diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 196165112daa..26ded8599f20 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -30705,6 +30705,19 @@ components: example: /api/v2/scorecard/rules?page%5Blimit%5D=2&page%5Boffset%5D=2&page%5Bsize%5D=2 type: string type: object + ListSecurityFindingsResponse: + description: The expected response schema when listing security findings. + properties: + data: + description: Array of security findings matching the search query. + items: + $ref: '#/components/schemas/SecurityFindingsData' + type: array + links: + $ref: '#/components/schemas/SecurityFindingsLinks' + meta: + $ref: '#/components/schemas/SecurityFindingsMeta' + type: object ListTagsResponse: description: List tags response. properties: @@ -47272,6 +47285,148 @@ components: meta: $ref: '#/components/schemas/SecurityFilterMeta' type: object + SecurityFindingsAttributes: + description: The JSON object containing all attributes of the security finding. + properties: + attributes: + additionalProperties: {} + description: The custom attributes of the security finding. + example: + severity: high + status: open + type: object + tags: + description: List of tags associated with the security finding. + example: + - team:platform + - env:prod + items: + type: string + type: array + timestamp: + description: The Unix timestamp at which the detection changed for the resource. + Same value as @detection_changed_at. + example: 1765901760 + format: int64 + type: integer + type: object + SecurityFindingsData: + description: A single security finding. + properties: + attributes: + $ref: '#/components/schemas/SecurityFindingsAttributes' + id: + description: The unique ID of the security finding. + example: ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw== + type: string + type: + $ref: '#/components/schemas/SecurityFindingsDataType' + type: object + SecurityFindingsDataType: + default: finding + description: The type of the security finding resource. + enum: + - finding + example: finding + type: string + x-enum-varnames: + - FINDING + SecurityFindingsLinks: + description: Links for pagination. + properties: + next: + description: Link for the next page of results. Note that paginated requests + can also be made using the POST endpoint. + example: https://app.datadoghq.com/api/v2/security/findings?page[cursor]=eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ==&page[limit]=25 + type: string + type: object + SecurityFindingsMeta: + description: Metadata about the response. + properties: + elapsed: + description: The time elapsed in milliseconds. + example: 548 + format: int64 + type: integer + page: + $ref: '#/components/schemas/SecurityFindingsPage' + request_id: + description: The identifier of the request. + example: pddv1ChZwVlMxMUdYRFRMQ1lyb3B4MGNYbFlnIi0KHQu35LDbucx + type: string + status: + $ref: '#/components/schemas/SecurityFindingsStatus' + type: object + SecurityFindingsPage: + description: Pagination information. + properties: + after: + description: The cursor used to get the next page of results. + example: eyJhZnRlciI6IkFRQUFBWWJiaEJXQS1OY1dqUUFBQUFCQldXSmlhRUpYUVVGQlJFSktkbTlDTUdaWFRVbDNRVUUiLCJ2YWx1ZXMiOlsiY3JpdGljYWwiXX0= + type: string + type: object + SecurityFindingsSearchRequest: + description: The request body for searching security findings. + properties: + data: + $ref: '#/components/schemas/SecurityFindingsSearchRequestData' + type: object + SecurityFindingsSearchRequestData: + description: Request data for searching security findings. + properties: + attributes: + $ref: '#/components/schemas/SecurityFindingsSearchRequestDataAttributes' + type: object + SecurityFindingsSearchRequestDataAttributes: + description: Request attributes for searching security findings. + properties: + filter: + default: '*' + description: The search query following log search syntax. + example: '@severity:(critical OR high) @status:open team:platform' + type: string + page: + $ref: '#/components/schemas/SecurityFindingsSearchRequestPage' + sort: + $ref: '#/components/schemas/SecurityFindingsSort' + type: object + SecurityFindingsSearchRequestPage: + description: Pagination attributes for the search request. + properties: + cursor: + description: Get the next page of results with a cursor provided in the + previous query. + example: eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ== + type: string + limit: + default: 10 + description: The maximum number of security findings in the response. + example: 25 + format: int64 + maximum: 150 + minimum: 1 + type: integer + type: object + SecurityFindingsSort: + default: -@detection_changed_at + description: The sort parameters when querying security findings. + enum: + - '@detection_changed_at' + - -@detection_changed_at + type: string + x-enum-varnames: + - DETECTION_CHANGED_AT_ASC + - DETECTION_CHANGED_AT_DESC + SecurityFindingsStatus: + description: The status of the response. + enum: + - done + - timeout + example: done + type: string + x-enum-varnames: + - DONE + - TIMEOUT SecurityMonitoringFilter: description: The rule's suppression filter. properties: @@ -58490,6 +58645,8 @@ components: apm_service_catalog_read: View service catalog and service definitions. apm_service_catalog_write: Add, modify, and delete service catalog definitions when those definitions are maintained by Datadog. + appsec_vm_read: View infrastructure, application code, and library vulnerability + findings. billing_read: View your organization's billing information. cases_read: View Cases. cases_write: Create and update cases. @@ -80641,6 +80798,98 @@ paths: operator: OR permissions: - security_monitoring_cws_agent_rules_read + /api/v2/security/findings: + get: + description: 'Get a list of security findings that match a search query. + + + This endpoint requires one of the following permissions: + + - `security_monitoring_findings_read` + + - `appsec_vm_read` + + + ### Query Syntax + + + This endpoint uses the logs query syntax. Findings attributes (living in the + custom. namespace) are prefixed by @ when queried. Tags are queried without + a prefix. + + + Example: `@severity:(critical OR high) @status:open team:platform`' + operationId: ListSecurityFindings + parameters: + - description: The search query following log search syntax. + example: '@severity:(critical OR high) @status:open team:platform' + in: query + name: filter[query] + required: false + schema: + default: '*' + type: string + - description: Get the next page of results with a cursor provided in the previous + query. + example: eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ== + in: query + name: page[cursor] + required: false + schema: + type: string + - description: The maximum number of findings in the response. + example: 25 + in: query + name: page[limit] + required: false + schema: + default: 10 + format: int64 + maximum: 150 + minimum: 1 + type: integer + - description: Sorts by @detection_changed_at. + in: query + name: sort + required: false + schema: + $ref: '#/components/schemas/SecurityFindingsSort' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListSecurityFindingsResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/ForbiddenResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_findings_read + - AuthZ: + - appsec_vm_read + summary: List security findings + tags: + - Security Monitoring + x-pagination: + cursorParam: page[cursor] + cursorPath: meta.page.after + limitParam: page[limit] + resultsPath: data + x-permission: + operator: OR + permissions: + - security_monitoring_findings_read + - appsec_vm_read + x-unstable: '**Note**: This endpoint is in beta and subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/security/findings/cases: delete: description: 'Detach security findings from their case. @@ -80860,6 +81109,70 @@ paths: x-unstable: '**Note**: This endpoint is in beta and is subject to change. Please check the documentation regularly for updates.' + /api/v2/security/findings/search: + post: + description: 'Get a list of security findings that match a search query. + + + This endpoint requires one of the following permissions: + + - `security_monitoring_findings_read` + + - `appsec_vm_read` + + + ### Query Syntax + + + The API uses the logs query syntax. Findings attributes (living in the custom. + namespace) are prefixed by @ when queried. Tags are queried without a prefix. + + + Example: `@severity:(critical OR high) @status:open team:platform`' + operationId: SearchSecurityFindings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityFindingsSearchRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListSecurityFindingsResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/ForbiddenResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_findings_read + - AuthZ: + - appsec_vm_read + summary: Search security findings + tags: + - Security Monitoring + x-codegen-request-body-name: body + x-pagination: + cursorParam: body.data.attributes.page.cursor + cursorPath: meta.page.after + limitParam: body.data.attributes.page.limit + resultsPath: data + x-permission: + operator: OR + permissions: + - security_monitoring_findings_read + - appsec_vm_read + x-unstable: '**Note**: This endpoint is in beta and subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/security/sboms: get: description: 'Get a list of assets SBOMs for an organization. diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-Bad-Request-response_3686267455/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-Bad-Request-response_3686267455/frozen.json new file mode 100644 index 000000000000..59817b92ae6f --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-Bad-Request-response_3686267455/frozen.json @@ -0,0 +1 @@ +"2025-12-17T16:27:32.641Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-Bad-Request-response_3686267455/recording.har b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-Bad-Request-response_3686267455/recording.har new file mode 100644 index 000000000000..3aa0691f6e0e --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-Bad-Request-response_3686267455/recording.har @@ -0,0 +1,64 @@ +{ + "log": { + "_recordingName": "Security Monitoring/List security findings returns \"Bad Request\" response", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "7ded4102477eb50b16f7221ef8152259", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + } + ], + "headersSize": 550, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [ + { + "name": "page", + "value": { + "cursor": "invalid_cursor" + } + } + ], + "url": "https://api.datadoghq.com/api/v2/security/findings?page%5Bcursor%5D=invalid_cursor" + }, + "response": { + "bodySize": 56, + "content": { + "mimeType": "application/vnd.api+json", + "size": 56, + "text": "{\"errors\":[{\"status\":\"400\",\"detail\":\"Invalid filters\"}]}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/vnd.api+json" + } + ], + "headersSize": 675, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 400, + "statusText": "Bad Request" + }, + "startedDateTime": "2025-12-17T16:27:32.648Z", + "time": 125 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response-with-pagination_1895514683/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response-with-pagination_1895514683/frozen.json new file mode 100644 index 000000000000..757d7fbd9a5b --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response-with-pagination_1895514683/frozen.json @@ -0,0 +1 @@ +"2025-12-15T22:38:44.211Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response-with-pagination_1895514683/recording.har b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response-with-pagination_1895514683/recording.har new file mode 100644 index 000000000000..80d78bf2f55b --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response-with-pagination_1895514683/recording.har @@ -0,0 +1,64 @@ +{ + "log": { + "_recordingName": "Security Monitoring/List security findings returns \"OK\" response with pagination", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "430f92d46487cafa52e13d93529533fe", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + } + ], + "headersSize": 536, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [ + { + "name": "page", + "value": { + "limit": "5" + } + } + ], + "url": "https://api.datadoghq.com/api/v2/security/findings?page%5Blimit%5D=5" + }, + "response": { + "bodySize": 35490, + "content": { + "mimeType": "application/vnd.api+json", + "size": 35490, + "text": "{\"data\":[{\"id\":\"OXBuLXltcS1yaGh-aS0wODVkZTgwNWY4NTJlZGQxNA==\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"cloud_resource\":{\"account\":\"727006795293\",\"category\":\"hosts\",\"cloud_provider\":\"aws\",\"configuration\":{\"account_id\":\"727006795293\",\"agent_framework_id\":\"cis-ubuntu2204\",\"agent_rule_id\":\"xccdf_org.ssgproject.content_rule_package_bind_removed\",\"agent_version\":\"7.74.0-rc.3\",\"evaluator\":\"xccdf\",\"framework_requirement\":[\"cis-ubuntu2004/DNS-Server\",\"cis-rhel9/DNS-Server\",\"cis-ubuntu2404/DNS-Server\",\"cis-rhel8/DNS-Server\",\"cis-rhel7/DNS-Server\",\"cis-amzn2/DNS-Server\",\"cis-al2023/DNS-Server\",\"cis-ubuntu2204/DNS-Server\",\"cis-almalinux9/DNS-Server\"],\"framework_requirement_control\":[\"cis-ubuntu2004/DNS-Server/2.2.8\",\"cis-ubuntu2404/DNS-Server/2.1.4\",\"cis-rhel7/DNS-Server/2.2.4\",\"cis-almalinux9/DNS-Server/2.1.4\",\"cis-rhel8/DNS-Server/2.2.4\",\"cis-rhel9/DNS-Server/2.1.4\",\"cis-al2023/DNS-Server/2.2.5\",\"cis-amzn2/DNS-Server/2.2.4\",\"cis-ubuntu2204/DNS-Server/2.2.7\"]},\"region\":\"us-east-1\"},\"compliance\":{\"evaluation\":\"pass\",\"framework_requirement_controls\":[\"cis-ubuntu2004/DNS-Server/2.2.8\",\"cis-ubuntu2404/DNS-Server/2.1.4\",\"cis-rhel7/DNS-Server/2.2.4\",\"cis-almalinux9/DNS-Server/2.1.4\",\"cis-rhel8/DNS-Server/2.2.4\",\"cis-rhel9/DNS-Server/2.1.4\",\"cis-al2023/DNS-Server/2.2.5\",\"cis-amzn2/DNS-Server/2.2.4\",\"cis-ubuntu2204/DNS-Server/2.2.7\"],\"framework_requirements\":[\"cis-ubuntu2004/DNS-Server\",\"cis-rhel9/DNS-Server\",\"cis-ubuntu2404/DNS-Server\",\"cis-rhel8/DNS-Server\",\"cis-rhel7/DNS-Server\",\"cis-amzn2/DNS-Server\",\"cis-al2023/DNS-Server\",\"cis-ubuntu2204/DNS-Server\",\"cis-almalinux9/DNS-Server\"],\"frameworks\":[{\"control\":\"2.2.8\",\"framework\":\"cis-ubuntu2004\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ apt-get remove bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind9\\n# from the system, and may remove any packages\\n# that depend on bind9. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nDEBIAN_FRONTEND=noninteractive apt-get remove -y \\\"bind9\\\"\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind9 is removed'\\n ansible.builtin.package:\\n name: bind9\\n state: absent\\n tags:\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"1.0.0\"},{\"control\":\"2.2.7\",\"framework\":\"cis-ubuntu2204\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ apt-get remove bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind9\\n# from the system, and may remove any packages\\n# that depend on bind9. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nDEBIAN_FRONTEND=noninteractive apt-get remove -y \\\"bind9\\\"\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind9 is removed'\\n ansible.builtin.package:\\n name: bind9\\n state: absent\\n tags:\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"2.0.0\"},{\"control\":\"2.2.4\",\"framework\":\"cis-rhel7\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ sudo yum erase bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind\\n#\\t from the system, and may remove any packages\\n#\\t that depend on bind. Execute this\\n#\\t remediation AFTER testing on a non-production\\n#\\t system!\\n\\nif rpm -q --quiet \\\"bind\\\" ; then\\n\\n yum remove -y \\\"bind\\\"\\n\\nfi\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: Ensure bind is removed\\n package:\\n name: bind\\n state: absent\\n tags:\\n - CCE-80326-2\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"3.1.1\"},{\"control\":\"2.2.4\",\"framework\":\"cis-rhel8\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ sudo yum erase bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind\\n# from the system, and may remove any packages\\n# that depend on bind. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nif rpm -q --quiet \\\"bind\\\" ; then\\nyum remove -y \\\"bind\\\"\\nfi\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind is removed'\\n ansible.builtin.package:\\n name: bind\\n state: absent\\n tags:\\n - CCE-82408-6\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"3.0.0\"},{\"control\":\"2.1.4\",\"framework\":\"cis-rhel9\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ sudo dnf remove bind\\n```\\nOn Red Hat Enterprise Linux 9.6 and newer, the `bind` command is also provided by the `bind9.18` package.\\nThe `bind9.18` package can be removed with the following command:\\n```\\n\\n$ sudo dnf remove bind9.18\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind and bind9.18\\n# from the system, and may remove any packages\\n# that depend on bind and bind9.18. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nif rpm -q --quiet \\\"bind\\\" ; then\\ndnf remove -y --noautoremove \\\"bind\\\"\\nfi\\n\\nif rpm -q --quiet \\\"bind9.18\\\" ; then\\ndnf remove -y --noautoremove \\\"bind9.18\\\"\\nfi\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind is removed'\\n ansible.builtin.package:\\n name: bind\\n state: absent\\n tags:\\n - CCE-86505-5\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n\\n- name: 'Uninstall bind Package: Ensure bind9.18 is removed'\\n ansible.builtin.package:\\n name: bind9.18\\n state: absent\\n tags:\\n - CCE-86505-5\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"2.0.0\"},{\"control\":\"2.1.4\",\"framework\":\"cis-almalinux9\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ sudo dnf remove bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind\\n# from the system, and may remove any packages\\n# that depend on bind. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nif rpm -q --quiet \\\"bind\\\" ; then\\ndnf remove -y --noautoremove \\\"bind\\\"\\nfi\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind is removed'\\n ansible.builtin.package:\\n name: bind\\n state: absent\\n tags:\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"2.0.0\"},{\"control\":\"2.2.4\",\"framework\":\"cis-amzn2\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ sudo yum erase bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind\\n#\\t from the system, and may remove any packages\\n#\\t that depend on bind. Execute this\\n#\\t remediation AFTER testing on a non-production\\n#\\t system!\\n\\nif rpm -q --quiet \\\"bind\\\" ; then\\n\\n yum remove -y \\\"bind\\\"\\n\\nfi\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: Ensure bind is removed\\n package:\\n name: bind\\n state: absent\\n tags:\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"3.0.0\"},{\"control\":\"2.2.5\",\"framework\":\"cis-al2023\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ sudo dnf remove bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind\\n# from the system, and may remove any packages\\n# that depend on bind. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nif rpm -q --quiet \\\"bind\\\" ; then\\ndnf remove -y --noautoremove \\\"bind\\\"\\nfi\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind is removed'\\n ansible.builtin.package:\\n name: bind\\n state: absent\\n tags:\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"1.0.0\"},{\"control\":\"2.2.5\",\"framework\":\"cis-al2023\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"1.0.0\"},{\"control\":\"2.1.4\",\"framework\":\"cis-almalinux9\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"2.0.0\"},{\"control\":\"2.2.4\",\"framework\":\"cis-amzn2\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"3.0.0\"},{\"control\":\"2.2.4\",\"framework\":\"cis-rhel7\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"3.1.1\"},{\"control\":\"2.2.4\",\"framework\":\"cis-rhel8\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"3.0.0\"},{\"control\":\"2.1.4\",\"framework\":\"cis-rhel9\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"2.0.0\"},{\"control\":\"2.2.8\",\"framework\":\"cis-ubuntu2004\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"1.0.0\"},{\"control\":\"2.2.7\",\"framework\":\"cis-ubuntu2204\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"2.0.0\"},{\"control\":\"2.1.4\",\"framework\":\"cis-ubuntu2404\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"1.0.0\"}]},\"description\":\"%%%\\n## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ apt-get remove bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind9\\n# from the system, and may remove any packages\\n# that depend on bind9. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nDEBIAN_FRONTEND=noninteractive apt-get remove -y \\\"bind9\\\"\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind9 is removed'\\n ansible.builtin.package:\\n name: bind9\\n state: absent\\n tags:\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\\n%%%\",\"detection_changed_at\":1765838312079,\"finding_id\":\"OXBuLXltcS1yaGh-aS0wODVkZTgwNWY4NTJlZGQxNA==\",\"finding_type\":\"misconfiguration\",\"first_seen_at\":1765838312079,\"host\":{\"cloud_provider\":\"aws\",\"name\":\"i-085de805f852edd14\"},\"k8s\":{\"cluster_id\":\"heatran\"},\"last_seen_at\":1765838312079,\"metadata\":{\"schema_version\":\"2\"},\"resource_id\":\"i-085de805f852edd14\",\"resource_name\":\"i-085de805f852edd14\",\"resource_type\":\"host\",\"rule\":{\"default_rule_id\":\"def-000-zlf\",\"id\":\"9pn-ymq-rhh\",\"name\":\"Uninstall bind Package\",\"type\":\"infrastructure configuration\",\"version\":25},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2,\"value\":\"low\",\"value_id\":1}},\"status\":\"open\",\"title\":\"Uninstall bind Package\",\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"scored:true\",\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1c\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"availability-zone:us-east-1c\",\"role:kube-node\",\"env:staging\",\"image:ami-0a8a2ad2689e7c22d\",\"control:2.2.4\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"kubernetes.io/cluster/heatran:owned\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:5971764ki\",\"site:datad0g.com\",\"framework:cis-ubuntu2204\",\"adp_enabled:true\",\"security:compliance\",\"auto-discovery.cluster-autoscaler.k8s.io/heatran\",\"chart_name:koutris-infra\",\"security-group:sg-0a2e60dd3f9a5a6ab\",\"kube_node_role:compute\",\"control:2.2.7\",\"control:2.2.8\",\"control:2.2.5\",\"autoscaling_group:us1-staging-dog-heatran-k8s-ng-asg-a6848eee38b2f3a8\",\"kube_cluster_name:heatran\",\"orch_cluster_id:0659afbc-9c8d-401f-926c-8d0a7d64a5d8\",\"dd_compute_k8s_platform_version:v6-271-0\",\"name:koutris_koutris-fw-2c8g\",\"kubernetes_cluster:heatran\",\"release:koutris-infra\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:koutris\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:93mi\",\"kube_node:ip-10-112-62-173.ec2.internal\",\"aws_account:727006795293\",\"host:i-085de805f852edd14\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:1900m\",\"pci_compliance_level:tier_two\",\"is_kube_cluster_experimental:false\",\"aws:ec2launchtemplate:id:lt-0565e94873111d4dc\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false\",\"requirement:dns-server\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"team:monitor-intake\",\"security-group:sg-0ebe29714ed14f3c3\",\"region:us-east-1\",\"control:2.1.4\",\"aws:ec2:fleet-id:fleet-4fbf0515-3c0e-e685-0c1a-01aa4d0a88dd\",\"ng_local_storage:false\",\"cluster_name:heatran\",\"cpu_arch:amd64\",\"ng_cluster_autoscaler:true\",\"nodegroup:koutris_koutris-fw-2c8g\",\"source:host-benchmarks\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/koutris-fw-2c8g\",\"account_id:727006795293\",\"iam_profile:k8s/us1-staging-dog-heatran-kube-node_v2\",\"instance_type:m6i.large\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"node.datadoghq.com/version:v6-271-0\",\"aws:ec2launchtemplate:version:1\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:20\",\"datacenter:us1.staging.dog\",\"k8s.io/cluster-autoscaler/node-template/taint/node:koutris-fw-2c8g:noschedule\",\"kube_node_role:koutris-fw-2c8g\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:koutris-fw-2c8g\",\"account:staging\",\"framework_version:cis-ubuntu2204_v2.0.0\",\"source:compliance-agent\",\"nodegroups.datadoghq.com/name:koutris-fw-2c8g\",\"agent_release_candidate_cluster:false\",\"instance-type:m6i.large\",\"nodegroups.datadoghq.com/namespace:koutris\"],\"timestamp\":1765838312079}},{\"id\":\"YTcxZGViZjIxNDMwYzMzM2ZjZTJlMzQ3NzZkZmEzZWF-OTljOTc5NDQ2OGY3Zjk3YmEzZGE2YzUxODZhMzQ4M2M=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-26740\"],\"cve\":\"CVE-2024-26740\",\"id\":\"TRIVY-CVE-2024-26740\",\"modified_at\":1742227413000,\"published_at\":1712164551000,\"summary\":\"kernel: net/sched: act_mirred: use the backlog for mirred ingress\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"ip-10-151-58-63.us-west-2.compute.internal-raboot-c\"},\"detection_changed_at\":1765838311928,\"finding_id\":\"YTcxZGViZjIxNDMwYzMzM2ZjZTJlMzQ3NzZkZmEzZWF-OTljOTc5NDQ2OGY3Zjk3YmEzZGE2YzUxODZhMzQ4M2M=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765838305292,\"host\":{\"name\":\"ip-10-151-58-63.us-west-2.compute.internal-raboot-c\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"raboot-c\"},\"last_seen_at\":1765838311928,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-common\"],\"name\":\"linux\",\"normalized_name\":\"linux\",\"version\":\"5.15.0-164.174\"},\"remediation\":{\"is_available\":false},\"resource_id\":\"99c9794468f7f97ba3da6c5186a3483c\",\"resource_name\":\"ip-10-151-58-63.us-west-2.compute.internal-raboot-c\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00007,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}},\"status\":\"open\",\"title\":\"kernel: net/sched: act_mirred: use the backlog for mirred ingress\",\"vulnerability\":{\"cwes\":[\"CWE-667\"],\"hash\":\"7006ac6847128f6a8d00b409db2695db2509f2ffcac2f023ccd33af9fc50a060\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"kube_node:ip-10-151-58-63.us-west-2.compute.internal\",\"package_name:linux\",\"epss_raw_score:0.000070\",\"fix_available:unavailable\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"source:datadog\",\"severity:low\",\"hash:7006ac6847128f6a8d00b409db2695db2509f2ffcac2f023ccd33af9fc50a060\",\"vulnerability_status:open\",\"cluster_name:raboot-c\",\"scored:false\",\"kube_node_role:compute\",\"asset_type:host\",\"new:true\",\"base_severity:medium\",\"os_name:ubuntu\",\"site:datadoghq.com\",\"assignee:none\",\"assignee_id:none\",\"in_production:false\",\"kube_cluster_name:raboot-c\",\"vuln_id:7006ac6847128f6a8d00b409db2695db2509f2ffcac2f023ccd33af9fc50a060\",\"is_kube_cluster_experimental:false\",\"orch_cluster_id:76cfd63e-1d3b-4bf3-b0b0-93e1423ef6cc\",\"node.datadoghq.com/flavor:standard\",\"nodegroups.datadoghq.com/name:nodeless-amd64-d-c6a-2xlarge\",\"adp_enabled:false\",\"public_exploit_available:false\",\"alias:cve-2024-26740\",\"node.datadoghq.com/cgroup:v2\",\"node.datadoghq.com/version:v6-260-2\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"base_score:5.5\",\"score:2.7\",\"dd_rule_type:not-empty\",\"ecosystem:deb\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"cve:cve-2024-26740\",\"cpu_arch:amd64\",\"ng_cluster_autoscaler:true\",\"package_version:5.15.0-164.174\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"kube_node_role:nodeless-amd64-d-c6a-2xlarge\",\"instance_type:c6a.2xlarge\",\"event_type:new\",\"asset_id:ip-10-151-58-63.us-west-2.compute.internal-raboot-c\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838311928}},{\"id\":\"MDdjY2IxZjk1MzQ2NDIzOWJjYWE1Yjk4NmU3MWNiZGF-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-38057\"],\"cve\":\"CVE-2025-38057\",\"id\":\"TRIVY-CVE-2025-38057\",\"modified_at\":1765059350000,\"published_at\":1750241738000,\"summary\":\"kernel: espintcp: fix skb leaks\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\"},\"detection_changed_at\":1765838311625,\"finding_id\":\"MDdjY2IxZjk1MzQ2NDIzOWJjYWE1Yjk4NmU3MWNiZGF-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765838306213,\"host\":{\"name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"grooky\"},\"last_seen_at\":1765838311912,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-6.8.0-1040-aws\",\"linux-modules-6.8.0-1044-aws\",\"linux-aws-6.8-headers-6.8.0-1040\"],\"name\":\"linux-aws-6.8\",\"normalized_name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1040.42~22.04.1\"},\"remediation\":{\"is_available\":false},\"resource_id\":\"bbbd1d4b047c44f8f95e5bd24523f7a3\",\"resource_name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00015,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}},\"status\":\"open\",\"title\":\"kernel: espintcp: fix skb leaks\",\"vulnerability\":{\"cwes\":[\"CWE-401\"],\"hash\":\"2d7834d0e13e82fb456bdd55f899695eac53e854edd35696150e726551ccbd6a\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"cluster_name:grooky\",\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"event_type:none\",\"fix_available:unavailable\",\"env:staging\",\"vuln_id:2d7834d0e13e82fb456bdd55f899695eac53e854edd35696150e726551ccbd6a\",\"hash:2d7834d0e13e82fb456bdd55f899695eac53e854edd35696150e726551ccbd6a\",\"package_name:linux-aws-6.8\",\"nodegroups.datadoghq.com/name:nodeless-arm64-d-c6g-4xlarge\",\"source:datadog\",\"severity:low\",\"vulnerability_status:open\",\"kube_cluster_name:grooky\",\"scored:false\",\"kube_node_role:compute\",\"asset_type:host\",\"base_severity:medium\",\"os_name:ubuntu\",\"site:datadoghq.com\",\"datacenter:prtest03.staging.dog\",\"assignee:none\",\"asset_id:ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"assignee_id:none\",\"in_production:false\",\"is_kube_cluster_experimental:false\",\"node.datadoghq.com/flavor:standard\",\"orch_cluster_id:093ee83e-2ab7-4c08-8f9e-b580f7bb8115\",\"adp_enabled:false\",\"running_kernel:false\",\"public_exploit_available:false\",\"node.datadoghq.com/cgroup:v2\",\"node.datadoghq.com/version:v6-260-2\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"base_score:5.5\",\"score:2.7\",\"dd_rule_type:not-empty\",\"ecosystem:deb\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"package_version:6.8.0-1040.42_22.04.1\",\"ng_cluster_autoscaler:true\",\"kube_node:ip-10-12-87-102.us-west-2.compute.internal\",\"alias:cve-2025-38057\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"instance_type:c6g.4xlarge\",\"cve:cve-2025-38057\",\"cpu_arch:arm64\",\"kube_node_role:nodeless-arm64-d-c6g-4xlarge\",\"epss_raw_score:0.00015\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838311625}},{\"id\":\"MGQwMzY2ODc3OTYzNDE2ZWE3YjVhMmFmOWQ3OWI5ZjV-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-40114\"],\"cve\":\"CVE-2025-40114\",\"id\":\"TRIVY-CVE-2025-40114\",\"modified_at\":1759331744000,\"published_at\":1744960544000,\"summary\":\"kernel: iio: light: Add check for array bounds in veml6075_read_int_time_ms\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\"},\"detection_changed_at\":1765838311522,\"finding_id\":\"MGQwMzY2ODc3OTYzNDE2ZWE3YjVhMmFmOWQ3OWI5ZjV-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765838306213,\"host\":{\"name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"grooky\"},\"last_seen_at\":1765838311522,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-6.8.0-1040-aws\",\"linux-aws-6.8-tools-6.8.0-1040\",\"linux-modules-6.8.0-1040-aws\"],\"name\":\"linux-aws-6.8\",\"normalized_name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1040.42~22.04.1\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1041.43~22.04.1\"}]},\"recommended\":{\"name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1041.43~22.04.1\"}},\"resource_id\":\"bbbd1d4b047c44f8f95e5bd24523f7a3\",\"resource_name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00018,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"medium\",\"severity_details\":{\"adjusted\":{\"score\":4.7,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":7.8,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\"}},\"status\":\"open\",\"title\":\"kernel: iio: light: Add check for array bounds in veml6075_read_int_time_ms\",\"vulnerability\":{\"cwes\":[\"CWE-129\"],\"hash\":\"a62facb5685f29ada4e069863e0edc360411f4283477fa21fa3c7fec6b39e603\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"cluster_name:grooky\",\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"event_type:none\",\"env:staging\",\"package_name:linux-aws-6.8\",\"nodegroups.datadoghq.com/name:nodeless-arm64-d-c6g-4xlarge\",\"source:datadog\",\"vulnerability_status:open\",\"fix_available:available\",\"kube_cluster_name:grooky\",\"vuln_id:a62facb5685f29ada4e069863e0edc360411f4283477fa21fa3c7fec6b39e603\",\"scored:false\",\"kube_node_role:compute\",\"hash:a62facb5685f29ada4e069863e0edc360411f4283477fa21fa3c7fec6b39e603\",\"asset_type:host\",\"os_name:ubuntu\",\"site:datadoghq.com\",\"datacenter:prtest03.staging.dog\",\"assignee:none\",\"asset_id:ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"assignee_id:none\",\"cve:cve-2025-40114\",\"in_production:false\",\"alias:cve-2025-40114\",\"is_kube_cluster_experimental:false\",\"node.datadoghq.com/flavor:standard\",\"orch_cluster_id:093ee83e-2ab7-4c08-8f9e-b580f7bb8115\",\"adp_enabled:false\",\"running_kernel:false\",\"public_exploit_available:false\",\"node.datadoghq.com/cgroup:v2\",\"node.datadoghq.com/version:v6-260-2\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"base_score:7.8\",\"score:4.7\",\"severity:medium\",\"dd_rule_type:not-empty\",\"ecosystem:deb\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"package_version:6.8.0-1040.42_22.04.1\",\"ng_cluster_autoscaler:true\",\"kube_node:ip-10-12-87-102.us-west-2.compute.internal\",\"last_detected_minutes:0\",\"base_severity:high\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"instance_type:c6g.4xlarge\",\"cpu_arch:arm64\",\"kube_node_role:nodeless-arm64-d-c6g-4xlarge\",\"type:component_with_known_vulnerability\",\"epss_raw_score:0.00018\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838311522}},{\"id\":\"ZmM0NTk0NmQzNzIwNTk0ZTQ0ODM5OWM1MDI5ODBhNDZ-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"BIT-golang-2025-47912\",\"CVE-2025-47912\"],\"cve\":\"CVE-2025-47912\",\"id\":\"GO-2025-4010\",\"modified_at\":1762437598375,\"published_at\":1761774598000,\"summary\":\"Insufficient validation of bracketed IPv6 hostnames in net/url\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\"},\"detection_changed_at\":1765838311417,\"finding_id\":\"ZmM0NTk0NmQzNzIwNTk0ZTQ0ODM5OWM1MDI5ODBhNDZ-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765838306213,\"host\":{\"name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"grooky\"},\"last_seen_at\":1765838311417,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"stdlib\"],\"name\":\"stdlib\",\"normalized_name\":\"stdlib\",\"version\":\"v1.22.10\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"stdlib\",\"version\":\"1.25.2\"}]},\"recommended\":{\"name\":\"stdlib\",\"version\":\"1.25.2\"}},\"resource_id\":\"bbbd1d4b047c44f8f95e5bd24523f7a3\",\"resource_name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00025,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.8,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.3,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\"}},\"status\":\"open\",\"title\":\"Insufficient validation of bracketed IPv6 hostnames in net/url\",\"vulnerability\":{\"hash\":\"1505a97f3a8bd19c9a5d29f14c9d60749f479ac2de30a8a8b95fbfb5e4b7db53\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"cluster_name:grooky\",\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"ecosystem:go\",\"env:staging\",\"cve:cve-2025-47912\",\"nodegroups.datadoghq.com/name:nodeless-arm64-d-c6g-4xlarge\",\"epss_raw_score:0.00025\",\"alias:cve-2025-47912\",\"source:datadog\",\"severity:low\",\"vulnerability_status:open\",\"fix_available:available\",\"kube_cluster_name:grooky\",\"scored:false\",\"kube_node_role:compute\",\"asset_type:host\",\"new:true\",\"base_severity:medium\",\"os_name:ubuntu\",\"site:datadoghq.com\",\"datacenter:prtest03.staging.dog\",\"assignee:none\",\"asset_id:ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"assignee_id:none\",\"in_production:false\",\"is_kube_cluster_experimental:false\",\"node.datadoghq.com/flavor:standard\",\"orch_cluster_id:093ee83e-2ab7-4c08-8f9e-b580f7bb8115\",\"alias:bit-golang-2025-47912\",\"adp_enabled:false\",\"public_exploit_available:false\",\"node.datadoghq.com/cgroup:v2\",\"node.datadoghq.com/version:v6-260-2\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"base_score:5.3\",\"score:2.8\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"package_version:v1.22.10\",\"package_name:stdlib\",\"ng_cluster_autoscaler:true\",\"kube_node:ip-10-12-87-102.us-west-2.compute.internal\",\"hash:1505a97f3a8bd19c9a5d29f14c9d60749f479ac2de30a8a8b95fbfb5e4b7db53\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"event_type:new\",\"instance_type:c6g.4xlarge\",\"vuln_id:1505a97f3a8bd19c9a5d29f14c9d60749f479ac2de30a8a8b95fbfb5e4b7db53\",\"cpu_arch:arm64\",\"kube_node_role:nodeless-arm64-d-c6g-4xlarge\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838311417}}],\"meta\":{\"elapsed\":1248,\"page\":{\"after\":\"eyJhZnRlciI6IkF3QUFBWnNrS2tfNUZKWWZDd0FBQUJoQlduTnJTMnRmTlVGQlFqWkNNM3BmZVhadWJXNXhVMElBQUFBa1pqRTVZakkwTW1FdE5USmlaQzAwTldVd0xUZzRNREF0WW1ZeVlXSmlOR1k0TldRM0FBQUFMZyIsInZhbHVlcyI6WzE3NjU4MzgzMTE0MTcsIjIwMjUtMTItMTVUMjI6Mzg6MzEuNDE3WiIsMzQ1MzgyNjY3XX0=\"},\"request_id\":\"pddv1ChZubmNwVFVjWVJRLW9xSWIybklHWXJ3Ii0KHaszALDHDfJD6z3rlnQLgHugKbU0hTnqHR56Yrc4Egx3bkYPy7veSr6fRk0\",\"status\":\"done\"},\"links\":{\"next\":\"/api/v2/security/findings?page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrS2tfNUZKWWZDd0FBQUJoQlduTnJTMnRmTlVGQlFqWkNNM3BmZVhadWJXNXhVMElBQUFBa1pqRTVZakkwTW1FdE5USmlaQzAwTldVd0xUZzRNREF0WW1ZeVlXSmlOR1k0TldRM0FBQUFMZyIsInZhbHVlcyI6WzE3NjU4MzgzMTE0MTcsIjIwMjUtMTItMTVUMjI6Mzg6MzEuNDE3WiIsMzQ1MzgyNjY3XX0%3D\\u0026page%5Blimit%5D=5\\u0026sort=-%40detection_changed_at\"}}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/vnd.api+json" + } + ], + "headersSize": 683, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2025-12-15T22:38:44.218Z", + "time": 1437 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response_720106027/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response_720106027/frozen.json new file mode 100644 index 000000000000..3a43ed8068fb --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response_720106027/frozen.json @@ -0,0 +1 @@ +"2025-12-15T22:38:02.352Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response_720106027/recording.har b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response_720106027/recording.har new file mode 100644 index 000000000000..9baea8342d4a --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response_720106027/recording.har @@ -0,0 +1,57 @@ +{ + "log": { + "_recordingName": "Security Monitoring/List security findings returns \"OK\" response", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "a212c1f10527bc2795254c51e88ee1e0", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + } + ], + "headersSize": 516, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [], + "url": "https://api.datadoghq.com/api/v2/security/findings" + }, + "response": { + "bodySize": 72567, + "content": { + "mimeType": "application/vnd.api+json", + "size": 72567, + "text": "{\"data\":[{\"id\":\"MWIxMjUyZGJjMjE3ZTFmZTcwZDdlMDNiNTI2YjQ3ZDB-MmQ5ZDgzMTJiMGIwYmM5ZGRmZjQ5OTk4ZmMzYWYyNmM=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-38626\"],\"cve\":\"CVE-2025-38626\",\"id\":\"TRIVY-CVE-2025-38626\",\"modified_at\":1764176984000,\"published_at\":1755879336000,\"summary\":\"kernel: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-048dfba6091eb0d1d\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271832,\"finding_id\":\"MWIxMjUyZGJjMjE3ZTFmZTcwZDdlMDNiNTI2YjQ3ZDB-MmQ5ZDgzMTJiMGIwYmM5ZGRmZjQ5OTk4ZmMzYWYyNmM=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765435671872,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0cc8c76c477f8196c\",\"name\":\"i-048dfba6091eb0d1d\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"bonsly\"},\"last_seen_at\":1765838271832,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-common\"],\"name\":\"linux\",\"normalized_name\":\"linux\",\"version\":\"5.15.0-161.171\"},\"related_services\":[\"exposed_to_attacks:false\",\"elasticsearch-bundles\"],\"remediation\":{\"is_available\":false},\"resource_id\":\"2d9d8312b0b0bc9ddff49998fc3af26c\",\"resource_name\":\"i-048dfba6091eb0d1d\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00018,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode\",\"vulnerability\":{\"hash\":\"99066567a1e5dbddd8e7f5e3724f31dbf66cac57a143756e292be14481f28759\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271832,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"event_type:close\",\"fix_available:unavailable\",\"security-group:sg-0f39702193288cb41\",\"source:datadog\",\"severity:low\",\"auto-discovery.cluster-autoscaler.k8s.io/bonsly\",\"asset_type:host\",\"nodegroup:elasticsearch-bundles_elasticsearch-bundles-data\",\"image:ami-0cc8c76c477f8196c\",\"base_severity:medium\",\"site:datadoghq.com\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:elasticsearch-bundles-data\",\"name:elasticsearch-bundles_elasticsearch-bundles-data\",\"vuln_id:99066567a1e5dbddd8e7f5e3724f31dbf66cac57a143756e292be14481f28759\",\"app:elasticsearch\",\"assignee_id:none\",\"in_production:false\",\"availability-zone:us-west-2b\",\"is_kube_cluster_experimental:false\",\"tags.datadoghq.com/version:8.19.6\",\"adp_enabled:false\",\"public_exploit_available:false\",\"iam_profile:k8s/prtest02-staging-dog-bonsly-kube-node_v2\",\"base_score:5.5\",\"elasticsearch-role:data\",\"team:compute-cloud-accounts\",\"score:2.7\",\"aws:ec2launchtemplate:id:lt-0e2373e62ce4d91a0\",\"nodegroups.datadoghq.com/name:elasticsearch-bundles-data\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2b\",\"managed_by_team:mars\",\"hash:99066567a1e5dbddd8e7f5e3724f31dbf66cac57a143756e292be14481f28759\",\"ecosystem:deb\",\"kube_node:ip-10-150-76-207.us-west-2.compute.internal\",\"ng_local_storage:false\",\"close_count:0\",\"ng_cluster_autoscaler:true\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:88mi\",\"nodegroups.datadoghq.com/namespace:elasticsearch-bundles\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:20\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:mars\",\"orch_cluster_id:ee224680-a73d-4437-809c-8cbdc2513b6c\",\"cluster_name:bonsly\",\"cpu_arch:arm64\",\"epss_raw_score:0.00018\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"k8s.io/cluster-autoscaler/node-template/taint/node:elasticsearch-bundles-data:noschedule\",\"exposure_time_days:4\",\"service:elasticsearch-bundles\",\"package_name:linux\",\"package_version:5.15.0-161.171\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"asset_id:i-048dfba6091eb0d1d\",\"datastore:elasticsearch\",\"scored:false\",\"kube_node_role:compute\",\"kubernetes_cluster:bonsly\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"node.datadoghq.com/version:v6-257-3\",\"autoscaling_group:prtest02-staging-dog-bonsly-k8s-ng-asg-e030273153b4de8b\",\"kube_cluster_name:bonsly\",\"instance-type:m6g.large\",\"kube_node_role:elasticsearch-bundles-data\",\"chart_name:elasticsearch\",\"region:us-west-2\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/elasticsearch-bundles-data\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:1900m\",\"instance_type:m6g.large\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false\",\"aws_account:204235354797\",\"k8s.io/cluster-autoscaler/node-template/label/team:data-science\",\"node.datadoghq.com/cgroup:v2\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"team:data-science\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"aws:ec2:fleet-id:fleet-121c8084-5187-cc16-a418-27881156a65a\",\"vulnerability_status:auto-closed\",\"cve:cve-2025-38626\",\"kubernetes.io/cluster/bonsly:owned\",\"last_detected_minutes:0\",\"elasticsearch_cluster:elasticsearch-bundles\",\"tag:data\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"cluster:elasticsearch-bundles\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:elasticsearch-bundles\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:7131mi\",\"previous_status:open\",\"alias:cve-2025-38626\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"env:staging\"],\"timestamp\":1765838271832}},{\"id\":\"ZGEwMTA4NDdiZjM0ZjI5ZDBlYmMyMzM3NWFkYmUyNWN-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-22073\"],\"cve\":\"CVE-2025-22073\",\"id\":\"TRIVY-CVE-2025-22073\",\"modified_at\":1762201062000,\"published_at\":1744816561000,\"summary\":\"kernel: spufs: fix a leak on spufs_new_file() failure\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-0fe66c7f2fe27288a\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271620,\"finding_id\":\"ZGEwMTA4NDdiZjM0ZjI5ZDBlYmMyMzM3NWFkYmUyNWN-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765438485381,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"i-0fe66c7f2fe27288a\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271620,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-6.8.0-1040-aws\",\"linux-aws-6.8-tools-6.8.0-1040\",\"linux-headers-6.8.0-1040-aws\",\"linux-aws-6.8-headers-6.8.0-1040\",\"linux-modules-6.8.0-1040-aws\"],\"name\":\"linux-aws-6.8\",\"normalized_name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1040.42~22.04.1\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1041.43~22.04.1\"}]},\"recommended\":{\"name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1041.43~22.04.1\"}},\"resource_id\":\"ccd780722c997ec5b77ea916b3c501ca\",\"resource_name\":\"i-0fe66c7f2fe27288a\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00023,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: spufs: fix a leak on spufs_new_file() failure\",\"vulnerability\":{\"cwes\":[\"CWE-401\"],\"hash\":\"faaac328c2e1d67f56a7d4aa1ed18a013ec6d28bf7312a14ad15692994675f50\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271063,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"vuln_id:faaac328c2e1d67f56a7d4aa1ed18a013ec6d28bf7312a14ad15692994675f50\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"image:ami-0afa99f6d7a0af2bf\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"instance_type:i3en.2xlarge\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"source:datadog\",\"severity:low\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"fix_available:available\",\"asset_type:host\",\"cluster_name:machop\",\"base_severity:medium\",\"site:datadoghq.com\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"in_production:false\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"hash:faaac328c2e1d67f56a7d4aa1ed18a013ec6d28bf7312a14ad15692994675f50\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"base_score:5.5\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"team:compute-cloud-accounts\",\"score:2.7\",\"alias:cve-2025-22073\",\"aws:ec2:fleet-id:fleet-3a3e802e-dba5-6cb6-8eb8-07aa81064fd3\",\"ecosystem:deb\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"package_version:6.8.0-1040.42_22.04.1\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cve:cve-2025-22073\",\"cloud_provider:aws\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"kube_node:ip-10-150-64-123.us-west-2.compute.internal\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"exposure_time_days:4\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"event_type:none\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"package_name:linux-aws-6.8\",\"security-group:sg-0ad037192bd9b2cfd\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"epss_raw_score:0.00023\",\"scored:false\",\"kube_node_role:compute\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"ng_local_storage:true\",\"region:us-west-2\",\"app:kafka\",\"team:streaming-platform\",\"running_kernel:false\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"dd_rule_type:not-empty\",\"kube_node_role:kafka-medium\",\"asset_id:i-0fe66c7f2fe27288a\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"last_detected_minutes:0\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"kafka_broker_id:10002\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"cluster:kafka-error-tracking-001\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271620}},{\"id\":\"MGZkNzMyYTYxMzcxNWQ0YmNmNTI1NTY2MGM4N2Q1MDh-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-35998\"],\"cve\":\"CVE-2024-35998\",\"id\":\"TRIVY-CVE-2024-35998\",\"modified_at\":1736532731000,\"published_at\":1716200114000,\"summary\":\"kernel: smb3: fix lock ordering potential deadlock in cifs_sync_mid_result\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-0fe66c7f2fe27288a\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271581,\"finding_id\":\"MGZkNzMyYTYxMzcxNWQ0YmNmNTI1NTY2MGM4N2Q1MDh-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765438485381,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"i-0fe66c7f2fe27288a\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271581,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-common\"],\"name\":\"linux\",\"normalized_name\":\"linux\",\"version\":\"5.15.0-161.171\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":false},\"resource_id\":\"ccd780722c997ec5b77ea916b3c501ca\",\"resource_name\":\"i-0fe66c7f2fe27288a\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00026,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: smb3: fix lock ordering potential deadlock in cifs_sync_mid_result\",\"vulnerability\":{\"cwes\":[\"CWE-667\"],\"hash\":\"ca8998093cb8d3951624a7fb1696297c187b2065f96216107dcf0bbec01af443\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271581,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"event_type:close\",\"image:ami-0afa99f6d7a0af2bf\",\"fix_available:unavailable\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"instance_type:i3en.2xlarge\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"source:datadog\",\"severity:low\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"asset_type:host\",\"cluster_name:machop\",\"base_severity:medium\",\"site:datadoghq.com\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"in_production:false\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"base_score:5.5\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"team:compute-cloud-accounts\",\"score:2.7\",\"aws:ec2:fleet-id:fleet-3a3e802e-dba5-6cb6-8eb8-07aa81064fd3\",\"ecosystem:deb\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"hash:ca8998093cb8d3951624a7fb1696297c187b2065f96216107dcf0bbec01af443\",\"cloud_provider:aws\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"kube_node:ip-10-150-64-123.us-west-2.compute.internal\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"exposure_time_days:4\",\"package_name:linux\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"package_version:5.15.0-161.171\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"security-group:sg-0ad037192bd9b2cfd\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"epss_raw_score:0.00026\",\"alias:cve-2024-35998\",\"scored:false\",\"kube_node_role:compute\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"ng_local_storage:true\",\"region:us-west-2\",\"app:kafka\",\"team:streaming-platform\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"dd_rule_type:not-empty\",\"kube_node_role:kafka-medium\",\"asset_id:i-0fe66c7f2fe27288a\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"last_detected_minutes:0\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"cve:cve-2024-35998\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"vuln_id:ca8998093cb8d3951624a7fb1696297c187b2065f96216107dcf0bbec01af443\",\"kafka_broker_id:10002\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"previous_status:open\",\"cluster:kafka-error-tracking-001\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271581}},{\"id\":\"ZTlhYTM5OTg5Yzc4OTQ0OGNkZTY2NWI0YzVjZGFjYTl-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"BIT-golang-2024-24789\",\"CGA-4r7q-83hj-9rrp\",\"CVE-2024-24789\",\"GHSA-236w-p7wf-5ph8\"],\"cve\":\"CVE-2024-24789\",\"id\":\"GO-2024-2888\",\"modified_at\":1729574938470,\"published_at\":1717541335000,\"summary\":\"Mishandling of corrupt central directory record in archive/zip\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-012cdbc8991688ee9\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271577,\"finding_id\":\"ZTlhYTM5OTg5Yzc4OTQ0OGNkZTY2NWI0YzVjZGFjYTl-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765421661872,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0cc8c76c477f8196c\",\"name\":\"i-012cdbc8991688ee9\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"bonsly\"},\"last_seen_at\":1765838271577,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"stdlib\"],\"name\":\"stdlib\",\"normalized_name\":\"stdlib\",\"version\":\"v1.22.1\"},\"related_services\":[\"exposed_to_attacks:false\",\"elasticsearch-monitors\"],\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"stdlib\",\"version\":\"1.22.4\"}]},\"recommended\":{\"name\":\"stdlib\",\"version\":\"1.22.4\"}},\"resource_id\":\"048dd9053223ae333e673207dfd83394\",\"resource_name\":\"i-012cdbc8991688ee9\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00006,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\"}},\"status\":\"auto_closed\",\"title\":\"Mishandling of corrupt central directory record in archive/zip\",\"vulnerability\":{\"hash\":\"918ae76520381741e62c216ef01bd4d6ea21fa1730e4dcf1a11ad3141dd4a7f6\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838271577,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"ecosystem:go\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:148mi\",\"alias:cve-2024-24789\",\"event_type:close\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"alias:cga-4r7q-83hj-9rrp\",\"security-group:sg-0f39702193288cb41\",\"aws:ec2launchtemplate:id:lt-08847a5158ca7c73a\",\"source:datadog\",\"severity:low\",\"auto-discovery.cluster-autoscaler.k8s.io/bonsly\",\"fix_available:available\",\"hash:918ae76520381741e62c216ef01bd4d6ea21fa1730e4dcf1a11ad3141dd4a7f6\",\"nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data\",\"asset_type:host\",\"image:ami-0cc8c76c477f8196c\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data\",\"base_severity:medium\",\"site:datadoghq.com\",\"instance-type:m6gd.xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/elasticsearch-monitors-cell-c0-data\",\"assignee:none\",\"app:elasticsearch\",\"cluster:elasticsearch-monitors-cell-c0\",\"assignee_id:none\",\"package_version:v1.22.1\",\"in_production:false\",\"alias:bit-golang-2024-24789\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"tags.datadoghq.com/version:8.19.6\",\"public_exploit_available:false\",\"iam_profile:k8s/prtest02-staging-dog-bonsly-kube-node_v2\",\"base_score:5.5\",\"elasticsearch-role:data\",\"team:compute-cloud-accounts\",\"score:2.7\",\"cell:none\",\"managed_by_team:mars\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/label/team:monitor-resources-indexing\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:236991611392\",\"pool:data\",\"package_name:stdlib\",\"ng_cluster_autoscaler:true\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"vuln_id:918ae76520381741e62c216ef01bd4d6ea21fa1730e4dcf1a11ad3141dd4a7f6\",\"cloud_provider:aws\",\"instance_type:m6gd.xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:mars\",\"orch_cluster_id:ee224680-a73d-4437-809c-8cbdc2513b6c\",\"cluster_name:bonsly\",\"cpu_arch:arm64\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:15009mi\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"asset_id:i-012cdbc8991688ee9\",\"exposure_time_days:4\",\"elasticsearch_cluster:elasticsearch-monitors-cell-c0\",\"alias:ghsa-236w-p7wf-5ph8\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"cve:cve-2024-24789\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"datastore:elasticsearch\",\"scored:false\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:3900m\",\"kube_node_role:compute\",\"team:monitor-resources-indexing\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:40\",\"kubernetes_cluster:bonsly\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"node.datadoghq.com/version:v6-257-3\",\"kube_cluster_name:bonsly\",\"epss_raw_score:0.000060\",\"nodegroup:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data\",\"ng_local_storage:true\",\"chart_name:elasticsearch\",\"region:us-west-2\",\"nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0\",\"aws_account:204235354797\",\"node.datadoghq.com/cgroup:v2\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"name:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data\",\"kube_node_role:elasticsearch-monitors-cell-c0-data\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"autoscaling_group:prtest02-staging-dog-bonsly-k8s-ng-asg-1c82e59d5bb84439\",\"kubernetes.io/cluster/bonsly:owned\",\"service:elasticsearch-monitors\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"aws:ec2:fleet-id:fleet-98a72b26-0bbc-411c-ac98-8e08a9b23a52\",\"previous_status:open\",\"k8s.io/cluster-autoscaler/node-template/taint/node:elasticsearch-monitors-cell-c0-data:noschedule\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kube_node:ip-10-150-85-76.us-west-2.compute.internal\",\"env:staging\"],\"timestamp\":1765838271577}},{\"id\":\"M2JkYTQ1MzFmYTNlODAzZTI1ZjNlMWE1MWMzZWU5Mjh-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-2236\"],\"cve\":\"CVE-2024-2236\",\"id\":\"TRIVY-CVE-2024-2236\",\"modified_at\":1743614137000,\"published_at\":1709763357000,\"summary\":\"libgcrypt: vulnerable to Marvin Attack\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-051d6c5170313e729\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271574,\"finding_id\":\"M2JkYTQ1MzFmYTNlODAzZTI1ZjNlMWE1MWMzZWU5Mjh-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765397453913,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"i-051d6c5170313e729\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271574,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"libgcrypt20\"],\"name\":\"libgcrypt20\",\"normalized_name\":\"libgcrypt20\",\"version\":\"1.9.4-3ubuntu3\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":false},\"resource_id\":\"0aead7bacd260b9f23a21c955a84dd57\",\"resource_name\":\"i-051d6c5170313e729\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00222,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":3.2,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:A/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.9,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\"}},\"status\":\"auto_closed\",\"title\":\"libgcrypt: vulnerable to Marvin Attack\",\"vulnerability\":{\"cwes\":[\"CWE-208\"],\"hash\":\"8119a960f15010996dbda07e35608345ef82c25294c7288a45fd2dae7b0182bd\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271574,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"asset_id:i-051d6c5170313e729\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"event_type:close\",\"image:ami-0afa99f6d7a0af2bf\",\"fix_available:unavailable\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"instance_type:i3en.2xlarge\",\"aws:ec2:fleet-id:fleet-1a9e8026-5b07-6494-a418-858a394c5003\",\"source:datadog\",\"severity:low\",\"epss_raw_score:0.00222\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"package_version:1.9.4-3ubuntu3\",\"asset_type:host\",\"cve:cve-2024-2236\",\"cluster_name:machop\",\"base_severity:medium\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"site:datadoghq.com\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"in_production:false\",\"is_kube_cluster_experimental:false\",\"availability-zone:us-west-2a\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"base_score:5.9\",\"package_name:libgcrypt20\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"team:compute-cloud-accounts\",\"cluster:kafka-aws-metrics-001\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2a\",\"ecosystem:deb\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-6bf23963f9da330\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"alias:cve-2024-2236\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"exposure_time_days:5\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"security-group:sg-0ad037192bd9b2cfd\",\"kube_node:ip-10-150-69-64.us-west-2.compute.internal\",\"score:3.2\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"scored:false\",\"kube_node_role:compute\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"ng_local_storage:true\",\"region:us-west-2\",\"app:kafka\",\"team:streaming-platform\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"vuln_id:8119a960f15010996dbda07e35608345ef82c25294c7288a45fd2dae7b0182bd\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"dd_rule_type:not-empty\",\"kafka_broker_id:10000\",\"kube_node_role:kafka-medium\",\"os_version:22.04\",\"hash:8119a960f15010996dbda07e35608345ef82c25294c7288a45fd2dae7b0182bd\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"last_detected_minutes:0\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"previous_status:open\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271574}},{\"id\":\"M2QxOTQwOWMwZmViZGRlOTU2MDY2ZGRmODhlNWYxNGN-MjA1YThmN2UxODE1NmY1NjRmODNhZDQ2NzM3MTA5MWY=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-38215\"],\"cve\":\"CVE-2025-38215\",\"id\":\"TRIVY-CVE-2025-38215\",\"modified_at\":1762193769000,\"published_at\":1751638529000,\"summary\":\"kernel: fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"ip-10-150-67-24.us-west-2.compute.internal-machop\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271539,\"finding_id\":\"M2QxOTQwOWMwZmViZGRlOTU2MDY2ZGRmODhlNWYxNGN-MjA1YThmN2UxODE1NmY1NjRmODNhZDQ2NzM3MTA5MWY=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765445995855,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"ip-10-150-67-24.us-west-2.compute.internal-machop\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271539,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-modules-6.8.0-1041-aws\",\"linux-tools-6.8.0-1040-aws\",\"linux-aws-6.8-tools-6.8.0-1040\",\"linux-headers-6.8.0-1040-aws\",\"linux-aws-6.8-headers-6.8.0-1040\",\"linux-headers-6.8.0-1041-aws\",\"linux-modules-6.8.0-1040-aws\",\"linux-aws-6.8-headers-6.8.0-1041\"],\"name\":\"linux-aws-6.8\",\"normalized_name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1041.43~22.04.1\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":false},\"resource_id\":\"205a8f7e18156f564f83ad467371091f\",\"resource_name\":\"ip-10-150-67-24.us-west-2.compute.internal-machop\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00058,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"medium\",\"severity_details\":{\"adjusted\":{\"score\":4.7,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":7,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\",\"vulnerability\":{\"hash\":\"63e993a9f0ae0d64cd927f6117fa09ae0790921bc1da8fec4768f603d7ac0ac8\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838270450,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"image:ami-0afa99f6d7a0af2bf\",\"fix_available:unavailable\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"instance_type:i3en.2xlarge\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"source:datadog\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"asset_type:host\",\"cluster_name:machop\",\"vuln_id:63e993a9f0ae0d64cd927f6117fa09ae0790921bc1da8fec4768f603d7ac0ac8\",\"site:datadoghq.com\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"package_version:6.8.0-1041.43_22.04.1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"in_production:false\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"kube_node:ip-10-150-67-24.us-west-2.compute.internal\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"team:compute-cloud-accounts\",\"severity:medium\",\"running_kernel:true\",\"ecosystem:deb\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"asset_id:ip-10-150-67-24.us-west-2.compute.internal-machop\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"exposure_time_days:4\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"event_type:none\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"package_name:linux-aws-6.8\",\"security-group:sg-0ad037192bd9b2cfd\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"scored:false\",\"kube_node_role:compute\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"ng_local_storage:true\",\"region:us-west-2\",\"app:kafka\",\"team:streaming-platform\",\"running_kernel:false\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"score:4.7\",\"base_score:7.0\",\"dd_rule_type:not-empty\",\"alias:cve-2025-38215\",\"kube_node_role:kafka-medium\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"aws:ec2:fleet-id:fleet-321c02a4-730f-4616-0eb0-8d80d9952fcf\",\"last_detected_minutes:0\",\"hash:63e993a9f0ae0d64cd927f6117fa09ae0790921bc1da8fec4768f603d7ac0ac8\",\"base_severity:high\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"kafka_broker_id:10002\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"cluster:kafka-apm-stats-intake-001\",\"epss_raw_score:0.00058\",\"cve:cve-2025-38215\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271539}},{\"id\":\"MTE0MGIxYWM1OWVmMjc2YjhiOGNmMTUzNTRlNzBjYWF-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-40016\"],\"cve\":\"CVE-2025-40016\",\"id\":\"TRIVY-CVE-2025-40016\",\"modified_at\":1761075085000,\"published_at\":1760976938000,\"summary\":\"kernel: media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-012cdbc8991688ee9\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271538,\"finding_id\":\"MTE0MGIxYWM1OWVmMjc2YjhiOGNmMTUzNTRlNzBjYWF-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765421661872,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0cc8c76c477f8196c\",\"name\":\"i-012cdbc8991688ee9\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"bonsly\"},\"last_seen_at\":1765838271538,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-common\"],\"name\":\"linux\",\"normalized_name\":\"linux\",\"version\":\"5.15.0-161.171\"},\"related_services\":[\"exposed_to_attacks:false\",\"elasticsearch-monitors\"],\"remediation\":{\"is_available\":false},\"resource_id\":\"048dd9053223ae333e673207dfd83394\",\"resource_name\":\"i-012cdbc8991688ee9\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00026,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"medium\",\"severity_details\":{\"adjusted\":{\"score\":4.7,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":7,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID\",\"vulnerability\":{\"hash\":\"7b4dd037d291b0e36b6afcbc93621c10831fdaa66a0ac6d217eb1121fb62bfc5\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271538,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:148mi\",\"event_type:close\",\"fix_available:unavailable\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"security-group:sg-0f39702193288cb41\",\"aws:ec2launchtemplate:id:lt-08847a5158ca7c73a\",\"source:datadog\",\"auto-discovery.cluster-autoscaler.k8s.io/bonsly\",\"nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data\",\"asset_type:host\",\"image:ami-0cc8c76c477f8196c\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data\",\"site:datadoghq.com\",\"instance-type:m6gd.xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/elasticsearch-monitors-cell-c0-data\",\"assignee:none\",\"app:elasticsearch\",\"cluster:elasticsearch-monitors-cell-c0\",\"assignee_id:none\",\"in_production:false\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"tags.datadoghq.com/version:8.19.6\",\"public_exploit_available:false\",\"iam_profile:k8s/prtest02-staging-dog-bonsly-kube-node_v2\",\"elasticsearch-role:data\",\"team:compute-cloud-accounts\",\"severity:medium\",\"cell:none\",\"managed_by_team:mars\",\"ecosystem:deb\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/label/team:monitor-resources-indexing\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:236991611392\",\"pool:data\",\"ng_cluster_autoscaler:true\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"instance_type:m6gd.xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:mars\",\"orch_cluster_id:ee224680-a73d-4437-809c-8cbdc2513b6c\",\"vuln_id:7b4dd037d291b0e36b6afcbc93621c10831fdaa66a0ac6d217eb1121fb62bfc5\",\"cluster_name:bonsly\",\"cpu_arch:arm64\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:15009mi\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"asset_id:i-012cdbc8991688ee9\",\"exposure_time_days:4\",\"package_name:linux\",\"elasticsearch_cluster:elasticsearch-monitors-cell-c0\",\"package_version:5.15.0-161.171\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"epss_raw_score:0.00026\",\"datastore:elasticsearch\",\"scored:false\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:3900m\",\"kube_node_role:compute\",\"team:monitor-resources-indexing\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:40\",\"kubernetes_cluster:bonsly\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"node.datadoghq.com/version:v6-257-3\",\"kube_cluster_name:bonsly\",\"nodegroup:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data\",\"ng_local_storage:true\",\"chart_name:elasticsearch\",\"region:us-west-2\",\"nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0\",\"aws_account:204235354797\",\"node.datadoghq.com/cgroup:v2\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"name:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data\",\"kube_node_role:elasticsearch-monitors-cell-c0-data\",\"base_score:7.0\",\"score:4.7\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0\",\"dd_rule_type:not-empty\",\"hash:7b4dd037d291b0e36b6afcbc93621c10831fdaa66a0ac6d217eb1121fb62bfc5\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"autoscaling_group:prtest02-staging-dog-bonsly-k8s-ng-asg-1c82e59d5bb84439\",\"kubernetes.io/cluster/bonsly:owned\",\"service:elasticsearch-monitors\",\"last_detected_minutes:0\",\"base_severity:high\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"aws:ec2:fleet-id:fleet-98a72b26-0bbc-411c-ac98-8e08a9b23a52\",\"cve:cve-2025-40016\",\"previous_status:open\",\"alias:cve-2025-40016\",\"k8s.io/cluster-autoscaler/node-template/taint/node:elasticsearch-monitors-cell-c0-data:noschedule\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kube_node:ip-10-150-85-76.us-west-2.compute.internal\",\"env:staging\"],\"timestamp\":1765838271538}},{\"id\":\"NGNhMjdiNWNjOTEwMTliZGEyYzhlYjg2YzliYTRlYWF-NzM1NzFmMGZiZDI0Mjc1ODI4ODAxMzRlYTJkMWVhY2M=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CGA-9vf9-m4f8-6392\",\"CGA-9vg5-h493-cxr7\",\"CGA-chh8-vhg4-2qj7\",\"CGA-g5hx-8r47-pf39\",\"CGA-hmfp-f3v3-528v\",\"CGA-hrqx-74pg-5m88\",\"CGA-m474-c57g-8945\",\"CGA-r356-23m2-5p37\",\"CGA-v3wf-pwmr-vcw5\",\"CGA-w52c-j6q8-cf23\",\"CGA-w7jq-8v28-882j\",\"CVE-2024-28180\",\"GO-2024-2631\"],\"cve\":\"CVE-2024-28180\",\"id\":\"GHSA-c5q2-7r4c-mv6g\",\"modified_at\":1739473645000,\"published_at\":1709852084000,\"summary\":\"Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-053290257b9479659\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271526,\"finding_id\":\"NGNhMjdiNWNjOTEwMTliZGEyYzhlYjg2YzliYTRlYWF-NzM1NzFmMGZiZDI0Mjc1ODI4ODAxMzRlYTJkMWVhY2M=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765421721839,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"i-053290257b9479659\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271526,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"gopkg.in/square/go-jose.v2\"],\"name\":\"gopkg.in/square/go-jose.v2\",\"normalized_name\":\"gopkg.in/square/go-jose.v2\",\"version\":\"v2.6.0\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":true},\"resource_id\":\"73571f0fbd2427582880134ea2d1eacc\",\"resource_name\":\"i-053290257b9479659\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":true,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.03644,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.6,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:A/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":4.3,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\"}},\"status\":\"auto_closed\",\"title\":\"Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)\",\"vulnerability\":{\"cwes\":[\"CWE-409\"],\"hash