Chilkat Online Tools

SQL Server / Datadog API Collection / Change the triage state of a security signal

Back to Collection Items

-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    -- This example assumes the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @http int
    EXEC @hr = sp_OACreate 'Chilkat_9_5_0.Http', @http OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    DECLARE @success int

    -- Use this online tool to generate code from sample JSON: Generate Code to Create JSON

    -- The following JSON is sent in the request body.

    -- {
    --   "data": {
    --     "attributes": {
    --       "state": "under_review",
    --       "archive_comment": "<string>",
    --       "archive_reason": "none",
    --       "version": "<long>"
    --     },
    --     "id": {
    --       "description": "The unique ID of the security signal."
    --     },
    --     "type": "signal_metadata"
    --   }
    -- }

    DECLARE @json int
    EXEC @hr = sp_OACreate 'Chilkat_9_5_0.JsonObject', @json OUT

    EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'data.attributes.state', 'under_review'
    EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'data.attributes.archive_comment', '<string>'
    EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'data.attributes.archive_reason', 'none'
    EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'data.attributes.version', '<long>'
    EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'data.id.description', 'The unique ID of the security signal.'
    EXEC sp_OAMethod @json, 'UpdateString', @success OUT, 'data.type', 'signal_metadata'

    EXEC sp_OAMethod @http, 'SetRequestHeader', NULL, 'Content-Type', 'application/json'
    EXEC sp_OAMethod @http, 'SetRequestHeader', NULL, 'Accept', 'application/json'

    DECLARE @sbRequestBody int
    EXEC @hr = sp_OACreate 'Chilkat_9_5_0.StringBuilder', @sbRequestBody OUT

    EXEC sp_OAMethod @json, 'EmitSb', @success OUT, @sbRequestBody

    DECLARE @resp int
    EXEC sp_OAMethod @http, 'PTextSb', @resp OUT, 'PATCH', 'https://api.app.ddog-gov.com/api/v2/security_monitoring/signals/:signal_id/state', @sbRequestBody, 'utf-8', 'application/json', 0, 0
    EXEC sp_OAGetProperty @http, 'LastMethodSuccess', @iTmp0 OUT
    IF @iTmp0 = 0
      BEGIN
        EXEC sp_OAGetProperty @http, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @http
        EXEC @hr = sp_OADestroy @json
        EXEC @hr = sp_OADestroy @sbRequestBody
        RETURN
      END

    DECLARE @sbResponseBody int
    EXEC @hr = sp_OACreate 'Chilkat_9_5_0.StringBuilder', @sbResponseBody OUT

    EXEC sp_OAMethod @resp, 'GetBodySb', @success OUT, @sbResponseBody

    DECLARE @jResp int
    EXEC @hr = sp_OACreate 'Chilkat_9_5_0.JsonObject', @jResp OUT

    EXEC sp_OAMethod @jResp, 'LoadSb', @success OUT, @sbResponseBody
    EXEC sp_OASetProperty @jResp, 'EmitCompact', 0


    PRINT 'Response Body:'
    EXEC sp_OAMethod @jResp, 'Emit', @sTmp0 OUT
    PRINT @sTmp0

    DECLARE @respStatusCode int
    EXEC sp_OAGetProperty @resp, 'StatusCode', @respStatusCode OUT

    PRINT 'Response Status Code = ' + @respStatusCode
    IF @respStatusCode >= 400
      BEGIN

        PRINT 'Response Header:'
        EXEC sp_OAGetProperty @resp, 'Header', @sTmp0 OUT
        PRINT @sTmp0

        PRINT 'Failed.'
        EXEC @hr = sp_OADestroy @resp

        EXEC @hr = sp_OADestroy @http
        EXEC @hr = sp_OADestroy @json
        EXEC @hr = sp_OADestroy @sbRequestBody
        EXEC @hr = sp_OADestroy @sbResponseBody
        EXEC @hr = sp_OADestroy @jResp
        RETURN
      END
    EXEC @hr = sp_OADestroy @resp

