TCL / Datadog API Collection / Change the triage state of a security signal
Back to Collection Items
load ./chilkat.dll
# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set http [new_CkHttp]
# Use this online tool to generate code from sample JSON: Generate Code to Create JSON
# The following JSON is sent in the request body.
# {
# "data": {
# "attributes": {
# "state": "under_review",
# "archive_comment": "<string>",
# "archive_reason": "none",
# "version": "<long>"
# },
# "id": {
# "description": "The unique ID of the security signal."
# },
# "type": "signal_metadata"
# }
# }
set json [new_CkJsonObject]
CkJsonObject_UpdateString $json "data.attributes.state" "under_review"
CkJsonObject_UpdateString $json "data.attributes.archive_comment" "<string>"
CkJsonObject_UpdateString $json "data.attributes.archive_reason" "none"
CkJsonObject_UpdateString $json "data.attributes.version" "<long>"
CkJsonObject_UpdateString $json "data.id.description" "The unique ID of the security signal."
CkJsonObject_UpdateString $json "data.type" "signal_metadata"
CkHttp_SetRequestHeader $http "Content-Type" "application/json"
CkHttp_SetRequestHeader $http "Accept" "application/json"
set sbRequestBody [new_CkStringBuilder]
CkJsonObject_EmitSb $json $sbRequestBody
# resp is a CkHttpResponse
set resp [CkHttp_PTextSb $http "PATCH" "https://api.app.ddog-gov.com/api/v2/security_monitoring/signals/:signal_id/state" $sbRequestBody "utf-8" "application/json" 0 0]
if {[CkHttp_get_LastMethodSuccess $http] == 0} then {
puts [CkHttp_lastErrorText $http]
delete_CkHttp $http
delete_CkJsonObject $json
delete_CkStringBuilder $sbRequestBody
exit
}
set sbResponseBody [new_CkStringBuilder]
CkHttpResponse_GetBodySb $resp $sbResponseBody
set jResp [new_CkJsonObject]
CkJsonObject_LoadSb $jResp $sbResponseBody
CkJsonObject_put_EmitCompact $jResp 0
puts "Response Body:"
puts [CkJsonObject_emit $jResp]
set respStatusCode [CkHttpResponse_get_StatusCode $resp]
puts "Response Status Code = $respStatusCode"
if {$respStatusCode >= 400} then {
puts "Response Header:"
puts [CkHttpResponse_header $resp]
puts "Failed."