\":\"89c9a99fe3d5d66e9a98f65c64ca0057a9d31143d3724f56a894093b3f78c2a8\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838271525,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"ecosystem:go\",\"alias:go-2024-2631\",\"event_type:close\",\"image:ami-0afa99f6d7a0af2bf\",\"alias:cga-hmfp-f3v3-528v\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"instance_type:i3en.2xlarge\",\"hash:89c9a99fe3d5d66e9a98f65c64ca0057a9d31143d3724f56a894093b3f78c2a8\",\"source:datadog\",\"severity:low\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"fix_available:available\",\"asset_type:host\",\"cluster_name:machop\",\"base_severity:medium\",\"aws:ec2:fleet-id:fleet-1aa5a186-ab36-c1b4-063a-86028119420b\",\"asset_id:i-053290257b9479659\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"site:datadoghq.com\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"alias:cga-w7jq-8v28-882j\",\"in_production:false\",\"vuln_id:89c9a99fe3d5d66e9a98f65c64ca0057a9d31143d3724f56a894093b3f78c2a8\",\"is_kube_cluster_experimental:false\",\"alias:cve-2024-28180\",\"availability-zone:us-west-2a\",\"alias:cga-g5hx-8r47-pf39\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"score:2.6\",\"team:compute-cloud-accounts\",\"package_name:gopkg.in/square/go-jose.v2\",\"kube_node:ip-10-150-70-73.us-west-2.compute.internal\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2a\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-6bf23963f9da330\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"alias:cga-w52c-j6q8-cf23\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"epss_raw_score:0.03644\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"alias:cga-v3wf-pwmr-vcw5\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"package_version:v2.6.0\",\"exposure_time_days:4\",\"base_score:4.3\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"alias:cga-chh8-vhg4-2qj7\",\"security-group:sg-0ad037192bd9b2cfd\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"scored:false\",\"cve:cve-2024-28180\",\"kube_node_role:compute\",\"cluster:kafka-collab-intake-001\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"alias:cga-m474-c57g-8945\",\"ng_local_storage:true\",\"region:us-west-2\",\"alias:cga-r356-23m2-5p37\",\"alias:cga-hrqx-74pg-5m88\",\"app:kafka\",\"team:streaming-platform\",\"alias:cga-9vg5-h493-cxr7\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"dd_rule_type:not-empty\",\"kafka_broker_id:10000\",\"kube_node_role:kafka-medium\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"alias:cga-9vf9-m4f8-6392\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"last_detected_minutes:0\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"previous_status:open\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271526}},{\"id\":\"NWEzNGIyY2U2ZDQ5YWQ1MzI4YjJmNThmNjIwYmUzZWN-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-21908\"],\"cve\":\"CVE-2025-21908\",\"id\":\"TRIVY-CVE-2025-21908\",\"modified_at\":1759349912000,\"published_at\":1743524121000,\"summary\":\"kernel: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-051d6c5170313e729\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271495,\"finding_id\":\"NWEzNGIyY2U2ZDQ5YWQ1MzI4YjJmNThmNjIwYmUzZWN-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765397453913,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"i-051d6c5170313e729\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271495,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-common\"],\"name\":\"linux\",\"normalized_name\":\"linux\",\"version\":\"5.15.0-161.171\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":false},\"resource_id\":\"0aead7bacd260b9f23a21c955a84dd57\",\"resource_name\":\"i-051d6c5170313e729\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00014,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback\",\"vulnerability\":{\"cwes\":[\"CWE-667\"],\"hash\":\"4570b3e1911225fe950b59c16276bbd1c54abcdfb97343c6346b720728e37a2f\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271495,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"asset_id:i-051d6c5170313e729\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"event_type:close\",\"image:ami-0afa99f6d7a0af2bf\",\"fix_available:unavailable\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"instance_type:i3en.2xlarge\",\"aws:ec2:fleet-id:fleet-1a9e8026-5b07-6494-a418-858a394c5003\",\"source:datadog\",\"severity:low\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"asset_type:host\",\"cluster_name:machop\",\"base_severity:medium\",\"vuln_id:4570b3e1911225fe950b59c16276bbd1c54abcdfb97343c6346b720728e37a2f\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"site:datadoghq.com\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"in_production:false\",\"is_kube_cluster_experimental:false\",\"availability-zone:us-west-2a\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"base_score:5.5\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"team:compute-cloud-accounts\",\"score:2.7\",\"cluster:kafka-aws-metrics-001\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2a\",\"ecosystem:deb\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-6bf23963f9da330\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"epss_raw_score:0.00014\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"package_name:linux\",\"exposure_time_days:5\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"package_version:5.15.0-161.171\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"security-group:sg-0ad037192bd9b2cfd\",\"kube_node:ip-10-150-69-64.us-west-2.compute.internal\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"scored:false\",\"kube_node_role:compute\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"ng_local_storage:true\",\"region:us-west-2\",\"app:kafka\",\"team:streaming-platform\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"dd_rule_type:not-empty\",\"alias:cve-2025-21908\",\"kafka_broker_id:10000\",\"kube_node_role:kafka-medium\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"last_detected_minutes:0\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"previous_status:open\",\"cve:cve-2025-21908\",\"hash:4570b3e1911225fe950b59c16276bbd1c54abcdfb97343c6346b720728e37a2f\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271495}},{\"id\":\"ZDc1MGVmYjlhNWE4ZDIxOGY0ZDFmMDQ5ZDU5NDhhNTl-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-39806\"],\"cve\":\"CVE-2025-39806\",\"id\":\"TRIVY-CVE-2025-39806\",\"modified_at\":1762193808000,\"published_at\":1758028551000,\"summary\":\"kernel: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-0fe66c7f2fe27288a\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271483,\"finding_id\":\"ZDc1MGVmYjlhNWE4ZDIxOGY0ZDFmMDQ5ZDU5NDhhNTl-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765438485381,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"i-0fe66c7f2fe27288a\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271483,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-common\"],\"name\":\"linux\",\"normalized_name\":\"linux\",\"version\":\"5.15.0-161.171\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"linux\",\"version\":\"5.15.0-163.173\"}]},\"recommended\":{\"name\":\"linux\",\"version\":\"5.15.0-163.173\"}},\"resource_id\":\"ccd780722c997ec5b77ea916b3c501ca\",\"resource_name\":\"i-0fe66c7f2fe27288a\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00036,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":3.6,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.8,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()\",\"vulnerability\":{\"hash\":\"f48ef5d7531edd145ad05e7a4d3ad369393a320e87e7854007d0777f1d24624f\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271483,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"event_type:close\",\"image:ami-0afa99f6d7a0af2bf\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"instance_type:i3en.2xlarge\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"source:datadog\",\"severity:low\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"fix_available:available\",\"asset_type:host\",\"cluster_name:machop\",\"base_severity:medium\",\"site:datadoghq.com\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"in_production:false\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"cve:cve-2025-39806\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"base_score:5.8\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"team:compute-cloud-accounts\",\"hash:f48ef5d7531edd145ad05e7a4d3ad369393a320e87e7854007d0777f1d24624f\",\"aws:ec2:fleet-id:fleet-3a3e802e-dba5-6cb6-8eb8-07aa81064fd3\",\"ecosystem:deb\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"kube_node:ip-10-150-64-123.us-west-2.compute.internal\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"exposure_time_days:4\",\"score:3.6\",\"package_name:linux\",\"alias:cve-2025-39806\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"package_version:5.15.0-161.171\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"security-group:sg-0ad037192bd9b2cfd\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"scored:false\",\"kube_node_role:compute\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"ng_local_storage:true\",\"region:us-west-2\",\"epss_raw_score:0.00036\",\"app:kafka\",\"team:streaming-platform\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"vuln_id:f48ef5d7531edd145ad05e7a4d3ad369393a320e87e7854007d0777f1d24624f\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"dd_rule_type:not-empty\",\"kube_node_role:kafka-medium\",\"asset_id:i-0fe66c7f2fe27288a\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"last_detected_minutes:0\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"kafka_broker_id:10002\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"previous_status:open\",\"cluster:kafka-error-tracking-001\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271483}}],\"meta\":{\"elapsed\":1195,\"page\":{\"after\":\"eyJhZnRlciI6IkF3QUFBWnNrS2JQNzd2ekswQUFBQUJoQlduTnJTMkpRTjBGQlFUTnZOMEpJYkRVM00wbDZURVlBQUFBa1pERTVZakkwTWprdFlqWTFPUzAwWlRnMExUZzVNMll0WkRVNE5HTTVOVGRqWTJGa0FBQUFFZyIsInZhbHVlcyI6WzE3NjU4MzgyNzE0ODMsIjIwMjUtMTItMTVUMjI6Mzc6NTEuNDgzWiIsLTI4NTQyMjg5Nl19\"},\"request_id\":\"pddv1ChZEV0JfaHozRVJJT3B1aUpZVnRRSGZBIiwKHMkNUONObwGrUBI2wC3SsGESwWt0gp1AaEa5fmMSDOob7VueP1L1GfbrUg\",\"status\":\"done\"},\"links\":{\"next\":\"/api/v2/security/findings?page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrS2JQNzd2ekswQUFBQUJoQlduTnJTMkpRTjBGQlFUTnZOMEpJYkRVM00wbDZURVlBQUFBa1pERTVZakkwTWprdFlqWTFPUzAwWlRnMExUZzVNMll0WkRVNE5HTTVOVGRqWTJGa0FBQUFFZyIsInZhbHVlcyI6WzE3NjU4MzgyNzE0ODMsIjIwMjUtMTItMTVUMjI6Mzc6NTEuNDgzWiIsLTI4NTQyMjg5Nl19\\u0026page%5Blimit%5D=10\\u0026sort=-%40detection_changed_at\"}}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/vnd.api+json" + } + ], + "headersSize": 683, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2025-12-15T22:38:02.362Z", + "time": 1359 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-Bad-Request-response_1087921447/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-Bad-Request-response_1087921447/frozen.json new file mode 100644 index 000000000000..fb12803853ac --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-Bad-Request-response_1087921447/frozen.json @@ -0,0 +1 @@ +"2025-12-17T16:27:52.376Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-Bad-Request-response_1087921447/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-Bad-Request-response_1087921447/recording.har new file mode 100644 index 000000000000..35d00c35b7e8 --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-Bad-Request-response_1087921447/recording.har @@ -0,0 +1,67 @@ +{ + "log": { + "_recordingName": "Security Monitoring/Search security findings returns \"Bad Request\" response", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "c47f7cfc83de8dd7156b7d2e2e9517da", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 36, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + }, + { + "_fromType": "array", + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 580, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/json", + "params": [], + "text": "{\"page\":{\"cursor\":\"invalid_cursor\"}}" + }, + "queryString": [], + "url": "https://api.datadoghq.com/api/v2/security/findings/search" + }, + "response": { + "bodySize": 159, + "content": { + "mimeType": "application/vnd.api+json", + "size": 159, + "text": "{\"errors\":[{\"status\":\"400\",\"title\":\"Bad Request\",\"detail\":\"document is missing required top-level members; must have one of: \\\"data\\\", \\\"meta\\\", \\\"errors\\\"\"}]}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/vnd.api+json" + } + ], + "headersSize": 675, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 400, + "statusText": "Bad Request" + }, + "startedDateTime": "2025-12-17T16:27:52.382Z", + "time": 89 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response-with-pagination_3585802019/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response-with-pagination_3585802019/frozen.json new file mode 100644 index 000000000000..11b19a8ae19d --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response-with-pagination_3585802019/frozen.json @@ -0,0 +1 @@ +"2025-12-15T22:44:41.939Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response-with-pagination_3585802019/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response-with-pagination_3585802019/recording.har new file mode 100644 index 000000000000..8bb6c9ec08c5 --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response-with-pagination_3585802019/recording.har @@ -0,0 +1,67 @@ +{ + "log": { + "_recordingName": "Security Monitoring/Search security findings returns \"OK\" response with pagination", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "c171c8a560a6017cc5481974daa56bd2", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 84, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + }, + { + "_fromType": "array", + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 576, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/json", + "params": [], + "text": "{\"data\":{\"attributes\":{\"filter\":\"@severity:(critical OR high)\",\"page\":{\"limit\":1}}}}" + }, + "queryString": [], + "url": "https://api.datadoghq.com/api/v2/security/findings/search" + }, + "response": { + "bodySize": 17457, + "content": { + "mimeType": "application/vnd.api+json", + "size": 17457, + "text": "{\"data\":[{\"id\":\"ZGVmLTAway1leWV-aS0wOGE2ZmE2ODdjOWE2ZDJkYg==\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"cloud_resource\":{\"account\":\"600865094333\",\"category\":\"compute\",\"cloud_provider\":\"aws\",\"configuration\":{\"account_id\":\"600865094333\",\"components\":{\"kubelet\":{\"config\":{\"content\":{\"address\":\"10.12.32.204\",\"allowedUnsafeSysctls\":[\"net.*\"],\"apiVersion\":\"kubelet.config.k8s.io/v1beta1\",\"authentication\":{\"anonymous\":{\"enabled\":false},\"webhook\":{\"cacheTTL\":\"60m\",\"enabled\":true},\"x509\":{\"clientCAFile\":{\"certificate\":{\"authorityKeyId\":\"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96\",\"commonName\":\"parent31-k8s\",\"dnsNames\":[\"parent31-k8s\"],\"fingerprint\":\"SHA256:DP/0ES6hkVPMrFizcIMEbQ75QGpwuWZZzShkn1KGQLA\",\"notAfter\":\"2030-09-28T18:40:34Z\",\"notBefore\":\"2025-09-29T18:40:04Z\",\"serialNumber\":\"680167176125483697456383252717454423151202771482\",\"subjectKeyId\":\"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96\"},\"dirGroup\":\"root\",\"dirMode\":2147484141,\"dirUser\":\"root\",\"group\":\"root\",\"mode\":420,\"path\":\"/etc/vaultd/certs/vault-ca.cert\",\"user\":\"root\"}}},\"authorization\":{\"mode\":\"Webhook\",\"webhook\":{\"cacheAuthorizedTTL\":\"60m\"}},\"cgroupDriver\":\"systemd\",\"cgroupsPerQOS\":true,\"clusterDomain\":\"parent31.cluster.local\",\"containerLogMaxFiles\":3,\"containerLogMaxSize\":\"20Mi\",\"cpuCFSQuota\":false,\"cpuManagerPolicy\":\"static\",\"enforceNodeAllocatable\":[\"pods\"],\"featureGates\":{\"AllowUnsafeMalformedObjectDeletion\":false,\"CBORServingAndStorage\":false,\"ClearingNominatedNodeNameAfterBinding\":false,\"ClusterTrustBundle\":false,\"ClusterTrustBundleProjection\":false,\"ComponentFlagz\":false,\"ComponentStatusz\":false,\"ContainerRestartRules\":false,\"ContainerStopSignals\":false,\"CoordinatedLeaderElection\":false,\"DRAConsumableCapacity\":true,\"DRADeviceBindingConditions\":true,\"DRADeviceTaints\":true,\"DRAExtendedResource\":true,\"DRAPartitionableDevices\":true,\"DRASchedulerFilterTimeout\":true,\"DeclarativeValidationTakeover\":false,\"DeploymentReplicaSetTerminatingReplicas\":false,\"DynamicResourceAllocation\":true,\"EnvFiles\":false,\"ExternalServiceAccountTokenSigner\":true,\"HPAConfigurableTolerance\":false,\"HostnameOverride\":false,\"ImageVolume\":true,\"InPlacePodVerticalScalingExclusiveCPUs\":false,\"InPlacePodVerticalScalingExclusiveMemory\":false,\"JobManagedBy\":false,\"KubeletCrashLoopBackOffMax\":false,\"KubeletEnsureSecretPulledImages\":false,\"KubeletFineGrainedAuthz\":false,\"MaxUnavailableStatefulSet\":true,\"MutableCSINodeAllocatableCount\":true,\"MutatingAdmissionPolicy\":true,\"NominatedNodeNameForExpectation\":false,\"PodCertificateRequest\":false,\"PodLogsQuerySplitStreams\":false,\"PodTopologyLabelsAdmission\":false,\"ReduceDefaultCrashLoopBackOffDecay\":false,\"RelaxedServiceNameValidation\":false,\"RemoteRequestHeaderUID\":false,\"ResourceHealthStatus\":false,\"SELinuxChangePolicy\":false,\"SchedulerAsyncPreemption\":false,\"ServiceAccountNodeAudienceRestriction\":false,\"StorageCapacityScoring\":false,\"StorageVersionMigrator\":false,\"StrictIPCIDRValidation\":false,\"WatchCacheInitializationPostStartHook\":false,\"WatchList\":true},\"imageMaximumGCAge\":\"22h\",\"kind\":\"KubeletConfiguration\",\"kubeReserved\":{\"cpu\":\"100m\",\"memory\":\"300Mi\"},\"kubeReservedCgroup\":\"kuberuntime\",\"maxPods\":45,\"providerID\":\"aws:///us-west-2c/i-08a6fa687c9a6d2db\",\"readOnlyPort\":0,\"registerWithTaints\":[{\"effect\":\"NoSchedule\",\"key\":\"ebs.csi.aws.com/agent-not-ready\",\"value\":\"true\"},{\"effect\":\"NoSchedule\",\"key\":\"node\",\"value\":\"nodeless\"}],\"registryBurst\":20,\"registryPullQPS\":8,\"streamingConnectionIdleTimeout\":\"4h\",\"systemReserved\":{\"cpu\":\"100m\",\"memory\":\"3507947110\"},\"systemReservedCgroup\":\"system\",\"tlsCertFile\":{\"certificate\":{\"authorityKeyId\":\"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96\",\"commonName\":\"system:node:ip-10-12-32-204.us-west-2.compute.internal\",\"fingerprint\":\"SHA256:FBQHjmcexGGgB42hmh2FLq1lRwyoz1HYRpJRd2pnsII\",\"ipAddresses\":[\"10.12.32.204\"],\"notAfter\":\"2025-12-22T16:50:32Z\",\"notBefore\":\"2025-12-15T22:38:56Z\",\"organization\":[\"system:nodes\"],\"serialNumber\":\"127630705538822312578970595637812130230650020432\",\"subjectKeyId\":\"67:A8:EE:1D:53:9F:B8:54:1B:3F:17:CF:7D:90:5A:BD:16:80:64:D7\"},\"dirGroup\":\"root\",\"dirMode\":2147484141,\"dirUser\":\"root\",\"group\":\"root\",\"mode\":420,\"path\":\"/var/lib/kubelet/pki/kubelet-cert.pem\",\"user\":\"root\"},\"tlsPrivateKeyFile\":{\"group\":\"root\",\"mode\":384,\"path\":\"/var/lib/kubelet/pki/kubelet-key.pem\",\"user\":\"root\"}},\"group\":\"root\",\"mode\":384,\"path\":\"/etc/kubernetes/kubelet-configuration.yaml\",\"user\":\"root\"},\"event-burst\":100,\"event-qps\":50,\"hostname-override\":\"ip-10-12-32-204.us-west-2.compute.internal\",\"image-credential-provider-bin-dir\":{\"group\":\"root\",\"mode\":2147484141,\"path\":\"/usr/local/bin\",\"user\":\"root\"},\"image-credential-provider-config\":{\"content\":{\"apiVersion\":\"kubelet.config.k8s.io/v1\",\"kind\":\"CredentialProviderConfig\",\"providers\":[{\"apiVersion\":\"credentialprovider.kubelet.k8s.io/v1\",\"defaultCacheDuration\":\"12h\",\"matchImages\":[\"*.dkr.ecr.*.amazonaws.com\",\"*.dkr.ecr-fips.*.amazonaws.com\"],\"name\":\"ecr-credential-provider\"}]},\"group\":\"root\",\"mode\":292,\"path\":\"/etc/kubernetes/kubelet-credential-provider-config.yaml\",\"user\":\"root\"},\"kubeconfig\":{\"group\":\"root\",\"kubeconfig\":{\"clusters\":{\"kubernetes\":{\"certificateAuthority\":{\"certificate\":{\"authorityKeyId\":\"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96\",\"commonName\":\"parent31-k8s\",\"dnsNames\":[\"parent31-k8s\"],\"fingerprint\":\"SHA256:DP/0ES6hkVPMrFizcIMEbQ75QGpwuWZZzShkn1KGQLA\",\"notAfter\":\"2030-09-28T18:40:34Z\",\"notBefore\":\"2025-09-29T18:40:04Z\",\"serialNumber\":\"680167176125483697456383252717454423151202771482\",\"subjectKeyId\":\"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96\"},\"dirGroup\":\"root\",\"dirMode\":2147484141,\"dirUser\":\"root\",\"group\":\"root\",\"mode\":420,\"path\":\"/etc/vaultd/certs/vault-ca.cert\",\"user\":\"root\"},\"server\":\"https://k8s-parent31.prtest03.staging.dog\"}},\"contexts\":{\"kubelet\":{\"cluster\":\"kubernetes\",\"user\":\"kubelet\"}},\"currentContext\":\"\",\"users\":{\"kubelet\":{\"clientCertificate\":{\"certificate\":{\"authorityKeyId\":\"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96\",\"commonName\":\"system:node:ip-10-12-32-204.us-west-2.compute.internal\",\"fingerprint\":\"SHA256:FBQHjmcexGGgB42hmh2FLq1lRwyoz1HYRpJRd2pnsII\",\"ipAddresses\":[\"10.12.32.204\"],\"notAfter\":\"2025-12-22T16:50:32Z\",\"notBefore\":\"2025-12-15T22:38:56Z\",\"organization\":[\"system:nodes\"],\"serialNumber\":\"127630705538822312578970595637812130230650020432\",\"subjectKeyId\":\"67:A8:EE:1D:53:9F:B8:54:1B:3F:17:CF:7D:90:5A:BD:16:80:64:D7\"},\"dirGroup\":\"root\",\"dirMode\":2147484141,\"dirUser\":\"root\",\"group\":\"root\",\"mode\":420,\"path\":\"/var/lib/kubelet/pki/kubelet-cert.pem\",\"user\":\"root\"},\"clientKey\":{\"group\":\"root\",\"mode\":384,\"path\":\"/var/lib/kubelet/pki/kubelet-key.pem\",\"user\":\"root\"},\"usePassword\":false,\"useToken\":false}}},\"mode\":420,\"path\":\"/var/lib/kubelet/kubeconfig.yaml\",\"user\":\"root\"},\"make-iptables-util-chains\":true,\"pod-max-pids\":-1,\"skippedFlags\":{\"--cloud-provider\":\"external\",\"--cluster-dns\":\"172.17.0.2\",\"--config-dir\":\"/etc/kubernetes/config.d\",\"--container-runtime-endpoint\":\"unix:///run/containerd/containerd.sock\",\"--healthz-bind-address\":\"10.12.32.204\",\"--node-ip\":\"10.12.32.204\",\"--node-labels\":\"node.datadoghq.com/cgroup=v2\"}}},\"framework_requirement\":[\"fedramp-low/Identification-and-Authentication\",\"fedramp-moderate/Identification-and-Authentication\",\"pci-dss/Protect-Stored-Account-Data\",\"cis-kubernetes/Kubelet\",\"fedramp-high/Identification-and-Authentication\",\"nist-800-53/Identification and Authentication\",\"pci-dss/Apply-Secure-Configurations-to-All-System-Components\"],\"framework_requirement_control\":[\"cis-kubernetes/Kubelet/4.2.10\",\"nist-800-53/Identification and Authentication/IA-7\",\"fedramp-high/Identification-and-Authentication/IA-7\",\"pci-dss/Apply-Secure-Configurations-to-All-System-Components/2.2.7\",\"fedramp-low/Identification-and-Authentication/IA-7\",\"fedramp-moderate/Identification-and-Authentication/IA-7\",\"pci-dss/Protect-Stored-Account-Data/3.6.1.2\",\"pci-dss/Protect-Stored-Account-Data/3.6.1.1\"],\"is_default_crawl\":false,\"kube_node_name\":\"kube-system_nodeless-amd64-d-m6a-2xlarge\",\"kubeletService\":{\"content\":[\"Unit\"],\"group\":\"root\",\"mode\":420,\"path\":\"/etc/systemd/system/kubelet.service\",\"user\":\"root\"},\"version\":\"202403\"},\"region\":\"us-west-2\"},\"compliance\":{\"evaluation\":\"pass\",\"framework_requirement_controls\":[\"cis-kubernetes/Kubelet/4.2.10\",\"nist-800-53/Identification and Authentication/IA-7\",\"fedramp-high/Identification-and-Authentication/IA-7\",\"pci-dss/Apply-Secure-Configurations-to-All-System-Components/2.2.7\",\"fedramp-low/Identification-and-Authentication/IA-7\",\"fedramp-moderate/Identification-and-Authentication/IA-7\",\"pci-dss/Protect-Stored-Account-Data/3.6.1.2\",\"pci-dss/Protect-Stored-Account-Data/3.6.1.1\"],\"framework_requirements\":[\"fedramp-low/Identification-and-Authentication\",\"fedramp-moderate/Identification-and-Authentication\",\"pci-dss/Protect-Stored-Account-Data\",\"cis-kubernetes/Kubelet\",\"fedramp-high/Identification-and-Authentication\",\"nist-800-53/Identification and Authentication\",\"pci-dss/Apply-Secure-Configurations-to-All-System-Components\"],\"frameworks\":[{\"control\":\"4.2.10\",\"framework\":\"cis-kubernetes\",\"is_default\":true,\"requirement\":\"Kubelet\",\"version\":\"1.9.0\"},{\"control\":\"IA-7\",\"framework\":\"fedramp-high\",\"is_default\":true,\"requirement\":\"Identification-and-Authentication\",\"version\":\"5\"},{\"control\":\"IA-7\",\"framework\":\"fedramp-low\",\"is_default\":true,\"requirement\":\"Identification-and-Authentication\",\"version\":\"5\"},{\"control\":\"IA-7\",\"framework\":\"fedramp-moderate\",\"is_default\":true,\"requirement\":\"Identification-and-Authentication\",\"version\":\"5\"},{\"control\":\"IA-7\",\"framework\":\"nist-800-53\",\"is_default\":true,\"requirement\":\"Identification and Authentication\",\"version\":\"rev5\"},{\"control\":\"2.2.7\",\"framework\":\"pci-dss\",\"is_default\":true,\"requirement\":\"Apply-Secure-Configurations-to-All-System-Components\",\"version\":\"4.0.1\"},{\"control\":\"3.6.1.1\",\"framework\":\"pci-dss\",\"is_default\":true,\"requirement\":\"Protect-Stored-Account-Data\",\"version\":\"4.0.1\"},{\"control\":\"3.6.1.2\",\"framework\":\"pci-dss\",\"is_default\":true,\"requirement\":\"Protect-Stored-Account-Data\",\"version\":\"4.0.1\"}]},\"description\":\"%%%\\n## Description\\n\\nKubelet client certificate rotation should be enabled. The `--rotate-certificates` setting tells the kubelet to rotate its client certificates by creating new CSRs when its existing credentials expire. This automated periodic rotation ensures that there is no downtime due to expired certificates and thus addresses availability in the CIA security triad.