: - Service Level Objectives x-unstable: '**Note**: This feature is in private beta. To request access, use the request access form in the [Service Level Objectives](https://docs.datadoghq.com/service_management/service_level_objectives/#slo-csv-export) docs.' /api/v2/spans/analytics/aggregate: post: description: 'The API endpoint to aggregate spans into buckets and compute metrics and timeseries. This endpoint is rate limited to `300` requests per hour.' operationId: AggregateSpans requestBody: content: application/json: schema: $ref: '#/components/schemas/SpansAggregateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SpansAggregateResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_read summary: Aggregate spans tags: - Spans x-codegen-request-body-name: body x-permission: operator: OR permissions: - apm_read /api/v2/spans/events: get: description: 'List endpoint returns spans that match a span search query. [Results are paginated][1]. Use this endpoint to see your latest spans. This endpoint is rate limited to `300` requests per hour. [1]: /logs/guide/collect-multiple-logs-with-pagination?tab=v2api' operationId: ListSpansGet parameters: - description: Search query following spans syntax. example: '@datacenter:us @role:db' in: query name: filter[query] required: false schema: type: string - description: Minimum timestamp for requested spans. Supports date-time ISO8601, date math, and regular timestamps (milliseconds). example: '2023-01-02T09:42:36.320Z' in: query name: filter[from] required: false schema: type: string - description: Maximum timestamp for requested spans. Supports date-time ISO8601, date math, and regular timestamps (milliseconds). example: '2023-01-03T09:42:36.320Z' in: query name: filter[to] required: false schema: type: string - description: Order of spans in results. in: query name: sort required: false schema: $ref: '#/components/schemas/SpansSort' - description: List following results with a cursor provided in the previous query. example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== in: query name: page[cursor] required: false schema: type: string - description: Maximum number of spans in the response. example: 25 in: query name: page[limit] required: false schema: default: 10 format: int32 maximum: 1000 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/SpansListResponse' description: OK '400': $ref: '#/components/responses/SpansBadRequestResponse' '403': $ref: '#/components/responses/SpansForbiddenResponse' '422': $ref: '#/components/responses/SpansUnprocessableEntityResponse' '429': $ref: '#/components/responses/SpansTooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_read summary: Get a list of spans tags: - Spans x-pagination: cursorParam: page[cursor] cursorPath: meta.page.after limitParam: page[limit] resultsPath: data /api/v2/spans/events/search: post: description: 'List endpoint returns spans that match a span search query. [Results are paginated][1]. Use this endpoint to build complex spans filtering and search. This endpoint is rate limited to `300` requests per hour. [1]: /logs/guide/collect-multiple-logs-with-pagination?tab=v2api' operationId: ListSpans requestBody: content: application/json: schema: $ref: '#/components/schemas/SpansListRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/SpansListResponse' description: OK '400': $ref: '#/components/responses/SpansBadRequestResponse' '403': $ref: '#/components/responses/SpansForbiddenResponse' '422': $ref: '#/components/responses/SpansUnprocessableEntityResponse' '429': $ref: '#/components/responses/SpansTooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - apm_read summary: Search spans tags: - Spans x-codegen-request-body-name: body x-pagination: cursorParam: body.data.attributes.page.cursor cursorPath: meta.page.after limitParam: body.data.attributes.page.limit resultsPath: data /api/v2/synthetics/settings/on_demand_concurrency_cap: get: description: Get the on-demand concurrency cap. operationId: GetOnDemandConcurrencyCap responses: '200': content: application/json: schema: $ref: '#/components/schemas/OnDemandConcurrencyCapResponse' description: OK '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Get the on-demand concurrency cap tags: - Synthetics x-permission: operator: OR permissions: - billing_read post: description: Save new value for on-demand concurrency cap. operationId: SetOnDemandConcurrencyCap requestBody: content: application/json: schema: $ref: '#/components/schemas/OnDemandConcurrencyCapAttributes' description: . required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/OnDemandConcurrencyCapResponse' description: OK '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Save new value for on-demand concurrency cap tags: - Synthetics x-codegen-request-body-name: body x-permission: operator: OR permissions: - billing_edit /api/v2/team: get: description: 'Get all teams. Can be used to search for teams using the `filter[keyword]` and `filter[me]` query parameters.' operationId: ListTeams parameters: - $ref: '#/components/parameters/PageNumber' - $ref: '#/components/parameters/PageSize' - description: Specifies the order of the returned teams in: query name: sort required: false schema: $ref: '#/components/schemas/ListTeamsSort' - description: 'Included related resources optionally requested. Allowed enum values: `team_links, user_team_permissions`' in: query name: include required: false schema: items: $ref: '#/components/schemas/ListTeamsInclude' type: array - description: Search query. Can be team name, team handle, or email of team member in: query name: filter[keyword] required: false schema: type: string - description: When true, only returns teams the current user belongs to in: query name: filter[me] required: false schema: type: boolean - description: List of fields that need to be fetched. explode: false in: query name: fields[team] required: false schema: items: $ref: '#/components/schemas/TeamsField' type: array responses: '200': content: application/json: schema: $ref: '#/components/schemas/TeamsResponse' description: OK '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get all teams tags: - Teams x-pagination: limitParam: page[size] pageParam: page[number] resultsPath: data x-permission: operator: OR permissions: - teams_read post: description: 'Create a new team. User IDs passed through the `users` relationship field are added to the team.' operationId: CreateTeam requestBody: content: application/json: schema: $ref: '#/components/schemas/TeamCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/TeamResponse' description: CREATED '403': $ref: '#/components/responses/ForbiddenResponse' '409': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read - teams_manage summary: Create a team tags: - Teams x-codegen-request-body-name: body x-permission: operator: AND permissions: - teams_read - teams_manage /api/v2/team/{team_id}: delete: description: Remove a team using the team's `id`. operationId: DeleteTeam parameters: - description: None in: path name: team_id required: true schema: type: string responses: '204': description: No Content '403': $ref: '#/components/responses/ForbiddenResponse' '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read - teams_manage summary: Remove a team tags: - Teams x-permission: operator: AND permissions: - teams_read - teams_manage get: description: Get a single team using the team's `id`. operationId: GetTeam parameters: - description: None in: path name: team_id required: true schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/TeamResponse' description: OK '403': $ref: '#/components/responses/ForbiddenResponse' '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get a team tags: - Teams x-permission: operator: OR permissions: - teams_read patch: description: 'Update a team using the team''s `id`. If the `team_links` relationship is present, the associated links are updated to be in the order they appear in the array, and any existing team links not present are removed.' operationId: UpdateTeam parameters: - description: None in: path name: team_id required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/TeamUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/TeamResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '403': $ref: '#/components/responses/ForbiddenResponse' '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '409': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Update a team tags: - Teams x-codegen-request-body-name: body x-permission: operator: OR permissions: - teams_read /api/v2/team/{team_id}/links: get: description: Get all links for a given