From b5bbc1dd1ab126d8e1e44db4cb47b1bdcaee037b Mon Sep 17 00:00:00 2001 From: "ci.datadog-api-spec" Date: Wed, 17 Dec 2025 23:24:39 +0000 Subject: [PATCH] Regenerate client from commit f2cdf98 of spec repo --- .generator/schemas/v2/openapi.yaml | 313 ++++++++++++ .../frozen.json | 1 + .../recording.har | 64 +++ .../frozen.json | 1 + .../recording.har | 64 +++ .../frozen.json | 1 + .../recording.har | 57 +++ .../frozen.json | 1 + .../recording.har | 67 +++ .../frozen.json | 1 + .../recording.har | 67 +++ .../frozen.json | 1 + .../recording.har | 67 +++ .../ListSecurityFindings.ts | 18 + .../ListSecurityFindings_2925663885.ts | 22 + .../SearchSecurityFindings.ts | 28 ++ .../SearchSecurityFindings_3678541639.ts | 31 ++ features/support/scenarios_model_mapping.ts | 26 + features/v2/security_monitoring.feature | 53 ++ features/v2/undo.json | 12 + .../configuration.ts | 2 + .../apis/SecurityMonitoringApi.ts | 457 ++++++++++++++++++ packages/datadog-api-client-v2/index.ts | 15 + .../models/ListSecurityFindingsResponse.ts | 71 +++ .../models/ObjectSerializer.ts | 24 + .../models/SecurityFindingsAttributes.ts | 69 +++ .../models/SecurityFindingsData.ts | 70 +++ .../models/SecurityFindingsDataType.ts | 14 + .../models/SecurityFindingsLinks.ts | 52 ++ .../models/SecurityFindingsMeta.ts | 79 +++ .../models/SecurityFindingsPage.ts | 52 ++ .../models/SecurityFindingsSearchRequest.ts | 53 ++ .../SecurityFindingsSearchRequestData.ts | 53 ++ ...rityFindingsSearchRequestDataAttributes.ts | 70 +++ .../SecurityFindingsSearchRequestPage.ts | 61 +++ .../models/SecurityFindingsSort.ts | 18 + .../models/SecurityFindingsStatus.ts | 18 + 37 files changed, 2073 insertions(+) create mode 100644 cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-Bad-Request-response_3686267455/frozen.json create mode 100644 cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-Bad-Request-response_3686267455/recording.har create mode 100644 cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response-with-pagination_1895514683/frozen.json create mode 100644 cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response-with-pagination_1895514683/recording.har create mode 100644 cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response_720106027/frozen.json create mode 100644 cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response_720106027/recording.har create mode 100644 cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-Bad-Request-response_1087921447/frozen.json create mode 100644 cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-Bad-Request-response_1087921447/recording.har create mode 100644 cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response-with-pagination_3585802019/frozen.json create mode 100644 cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response-with-pagination_3585802019/recording.har create mode 100644 cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response_2164909507/frozen.json create mode 100644 cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response_2164909507/recording.har create mode 100644 examples/v2/security-monitoring/ListSecurityFindings.ts create mode 100644 examples/v2/security-monitoring/ListSecurityFindings_2925663885.ts create mode 100644 examples/v2/security-monitoring/SearchSecurityFindings.ts create mode 100644 examples/v2/security-monitoring/SearchSecurityFindings_3678541639.ts create mode 100644 packages/datadog-api-client-v2/models/ListSecurityFindingsResponse.ts create mode 100644 packages/datadog-api-client-v2/models/SecurityFindingsAttributes.ts create mode 100644 packages/datadog-api-client-v2/models/SecurityFindingsData.ts create mode 100644 packages/datadog-api-client-v2/models/SecurityFindingsDataType.ts create mode 100644 packages/datadog-api-client-v2/models/SecurityFindingsLinks.ts create mode 100644 packages/datadog-api-client-v2/models/SecurityFindingsMeta.ts create mode 100644 packages/datadog-api-client-v2/models/SecurityFindingsPage.ts create mode 100644 packages/datadog-api-client-v2/models/SecurityFindingsSearchRequest.ts create mode 100644 packages/datadog-api-client-v2/models/SecurityFindingsSearchRequestData.ts create mode 100644 packages/datadog-api-client-v2/models/SecurityFindingsSearchRequestDataAttributes.ts create mode 100644 packages/datadog-api-client-v2/models/SecurityFindingsSearchRequestPage.ts create mode 100644 packages/datadog-api-client-v2/models/SecurityFindingsSort.ts create mode 100644 packages/datadog-api-client-v2/models/SecurityFindingsStatus.ts diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 196165112daa..26ded8599f20 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -30705,6 +30705,19 @@ components: example: /api/v2/scorecard/rules?page%5Blimit%5D=2&page%5Boffset%5D=2&page%5Bsize%5D=2 type: string type: object + ListSecurityFindingsResponse: + description: The expected response schema when listing security findings. + properties: + data: + description: Array of security findings matching the search query. + items: + $ref: '#/components/schemas/SecurityFindingsData' + type: array + links: + $ref: '#/components/schemas/SecurityFindingsLinks' + meta: + $ref: '#/components/schemas/SecurityFindingsMeta' + type: object ListTagsResponse: description: List tags response. properties: @@ -47272,6 +47285,148 @@ components: meta: $ref: '#/components/schemas/SecurityFilterMeta' type: object + SecurityFindingsAttributes: + description: The JSON object containing all attributes of the security finding. + properties: + attributes: + additionalProperties: {} + description: The custom attributes of the security finding. + example: + severity: high + status: open + type: object + tags: + description: List of tags associated with the security finding. + example: + - team:platform + - env:prod + items: + type: string + type: array + timestamp: + description: The Unix timestamp at which the detection changed for the resource. + Same value as @detection_changed_at. + example: 1765901760 + format: int64 + type: integer + type: object + SecurityFindingsData: + description: A single security finding. + properties: + attributes: + $ref: '#/components/schemas/SecurityFindingsAttributes' + id: + description: The unique ID of the security finding. + example: ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw== + type: string + type: + $ref: '#/components/schemas/SecurityFindingsDataType' + type: object + SecurityFindingsDataType: + default: finding + description: The type of the security finding resource. + enum: + - finding + example: finding + type: string + x-enum-varnames: + - FINDING + SecurityFindingsLinks: + description: Links for pagination. + properties: + next: + description: Link for the next page of results. Note that paginated requests + can also be made using the POST endpoint. + example: https://app.datadoghq.com/api/v2/security/findings?page[cursor]=eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ==&page[limit]=25 + type: string + type: object + SecurityFindingsMeta: + description: Metadata about the response. + properties: + elapsed: + description: The time elapsed in milliseconds. + example: 548 + format: int64 + type: integer + page: + $ref: '#/components/schemas/SecurityFindingsPage' + request_id: + description: The identifier of the request. + example: pddv1ChZwVlMxMUdYRFRMQ1lyb3B4MGNYbFlnIi0KHQu35LDbucx + type: string + status: + $ref: '#/components/schemas/SecurityFindingsStatus' + type: object + SecurityFindingsPage: + description: Pagination information. + properties: + after: + description: The cursor used to get the next page of results. + example: eyJhZnRlciI6IkFRQUFBWWJiaEJXQS1OY1dqUUFBQUFCQldXSmlhRUpYUVVGQlJFSktkbTlDTUdaWFRVbDNRVUUiLCJ2YWx1ZXMiOlsiY3JpdGljYWwiXX0= + type: string + type: object + SecurityFindingsSearchRequest: + description: The request body for searching security findings. + properties: + data: + $ref: '#/components/schemas/SecurityFindingsSearchRequestData' + type: object + SecurityFindingsSearchRequestData: + description: Request data for searching security findings. + properties: + attributes: + $ref: '#/components/schemas/SecurityFindingsSearchRequestDataAttributes' + type: object + SecurityFindingsSearchRequestDataAttributes: + description: Request attributes for searching security findings. + properties: + filter: + default: '*' + description: The search query following log search syntax. + example: '@severity:(critical OR high) @status:open team:platform' + type: string + page: + $ref: '#/components/schemas/SecurityFindingsSearchRequestPage' + sort: + $ref: '#/components/schemas/SecurityFindingsSort' + type: object + SecurityFindingsSearchRequestPage: + description: Pagination attributes for the search request. + properties: + cursor: + description: Get the next page of results with a cursor provided in the + previous query. + example: eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ== + type: string + limit: + default: 10 + description: The maximum number of security findings in the response. + example: 25 + format: int64 + maximum: 150 + minimum: 1 + type: integer + type: object + SecurityFindingsSort: + default: -@detection_changed_at + description: The sort parameters when querying security findings. + enum: + - '@detection_changed_at' + - -@detection_changed_at + type: string + x-enum-varnames: + - DETECTION_CHANGED_AT_ASC + - DETECTION_CHANGED_AT_DESC + SecurityFindingsStatus: + description: The status of the response. + enum: + - done + - timeout + example: done + type: string + x-enum-varnames: + - DONE + - TIMEOUT SecurityMonitoringFilter: description: The rule's suppression filter. properties: @@ -58490,6 +58645,8 @@ components: apm_service_catalog_read: View service catalog and service definitions. apm_service_catalog_write: Add, modify, and delete service catalog definitions when those definitions are maintained by Datadog. + appsec_vm_read: View infrastructure, application code, and library vulnerability + findings. billing_read: View your organization's billing information. cases_read: View Cases. cases_write: Create and update cases. @@ -80641,6 +80798,98 @@ paths: operator: OR permissions: - security_monitoring_cws_agent_rules_read + /api/v2/security/findings: + get: + description: 'Get a list of security findings that match a search query. + + + This endpoint requires one of the following permissions: + + - `security_monitoring_findings_read` + + - `appsec_vm_read` + + + ### Query Syntax + + + This endpoint uses the logs query syntax. Findings attributes (living in the + custom. namespace) are prefixed by @ when queried. Tags are queried without + a prefix. + + + Example: `@severity:(critical OR high) @status:open team:platform`' + operationId: ListSecurityFindings + parameters: + - description: The search query following log search syntax. + example: '@severity:(critical OR high) @status:open team:platform' + in: query + name: filter[query] + required: false + schema: + default: '*' + type: string + - description: Get the next page of results with a cursor provided in the previous + query. + example: eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ== + in: query + name: page[cursor] + required: false + schema: + type: string + - description: The maximum number of findings in the response. + example: 25 + in: query + name: page[limit] + required: false + schema: + default: 10 + format: int64 + maximum: 150 + minimum: 1 + type: integer + - description: Sorts by @detection_changed_at. + in: query + name: sort + required: false + schema: + $ref: '#/components/schemas/SecurityFindingsSort' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListSecurityFindingsResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/ForbiddenResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_findings_read + - AuthZ: + - appsec_vm_read + summary: List security findings + tags: + - Security Monitoring + x-pagination: + cursorParam: page[cursor] + cursorPath: meta.page.after + limitParam: page[limit] + resultsPath: data + x-permission: + operator: OR + permissions: + - security_monitoring_findings_read + - appsec_vm_read + x-unstable: '**Note**: This endpoint is in beta and subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/security/findings/cases: delete: description: 'Detach security findings from their case. @@ -80860,6 +81109,70 @@ paths: x-unstable: '**Note**: This endpoint is in beta and is subject to change. Please check the documentation regularly for updates.' + /api/v2/security/findings/search: + post: + description: 'Get a list of security findings that match a search query. + + + This endpoint requires one of the following permissions: + + - `security_monitoring_findings_read` + + - `appsec_vm_read` + + + ### Query Syntax + + + The API uses the logs query syntax. Findings attributes (living in the custom. + namespace) are prefixed by @ when queried. Tags are queried without a prefix. + + + Example: `@severity:(critical OR high) @status:open team:platform`' + operationId: SearchSecurityFindings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityFindingsSearchRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListSecurityFindingsResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/ForbiddenResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_findings_read + - AuthZ: + - appsec_vm_read + summary: Search security findings + tags: + - Security Monitoring + x-codegen-request-body-name: body + x-pagination: + cursorParam: body.data.attributes.page.cursor + cursorPath: meta.page.after + limitParam: body.data.attributes.page.limit + resultsPath: data + x-permission: + operator: OR + permissions: + - security_monitoring_findings_read + - appsec_vm_read + x-unstable: '**Note**: This endpoint is in beta and subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/security/sboms: get: description: 'Get a list of assets SBOMs for an organization. diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-Bad-Request-response_3686267455/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-Bad-Request-response_3686267455/frozen.json new file mode 100644 index 000000000000..59817b92ae6f --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-Bad-Request-response_3686267455/frozen.json @@ -0,0 +1 @@ +"2025-12-17T16:27:32.641Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-Bad-Request-response_3686267455/recording.har b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-Bad-Request-response_3686267455/recording.har new file mode 100644 index 000000000000..3aa0691f6e0e --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-Bad-Request-response_3686267455/recording.har @@ -0,0 +1,64 @@ +{ + "log": { + "_recordingName": "Security Monitoring/List security findings returns \"Bad Request\" response", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "7ded4102477eb50b16f7221ef8152259", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + } + ], + "headersSize": 550, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [ + { + "name": "page", + "value": { + "cursor": "invalid_cursor" + } + } + ], + "url": "https://api.datadoghq.com/api/v2/security/findings?page%5Bcursor%5D=invalid_cursor" + }, + "response": { + "bodySize": 56, + "content": { + "mimeType": "application/vnd.api+json", + "size": 56, + "text": "{\"errors\":[{\"status\":\"400\",\"detail\":\"Invalid filters\"}]}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/vnd.api+json" + } + ], + "headersSize": 675, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 400, + "statusText": "Bad Request" + }, + "startedDateTime": "2025-12-17T16:27:32.648Z", + "time": 125 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response-with-pagination_1895514683/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response-with-pagination_1895514683/frozen.json new file mode 100644 index 000000000000..757d7fbd9a5b --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response-with-pagination_1895514683/frozen.json @@ -0,0 +1 @@ +"2025-12-15T22:38:44.211Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response-with-pagination_1895514683/recording.har b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response-with-pagination_1895514683/recording.har new file mode 100644 index 000000000000..80d78bf2f55b --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response-with-pagination_1895514683/recording.har @@ -0,0 +1,64 @@ +{ + "log": { + "_recordingName": "Security Monitoring/List security findings returns \"OK\" response with pagination", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "430f92d46487cafa52e13d93529533fe", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + } + ], + "headersSize": 536, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [ + { + "name": "page", + "value": { + "limit": "5" + } + } + ], + "url": "https://api.datadoghq.com/api/v2/security/findings?page%5Blimit%5D=5" + }, + "response": { + "bodySize": 35490, + "content": { + "mimeType": "application/vnd.api+json", + "size": 35490, + "text": "{\"data\":[{\"id\":\"OXBuLXltcS1yaGh-aS0wODVkZTgwNWY4NTJlZGQxNA==\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"cloud_resource\":{\"account\":\"727006795293\",\"category\":\"hosts\",\"cloud_provider\":\"aws\",\"configuration\":{\"account_id\":\"727006795293\",\"agent_framework_id\":\"cis-ubuntu2204\",\"agent_rule_id\":\"xccdf_org.ssgproject.content_rule_package_bind_removed\",\"agent_version\":\"7.74.0-rc.3\",\"evaluator\":\"xccdf\",\"framework_requirement\":[\"cis-ubuntu2004/DNS-Server\",\"cis-rhel9/DNS-Server\",\"cis-ubuntu2404/DNS-Server\",\"cis-rhel8/DNS-Server\",\"cis-rhel7/DNS-Server\",\"cis-amzn2/DNS-Server\",\"cis-al2023/DNS-Server\",\"cis-ubuntu2204/DNS-Server\",\"cis-almalinux9/DNS-Server\"],\"framework_requirement_control\":[\"cis-ubuntu2004/DNS-Server/2.2.8\",\"cis-ubuntu2404/DNS-Server/2.1.4\",\"cis-rhel7/DNS-Server/2.2.4\",\"cis-almalinux9/DNS-Server/2.1.4\",\"cis-rhel8/DNS-Server/2.2.4\",\"cis-rhel9/DNS-Server/2.1.4\",\"cis-al2023/DNS-Server/2.2.5\",\"cis-amzn2/DNS-Server/2.2.4\",\"cis-ubuntu2204/DNS-Server/2.2.7\"]},\"region\":\"us-east-1\"},\"compliance\":{\"evaluation\":\"pass\",\"framework_requirement_controls\":[\"cis-ubuntu2004/DNS-Server/2.2.8\",\"cis-ubuntu2404/DNS-Server/2.1.4\",\"cis-rhel7/DNS-Server/2.2.4\",\"cis-almalinux9/DNS-Server/2.1.4\",\"cis-rhel8/DNS-Server/2.2.4\",\"cis-rhel9/DNS-Server/2.1.4\",\"cis-al2023/DNS-Server/2.2.5\",\"cis-amzn2/DNS-Server/2.2.4\",\"cis-ubuntu2204/DNS-Server/2.2.7\"],\"framework_requirements\":[\"cis-ubuntu2004/DNS-Server\",\"cis-rhel9/DNS-Server\",\"cis-ubuntu2404/DNS-Server\",\"cis-rhel8/DNS-Server\",\"cis-rhel7/DNS-Server\",\"cis-amzn2/DNS-Server\",\"cis-al2023/DNS-Server\",\"cis-ubuntu2204/DNS-Server\",\"cis-almalinux9/DNS-Server\"],\"frameworks\":[{\"control\":\"2.2.8\",\"framework\":\"cis-ubuntu2004\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ apt-get remove bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind9\\n# from the system, and may remove any packages\\n# that depend on bind9. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nDEBIAN_FRONTEND=noninteractive apt-get remove -y \\\"bind9\\\"\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind9 is removed'\\n ansible.builtin.package:\\n name: bind9\\n state: absent\\n tags:\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"1.0.0\"},{\"control\":\"2.2.7\",\"framework\":\"cis-ubuntu2204\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ apt-get remove bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind9\\n# from the system, and may remove any packages\\n# that depend on bind9. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nDEBIAN_FRONTEND=noninteractive apt-get remove -y \\\"bind9\\\"\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind9 is removed'\\n ansible.builtin.package:\\n name: bind9\\n state: absent\\n tags:\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"2.0.0\"},{\"control\":\"2.2.4\",\"framework\":\"cis-rhel7\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ sudo yum erase bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind\\n#\\t from the system, and may remove any packages\\n#\\t that depend on bind. Execute this\\n#\\t remediation AFTER testing on a non-production\\n#\\t system!\\n\\nif rpm -q --quiet \\\"bind\\\" ; then\\n\\n yum remove -y \\\"bind\\\"\\n\\nfi\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: Ensure bind is removed\\n package:\\n name: bind\\n state: absent\\n tags:\\n - CCE-80326-2\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"3.1.1\"},{\"control\":\"2.2.4\",\"framework\":\"cis-rhel8\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ sudo yum erase bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind\\n# from the system, and may remove any packages\\n# that depend on bind. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nif rpm -q --quiet \\\"bind\\\" ; then\\nyum remove -y \\\"bind\\\"\\nfi\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind is removed'\\n ansible.builtin.package:\\n name: bind\\n state: absent\\n tags:\\n - CCE-82408-6\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"3.0.0\"},{\"control\":\"2.1.4\",\"framework\":\"cis-rhel9\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ sudo dnf remove bind\\n```\\nOn Red Hat Enterprise Linux 9.6 and newer, the `bind` command is also provided by the `bind9.18` package.\\nThe `bind9.18` package can be removed with the following command:\\n```\\n\\n$ sudo dnf remove bind9.18\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind and bind9.18\\n# from the system, and may remove any packages\\n# that depend on bind and bind9.18. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nif rpm -q --quiet \\\"bind\\\" ; then\\ndnf remove -y --noautoremove \\\"bind\\\"\\nfi\\n\\nif rpm -q --quiet \\\"bind9.18\\\" ; then\\ndnf remove -y --noautoremove \\\"bind9.18\\\"\\nfi\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind is removed'\\n ansible.builtin.package:\\n name: bind\\n state: absent\\n tags:\\n - CCE-86505-5\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n\\n- name: 'Uninstall bind Package: Ensure bind9.18 is removed'\\n ansible.builtin.package:\\n name: bind9.18\\n state: absent\\n tags:\\n - CCE-86505-5\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"2.0.0\"},{\"control\":\"2.1.4\",\"framework\":\"cis-almalinux9\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ sudo dnf remove bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind\\n# from the system, and may remove any packages\\n# that depend on bind. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nif rpm -q --quiet \\\"bind\\\" ; then\\ndnf remove -y --noautoremove \\\"bind\\\"\\nfi\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind is removed'\\n ansible.builtin.package:\\n name: bind\\n state: absent\\n tags:\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"2.0.0\"},{\"control\":\"2.2.4\",\"framework\":\"cis-amzn2\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ sudo yum erase bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind\\n#\\t from the system, and may remove any packages\\n#\\t that depend on bind. Execute this\\n#\\t remediation AFTER testing on a non-production\\n#\\t system!\\n\\nif rpm -q --quiet \\\"bind\\\" ; then\\n\\n yum remove -y \\\"bind\\\"\\n\\nfi\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: Ensure bind is removed\\n package:\\n name: bind\\n state: absent\\n tags:\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"3.0.0\"},{\"control\":\"2.2.5\",\"framework\":\"cis-al2023\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ sudo dnf remove bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind\\n# from the system, and may remove any packages\\n# that depend on bind. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nif rpm -q --quiet \\\"bind\\\" ; then\\ndnf remove -y --noautoremove \\\"bind\\\"\\nfi\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind is removed'\\n ansible.builtin.package:\\n name: bind\\n state: absent\\n tags:\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"1.0.0\"},{\"control\":\"2.2.5\",\"framework\":\"cis-al2023\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"1.0.0\"},{\"control\":\"2.1.4\",\"framework\":\"cis-almalinux9\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"2.0.0\"},{\"control\":\"2.2.4\",\"framework\":\"cis-amzn2\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"3.0.0\"},{\"control\":\"2.2.4\",\"framework\":\"cis-rhel7\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"3.1.1\"},{\"control\":\"2.2.4\",\"framework\":\"cis-rhel8\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"3.0.0\"},{\"control\":\"2.1.4\",\"framework\":\"cis-rhel9\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"2.0.0\"},{\"control\":\"2.2.8\",\"framework\":\"cis-ubuntu2004\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"1.0.0\"},{\"control\":\"2.2.7\",\"framework\":\"cis-ubuntu2204\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"2.0.0\"},{\"control\":\"2.1.4\",\"framework\":\"cis-ubuntu2404\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"1.0.0\"}]},\"description\":\"%%%\\n## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ apt-get remove bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind9\\n# from the system, and may remove any packages\\n# that depend on bind9. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nDEBIAN_FRONTEND=noninteractive apt-get remove -y \\\"bind9\\\"\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind9 is removed'\\n ansible.builtin.package:\\n name: bind9\\n state: absent\\n tags:\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\\n%%%\",\"detection_changed_at\":1765838312079,\"finding_id\":\"OXBuLXltcS1yaGh-aS0wODVkZTgwNWY4NTJlZGQxNA==\",\"finding_type\":\"misconfiguration\",\"first_seen_at\":1765838312079,\"host\":{\"cloud_provider\":\"aws\",\"name\":\"i-085de805f852edd14\"},\"k8s\":{\"cluster_id\":\"heatran\"},\"last_seen_at\":1765838312079,\"metadata\":{\"schema_version\":\"2\"},\"resource_id\":\"i-085de805f852edd14\",\"resource_name\":\"i-085de805f852edd14\",\"resource_type\":\"host\",\"rule\":{\"default_rule_id\":\"def-000-zlf\",\"id\":\"9pn-ymq-rhh\",\"name\":\"Uninstall bind Package\",\"type\":\"infrastructure configuration\",\"version\":25},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2,\"value\":\"low\",\"value_id\":1}},\"status\":\"open\",\"title\":\"Uninstall bind Package\",\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"scored:true\",\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1c\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"availability-zone:us-east-1c\",\"role:kube-node\",\"env:staging\",\"image:ami-0a8a2ad2689e7c22d\",\"control:2.2.4\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"kubernetes.io/cluster/heatran:owned\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:5971764ki\",\"site:datad0g.com\",\"framework:cis-ubuntu2204\",\"adp_enabled:true\",\"security:compliance\",\"auto-discovery.cluster-autoscaler.k8s.io/heatran\",\"chart_name:koutris-infra\",\"security-group:sg-0a2e60dd3f9a5a6ab\",\"kube_node_role:compute\",\"control:2.2.7\",\"control:2.2.8\",\"control:2.2.5\",\"autoscaling_group:us1-staging-dog-heatran-k8s-ng-asg-a6848eee38b2f3a8\",\"kube_cluster_name:heatran\",\"orch_cluster_id:0659afbc-9c8d-401f-926c-8d0a7d64a5d8\",\"dd_compute_k8s_platform_version:v6-271-0\",\"name:koutris_koutris-fw-2c8g\",\"kubernetes_cluster:heatran\",\"release:koutris-infra\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:koutris\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:93mi\",\"kube_node:ip-10-112-62-173.ec2.internal\",\"aws_account:727006795293\",\"host:i-085de805f852edd14\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:1900m\",\"pci_compliance_level:tier_two\",\"is_kube_cluster_experimental:false\",\"aws:ec2launchtemplate:id:lt-0565e94873111d4dc\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false\",\"requirement:dns-server\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"team:monitor-intake\",\"security-group:sg-0ebe29714ed14f3c3\",\"region:us-east-1\",\"control:2.1.4\",\"aws:ec2:fleet-id:fleet-4fbf0515-3c0e-e685-0c1a-01aa4d0a88dd\",\"ng_local_storage:false\",\"cluster_name:heatran\",\"cpu_arch:amd64\",\"ng_cluster_autoscaler:true\",\"nodegroup:koutris_koutris-fw-2c8g\",\"source:host-benchmarks\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/koutris-fw-2c8g\",\"account_id:727006795293\",\"iam_profile:k8s/us1-staging-dog-heatran-kube-node_v2\",\"instance_type:m6i.large\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"node.datadoghq.com/version:v6-271-0\",\"aws:ec2launchtemplate:version:1\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:20\",\"datacenter:us1.staging.dog\",\"k8s.io/cluster-autoscaler/node-template/taint/node:koutris-fw-2c8g:noschedule\",\"kube_node_role:koutris-fw-2c8g\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:koutris-fw-2c8g\",\"account:staging\",\"framework_version:cis-ubuntu2204_v2.0.0\",\"source:compliance-agent\",\"nodegroups.datadoghq.com/name:koutris-fw-2c8g\",\"agent_release_candidate_cluster:false\",\"instance-type:m6i.large\",\"nodegroups.datadoghq.com/namespace:koutris\"],\"timestamp\":1765838312079}},{\"id\":\"YTcxZGViZjIxNDMwYzMzM2ZjZTJlMzQ3NzZkZmEzZWF-OTljOTc5NDQ2OGY3Zjk3YmEzZGE2YzUxODZhMzQ4M2M=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-26740\"],\"cve\":\"CVE-2024-26740\",\"id\":\"TRIVY-CVE-2024-26740\",\"modified_at\":1742227413000,\"published_at\":1712164551000,\"summary\":\"kernel: net/sched: act_mirred: use the backlog for mirred ingress\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"ip-10-151-58-63.us-west-2.compute.internal-raboot-c\"},\"detection_changed_at\":1765838311928,\"finding_id\":\"YTcxZGViZjIxNDMwYzMzM2ZjZTJlMzQ3NzZkZmEzZWF-OTljOTc5NDQ2OGY3Zjk3YmEzZGE2YzUxODZhMzQ4M2M=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765838305292,\"host\":{\"name\":\"ip-10-151-58-63.us-west-2.compute.internal-raboot-c\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"raboot-c\"},\"last_seen_at\":1765838311928,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-common\"],\"name\":\"linux\",\"normalized_name\":\"linux\",\"version\":\"5.15.0-164.174\"},\"remediation\":{\"is_available\":false},\"resource_id\":\"99c9794468f7f97ba3da6c5186a3483c\",\"resource_name\":\"ip-10-151-58-63.us-west-2.compute.internal-raboot-c\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00007,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}},\"status\":\"open\",\"title\":\"kernel: net/sched: act_mirred: use the backlog for mirred ingress\",\"vulnerability\":{\"cwes\":[\"CWE-667\"],\"hash\":\"7006ac6847128f6a8d00b409db2695db2509f2ffcac2f023ccd33af9fc50a060\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"kube_node:ip-10-151-58-63.us-west-2.compute.internal\",\"package_name:linux\",\"epss_raw_score:0.000070\",\"fix_available:unavailable\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"source:datadog\",\"severity:low\",\"hash:7006ac6847128f6a8d00b409db2695db2509f2ffcac2f023ccd33af9fc50a060\",\"vulnerability_status:open\",\"cluster_name:raboot-c\",\"scored:false\",\"kube_node_role:compute\",\"asset_type:host\",\"new:true\",\"base_severity:medium\",\"os_name:ubuntu\",\"site:datadoghq.com\",\"assignee:none\",\"assignee_id:none\",\"in_production:false\",\"kube_cluster_name:raboot-c\",\"vuln_id:7006ac6847128f6a8d00b409db2695db2509f2ffcac2f023ccd33af9fc50a060\",\"is_kube_cluster_experimental:false\",\"orch_cluster_id:76cfd63e-1d3b-4bf3-b0b0-93e1423ef6cc\",\"node.datadoghq.com/flavor:standard\",\"nodegroups.datadoghq.com/name:nodeless-amd64-d-c6a-2xlarge\",\"adp_enabled:false\",\"public_exploit_available:false\",\"alias:cve-2024-26740\",\"node.datadoghq.com/cgroup:v2\",\"node.datadoghq.com/version:v6-260-2\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"base_score:5.5\",\"score:2.7\",\"dd_rule_type:not-empty\",\"ecosystem:deb\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"cve:cve-2024-26740\",\"cpu_arch:amd64\",\"ng_cluster_autoscaler:true\",\"package_version:5.15.0-164.174\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"kube_node_role:nodeless-amd64-d-c6a-2xlarge\",\"instance_type:c6a.2xlarge\",\"event_type:new\",\"asset_id:ip-10-151-58-63.us-west-2.compute.internal-raboot-c\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838311928}},{\"id\":\"MDdjY2IxZjk1MzQ2NDIzOWJjYWE1Yjk4NmU3MWNiZGF-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-38057\"],\"cve\":\"CVE-2025-38057\",\"id\":\"TRIVY-CVE-2025-38057\",\"modified_at\":1765059350000,\"published_at\":1750241738000,\"summary\":\"kernel: espintcp: fix skb leaks\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\"},\"detection_changed_at\":1765838311625,\"finding_id\":\"MDdjY2IxZjk1MzQ2NDIzOWJjYWE1Yjk4NmU3MWNiZGF-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765838306213,\"host\":{\"name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"grooky\"},\"last_seen_at\":1765838311912,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-6.8.0-1040-aws\",\"linux-modules-6.8.0-1044-aws\",\"linux-aws-6.8-headers-6.8.0-1040\"],\"name\":\"linux-aws-6.8\",\"normalized_name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1040.42~22.04.1\"},\"remediation\":{\"is_available\":false},\"resource_id\":\"bbbd1d4b047c44f8f95e5bd24523f7a3\",\"resource_name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00015,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}},\"status\":\"open\",\"title\":\"kernel: espintcp: fix skb leaks\",\"vulnerability\":{\"cwes\":[\"CWE-401\"],\"hash\":\"2d7834d0e13e82fb456bdd55f899695eac53e854edd35696150e726551ccbd6a\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"cluster_name:grooky\",\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"event_type:none\",\"fix_available:unavailable\",\"env:staging\",\"vuln_id:2d7834d0e13e82fb456bdd55f899695eac53e854edd35696150e726551ccbd6a\",\"hash:2d7834d0e13e82fb456bdd55f899695eac53e854edd35696150e726551ccbd6a\",\"package_name:linux-aws-6.8\",\"nodegroups.datadoghq.com/name:nodeless-arm64-d-c6g-4xlarge\",\"source:datadog\",\"severity:low\",\"vulnerability_status:open\",\"kube_cluster_name:grooky\",\"scored:false\",\"kube_node_role:compute\",\"asset_type:host\",\"base_severity:medium\",\"os_name:ubuntu\",\"site:datadoghq.com\",\"datacenter:prtest03.staging.dog\",\"assignee:none\",\"asset_id:ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"assignee_id:none\",\"in_production:false\",\"is_kube_cluster_experimental:false\",\"node.datadoghq.com/flavor:standard\",\"orch_cluster_id:093ee83e-2ab7-4c08-8f9e-b580f7bb8115\",\"adp_enabled:false\",\"running_kernel:false\",\"public_exploit_available:false\",\"node.datadoghq.com/cgroup:v2\",\"node.datadoghq.com/version:v6-260-2\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"base_score:5.5\",\"score:2.7\",\"dd_rule_type:not-empty\",\"ecosystem:deb\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"package_version:6.8.0-1040.42_22.04.1\",\"ng_cluster_autoscaler:true\",\"kube_node:ip-10-12-87-102.us-west-2.compute.internal\",\"alias:cve-2025-38057\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"instance_type:c6g.4xlarge\",\"cve:cve-2025-38057\",\"cpu_arch:arm64\",\"kube_node_role:nodeless-arm64-d-c6g-4xlarge\",\"epss_raw_score:0.00015\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838311625}},{\"id\":\"MGQwMzY2ODc3OTYzNDE2ZWE3YjVhMmFmOWQ3OWI5ZjV-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-40114\"],\"cve\":\"CVE-2025-40114\",\"id\":\"TRIVY-CVE-2025-40114\",\"modified_at\":1759331744000,\"published_at\":1744960544000,\"summary\":\"kernel: iio: light: Add check for array bounds in veml6075_read_int_time_ms\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\"},\"detection_changed_at\":1765838311522,\"finding_id\":\"MGQwMzY2ODc3OTYzNDE2ZWE3YjVhMmFmOWQ3OWI5ZjV-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765838306213,\"host\":{\"name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"grooky\"},\"last_seen_at\":1765838311522,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-6.8.0-1040-aws\",\"linux-aws-6.8-tools-6.8.0-1040\",\"linux-modules-6.8.0-1040-aws\"],\"name\":\"linux-aws-6.8\",\"normalized_name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1040.42~22.04.1\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1041.43~22.04.1\"}]},\"recommended\":{\"name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1041.43~22.04.1\"}},\"resource_id\":\"bbbd1d4b047c44f8f95e5bd24523f7a3\",\"resource_name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00018,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"medium\",\"severity_details\":{\"adjusted\":{\"score\":4.7,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":7.8,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\"}},\"status\":\"open\",\"title\":\"kernel: iio: light: Add check for array bounds in