\\n\\n**Note**: This recommendation only applies if you let kubelets get their certificates from the API server. In cases where your kubelet certificates come from an outside authority or tool (for example, Vault), then you need to manually do the rotation. \\n\\n## Remediation\\n\\n1. If using a kubelet config file, edit the file to add the line `rotateCertificates: true`.\\n2. If using command line arguments, edit the kubelet service file `/etc/systemd/system/kubelet.service.d/10-kubeadm.conf` on each worker node and add the argument below from the `KUBELET_CERTIFICATE_ARGS` variable.\\n ```\\n --rotate-certificates=true\\n ```\\n3. Restart the kubelet service.\\n\\n%%%\",\"detection_changed_at\":1765838670804,\"finding_id\":\"ZGVmLTAway1leWV-aS0wOGE2ZmE2ODdjOWE2ZDJkYg==\",\"finding_type\":\"misconfiguration\",\"first_seen_at\":1765838670804,\"k8s\":{\"cluster_id\":\"parent31\"},\"last_seen_at\":1765838670804,\"metadata\":{\"schema_version\":\"2\"},\"resource_id\":\"i-08a6fa687c9a6d2db\",\"resource_name\":\"kube-system_nodeless-amd64-d-m6a-2xlarge\",\"resource_type\":\"kubernetes_worker_node\",\"rule\":{\"default_rule_id\":\"def-00k-eye\",\"id\":\"def-00k-eye\",\"name\":\"The kubelet client certificate rotation should be enabled\",\"type\":\"cloud configuration\",\"version\":7},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8,\"value\":\"high\",\"value_id\":3}},\"status\":\"open\",\"title\":\"The kubelet client certificate rotation should be enabled\",\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"scored:true\",\"kernel:none\",\"kube_node_role:nodeless\",\"dd_compute_k8s_platform_version:v6-260-2\",\"k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-200m-v2\",\"kube_cluster_name:parent31\",\"k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule\",\"nodegroup:kube-system_nodeless-amd64-d-m6a-2xlarge\",\"name:kube-system_nodeless-amd64-d-m6a-2xlarge\",\"framework:fedramp-low\",\"requirement:identification_and_authentication\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s\",\"control:2.2.7\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true\",\"iam_profile:k8s/prtest03-staging-dog-parent31-kube-node_v2\",\"site:datadoghq.com\",\"framework_version:pci-dss_v4.0.1\",\"framework:cis-kubernetes\",\"nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-2xlarge\",\"framework:nist-800-53\",\"aws:ec2:fleet-id:fleet-30af8106-a33c-c1bc-8e30-8c2aef2d524c\",\"requirement:protect-stored-account-data\",\"framework_version:nist-800-53_vrev5\",\"framework:fedramp-moderate\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"requirement:identification-and-authentication\",\"node.datadoghq.com/flavor:standard\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-m6a-2xlarge\",\"adp_enabled:false\",\"kube_node_role:nodeless-amd64-d-m6a-2xlarge\",\"kubernetes.io/cluster/parent31:owned\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard\",\"team:compute-cloud-accounts\",\"image:ami-0e7b60ad05b2da7ed\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless\",\"ng_local_storage:false\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"security-group:sg-041983b0e52f0b956\",\"auto-discovery.cluster-autoscaler.k8s.io/parent31\",\"ng_cluster_autoscaler:true\",\"account:staging-prtest03-hazel-parent\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system\",\"kubernetes_cluster:parent31\",\"account_id:600865094333\",\"aws:ec2launchtemplate:id:lt-0e13322d92afb436c\",\"k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"framework_version:fedramp-moderate_v5\",\"k8s.io/cluster-autoscaler/node-template/label/class:nodeless\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:28983228826\",\"framework_version:cis-kubernetes_v1.9.0\",\"agent_release_candidate_cluster:false\",\"host:i-08a6fa687c9a6d2db\",\"role:kube-node\",\"env:staging\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"instance-type:m6a.2xlarge\",\"control:ia-7\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:372mi\",\"framework_version:fedramp-low_v5\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95\",\"scope:kubernetes\",\"security:compliance\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64\",\"kube_node_role:compute\",\"k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-200m-v2\",\"nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64\",\"control:3.6.1.1\",\"control:3.6.1.2\",\"datacenter:prtest03.staging.dog\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"framework:pci-dss\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-2xlarge\",\"region:us-west-2\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:53034256170\",\"nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller\",\"kube_node:ip-10-12-32-204.us-west-2.compute.internal\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false\",\"framework_version:fedramp-high_v5\",\"node.datadoghq.com/cgroup:v2\",\"node.datadoghq.com/version:v6-260-2\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"security-group:sg-040bae0963d96a1c5\",\"cluster_name:parent31\",\"aws_account:600865094333\",\"autoscaling_group:prtest03-staging-dog-parent31-k8s-ng-asg-4defb27385fb49b0\",\"cpu_arch:amd64\",\"requirement:kubelet\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"requirement:apply-secure-configurations-to-all-system-components\",\"instance_type:m6a.2xlarge\",\"orch_cluster_id:69945bda-00ed-44d6-8ddd-5ee7cecf1c1d\",\"source:kubernetes\",\"framework:fedramp-high\",\"control:4.2.10\",\"source:compliance-agent\"],\"timestamp\":1765838670804}}],\"meta\":{\"elapsed\":916,\"page\":{\"after\":\"eyJhZnRlciI6IkF3QUFBWnNrTDh2VTlLUDFyQUFBQUJoQlduTnJURGgyVlVGQlF6QnVTVVJUUTBwbk5HbE9jSE1BQUFBa1pqRTVZakkwTW1ZdFpEUXhOeTAwWW1GbExUZ3haRFl0WkRZME5EazFNelE0TkRabEFBQUg0ZyIsInZhbHVlcyI6WzE3NjU4Mzg2NzA4MDQsIjIwMjUtMTItMTVUMjI6NDQ6MzAuODA0WiIsLTE5MDU4MTMzMl19\"},\"request_id\":\"pddv1ChZXeHI2X1VLUFMyQ25KRjFhNTgwWlZ3Ii0KHSOVjxpVE2yfxdGytC3aiBt_PLDLzISoQQFbf2XXEgys6s_dxBVNuv6xlig\",\"status\":\"done\"},\"links\":{\"next\":\"/api/v2/security/findings?filter%5Bquery%5D=%40severity%3Acritical+OR+%40severity%3Ahigh\\u0026page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrTDh2VTlLUDFyQUFBQUJoQlduTnJURGgyVlVGQlF6QnVTVVJUUTBwbk5HbE9jSE1BQUFBa1pqRTVZakkwTW1ZdFpEUXhOeTAwWW1GbExUZ3haRFl0WkRZME5EazFNelE0TkRabEFBQUg0ZyIsInZhbHVlcyI6WzE3NjU4Mzg2NzA4MDQsIjIwMjUtMTItMTVUMjI6NDQ6MzAuODA0WiIsLTE5MDU4MTMzMl19\\u0026page%5Blimit%5D=1\\u0026sort=-%40detection_changed_at\"}}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/vnd.api+json" + } + ], + "headersSize": 683, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2025-12-15T22:44:41.945Z", + "time": 1040 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response_2164909507/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response_2164909507/frozen.json new file mode 100644 index 000000000000..bb7baa30918f --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response_2164909507/frozen.json @@ -0,0 +1 @@ +"2025-12-15T22:43:55.549Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response_2164909507/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response_2164909507/recording.har new file mode 100644 index 000000000000..38481f13233f --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response_2164909507/recording.har @@ -0,0 +1,67 @@ +{ + "log": { + "_recordingName": "Security Monitoring/Search security findings returns \"OK\" response", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "1ec3068ea915e8825cf5890a31d08a6d", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 65, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + }, + { + "_fromType": "array", + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 580, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/json", + "params": [], + "text": "{\"data\":{\"attributes\":{\"filter\":\"@severity:(critical OR high)\"}}}" + }, + "queryString": [], + "url": "https://api.datadoghq.com/api/v2/security/findings/search" + }, + "response": { + "bodySize": 57082, + "content": { + "mimeType": "application/vnd.api+json", + "size": 57082, + "text": "{\"data\":[{\"id\":\"Y2RiNWYyMmQ2Nzg2ZTBkYjA1ZTc5NDM3MDU5NGJhNTh-MWIxYTc2ZDZkNDZlYmE0YjFlY2RkMDY0NjRlYjIwZTk=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-45337\",\"GO-2024-3321\"],\"cve\":\"CVE-2024-45337\",\"id\":\"GHSA-v778-237x-gjrc\",\"modified_at\":1738337443000,\"published_at\":1733954584000,\"summary\":\"Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"990060747993\",\"cloud_provider\":\"aws\",\"display_name\":\"ip-10-151-60-149.us-west-2.compute.internal-raboot-c\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838619159,\"finding_id\":\"Y2RiNWYyMmQ2Nzg2ZTBkYjA1ZTc5NDM3MDU5NGJhNTh-MWIxYTc2ZDZkNDZlYmE0YjFlY2RkMDY0NjRlYjIwZTk=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765838614786,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0e7b60ad05b2da7ed\",\"name\":\"ip-10-151-60-149.us-west-2.compute.internal-raboot-c\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"raboot-c\"},\"last_seen_at\":1765838619159,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"golang.org/x/crypto\"],\"name\":\"golang.org/x/crypto\",\"normalized_name\":\"golang.org/x/crypto\",\"version\":\"v0.18.0\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"golang.org/x/crypto\",\"version\":\"0.31.0\"}]},\"recommended\":{\"name\":\"golang.org/x/crypto\",\"version\":\"0.31.0\"}},\"resource_id\":\"1b1a76d6d46eba4b1ecdd06464eb20e9\",\"resource_name\":\"ip-10-151-60-149.us-west-2.compute.internal-raboot-c\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/NHAS/CVE-2024-45337-POC\",\"https://github.com/NHAS/VULNERABLE-CVE-2024-45337\",\"https://github.com/peace-maker/CVE-2024-45337\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.42906,\"epss_severity\":\"medium\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":7,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":9.1,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\"}},\"status\":\"open\",\"title\":\"Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto\",\"vulnerability\":{\"cwes\":[\"CWE-285\"],\"hash\":\"2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"kube_node_role:nodeless\",\"aws:ec2launchtemplate:id:lt-0105c69a444a8e9fb\",\"ecosystem:go\",\"dd_compute_k8s_platform_version:v6-260-2\",\"k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-200m-v2\",\"aws_account:990060747993\",\"fix_version:v0.46.0\",\"instance-type:c6a.2xlarge\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:13480074445\",\"kubernetes_cluster:raboot-c\",\"source:datadog\",\"k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule\",\"vulnerability_status:open\",\"fix_available:available\",\"cluster_name:raboot-c\",\"iam_profile:k8s/prtest02-staging-dog-raboot-c-kube-node_v2\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s\",\"asset_type:host\",\"new:true\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true\",\"site:datadoghq.com\",\"kubernetes.io/cluster/raboot-c:owned\",\"assignee:none\",\"alias:go-2024-3321\",\"assignee_id:none\",\"in_production:false\",\"cve:cve-2024-45337\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-c6a-2xlarge\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"node.datadoghq.com/flavor:standard\",\"adp_enabled:false\",\"autoscaling_group:prtest02-staging-dog-raboot-c-k8s-ng-asg-faab57746e6215c5\",\"base_score:9.1\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-c6a-2xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard\",\"team:compute-cloud-accounts\",\"public_exploit_available:true\",\"image:ami-0e7b60ad05b2da7ed\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless\",\"ng_local_storage:false\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"ng_cluster_autoscaler:true\",\"asset_id:ip-10-151-60-149.us-west-2.compute.internal-raboot-c\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system\",\"k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"instance_type:c6a.2xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/class:nodeless\",\"security-group:sg-0975ebcfe01315df0\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"epss_raw_score:0.42906\",\"nodegroup:kube-system_nodeless-amd64-d-c6a-2xlarge\",\"exposure_time_days:0\",\"score:7.0\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"package_version:v0.18.0\",\"base_severity:critical\",\"account:staging-prtest02-ember-c\",\"security-group:sg-08568810eba5fc2d8\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"aws:ec2:fleet-id:fleet-0c1e1c15-ce07-ce8f-0eb2-2982e1977208\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:372mi\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95\",\"scored:false\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64\",\"severity:high\",\"kube_node_role:compute\",\"k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-200m-v2\",\"nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64\",\"os_name:ubuntu\",\"alias:cve-2024-45337\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"region:us-west-2\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:53034256170\",\"nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller\",\"kube_cluster_name:raboot-c\",\"orch_cluster_id:76cfd63e-1d3b-4bf3-b0b0-93e1423ef6cc\",\"name:kube-system_nodeless-amd64-d-c6a-2xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false\",\"nodegroups.datadoghq.com/name:nodeless-amd64-d-c6a-2xlarge\",\"node.datadoghq.com/cgroup:v2\",\"node.datadoghq.com/version:v6-260-2\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"vuln_id:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31\",\"hash:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"cpu_arch:amd64\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"kube_node:ip-10-151-60-149.us-west-2.compute.internal\",\"kube_node_role:nodeless-amd64-d-c6a-2xlarge\",\"package_name:golang.org/x/crypto\",\"auto-discovery.cluster-autoscaler.k8s.io/raboot-c\",\"event_type:new\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"env:staging\"],\"timestamp\":1765838619159}},{\"id\":\"YTA2ODU1YjVjYWZlZWY5Y2MyMzczMTY4MDdhYjRlMWJ-ZWExMDk2NDQ2ZjM3Mjg2MzZkMzA3ZWQ5M2ZiNDdlZjM=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CGA-rqqc-qwmr-qw72\",\"CGA-vmcg-54pm-cp7r\",\"CVE-2024-27304\",\"GHSA-7jwh-3vrq-q3m8\",\"GO-2024-2606\"],\"cve\":\"CVE-2024-27304\",\"id\":\"GHSA-mrww-27vc-gghv\",\"modified_at\":1734042636000,\"published_at\":1709585004000,\"summary\":\"pgx SQL Injection via Protocol Message Size Overflow\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"727006795293\",\"cloud_provider\":\"aws\",\"display_name\":\"i-048e423259eb6256a\",\"region\":\"us-east-1\"},\"detection_changed_at\":1765838618317,\"finding_id\":\"YTA2ODU1YjVjYWZlZWY5Y2MyMzczMTY4MDdhYjRlMWJ-ZWExMDk2NDQ2ZjM3Mjg2MzZkMzA3ZWQ5M2ZiNDdlZjM=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765826319813,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0d63de838a36a5577\",\"name\":\"i-048e423259eb6256a\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"stripe\"},\"last_seen_at\":1765838618317,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/jackc/pgx/v4\"],\"name\":\"github.com/jackc/pgx/v4\",\"normalized_name\":\"github.com/jackc/pgx/v4\",\"version\":\"v4.18.1\"},\"related_services\":[\"exposed_to_attacks:false\"],\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/jackc/pgx/v4\",\"version\":\"4.18.2\"}]},\"recommended\":{\"name\":\"github.com/jackc/pgx/v4\",\"version\":\"4.18.2\"}},\"resource_id\":\"ea1096446f3728636d307ed93fb47ef3\",\"resource_name\":\"i-048e423259eb6256a\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/roaris/CVE-2024-27304-PoC\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.01391,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":7.3,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L/MAV:A\"},\"base\":{\"score\":9.3,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U\"}},\"status\":\"auto_closed\",\"title\":\"pgx SQL Injection via Protocol Message Size Overflow\",\"vulnerability\":{\"cwes\":[\"CWE-89\",\"CWE-190\"],\"hash\":\"82a26ba1ef91184df0a023d923e2542542cfd589155f06f5b4a08dae468d4b2e\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838618317,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1b\",\"kube_node_role:nodeless\",\"ecosystem:go\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge\",\"event_type:close\",\"availability-zone:us-east-1b\",\"package_version:v4.18.1\",\"source:datadog\",\"kube_node_role:nodeless-amd64-d-m6a-4xlarge\",\"k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule\",\"site:datad0g.com\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:106068512341\",\"fix_available:available\",\"fix_version:v4.18.3\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:15900m\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s\",\"asset_type:host\",\"aws:ec2launchtemplate:id:lt-0ab29ef7bcf9901c8\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true\",\"assignee:none\",\"assignee_id:none\",\"in_production:false\",\"aws_account:727006795293\",\"is_kube_cluster_experimental:false\",\"node.datadoghq.com/flavor:standard\",\"adp_enabled:false\",\"instance_type:m6a.4xlarge\",\"nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge\",\"base_score:9.3\",\"auto-discovery.cluster-autoscaler.k8s.io/stripe\",\"alias:cga-vmcg-54pm-cp7r\",\"kubernetes.io/cluster/stripe:owned\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard\",\"nodegroup:kube-system_nodeless-amd64-d-m6a-4xlarge\",\"public_exploit_available:true\",\"region:us-east-1\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless\",\"ng_local_storage:false\",\"close_count:0\",\"ng_cluster_autoscaler:true\",\"service_exposed_to_attacks:false\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system\",\"k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"alias:cve-2024-27304\",\"k8s.io/cluster-autoscaler/node-template/label/class:nodeless\",\"asset_id:i-048e423259eb6256a\",\"cve:cve-2024-27304\",\"account:staging\",\"name:kube-system_nodeless-amd64-d-m6a-4xlarge\",\"image:ami-0d63de838a36a5577\",\"vuln_id:82a26ba1ef91184df0a023d923e2542542cfd589155f06f5b4a08dae468d4b2e\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-m6a-4xlarge\",\"node.datadoghq.com/version:v6-269-0\",\"kube_cluster_name:stripe\",\"exposure_time_days:0\",\"aws:ec2:fleet-id:fleet-c5172d35-9624-6c05-2c30-812acd886a16\",\"cluster_name:stripe\",\"score:7.3\",\"role:kube-node\",\"env:staging\",\"base_severity:critical\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"security-group:sg-faa8cdb1\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95\",\"hash:82a26ba1ef91184df0a023d923e2542542cfd589155f06f5b4a08dae468d4b2e\",\"scored:false\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64\",\"alias:go-2024-2606\",\"severity:high\",\"kube_node_role:compute\",\"nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64\",\"kube_node:ip-10-131-1-21.ec2.internal\",\"os_name:ubuntu\",\"alias:ghsa-7jwh-3vrq-q3m8\",\"nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:745mi\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false\",\"security-group:sg-0a3744a5f247135d1\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:59987440026\",\"node.datadoghq.com/cgroup:v2\",\"instance-type:m6a.4xlarge\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"dd_compute_k8s_platform_version:v6-269-0\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-300m-v1\",\"autoscaling_group:us1-staging-dog-stripe-k8s-ng-asg-8a5078b204fcfc2d\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"orch_cluster_id:4c9f3702-c3bd-4d69-871b-cfa039a397df\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-300m-v1\",\"last_detected_minutes:0\",\"epss_raw_score:0.01391\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"datacenter:us1.staging.dog\",\"previous_status:open\",\"iam_profile:k8s/us1-staging-dog-stripe-kube-node_v2\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:160\",\"alias:cga-rqqc-qwmr-qw72\",\"package_name:github.com/jackc/pgx/v4\",\"kubernetes_cluster:stripe\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"env:staging\"],\"timestamp\":1765838618317}},{\"id\":\"NjUxZDEyZGRmOTI0ZmI1NTg1YzJkOTI5NzQ1ZjQ0MzJ-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-10220\",\"GO-2024-3286\"],\"cve\":\"CVE-2024-10220\",\"id\":\"GHSA-27wf-5967-98gx\",\"modified_at\":1734126344000,\"published_at\":1732311135000,\"summary\":\" Kubernetes kubelet arbitrary command execution\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"i-0287cce0c5ced7759\"},\"detection_changed_at\":1765838618125,\"finding_id\":\"NjUxZDEyZGRmOTI0ZmI1NTg1YzJkOTI5NzQ1ZjQ0MzJ-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765837776218,\"host\":{\"name\":\"i-0287cce0c5ced7759\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"stripe\"},\"last_seen_at\":1765838618125,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"k8s.io/kubernetes\"],\"name\":\"k8s.io/kubernetes\",\"normalized_name\":\"k8s.io/kubernetes\",\"version\":\"v1.30.0\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"k8s.io/kubernetes\",\"version\":\"1.30.3\"}]},\"recommended\":{\"name\":\"k8s.io/kubernetes\",\"version\":\"1.30.3\"}},\"resource_id\":\"6c7a1c87e14ed31c51524564bccc6627\",\"resource_name\":\"i-0287cce0c5ced7759\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/filipzag/CVE-2024-10220\",\"https://github.com/any2sec/cve-2024-10220\",\"https://github.com/XiaomingX/cve-2024-10220-githooks\",\"https://github.com/mrk336/CVE-2024-10220-Kubernetes-gitRepo-Volume-Vulnerability\",\"https://github.com/candranapits/poc-CVE-2024-10220\",\"https://github.com/orgC/CVE-2024-10220-demo\",\"https://github.com/mochizuki875/CVE-2024-10220-githooks\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.22805,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":7.1,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":8.6,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N\"}},\"status\":\"auto_closed\",\"title\":\" Kubernetes kubelet arbitrary command