Skip to main content
Glama
brukhabtu

Datadog MCP Server

by brukhabtu
OverviewSchemaRelated ServersScoreDiscussions
Python
Remote

ListSecurityMonitoringSignals

Retrieve and filter security signals using specific search queries, time ranges, and sorting criteria to monitor and analyze potential threats or anomalies.

Instructions

The list endpoint returns security signals that match a search query. Both this endpoint and the POST endpoint can be used interchangeably when listing security signals.

Query Parameters:

  • filter[query]: The search query for security signals.

  • filter[from]: The minimum timestamp for requested security signals.

  • filter[to]: The maximum timestamp for requested security signals.

  • sort: The order of the security signals in results.

  • page[cursor]: A list of results using the cursor provided in the previous query.

  • page[limit]: The maximum number of security signals in the response.

Responses:

  • 200 (Success): OK

    • Content-Type: application/json

    • Response Properties:

      • data: An array of security signals matching the request.

    • Example:

{
  "data": [
    "unknown_type"
  ],
  "links": "unknown_type",
  "meta": "unknown_type"
}

  • 400: Bad Request

    • Content-Type: application/json

    • Response Properties:

      • errors: A list of errors.

    • Example:

{
  "errors": [
    "Bad Request"
  ]
}

  • 403: Not Authorized

    • Content-Type: application/json

    • Response Properties:

      • errors: A list of errors.

    • Example:

{
  "errors": [
    "Bad Request"
  ]
}

  • 429: Too many requests

    • Content-Type: application/json

    • Response Properties:

      • errors: A list of errors.

    • Example:

{
  "errors": [
    "Bad Request"
  ]
}

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
filter[from]NoThe minimum timestamp for requested security signals.
filter[query]NoThe search query for security signals.
filter[to]NoThe maximum timestamp for requested security signals.
page[cursor]NoA list of results using the cursor provided in the previous query.
page[limit]NoThe maximum number of security signals in the response.
sortNoThe sort parameters used for querying security signals.

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault
dataNoAn array of security signals matching the request.
metaNo
linksNo

Implementation Reference

  • datadog_mcp/server.py:87-124 (registration)
    Registration of safe read-only endpoints as MCP tools via FastMCP OpenAPI integration. Includes '/api/v2/security_monitoring.*' which exposes the 'ListSecurityMonitoringSignals' tool from Datadog's OpenAPI spec.
    safe_endpoints = [
    # Metrics and time-series data
    r"^/api/v2/metrics.*",  # Query metrics data
    r"^/api/v2/query/.*",  # Time-series queries
    # Dashboards and visualizations
    r"^/api/v2/dashboards.*",  # Dashboard configurations
    r"^/api/v2/notebooks.*",  # Notebook data
    # Monitoring and alerts
    r"^/api/v2/monitors.*",  # Monitor configurations
    r"^/api/v2/downtime.*",  # Scheduled downtimes
    r"^/api/v2/synthetics.*",  # Synthetic tests
    # Logs and events
    r"^/api/v2/logs/events/search$",  # Search logs
    r"^/api/v2/logs/events$",  # List log events
    r"^/api/v2/logs/config.*",  # Log pipeline configs
    # APM and traces
    r"^/api/v2/apm/.*",  # APM data
    r"^/api/v2/traces/.*",  # Trace data
    r"^/api/v2/spans/.*",  # Span data
    # Infrastructure
    r"^/api/v2/hosts.*",  # Host information
    r"^/api/v2/tags.*",  # Tag management (read)
    r"^/api/v2/usage.*",  # Usage statistics
    # Service management
    r"^/api/v2/services.*",  # Service catalog
    r"^/api/v2/slos.*",  # Service level objectives
    r"^/api/v2/incidents.*",  # Incident management
    # Security and compliance
    r"^/api/v2/security_monitoring.*",  # Security signals
    r"^/api/v2/cloud_workload_security.*",  # CWS data
    # Teams and organization (read-only)
    r"^/api/v2/users.*",  # User information
    r"^/api/v2/roles.*",  # Role information
    r"^/api/v2/teams.*",  # Team structure
    # API metadata
    r"^/api/v2/api_keys$",  # List API keys (no create/delete)
    r"^/api/v2/application_keys$",  # List app keys (no create/delete)
]

Tool Definition Quality

B3.2/5.0
Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It mentions the tool is a list endpoint and includes HTTP response codes (200, 400, 403, 429) with examples, adding context on success and error handling. However, it doesn't detail rate limits, authentication needs, or pagination behavior beyond cursor usage, which are critical for a search tool with potential constraints.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness2/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is overly verbose, including redundant parameter details and extensive HTTP response examples that duplicate what an output schema might provide. It lacks front-loading of key information, with the core purpose buried in the first sentence. Sentences like 'Both this endpoint and the POST endpoint can be used interchangeably' add minimal value, making the structure inefficient and cluttered.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of a search tool with six parameters and an output schema (implied by response examples), the description is moderately complete. It covers basic purpose, parameters, and responses, but with no annotations and redundant details, it misses behavioral aspects like rate limits or authentication. The output schema existence reduces the need to explain return values, but gaps remain in operational context.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The schema description coverage is 100%, so the input schema already documents all six parameters thoroughly. The description repeats parameter details in a 'Query Parameters' section, adding no new meaning beyond the schema. This meets the baseline of 3, as the schema does the heavy lifting, but the description doesn't compensate with additional insights like format examples or usage tips.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool 'returns security signals that match a search query,' specifying the verb ('returns') and resource ('security signals'). It distinguishes from a POST endpoint by noting interchangeability but doesn't differentiate from sibling tools like 'GetSecurityMonitoringSignal' or 'ListSecurityMonitoringRules,' which limits full distinction.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage for listing security signals with search queries and mentions interchangeability with a POST endpoint, providing some context. However, it lacks explicit guidance on when to use this tool versus alternatives like 'GetSecurityMonitoringSignal' or 'SearchIncidents,' and doesn't specify prerequisites or exclusions, leaving gaps in usage clarity.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Related Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/brukhabtu/datadog-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server