veml6075_read_int_time_ms\",\"vulnerability\":{\"cwes\":[\"CWE-129\"],\"hash\":\"a62facb5685f29ada4e069863e0edc360411f4283477fa21fa3c7fec6b39e603\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"cluster_name:grooky\",\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"event_type:none\",\"env:staging\",\"package_name:linux-aws-6.8\",\"nodegroups.datadoghq.com/name:nodeless-arm64-d-c6g-4xlarge\",\"source:datadog\",\"vulnerability_status:open\",\"fix_available:available\",\"kube_cluster_name:grooky\",\"vuln_id:a62facb5685f29ada4e069863e0edc360411f4283477fa21fa3c7fec6b39e603\",\"scored:false\",\"kube_node_role:compute\",\"hash:a62facb5685f29ada4e069863e0edc360411f4283477fa21fa3c7fec6b39e603\",\"asset_type:host\",\"os_name:ubuntu\",\"site:datadoghq.com\",\"datacenter:prtest03.staging.dog\",\"assignee:none\",\"asset_id:ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"assignee_id:none\",\"cve:cve-2025-40114\",\"in_production:false\",\"alias:cve-2025-40114\",\"is_kube_cluster_experimental:false\",\"node.datadoghq.com/flavor:standard\",\"orch_cluster_id:093ee83e-2ab7-4c08-8f9e-b580f7bb8115\",\"adp_enabled:false\",\"running_kernel:false\",\"public_exploit_available:false\",\"node.datadoghq.com/cgroup:v2\",\"node.datadoghq.com/version:v6-260-2\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"base_score:7.8\",\"score:4.7\",\"severity:medium\",\"dd_rule_type:not-empty\",\"ecosystem:deb\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"package_version:6.8.0-1040.42_22.04.1\",\"ng_cluster_autoscaler:true\",\"kube_node:ip-10-12-87-102.us-west-2.compute.internal\",\"last_detected_minutes:0\",\"base_severity:high\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"instance_type:c6g.4xlarge\",\"cpu_arch:arm64\",\"kube_node_role:nodeless-arm64-d-c6g-4xlarge\",\"type:component_with_known_vulnerability\",\"epss_raw_score:0.00018\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838311522}},{\"id\":\"ZmM0NTk0NmQzNzIwNTk0ZTQ0ODM5OWM1MDI5ODBhNDZ-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"BIT-golang-2025-47912\",\"CVE-2025-47912\"],\"cve\":\"CVE-2025-47912\",\"id\":\"GO-2025-4010\",\"modified_at\":1762437598375,\"published_at\":1761774598000,\"summary\":\"Insufficient validation of bracketed IPv6 hostnames in net/url\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\"},\"detection_changed_at\":1765838311417,\"finding_id\":\"ZmM0NTk0NmQzNzIwNTk0ZTQ0ODM5OWM1MDI5ODBhNDZ-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765838306213,\"host\":{\"name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"grooky\"},\"last_seen_at\":1765838311417,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"stdlib\"],\"name\":\"stdlib\",\"normalized_name\":\"stdlib\",\"version\":\"v1.22.10\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"stdlib\",\"version\":\"1.25.2\"}]},\"recommended\":{\"name\":\"stdlib\",\"version\":\"1.25.2\"}},\"resource_id\":\"bbbd1d4b047c44f8f95e5bd24523f7a3\",\"resource_name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00025,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.8,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.3,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\"}},\"status\":\"open\",\"title\":\"Insufficient validation of bracketed IPv6 hostnames in net/url\",\"vulnerability\":{\"hash\":\"1505a97f3a8bd19c9a5d29f14c9d60749f479ac2de30a8a8b95fbfb5e4b7db53\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"cluster_name:grooky\",\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"ecosystem:go\",\"env:staging\",\"cve:cve-2025-47912\",\"nodegroups.datadoghq.com/name:nodeless-arm64-d-c6g-4xlarge\",\"epss_raw_score:0.00025\",\"alias:cve-2025-47912\",\"source:datadog\",\"severity:low\",\"vulnerability_status:open\",\"fix_available:available\",\"kube_cluster_name:grooky\",\"scored:false\",\"kube_node_role:compute\",\"asset_type:host\",\"new:true\",\"base_severity:medium\",\"os_name:ubuntu\",\"site:datadoghq.com\",\"datacenter:prtest03.staging.dog\",\"assignee:none\",\"asset_id:ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"assignee_id:none\",\"in_production:false\",\"is_kube_cluster_experimental:false\",\"node.datadoghq.com/flavor:standard\",\"orch_cluster_id:093ee83e-2ab7-4c08-8f9e-b580f7bb8115\",\"alias:bit-golang-2025-47912\",\"adp_enabled:false\",\"public_exploit_available:false\",\"node.datadoghq.com/cgroup:v2\",\"node.datadoghq.com/version:v6-260-2\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"base_score:5.3\",\"score:2.8\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"package_version:v1.22.10\",\"package_name:stdlib\",\"ng_cluster_autoscaler:true\",\"kube_node:ip-10-12-87-102.us-west-2.compute.internal\",\"hash:1505a97f3a8bd19c9a5d29f14c9d60749f479ac2de30a8a8b95fbfb5e4b7db53\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"event_type:new\",\"instance_type:c6g.4xlarge\",\"vuln_id:1505a97f3a8bd19c9a5d29f14c9d60749f479ac2de30a8a8b95fbfb5e4b7db53\",\"cpu_arch:arm64\",\"kube_node_role:nodeless-arm64-d-c6g-4xlarge\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838311417}}],\"meta\":{\"elapsed\":1248,\"page\":{\"after\":\"eyJhZnRlciI6IkF3QUFBWnNrS2tfNUZKWWZDd0FBQUJoQlduTnJTMnRmTlVGQlFqWkNNM3BmZVhadWJXNXhVMElBQUFBa1pqRTVZakkwTW1FdE5USmlaQzAwTldVd0xUZzRNREF0WW1ZeVlXSmlOR1k0TldRM0FBQUFMZyIsInZhbHVlcyI6WzE3NjU4MzgzMTE0MTcsIjIwMjUtMTItMTVUMjI6Mzg6MzEuNDE3WiIsMzQ1MzgyNjY3XX0=\"},\"request_id\":\"pddv1ChZubmNwVFVjWVJRLW9xSWIybklHWXJ3Ii0KHaszALDHDfJD6z3rlnQLgHugKbU0hTnqHR56Yrc4Egx3bkYPy7veSr6fRk0\",\"status\":\"done\"},\"links\":{\"next\":\"/api/v2/security/findings?page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrS2tfNUZKWWZDd0FBQUJoQlduTnJTMnRmTlVGQlFqWkNNM3BmZVhadWJXNXhVMElBQUFBa1pqRTVZakkwTW1FdE5USmlaQzAwTldVd0xUZzRNREF0WW1ZeVlXSmlOR1k0TldRM0FBQUFMZyIsInZhbHVlcyI6WzE3NjU4MzgzMTE0MTcsIjIwMjUtMTItMTVUMjI6Mzg6MzEuNDE3WiIsMzQ1MzgyNjY3XX0%3D\\u0026page%5Blimit%5D=5\\u0026sort=-%40detection_changed_at\"}}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/vnd.api+json" + } + ], + "headersSize": 683, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2025-12-15T22:38:44.218Z", + "time": 1437 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response_720106027/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response_720106027/frozen.json new file mode 100644 index 000000000000..3a43ed8068fb --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response_720106027/frozen.json @@ -0,0 +1 @@ +"2025-12-15T22:38:02.352Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response_720106027/recording.har b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response_720106027/recording.har new file mode 100644 index 000000000000..9baea8342d4a --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/List-security-findings-returns-OK-response_720106027/recording.har @@ -0,0 +1,57 @@ +{ + "log": { + "_recordingName": "Security Monitoring/List security findings returns \"OK\" response", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "a212c1f10527bc2795254c51e88ee1e0", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + } + ], + "headersSize": 516, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [], + "url": "https://api.datadoghq.com/api/v2/security/findings" + }, + "response": { + "bodySize": 72567, + "content": { + "mimeType": "application/vnd.api+json", + "size": 72567, + "text": "{\"data\":[{\"id\":\"MWIxMjUyZGJjMjE3ZTFmZTcwZDdlMDNiNTI2YjQ3ZDB-MmQ5ZDgzMTJiMGIwYmM5ZGRmZjQ5OTk4ZmMzYWYyNmM=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-38626\"],\"cve\":\"CVE-2025-38626\",\"id\":\"TRIVY-CVE-2025-38626\",\"modified_at\":1764176984000,\"published_at\":1755879336000,\"summary\":\"kernel: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-048dfba6091eb0d1d\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271832,\"finding_id\":\"MWIxMjUyZGJjMjE3ZTFmZTcwZDdlMDNiNTI2YjQ3ZDB-MmQ5ZDgzMTJiMGIwYmM5ZGRmZjQ5OTk4ZmMzYWYyNmM=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765435671872,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0cc8c76c477f8196c\",\"name\":\"i-048dfba6091eb0d1d\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"bonsly\"},\"last_seen_at\":1765838271832,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-common\"],\"name\":\"linux\",\"normalized_name\":\"linux\",\"version\":\"5.15.0-161.171\"},\"related_services\":[\"exposed_to_attacks:false\",\"elasticsearch-bundles\"],\"remediation\":{\"is_available\":false},\"resource_id\":\"2d9d8312b0b0bc9ddff49998fc3af26c\",\"resource_name\":\"i-048dfba6091eb0d1d\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00018,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode\",\"vulnerability\":{\"hash\":\"99066567a1e5dbddd8e7f5e3724f31dbf66cac57a143756e292be14481f28759\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271832,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"event_type:close\",\"fix_available:unavailable\",\"security-group:sg-0f39702193288cb41\",\"source:datadog\",\"severity:low\",\"auto-discovery.cluster-autoscaler.k8s.io/bonsly\",\"asset_type:host\",\"nodegroup:elasticsearch-bundles_elasticsearch-bundles-data\",\"image:ami-0cc8c76c477f8196c\",\"base_severity:medium\",\"site:datadoghq.com\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:elasticsearch-bundles-data\",\"name:elasticsearch-bundles_elasticsearch-bundles-data\",\"vuln_id:99066567a1e5dbddd8e7f5e3724f31dbf66cac57a143756e292be14481f28759\",\"app:elasticsearch\",\"assignee_id:none\",\"in_production:false\",\"availability-zone:us-west-2b\",\"is_kube_cluster_experimental:false\",\"tags.datadoghq.com/version:8.19.6\",\"adp_enabled:false\",\"public_exploit_available:false\",\"iam_profile:k8s/prtest02-staging-dog-bonsly-kube-node_v2\",\"base_score:5.5\",\"elasticsearch-role:data\",\"team:compute-cloud-accounts\",\"score:2.7\",\"aws:ec2launchtemplate:id:lt-0e2373e62ce4d91a0\",\"nodegroups.datadoghq.com/name:elasticsearch-bundles-data\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2b\",\"managed_by_team:mars\",\"hash:99066567a1e5dbddd8e7f5e3724f31dbf66cac57a143756e292be14481f28759\",\"ecosystem:deb\",\"kube_node:ip-10-150-76-207.us-west-2.compute.internal\",\"ng_local_storage:false\",\"close_count:0\",\"ng_cluster_autoscaler:true\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:88mi\",\"nodegroups.datadoghq.com/namespace:elasticsearch-bundles\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:20\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:mars\",