execution\",\"vulnerability\":{\"cwes\":[\"CWE-22\"],\"hash\":\"ad302a93e517fd0a5e85db047457aa1de46605d3ccd9cee8a922ffc0986903fd\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838618125,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"fix_version:v1.32.8\",\"kube_cluster_name:stripe\",\"base_score:8.6\",\"exposure_time_days:0\",\"ecosystem:go\",\"score:7.1\",\"cluster_name:stripe\",\"cve:cve-2024-10220\",\"event_type:close\",\"nodegroups.datadoghq.com/name:flink-metering-jose-jobmanager\",\"env:staging\",\"source:datadog\",\"vuln_id:ad302a93e517fd0a5e85db047457aa1de46605d3ccd9cee8a922ffc0986903fd\",\"site:datad0g.com\",\"package_version:v1.30.0\",\"fix_available:available\",\"scored:false\",\"kube_node_role:compute\",\"severity:high\",\"asset_type:host\",\"os_name:ubuntu\",\"instance_type:m5.2xlarge\",\"assignee:none\",\"alias:go-2024-3286\",\"assignee_id:none\",\"in_production:false\",\"kube_node_role:flink-metering-jose-jobmanager\",\"epss_raw_score:0.22805\",\"alias:cve-2024-10220\",\"is_kube_cluster_experimental:false\",\"hash:ad302a93e517fd0a5e85db047457aa1de46605d3ccd9cee8a922ffc0986903fd\",\"adp_enabled:false\",\"node.datadoghq.com/cgroup:v2\",\"tool:infra\",\"kube_node:ip-10-131-0-241.ec2.internal\",\"public_exploit_available:true\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"asset_id:i-0287cce0c5ced7759\",\"orch_cluster_id:4c9f3702-c3bd-4d69-871b-cfa039a397df\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"ng_cluster_autoscaler:true\",\"last_detected_minutes:0\",\"base_severity:high\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"node.datadoghq.com/version:v6-271-0\",\"datacenter:us1.staging.dog\",\"previous_status:open\",\"nodegroups.datadoghq.com/namespace:metering\",\"package_name:k8s.io/kubernetes\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838618125}},{\"id\":\"NjI4MzY3YWUxYzhjZDU0OTNlZGY2NDc5Y2Q2ZTNmOWF-ZGFmYjNkMmQ4ZjYzODRhYzM4NmFhNGZhNmNmNmM0ZDk=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CGA-rqqc-qwmr-qw72\",\"CGA-vmcg-54pm-cp7r\",\"CVE-2024-27304\",\"GHSA-7jwh-3vrq-q3m8\",\"GO-2024-2606\"],\"cve\":\"CVE-2024-27304\",\"id\":\"GHSA-mrww-27vc-gghv\",\"modified_at\":1734042636000,\"published_at\":1709585004000,\"summary\":\"pgx SQL Injection via Protocol Message Size Overflow\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"727006795293\",\"cloud_provider\":\"aws\",\"display_name\":\"i-0f1ef8599b4b41431\",\"region\":\"us-east-1\"},\"detection_changed_at\":1765838618006,\"finding_id\":\"NjI4MzY3YWUxYzhjZDU0OTNlZGY2NDc5Y2Q2ZTNmOWF-ZGFmYjNkMmQ4ZjYzODRhYzM4NmFhNGZhNmNmNmM0ZDk=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765833769555,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0d63de838a36a5577\",\"name\":\"i-0f1ef8599b4b41431\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"oddish-b\"},\"last_seen_at\":1765838618006,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/jackc/pgx\"],\"name\":\"github.com/jackc/pgx\",\"normalized_name\":\"github.com/jackc/pgx\",\"version\":\"v3.3.0+incompatible\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/jackc/pgx\",\"version\":\"4.18.2\"}]},\"recommended\":{\"name\":\"github.com/jackc/pgx\",\"version\":\"4.18.2\"}},\"resource_id\":\"dafb3d2d8f6384ac386aa4fa6cf6c4d9\",\"resource_name\":\"i-0f1ef8599b4b41431\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/roaris/CVE-2024-27304-PoC\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.01391,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8.9,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":9.3,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U\"}},\"status\":\"auto_closed\",\"title\":\"pgx SQL Injection via Protocol Message Size Overflow\",\"vulnerability\":{\"cwes\":[\"CWE-89\",\"CWE-190\"],\"hash\":\"7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838618006,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1b\",\"hash:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae\",\"kube_node_role:nodeless\",\"ecosystem:go\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge\",\"event_type:close\",\"availability-zone:us-east-1b\",\"vuln_id:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae\",\"k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-200m-v2\",\"asset_id:i-0f1ef8599b4b41431\",\"source:datadog\",\"kube_node_role:nodeless-amd64-d-m6a-4xlarge\",\"k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule\",\"site:datad0g.com\",\"aws:ec2launchtemplate:id:lt-0aa5742eec024a5e8\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:106068512341\",\"fix_available:available\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:15900m\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s\",\"asset_type:host\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true\",\"assignee:none\",\"assignee_id:none\",\"in_production:false\",\"aws_account:727006795293\",\"is_kube_cluster_experimental:false\",\"node.datadoghq.com/flavor:standard\",\"adp_enabled:false\",\"package_version:v3.3.0_incompatible\",\"instance_type:m6a.4xlarge\",\"nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge\",\"base_score:9.3\",\"kube_cluster_name:oddish-b\",\"iam_profile:k8s/us1-staging-dog-oddish-b-kube-node_v2\",\"alias:cga-vmcg-54pm-cp7r\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard\",\"nodegroup:kube-system_nodeless-amd64-d-m6a-4xlarge\",\"public_exploit_available:true\",\"autoscaling_group:us1-staging-dog-oddish-b-k8s-ng-asg-376ded054ca1c4df\",\"kubernetes.io/cluster/oddish-b:owned\",\"region:us-east-1\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless\",\"ng_local_storage:false\",\"close_count:0\",\"ng_cluster_autoscaler:true\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system\",\"k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"alias:cve-2024-27304\",\"k8s.io/cluster-autoscaler/node-template/label/class:nodeless\",\"cve:cve-2024-27304\",\"account:staging\",\"name:kube-system_nodeless-amd64-d-m6a-4xlarge\",\"image:ami-0d63de838a36a5577\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-m6a-4xlarge\",\"node.datadoghq.com/version:v6-269-0\",\"exposure_time_days:0\",\"cluster_name:oddish-b\",\"security-group:sg-0b9e1c6b4773288df\",\"orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54\",\"role:kube-node\",\"package_name:github.com/jackc/pgx\",\"env:staging\",\"base_severity:critical\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"security-group:sg-faa8cdb1\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95\",\"scored:false\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64\",\"alias:go-2024-2606\",\"severity:high\",\"kube_node_role:compute\",\"k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-200m-v2\",\"nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64\",\"os_name:ubuntu\",\"alias:ghsa-7jwh-3vrq-q3m8\",\"aws:ec2:fleet-id:fleet-7bbf19a6-a3a4-ee94-0c38-a582da17231b\",\"nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:745mi\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:59987440026\",\"node.datadoghq.com/cgroup:v2\",\"instance-type:m6a.4xlarge\",\"score:8.9\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"dd_compute_k8s_platform_version:v6-269-0\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"last_detected_minutes:0\",\"epss_raw_score:0.01391\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"kube_node:ip-10-128-39-138.ec2.internal\",\"datacenter:us1.staging.dog\",\"previous_status:open\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:160\",\"alias:cga-rqqc-qwmr-qw72\",\"kubernetes_cluster:oddish-b\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"auto-discovery.cluster-autoscaler.k8s.io/oddish-b\",\"env:staging\"],\"timestamp\":1765838618006}},{\"id\":\"YzE5MmY0MWI2OTdkN2Y5NTZiNmNiODI1ZTdiNDhlZTh-YzZlMmY1ZGIwOTU0ODIzM2MwZDFmNTdjZmZjMTdjMzQ=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-45337\",\"GO-2024-3321\"],\"cve\":\"CVE-2024-45337\",\"id\":\"GHSA-v778-237x-gjrc\",\"modified_at\":1738337443000,\"published_at\":1733954584000,\"summary\":\"Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"i-068207de5f413c29f\"},\"detection_changed_at\":1765838617916,\"finding_id\":\"YzE5MmY0MWI2OTdkN2Y5NTZiNmNiODI1ZTdiNDhlZTh-YzZlMmY1ZGIwOTU0ODIzM2MwZDFmNTdjZmZjMTdjMzQ=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765837162559,\"host\":{\"name\":\"i-068207de5f413c29f\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"oddish-b\"},\"last_seen_at\":1765838617916,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"golang.org/x/crypto\"],\"name\":\"golang.org/x/crypto\",\"normalized_name\":\"golang.org/x/crypto\",\"version\":\"v0.18.0\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"golang.org/x/crypto\",\"version\":\"0.31.0\"}]},\"recommended\":{\"name\":\"golang.org/x/crypto\",\"version\":\"0.31.0\"}},\"resource_id\":\"c6e2f5db09548233c0d1f57cffc17c34\",\"resource_name\":\"i-068207de5f413c29f\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/NHAS/CVE-2024-45337-POC\",\"https://github.com/NHAS/VULNERABLE-CVE-2024-45337\",\"https://github.com/peace-maker/CVE-2024-45337\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.42906,\"epss_severity\":\"medium\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":7,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":9.1,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\"}},\"status\":\"auto_closed\",\"title\":\"Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto\",\"vulnerability\":{\"cwes\":[\"CWE-285\"],\"hash\":\"2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838617916,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"epss_raw_score:0.42906\",\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"cluster_name:oddish-b\",\"score:7.0\",\"ecosystem:go\",\"event_type:close\",\"orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54\",\"env:staging\",\"fix_version:v0.46.0\",\"package_version:v0.18.0\",\"base_severity:critical\",\"source:datadog\",\"site:datad0g.com\",\"fix_available:available\",\"scored:false\",\"kube_node_role:compute\",\"severity:high\",\"asset_type:host\",\"os_name:ubuntu\",\"asset_id:i-068207de5f413c29f\",\"alias:cve-2024-45337\",\"assignee:none\",\"alias:go-2024-3321\",\"assignee_id:none\",\"cve:cve-2024-45337\",\"in_production:false\",\"node.datadoghq.com/flavor:nodeless-fastephemeral\",\"kube_node:ip-10-128-37-184.ec2.internal\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"node.datadoghq.com/cgroup:v2\",\"nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"kube_cluster_name:oddish-b\",\"instance_type:m6gd.8xlarge\",\"base_score:9.1\",\"vuln_id:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31\",\"hash:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31\",\"kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"public_exploit_available:true\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"vulnerability_status:auto-closed\",\"ng_cluster_autoscaler:true\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"node.datadoghq.com/version:v6-271-0\",\"datacenter:us1.staging.dog\",\"package_name:golang.org/x/crypto\",\"previous_status:open\",\"cpu_arch:arm64\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838617916}},{\"id\":\"NjlhMzIwMDBjNmVlZDNmZGFjMTUwODFmNzc3ZjA0OTl-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CGA-rqqc-qwmr-qw72\",\"CGA-vmcg-54pm-cp7r\",\"CVE-2024-27304\",\"GHSA-7jwh-3vrq-q3m8\",\"GO-2024-2606\"],\"cve\":\"CVE-2024-27304\",\"id\":\"GHSA-mrww-27vc-gghv\",\"modified_at\":1734042636000,\"published_at\":1709585004000,\"summary\":\"pgx SQL Injection via Protocol Message Size Overflow\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"i-0287cce0c5ced7759\"},\"detection_changed_at\":1765838617865,\"finding_id\":\"NjlhMzIwMDBjNmVlZDNmZGFjMTUwODFmNzc3ZjA0OTl-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765837776218,\"host\":{\"name\":\"i-0287cce0c5ced7759\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"stripe\"},\"last_seen_at\":1765838617865,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/jackc/pgx\"],\"name\":\"github.com/jackc/pgx\",\"normalized_name\":\"github.com/jackc/pgx\",\"version\":\"v3.3.0+incompatible\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/jackc/pgx\",\"version\":\"4.18.2\"}]},\"recommended\":{\"name\":\"github.com/jackc/pgx\",\"version\":\"4.18.2\"}},\"resource_id\":\"6c7a1c87e14ed31c51524564bccc6627\",\"resource_name\":\"i-0287cce0c5ced7759\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/roaris/CVE-2024-27304-PoC\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.01391,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8.9,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":9.3,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U\"}},\"status\":\"auto_closed\",\"title\":\"pgx SQL Injection via Protocol Message Size Overflow\",\"vulnerability\":{\"cwes\":[\"CWE-89\",\"CWE-190\"],\"hash\":\"7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838617865,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kube_cluster_name:stripe\",\"hash:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae\",\"exposure_time_days:0\",\"ecosystem:go\",\"cluster_name:stripe\",\"event_type:close\",\"nodegroups.datadoghq.com/name:flink-metering-jose-jobmanager\",\"vuln_id:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae\",\"package_name:github.com/jackc/pgx\",\"env:staging\",\"base_severity:critical\",\"source:datadog\",\"site:datad0g.com\",\"fix_available:available\",\"scored:false\",\"alias:go-2024-2606\",\"kube_node_role:compute\",\"severity:high\",\"asset_type:host\",\"os_name:ubuntu\",\"instance_type:m5.2xlarge\",\"assignee:none\",\"alias:ghsa-7jwh-3vrq-q3m8\",\"assignee_id:none\",\"in_production:false\",\"kube_node_role:flink-metering-jose-jobmanager\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"node.datadoghq.com/cgroup:v2\",\"package_version:v3.3.0_incompatible\",\"score:8.9\",\"tool:infra\",\"base_score:9.3\",\"kube_node:ip-10-131-0-241.ec2.internal\",\"alias:cga-vmcg-54pm-cp7r\",\"public_exploit_available:true\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"ng_local_storage:false\",\"asset_id:i-0287cce0c5ced7759\",\"close_count:0\",\"orch_cluster_id:4c9f3702-c3bd-4d69-871b-cfa039a397df\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"ng_cluster_autoscaler:true\",\"last_detected_minutes:0\",\"epss_raw_score:0.01391\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"node.datadoghq.com/version:v6-271-0\",\"datacenter:us1.staging.dog\",\"alias:cve-2024-27304\",\"previous_status:open\",\"cve:cve-2024-27304\",\"alias:cga-rqqc-qwmr-qw72\",\"nodegroups.datadoghq.com/namespace:metering\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838617865}},{\"id\":\"NTE0YWUwMWUwYjdiMTJlNTdmMjkwZGU3NjYwYzc3ZGF-MjRmYmFmY2UzNGZjNzRlZGY1NjI5M2ExZGIwNjBkZjM=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CGA-rqqc-qwmr-qw72\",\"CGA-vmcg-54pm-cp7r\",\"CVE-2024-27304\",\"GHSA-mrww-27vc-gghv\",\"GO-2024-2606\"],\"cve\":\"CVE-2024-27304\",\"id\":\"GHSA-7jwh-3vrq-q3m8\",\"modified_at\":1729574941941,\"published_at\":1709585125000,\"summary\":\"pgproto3 SQL Injection via Protocol Message Size Overflow\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"i-045e3e76dfdf37aae\"},\"detection_changed_at\":1765838617835,\"finding_id\":\"NTE0YWUwMWUwYjdiMTJlNTdmMjkwZGU3NjYwYzc3ZGF-MjRmYmFmY2UzNGZjNzRlZGY1NjI5M2ExZGIwNjBkZjM=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765837126551,\"host\":{\"name\":\"i-045e3e76dfdf37aae\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"oddish-b\"},\"last_seen_at\":1765838617835,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/jackc/pgproto3/v2\"],\"name\":\"github.com/jackc/pgproto3/v2\",\"normalized_name\":\"github.com/jackc/pgproto3/v2\",\"version\":\"v2.3.2\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/jackc/pgproto3/v2\",\"version\":\"2.3.3\"}]},\"recommended\":{\"name\":\"github.com/jackc/pgproto3/v2\",\"version\":\"2.3.3\"}},\"resource_id\":\"24fbafce34fc74edf56293a1db060df3\",\"resource_name\":\"i-045e3e76dfdf37aae\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/roaris/CVE-2024-27304-PoC\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.01391,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8.9,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":9.3,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U\"}},\"status\":\"auto_closed\",\"title\":\"pgproto3 SQL Injection via Protocol Message Size Overflow\",\"vulnerability\":{\"cwes\":[\"CWE-89\",\"CWE-190\"],\"hash\":\"f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838617835,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"fix_version:v2.3.4-0.20250125160525-bc041643406d\",\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"cluster_name:oddish-b\",\"ecosystem:go\",\"event_type:close\",\"orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54\",\"env:staging\",\"base_severity:critical\",\"source:datadog\",\"site:datad0g.com\",\"fix_available:available\",\"scored:false\",\"alias:go-2024-2606\",\"kube_node_role:compute\",\"severity:high\",\"asset_type:host\",\"os_name:ubuntu\",\"assignee:none\",\"assignee_id:none\",\"in_production:false\",\"node.datadoghq.com/flavor:nodeless-fastephemeral\",\"hash:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"node.datadoghq.com/cgroup:v2\",\"nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"score:8.9\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"base_score:9.3\",\"kube_cluster_name:oddish-b\",\"instance_type:m6gd.8xlarge\",\"package_version:v2.3.2\",\"alias:ghsa-mrww-27vc-gghv\",\"alias:cga-vmcg-54pm-cp7r\",\"kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"public_exploit_available:true\",\"dd_rule_type:not-empty\",\"vuln_id:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"vulnerability_status:auto-closed\",\"ng_cluster_autoscaler:true\",\"last_detected_minutes:0\",\"epss_raw_score:0.01391\",\"asset_id:i-045e3e76dfdf37aae\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"node.datadoghq.com/version:v6-271-0\",\"kube_node:ip-10-128-37-96.ec2.internal\",\"datacenter:us1.staging.dog\",\"alias:cve-2024-27304\",\"previous_status:open\",\"package_name:github.com/jackc/pgproto3/v2\",\"cve:cve-2024-27304\",\"alias:cga-rqqc-qwmr-qw72\",\"cpu_arch:arm64\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838617835}},{\"id\":\"ZjQ1YzE1NWQ5ODQ4NDk4ZmRjZTgyNTA1MzllZDY4OGV-N2YyZDlhNmRkMTE4NWYzODAyYTllZGFjMTczOTAzMTI=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-41110\",\"GO-2024-3005\"],\"cve\":\"CVE-2024-41110\",\"id\":\"GHSA-v23v-6jw2-98fq\",\"modified_at\":1723230467000,\"published_at\":1722334737000,\"summary\":\"Authz zero length regression\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"727006795293\",\"cloud_provider\":\"aws\",\"display_name\":\"i-0e04298f4842968e8\",\"region\":\"us-east-1\"},\"detection_changed_at\":1765838617779,\"finding_id\":\"ZjQ1YzE1NWQ5ODQ4NDk4ZmRjZTgyNTA1MzllZDY4OGV-N2YyZDlhNmRkMTE4NWYzODAyYTllZGFjMTczOTAzMTI=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765835798278,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0a8a2ad2689e7c22d\",\"name\":\"i-0e04298f4842968e8\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"oddish-b\"},\"last_seen_at\":1765838617779,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/docker/docker\"],\"name\":\"github.com/docker/docker\",\"normalized_name\":\"github.com/docker/docker\",\"version\":\"v26.0.1+incompatible\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/docker/docker\",\"version\":\"26.1.5\"}]},\"recommended\":{\"name\":\"github.com/docker/docker\",\"version\":\"26.1.5\"}},\"resource_id\":\"7f2d9a6dd1185f3802a9edac17390312\",\"resource_name\":\"i-0e04298f4842968e8\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/PauloParoPP/CVE-2024-41110-SCAN\",\"https://github.com/vvpoglazov/cve-2024-41110-checker\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.03074,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8.8,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":9.4,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\"}},\"status\":\"auto_closed\",\"title\":\"Authz zero length regression\",\"vulnerability\":{\"cwes\":[\"CWE-187\"],\"hash\":\"a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838617779,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1b\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"kube_node_role:nodeless\",\"ecosystem:go\",\"event_type:close\",\"availability-zone:us-east-1b\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"aws:ec2:fleet-id:fleet-d13f3304-a906-e61e-2c12-a78868beb555\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:186mi\",\"autoscaling_group:us1-staging-dog-oddish-b-k8s-ng-asg-25eaecca332303a0\",\"source:datadog\",\"k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule\",\"site:datad0g.com\",\"fix_available:available\",\"epss_raw_score:0.03074\",\"package_name:github.com/docker/docker\",\"asset_type:host\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-localstorage-amd64-m6id-xlarge\",\"nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-localstorage-amd64\",\"dd_compute_k8s_platform_version:v6-271-0\",\"nodegroup:kube-system_nodeless-localstorage-amd64-m6id-xlarge\",\"assignee:none\",\"vuln_id:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f\",\"assignee_id:none\",\"in_production:false\",\"aws_account:727006795293\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"kube_cluster_name:oddish-b\",\"base_score:9.4\",\"iam_profile:k8s/us1-staging-dog-oddish-b-kube-node_v2\",\"public_exploit_available:true\",\"kubernetes.io/cluster/oddish-b:owned\",\"region:us-east-1\",\"fix_version:v299999999.0.0-20200612211812-aaf470eca7b5_incompatible\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:236991611392\",\"ng_cluster_autoscaler:true\",\"k8s.io/cluster-autoscaler/node-template/label/nodeless-localstorage.datadoghq.com/instance-type:m6id.xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system\",\"name:kube-system_nodeless-localstorage-amd64-m6id-xlarge\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-localstorage-amd64-m6id-xlarge\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:13567106253\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"nodegroups.datadoghq.com/name:nodeless-localstorage-amd64-m6id-xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/class:nodeless\",\"account:staging\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:nodeless-localstorage\",\"k8s.io/cluster-autoscaler/node-template/taint/flavor:nodeless-localstorage:noschedule\",\"package_version:v26.0.1_incompatible\",\"exposure_time_days:0\",\"cluster_name:oddish-b\",\"security-group:sg-0b9e1c6b4773288df\",\"orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54\",\"role:kube-node\",\"env:staging\",\"instance_type:m6id.xlarge\",\"image:ami-0a8a2ad2689e7c22d\",\"base_severity:critical\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"asset_id:i-0e04298f4842968e8\",\"security-group:sg-faa8cdb1\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95\",\"scored:false\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:3900m\",\"severity:high\",\"kube_node_role:compute\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:40\",\"os_name:ubuntu\",\"node.datadoghq.com/flavor:nodeless-localstorage\",\"ng_local_storage:true\",\"alias:go-2024-3005\",\"nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller\",\"instance-type:m6id.xlarge\",\"node.datadoghq.com/cgroup:v2\",\"score:8.8\",\"kube_node:ip-10-128-71-26.ec2.internal\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"aws:ec2launchtemplate:id:lt-0ae5c167d7a085e7b\",\"k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64_flavor-nodeless-localstorage\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"last_detected_minutes:0\",\"kube_node_role:nodeless-localstorage-amd64-m6id-xlarge\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"hash:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f\",\"node.datadoghq.com/version:v6-271-0\",\"alias:cve-2024-41110\",\"datacenter:us1.staging.dog\",\"previous_status:open\",\"kubernetes_cluster:oddish-b\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"auto-discovery.cluster-autoscaler.k8s.io/oddish-b\",\"cve:cve-2024-41110\",\"env:staging\"],\"timestamp\":1765838617779}},{\"id\":\"OWZkNjcxMTNmY2M3ZGJkMTNiNWIxMjcyZDdjZGJjYTJ-ZDM3YTBhMTAxZjFjZjc4OGNlYmE5ODNkNzQwMWI2M2E=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CGA-rqqc-qwmr-qw72\",\"CGA-vmcg-54pm-cp7r\",\"CVE-2024-27304\",\"GHSA-mrww-27vc-gghv\",\"GO-2024-2606\"],\"cve\":\"CVE-2024-27304\",\"id\":\"GHSA-7jwh-3vrq-q3m8\",\"modified_at\":1729574941941,\"published_at\":1709585125000,\"summary\":\"pgproto3 SQL Injection via Protocol Message Size