PureBasic / Datadog API Collection / Change the triage state of a security signal
Back to Collection Items
IncludeFile "CkJsonObject.pb"
IncludeFile "CkStringBuilder.pb"
IncludeFile "CkHttp.pb"
IncludeFile "CkHttpResponse.pb"
Procedure ChilkatExample()
; This example assumes the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
http.i = CkHttp::ckCreate()
If http.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
success.i
; Use this online tool to generate code from sample JSON: Generate Code to Create JSON
; The following JSON is sent in the request body.
; {
; "data": {
; "attributes": {
; "state": "under_review",
; "archive_comment": "<string>",
; "archive_reason": "none",
; "version": "<long>"
; },
; "id": {
; "description": "The unique ID of the security signal."
; },
; "type": "signal_metadata"
; }
; }
json.i = CkJsonObject::ckCreate()
If json.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkJsonObject::ckUpdateString(json,"data.attributes.state","under_review")
CkJsonObject::ckUpdateString(json,"data.attributes.archive_comment","<string>")
CkJsonObject::ckUpdateString(json,"data.attributes.archive_reason","none")
CkJsonObject::ckUpdateString(json,"data.attributes.version","<long>")
CkJsonObject::ckUpdateString(json,"data.id.description","The unique ID of the security signal.")
CkJsonObject::ckUpdateString(json,"data.type","signal_metadata")
CkHttp::ckSetRequestHeader(http,"Content-Type","application/json")
CkHttp::ckSetRequestHeader(http,"Accept","application/json")
sbRequestBody.i = CkStringBuilder::ckCreate()
If sbRequestBody.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkJsonObject::ckEmitSb(json,sbRequestBody)
resp.i = CkHttp::ckPTextSb(http,"PATCH","https://api.app.ddog-gov.com/api/v2/security_monitoring/signals/:signal_id/state",sbRequestBody,"utf-8","application/json",0,0)
If CkHttp::ckLastMethodSuccess(http) = 0
Debug CkHttp::ckLastErrorText(http)
CkHttp::ckDispose(http)
CkJsonObject::ckDispose(json)
CkStringBuilder::ckDispose(sbRequestBody)
ProcedureReturn
EndIf
sbResponseBody.i = CkStringBuilder::ckCreate()
If sbResponseBody.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkHttpResponse::ckGetBodySb(resp,sbResponseBody)
jResp.i = CkJsonObject::ckCreate()
If jResp.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkJsonObject::ckLoadSb(jResp,sbResponseBody)
CkJsonObject::setCkEmitCompact(jResp, 0)
Debug "Response Body:"
Debug CkJsonObject::ckEmit(jResp)
respStatusCode.i = CkHttpResponse::ckStatusCode(resp)
Debug "Response Status Code = " + Str(respStatusCode)
If respStatusCode >= 400
Debug "Response Header:"
Debug CkHttpResponse::ckHeader(resp)
Debug "Failed."
CkHttpResponse::ckDispose(resp)
CkHttp::ckDispose(http)
CkJsonObject::ckDispose(json)
CkStringBuilder::ckDispose(sbRequestBody)
CkStringBuilder::ckDispose(sbResponseBody)
CkJsonObject::ckDispose(jResp)
ProcedureReturn
EndIf
CkHttpResponse::ckDispose(resp)
; Sample JSON response:
; (Sample code for parsing the JSON response is shown below)
; {
; "data": {
; "attributes": {
; "assignee": {
; "uuid": "<string>",
; "handle": "<string>",
; "icon": "<string>",
; "id": "<long>",
; "name": "<string>"
; },
; "state": "open",
; "incident_ids": [
; "<long>",
; "<long>"
; ],
; "archive_comment": "<string>",
; "archive_comment_timestamp": "<long>",
; "archive_comment_user": {
; "uuid": "<string>",
; "handle": "<string>",
; "icon": "<string>",
; "id": "<long>",
; "name": "<string>"
; },
; "archive_reason": "other",
; "state_update_timestamp": "<long>",
; "state_update_user": {
; "uuid": "<string>",
; "handle": "<string>",
; "icon": "<string>",
; "id": "<long>",
; "name": "<string>"
; }
; },
; "id": "<string>",
; "type": "signal_metadata"
; }
; }
; Sample code for parsing the JSON response...
; Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code
strVal.s
Uuid.s = CkJsonObject::ckStringOf(jResp,"data.attributes.assignee.uuid")
Handle.s = CkJsonObject::ckStringOf(jResp,"data.attributes.assignee.handle")
Icon.s = CkJsonObject::ckStringOf(jResp,"data.attributes.assignee.icon")
Id.s = CkJsonObject::ckStringOf(jResp,"data.attributes.assignee.id")
Name.s = CkJsonObject::ckStringOf(jResp,"data.attributes.assignee.name")
State.s = CkJsonObject::ckStringOf(jResp,"data.attributes.state")
Archive_comment.s = CkJsonObject::ckStringOf(jResp,"data.attributes.archive_comment")
Archive_comment_timestamp.s = CkJsonObject::ckStringOf(jResp,"data.attributes.archive_comment_timestamp")
Archive_comment_userUuid.s = CkJsonObject::ckStringOf(jResp,"data.attributes.archive_comment_user.uuid")
Archive_comment_userHandle.s = CkJsonObject::ckStringOf(jResp,"data.attributes.archive_comment_user.handle")
Archive_comment_userIcon.s = CkJsonObject::ckStringOf(jResp,"data.attributes.archive_comment_user.icon")
Archive_comment_userId.s = CkJsonObject::ckStringOf(jResp,"data.attributes.archive_comment_user.id")
Archive_comment_userName.s = CkJsonObject::ckStringOf(jResp,"data.attributes.archive_comment_user.name")
Archive_reason.s = CkJsonObject::ckStringOf(jResp,"data.attributes.archive_reason")
State_update_timestamp.s = CkJsonObject::ckStringOf(jResp,"data.attributes.state_update_timestamp")
State_update_userUuid.s = CkJsonObject::ckStringOf(jResp,"data.attributes.state_update_user.uuid")
State_update_userHandle.s = CkJsonObject::ckStringOf(jResp,"data.attributes.state_update_user.handle")
State_update_userIcon.s = CkJsonObject::ckStringOf(jResp,"data.attributes.state_update_user.icon")
State_update_userId.s = CkJsonObject::ckStringOf(jResp,"data.attributes.state_update_user.id")
State_update_userName.s = CkJsonObject::ckStringOf(jResp,"data.attributes.state_update_user.name")
dataId.s = CkJsonObject::ckStringOf(jResp,"data.id")
v_Type.s = CkJsonObject::ckStringOf(jResp,"data.type")
i.i = 0
count_i.i = CkJsonObject::ckSizeOfArray(jResp,"data.attributes.incident_ids")
While i < count_i
CkJsonObject::setCkI(jResp, i)
strVal = CkJsonObject::ckStringOf(jResp,"data.attributes.incident_ids[i]")
i = i + 1
Wend
CkHttp::ckDispose(http)
CkJsonObject::ckDispose(json)
CkStringBuilder::ckDispose(sbRequestBody)
CkStringBuilder::ckDispose(sbResponseBody)
CkJsonObject::ckDispose(jResp)
ProcedureReturn
EndProcedure
Curl Command
curl -X PATCH
-H "Content-Type: application/json"
-H "Accept: application/json"
-d '{
"data": {
"attributes": {
"state": "under_review",
"archive_comment": "<string>",
"archive_reason": "none",
"version": "<long>"
},
"id": {
"description": "The unique ID of the security signal."
},
"type": "signal_metadata"
}
}'
https://api.app.ddog-gov.com/api/v2/security_monitoring/signals/:signal_id/state
Postman Collection Item JSON
{
"name": "Change the triage state of a security signal",
"request": {
"method": "PATCH",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"data\": {\n \"attributes\": {\n \"state\": \"under_review\",\n \"archive_comment\": \"<string>\",\n \"archive_reason\": \"none\",\n \"version\": \"<long>\"\n },\n \"id\": {\n \"description\": \"The unique ID of the security signal.\"\n },\n \"type\": \"signal_metadata\"\n }\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/signals/:signal_id/state",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"signals",
":signal_id",
"state"
],
"variable": [
{
"key": "signal_id",
"value": "<string>"
}
]
},
"description": "Change the triage state of a security signal."