\"orch_cluster_id:ee224680-a73d-4437-809c-8cbdc2513b6c\",\"cluster_name:bonsly\",\"cpu_arch:arm64\",\"epss_raw_score:0.00018\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"k8s.io/cluster-autoscaler/node-template/taint/node:elasticsearch-bundles-data:noschedule\",\"exposure_time_days:4\",\"service:elasticsearch-bundles\",\"package_name:linux\",\"package_version:5.15.0-161.171\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"asset_id:i-048dfba6091eb0d1d\",\"datastore:elasticsearch\",\"scored:false\",\"kube_node_role:compute\",\"kubernetes_cluster:bonsly\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"node.datadoghq.com/version:v6-257-3\",\"autoscaling_group:prtest02-staging-dog-bonsly-k8s-ng-asg-e030273153b4de8b\",\"kube_cluster_name:bonsly\",\"instance-type:m6g.large\",\"kube_node_role:elasticsearch-bundles-data\",\"chart_name:elasticsearch\",\"region:us-west-2\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/elasticsearch-bundles-data\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:1900m\",\"instance_type:m6g.large\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false\",\"aws_account:204235354797\",\"k8s.io/cluster-autoscaler/node-template/label/team:data-science\",\"node.datadoghq.com/cgroup:v2\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"team:data-science\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"aws:ec2:fleet-id:fleet-121c8084-5187-cc16-a418-27881156a65a\",\"vulnerability_status:auto-closed\",\"cve:cve-2025-38626\",\"kubernetes.io/cluster/bonsly:owned\",\"last_detected_minutes:0\",\"elasticsearch_cluster:elasticsearch-bundles\",\"tag:data\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"cluster:elasticsearch-bundles\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:elasticsearch-bundles\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:7131mi\",\"previous_status:open\",\"alias:cve-2025-38626\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"env:staging\"],\"timestamp\":1765838271832}},{\"id\":\"ZGEwMTA4NDdiZjM0ZjI5ZDBlYmMyMzM3NWFkYmUyNWN-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-22073\"],\"cve\":\"CVE-2025-22073\",\"id\":\"TRIVY-CVE-2025-22073\",\"modified_at\":1762201062000,\"published_at\":1744816561000,\"summary\":\"kernel: spufs: fix a leak on spufs_new_file() failure\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-0fe66c7f2fe27288a\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271620,\"finding_id\":\"ZGEwMTA4NDdiZjM0ZjI5ZDBlYmMyMzM3NWFkYmUyNWN-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765438485381,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"i-0fe66c7f2fe27288a\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271620,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-6.8.0-1040-aws\",\"linux-aws-6.8-tools-6.8.0-1040\",\"linux-headers-6.8.0-1040-aws\",\"linux-aws-6.8-headers-6.8.0-1040\",\"linux-modules-6.8.0-1040-aws\"],\"name\":\"linux-aws-6.8\",\"normalized_name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1040.42~22.04.1\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1041.43~22.04.1\"}]},\"recommended\":{\"name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1041.43~22.04.1\"}},\"resource_id\":\"ccd780722c997ec5b77ea916b3c501ca\",\"resource_name\":\"i-0fe66c7f2fe27288a\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00023,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: spufs: fix a leak on spufs_new_file() failure\",\"vulnerability\":{\"cwes\":[\"CWE-401\"],\"hash\":\"faaac328c2e1d67f56a7d4aa1ed18a013ec6d28bf7312a14ad15692994675f50\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271063,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"vuln_id:faaac328c2e1d67f56a7d4aa1ed18a013ec6d28bf7312a14ad15692994675f50\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"image:ami-0afa99f6d7a0af2bf\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"instance_type:i3en.2xlarge\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"source:datadog\",\"severity:low\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"fix_available:available\",\"asset_type:host\",\"cluster_name:machop\",\"base_severity:medium\",\"site:datadoghq.com\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"in_production:false\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"hash:faaac328c2e1d67f56a7d4aa1ed18a013ec6d28bf7312a14ad15692994675f50\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"base_score:5.5\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"team:compute-cloud-accounts\",\"score:2.7\",\"alias:cve-2025-22073\",\"aws:ec2:fleet-id:fleet-3a3e802e-dba5-6cb6-8eb8-07aa81064fd3\",\"ecosystem:deb\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"package_version:6.8.0-1040.42_22.04.1\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cve:cve-2025-22073\",\"cloud_provider:aws\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"kube_node:ip-10-150-64-123.us-west-2.compute.internal\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"exposure_time_days:4\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"event_type:none\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"package_name:linux-aws-6.8\",\"security-group:sg-0ad037192bd9b2cfd\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"epss_raw_score:0.00023\",\"scored:false\",\"kube_node_role:compute\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"ng_local_storage:true\",\"region:us-west-2\",\"app:kafka\",\"team:streaming-platform\",\"running_kernel:false\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"dd_rule_type:not-empty\",\"kube_node_role:kafka-medium\",\"asset_id:i-0fe66c7f2fe27288a\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"last_detected_minutes:0\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"kafka_broker_id:10002\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"cluster:kafka-error-tracking-001\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271620}},{\"id\":\"MGZkNzMyYTYxMzcxNWQ0YmNmNTI1NTY2MGM4N2Q1MDh-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-35998\"],\"cve\":\"CVE-2024-35998\",\"id\":\"TRIVY-CVE-2024-35998\",\"modified_at\":1736532731000,\"published_at\":1716200114000,\"summary\":\"kernel: smb3: fix lock ordering potential deadlock in cifs_sync_mid_result\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-0fe66c7f2fe27288a\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271581,\"finding_id\":\"MGZkNzMyYTYxMzcxNWQ0YmNmNTI1NTY2MGM4N2Q1MDh-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765438485381,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"i-0fe66c7f2fe27288a\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271581,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-common\"],\"name\":\"linux\",\"normalized_name\":\"linux\",\"version\":\"5.15.0-161.171\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":false},\"resource_id\":\"ccd780722c997ec5b77ea916b3c501ca\",\"resource_name\":\"i-0fe66c7f2fe27288a\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00026,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: smb3: fix lock ordering potential deadlock in cifs_sync_mid_result\",\"vulnerability\":{\"cwes\":[\"CWE-667\"],\"hash\":\"ca8998093cb8d3951624a7fb1696297c187b2065f96216107dcf0bbec01af443\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271581,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"event_type:close\",\"image:ami-0afa99f6d7a0af2bf\",\"fix_available:unavailable\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"instance_type:i3en.2xlarge\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"source:datadog\",\"severity:low\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"asset_type:host\",\"cluster_name:machop\",\"base_severity:medium\",\"site:datadoghq.com\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"in_production:false\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"base_score:5.5\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"team:compute-cloud-accounts\",\"score:2.7\",\"aws:ec2:fleet-id:fleet-3a3e802e-dba5-6cb6-8eb8-07aa81064fd3\",\"ecosystem:deb\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"hash:ca8998093cb8d3951624a7fb1696297c187b2065f96216107dcf0bbec01af443\",\"cloud_provider:aws\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"kube_node:ip-10-150-64-123.us-west-2.compute.internal\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"exposure_time_days:4\",\"package_name:linux\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"package_version:5.15.0-161.171\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"security-group:sg-0ad037192bd9b2cfd\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"epss_raw_score:0.00026\",\"alias:cve-2024-35998\",\"scored:false\",\"kube_node_role:compute\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"ng_local_storage:true\",\"region:us-west-2\",\"app:kafka\",\"team:streaming-platform\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"dd_rule_type:not-empty\",\"kube_node_role:kafka-medium\",\"asset_id:i-0fe66c7f2fe27288a\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"last_detected_minutes:0\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"cve:cve-2024-35998\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"vuln_id:ca8998093cb8d3951624a7fb1696297c187b2065f96216107dcf0bbec01af443\",\"kafka_broker_id:10002\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"previous_status:open\",\"cluster:kafka-error-tracking-001\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271581}},{\"id\":\"ZTlhYTM5OTg5Yzc4OTQ0OGNkZTY2NWI0YzVjZGFjYTl-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"BIT-golang-2024-24789\",\"CGA-4r7q-83hj-9rrp\",\"CVE-2024-24789\",\"GHSA-236w-p7wf-5ph8\"],\"cve\":\"CVE-2024-24789\",\"id\":\"GO-2024-2888\",\"modified_at\":1729574938470,\"published_at\":1717541335000,\"summary\":\"Mishandling