team. operationId: GetTeamLinks parameters: - description: None in: path name: team_id required: true schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/TeamLinksResponse' description: OK '403': $ref: '#/components/responses/ForbiddenResponse' '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get links for a team tags: - Teams x-permission: operator: OR permissions: - teams_read post: description: Add a new link to a team. operationId: CreateTeamLink parameters: - description: None in: path name: team_id required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/TeamLinkCreateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/TeamLinkResponse' description: OK '403': $ref: '#/components/responses/ForbiddenResponse' '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '422': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Create a team link tags: - Teams x-codegen-request-body-name: body x-permission: operator: OR permissions: - teams_read /api/v2/team/{team_id}/links/{link_id}: delete: description: Remove a link from a team. operationId: DeleteTeamLink parameters: - description: None in: path name: team_id required: true schema: type: string - description: None in: path name: link_id required: true schema: type: string responses: '204': description: No Content '403': $ref: '#/components/responses/ForbiddenResponse' '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Remove a team link tags: - Teams x-permission: operator: OR permissions: - teams_read get: description: Get a single link for a team. operationId: GetTeamLink parameters: - description: None in: path name: team_id required: true schema: type: string - description: None in: path name: link_id required: true schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/TeamLinkResponse' description: OK '403': $ref: '#/components/responses/ForbiddenResponse' '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get a team link tags: - Teams x-permission: operator: OR permissions: - teams_read patch: description: Update a team link. operationId: UpdateTeamLink parameters: - description: None in: path name: team_id required: true schema: type: string - description: None in: path name: link_id required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/TeamLinkCreateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/TeamLinkResponse' description: OK '403': $ref: '#/components/responses/ForbiddenResponse' '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Update a team link tags: - Teams x-codegen-request-body-name: body x-permission: operator: OR permissions: - teams_read /api/v2/team/{team_id}/memberships: get: description: Get a paginated list of members for a team operationId: GetTeamMemberships parameters: - description: None in: path name: team_id required: true schema: type: string - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - description: Specifies the order of returned team memberships in: query name: sort required: false schema: $ref: '#/components/schemas/GetTeamMembershipsSort' - description: Search query, can be user email or name in: query name: filter[keyword] required: false schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserTeamsResponse' description: Represents a user's association to a team '403': $ref: '#/components/responses/ForbiddenResponse' '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get team memberships tags: - Teams x-pagination: limitParam: page[size] pageParam: page[number] resultsPath: data x-permission: operator: OR permissions: - teams_read post: description: Add a user to a team. operationId: CreateTeamMembership parameters: - description: None in: path name: team_id required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UserTeamRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserTeamResponse' description: Represents a user's association to a team '403': $ref: '#/components/responses/ForbiddenResponse' '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '409': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Add a user to a team tags: - Teams x-codegen-request-body-name: body x-permission: operator: OR permissions: - teams_read /api/v2/team/{team_id}/memberships/{user_id}: delete: description: Remove a user from a team. operationId: DeleteTeamMembership parameters: - description: None in: path name: team_id required: true schema: type: string - description: None in: path name: user_id required: true schema: type: string responses: '204': description: No Content '403': $ref: '#/components/responses/ForbiddenResponse' '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Remove a user from a team tags: - Teams x-permission: operator: OR permissions: - teams_read patch: description: Update a user's membership attributes on a team. operationId: UpdateTeamMembership parameters: - description: None in: path name: team_id required: true schema: type: string - description: None in: path name: user_id required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UserTeamUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserTeamResponse' description: Represents a user's association to a team '403': $ref: '#/components/responses/ForbiddenResponse' '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Update a user's membership attributes on a team tags: - Teams x-codegen-request-body-name: body x-permission: operator: OR permissions: - teams_read /api/v2/team/{team_id}/permission-settings: get: description: Get all permission settings for a given team. operationId: GetTeamPermissionSettings parameters: - description: None in: path name: team_id required: true schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/TeamPermissionSettingsResponse' description: OK '403': $ref: '#/components/responses/ForbiddenResponse' '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get permission settings for a team tags: - Teams x-permission: operator: OR permissions: - teams_read /api/v2/team/{team_id}/permission-settings/{action}: put: description: Update a team permission setting for a given team. operationId: UpdateTeamPermissionSetting parameters: - description: None in: path name: team_id required: true schema: type: string - description: None in: path name: action required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/TeamPermissionSettingUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/TeamPermissionSettingResponse' description: OK '403': $ref: '#/components/responses/ForbiddenResponse' '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Update permission setting for team tags: - Teams x-codegen-request-body-name: body x-permission: operator: OR permissions: - teams_read /api/v2/teams: get: deprecated: true description: Get all incident teams for the requesting user's organization. If the `include[users]` query parameter is provided, the included attribute will contain the users related to these incident teams. operationId: ListIncidentTeams parameters: - $ref: '#/components/parameters/IncidentTeamIncludeQueryParameter' - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageOffset' - $ref: '#/components/parameters/IncidentTeamSearchQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentTeamsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get a list of all incident teams tags: - Incident Teams x-permission: operator: OR permissions: - incident_read x-unstable: '**Note**: This endpoint is deprecated. See the [Teams API endpoints](https://docs.datadoghq.com/api/latest/teams/).' post: deprecated: true description: Creates a new incident team. operationId: CreateIncidentTeam requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentTeamCreateRequest' description: Incident Team Payload. required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/IncidentTeamResponse' description: CREATED '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Create a new incident team tags: - Incident Teams x-codegen-request-body-name: body x-permission: operator: OR permissions: - incident_settings_write x-unstable: '**Note**: This endpoint is deprecated. See the [Teams API endpoints](https://docs.datadoghq.com/api/latest/teams/).' /api/v2/teams/{team_id}: delete: deprecated: true description: Deletes an existing incident team. operationId: DeleteIncidentTeam parameters: - $ref: '#/components/parameters/IncidentTeamIDPathParameter' responses: '204': description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Delete an existing incident team tags: - Incident Teams x-permission: operator: OR permissions: - incident_settings_write x-unstable: '**Note**: This endpoint is deprecated. See the [Teams API