datadog-security - Pinkfish - AI Agents & Workflows for Getting Work Done

Server path: /datadog-security | Type: Application | PCID required: Yes

Tools

Tool	Description
`datadog_security_aggregate_ciapp_pipeline_events`	Aggregate pipelines events
`datadog_security_aggregate_ciapp_test_events`	Aggregate tests events
`datadog_security_create_case`	Create a case
`datadog_security_create_doradeployment`	Send a deployment event
`datadog_security_create_host_tags`	Add tags to a host
`datadog_security_create_security_monitoring_rule`	Create a detection rule
`datadog_security_delete_host_tags`	Remove host tags
`datadog_security_delete_monitoring_rule`	Delete an existing rule
`datadog_security_get_case`	Get the details of a case
`datadog_security_get_host_tags`	Get Host Tags
`datadog_security_get_monitoring_rule`	Get a rule’s details
`datadog_security_get_monitoring_signal`	Get a signal’s details
`datadog_security_get_project`	Get the details of a project
`datadog_security_get_projects`	Get all projects
`datadog_security_list_ciapp_pipeline_events`	Get a list of pipelines events
`datadog_security_list_ciapp_test_events`	Get a list of tests events
`datadog_security_list_host_tags`	Get All Host Tags
`datadog_security_list_hosts`	Get all hosts for your organization
`datadog_security_list_security_monitoring_rules`	List rules
`datadog_security_list_security_monitoring_signals`	Get a quick list of security signals
`datadog_security_mute_host`	Mute a host
`datadog_security_search_cases`	Search cases
`datadog_security_search_security_monitoring_signals`	Get a list of security signals
`datadog_security_unmute_host`	Unmute a host
`datadog_security_update_host_tags`	Update host tags
`datadog_security_update_security_monitoring_rule`	Update an existing rule

datadog_security_aggregate_ciapp_pipeline_events

Aggregate pipelines events Parameters:

Parameter	Type	Required	Default	Description
`compute`	object[]	No	—	The list of metrics or timeseries to compute for the retrieved buckets.
`filter`	object	No	—	The search and filter query settings.
`group_by`	object[]	No	—	The rules for the group-by.
`options`	object	No	—	Global query options that are used during the query. Only supply timezone or time offset, not both. Otherwise, the query fails.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "compute": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "aggregation": {
            "type": "string",
            "enum": [
              "count",
              "cardinality",
              "pc75",
              "pc90",
              "pc95",
              "pc98",
              "pc99",
              "sum",
              "min",
              "max",
              "avg",
              "median",
              "latest",
              "earliest",
              "most_frequent",
              "delta"
            ],
            "description": "An aggregation function."
          },
          "interval": {
            "type": "string",
            "description": "The time buckets' size (only used for type=timeseries) Defaults to a resolution of 150 points."
          },
          "metric": {
            "type": "string",
            "description": "The metric to use."
          },
          "type": {
            "type": "string",
            "enum": [
              "timeseries",
              "total"
            ],
            "description": "The type of compute."
          }
        },
        "required": [
          "aggregation"
        ]
      },
      "description": "The list of metrics or timeseries to compute for the retrieved buckets."
    },
    "filter": {
      "type": "object",
      "description": "The search and filter query settings.",
      "properties": {
        "from": {
          "type": "string",
          "description": "The minimum time for the requested events; supports date, math, and regular timestamps (in milliseconds)."
        },
        "query": {
          "type": "string",
          "description": "The search query following the CI Visibility Explorer search syntax."
        },
        "to": {
          "type": "string",
          "description": "The maximum time for the requested events, supports date, math, and regular timestamps (in milliseconds)."
        }
      }
    },
    "group_by": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "facet": {
            "type": "string",
            "description": "The name of the facet to use (required)."
          },
          "histogram": {
            "type": "object",
            "description": "Used to perform a histogram computation (only for measure facets). At most, 100 buckets are allowed, the number of buckets is `(max - min)/interval`."
          },
          "limit": {
            "type": "integer",
            "format": "int64",
            "description": "The maximum buckets to return for this group-by."
          },
          "missing": {
            "description": "The value to use for logs that don't have the facet used to group-by."
          },
          "sort": {
            "type": "object",
            "description": "A sort rule. The `aggregation` field is required when `type` is `measure`."
          },
          "total": {
            "description": "A resulting object to put the given computes in over all the matching records."
          }
        },
        "required": [
          "facet"
        ]
      },
      "description": "The rules for the group-by."
    },
    "options": {
      "type": "object",
      "description": "Global query options that are used during the query. Only supply timezone or time offset, not both. Otherwise, the query fails.",
      "properties": {
        "time_offset": {
          "type": "integer",
          "description": "The time offset (in seconds) to apply to the query."
        },
        "timezone": {
          "type": "string",
          "description": "The timezone can be specified as GMT, UTC, an offset from UTC (like UTC+1), or as a Timezone Database identifier (like America/New_York)."
        }
      }
    }
  },
  "required": [
    "PCID"
  ]
}

datadog_security_aggregate_ciapp_test_events

Aggregate tests events Parameters:

Parameter	Type	Required	Default	Description
`compute`	object[]	No	—	The list of metrics or timeseries to compute for the retrieved buckets.
`filter`	object	No	—	The search and filter query settings.
`group_by`	object[]	No	—	The rules for the group-by.
`options`	object	No	—	Global query options that are used during the query. Only supply timezone or time offset, not both. Otherwise, the query fails.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "compute": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "aggregation": {
            "type": "string",
            "enum": [
              "count",
              "cardinality",
              "pc75",
              "pc90",
              "pc95",
              "pc98",
              "pc99",
              "sum",
              "min",
              "max",
              "avg",
              "median",
              "latest",
              "earliest",
              "most_frequent",
              "delta"
            ],
            "description": "An aggregation function."
          },
          "interval": {
            "type": "string",
            "description": "The time buckets' size (only used for type=timeseries) Defaults to a resolution of 150 points."
          },
          "metric": {
            "type": "string",
            "description": "The metric to use."
          },
          "type": {
            "type": "string",
            "enum": [
              "timeseries",
              "total"
            ],
            "description": "The type of compute."
          }
        },
        "required": [
          "aggregation"
        ]
      },
      "description": "The list of metrics or timeseries to compute for the retrieved buckets."
    },
    "filter": {
      "type": "object",
      "description": "The search and filter query settings.",
      "properties": {
        "from": {
          "type": "string",
          "description": "The minimum time for the requested events; supports date, math, and regular timestamps (in milliseconds)."
        },
        "query": {
          "type": "string",
          "description": "The search query following the CI Visibility Explorer search syntax."
        },
        "to": {
          "type": "string",
          "description": "The maximum time for the requested events, supports date, math, and regular timestamps (in milliseconds)."
        }
      }
    },
    "group_by": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "facet": {
            "type": "string",
            "description": "The name of the facet to use (required)."
          },
          "histogram": {
            "type": "object",
            "description": "Used to perform a histogram computation (only for measure facets). At most, 100 buckets are allowed, the number of buckets is `(max - min)/interval`."
          },
          "limit": {
            "type": "integer",
            "format": "int64",
            "description": "The maximum buckets to return for this group-by."
          },
          "missing": {
            "description": "The value to use for logs that don't have the facet used to group-by."
          },
          "sort": {
            "type": "object",
            "description": "A sort rule. The `aggregation` field is required when `type` is `measure`."
          },
          "total": {
            "description": "A resulting object to put the given computes in over all the matching records."
          }
        },
        "required": [
          "facet"
        ]
      },
      "description": "The rules for the group-by."
    },
    "options": {
      "type": "object",
      "description": "Global query options that are used during the query. Only supply timezone or time offset, not both. Otherwise, the query fails.",
      "properties": {
        "time_offset": {
          "type": "integer",
          "description": "The time offset (in seconds) to apply to the query."
        },
        "timezone": {
          "type": "string",
          "description": "The timezone can be specified as GMT, UTC, an offset from UTC (like UTC+1), or as a Timezone Database identifier (like America/New_York)."
        }
      }
    }
  },
  "required": [
    "PCID"
  ]
}

datadog_security_create_case

Create a case Parameters:

Parameter	Type	Required	Default	Description
`data`	object	Yes	—	Case creation data

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "data": {
      "type": "object",
      "description": "Case creation data",
      "properties": {
        "attributes": {
          "type": "object",
          "description": "Case creation attributes"
        },
        "relationships": {
          "type": "object",
          "description": "Relationships formed with the case on creation"
        },
        "type": {
          "type": "string",
          "description": "Case resource type",
          "enum": [
            "case"
          ]
        }
      },
      "required": [
        "attributes",
        "type"
      ]
    }
  },
  "required": [
    "PCID",
    "data"
  ]
}

datadog_security_create_doradeployment

Send a deployment event Parameters:

Parameter	Type	Required	Default	Description
`data`	object	Yes	—	The JSON:API data.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "data": {
      "type": "object",
      "description": "The JSON:API data.",
      "properties": {
        "attributes": {
          "type": "object",
          "description": "Attributes to create a DORA deployment event."
        }
      },
      "required": [
        "attributes"
      ]
    }
  },
  "required": [
    "PCID",
    "data"
  ]
}

datadog_security_create_host_tags

Add tags to a host Parameters:

Parameter	Type	Required	Default	Description
`host_name`	string	Yes	—	Specified host name to add new tags
`source`	string	No	—	Source to add tags. Complete list of source attribute values. Use “user” source for custom-defined tags. If no source is specified, defaults to “user”.
`host`	string	No	—	Your host name.
`tags`	string[]	No	—	A list of tags associated with a host.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "host_name": {
      "type": "string",
      "description": "Specified host name to add new tags"
    },
    "source": {
      "type": "string",
      "description": "Source to add tags. [Complete list of source attribute values](https://docs.datadoghq.com/integrations/faq/list-of-api-source-attribute-value). Use \"user\" source for custom-defined tags. If no source is specified, defaults to \"user\"."
    },
    "host": {
      "type": "string",
      "description": "Your host name."
    },
    "tags": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "A list of tags associated with a host."
    }
  },
  "required": [
    "PCID",
    "host_name"
  ]
}

datadog_security_create_security_monitoring_rule

Create a detection rule Parameters:

Parameter	Type	Required	Default	Description
`body`	object	Yes	—	Create a new rule.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "body": {
      "description": "Create a new rule."
    }
  },
  "required": [
    "PCID",
    "body"
  ]
}

datadog_security_delete_host_tags

Remove host tags Parameters:

Parameter	Type	Required	Default	Description
`host_name`	string	Yes	—	Specified host name to delete tags
`source`	string	No	—	Source of the tags to be deleted. Complete list of source attribute values. Use “user” source for custom-defined tags.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "host_name": {
      "type": "string",
      "description": "Specified host name to delete tags"
    },
    "source": {
      "type": "string",
      "description": "Source of the tags to be deleted. [Complete list of source attribute values](https://docs.datadoghq.com/integrations/faq/list-of-api-source-attribute-value). Use \"user\" source for custom-defined tags."
    }
  },
  "required": [
    "PCID",
    "host_name"
  ]
}

datadog_security_delete_monitoring_rule

Delete an existing rule Parameters:

Parameter	Type	Required	Default	Description
`rule_id`	string	Yes	—	The ID of the rule.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "rule_id": {
      "type": "string",
      "description": "The ID of the rule."
    }
  },
  "required": [
    "PCID",
    "rule_id"
  ]
}

datadog_security_get_case

Get the details of a case Parameters:

Parameter	Type	Required	Default	Description
`case_id`	string	Yes	—	Case’s UUID or key

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "case_id": {
      "type": "string",
      "description": "Case's UUID or key"
    }
  },
  "required": [
    "PCID",
    "case_id"
  ]
}

datadog_security_get_host_tags

Get Host Tags Parameters:

Parameter	Type	Required	Default	Description
`host_name`	string	Yes	—	Name of the host to retrieve tags for
`source`	string	No	—	Source to filter. Complete list of source attribute values. Use “user” source for custom-defined tags.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "host_name": {
      "type": "string",
      "description": "Name of the host to retrieve tags for"
    },
    "source": {
      "type": "string",
      "description": "Source to filter. [Complete list of source attribute values](https://docs.datadoghq.com/integrations/faq/list-of-api-source-attribute-value). Use \"user\" source for custom-defined tags."
    }
  },
  "required": [
    "PCID",
    "host_name"
  ]
}

datadog_security_get_monitoring_rule

Get a rule’s details Parameters:

Parameter	Type	Required	Default	Description
`rule_id`	string	Yes	—	The ID of the rule.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "rule_id": {
      "type": "string",
      "description": "The ID of the rule."
    }
  },
  "required": [
    "PCID",
    "rule_id"
  ]
}

datadog_security_get_monitoring_signal

Get a signal’s details Parameters:

Parameter	Type	Required	Default	Description
`signal_id`	string	Yes	—	The ID of the signal.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "signal_id": {
      "type": "string",
      "description": "The ID of the signal."
    }
  },
  "required": [
    "PCID",
    "signal_id"
  ]
}

datadog_security_get_project

Get the details of a project Parameters:

Parameter	Type	Required	Default	Description
`project_id`	string	Yes	—	Project UUID.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "project_id": {
      "type": "string",
      "description": "Project UUID."
    }
  },
  "required": [
    "PCID",
    "project_id"
  ]
}

datadog_security_get_projects

Get all projects

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    }
  },
  "required": [
    "PCID"
  ]
}

datadog_security_list_ciapp_pipeline_events

Get a list of pipelines events Parameters:

Parameter	Type	Required	Default	Description
`filter[query]`	string	No	—	Search query following log syntax.
`filter[from]`	string	No	—	Minimum timestamp for requested events.
`filter[to]`	string	No	—	Maximum timestamp for requested events.
`sort`	string	No	—	Order of events in results.
`page[cursor]`	string	No	—	List following results with a cursor provided in the previous query.
`page[limit]`	integer	No	—	Maximum number of events in the response.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "filter[query]": {
      "type": "string",
      "description": "Search query following log syntax."
    },
    "filter[from]": {
      "type": "string",
      "description": "Minimum timestamp for requested events."
    },
    "filter[to]": {
      "type": "string",
      "description": "Maximum timestamp for requested events."
    },
    "sort": {
      "type": "string",
      "description": "Order of events in results.",
      "enum": [
        "timestamp",
        "-timestamp"
      ]
    },
    "page[cursor]": {
      "type": "string",
      "description": "List following results with a cursor provided in the previous query."
    },
    "page[limit]": {
      "type": "integer",
      "description": "Maximum number of events in the response."
    }
  },
  "required": [
    "PCID"
  ]
}

datadog_security_list_ciapp_test_events

Get a list of tests events Parameters:

Parameter	Type	Required	Default	Description
`filter[query]`	string	No	—	Search query following log syntax.
`filter[from]`	string	No	—	Minimum timestamp for requested events.
`filter[to]`	string	No	—	Maximum timestamp for requested events.
`sort`	string	No	—	Order of events in results.
`page[cursor]`	string	No	—	List following results with a cursor provided in the previous query.
`page[limit]`	integer	No	—	Maximum number of events in the response.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "filter[query]": {
      "type": "string",
      "description": "Search query following log syntax."
    },
    "filter[from]": {
      "type": "string",
      "description": "Minimum timestamp for requested events."
    },
    "filter[to]": {
      "type": "string",
      "description": "Maximum timestamp for requested events."
    },
    "sort": {
      "type": "string",
      "description": "Order of events in results.",
      "enum": [
        "timestamp",
        "-timestamp"
      ]
    },
    "page[cursor]": {
      "type": "string",
      "description": "List following results with a cursor provided in the previous query."
    },
    "page[limit]": {
      "type": "integer",
      "description": "Maximum number of events in the response."
    }
  },
  "required": [
    "PCID"
  ]
}

datadog_security_list_host_tags

Get All Host Tags Parameters:

Parameter	Type	Required	Default	Description
`source`	string	No	—	Source to filter. Complete list of source attribute values. Use “user” source for custom-defined tags.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "source": {
      "type": "string",
      "description": "Source to filter. [Complete list of source attribute values](https://docs.datadoghq.com/integrations/faq/list-of-api-source-attribute-value). Use \"user\" source for custom-defined tags."
    }
  },
  "required": [
    "PCID"
  ]
}

datadog_security_list_hosts

Get all hosts for your organization Parameters:

Parameter	Type	Required	Default	Description
`filter`	string	No	—	String to filter search results.
`sort_field`	string	No	—	Sort hosts by this field.
`sort_dir`	string	No	—	Direction of sort. Options include `asc` and `desc`.
`start`	integer	No	—	Specify the starting point for the host search results. For example, if you set `count` to 100 and the first 100 results have already been returned, you can set `start` to `101` to get the next 100 results.
`count`	integer	No	—	Number of hosts to return. Max 1000.
`from`	integer	No	—	Number of seconds since UNIX epoch from which you want to search your hosts.
`include_muted_hosts_data`	boolean	No	—	Include information on the muted status of hosts and when the mute expires.
`include_hosts_metadata`	boolean	No	—	Include additional metadata about the hosts (agent_version, machine, platform, processor, etc.).

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "filter": {
      "type": "string",
      "description": "String to filter search results."
    },
    "sort_field": {
      "type": "string",
      "description": "Sort hosts by this field."
    },
    "sort_dir": {
      "type": "string",
      "description": "Direction of sort. Options include `asc` and `desc`."
    },
    "start": {
      "type": "integer",
      "description": "Specify the starting point for the host search results. For example, if you set `count` to 100 and the first 100 results have already been returned, you can set `start` to `101` to get the next 100 results."
    },
    "count": {
      "type": "integer",
      "description": "Number of hosts to return. Max 1000."
    },
    "from": {
      "type": "integer",
      "description": "Number of seconds since UNIX epoch from which you want to search your hosts."
    },
    "include_muted_hosts_data": {
      "type": "boolean",
      "description": "Include information on the muted status of hosts and when the mute expires."
    },
    "include_hosts_metadata": {
      "type": "boolean",
      "description": "Include additional metadata about the hosts (agent_version, machine, platform, processor, etc.)."
    }
  },
  "required": [
    "PCID"
  ]
}

datadog_security_list_security_monitoring_rules

List rules Parameters:

Parameter	Type	Required	Default	Description
`page[size]`	integer	No	—	Size for a given page. The maximum allowed value is 100.
`page[number]`	integer	No	—	Specific page number to return.
`query`	string	No	—	A search query to filter security rules. You can filter by attributes such as `type`, `source`, `tags`.
`sort`	string	No	—	Attribute used to sort rules. Prefix with `-` to sort in descending order.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "page[size]": {
      "type": "integer",
      "description": "Size for a given page. The maximum allowed value is 100."
    },
    "page[number]": {
      "type": "integer",
      "description": "Specific page number to return."
    },
    "query": {
      "type": "string",
      "description": "A search query to filter security rules. You can filter by attributes such as `type`, `source`, `tags`."
    },
    "sort": {
      "type": "string",
      "description": "Attribute used to sort rules. Prefix with `-` to sort in descending order.",
      "enum": [
        "name",
        "creation_date",
        "update_date",
        "enabled",
        "type",
        "highest_severity",
        "source",
        "-name",
        "-creation_date",
        "-update_date",
        "-enabled",
        "-type",
        "-highest_severity",
        "-source"
      ]
    }
  },
  "required": [
    "PCID"
  ]
}

datadog_security_list_security_monitoring_signals

Get a quick list of security signals Parameters:

Parameter	Type	Required	Default	Description
`filter[query]`	string	No	—	The search query for security signals.
`filter[from]`	string	No	—	The minimum timestamp for requested security signals.
`filter[to]`	string	No	—	The maximum timestamp for requested security signals.
`sort`	string	No	—	The order of the security signals in results.
`page[cursor]`	string	No	—	A list of results using the cursor provided in the previous query.
`page[limit]`	integer	No	—	The maximum number of security signals in the response.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "filter[query]": {
      "type": "string",
      "description": "The search query for security signals."
    },
    "filter[from]": {
      "type": "string",
      "description": "The minimum timestamp for requested security signals."
    },
    "filter[to]": {
      "type": "string",
      "description": "The maximum timestamp for requested security signals."
    },
    "sort": {
      "type": "string",
      "description": "The order of the security signals in results.",
      "enum": [
        "timestamp",
        "-timestamp"
      ]
    },
    "page[cursor]": {
      "type": "string",
      "description": "A list of results using the cursor provided in the previous query."
    },
    "page[limit]": {
      "type": "integer",
      "description": "The maximum number of security signals in the response."
    }
  },
  "required": [
    "PCID"
  ]
}

datadog_security_mute_host

Mute a host Parameters:

Parameter	Type	Required	Default	Description
`host_name`	string	Yes	—	Name of the host to mute.
`end`	integer	No	—	POSIX timestamp in seconds when the host is unmuted. If omitted, the host remains muted until explicitly unmuted.
`message`	string	No	—	Message to associate with the muting of this host.
`override`	boolean	No	—	If true and the host is already muted, replaces existing host mute settings.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "host_name": {
      "type": "string",
      "description": "Name of the host to mute."
    },
    "end": {
      "type": "integer",
      "description": "POSIX timestamp in seconds when the host is unmuted. If omitted, the host remains muted until explicitly unmuted."
    },
    "message": {
      "type": "string",
      "description": "Message to associate with the muting of this host."
    },
    "override": {
      "type": "boolean",
      "description": "If true and the host is already muted, replaces existing host mute settings."
    }
  },
  "required": [
    "PCID",
    "host_name"
  ]
}

datadog_security_search_cases

Search cases Parameters:

Parameter	Type	Required	Default	Description
`page[size]`	integer	No	—	Size for a given page. The maximum allowed value is 100.
`page[number]`	integer	No	—	Specific page number to return.
`sort[field]`	string	No	—	Specify which field to sort
`filter`	string	No	—	Search query
`sort[asc]`	boolean	No	—	Specify if order is ascending or not

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "page[size]": {
      "type": "integer",
      "description": "Size for a given page. The maximum allowed value is 100."
    },
    "page[number]": {
      "type": "integer",
      "description": "Specific page number to return."
    },
    "sort[field]": {
      "type": "string",
      "description": "Specify which field to sort",
      "enum": [
        "created_at",
        "priority",
        "status"
      ]
    },
    "filter": {
      "type": "string",
      "description": "Search query"
    },
    "sort[asc]": {
      "type": "boolean",
      "description": "Specify if order is ascending or not"
    }
  },
  "required": [
    "PCID"
  ]
}

datadog_security_search_security_monitoring_signals

Get a list of security signals Parameters:

Parameter	Type	Required	Default	Description
`filter`	object	No	—	Search filters for listing security signals.
`page`	object	No	—	The paging attributes for listing security signals.
`sort`	string	No	—	The sort parameters used for querying security signals.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "filter": {
      "type": "object",
      "description": "Search filters for listing security signals.",
      "properties": {
        "from": {
          "type": "string",
          "description": "The minimum timestamp for requested security signals."
        },
        "query": {
          "type": "string",
          "description": "Search query for listing security signals."
        },
        "to": {
          "type": "string",
          "description": "The maximum timestamp for requested security signals."
        }
      }
    },
    "page": {
      "type": "object",
      "description": "The paging attributes for listing security signals.",
      "properties": {
        "cursor": {
          "type": "string",
          "description": "A list of results using the cursor provided in the previous query."
        },
        "limit": {
          "type": "integer",
          "description": "The maximum number of security signals in the response."
        }
      }
    },
    "sort": {
      "type": "string",
      "description": "The sort parameters used for querying security signals.",
      "enum": [
        "timestamp",
        "-timestamp"
      ]
    }
  },
  "required": [
    "PCID"
  ]
}

datadog_security_unmute_host

Unmute a host Parameters:

Parameter	Type	Required	Default	Description
`host_name`	string	Yes	—	Name of the host to unmute.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "host_name": {
      "type": "string",
      "description": "Name of the host to unmute."
    }
  },
  "required": [
    "PCID",
    "host_name"
  ]
}

datadog_security_update_host_tags

Update host tags Parameters:

Parameter	Type	Required	Default	Description
`host_name`	string	Yes	—	Specified host name to change tags
`source`	string	No	—	Source to update tags. Complete list of source attribute values. Use “user” source for custom-defined tags. If no source specified, defaults to “user”.
`host`	string	No	—	Your host name.
`tags`	string[]	No	—	A list of tags associated with a host.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "host_name": {
      "type": "string",
      "description": "Specified host name to change tags"
    },
    "source": {
      "type": "string",
      "description": "Source to update tags. [Complete list of source attribute values](https://docs.datadoghq.com/integrations/faq/list-of-api-source-attribute-value). Use \"user\" source for custom-defined tags. If no source specified, defaults to \"user\"."
    },
    "host": {
      "type": "string",
      "description": "Your host name."
    },
    "tags": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "A list of tags associated with a host."
    }
  },
  "required": [
    "PCID",
    "host_name"
  ]
}

datadog_security_update_security_monitoring_rule

Update an existing rule Parameters:

Parameter	Type	Required	Default	Description
`rule_id`	string	Yes	—	The ID of the rule.
`calculatedFields`	object[]	No	—	Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is also defined.
`cases`	object[]	No	—	Cases for generating signals.
`complianceSignalOptions`	object	No	—	How to generate compliance signals. Useful for cloud_configuration rules only.
`customMessage`	string	No	—	Custom/Overridden Message for generated signals (used in case of Default rule update).
`customName`	string	No	—	Custom/Overridden name (used in case of Default rule update).
`filters`	object[]	No	—	Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules.
`groupSignalsBy`	string[]	No	—	Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups.
`hasExtendedTitle`	boolean	No	—	Whether the notifications include the triggering group-by values in their title.
`isEnabled`	boolean	No	—	Whether the rule is enabled.
`message`	string	No	—	Message for generated signals.
`name`	string	No	—	Name of the rule.
`options`	object	No	—	Options.
`queries`	any[]	No	—	Queries for selecting logs which are part of the rule.
`referenceTables`	object[]	No	—	Reference tables for the rule.
`schedulingOptions`	object	No	—	Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs real-time on ingested logs.
`tags`	string[]	No	—	Tags for generated signals.
`thirdPartyCases`	object[]	No	—	Cases for generating signals from third-party rules. Only available for third-party rules.
`version`	integer	No	—	The version of the rule being updated.