    -- Sample JSON response:
    -- (Sample code for parsing the JSON response is shown below)

    -- {
    --   "data": {
    --     "attributes": {
    --       "assignee": {
    --         "uuid": "<string>",
    --         "handle": "<string>",
    --         "icon": "<string>",
    --         "id": "<long>",
    --         "name": "<string>"
    --       },
    --       "state": "open",
    --       "incident_ids": [
    --         "<long>",
    --         "<long>"
    --       ],
    --       "archive_comment": "<string>",
    --       "archive_comment_timestamp": "<long>",
    --       "archive_comment_user": {
    --         "uuid": "<string>",
    --         "handle": "<string>",
    --         "icon": "<string>",
    --         "id": "<long>",
    --         "name": "<string>"
    --       },
    --       "archive_reason": "other",
    --       "state_update_timestamp": "<long>",
    --       "state_update_user": {
    --         "uuid": "<string>",
    --         "handle": "<string>",
    --         "icon": "<string>",
    --         "id": "<long>",
    --         "name": "<string>"
    --       }
    --     },
    --     "id": "<string>",
    --     "type": "signal_metadata"
    --   }
    -- }

    -- Sample code for parsing the JSON response...
    -- Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code

    DECLARE @strVal nvarchar(4000)

    DECLARE @Uuid nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @Uuid OUT, 'data.attributes.assignee.uuid'
    DECLARE @Handle nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @Handle OUT, 'data.attributes.assignee.handle'
    DECLARE @Icon nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @Icon OUT, 'data.attributes.assignee.icon'
    DECLARE @Id nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @Id OUT, 'data.attributes.assignee.id'
    DECLARE @Name nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @Name OUT, 'data.attributes.assignee.name'
    DECLARE @State nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @State OUT, 'data.attributes.state'
    DECLARE @Archive_comment nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @Archive_comment OUT, 'data.attributes.archive_comment'
    DECLARE @Archive_comment_timestamp nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @Archive_comment_timestamp OUT, 'data.attributes.archive_comment_timestamp'
    DECLARE @Archive_comment_userUuid nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @Archive_comment_userUuid OUT, 'data.attributes.archive_comment_user.uuid'
    DECLARE @Archive_comment_userHandle nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @Archive_comment_userHandle OUT, 'data.attributes.archive_comment_user.handle'
    DECLARE @Archive_comment_userIcon nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @Archive_comment_userIcon OUT, 'data.attributes.archive_comment_user.icon'
    DECLARE @Archive_comment_userId nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @Archive_comment_userId OUT, 'data.attributes.archive_comment_user.id'
    DECLARE @Archive_comment_userName nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @Archive_comment_userName OUT, 'data.attributes.archive_comment_user.name'
    DECLARE @Archive_reason nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @Archive_reason OUT, 'data.attributes.archive_reason'
    DECLARE @State_update_timestamp nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @State_update_timestamp OUT, 'data.attributes.state_update_timestamp'
    DECLARE @State_update_userUuid nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @State_update_userUuid OUT, 'data.attributes.state_update_user.uuid'
    DECLARE @State_update_userHandle nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @State_update_userHandle OUT, 'data.attributes.state_update_user.handle'
    DECLARE @State_update_userIcon nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @State_update_userIcon OUT, 'data.attributes.state_update_user.icon'
    DECLARE @State_update_userId nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @State_update_userId OUT, 'data.attributes.state_update_user.id'
    DECLARE @State_update_userName nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @State_update_userName OUT, 'data.attributes.state_update_user.name'
    DECLARE @dataId nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @dataId OUT, 'data.id'
    DECLARE @v_Type nvarchar(4000)
    EXEC sp_OAMethod @jResp, 'StringOf', @v_Type OUT, 'data.type'
    DECLARE @i int
    SELECT @i = 0
    DECLARE @count_i int
    EXEC sp_OAMethod @jResp, 'SizeOfArray', @count_i OUT, 'data.attributes.incident_ids'
    WHILE @i < @count_i
      BEGIN
        EXEC sp_OASetProperty @jResp, 'I', @i
        EXEC sp_OAMethod @jResp, 'StringOf', @strVal OUT, 'data.attributes.incident_ids[i]'
        SELECT @i = @i + 1
      END