endpoints](https://docs.datadoghq.com/api/latest/teams/).' get: deprecated: true description: 'Get details of an incident team. If the `include[users]` query parameter is provided, the included attribute will contain the users related to these incident teams.' operationId: GetIncidentTeam parameters: - $ref: '#/components/parameters/IncidentTeamIDPathParameter' - $ref: '#/components/parameters/IncidentTeamIncludeQueryParameter' responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentTeamResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_read summary: Get details of an incident team tags: - Incident Teams x-permission: operator: OR permissions: - incident_read x-unstable: '**Note**: This endpoint is deprecated. See the [Teams API endpoints](https://docs.datadoghq.com/api/latest/teams/).' patch: deprecated: true description: Updates an existing incident team. Only provide the attributes which should be updated as this request is a partial update. operationId: UpdateIncidentTeam parameters: - $ref: '#/components/parameters/IncidentTeamIDPathParameter' requestBody: content: application/json: schema: $ref: '#/components/schemas/IncidentTeamUpdateRequest' description: Incident Team Payload. required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/IncidentTeamResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '401': $ref: '#/components/responses/UnauthorizedResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - incident_settings_write summary: Update an existing incident team tags: - Incident Teams x-codegen-request-body-name: body x-permission: operator: OR permissions: - incident_settings_write x-unstable: '**Note**: This endpoint is deprecated. See the [Teams API endpoints](https://docs.datadoghq.com/api/latest/teams/).' /api/v2/usage/application_security: get: deprecated: true description: 'Get hourly usage for application security . **Note:** This endpoint has been deprecated. Hourly usage data for all products is now available in the [Get hourly usage by product family API](https://docs.datadoghq.com/api/latest/usage-metering/#get-hourly-usage-by-product-family)' operationId: GetUsageApplicationSecurityMonitoring parameters: - description: 'Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage beginning at this hour.' in: query name: start_hr required: true schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage ending **before** this hour.' in: query name: end_hr required: false schema: format: date-time type: string responses: '200': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/UsageApplicationSecurityMonitoringResponse' description: OK '400': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden - User is not authorized '429': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get hourly usage for application security tags: - Usage Metering x-permission: operator: OR permissions: - usage_read /api/v2/usage/billing_dimension_mapping: get: description: 'Get a mapping of billing dimensions to the corresponding keys for the supported usage metering public API endpoints. Mapping data is updated on a monthly cadence. This endpoint is only accessible to [parent-level organizations](https://docs.datadoghq.com/account_management/multi_organization/).' operationId: GetBillingDimensionMapping parameters: - description: Datetime in ISO-8601 format, UTC, and for mappings beginning this month. Defaults to the current month. in: query name: filter[month] required: false schema: format: date-time type: string - description: String to specify whether to retrieve active billing dimension mappings for the contract or for all available mappings. Allowed views have the string `active` or `all`. Defaults to `active`. in: query name: filter[view] required: false schema: default: active type: string responses: '200': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/BillingDimensionsMappingResponse' description: OK '400': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden - User is not authorized '429': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get billing dimension mapping for usage endpoints tags: - Usage Metering x-permission: operator: OR permissions: - usage_read /api/v2/usage/cost_by_org: get: deprecated: true description: 'Get cost across multi-org account. Cost by org data for a given month becomes available no later than the 16th of the following month. **Note:** This endpoint has been deprecated. Please use the new endpoint [`/historical_cost`](https://docs.datadoghq.com/api/latest/usage-metering/#get-historical-cost-across-your-account) instead. This endpoint is only accessible for [parent-level organizations](https://docs.datadoghq.com/account_management/multi_organization/).' operationId: GetCostByOrg parameters: - description: 'Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost beginning this month.' in: query name: start_month required: true schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost ending this month.' in: query name: end_month required: false schema: format: date-time type: string responses: '200': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/CostByOrgResponse' description: OK '400': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden - User is not authorized '429': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read - billing_read summary: Get cost across multi-org account tags: - Usage Metering x-permission: operator: AND permissions: - usage_read - billing_read /api/v2/usage/estimated_cost: get: description: 'Get estimated cost across multi-org and single root-org accounts. Estimated cost data is only available for the current month and previous month and is delayed by up to 72 hours from when it was incurred. To access historical costs prior to this, use the `/historical_cost` endpoint. This endpoint is only accessible for [parent-level organizations](https://docs.datadoghq.com/account_management/multi_organization/).' operationId: GetEstimatedCostByOrg parameters: - description: String to specify whether cost is broken down at a parent-org level or at the sub-org level. Available views are `summary` and `sub-org`. Defaults to `summary`. in: query name: view required: false schema: type: string - description: 'Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost beginning this month. **Either start_month or start_date should be specified, but not both.** (start_month cannot go beyond two months in the past). Provide an `end_month` to view month-over-month cost.' in: query name: start_month required: false schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost ending this month.' in: query name: end_month required: false schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to day: `[YYYY-MM-DD]` for cost beginning this day. **Either start_month or start_date should be specified, but not both.** (start_date cannot go beyond two months in the past). Provide an `end_date` to view day-over-day cumulative cost.' in: query name: start_date required: false schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to day: `[YYYY-MM-DD]` for cost ending this day.' in: query name: end_date required: false schema: format: date-time type: string - description: 'Boolean to specify whether to include accounts connected to the current account as partner customers in the Datadog partner network program. Defaults to `false`. ' in: query name: include_connected_accounts required: false schema: default: false type: boolean responses: '200': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/CostByOrgResponse' description: OK '400': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden - User is not authorized '429': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read - billing_read summary: Get estimated cost across your account tags: - Usage Metering x-permission: operator: AND permissions: - usage_read - billing_read /api/v2/usage/historical_cost: get: description: 'Get historical cost across multi-org and single root-org accounts. Cost data for a given month becomes available no later than the 16th of the following month. This endpoint is only accessible for [parent-level organizations](https://docs.datadoghq.com/account_management/multi_organization/).' operationId: GetHistoricalCostByOrg parameters: - description: String to specify whether cost is broken down at a parent-org level or at the sub-org level. Available views are `summary` and `sub-org`. Defaults to `summary`. in: query name: view required: false schema: type: string - description: 'Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost beginning this month.' in: query name: start_month required: true schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]` for