},
"response": [
{
"name": "OK",
"originalRequest": {
"method": "PATCH",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"data\": {\n \"attributes\": {\n \"state\": \"under_review\",\n \"archive_comment\": \"<string>\",\n \"archive_reason\": \"none\",\n \"version\": \"<long>\"\n },\n \"id\": {\n \"description\": \"The unique ID of the security signal.\"\n },\n \"type\": \"signal_metadata\"\n }\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/signals/:signal_id/state",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"signals",
":signal_id",
"state"
],
"variable": [
{
"key": "signal_id"
}
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"data\": {\n \"attributes\": {\n \"assignee\": {\n \"uuid\": \"<string>\",\n \"handle\": \"<string>\",\n \"icon\": \"<string>\",\n \"id\": \"<long>\",\n \"name\": \"<string>\"\n },\n \"state\": \"open\",\n \"incident_ids\": [\n \"<long>\",\n \"<long>\"\n ],\n \"archive_comment\": \"<string>\",\n \"archive_comment_timestamp\": \"<long>\",\n \"archive_comment_user\": {\n \"uuid\": \"<string>\",\n \"handle\": \"<string>\",\n \"icon\": \"<string>\",\n \"id\": \"<long>\",\n \"name\": \"<string>\"\n },\n \"archive_reason\": \"other\",\n \"state_update_timestamp\": \"<long>\",\n \"state_update_user\": {\n \"uuid\": \"<string>\",\n \"handle\": \"<string>\",\n \"icon\": \"<string>\",\n \"id\": \"<long>\",\n \"name\": \"<string>\"\n }\n },\n \"id\": \"<string>\",\n \"type\": \"signal_metadata\"\n }\n}"
},
{
"name": "Bad Request",
"originalRequest": {
"method": "PATCH",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"data\": {\n \"attributes\": {\n \"state\": \"under_review\",\n \"archive_comment\": \"<string>\",\n \"archive_reason\": \"none\",\n \"version\": \"<long>\"\n },\n \"id\": {\n \"description\": \"The unique ID of the security signal.\"\n },\n \"type\": \"signal_metadata\"\n }\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/signals/:signal_id/state",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"signals",
":signal_id",
"state"
],
"variable": [
{
"key": "signal_id"
}
]
}
},
"status": "Bad Request",
"code": 400,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Forbidden",
"originalRequest": {
"method": "PATCH",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"data\": {\n \"attributes\": {\n \"state\": \"under_review\",\n \"archive_comment\": \"<string>\",\n \"archive_reason\": \"none\",\n \"version\": \"<long>\"\n },\n \"id\": {\n \"description\": \"The unique ID of the security signal.\"\n },\n \"type\": \"signal_metadata\"\n }\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/signals/:signal_id/state",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"signals",
":signal_id",
"state"
],
"variable": [
{
"key": "signal_id"
}
]
}
},
"status": "Forbidden",
"code": 403,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Not Found",
"originalRequest": {
"method": "PATCH",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"data\": {\n \"attributes\": {\n \"state\": \"under_review\",\n \"archive_comment\": \"<string>\",\n \"archive_reason\": \"none\",\n \"version\": \"<long>\"\n },\n \"id\": {\n \"description\": \"The unique ID of the security signal.\"\n },\n \"type\": \"signal_metadata\"\n }\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/signals/:signal_id/state",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"signals",
":signal_id",
"state"
],
"variable": [
{
"key": "signal_id"
}
]
}
},
"status": "Not Found",
"code": 404,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Too many requests",
"originalRequest": {
"method": "PATCH",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"data\": {\n \"attributes\": {\n \"state\": \"under_review\",\n \"archive_comment\": \"<string>\",\n \"archive_reason\": \"none\",\n \"version\": \"<long>\"\n },\n \"id\": {\n \"description\": \"The unique ID of the security signal.\"\n },\n \"type\": \"signal_metadata\"\n }\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/signals/:signal_id/state",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"signals",
":signal_id",
"state"
],
"variable": [
{
"key": "signal_id"
}
]
}
},
"status": "Too Many Requests",
"code": 429,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
}
]
}