Show inputSchema

{
  "type": "object",
  "properties": {
    "PCID": {
      "type": "string",
      "description": "Pink Connect ID for the authenticated connection"
    },
    "rule_id": {
      "type": "string",
      "description": "The ID of the rule."
    },
    "calculatedFields": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "expression": {
            "type": "string",
            "description": "Expression."
          },
          "name": {
            "type": "string",
            "description": "Field name."
          }
        },
        "required": [
          "name",
          "expression"
        ]
      },
      "description": "Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is also defined."
    },
    "cases": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "actions": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "options": {
                  "type": "object",
                  "description": "Options for the rule action"
                },
                "type": {
                  "type": "string",
                  "description": "The action type."
                }
              }
            },
            "description": "Action to perform for each rule case."
          },
          "condition": {
            "type": "string",
            "description": "A rule case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated based on the event counts in the previously defined queries."
          },
          "customStatus": {
            "type": "string",
            "enum": [
              "info",
              "low",
              "medium",
              "high",
              "critical"
            ],
            "description": "Severity of the Security Signal."
          },
          "name": {
            "type": "string",
            "description": "Name of the case."
          },
          "notifications": {
            "type": "array",
            "items": {
              "type": "string"
            },
            "description": "Notification targets for each rule case."
          },
          "status": {
            "type": "string",
            "enum": [
              "info",
              "low",
              "medium",
              "high",
              "critical"
            ],
            "description": "Severity of the Security Signal."
          }
        }
      },
      "description": "Cases for generating signals."
    },
    "complianceSignalOptions": {
      "type": "object",
      "description": "How to generate compliance signals. Useful for cloud_configuration rules only.",
      "properties": {
        "defaultActivationStatus": {
          "type": "boolean",
          "description": "The default activation status."
        },
        "defaultGroupByFields": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "The default group by fields."
        },
        "userActivationStatus": {
          "type": "boolean",
          "description": "Whether signals will be sent."
        },
        "userGroupByFields": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "Fields to use to group findings by when sending signals."
        }
      }
    },
    "customMessage": {
      "type": "string",
      "description": "Custom/Overridden Message for generated signals (used in case of Default rule update)."
    },
    "customName": {
      "type": "string",
      "description": "Custom/Overridden name (used in case of Default rule update)."
    },
    "filters": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "action": {
            "type": "string",
            "enum": [
              "require",
              "suppress"
            ],
            "description": "The type of filtering action."
          },
          "query": {
            "type": "string",
            "description": "Query for selecting logs to apply the filtering action."
          }
        }
      },
      "description": "Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules."
    },
    "groupSignalsBy": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups."
    },
    "hasExtendedTitle": {
      "type": "boolean",
      "description": "Whether the notifications include the triggering group-by values in their title."
    },
    "isEnabled": {
      "type": "boolean",
      "description": "Whether the rule is enabled."
    },
    "message": {
      "type": "string",
      "description": "Message for generated signals."
    },
    "name": {
      "type": "string",
      "description": "Name of the rule."
    },
    "options": {
      "type": "object",
      "description": "Options.",
      "properties": {
        "anomalyDetectionOptions": {
          "type": "object",
          "description": "Options on anomaly detection method."
        },
        "complianceRuleOptions": {
          "type": "object",
          "description": "Options for cloud_configuration rules. Fields `resourceType` and `regoRule` are mandatory when managing custom `cloud_configuration` rules."
        },
        "decreaseCriticalityBasedOnEnv": {
          "type": "boolean",
          "description": "If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce signal noise. The severity is decreased by one level: `CRITICAL` in production becomes `HIGH` in non-production, `HIGH` becomes `MEDIUM` and so on. `INFO` remains `INFO`. The decrement is applied when the environment tag of the signal starts with `staging`, `test` or `dev`."
        },
        "detectionMethod": {
          "type": "string",
          "description": "The detection method.",
          "enum": [
            "threshold",
            "new_value",
            "anomaly_detection",
            "impossible_travel",
            "hardcoded",
            "third_party",
            "anomaly_threshold",
            "sequence_detection"
          ]
        },
        "evaluationWindow": {
          "type": "integer",
          "description": "A time window is specified to match when at least one of the cases matches true. This is a sliding window and evaluates in real time. For third party detection method, this field is not used.",
          "enum": [
            0,
            60,
            300,
            600,
            900,
            1800,
            3600,
            7200,
            10800,
            21600,
            43200,
            86400
          ]
        },
        "hardcodedEvaluatorType": {
          "type": "string",
          "description": "Hardcoded evaluator type.",
          "enum": [
            "log4shell"
          ]
        },
        "impossibleTravelOptions": {
          "type": "object",
          "description": "Options on impossible travel detection method."
        },
        "keepAlive": {
          "type": "integer",
          "description": "Once a signal is generated, the signal will remain \"open\" if a case is matched at least once within this keep alive window. For third party detection method, this field is not used.",
          "enum": [
            0,
            60,
            300,
            600,
            900,
            1800,
            3600,
            7200,
            10800,
            21600,
            43200,
            86400
          ]
        },
        "maxSignalDuration": {
          "type": "integer",
          "description": "A signal will \"close\" regardless of the query being matched once the time exceeds the maximum duration. This time is calculated from the first seen timestamp.",
          "enum": [
            0,
            60,
            300,
            600,
            900,
            1800,
            3600,
            7200,
            10800,
            21600,
            43200,
            86400
          ]
        },
        "newValueOptions": {
          "type": "object",
          "description": "Options on new value detection method."
        },
        "sequenceDetectionOptions": {
          "type": "object",
          "description": "Options on sequence detection method."
        },
        "thirdPartyRuleOptions": {
          "type": "object",
          "description": "Options on third party detection method."
        }
      }
    },
    "queries": {
      "type": "array",
      "description": "Queries for selecting logs which are part of the rule."
    },
    "referenceTables": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "checkPresence": {
            "type": "boolean",
            "description": "Whether to include or exclude the matched values."
          },
          "columnName": {
            "type": "string",
            "description": "The name of the column in the reference table."
          },
          "logFieldPath": {
            "type": "string",
            "description": "The field in the log to match against the reference table."
          },
          "ruleQueryName": {
            "type": "string",
            "description": "The name of the query to apply the reference table to."
          },
          "tableName": {
            "type": "string",
            "description": "The name of the reference table."
          }
        }
      },
      "description": "Reference tables for the rule."
    },
    "schedulingOptions": {
      "type": "object",
      "description": "Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs real-time on ingested logs.",
      "properties": {
        "rrule": {
          "type": "string",
          "description": "Schedule for the rule queries, written in RRULE syntax. See [RFC](https://icalendar.org/iCalendar-RFC-5545/3-8-5-3-recurrence-rule.html) for syntax reference."
        },
        "start": {
          "type": "string",
          "description": "Start date for the schedule, in ISO 8601 format without timezone."
        },
        "timezone": {
          "type": "string",
          "description": "Time zone of the start date, in the [tz database](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) format."
        }
      }
    },
    "tags": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "Tags for generated signals."
    },
    "thirdPartyCases": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "customStatus": {
            "type": "string",
            "enum": [
              "info",
              "low",
              "medium",
              "high",
              "critical"
            ],
            "description": "Severity of the Security Signal."
          },
          "name": {
            "type": "string",
            "description": "Name of the case."
          },
          "notifications": {
            "type": "array",
            "items": {
              "type": "string"
            },
            "description": "Notification targets for each rule case."
          },
          "query": {
            "type": "string",
            "description": "A query to map a third party event to this case."
          },
          "status": {
            "type": "string",
            "enum": [
              "info",
              "low",
              "medium",
              "high",
              "critical"
            ],
            "description": "Severity of the Security Signal."
          }
        }
      },
      "description": "Cases for generating signals from third-party rules. Only available for third-party rules."
    },
    "version": {
      "type": "integer",
      "description": "The version of the rule being updated."
    }
  },
  "required": [
    "PCID",
    "rule_id"
  ]
}

