Back to Collection Items
Add-Type -Path "C:\chilkat\ChilkatDotNet47-9.5.0-x64\ChilkatDotNet47.dll"
# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
$http = New-Object Chilkat.Http
$http.SetRequestHeader("Accept","application/json")
$sbResponseBody = New-Object Chilkat.StringBuilder
$success = $http.QuickGetSb("https://api.app.ddog-gov.com/api/v2/security_monitoring/rules/:rule_id",$sbResponseBody)
if ($success -eq $false) {
$($http.LastErrorText)
exit
}
$jResp = New-Object Chilkat.JsonObject
$jResp.LoadSb($sbResponseBody)
$jResp.EmitCompact = $false
$("Response Body:")
$($jResp.Emit())
$respStatusCode = $http.LastStatus
$("Response Status Code = " + $respStatusCode)
if ($respStatusCode -ge 400) {
$("Response Header:")
$($http.LastHeader)
$("Failed.")
exit
}
# Sample JSON response:
# (Sample code for parsing the JSON response is shown below)
# {
# "cases": [
# {
# "condition": "<string>",
# "name": "<string>",
# "notifications": [
# "<string>",
# "<string>"
# ],
# "status": "medium"
# },
# {
# "condition": "<string>",
# "name": "<string>",
# "notifications": [
# "<string>",
# "<string>"
# ],
# "status": "critical"
# }
# ],
# "complianceSignalOptions": {
# "defaultActivationStatus": "<boolean>",
# "defaultGroupByFields": [
# "<string>",
# "<string>"
# ],
# "userActivationStatus": "<boolean>",
# "userGroupByFields": [
# "<string>",
# "<string>"
# ]
# },
# "createdAt": "<long>",
# "creationAuthorId": "<long>",
# "deprecationDate": "<long>",
# "filters": [
# {
# "action": "suppress",
# "query": "<string>"
# },
# {
# "action": "require",
# "query": "<string>"
# }
# ],
# "hasExtendedTitle": "<boolean>",
# "id": "<string>",
# "isDefault": "<boolean>",
# "isDeleted": "<boolean>",
# "isEnabled": "<boolean>",
# "message": "<string>",
# "name": "<string>",
# "options": {
# "complianceRuleOptions": {
# "complexRule": "<boolean>",
# "regoRule": {
# "policy": "<string>",
# "resourceTypes": [
# "<string>",
# "<string>"
# ]
# },
# "resourceType": "<string>"
# },
# "decreaseCriticalityBasedOnEnv": "<boolean>",
# "detectionMethod": "third_party",
# "evaluationWindow": 300,
# "hardcodedEvaluatorType": "log4shell",
# "impossibleTravelOptions": {
# "baselineUserLocations": "<boolean>"
# },
# "keepAlive": 300,
# "maxSignalDuration": 900,
# "newValueOptions": {
# "forgetAfter": 28,
# "learningDuration": 0,
# "learningMethod": "duration",
# "learningThreshold": 0
# }
# },
# "queries": [
# {
# "aggregation": "max",
# "distinctFields": [
# "<string>",
# "<string>"
# ],
# "groupByFields": [
# "<string>",
# "<string>"
# ],
# "metric": "<string>",
# "metrics": [
# "<string>",
# "<string>"
# ],
# "name": "<string>",
# "query": "<string>"
# },
# {
# "aggregation": "max",
# "distinctFields": [
# "<string>",
# "<string>"
# ],
# "groupByFields": [
# "<string>",
# "<string>"
# ],
# "metric": "<string>",
# "metrics": [
# "<string>",
# "<string>"
# ],
# "name": "<string>",
# "query": "<string>"
# }
# ],
# "tags": [
# "<string>",
# "<string>"
# ],
# "type": "application_security",
# "updateAuthorId": "<long>",
# "version": "<long>"
# }
# Sample code for parsing the JSON response...
# Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code
$DefaultActivationStatus = $jResp.StringOf("complianceSignalOptions.defaultActivationStatus")
$UserActivationStatus = $jResp.StringOf("complianceSignalOptions.userActivationStatus")
$createdAt = $jResp.StringOf("createdAt")
$creationAuthorId = $jResp.StringOf("creationAuthorId")
$deprecationDate = $jResp.StringOf("deprecationDate")
$hasExtendedTitle = $jResp.StringOf("hasExtendedTitle")
$id = $jResp.StringOf("id")
$isDefault = $jResp.StringOf("isDefault")
$isDeleted = $jResp.StringOf("isDeleted")
$isEnabled = $jResp.StringOf("isEnabled")
$message = $jResp.StringOf("message")
$name = $jResp.StringOf("name")
$ComplexRule = $jResp.StringOf("options.complianceRuleOptions.complexRule")
$Policy = $jResp.StringOf("options.complianceRuleOptions.regoRule.policy")
$ResourceType = $jResp.StringOf("options.complianceRuleOptions.resourceType")
$DecreaseCriticalityBasedOnEnv = $jResp.StringOf("options.decreaseCriticalityBasedOnEnv")
$DetectionMethod = $jResp.StringOf("options.detectionMethod")
$EvaluationWindow = $jResp.IntOf("options.evaluationWindow")
$HardcodedEvaluatorType = $jResp.StringOf("options.hardcodedEvaluatorType")
$BaselineUserLocations = $jResp.StringOf("options.impossibleTravelOptions.baselineUserLocations")
$KeepAlive = $jResp.IntOf("options.keepAlive")
$MaxSignalDuration = $jResp.IntOf("options.maxSignalDuration")
$ForgetAfter = $jResp.IntOf("options.newValueOptions.forgetAfter")
$LearningDuration = $jResp.IntOf("options.newValueOptions.learningDuration")