    EXEC @hr = sp_OADestroy @http
    EXEC @hr = sp_OADestroy @json
    EXEC @hr = sp_OADestroy @sbRequestBody
    EXEC @hr = sp_OADestroy @sbResponseBody
    EXEC @hr = sp_OADestroy @jResp


END
GO

Curl Command

curl -X PATCH
	-H "Content-Type: application/json"
	-H "Accept: application/json"
	-d '{
  "data": {
    "attributes": {
      "state": "under_review",
      "archive_comment": "<string>",
      "archive_reason": "none",
      "version": "<long>"
    },
    "id": {
      "description": "The unique ID of the security signal."
    },
    "type": "signal_metadata"
  }
}'
https://api.app.ddog-gov.com/api/v2/security_monitoring/signals/:signal_id/state

Postman Collection Item JSON

{
  "name": "Change the triage state of a security signal",
  "request": {
    "method": "PATCH",
    "header": [
      {
        "key": "Content-Type",
        "value": "application/json"
      },
      {
        "key": "Accept",
        "value": "application/json"
      }
    ],
    "body": {
      "mode": "raw",
      "raw": "{\n  \"data\": {\n    \"attributes\": {\n      \"state\": \"under_review\",\n      \"archive_comment\": \"<string>\",\n      \"archive_reason\": \"none\",\n      \"version\": \"<long>\"\n    },\n    \"id\": {\n      \"description\": \"The unique ID of the security signal.\"\n    },\n    \"type\": \"signal_metadata\"\n  }\n}",
      "options": {
        "raw": {
          "headerFamily": "json",
          "language": "json"
        }
      }
    },
    "url": {
      "raw": "{{baseUrl}}/api/v2/security_monitoring/signals/:signal_id/state",
      "host": [
        "{{baseUrl}}"
      ],
      "path": [
        "api",
        "v2",
        "security_monitoring",
        "signals",
        ":signal_id",
        "state"
      ],
      "variable": [
        {
          "key": "signal_id",
          "value": "<string>"
        }
      ]
    },
    "description": "Change the triage state of a security signal."
  },
  "response": [
    {
      "name": "OK",
      "originalRequest": {
        "method": "PATCH",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"data\": {\n    \"attributes\": {\n      \"state\": \"under_review\",\n      \"archive_comment\": \"<string>\",\n      \"archive_reason\": \"none\",\n      \"version\": \"<long>\"\n    },\n    \"id\": {\n      \"description\": \"The unique ID of the security signal.\"\n    },\n    \"type\": \"signal_metadata\"\n  }\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/security_monitoring/signals/:signal_id/state",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "security_monitoring",
            "signals",
            ":signal_id",
            "state"
          ],
          "variable": [
            {
              "key": "signal_id"
            }
          ]
        }
      },
      "status": "OK",
      "code": 200,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"data\": {\n    \"attributes\": {\n      \"assignee\": {\n        \"uuid\": \"<string>\",\n        \"handle\": \"<string>\",\n        \"icon\": \"<string>\",\n        \"id\": \"<long>\",\n        \"name\": \"<string>\"\n      },\n      \"state\": \"open\",\n      \"incident_ids\": [\n        \"<long>\",\n        \"<long>\"\n      ],\n      \"archive_comment\": \"<string>\",\n      \"archive_comment_timestamp\": \"<long>\",\n      \"archive_comment_user\": {\n        \"uuid\": \"<string>\",\n        \"handle\": \"<string>\",\n        \"icon\": \"<string>\",\n        \"id\": \"<long>\",\n        \"name\": \"<string>\"\n      },\n      \"archive_reason\": \"other\",\n      \"state_update_timestamp\": \"<long>\",\n      \"state_update_user\": {\n        \"uuid\": \"<string>\",\n        \"handle\": \"<string>\",\n        \"icon\": \"<string>\",\n        \"id\": \"<long>\",\n        \"name\": \"<string>\"\n      }\n    },\n    \"id\": \"<string>\",\n    \"type\": \"signal_metadata\"\n  }\n}"
    },
    {
      "name": "Bad Request",
      "originalRequest": {