cost ending this month.' in: query name: end_month required: false schema: format: date-time type: string - description: 'Boolean to specify whether to include accounts connected to the current account as partner customers in the Datadog partner network program. Defaults to `false`. ' in: query name: include_connected_accounts required: false schema: default: false type: boolean responses: '200': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/CostByOrgResponse' description: OK '400': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden - User is not authorized '429': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read - billing_read summary: Get historical cost across your account tags: - Usage Metering x-permission: operator: AND permissions: - usage_read - billing_read /api/v2/usage/hourly_usage: get: description: Get hourly usage by product family. operationId: GetHourlyUsage parameters: - description: 'Datetime in ISO-8601 format, UTC, precise to hour: [YYYY-MM-DDThh] for usage beginning at this hour.' in: query name: filter[timestamp][start] required: true schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to hour: [YYYY-MM-DDThh] for usage ending **before** this hour.' in: query name: filter[timestamp][end] required: false schema: format: date-time type: string - description: 'Comma separated list of product families to retrieve. Available families are `all`, `analyzed_logs`, `application_security`, `audit_trail`, `serverless`, `ci_app`, `cloud_cost_management`, `cloud_siem`, `csm_container_enterprise`, `csm_host_enterprise`, `cspm`, `custom_events`, `cws`, `dbm`, `error_tracking`, `fargate`, `infra_hosts`, `incident_management`, `indexed_logs`, `indexed_spans`, `ingested_spans`, `iot`, `lambda_traced_invocations`, `logs`, `network_flows`, `network_hosts`, `network_monitoring`, `observability_pipelines`, `online_archive`, `profiling`, `rum`, `rum_browser_sessions`, `rum_mobile_sessions`, `sds`, `snmp`, `software_delivery`, `synthetics_api`, `synthetics_browser`, `synthetics_mobile`, `synthetics_parallel_testing`, `timeseries`, `vuln_management`, and `workflow_executions`. The following product family has been **deprecated**: `audit_logs`.' in: query name: filter[product_families] required: true schema: type: string - description: Include child org usage in the response. Defaults to false. in: query name: filter[include_descendants] required: false schema: default: false type: boolean - description: Boolean to specify whether to include accounts connected to the current account as partner customers in the Datadog partner network program. Defaults to false. in: query name: filter[include_connected_accounts] required: false schema: default: false type: boolean - description: Include breakdown of usage by subcategories where applicable (for product family logs only). Defaults to false. in: query name: filter[include_breakdown] required: false schema: default: false type: boolean - description: 'Comma separated list of product family versions to use in the format `product_family:version`. For example, `infra_hosts:1.0.0`. If this parameter is not used, the API will use the latest version of each requested product family. Currently all families have one version `1.0.0`.' in: query name: filter[versions] required: false schema: type: string - description: Maximum number of results to return (between 1 and 500) - defaults to 500 if limit not specified. in: query name: page[limit] required: false schema: default: 500 format: int32 maximum: 500 minimum: 1 type: integer - description: List following results with a next_record_id provided in the previous query. in: query name: page[next_record_id] required: false schema: type: string responses: '200': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/HourlyUsageResponse' description: OK '400': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden - User is not authorized '429': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get hourly usage by product family tags: - Usage Metering x-permission: operator: OR permissions: - usage_read /api/v2/usage/lambda_traced_invocations: get: deprecated: true description: 'Get hourly usage for Lambda traced invocations. **Note:** This endpoint has been deprecated.. Hourly usage data for all products is now available in the [Get hourly usage by product family API](https://docs.datadoghq.com/api/latest/usage-metering/#get-hourly-usage-by-product-family)' operationId: GetUsageLambdaTracedInvocations parameters: - description: 'Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage beginning at this hour.' in: query name: start_hr required: true schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage ending **before** this hour.' in: query name: end_hr required: false schema: format: date-time type: string responses: '200': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/UsageLambdaTracedInvocationsResponse' description: OK '400': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden - User is not authorized '429': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get hourly usage for Lambda traced invocations tags: - Usage Metering x-permission: operator: OR permissions: - usage_read /api/v2/usage/observability_pipelines: get: deprecated: true description: 'Get hourly usage for observability pipelines. **Note:** This endpoint has been deprecated. Hourly usage data for all products is now available in the [Get hourly usage by product family API](https://docs.datadoghq.com/api/latest/usage-metering/#get-hourly-usage-by-product-family)' operationId: GetUsageObservabilityPipelines parameters: - description: 'Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage beginning at this hour.' in: query name: start_hr required: true schema: format: date-time type: string - description: 'Datetime in ISO-8601 format, UTC, precise to hour: `[YYYY-MM-DDThh]` for usage ending **before** this hour.' in: query name: end_hr required: false schema: format: date-time type: string responses: '200': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/UsageObservabilityPipelinesResponse' description: OK '400': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden - User is not authorized '429': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read summary: Get hourly usage for observability pipelines tags: - Usage Metering x-permission: operator: OR permissions: - usage_read /api/v2/usage/projected_cost: get: description: 'Get projected cost across multi-org and single root-org accounts. Projected cost data is only available for the current month and becomes available around the 12th of the month. This endpoint is only accessible for [parent-level organizations](https://docs.datadoghq.com/account_management/multi_organization/).' operationId: GetProjectedCost parameters: - description: String to specify whether cost is broken down at a parent-org level or at the sub-org level. Available views are `summary` and `sub-org`. Defaults to `summary`. in: query name: view required: false schema: type: string - description: 'Boolean to specify whether to include accounts connected to the current account as partner customers in the Datadog partner network program. Defaults to `false`. ' in: query name: include_connected_accounts required: false schema: default: false type: boolean responses: '200': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/ProjectedCostResponse' description: OK '400': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Forbidden - User is not authorized '429': content: application/json;datetime-format=rfc3339: schema: $ref: '#/components/schemas/APIErrorResponse' description: Too many requests security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - usage_read - billing_read summary: Get projected cost across your account tags: - Usage Metering x-permission: operator: AND permissions: - usage_read - billing_read /api/v2/user_invitations: post: description: Sends emails to one or more users inviting them to join the organization. operationId: SendInvitations requestBody: content: application/json: schema: $ref: '#/components/schemas/UserInvitationsRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserInvitationsResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_invite summary: Send invitation emails tags: - Users x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_access_invite /api/v2/user_invitations/{user_invitation_uuid}: get: description: Returns a single user invitation by its UUID. operationId: GetInvitation parameters: - description: The UUID of the user invitation. in: path name: user_invitation_uuid required: true schema: example: 00000000-0000-0000-3456-000000000000 type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserInvitationResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_invite summary: Get a user invitation tags: - Users x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_access_invite /api/v2/users: get: description: 'Get the list of all users in the organization. This list includes all users even if they are deactivated or unverified.' operationId: ListUsers parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - description: 'User attribute to order results by. Sort order is ascending by default. Sort order is descending if the field is prefixed by a negative sign, for example `sort=-name`. Options: `name`, `modified_at`, `user_count`.' in: query name: sort required: false schema: default: name example: name type: string - description: 'Direction of sort. Options: `asc`, `desc`.' in: query name: sort_dir required: false schema: $ref: '#/components/schemas/QuerySortOrder' - description: Filter all users by the given string. Defaults to no filtering. in: query name: filter required: false schema: type: string - description: 'Filter on status attribute. Comma separated list, with possible values `Active`, `Pending`, and `Disabled`. Defaults to no filtering.' in: query name: filter[status] required: false schema: example: Active type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/UsersResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: List all users tags: - Users x-codegen-request-body-name: body x-pagination: limitParam: page[size] pageParam: page[number] resultsPath: data x-permission: operator: OR permissions: - user_access_read post: description: Create a user for your organization. operationId: CreateUser requestBody: content: application/json: schema: $ref: '#/components/schemas/UserCreateRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/UserResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_invite summary: Create a user tags: - Users x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_access_invite /api/v2/users/{user_id}: delete: description: 'Disable a user. Can only be used with an application key belonging to an administrator user.' operationId: DisableUser parameters: - $ref: '#/components/parameters/UserID' responses: '204': description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Disable a user tags: - Users x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_access_manage - service_account_write get: description: "Get a user in the organization specified by the user\u2019s `user_id`." operationId: GetUser parameters: - $ref: '#/components/parameters/UserID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: Get user details tags: - Users x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_access_read patch: description: 'Edit a user. Can only be used with an application key belonging to an administrator user.' operationId: UpdateUser parameters: - $ref: '#/components/parameters/UserID' requestBody: content: application/json: schema: $ref: '#/components/schemas/UserUpdateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserResponse' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Bad Request '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '422': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Unprocessable Entity '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_manage summary: Update a user tags: - Users x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_access_manage - service_account_write /api/v2/users/{user_id}/orgs: get: description: 'Get a user organization. Returns the user information and all organizations joined by this user.' operationId: ListUserOrganizations parameters: - $ref: '#/components/parameters/UserID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] summary: Get a user organization tags: - Users x-codegen-request-body-name: body x-permission: operator: OPEN permissions: [] /api/v2/users/{user_id}/permissions: get: description: "Get a user permission set. Returns a list of the user\u2019s permissions\ngranted by the associated user's roles." operationId: ListUserPermissions parameters: - $ref: '#/components/parameters/UserID' responses: '200': content: application/json: schema: $ref: '#/components/schemas/PermissionsResponse' description: OK '403': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Authentication error '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: Not found '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - user_access_read summary: Get a user permissions tags: - Users x-codegen-request-body-name: body x-permission: operator: OR permissions: - user_access_read /api/v2/users/{user_uuid}/memberships: get: description: Get a list of memberships for a user operationId: GetUserMemberships parameters: - description: None in: path name: user_uuid required: true schema: type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/UserTeamsResponse' description: Represents a user's association to a team '404': content: application/json: schema: $ref: '#/components/schemas/APIErrorResponse' description: API error response. '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - teams_read summary: Get user memberships tags: - Teams x-permission: operator: OR permissions: - teams_read /api/v2/workflows: post: description: Create a new workflow, returning the workflow ID. This API requires an application key scoped with the `workflows_write` permission. operationId: CreateWorkflow requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateWorkflowRequest' required: true responses: '201': content: application/json: schema: $ref: '#/components/schemas/CreateWorkflowResponse' description: Successfully created a workflow. '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '429': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Too many requests summary: Create a Workflow tags: - Workflow Automation x-permission: operator: OR permissions: - workflows_write /api/v2/workflows/{workflow_id}: delete: description: Delete a workflow by ID. This API requires an application key scoped with the `workflows_write` permission. operationId: DeleteWorkflow parameters: - $ref: '#/components/parameters/WorkflowId' responses: '204': description: Successfully deleted a workflow. '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Not found '429': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Too many requests summary: Delete an existing Workflow tags: - Workflow Automation x-permission: operator: OR permissions: - workflows_write get: description: Get a workflow by ID. This API requires an application key scoped with the `workflows_read` permission. operationId: GetWorkflow parameters: - $ref: '#/components/parameters/WorkflowId' responses: '200': content: application/json: schema: $ref: '#/components/schemas/GetWorkflowResponse' description: Successfully got a workflow. '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Not found '429': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Too many requests summary: Get an existing Workflow tags: - Workflow Automation x-permission: operator: OR permissions: - workflows_read patch: description: Update a workflow by ID. This API requires an application key scoped with the `workflows_write` permission. operationId: UpdateWorkflow parameters: - $ref: '#/components/parameters/WorkflowId' requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateWorkflowRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/UpdateWorkflowResponse' description: Successfully updated a workflow. '400': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Bad request '403': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Forbidden '404': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Not found '429': content: application/json: schema: $ref: '#/components/schemas/JSONAPIErrorResponse' description: Too many requests summary: Update an existing Workflow tags: - Workflow Automation x-permission: operator: OR permissions: - workflows_write /api/v2/workflows/{workflow_id}/instances: get: description: List all instances of a given workflow. This API requires an application key scoped with the workflows_read permission. operationId: ListWorkflowInstances parameters: - $ref: '#/components/parameters/WorkflowId' - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' responses: '200': content: application/json: schema: $ref: '#/components/schemas/WorkflowListInstancesResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - workflows_read summary: List workflow instances tags: - Workflow Automation x-permission: operator: OR permissions: - workflows_read post: description: Execute the given workflow. This API requires an application key scoped with the workflows_run permission. operationId: CreateWorkflowInstance parameters: - $ref: '#/components/parameters/WorkflowId' requestBody: content: application/json: schema: $ref: '#/components/schemas/WorkflowInstanceCreateRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/WorkflowInstanceCreateResponse' description: Created '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - workflows_run summary: Execute a workflow tags: - Workflow Automation x-codegen-request-body-name: body x-permission: operator: OR permissions: - workflows_run /api/v2/workflows/{workflow_id}/instances/{instance_id}: get: description: Get a specific execution of a given workflow. This API requires an application key scoped with the workflows_read permission. operationId: GetWorkflowInstance parameters: - $ref: '#/components/parameters/WorkflowId' - $ref: '#/components/parameters/InstanceId' responses: '200': content: application/json: schema: $ref: '#/components/schemas/WorklflowGetInstanceResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' security: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: - workflows_read summary: Get a workflow instance tags: - Workflow Automation x-permission: operator: OR permissions: - workflows_read /api/v2/workflows/{workflow_id}/instances/{instance_id}/cancel: put: description: Cancels a specific execution of a given workflow. This API requires an application key scoped with the workflows_run permission. operationId: CancelWorkflowInstance parameters: - $ref: '#/components/parameters/WorkflowId' - $ref: '#/components/parameters/InstanceId' responses: '200': content: application/json: schema: $ref: '#/components/schemas/WorklflowCancelInstanceResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' '403': $ref: '#/components/responses/ForbiddenResponse' '404': $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' summary: Cancel a workflow instance tags: - Workflow Automation x-permission: operator: OR permissions: - workflows_run security: - apiKeyAuth: [] appKeyAuth: [] servers: - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: The regional site for Datadog customers. enum: - datadoghq.com - us3.datadoghq.com - us5.datadoghq.com - ap1.datadoghq.com - datadoghq.eu - ddog-gov.com subdomain: default: api description: The subdomain where the API is deployed. - url: '{protocol}://{name}' variables: name: default: api.datadoghq.com description: Full site DNS name. protocol: default: https description: The protocol for accessing the API. - url: https://{subdomain}.{site} variables: site: default: datadoghq.com description: Any Datadog deployment. subdomain: default: api description: The subdomain where the API is deployed. tags: - description: Configure your API endpoints through the Datadog API. name: API Management - description: Manage configuration of [APM retention filters](https://app.datadoghq.com/apm/traces/retention-filters) for your organization. You need an API and application key with Admin rights to interact with this endpoint. See [retention filters](https://docs.datadoghq.com/tracing/trace_pipeline/trace_retention/#retention-filters) on the Trace Retention page for more information. externalDocs: description: Find out more at url: https://docs.datadoghq.com/tracing/trace_pipeline/trace_retention/ name: APM Retention Filters - description: 'Configure your Datadog-AWS integration directly through the Datadog API. For more information, see the [AWS integration page](https://docs.datadoghq.com/integrations/amazon_web_services).' name: AWS Integration - description: 'Configure your Datadog-AWS-Logs integration directly through Datadog API. For more information, see the [AWS integration page](https://docs.datadoghq.com/integrations/amazon_web_services/#log-collection).' externalDocs: url: https://docs.datadoghq.com/integrations/amazon_web_services/#log-collection name: AWS Logs Integration - description: "Action connections extend your installed integrations and allow you to take action in your third-party systems\n(e.g. AWS, GitLab, and Statuspage) with Datadog\u2019s Workflow Automation and App Builder products.\n\nDatadog\u2019s Integrations automatically provide authentication for Slack, Microsoft Teams, PagerDuty, Opsgenie,\nJIRA, GitHub, and Statuspage. You do not need additional connections in order to access these tools within\nWorkflow Automation and App Builder.\n\nWe offer granular access control for editing and resolving connections." externalDocs: description: Find out more at url: https://docs.datadoghq.com/service_management/workflows/connections/ name: Action Connection - description: "Datadog Agentless Scanning provides visibility into risks and vulnerabilities\nwithin your hosts, running containers, and serverless functions\u2014all without\nrequiring teams to install Agents on every host or where Agents cannot be installed.\nAgentless offers also Sensitive Data Scanning capabilities on your storage.\nGo to https://www.datadoghq.com/blog/agentless-scanning/ to learn more." name: Agentless Scanning - description: Datadog App Builder provides a low-code solution to rapidly develop and integrate secure, customized applications into your monitoring stack that are built to accelerate remediation at scale. These API endpoints allow you to create, read, update, delete, and publish apps. name: App Builder - description: '[Datadog Application Security](https://docs.datadoghq.com/security/application_security/) provides protection against application-level attacks that aim to exploit code-level vulnerabilities, such as Server-Side-Request-Forgery (SSRF), SQL injection, Log4Shell, and Reflected Cross-Site-Scripting (XSS). You can monitor and protect apps hosted directly on a server, Docker, Kubernetes, Amazon ECS, and (for supported languages) AWS Fargate.' externalDocs: description: Find out more at url: https://docs.datadoghq.com/security/application_security/ name: Application Security - description: Search your Audit Logs events over HTTP. name: Audit - description: '[The AuthN Mappings API](https://docs.datadoghq.com/account_management/authn_mapping/?tab=example) is used to automatically map groups of users to roles in Datadog using attributes sent from Identity Providers. Use these endpoints to manage your AuthN Mappings.' name: AuthN Mappings - description: Search or aggregate your CI Visibility pipeline events and send them to your Datadog site over HTTP. See the [CI Pipeline Visibility in Datadog page](https://docs.datadoghq.com/continuous_integration/pipelines/) for more information. name: CI Visibility Pipelines - description: Search or aggregate your CI Visibility test events over HTTP. See the [Test Visibility in Datadog page](https://docs.datadoghq.com/tests/) for more information. name: CI Visibility Tests - description: 'Datadog Cloud Security Management (CSM) delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Go to https://docs.datadoghq.com/security/cloud_security_management to learn more' name: CSM Agents - description: 'Datadog Cloud Security Management (CSM) delivers real-time threat detection and continuous configuration audits across your entire cloud infrastructure, all in a unified view for seamless collaboration and faster remediation. Go to https://docs.datadoghq.com/security/cloud_security_management to learn more.' name: CSM Coverage Analysis - description: 'Workload Protection monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. See [Workload Protection](https://docs.datadoghq.com/security/workload_protection/) for more information on setting up Workload Protection. **Note**: These endpoints are split based on whether you are using the US1-FED site or not. Please reference the specific resource for the site you are using.' name: CSM Threats - description: View and manage cases and projects within Case Management. See the [Case Management page](https://docs.datadoghq.com/service_management/case_management/) for more information. name: Case Management - description: The Cloud Cost Management API allows you to set up, edit, and delete Cloud Cost Management accounts for AWS and Azure. You can query your cost data by using the [Metrics endpoint](https://docs.datadoghq.com/api/latest/metrics/#query-timeseries-data-across-multiple-products) and the `cloud_cost` data source. For more information, see the [Cloud Cost Management documentation](https://docs.datadoghq.com/cloud_cost_management/). name: Cloud Cost Management - description: The Cloud Network Monitoring API