$LearningMethod = $jResp.StringOf("options.newValueOptions.learningMethod")
$LearningThreshold = $jResp.IntOf("options.newValueOptions.learningThreshold")
$v_type = $jResp.StringOf("type")
$updateAuthorId = $jResp.StringOf("updateAuthorId")
$version = $jResp.StringOf("version")
$i = 0
$count_i = $jResp.SizeOfArray("cases")
while ($i -lt $count_i) {
$jResp.I = $i
$condition = $jResp.StringOf("cases[i].condition")
$name = $jResp.StringOf("cases[i].name")
$status = $jResp.StringOf("cases[i].status")
$j = 0
$count_j = $jResp.SizeOfArray("cases[i].notifications")
while ($j -lt $count_j) {
$jResp.J = $j
$strVal = $jResp.StringOf("cases[i].notifications[j]")
$j = $j + 1
}
$i = $i + 1
}
$i = 0
$count_i = $jResp.SizeOfArray("complianceSignalOptions.defaultGroupByFields")
while ($i -lt $count_i) {
$jResp.I = $i
$strVal = $jResp.StringOf("complianceSignalOptions.defaultGroupByFields[i]")
$i = $i + 1
}
$i = 0
$count_i = $jResp.SizeOfArray("complianceSignalOptions.userGroupByFields")
while ($i -lt $count_i) {
$jResp.I = $i
$strVal = $jResp.StringOf("complianceSignalOptions.userGroupByFields[i]")
$i = $i + 1
}
$i = 0
$count_i = $jResp.SizeOfArray("filters")
while ($i -lt $count_i) {
$jResp.I = $i
$action = $jResp.StringOf("filters[i].action")
$query = $jResp.StringOf("filters[i].query")
$i = $i + 1
}
$i = 0
$count_i = $jResp.SizeOfArray("options.complianceRuleOptions.regoRule.resourceTypes")
while ($i -lt $count_i) {
$jResp.I = $i
$strVal = $jResp.StringOf("options.complianceRuleOptions.regoRule.resourceTypes[i]")
$i = $i + 1
}
$i = 0
$count_i = $jResp.SizeOfArray("queries")
while ($i -lt $count_i) {
$jResp.I = $i
$aggregation = $jResp.StringOf("queries[i].aggregation")
$metric = $jResp.StringOf("queries[i].metric")
$name = $jResp.StringOf("queries[i].name")
$query = $jResp.StringOf("queries[i].query")
$j = 0
$count_j = $jResp.SizeOfArray("queries[i].distinctFields")
while ($j -lt $count_j) {
$jResp.J = $j
$strVal = $jResp.StringOf("queries[i].distinctFields[j]")
$j = $j + 1
}
$j = 0
$count_j = $jResp.SizeOfArray("queries[i].groupByFields")
while ($j -lt $count_j) {
$jResp.J = $j
$strVal = $jResp.StringOf("queries[i].groupByFields[j]")
$j = $j + 1
}
$j = 0
$count_j = $jResp.SizeOfArray("queries[i].metrics")
while ($j -lt $count_j) {
$jResp.J = $j
$strVal = $jResp.StringOf("queries[i].metrics[j]")
$j = $j + 1
}
$i = $i + 1
}
$i = 0
$count_i = $jResp.SizeOfArray("tags")
while ($i -lt $count_i) {
$jResp.I = $i
$strVal = $jResp.StringOf("tags[i]")
$i = $i + 1
}
Curl Command
curl -X GET
-H "Accept: application/json"
https://api.app.ddog-gov.com/api/v2/security_monitoring/rules/:rule_id
Postman Collection Item JSON
{
"name": "Get a rule's details",
"request": {
"method": "GET",
"header": [
{
"key": "Accept",
"value": "application/json"
}
],
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules/:rule_id",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules",
":rule_id"
],
"variable": [
{
"key": "rule_id",
"value": "<string>"
}
]
},
"description": "Get a rule's details."
},
"response": [
{
"name": "OK",
"originalRequest": {
"method": "GET",
"header": [
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules/:rule_id",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules",
":rule_id"
],
"variable": [
{
"key": "rule_id"
}
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"medium\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"createdAt\": \"<long>\",\n \"creationAuthorId\": \"<long>\",\n \"deprecationDate\": \"<long>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"id\": \"<string>\",\n \"isDefault\": \"<boolean>\",\n \"isDeleted\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\"\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 300,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 300,\n \"maxSignalDuration\": 900,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"application_security\",\n \"updateAuthorId\": \"<long>\",\n \"version\": \"<long>\"\n}"
},
{
"name": "Not Found",
"originalRequest": {
"method": "GET",
"header": [
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules/:rule_id",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules",
":rule_id"
],
"variable": [
{
"key": "rule_id"
}
]
}
},
"status": "Not Found",
"code": 404,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Too many requests",
"originalRequest": {
"method": "GET",
"header": [
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules/:rule_id",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules",
":rule_id"
],
"variable": [
{
"key": "rule_id"
}
]
}
},
"status": "Too Many Requests",
"code": 429,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
}
]
}