delete_CkHttpResponse $resp
delete_CkHttp $http
delete_CkJsonObject $json
delete_CkStringBuilder $sbRequestBody
delete_CkStringBuilder $sbResponseBody
delete_CkJsonObject $jResp
exit
}
delete_CkHttpResponse $resp
# Sample JSON response:
# (Sample code for parsing the JSON response is shown below)
# {
# "data": {
# "attributes": {
# "assignee": {
# "uuid": "<string>",
# "handle": "<string>",
# "icon": "<string>",
# "id": "<long>",
# "name": "<string>"
# },
# "state": "open",
# "incident_ids": [
# "<long>",
# "<long>"
# ],
# "archive_comment": "<string>",
# "archive_comment_timestamp": "<long>",
# "archive_comment_user": {
# "uuid": "<string>",
# "handle": "<string>",
# "icon": "<string>",
# "id": "<long>",
# "name": "<string>"
# },
# "archive_reason": "other",
# "state_update_timestamp": "<long>",
# "state_update_user": {
# "uuid": "<string>",
# "handle": "<string>",
# "icon": "<string>",
# "id": "<long>",
# "name": "<string>"
# }
# },
# "id": "<string>",
# "type": "signal_metadata"
# }
# }
# Sample code for parsing the JSON response...
# Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code
set Uuid [CkJsonObject_stringOf $jResp "data.attributes.assignee.uuid"]
set Handle [CkJsonObject_stringOf $jResp "data.attributes.assignee.handle"]
set Icon [CkJsonObject_stringOf $jResp "data.attributes.assignee.icon"]
set Id [CkJsonObject_stringOf $jResp "data.attributes.assignee.id"]
set Name [CkJsonObject_stringOf $jResp "data.attributes.assignee.name"]
set State [CkJsonObject_stringOf $jResp "data.attributes.state"]
set Archive_comment [CkJsonObject_stringOf $jResp "data.attributes.archive_comment"]
set Archive_comment_timestamp [CkJsonObject_stringOf $jResp "data.attributes.archive_comment_timestamp"]
set Archive_comment_userUuid [CkJsonObject_stringOf $jResp "data.attributes.archive_comment_user.uuid"]
set Archive_comment_userHandle [CkJsonObject_stringOf $jResp "data.attributes.archive_comment_user.handle"]
set Archive_comment_userIcon [CkJsonObject_stringOf $jResp "data.attributes.archive_comment_user.icon"]
set Archive_comment_userId [CkJsonObject_stringOf $jResp "data.attributes.archive_comment_user.id"]
set Archive_comment_userName [CkJsonObject_stringOf $jResp "data.attributes.archive_comment_user.name"]
set Archive_reason [CkJsonObject_stringOf $jResp "data.attributes.archive_reason"]
set State_update_timestamp [CkJsonObject_stringOf $jResp "data.attributes.state_update_timestamp"]
set State_update_userUuid [CkJsonObject_stringOf $jResp "data.attributes.state_update_user.uuid"]
set State_update_userHandle [CkJsonObject_stringOf $jResp "data.attributes.state_update_user.handle"]
set State_update_userIcon [CkJsonObject_stringOf $jResp "data.attributes.state_update_user.icon"]
set State_update_userId [CkJsonObject_stringOf $jResp "data.attributes.state_update_user.id"]
set State_update_userName [CkJsonObject_stringOf $jResp "data.attributes.state_update_user.name"]
set dataId [CkJsonObject_stringOf $jResp "data.id"]
set v_Type [CkJsonObject_stringOf $jResp "data.type"]
set i 0
set count_i [CkJsonObject_SizeOfArray $jResp "data.attributes.incident_ids"]
while {$i < $count_i} {
CkJsonObject_put_I $jResp $i
set strVal [CkJsonObject_stringOf $jResp "data.attributes.incident_ids[i]"]
set i [expr $i + 1]
}
delete_CkHttp $http
delete_CkJsonObject $json
delete_CkStringBuilder $sbRequestBody
delete_CkStringBuilder $sbResponseBody
delete_CkJsonObject $jResp
Curl Command
curl -X PATCH
-H "Content-Type: application/json"
-H "Accept: application/json"
-d '{
"data": {
"attributes": {
"state": "under_review",
"archive_comment": "<string>",
"archive_reason": "none",
"version": "<long>"
},
"id": {
"description": "The unique ID of the security signal."
},
"type": "signal_metadata"
}
}'
https://api.app.ddog-gov.com/api/v2/security_monitoring/signals/:signal_id/state
Postman Collection Item JSON
{
"name": "Change the triage state of a security signal",
"request": {
"method": "PATCH",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"data\": {\n \"attributes\": {\n \"state\": \"under_review\",\n \"archive_comment\": \"<string>\",\n \"archive_reason\": \"none\",\n \"version\": \"<long>\"\n },\n \"id\": {\n \"description\": \"The unique ID of the security signal.\"\n },\n \"type\": \"signal_metadata\"\n }\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/signals/:signal_id/state",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"signals",
":signal_id",
"state"
],
"variable": [
{
"key": "signal_id",
"value": "<string>"
}
]
},
"description": "Change the triage state of a security signal."