Overflow\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"i-0ef9daf3d9bd9c136\"},\"detection_changed_at\":1765838617692,\"finding_id\":\"OWZkNjcxMTNmY2M3ZGJkMTNiNWIxMjcyZDdjZGJjYTJ-ZDM3YTBhMTAxZjFjZjc4OGNlYmE5ODNkNzQwMWI2M2E=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765836977473,\"host\":{\"name\":\"i-0ef9daf3d9bd9c136\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"oddish-b\"},\"last_seen_at\":1765838617692,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/jackc/pgproto3/v2\"],\"name\":\"github.com/jackc/pgproto3/v2\",\"normalized_name\":\"github.com/jackc/pgproto3/v2\",\"version\":\"v2.3.2\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/jackc/pgproto3/v2\",\"version\":\"2.3.3\"}]},\"recommended\":{\"name\":\"github.com/jackc/pgproto3/v2\",\"version\":\"2.3.3\"}},\"resource_id\":\"d37a0a101f1cf788ceba983d7401b63a\",\"resource_name\":\"i-0ef9daf3d9bd9c136\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/roaris/CVE-2024-27304-PoC\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.01391,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8.9,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":9.3,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U\"}},\"status\":\"auto_closed\",\"title\":\"pgproto3 SQL Injection via Protocol Message Size Overflow\",\"vulnerability\":{\"cwes\":[\"CWE-89\",\"CWE-190\"],\"hash\":\"f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838617692,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"fix_version:v2.3.4-0.20250125160525-bc041643406d\",\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"cluster_name:oddish-b\",\"ecosystem:go\",\"event_type:close\",\"orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54\",\"env:staging\",\"base_severity:critical\",\"kube_node:ip-10-128-69-249.ec2.internal\",\"source:datadog\",\"site:datad0g.com\",\"fix_available:available\",\"scored:false\",\"alias:go-2024-2606\",\"kube_node_role:compute\",\"severity:high\",\"asset_type:host\",\"os_name:ubuntu\",\"assignee:none\",\"asset_id:i-0ef9daf3d9bd9c136\",\"assignee_id:none\",\"in_production:false\",\"node.datadoghq.com/flavor:nodeless-fastephemeral\",\"hash:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"node.datadoghq.com/cgroup:v2\",\"nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"score:8.9\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"base_score:9.3\",\"kube_cluster_name:oddish-b\",\"instance_type:m6gd.8xlarge\",\"package_version:v2.3.2\",\"alias:ghsa-mrww-27vc-gghv\",\"alias:cga-vmcg-54pm-cp7r\",\"kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"public_exploit_available:true\",\"dd_rule_type:not-empty\",\"vuln_id:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"vulnerability_status:auto-closed\",\"ng_cluster_autoscaler:true\",\"last_detected_minutes:0\",\"epss_raw_score:0.01391\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"node.datadoghq.com/version:v6-271-0\",\"datacenter:us1.staging.dog\",\"alias:cve-2024-27304\",\"previous_status:open\",\"package_name:github.com/jackc/pgproto3/v2\",\"cve:cve-2024-27304\",\"alias:cga-rqqc-qwmr-qw72\",\"cpu_arch:arm64\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838617692}},{\"id\":\"MjU5YjI1MWNiNzU4YzgxMmFkODFjZTIwMWUxNjc4ZWN-ZjA5ZTUwMDgzNWU3ZGVhYzBjOTJjYzU2NmU2NzMyNDQ=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-41110\",\"GO-2024-3005\"],\"cve\":\"CVE-2024-41110\",\"id\":\"GHSA-v23v-6jw2-98fq\",\"modified_at\":1723230467000,\"published_at\":1722334737000,\"summary\":\"Authz zero length regression\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"i-0e88c4cb2030f0900\"},\"detection_changed_at\":1765838617584,\"finding_id\":\"MjU5YjI1MWNiNzU4YzgxMmFkODFjZTIwMWUxNjc4ZWN-ZjA5ZTUwMDgzNWU3ZGVhYzBjOTJjYzU2NmU2NzMyNDQ=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765836323780,\"host\":{\"name\":\"i-0e88c4cb2030f0900\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"oddish-b\"},\"last_seen_at\":1765838617584,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/docker/docker\"],\"name\":\"github.com/docker/docker\",\"normalized_name\":\"github.com/docker/docker\",\"version\":\"v26.0.1+incompatible\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/docker/docker\",\"version\":\"26.1.5\"}]},\"recommended\":{\"name\":\"github.com/docker/docker\",\"version\":\"26.1.5\"}},\"resource_id\":\"f09e500835e7deac0c92cc566e673244\",\"resource_name\":\"i-0e88c4cb2030f0900\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/PauloParoPP/CVE-2024-41110-SCAN\",\"https://github.com/vvpoglazov/cve-2024-41110-checker\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.03074,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8.8,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":9.4,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\"}},\"status\":\"auto_closed\",\"title\":\"Authz zero length regression\",\"vulnerability\":{\"cwes\":[\"CWE-187\"],\"hash\":\"a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838617584,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"exposure_time_days:0\",\"package_version:v26.0.1_incompatible\",\"kube_node_role:nodeless\",\"cluster_name:oddish-b\",\"ecosystem:go\",\"event_type:close\",\"orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54\",\"env:staging\",\"base_severity:critical\",\"source:datadog\",\"site:datad0g.com\",\"fix_available:available\",\"epss_raw_score:0.03074\",\"scored:false\",\"kube_node_role:compute\",\"severity:high\",\"package_name:github.com/docker/docker\",\"asset_type:host\",\"os_name:ubuntu\",\"assignee:none\",\"vuln_id:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f\",\"assignee_id:none\",\"in_production:false\",\"alias:go-2024-3005\",\"node.datadoghq.com/flavor:nodeless-fastephemeral\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"node.datadoghq.com/cgroup:v2\",\"score:8.8\",\"nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"asset_id:i-0e88c4cb2030f0900\",\"kube_cluster_name:oddish-b\",\"base_score:9.4\",\"instance_type:m6gd.8xlarge\",\"kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"public_exploit_available:true\",\"dd_rule_type:not-empty\",\"fix_version:v299999999.0.0-20200612211812-aaf470eca7b5_incompatible\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"vulnerability_status:auto-closed\",\"ng_cluster_autoscaler:true\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"hash:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f\",\"kube_node:ip-10-128-69-26.ec2.internal\",\"node.datadoghq.com/version:v6-271-0\",\"alias:cve-2024-41110\",\"datacenter:us1.staging.dog\",\"previous_status:open\",\"cpu_arch:arm64\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"cve:cve-2024-41110\",\"env:staging\"],\"timestamp\":1765838617584}}],\"meta\":{\"elapsed\":1369,\"page\":{\"after\":\"eyJhZnRlciI6IkF3QUFBWnNrTHZ2d2NDUnlSQUFBQUJoQlduTnJUSFoyZDBGQlFsSkxaV05HYVMxcGNVbDNSV2tBQUFBa1pERTVZakkwTW1ZdE1ESXpOQzAwT0RaaUxUZ3hNbVl0T1RGaFlUZ3lOemcyTkRRMkFBQURjQSIsInZhbHVlcyI6WzE3NjU4Mzg2MTc1ODQsIjIwMjUtMTItMTVUMjI6NDM6MzcuNTg0WiIsMTg4MTQzNjc0MF19\"},\"request_id\":\"pddv1ChZNOVExUVJTblR5Q3JvSmtydGt3ck9BIi0KHZfc9G79MgJZpw5AiBM4qDleF_HVmgTTjgrQEVbBEgxR6Pf9JbnOhfIiPxQ\",\"status\":\"done\"},\"links\":{\"next\":\"/api/v2/security/findings?filter%5Bquery%5D=%40severity%3Acritical+OR+%40severity%3Ahigh\\u0026page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrTHZ2d2NDUnlSQUFBQUJoQlduTnJUSFoyZDBGQlFsSkxaV05HYVMxcGNVbDNSV2tBQUFBa1pERTVZakkwTW1ZdE1ESXpOQzAwT0RaaUxUZ3hNbVl0T1RGaFlUZ3lOemcyTkRRMkFBQURjQSIsInZhbHVlcyI6WzE3NjU4Mzg2MTc1ODQsIjIwMjUtMTItMTVUMjI6NDM6MzcuNTg0WiIsMTg4MTQzNjc0MF19\\u0026page%5Blimit%5D=10\\u0026sort=-%40detection_changed_at\"}}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/vnd.api+json" + } + ], + "headersSize": 682, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2025-12-15T22:43:55.555Z", + "time": 1488 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index b3955e02b342..7434addb83f1 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -1321,6 +1321,32 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: List security findings returns "Bad Request" response + Given operation "ListSecurityFindings" enabled + And new "ListSecurityFindings" request + And request contains "page[cursor]" parameter with value "invalid_cursor" + When the request is sent + Then the response status is 400 Bad Request + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: List security findings returns "OK" response + Given operation "ListSecurityFindings" enabled + And new "ListSecurityFindings" request + When the request is sent + Then the response status is 200 OK + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: List security findings returns "OK" response with pagination + Given operation "ListSecurityFindings" enabled + And new "ListSecurityFindings" request + And request contains "page[limit]" parameter with value 5 + When the request is sent + Then the response status is 200 OK + And the response "data" has length 5 + And the response "meta.page" has field "after" + And the response "links" has field "next" + @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: List threat hunting jobs returns "Bad Request" response Given operation "ListThreatHuntingJobs" enabled @@ -1574,6 +1600,33 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: Search security findings returns "Bad Request" response + Given operation "SearchSecurityFindings" enabled + And new "SearchSecurityFindings" request + And body with value {"page": {"cursor": "invalid_cursor"}} + When the request is sent + Then the response status is 400 Bad Request + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: Search security findings returns "OK" response + Given operation "SearchSecurityFindings" enabled + And new "SearchSecurityFindings" request + And body with value {"data": {"attributes": {"filter": "@severity:(critical OR high)"}}} + When the request is sent + Then the response status is 200 OK + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform @with-pagination + Scenario: Search security findings returns "OK" response with pagination + Given operation "SearchSecurityFindings" enabled + And new "SearchSecurityFindings" request + And body with value {"data": {"attributes": {"filter": "@severity:(critical OR high)", "page": {"limit": 1}}}} + When the request is sent + Then the response status is 200 OK + And the response "data" has length 1 + And the response "meta.page" has field "after" + And the response "links" has field "next" + @skip @team:DataDog/k9-cloud-security-platform Scenario: Test a rule returns "Bad Request" response Given new "TestSecurityMonitoringRule" request diff --git a/features/v2/undo.json b/features/v2/undo.json index e0f0b98d0c96..6aaa0f3d9764 100644 --- a/features/v2/undo.json +++ b/features/v2/undo.json @@ -3732,6 +3732,12 @@ "type": "safe" } }, + "ListSecurityFindings": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "DetachCase": { "tag": "Security Monitoring", "undo": { @@ -3776,6 +3782,12 @@ "type": "unsafe" } }, + "SearchSecurityFindings": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "ListAssetsSBOMs": { "tag": "Security Monitoring", "undo": { diff --git a/private/bdd_runner/src/support/scenarios_model_mapping.ts b/private/bdd_runner/src/support/scenarios_model_mapping.ts index b16e19bf9cca..9b2cd8394013 100644 --- a/private/bdd_runner/src/support/scenarios_model_mapping.ts +++ b/private/bdd_runner/src/support/scenarios_model_mapping.ts @@ -3919,6 +3919,25 @@ export const ScenariosModelMappings: { [key: string]: OperationMapping } = { }, operationResponseType: "GetFindingResponse", }, + "SecurityMonitoringApi.V2.ListSecurityFindings": { + filterQuery: { + type: "string", + format: "", + }, + pageCursor: { + type: "string", + format: "", + }, + pageLimit: { + type: "number", + format: "int64", + }, + sort: { + type: "SecurityFindingsSort", + format: "", + }, + operationResponseType: "ListSecurityFindingsResponse", + }, "SecurityMonitoringApi.V2.CreateCases": { body: { type: "CreateCaseRequestArray", @@ -3958,6 +3977,13 @@ export const ScenariosModelMappings: { [key: string]: OperationMapping } = { }, operationResponseType: "FindingCaseResponse", }, + "SecurityMonitoringApi.V2.SearchSecurityFindings": { + body: { + type: "SecurityFindingsSearchRequest", + format: "", + }, + operationResponseType: "ListSecurityFindingsResponse", + }, "SecurityMonitoringApi.V2.ListAssetsSBOMs": { pageToken: { type: "string", diff --git a/services/security_monitoring/src/v2/SecurityMonitoringApi.ts b/services/security_monitoring/src/v2/SecurityMonitoringApi.ts index 721aab98eed2..78990fc9cce5 100644 --- a/services/security_monitoring/src/v2/SecurityMonitoringApi.ts +++ b/services/security_monitoring/src/v2/SecurityMonitoringApi.ts @@ -55,6 +55,7 @@ import { JobCreateResponse } from "./models/JobCreateResponse"; import { JSONAPIErrorResponse } from "./models/JSONAPIErrorResponse"; import { ListAssetsSBOMsResponse } from "./models/ListAssetsSBOMsResponse"; import { ListFindingsResponse } from "./models/ListFindingsResponse"; +import { ListSecurityFindingsResponse } from "./models/ListSecurityFindingsResponse"; import { ListThreatHuntingJobsResponse } from "./models/ListThreatHuntingJobsResponse"; import { ListVulnerabilitiesResponse } from "./models/ListVulnerabilitiesResponse"; import { ListVulnerableAssetsResponse } from "./models/ListVulnerableAssetsResponse"; @@ -70,6 +71,12 @@ import { SecurityFilterCreateRequest } from "./models/SecurityFilterCreateReques import { SecurityFilterResponse } from "./models/SecurityFilterResponse"; import { SecurityFiltersResponse } from "./models/SecurityFiltersResponse"; import { SecurityFilterUpdateRequest } from "./models/SecurityFilterUpdateRequest"; +import { SecurityFindingsData } from "./models/SecurityFindingsData"; +import { SecurityFindingsSearchRequest } from "./models/SecurityFindingsSearchRequest"; +import { SecurityFindingsSearchRequestData } from "./models/SecurityFindingsSearchRequestData"; +import { SecurityFindingsSearchRequestDataAttributes } from "./models/SecurityFindingsSearchRequestDataAttributes"; +import { SecurityFindingsSearchRequestPage } from "./models/SecurityFindingsSearchRequestPage"; +import { SecurityFindingsSort } from "./models/SecurityFindingsSort"; import { SecurityMonitoringListRulesResponse } from "./models/SecurityMonitoringListRulesResponse"; import { SecurityMonitoringRuleConvertPayload } from "./models/SecurityMonitoringRuleConvertPayload"; import { SecurityMonitoringRuleConvertResponse } from "./models/SecurityMonitoringRuleConvertResponse"; @@ -3041,6 +3048,86 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { return requestContext; } + public async listSecurityFindings( + filterQuery?: string, + pageCursor?: string, + pageLimit?: number, + sort?: SecurityFindingsSort, + _options?: Configuration, + ): Promise { + const _config = _options || this.configuration; + + if ( + !_config.unstableOperations[ + "SecurityMonitoringApi.v2.listSecurityFindings" + ] + ) { + throw new Error( + "Unstable operation 'listSecurityFindings' is disabled. Enable it by setting `configuration.unstableOperations['SecurityMonitoringApi.v2.listSecurityFindings'] = true`", + ); + } + + // Path Params + const localVarPath = "/api/v2/security/findings"; + + // Make Request Context + const { server, overrides } = _config.getServerAndOverrides( + "SecurityMonitoringApi.v2.listSecurityFindings", + SecurityMonitoringApi.operationServers, + ); + const requestContext = server.makeRequestContext( + localVarPath, + HttpMethod.GET, + overrides, + ); + requestContext.setHeaderParam("Accept", "application/json"); + requestContext.setHttpConfig(_config.httpConfig); + + // Set User-Agent + if (this.userAgent) { + requestContext.setHeaderParam("User-Agent", this.userAgent); + } + + // Query Params + if (filterQuery !== undefined) { + requestContext.setQueryParam( + "filter[query]", + serialize(filterQuery, TypingInfo, "string", ""), + "", + ); + } + if (pageCursor !== undefined) { + requestContext.setQueryParam( + "page[cursor]", + serialize(pageCursor, TypingInfo, "string", ""), + "", + ); + } + if (pageLimit !== undefined) { + requestContext.setQueryParam( + "page[limit]", + serialize(pageLimit, TypingInfo, "number", "int64"), + "", + ); + } + if (sort !== undefined) { + requestContext.setQueryParam( + "sort", + serialize(sort, TypingInfo, "SecurityFindingsSort", ""), + "", + ); + } + + // Apply auth methods + applySecurityAuthentication(_config, requestContext, [ + "apiKeyAuth", + "appKeyAuth", + "AuthZ", + ]); + + return requestContext; + } + public async listSecurityMonitoringHistsignals( filterQuery?: string, filterFrom?: Date, @@ -4256,6 +4343,67 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { return requestContext; } + public async searchSecurityFindings( + body: SecurityFindingsSearchRequest, + _options?: Configuration, + ): Promise { + const _config = _options || this.configuration; + + if ( + !_config.unstableOperations[ + "SecurityMonitoringApi.v2.searchSecurityFindings" + ] + ) { + throw new Error( + "Unstable operation 'searchSecurityFindings' is disabled. Enable it by setting `configuration.unstableOperations['SecurityMonitoringApi.v2.searchSecurityFindings'] = true`", + ); + } + + // verify required parameter 'body' is not null or undefined + if (body === null || body === undefined) { + throw new RequiredError("body", "searchSecurityFindings"); + } + + // Path Params + const localVarPath = "/api/v2/security/findings/search"; + + // Make Request Context + const { server, overrides } = _config.getServerAndOverrides( + "SecurityMonitoringApi.v2.searchSecurityFindings", + SecurityMonitoringApi.operationServers, + ); + const requestContext = server.makeRequestContext( + localVarPath, + HttpMethod.POST, + overrides, + ); + requestContext.setHeaderParam("Accept", "application/json"); + requestContext.setHttpConfig(_config.httpConfig); + + // Set User-Agent + if (this.userAgent) { + requestContext.setHeaderParam("User-Agent", this.userAgent); + } + + // Body Params + const contentType = getPreferredMediaType(["application/json"]); + requestContext.setHeaderParam("Content-Type", contentType); + const serializedBody = stringify( + serialize(body, TypingInfo, "SecurityFindingsSearchRequest", ""), + contentType, + ); + requestContext.setBody(serializedBody); + + // Apply auth methods + applySecurityAuthentication(_config, requestContext, [ + "apiKeyAuth", + "appKeyAuth", + "AuthZ", + ]); + + return requestContext; + } + public async searchSecurityMonitoringHistsignals( body?: SecurityMonitoringSignalListRequest, _options?: Configuration, @@ -7848,6 +7996,66 @@ export class SecurityMonitoringApiResponseProcessor { ); } + /** + * Unwraps the actual response sent by the server from the response context and deserializes the response content + * to the expected objects + * + * @params response Response returned by the server for a request to listSecurityFindings + * @throws ApiException if the response code was not in [200, 299] + */ + public async listSecurityFindings( + response: ResponseContext, + ): Promise { + const contentType = normalizeMediaType(response.headers["content-type"]); + if (response.httpStatusCode === 200) { + const body: ListSecurityFindingsResponse = deserialize( + parse(await response.body.text(), contentType), + TypingInfo, + "ListSecurityFindingsResponse", + ) as ListSecurityFindingsResponse; + return body; + } + if ( + response.httpStatusCode === 400 || + response.httpStatusCode === 403 || + response.httpStatusCode === 429 + ) { + const bodyText = parse(await response.body.text(), contentType); + let body: APIErrorResponse; + try { + body = deserialize( + bodyText, + TypingInfo, + "APIErrorResponse", + ) as APIErrorResponse; + } catch (error) { + logger.debug(`Got error deserializing error: ${error}`); + throw new ApiException( + response.httpStatusCode, + bodyText, + ); + } + throw new ApiException(response.httpStatusCode, body); + } + + // Work around for missing responses in specification, e.g. for petstore.yaml + if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) { + const body: ListSecurityFindingsResponse = deserialize( + parse(await response.body.text(), contentType), + TypingInfo, + "ListSecurityFindingsResponse", + "", + ) as ListSecurityFindingsResponse; + return body; + } + + const body = (await response.body.text()) || ""; + throw new ApiException( + response.httpStatusCode, + 'Unknown API Status Code!\nBody: "' + body + '"', + ); + } + /** * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects @@ -8594,6 +8802,66 @@ export class SecurityMonitoringApiResponseProcessor { ); } + /** + * Unwraps the actual response sent by the server from the response context and deserializes the response content + * to the expected objects + * + * @params response Response returned by the server for a request to searchSecurityFindings + * @throws ApiException if the response code was not in [200, 299] + */ + public async searchSecurityFindings( + response: ResponseContext, + ): Promise { + const contentType = normalizeMediaType(response.headers["content-type"]); + if (response.httpStatusCode === 200) { + const body: ListSecurityFindingsResponse = deserialize( + parse(await response.body.text(), contentType), + TypingInfo, + "ListSecurityFindingsResponse", + ) as ListSecurityFindingsResponse; + return body; + } + if ( + response.httpStatusCode === 400 || + response.httpStatusCode === 403 || + response.httpStatusCode === 429 + ) { + const bodyText = parse(await response.body.text(), contentType); + let body: APIErrorResponse; + try { + body = deserialize( + bodyText, + TypingInfo, + "APIErrorResponse", + ) as APIErrorResponse; + } catch (error) { + logger.debug(`Got error deserializing error: ${error}`); + throw new ApiException( + response.httpStatusCode, + bodyText, + ); + } + throw new ApiException(response.httpStatusCode, body); + } + + // Work around for missing responses in specification, e.g. for petstore.yaml + if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) { + const body: ListSecurityFindingsResponse = deserialize( + parse(await response.body.text(), contentType), + TypingInfo, + "ListSecurityFindingsResponse", + "", + ) as ListSecurityFindingsResponse; + return body; + } + + const body = (await response.body.text()) || ""; + throw new ApiException( + response.httpStatusCode, + 'Unknown API Status Code!\nBody: "' + body + '"', + ); + } + /** * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects @@ -9843,6 +10111,29 @@ export interface SecurityMonitoringApiListScannedAssetsMetadataRequest { filterLastSuccessEnv?: string; } +export interface SecurityMonitoringApiListSecurityFindingsRequest { + /** + * The search query following log search syntax. + * @type string + */ + filterQuery?: string; + /** + * Get the next page of results with a cursor provided in the previous query. + * @type string + */ + pageCursor?: string; + /** + * The maximum number of findings in the response. + * @type number + */ + pageLimit?: number; + /** + * Sorts by @detection_changed_at. + * @type SecurityFindingsSort + */ + sort?: SecurityFindingsSort; +} + export interface SecurityMonitoringApiListSecurityMonitoringHistsignalsRequest { /** * The search query for security signals. @@ -10307,6 +10598,13 @@ export interface SecurityMonitoringApiRunThreatHuntingJobRequest { body: RunThreatHuntingJobRequest; } +export interface SecurityMonitoringApiSearchSecurityFindingsRequest { + /** + * @type SecurityFindingsSearchRequest + */ + body: SecurityFindingsSearchRequest; +} + export interface SecurityMonitoringApiSearchSecurityMonitoringHistsignalsRequest { /** * @type SecurityMonitoringSignalListRequest @@ -11761,6 +12059,93 @@ export class SecurityMonitoringApi { }); } + /** + * Get a list of security findings that match a search query. + * + * This endpoint requires one of the following permissions: + * - `security_monitoring_findings_read` + * - `appsec_vm_read` + * + * ### Query Syntax + * + * This endpoint uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix. + * + * Example: `@severity:(critical OR high) @status:open team:platform` + * @param param The request object + */ + public listSecurityFindings( + param: SecurityMonitoringApiListSecurityFindingsRequest = {}, + options?: Configuration, + ): Promise { + const requestContextPromise = this.requestFactory.listSecurityFindings( + param.filterQuery, + param.pageCursor, + param.pageLimit, + param.sort, + options, + ); + return requestContextPromise.then((requestContext) => { + return this.configuration.httpApi + .send(requestContext) + .then((responseContext) => { + return this.responseProcessor.listSecurityFindings(responseContext); + }); + }); + } + + /** + * Provide a paginated version of listSecurityFindings returning a generator with all the items. + */ + public async *listSecurityFindingsWithPagination( + param: SecurityMonitoringApiListSecurityFindingsRequest = {}, + options?: Configuration, + ): AsyncGenerator { + let pageSize = 10; + if (param.pageLimit !