allows you to fetch aggregated connections and their attributes. See the [Cloud Network Monitoring page](https://docs.datadoghq.com/network_monitoring/cloud_network_monitoring/) for more information. name: Cloud Network Monitoring - description: Manage your Datadog Cloudflare integration directly through the Datadog API. See the [Cloudflare integration page](https://docs.datadoghq.com/integrations/cloudflare/) for more information. name: Cloudflare Integration - description: Manage your Datadog Confluent Cloud integration accounts and account resources directly through the Datadog API. See the [Confluent Cloud page](https://docs.datadoghq.com/integrations/confluent_cloud/) for more information. name: Confluent Cloud - description: The Container Images API allows you to query Container Image data for your organization. See the [Container Images View page](https://docs.datadoghq.com/infrastructure/containers/container_images/) for more information. name: Container Images - description: The Containers API allows you to query container data for your organization. See the [Container Monitoring page](https://docs.datadoghq.com/containers/) for more information. name: Containers - description: 'Search or send events for DORA Metrics to measure and improve your software delivery performance. See the [DORA Metrics page](https://docs.datadoghq.com/dora_metrics/) for more information. **Note**: DORA Metrics are not available in the US1-FED site.' name: DORA Metrics - description: 'Interact with your dashboard lists through the API to organize, find, and share all of your dashboards with your team and organization.' name: Dashboard Lists - description: The Data Deletion API allows the user to target and delete data from the allowed products. It's currently enabled for Logs and RUM and depends on `logs_delete_data` and `rum_delete_data` permissions respectively. name: Data Deletion - description: 'Configure your Datadog Email Domain Allowlist directly through the Datadog API. The Email Domain Allowlist controls the domains that certain datadog emails can be sent to. For more information, see the [Domain Allowlist docs page](https://docs.datadoghq.com/account_management/org_settings/domain_allowlist)' name: Domain Allowlist - description: '**Note**: Downtime V2 is currently in private beta. To request access, contact [Datadog support](https://docs.datadoghq.com/help/). [Downtiming](https://docs.datadoghq.com/monitors/notify/downtimes) gives you greater control over monitor notifications by allowing you to globally exclude scopes from alerting. Downtime settings, which can be scheduled with start and end times, prevent all alerting related to specified Datadog tags.' name: Downtimes - description: 'The Event Management API allows you to programmatically post events to the Events Explorer and fetch events from the Events Explorer. See the [Event Management page](https://docs.datadoghq.com/service_management/events/) for more information. **Update to Datadog monitor events `aggregation_key` starting March 1, 2025:** The Datadog monitor events `aggregation_key` is unique to each Monitor ID. Starting March 1st, this key will also include Monitor Group, making it unique per *Monitor ID and Monitor Group*. If you''re using monitor events `aggregation_key` in dashboard queries or the Event API, you must migrate to use `@monitor.id`. Reach out to [support](https://www.datadoghq.com/support/) if you have any question.' name: Events - description: Manage your Datadog Fastly integration accounts and services directly through the Datadog API. See the [Fastly integration page](https://docs.datadoghq.com/integrations/fastly/) for more information. name: Fastly Integration - description: 'Configure your Datadog-Google Cloud Platform (GCP) integration directly through the Datadog API. Read more about the [Datadog-Google Cloud Platform integration](https://docs.datadoghq.com/integrations/google_cloud_platform).' externalDocs: url: https://docs.datadoghq.com/integrations/google_cloud_platform name: GCP Integration - description: 'The IP allowlist API is used to manage the IP addresses that can access the Datadog API and web UI. It does not block access to intake APIs or public dashboards. This is an enterprise-only feature. Request access by contacting Datadog support, or see the [IP Allowlist page](https://docs.datadoghq.com/account_management/org_settings/ip_allowlist/) for more information.' name: IP Allowlist - description: Create, update, delete, and retrieve services which can be associated with incidents. See the [Incident Management page](https://docs.datadoghq.com/service_management/incident_management/) for more information. name: Incident Services - description: The Incident Teams endpoints are deprecated. See the [Teams API endpoints](https://docs.datadoghq.com/api/latest/teams/) to create, update, delete, and retrieve teams which can be associated with incidents. name: Incident Teams - description: Manage incident response, as well as associated attachments, metadata, and todos. See the [Incident Management page](https://docs.datadoghq.com/service_management/incident_management/) for more information. name: Incidents - description: 'Manage your Datadog API and application keys. You need an API key and an application key for a user with the required permissions to interact with these endpoints. The full list of API and application keys can be seen on your [Datadog API page](https://app.datadoghq.com/account/settings#api).' externalDocs: description: Find out more at url: https://docs.datadoghq.com/account_management/api-app-keys/ name: Key Management - description: Search your logs and send them to your Datadog platform over HTTP. See the [Log Management page](https://docs.datadoghq.com/logs/) for more information. name: Logs - description: 'Archives forward all the logs ingested to a cloud storage system. See the [Archives Page](https://app.datadoghq.com/logs/pipelines/archives) for a list of the archives currently configured in Datadog.' externalDocs: description: Find out more at url: https://docs.datadoghq.com/logs/archives/ name: Logs Archives - description: 'Custom Destinations forward all the logs ingested to an external destination. **Note**: Log forwarding is not available for the Government (US1-FED) site. Contact your account representative for more information. See the [Custom Destinations Page](https://app.datadoghq.com/logs/pipelines/log-forwarding/custom-destinations) for a list of the custom destinations currently configured in web UI.' externalDocs: description: Find out more at url: https://docs.datadoghq.com/logs/log_configuration/forwarding_custom_destinations/ name: Logs Custom Destinations - description: Manage configuration of [log-based metrics](https://app.datadoghq.com/logs/pipelines/generate-metrics) for your organization. externalDocs: description: Find out more at url: https://docs.datadoghq.com/logs/logs_to_metrics/ name: Logs Metrics - description: "The metrics endpoint allows you to:\n\n- Post metrics data so it can be graphed on Datadog\u2019s dashboards\n- Query metrics from any time period (timeseries and scalar)\n- Modify tag configurations for metrics\n- View tags and volumes for metrics\n\n**Note**: A graph can only contain a set number of points\nand as the timeframe over which a metric is viewed increases,\naggregation between points occurs to stay below that set number.\n\nThe Post, Patch, and Delete `manage_tags` API methods can only be performed by\na user who has the `Manage Tags for Metrics` permission.