},
"response": [
{
"name": "OK",
"originalRequest": {
"method": "PATCH",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"data\": {\n \"attributes\": {\n \"state\": \"under_review\",\n \"archive_comment\": \"<string>\",\n \"archive_reason\": \"none\",\n \"version\": \"<long>\"\n },\n \"id\": {\n \"description\": \"The unique ID of the security signal.\"\n },\n \"type\": \"signal_metadata\"\n }\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/signals/:signal_id/state",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"signals",
":signal_id",
"state"
],
"variable": [
{
"key": "signal_id"
}
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"data\": {\n \"attributes\": {\n \"assignee\": {\n \"uuid\": \"<string>\",\n \"handle\": \"<string>\",\n \"icon\": \"<string>\",\n \"id\": \"<long>\",\n \"name\": \"<string>\"\n },\n \"state\": \"open\",\n \"incident_ids\": [\n \"<long>\",\n \"<long>\"\n ],\n \"archive_comment\": \"<string>\",\n \"archive_comment_timestamp\": \"<long>\",\n \"archive_comment_user\": {\n \"uuid\": \"<string>\",\n \"handle\": \"<string>\",\n \"icon\": \"<string>\",\n \"id\": \"<long>\",\n \"name\": \"<string>\"\n },\n \"archive_reason\": \"other\",\n \"state_update_timestamp\": \"<long>\",\n \"state_update_user\": {\n \"uuid\": \"<string>\",\n \"handle\": \"<string>\",\n \"icon\": \"<string>\",\n \"id\": \"<long>\",\n \"name\": \"<string>\"\n }\n },\n \"id\": \"<string>\",\n \"type\": \"signal_metadata\"\n }\n}"
},
{
"name": "Bad Request",
"originalRequest": {
"method": "PATCH",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"data\": {\n \"attributes\": {\n \"state\": \"under_review\",\n \"archive_comment\": \"<string>\",\n \"archive_reason\": \"none\",\n \"version\": \"<long>\"\n },\n \"id\": {\n \"description\": \"The unique ID of the security signal.\"\n },\n \"type\": \"signal_metadata\"\n }\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/signals/:signal_id/state",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"signals",
":signal_id",
"state"
],
"variable": [
{
"key": "signal_id"
}
]
}
},
"status": "Bad Request",
"code": 400,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Forbidden",
"originalRequest": {
"method": "PATCH",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"data\": {\n \"attributes\": {\n \"state\": \"under_review\",\n \"archive_comment\": \"<string>\",\n \"archive_reason\": \"none\",\n \"version\": \"<long>\"\n },\n \"id\": {\n \"description\": \"The unique ID of the security signal.\"\n },\n \"type\": \"signal_metadata\"\n }\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/signals/:signal_id/state",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"signals",
":signal_id",
"state"
],
"variable": [
{
"key": "signal_id"
}
]
}
},
"status": "Forbidden",
"code": 403,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Not Found",
"originalRequest": {
"method": "PATCH",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"data\": {\n \"attributes\": {\n \"state\": \"under_review\",\n \"archive_comment\": \"<string>\",\n \"archive_reason\": \"none\",\n \"version\": \"<long>\"\n },\n \"id\": {\n \"description\": \"The unique ID of the security signal.\"\n },\n \"type\": \"signal_metadata\"\n }\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/signals/:signal_id/state",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"signals",
":signal_id",
"state"
],
"variable": [
{
"key": "signal_id"
}
]
}
},
"status": "Not Found",
"code": 404,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Too many requests",
"originalRequest": {
"method": "PATCH",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"data\": {\n \"attributes\": {\n \"state\": \"under_review\",\n \"archive_comment\": \"<string>\",\n \"archive_reason\": \"none\",\n \"version\": \"<long>\"\n },\n \"id\": {\n \"description\": \"The unique ID of the security signal.\"\n },\n \"type\": \"signal_metadata\"\n }\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/signals/:signal_id/state",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"signals",
":signal_id",
"state"
],
"variable": [
{
"key": "signal_id"
}
]
}
},
"status": "Too Many Requests",
"code": 429,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
}
]
}