        "method": "PATCH",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"data\": {\n    \"attributes\": {\n      \"state\": \"under_review\",\n      \"archive_comment\": \"<string>\",\n      \"archive_reason\": \"none\",\n      \"version\": \"<long>\"\n    },\n    \"id\": {\n      \"description\": \"The unique ID of the security signal.\"\n    },\n    \"type\": \"signal_metadata\"\n  }\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/security_monitoring/signals/:signal_id/state",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "security_monitoring",
            "signals",
            ":signal_id",
            "state"
          ],
          "variable": [
            {
              "key": "signal_id"
            }
          ]
        }
      },
      "status": "Bad Request",
      "code": 400,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"errors\": [\n    \"<string>\",\n    \"<string>\"\n  ]\n}"
    },
    {
      "name": "Forbidden",
      "originalRequest": {
        "method": "PATCH",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"data\": {\n    \"attributes\": {\n      \"state\": \"under_review\",\n      \"archive_comment\": \"<string>\",\n      \"archive_reason\": \"none\",\n      \"version\": \"<long>\"\n    },\n    \"id\": {\n      \"description\": \"The unique ID of the security signal.\"\n    },\n    \"type\": \"signal_metadata\"\n  }\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/security_monitoring/signals/:signal_id/state",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "security_monitoring",
            "signals",
            ":signal_id",
            "state"
          ],
          "variable": [
            {
              "key": "signal_id"
            }
          ]
        }
      },
      "status": "Forbidden",
      "code": 403,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"errors\": [\n    \"<string>\",\n    \"<string>\"\n  ]\n}"
    },
    {
      "name": "Not Found",
      "originalRequest": {
        "method": "PATCH",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"data\": {\n    \"attributes\": {\n      \"state\": \"under_review\",\n      \"archive_comment\": \"<string>\",\n      \"archive_reason\": \"none\",\n      \"version\": \"<long>\"\n    },\n    \"id\": {\n      \"description\": \"The unique ID of the security signal.\"\n    },\n    \"type\": \"signal_metadata\"\n  }\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/security_monitoring/signals/:signal_id/state",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "security_monitoring",
            "signals",
            ":signal_id",
            "state"
          ],
          "variable": [
            {
              "key": "signal_id"
            }
          ]
        }
      },
      "status": "Not Found",
      "code": 404,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"errors\": [\n    \"<string>\",\n    \"<string>\"\n  ]\n}"
    },
    {
      "name": "Too many requests",
      "originalRequest": {
        "method": "PATCH",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"data\": {\n    \"attributes\": {\n      \"state\": \"under_review\",\n      \"archive_comment\": \"<string>\",\n      \"archive_reason\": \"none\",\n      \"version\": \"<long>\"\n    },\n    \"id\": {\n      \"description\": \"The unique ID of the security signal.\"\n    },\n    \"type\": \"signal_metadata\"\n  }\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/security_monitoring/signals/:signal_id/state",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "security_monitoring",
            "signals",
            ":signal_id",
            "state"
          ],
          "variable": [
            {
              "key": "signal_id"
            }
          ]
        }
      },
      "status": "Too Many Requests",
      "code": 429,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"errors\": [\n    \"<string>\",\n    \"<string>\"\n  ]\n}"
    }
  ]
}