​Tools

​datadog_security_aggregate_ciapp_pipeline_events

​datadog_security_aggregate_ciapp_test_events

​datadog_security_create_case

​datadog_security_create_doradeployment

​datadog_security_create_host_tags

​datadog_security_create_security_monitoring_rule

​datadog_security_delete_host_tags

​datadog_security_delete_monitoring_rule

​datadog_security_get_case

​datadog_security_get_host_tags

​datadog_security_get_monitoring_rule

​datadog_security_get_monitoring_signal

​datadog_security_get_project

​datadog_security_get_projects

​datadog_security_list_ciapp_pipeline_events

​datadog_security_list_ciapp_test_events

​datadog_security_list_host_tags

​datadog_security_list_hosts

​datadog_security_list_security_monitoring_rules

​datadog_security_list_security_monitoring_signals

​datadog_security_mute_host

​datadog_security_search_cases

​datadog_security_search_security_monitoring_signals

​datadog_security_unmute_host

​datadog_security_update_host_tags

​datadog_security_update_security_monitoring_rule

Tools

datadog_security_aggregate_ciapp_pipeline_events

datadog_security_aggregate_ciapp_test_events

datadog_security_create_case

datadog_security_create_doradeployment

datadog_security_create_host_tags

datadog_security_create_security_monitoring_rule

datadog_security_delete_host_tags

datadog_security_delete_monitoring_rule

datadog_security_get_case

datadog_security_get_host_tags

datadog_security_get_monitoring_rule

datadog_security_get_monitoring_signal

datadog_security_get_project

datadog_security_get_projects

datadog_security_list_ciapp_pipeline_events

datadog_security_list_ciapp_test_events

datadog_security_list_host_tags

datadog_security_list_hosts

datadog_security_list_security_monitoring_rules

datadog_security_list_security_monitoring_signals

datadog_security_mute_host

datadog_security_search_cases

datadog_security_search_security_monitoring_signals

datadog_security_unmute_host

datadog_security_update_host_tags

datadog_security_update_security_monitoring_rule