\n\nSee the [Metrics page](https://docs.datadoghq.com/metrics/) for more information." name: Metrics - description: 'Configure your [Datadog Microsoft Teams integration](https://docs.datadoghq.com/integrations/microsoft_teams/) directly through the Datadog API. Note: These endpoints do not support legacy connector handles.' externalDocs: description: For more information about the Datadog Microsoft Teams integration, see the integration page. url: https://docs.datadoghq.com/integrations/microsoft_teams/ name: Microsoft Teams Integration - description: '[Monitors](https://docs.datadoghq.com/monitors) allow you to watch a metric or check that you care about and notifies your team when a defined threshold has exceeded. For more information, see [Creating Monitors](https://docs.datadoghq.com/monitors/create/types/) and [Tag Policies](https://docs.datadoghq.com/monitors/settings/).' externalDocs: description: Find out more at url: https://docs.datadoghq.com/monitors/create/types/ name: Monitors - description: The Network Device Monitoring API allows you to fetch devices and interfaces and their attributes. See the [Network Device Monitoring page](https://docs.datadoghq.com/network_monitoring/) for more information. name: Network Device Monitoring - description: Observability Pipelines allows you to collect and process logs within your own infrastructure, and then route them to downstream integrations. externalDocs: description: Find out more at url: https://docs.datadoghq.com/observability_pipelines/ name: Observability Pipelines - description: Configure your [Datadog Okta integration](https://docs.datadoghq.com/integrations/okta/) directly through the Datadog API. name: Okta Integration - description: 'Configure your [Datadog On-Call](https://docs.datadoghq.com/service_management/on-call/) directly through the Datadog API.' externalDocs: url: https://docs.datadoghq.com/service_management/on-call/ name: On-Call - description: 'Trigger and manage [Datadog On-Call](https://docs.datadoghq.com/service_management/on-call/) pages directly through the Datadog API.' externalDocs: url: https://docs.datadoghq.com/service_management/on-call/ name: On-Call Paging - description: 'Configure your [Datadog Opsgenie integration](https://docs.datadoghq.com/integrations/opsgenie/) directly through the Datadog API.' externalDocs: url: https://docs.datadoghq.com/api/latest/opsgenie-integration name: Opsgenie Integration - description: Create, edit, and manage your organizations. Read more about [multi-org accounts](https://docs.datadoghq.com/account_management/multi_organization). externalDocs: description: Find out more at url: https://docs.datadoghq.com/account_management/multi_organization name: Organizations - description: 'The Powerpack endpoints allow you to: - Get a Powerpack - Create a Powerpack - Delete a Powerpack - Get a list of all Powerpacks The Patch and Delete API methods can only be performed on a Powerpack by a user who has the powerpack create permission for that specific Powerpack. Read [Scale Graphing Expertise with Powerpacks](https://docs.datadoghq.com/dashboards/guide/powerpacks-best-practices/) for more information.' name: Powerpack - description: The processes API allows you to query processes data for your organization. See the [Live Processes page](https://docs.datadoghq.com/infrastructure/process/) for more information. name: Processes - description: Manage your Real User Monitoring (RUM) applications, and search or aggregate your RUM events over HTTP. See the [RUM & Session Replay page](https://docs.datadoghq.com/real_user_monitoring/) for more information name: RUM - description: 'A restriction policy defines the access control rules for a resource, mapping a set of relations (such as editor and viewer) to a set of allowed principals (such as roles, teams, or users). The restriction policy determines who is authorized to perform what actions on the resource.' name: Restriction Policies - description: 'The Roles API is used to create and manage Datadog roles, what [global permissions](https://docs.datadoghq.com/account_management/rbac/) they grant, and which users belong to them. Permissions related to specific account assets can be granted to roles in the Datadog application without using this API. For example, granting read access on a specific log index to a role can be done in Datadog from the [Pipelines page](https://app.datadoghq.com/logs/pipelines).' name: Roles - description: Manage configuration of [rum-based metrics](https://app.datadoghq.com/rum/generate-metrics) for your organization. externalDocs: description: Find out more at url: https://docs.datadoghq.com/real_user_monitoring/platform/generate_metrics/ name: Rum Metrics - description: Manage retention filters through [Manage Applications](https://app.datadoghq.com/rum/list) of RUM for your organization. name: Rum Retention Filters - description: Create and manage your security rules, signals, filters, and more. See the [Datadog Security page](https://docs.datadoghq.com/security/) for more information. name: Security Monitoring - description: Create, update, delete, and retrieve sensitive data scanner groups and rules. See the [Sensitive Data Scanner page](https://docs.datadoghq.com/sensitive_data_scanner/) for more information. name: Sensitive Data Scanner - description: Create, edit, and disable service accounts. See the [Service Accounts page](https://docs.datadoghq.com/account_management/org_settings/service_accounts/) for more information. name: Service Accounts - description: 'API to create, update, retrieve and delete service definitions. Note: Service Catalog [v3.0 schema](https://docs.datadoghq.com/service_catalog/service_definitions/v3-0/) has new API endpoints documented under [Software Catalog](https://docs.datadoghq.com/api/latest/software-catalog/). Use the following Service Definition endpoints for v2.2 and earlier.' externalDocs: url: https://docs.datadoghq.com/tracing/service_catalog/ name: Service Definition - description: '[Service Level Objectives](https://docs.datadoghq.com/monitors/service_level_objectives/#configuration) (SLOs) are a key part of the site reliability engineering toolkit. SLOs provide a framework for defining clear targets around application performance, which ultimately help teams provide a consistent customer experience, balance feature development with platform stability, and improve communication with internal and external users.' name: Service Level Objectives - description: 'API to create and update scorecard rules and outcomes. See [Service Scorecards](https://docs.datadoghq.com/service_catalog/scorecards) for more information. This feature is currently in BETA. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' name: Service Scorecards - description: API to create, update, retrieve, and delete Software Catalog entities. externalDocs: url: https://docs.datadoghq.com/service_catalog/service_definitions#metadata-schema-v30-beta name: Software Catalog - description: Search and aggregate your spans from your Datadog platform over HTTP. name: Spans - description: Manage configuration of [span-based metrics](https://app.datadoghq.com/apm/traces/generate-metrics) for your organization. See [Generate Metrics from Spans](https://docs.datadoghq.com/tracing/trace_pipeline/generate_metrics/) for more information. externalDocs: description: Find out more at url: https://docs.datadoghq.com/tracing/metrics/metrics_namespace/ name: Spans Metrics - description: "Datadog Synthetics uses simulated user requests and browser rendering to help you ensure uptime,\nidentify regional issues, and track your application performance. Datadog Synthetics tests come in\ntwo different flavors, [API tests](https://docs.datadoghq.com/synthetics/api_tests/)\nand [browser tests](https://docs.datadoghq.com/synthetics/browser_tests). You can use Datadog\u2019s API to\nmanage both test types programmatically.\n\nFor more information about Synthetics, see the [Synthetics overview](https://docs.datadoghq.com/synthetics/)." name: Synthetics - description: View and manage teams within Datadog. See the [Teams page](https://docs.datadoghq.com/account_management/teams/) for more information. name: Teams - description: 'The usage metering API allows you to get hourly, daily, and monthly usage across multiple facets of Datadog. This API is available to all Pro and Enterprise customers. **Note**: Usage data is delayed by up to 72 hours from when it was incurred. It is retained for 15 months. You can retrieve up to 24 hours of hourly usage data for multiple organizations, and up to two months of hourly usage data for a single organization in one request. Learn more on the [usage details documentation](https://docs.datadoghq.com/account_management/billing/usage_details/).' externalDocs: description: Find out more at url: https://docs.datadoghq.com/account_management/billing/usage_details/ name: Usage Metering - description: Create, edit, and disable users. externalDocs: url: https://docs.datadoghq.com/account_management/users name: Users - description: Datadog Workflow Automation allows you to automate your end-to-end processes by connecting Datadog with the rest of your tech stack. Build workflows to auto-remediate your alerts, streamline your incident and security processes, and reduce manual toil. Workflow Automation supports over 1,000+ OOTB actions, including AWS, JIRA, ServiceNow, GitHub, and OpenAI. Learn more in our Workflow Automation docs [here](https://docs.datadoghq.com/service_management/workflows/). externalDocs: description: Find out more at url: https://docs.datadoghq.com/service_management/workflows/ name: Workflow Automation x-group-parameters: true