== undefined) { + pageSize = param.pageLimit; + } + param.pageLimit = pageSize; + while (true) { + const requestContext = await this.requestFactory.listSecurityFindings( + param.filterQuery, + param.pageCursor, + param.pageLimit, + param.sort, + options, + ); + const responseContext = + await this.configuration.httpApi.send(requestContext); + + const response = + await this.responseProcessor.listSecurityFindings(responseContext); + const responseData = response.data; + if (responseData === undefined) { + break; + } + const results = responseData; + for (const item of results) { + yield item; + } + if (results.length < pageSize) { + break; + } + const cursorMeta = response.meta; + if (cursorMeta === undefined) { + break; + } + const cursorMetaPage = cursorMeta.page; + if (cursorMetaPage === undefined) { + break; + } + const cursorMetaPageAfter = cursorMetaPage.after; + if (cursorMetaPageAfter === undefined) { + break; + } + + param.pageCursor = cursorMetaPageAfter; + } + } + /** * List hist signals. * @param param The request object @@ -12244,6 +12629,98 @@ export class SecurityMonitoringApi { }); } + /** + * Get a list of security findings that match a search query. + * + * This endpoint requires one of the following permissions: + * - `security_monitoring_findings_read` + * - `appsec_vm_read` + * + * ### Query Syntax + * + * The API uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix. + * + * Example: `@severity:(critical OR high) @status:open team:platform` + * @param param The request object + */ + public searchSecurityFindings( + param: SecurityMonitoringApiSearchSecurityFindingsRequest, + options?: Configuration, + ): Promise { + const requestContextPromise = this.requestFactory.searchSecurityFindings( + param.body, + options, + ); + return requestContextPromise.then((requestContext) => { + return this.configuration.httpApi + .send(requestContext) + .then((responseContext) => { + return this.responseProcessor.searchSecurityFindings(responseContext); + }); + }); + } + + /** + * Provide a paginated version of searchSecurityFindings returning a generator with all the items. + */ + public async *searchSecurityFindingsWithPagination( + param: SecurityMonitoringApiSearchSecurityFindingsRequest, + options?: Configuration, + ): AsyncGenerator { + let pageSize = 10; + if (param.body.data === undefined) { + param.body.data = new SecurityFindingsSearchRequestData(); + } + if (param.body.data.attributes === undefined) { + param.body.data.attributes = + new SecurityFindingsSearchRequestDataAttributes(); + } + if (param.body.data.attributes.page === undefined) { + param.body.data.attributes.page = new SecurityFindingsSearchRequestPage(); + } + if (param.body.data.attributes.page.limit === undefined) { + param.body.data.attributes.page.limit = pageSize; + } else { + pageSize = param.body.data.attributes.page.limit; + } + while (true) { + const requestContext = await this.requestFactory.searchSecurityFindings( + param.body, + options, + ); + const responseContext = + await this.configuration.httpApi.send(requestContext); + + const response = + await this.responseProcessor.searchSecurityFindings(responseContext); + const responseData = response.data; + if (responseData === undefined) { + break; + } + const results = responseData; + for (const item of results) { + yield item; + } + if (results.length < pageSize) { + break; + } + const cursorMeta = response.meta; + if (cursorMeta === undefined) { + break; + } + const cursorMetaPage = cursorMeta.page; + if (cursorMetaPage === undefined) { + break; + } + const cursorMetaPageAfter = cursorMetaPage.after; + if (cursorMetaPageAfter === undefined) { + break; + } + + param.body.data.attributes.page.cursor = cursorMetaPageAfter; + } + } + /** * Search hist signals. * @param param The request object diff --git a/services/security_monitoring/src/v2/index.ts b/services/security_monitoring/src/v2/index.ts index 3d5d276b60b5..9f2c9e66dc8e 100644 --- a/services/security_monitoring/src/v2/index.ts +++ b/services/security_monitoring/src/v2/index.ts @@ -45,6 +45,7 @@ export { SecurityMonitoringApiListFindingsRequest, SecurityMonitoringApiListMultipleRulesetsRequest, SecurityMonitoringApiListScannedAssetsMetadataRequest, + SecurityMonitoringApiListSecurityFindingsRequest, SecurityMonitoringApiListSecurityMonitoringHistsignalsRequest, SecurityMonitoringApiListSecurityMonitoringRulesRequest, SecurityMonitoringApiListSecurityMonitoringSignalsRequest, @@ -56,6 +57,7 @@ export { SecurityMonitoringApiPatchSignalNotificationRuleRequest, SecurityMonitoringApiPatchVulnerabilityNotificationRuleRequest, SecurityMonitoringApiRunThreatHuntingJobRequest, + SecurityMonitoringApiSearchSecurityFindingsRequest, SecurityMonitoringApiSearchSecurityMonitoringHistsignalsRequest, SecurityMonitoringApiSearchSecurityMonitoringSignalsRequest, SecurityMonitoringApiTestExistingSecurityMonitoringRuleRequest, @@ -209,6 +211,7 @@ export { ListAssetsSBOMsResponse } from "./models/ListAssetsSBOMsResponse"; export { ListFindingsMeta } from "./models/ListFindingsMeta"; export { ListFindingsPage } from "./models/ListFindingsPage"; export { ListFindingsResponse } from "./models/ListFindingsResponse"; +export { ListSecurityFindingsResponse } from "./models/ListSecurityFindingsResponse"; export { ListThreatHuntingJobsResponse } from "./models/ListThreatHuntingJobsResponse"; export { ListVulnerabilitiesResponse } from "./models/ListVulnerabilitiesResponse"; export { ListVulnerableAssetsResponse } from "./models/ListVulnerableAssetsResponse"; @@ -279,6 +282,18 @@ export { SecurityFilterType } from "./models/SecurityFilterType"; export { SecurityFilterUpdateAttributes } from "./models/SecurityFilterUpdateAttributes"; export { SecurityFilterUpdateData } from "./models/SecurityFilterUpdateData"; export { SecurityFilterUpdateRequest } from "./models/SecurityFilterUpdateRequest"; +export { SecurityFindingsAttributes } from "./models/SecurityFindingsAttributes"; +export { SecurityFindingsData } from "./models/SecurityFindingsData"; +export { SecurityFindingsDataType } from "./models/SecurityFindingsDataType"; +export { SecurityFindingsLinks } from "./models/SecurityFindingsLinks"; +export { SecurityFindingsMeta } from "./models/SecurityFindingsMeta"; +export { SecurityFindingsPage } from "./models/SecurityFindingsPage"; +export { SecurityFindingsSearchRequest } from "./models/SecurityFindingsSearchRequest"; +export { SecurityFindingsSearchRequestData } from "./models/SecurityFindingsSearchRequestData"; +export { SecurityFindingsSearchRequestDataAttributes } from "./models/SecurityFindingsSearchRequestDataAttributes"; +export { SecurityFindingsSearchRequestPage } from "./models/SecurityFindingsSearchRequestPage"; +export { SecurityFindingsSort } from "./models/SecurityFindingsSort"; +export { SecurityFindingsStatus } from "./models/SecurityFindingsStatus"; export { SecurityMonitoringFilter } from "./models/SecurityMonitoringFilter"; export { SecurityMonitoringFilterAction } from "./models/SecurityMonitoringFilterAction"; export { SecurityMonitoringListRulesResponse } from "./models/SecurityMonitoringListRulesResponse"; diff --git a/services/security_monitoring/src/v2/models/ListSecurityFindingsResponse.ts b/services/security_monitoring/src/v2/models/ListSecurityFindingsResponse.ts new file mode 100644 index 000000000000..f40dbf3fd077 --- /dev/null +++ b/services/security_monitoring/src/v2/models/ListSecurityFindingsResponse.ts @@ -0,0 +1,64 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +import { SecurityFindingsData } from "./SecurityFindingsData"; +import { SecurityFindingsLinks } from "./SecurityFindingsLinks"; +import { SecurityFindingsMeta } from "./SecurityFindingsMeta"; + +/** + * The expected response schema when listing security findings. + */ +export class ListSecurityFindingsResponse { + /** + * Array of security findings matching the search query. + */ + "data"?: Array; + /** + * Links for pagination. + */ + "links"?: SecurityFindingsLinks; + /** + * Metadata about the response. + */ + "meta"?: SecurityFindingsMeta; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + data: { + baseName: "data", + type: "Array", + }, + links: { + baseName: "links", + type: "SecurityFindingsLinks", + }, + meta: { + baseName: "meta", + type: "SecurityFindingsMeta", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return ListSecurityFindingsResponse.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/SecurityFindingsAttributes.ts b/services/security_monitoring/src/v2/models/SecurityFindingsAttributes.ts new file mode 100644 index 000000000000..7021e05a5c9e --- /dev/null +++ b/services/security_monitoring/src/v2/models/SecurityFindingsAttributes.ts @@ -0,0 +1,61 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +/** + * The JSON object containing all attributes of the security finding. + */ +export class SecurityFindingsAttributes { + /** + * The custom attributes of the security finding. + */ + "attributes"?: { [key: string]: any }; + /** + * List of tags associated with the security finding. + */ + "tags"?: Array; + /** + * The Unix timestamp at which the detection changed for the resource. Same value as @detection_changed_at. + */ + "timestamp"?: number; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + attributes: { + baseName: "attributes", + type: "{ [key: string]: any; }", + }, + tags: { + baseName: "tags", + type: "Array", + }, + timestamp: { + baseName: "timestamp", + type: "number", + format: "int64", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityFindingsAttributes.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/SecurityFindingsData.ts b/services/security_monitoring/src/v2/models/SecurityFindingsData.ts new file mode 100644 index 000000000000..0dd9f7ffd6f4 --- /dev/null +++ b/services/security_monitoring/src/v2/models/SecurityFindingsData.ts @@ -0,0 +1,63 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +import { SecurityFindingsAttributes } from "./SecurityFindingsAttributes"; +import { SecurityFindingsDataType } from "./SecurityFindingsDataType"; + +/** + * A single security finding. + */ +export class SecurityFindingsData { + /** + * The JSON object containing all attributes of the security finding. + */ + "attributes"?: SecurityFindingsAttributes; + /** + * The unique ID of the security finding. + */ + "id"?: string; + /** + * The type of the security finding resource. + */ + "type"?: SecurityFindingsDataType; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + attributes: { + baseName: "attributes", + type: "SecurityFindingsAttributes", + }, + id: { + baseName: "id", + type: "string", + }, + type: { + baseName: "type", + type: "SecurityFindingsDataType", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityFindingsData.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/SecurityFindingsDataType.ts b/services/security_monitoring/src/v2/models/SecurityFindingsDataType.ts new file mode 100644 index 000000000000..f6660bb12aeb --- /dev/null +++ b/services/security_monitoring/src/v2/models/SecurityFindingsDataType.ts @@ -0,0 +1,7 @@ +import { UnparsedObject } from "@datadog/datadog-api-client"; + +/** + * The type of the security finding resource. + */ +export type SecurityFindingsDataType = typeof FINDING | UnparsedObject; +export const FINDING = "finding"; diff --git a/services/security_monitoring/src/v2/models/SecurityFindingsLinks.ts b/services/security_monitoring/src/v2/models/SecurityFindingsLinks.ts new file mode 100644 index 000000000000..1509cf91612d --- /dev/null +++ b/services/security_monitoring/src/v2/models/SecurityFindingsLinks.ts @@ -0,0 +1,44 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +/** + * Links for pagination. + */ +export class SecurityFindingsLinks { + /** + * Link for the next page of results. Note that paginated requests can also be made using the POST endpoint. + */ + "next"?: string; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + next: { + baseName: "next", + type: "string", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityFindingsLinks.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/SecurityFindingsMeta.ts b/services/security_monitoring/src/v2/models/SecurityFindingsMeta.ts new file mode 100644 index 000000000000..aa89b7fc7a2b --- /dev/null +++ b/services/security_monitoring/src/v2/models/SecurityFindingsMeta.ts @@ -0,0 +1,72 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +import { SecurityFindingsPage } from "./SecurityFindingsPage"; +import { SecurityFindingsStatus } from "./SecurityFindingsStatus"; + +/** + * Metadata about the response. + */ +export class SecurityFindingsMeta { + /** + * The time elapsed in milliseconds. + */ + "elapsed"?: number; + /** + * Pagination information. + */ + "page"?: SecurityFindingsPage; + /** + * The identifier of the request. + */ + "requestId"?: string; + /** + * The status of the response. + */ + "status"?: SecurityFindingsStatus; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + elapsed: { + baseName: "elapsed", + type: "number", + format: "int64", + }, + page: { + baseName: "page", + type: "SecurityFindingsPage", + }, + requestId: { + baseName: "request_id", + type: "string", + }, + status: { + baseName: "status", + type: "SecurityFindingsStatus", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityFindingsMeta.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/SecurityFindingsPage.ts b/services/security_monitoring/src/v2/models/SecurityFindingsPage.ts new file mode 100644 index 000000000000..f88eedd11ed2 --- /dev/null +++ b/services/security_monitoring/src/v2/models/SecurityFindingsPage.ts @@ -0,0 +1,44 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +/** + * Pagination information. + */ +export class SecurityFindingsPage { + /** + * The cursor used to get the next page of results. + */ + "after"?: string; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + after: { + baseName: "after", + type: "string", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityFindingsPage.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/SecurityFindingsSearchRequest.ts b/services/security_monitoring/src/v2/models/SecurityFindingsSearchRequest.ts new file mode 100644 index 000000000000..d4776fba4ca0 --- /dev/null +++ b/services/security_monitoring/src/v2/models/SecurityFindingsSearchRequest.ts @@ -0,0 +1,46 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +import { SecurityFindingsSearchRequestData } from "./SecurityFindingsSearchRequestData"; + +/** + * The request body for searching security findings. + */ +export class SecurityFindingsSearchRequest { + /** + * Request data for searching security findings. + */ + "data"?: SecurityFindingsSearchRequestData; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + data: { + baseName: "data", + type: "SecurityFindingsSearchRequestData", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityFindingsSearchRequest.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/SecurityFindingsSearchRequestData.ts b/services/security_monitoring/src/v2/models/SecurityFindingsSearchRequestData.ts new file mode 100644 index 000000000000..1a41924fd09d --- /dev/null +++ b/services/security_monitoring/src/v2/models/SecurityFindingsSearchRequestData.ts @@ -0,0 +1,46 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +import { SecurityFindingsSearchRequestDataAttributes } from "./SecurityFindingsSearchRequestDataAttributes"; + +/** + * Request data for searching security findings. + */ +export class SecurityFindingsSearchRequestData { + /** + * Request attributes for searching security findings. + */ + "attributes"?: SecurityFindingsSearchRequestDataAttributes; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + attributes: { + baseName: "attributes", + type: "SecurityFindingsSearchRequestDataAttributes", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityFindingsSearchRequestData.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/SecurityFindingsSearchRequestDataAttributes.ts b/services/security_monitoring/src/v2/models/SecurityFindingsSearchRequestDataAttributes.ts new file mode 100644 index 000000000000..748d4c794782 --- /dev/null +++ b/services/security_monitoring/src/v2/models/SecurityFindingsSearchRequestDataAttributes.ts @@ -0,0 +1,63 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +import { SecurityFindingsSearchRequestPage } from "./SecurityFindingsSearchRequestPage"; +import { SecurityFindingsSort } from "./SecurityFindingsSort"; + +/** + * Request attributes for searching security findings. + */ +export class SecurityFindingsSearchRequestDataAttributes { + /** + * The search query following log search syntax. + */ + "filter"?: string; + /** + * Pagination attributes for the search request. + */ + "page"?: SecurityFindingsSearchRequestPage; + /** + * The sort parameters when querying security findings. + */ + "sort"?: SecurityFindingsSort; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + filter: { + baseName: "filter", + type: "string", + }, + page: { + baseName: "page", + type: "SecurityFindingsSearchRequestPage", + }, + sort: { + baseName: "sort", + type: "SecurityFindingsSort", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityFindingsSearchRequestDataAttributes.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/SecurityFindingsSearchRequestPage.ts b/services/security_monitoring/src/v2/models/SecurityFindingsSearchRequestPage.ts new file mode 100644 index 000000000000..1f68be5276c3 --- /dev/null +++ b/services/security_monitoring/src/v2/models/SecurityFindingsSearchRequestPage.ts @@ -0,0 +1,53 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +/** + * Pagination attributes for the search request. + */ +export class SecurityFindingsSearchRequestPage { + /** + * Get the next page of results with a cursor provided in the previous query. + */ + "cursor"?: string; + /** + * The maximum number of security findings in the response. + */ + "limit"?: number; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + cursor: { + baseName: "cursor", + type: "string", + }, + limit: { + baseName: "limit", + type: "number", + format: "int64", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityFindingsSearchRequestPage.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/SecurityFindingsSort.ts b/services/security_monitoring/src/v2/models/SecurityFindingsSort.ts new file mode 100644 index 000000000000..2f421d3b2226 --- /dev/null +++ b/services/security_monitoring/src/v2/models/SecurityFindingsSort.ts @@ -0,0 +1,11 @@ +import { UnparsedObject } from "@datadog/datadog-api-client"; + +/** + * The sort parameters when querying security findings. + */ +export type SecurityFindingsSort = + | typeof DETECTION_CHANGED_AT_ASC + | typeof DETECTION_CHANGED_AT_DESC + | UnparsedObject; +export const DETECTION_CHANGED_AT_ASC = "@detection_changed_at"; +export const DETECTION_CHANGED_AT_DESC = "-@detection_changed_at"; diff --git a/services/security_monitoring/src/v2/models/SecurityFindingsStatus.ts b/services/security_monitoring/src/v2/models/SecurityFindingsStatus.ts new file mode 100644 index 000000000000..9efd3e4dee46 --- /dev/null +++ b/services/security_monitoring/src/v2/models/SecurityFindingsStatus.ts @@ -0,0 +1,11 @@ +import { UnparsedObject } from "@datadog/datadog-api-client"; + +/** + * The status of the response. + */ +export type SecurityFindingsStatus = + | typeof DONE + | typeof TIMEOUT + | UnparsedObject; +export const DONE = "done"; +export const TIMEOUT = "timeout"; diff --git a/services/security_monitoring/src/v2/models/TypingInfo.ts b/services/security_monitoring/src/v2/models/TypingInfo.ts index 22d2eb1b44ed..ddddbb8200f5 100644 --- a/services/security_monitoring/src/v2/models/TypingInfo.ts +++ b/services/security_monitoring/src/v2/models/TypingInfo.ts @@ -116,6 +116,7 @@ import { ListAssetsSBOMsResponse } from "./ListAssetsSBOMsResponse"; import { ListFindingsMeta } from "./ListFindingsMeta"; import { ListFindingsPage } from "./ListFindingsPage"; import { ListFindingsResponse } from "./ListFindingsResponse"; +import { ListSecurityFindingsResponse } from "./ListSecurityFindingsResponse"; import { ListThreatHuntingJobsResponse } from "./ListThreatHuntingJobsResponse"; import { ListVulnerabilitiesResponse } from "./ListVulnerabilitiesResponse"; import { ListVulnerableAssetsResponse } from "./ListVulnerableAssetsResponse"; @@ -174,6 +175,15 @@ import { SecurityFilterUpdateAttributes } from "./SecurityFilterUpdateAttributes import { SecurityFilterUpdateData } from "./SecurityFilterUpdateData"; import { SecurityFilterUpdateRequest } from "./SecurityFilterUpdateRequest"; import { SecurityFiltersResponse } from "./SecurityFiltersResponse"; +import { SecurityFindingsAttributes } from "./SecurityFindingsAttributes"; +import { SecurityFindingsData } from "./SecurityFindingsData"; +import { SecurityFindingsLinks } from "./SecurityFindingsLinks"; +import { SecurityFindingsMeta } from "./SecurityFindingsMeta"; +import { SecurityFindingsPage } from "./SecurityFindingsPage"; +import { SecurityFindingsSearchRequest } from "./SecurityFindingsSearchRequest"; +import { SecurityFindingsSearchRequestData } from "./SecurityFindingsSearchRequestData"; +import { SecurityFindingsSearchRequestDataAttributes } from "./SecurityFindingsSearchRequestDataAttributes"; +import { SecurityFindingsSearchRequestPage } from "./SecurityFindingsSearchRequestPage"; import { SecurityMonitoringFilter } from "./SecurityMonitoringFilter"; import { SecurityMonitoringListRulesResponse } from "./SecurityMonitoringListRulesResponse"; import { SecurityMonitoringReferenceTable } from "./SecurityMonitoringReferenceTable"; @@ -363,6 +373,9 @@ export const TypingInfo: ModelTypingInfo = { SecretRuleDataType: ["secret_rule"], SecurityFilterFilteredDataType: ["logs"], SecurityFilterType: ["security_filters"], + SecurityFindingsDataType: ["finding"], + SecurityFindingsSort: ["@detection_changed_at", "-@detection_changed_at"], + SecurityFindingsStatus: ["done", "timeout"], SecurityMonitoringFilterAction: ["require", "suppress"], SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration: [ 300, 600, 900, 1800, 3600, 10800, @@ -710,6 +723,7 @@ export const TypingInfo: ModelTypingInfo = { ListFindingsMeta: ListFindingsMeta, ListFindingsPage: ListFindingsPage, ListFindingsResponse: ListFindingsResponse, + ListSecurityFindingsResponse: ListSecurityFindingsResponse, ListThreatHuntingJobsResponse: ListThreatHuntingJobsResponse, ListVulnerabilitiesResponse: ListVulnerabilitiesResponse, ListVulnerableAssetsResponse: ListVulnerableAssetsResponse, @@ -773,6 +787,16 @@ export const TypingInfo: ModelTypingInfo = { SecurityFilterUpdateData: SecurityFilterUpdateData, SecurityFilterUpdateRequest: SecurityFilterUpdateRequest, SecurityFiltersResponse: SecurityFiltersResponse, + SecurityFindingsAttributes: SecurityFindingsAttributes, + SecurityFindingsData: SecurityFindingsData, + SecurityFindingsLinks: SecurityFindingsLinks, + SecurityFindingsMeta: SecurityFindingsMeta, + SecurityFindingsPage: SecurityFindingsPage, + SecurityFindingsSearchRequest: SecurityFindingsSearchRequest, + SecurityFindingsSearchRequestData: SecurityFindingsSearchRequestData, + SecurityFindingsSearchRequestDataAttributes: + SecurityFindingsSearchRequestDataAttributes, + SecurityFindingsSearchRequestPage: SecurityFindingsSearchRequestPage, SecurityMonitoringFilter: SecurityMonitoringFilter, SecurityMonitoringListRulesResponse: SecurityMonitoringListRulesResponse, SecurityMonitoringReferenceTable: SecurityMonitoringReferenceTable,