of corrupt central directory record in archive/zip\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-012cdbc8991688ee9\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271577,\"finding_id\":\"ZTlhYTM5OTg5Yzc4OTQ0OGNkZTY2NWI0YzVjZGFjYTl-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765421661872,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0cc8c76c477f8196c\",\"name\":\"i-012cdbc8991688ee9\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"bonsly\"},\"last_seen_at\":1765838271577,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"stdlib\"],\"name\":\"stdlib\",\"normalized_name\":\"stdlib\",\"version\":\"v1.22.1\"},\"related_services\":[\"exposed_to_attacks:false\",\"elasticsearch-monitors\"],\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"stdlib\",\"version\":\"1.22.4\"}]},\"recommended\":{\"name\":\"stdlib\",\"version\":\"1.22.4\"}},\"resource_id\":\"048dd9053223ae333e673207dfd83394\",\"resource_name\":\"i-012cdbc8991688ee9\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00006,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\"}},\"status\":\"auto_closed\",\"title\":\"Mishandling of corrupt central directory record in archive/zip\",\"vulnerability\":{\"hash\":\"918ae76520381741e62c216ef01bd4d6ea21fa1730e4dcf1a11ad3141dd4a7f6\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838271577,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"ecosystem:go\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:148mi\",\"alias:cve-2024-24789\",\"event_type:close\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"alias:cga-4r7q-83hj-9rrp\",\"security-group:sg-0f39702193288cb41\",\"aws:ec2launchtemplate:id:lt-08847a5158ca7c73a\",\"source:datadog\",\"severity:low\",\"auto-discovery.cluster-autoscaler.k8s.io/bonsly\",\"fix_available:available\",\"hash:918ae76520381741e62c216ef01bd4d6ea21fa1730e4dcf1a11ad3141dd4a7f6\",\"nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data\",\"asset_type:host\",\"image:ami-0cc8c76c477f8196c\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data\",\"base_severity:medium\",\"site:datadoghq.com\",\"instance-type:m6gd.xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/elasticsearch-monitors-cell-c0-data\",\"assignee:none\",\"app:elasticsearch\",\"cluster:elasticsearch-monitors-cell-c0\",\"assignee_id:none\",\"package_version:v1.22.1\",\"in_production:false\",\"alias:bit-golang-2024-24789\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"tags.datadoghq.com/version:8.19.6\",\"public_exploit_available:false\",\"iam_profile:k8s/prtest02-staging-dog-bonsly-kube-node_v2\",\"base_score:5.5\",\"elasticsearch-role:data\",\"team:compute-cloud-accounts\",\"score:2.7\",\"cell:none\",\"managed_by_team:mars\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/label/team:monitor-resources-indexing\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:236991611392\",\"pool:data\",\"package_name:stdlib\",\"ng_cluster_autoscaler:true\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"vuln_id:918ae76520381741e62c216ef01bd4d6ea21fa1730e4dcf1a11ad3141dd4a7f6\",\"cloud_provider:aws\",\"instance_type:m6gd.xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:mars\",\"orch_cluster_id:ee224680-a73d-4437-809c-8cbdc2513b6c\",\"cluster_name:bonsly\",\"cpu_arch:arm64\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:15009mi\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"asset_id:i-012cdbc8991688ee9\",\"exposure_time_days:4\",\"elasticsearch_cluster:elasticsearch-monitors-cell-c0\",\"alias:ghsa-236w-p7wf-5ph8\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"cve:cve-2024-24789\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"datastore:elasticsearch\",\"scored:false\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:3900m\",\"kube_node_role:compute\",\"team:monitor-resources-indexing\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:40\",\"kubernetes_cluster:bonsly\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"node.datadoghq.com/version:v6-257-3\",\"kube_cluster_name:bonsly\",\"epss_raw_score:0.000060\",\"nodegroup:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data\",\"ng_local_storage:true\",\"chart_name:elasticsearch\",\"region:us-west-2\",\"nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0\",\"aws_account:204235354797\",\"node.datadoghq.com/cgroup:v2\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"name:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data\",\"kube_node_role:elasticsearch-monitors-cell-c0-data\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"autoscaling_group:prtest02-staging-dog-bonsly-k8s-ng-asg-1c82e59d5bb84439\",\"kubernetes.io/cluster/bonsly:owned\",\"service:elasticsearch-monitors\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"aws:ec2:fleet-id:fleet-98a72b26-0bbc-411c-ac98-8e08a9b23a52\",\"previous_status:open\",\"k8s.io/cluster-autoscaler/node-template/taint/node:elasticsearch-monitors-cell-c0-data:noschedule\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kube_node:ip-10-150-85-76.us-west-2.compute.internal\",\"env:staging\"],\"timestamp\":1765838271577}},{\"id\":\"M2JkYTQ1MzFmYTNlODAzZTI1ZjNlMWE1MWMzZWU5Mjh-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-2236\"],\"cve\":\"CVE-2024-2236\",\"id\":\"TRIVY-CVE-2024-2236\",\"modified_at\":1743614137000,\"published_at\":1709763357000,\"summary\":\"libgcrypt: vulnerable to Marvin Attack\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-051d6c5170313e729\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271574,\"finding_id\":\"M2JkYTQ1MzFmYTNlODAzZTI1ZjNlMWE1MWMzZWU5Mjh-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765397453913,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"i-051d6c5170313e729\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271574,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"libgcrypt20\"],\"name\":\"libgcrypt20\",\"normalized_name\":\"libgcrypt20\",\"version\":\"1.9.4-3ubuntu3\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":false},\"resource_id\":\"0aead7bacd260b9f23a21c955a84dd57\",\"resource_name\":\"i-051d6c5170313e729\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00222,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":3.2,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:A/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.9,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\"}},\"status\":\"auto_closed\",\"title\":\"libgcrypt: vulnerable to Marvin Attack\",\"vulnerability\":{\"cwes\":[\"CWE-208\"],\"hash\":\"8119a960f15010996dbda07e35608345ef82c25294c7288a45fd2dae7b0182bd\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271574,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"asset_id:i-051d6c5170313e729\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"event_type:close\",\"image:ami-0afa99f6d7a0af2bf\",\"fix_available:unavailable\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"instance_type:i3en.2xlarge\",\"aws:ec2:fleet-id:fleet-1a9e8026-5b07-6494-a418-858a394c5003\",\"source:datadog\",\"severity:low\",\"epss_raw_score:0.00222\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"package_version:1.9.4-3ubuntu3\",\"asset_type:host\",\"cve:cve-2024-2236\",\"cluster_name:machop\",\"base_severity:medium\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"site:datadoghq.com\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"in_production:false\",\"is_kube_cluster_experimental:false\",\"availability-zone:us-west-2a\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"base_score:5.9\",\"package_name:libgcrypt20\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"team:compute-cloud-accounts\",\"cluster:kafka-aws-metrics-001\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2a\",\"ecosystem:deb\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-6bf23963f9da330\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"alias:cve-2024-2236\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"exposure_time_days:5\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"security-group:sg-0ad037192bd9b2cfd\",\"kube_node:ip-10-150-69-64.us-west-2.compute.internal\",\"score:3.2\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"scored:false\",\"kube_node_role:compute\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"ng_local_storage:true\",\"region:us-west-2\",\"app:kafka\",\"team:streaming-platform\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"vuln_id:8119a960f15010996dbda07e35608345ef82c25294c7288a45fd2dae7b0182bd\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"dd_rule_type:not-empty\",\"kafka_broker_id:10000\",\"kube_node_role:kafka-medium\",\"os_version:22.04\",\"hash:8119a960f15010996dbda07e35608345ef82c25294c7288a45fd2dae7b0182bd\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"last_detected_minutes:0\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"previous_status:open\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271574}},{\"id\":\"M2QxOTQwOWMwZmViZGRlOTU2MDY2ZGRmODhlNWYxNGN-MjA1YThmN2UxODE1NmY1NjRmODNhZDQ2NzM3MTA5MWY=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-38215\"],\"cve\":\"CVE-2025-38215\",\"id\":\"TRIVY-CVE-2025-38215\",\"modified_at\":1762193769000,\"published_at\":1751638529000,\"summary\":\"kernel: fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"ip-10-150-67-24.us-west-2.compute.internal-machop\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271539,\"finding_id\":\"M2QxOTQwOWMwZmViZGRlOTU2MDY2ZGRmODhlNWYxNGN-MjA1YThmN2UxODE1NmY1NjRmODNhZDQ2NzM3MTA5MWY=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765445995855,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"ip-10-150-67-24.us-west-2.compute.internal-machop\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271539,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-modules-6.8.0-1041-aws\",\"linux-tools-6.8.0-1040-aws\",\"linux-aws-6.8-tools-6.8.0-1040\",\"linux-headers-6.8.0-1040-aws\",\"linux-aws-6.8-headers-6.8.0-1040\",\"linux-headers-6.8.0-1041-aws\",\"linux-modules-6.8.0-1040-aws\",\"linux-aws-6.8-headers-6.8.0-1041\"],\"name\":\"linux-aws-6.8\",\"normalized_name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1041.43~22.04.1\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":false},\"resource_id\":\"205a8f7e18156f564f83ad467371091f\",\"resource_name\":\"ip-10-150-67-24.us-west-2.compute.internal-machop\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00058,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"medium\",\"severity_details\":{\"adjusted\":{\"score\":4.7,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":7,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\",\"vulnerability\":{\"hash\":\"63e993a9f0ae0d64cd927f6117fa09ae0790921bc1da8fec4768f603d7ac0ac8\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838270450,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"image:ami-0afa99f6d7a0af2bf\",\"fix_available:unavailable\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"instance_type:i3en.2xlarge\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"source:datadog\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"asset_type:host\",\"cluster_name:machop\",\"vuln_id:63e993a9f0ae0d64cd927f6117fa09ae0790921bc1da8fec4768f603d7ac0ac8\",\"site:datadoghq.com\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"package_version:6.8.0-1041.43_22.04.1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"in_production:false\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"kube_node:ip-10-150-67-24.us-west-2.compute.internal\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"team:compute-cloud-accounts\",\"severity:medium\",\"running_kernel:true\",\"ecosystem:deb\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"asset_id:ip-10-150-67-24.us-west-2.compute.internal-machop\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"exposure_time_days:4\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"event_type:none\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"package_name:linux-aws-6.8\",\"security-group:sg-0ad037192bd9b2cfd\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"scored:false\",\"kube_node_role:compute\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"ng_local_storage:true\",\"region:us-west-2\",\"app:kafka\",\"team:streaming-platform\",\"running_kernel:false\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"score:4.7\",\"base_score:7.0\",\"dd_rule_type:not-empty\",\"alias:cve-2025-38215\",\"kube_node_role:kafka-medium\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"aws:ec2:fleet-id:fleet-321c02a4-730f-4616-0eb0-8d80d9952fcf\",\"last_detected_minutes:0\",\"hash:63e993a9f0ae0d64cd927f6117fa09ae0790921bc1da8fec4768f603d7ac0ac8\",\"base_severity:high\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"kafka_broker_id:10002\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"cluster:kafka-apm-stats-intake-001\",\"epss_raw_score:0.00058\",\"cve:cve-2025-38215\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271539}},{\"id\":\"MTE0MGIxYWM1OWVmMjc2YjhiOGNmMTUzNTRlNzBjYWF-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-40016\"],\"cve\":\"CVE-2025-40016\",\"id\":\"TRIVY-CVE-2025-40016\",\"modified_at\":1761075085000,\"published_at\":1760976938000,\"summary\":\"kernel: media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-012cdbc8991688ee9\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271538,\"finding_id\":\"MTE0MGIxYWM1OWVmMjc2YjhiOGNmMTUzNTRlNzBjYWF-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765421661872,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0cc8c76c477f8196c\",\"name\":\"i-012cdbc8991688ee9\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"bonsly\"},\"last_seen_at\":1765838271538,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-common\"],\"name\":\"linux\",\"normalized_name\":\"linux\",\"version\":\"5.15.0-161.171\"},\"related_services\":[\"exposed_to_attacks:false\",\"elasticsearch-monitors\"],\"remediation\":{\"is_available\":false},\"resource_id\":\"048dd9053223ae333e673207dfd83394\",\"resource_name\":\"i-012cdbc8991688ee9\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00026,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"medium\",\"severity_details\":{\"adjusted\":{\"score\":4.7,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":7,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID\",\"vulnerability\":{\"hash\":\"7b4dd037d291b0e36b6afcbc93621c10831fdaa66a0ac6d217eb1121fb62bfc5\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271538,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:148mi\",\"event_type:close\",\"fix_available:unavailable\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"security-group:sg-0f39702193288cb41\",\"aws:ec2launchtemplate:id:lt-08847a5158ca7c73a\",\"source:datadog\",\"auto-discovery.cluster-autoscaler.k8s.io/bonsly\",\"nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data\",\"asset_type:host\",\"image:ami-0cc8c76c477f8196c\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data\",\"site:datadoghq.com\",\"instance-type:m6gd.xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/elasticsearch-monitors-cell-c0-data\",\"assignee:none\",\"app:elasticsearch\",\"cluster:elasticsearch-monitors-cell-c0\",\"assignee_id:none\",\"in_production:false\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"tags.datadoghq.com/version:8.19.6\",\"public_exploit_available:false\",\"iam_profile:k8s/prtest02-staging-dog-bonsly-kube-node_v2\",\"elasticsearch-role:data\",\"team:compute-cloud-accounts\",\"severity:medium\",\"cell:none\",\"managed_by_team:mars\",\"ecosystem:deb\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/label/team:monitor-resources-indexing\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:236991611392\",\"pool:data\",\"ng_cluster_autoscaler:true\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"instance_type:m6gd.xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:mars\",\"orch_cluster_id:ee224680-a73d-4437-809c-8cbdc2513b6c\",\"vuln_id:7b4dd037d291b0e36b6afcbc93621c10831fdaa66a0ac6d217eb1121fb62bfc5\",\"cluster_name:bonsly\",\"cpu_arch:arm64\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:15009mi\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"asset_id:i-012cdbc8991688ee9\",\"exposure_time_days:4\",\"package_name:linux\",\"elasticsearch_cluster:elasticsearch-monitors-cell-c0\",\"package_version:5.15.0-161.171\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"epss_raw_score:0.00026\",\"datastore:elasticsearch\",\"scored:false\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:3900m\",\"kube_node_role:compute\",\"team:monitor-resources-indexing\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:40\",\"kubernetes_cluster:bonsly\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"node.datadoghq.com/version:v6-257-3\",\"kube_cluster_name:bonsly\",\"nodegroup:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data\",\"ng_local_storage:true\",\"chart_name:elasticsearch\",\"region:us-west-2\",\"nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0\",\"aws_account:204235354797\",\"node.datadoghq.com/cgroup:v2\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"name:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data\",\"kube_node_role:elasticsearch-monitors-cell-c0-data\",\"base_score:7.0\",\"score:4.7\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0\",\"dd_rule_type:not-empty\",\"hash:7b4dd037d291b0e36b6afcbc93621c10831fdaa66a0ac6d217eb1121fb62bfc5\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"autoscaling_group:prtest02-staging-dog-bonsly-k8s-ng-asg-1c82e59d5bb84439\",\"kubernetes.io/cluster/bonsly:owned\",\"service:elasticsearch-monitors\",\"last_detected_minutes:0\",\"base_severity:high\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"aws:ec2:fleet-id:fleet-98a72b26-0bbc-411c-ac98-8e08a9b23a52\",\"cve:cve-2025-40016\",\"previous_status:open\",\"alias:cve-2025-40016\",\"k8s.io/cluster-autoscaler/node-template/taint/node:elasticsearch-monitors-cell-c0-data:noschedule\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kube_node:ip-10-150-85-76.us-west-2.compute.internal\",\"env:staging\"],\"timestamp\":1765838271538}},{\"id\":\"NGNhMjdiNWNjOTEwMTliZGEyYzhlYjg2YzliYTRlYWF-NzM1NzFmMGZiZDI0Mjc1ODI4ODAxMzRlYTJkMWVhY2M=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CGA-9vf9-m4f8-6392\",\"CGA-9vg5-h493-cxr7\",\"CGA-chh8-vhg4-2qj7\",\"CGA-g5hx-8r47-pf39\",\"CGA-hmfp-f3v3-528v\",\"CGA-hrqx-74pg-5m88\",\"CGA-m474-c57g-8945\",\"CGA-r356-23m2-5p37\",\"CGA-v3wf-pwmr-vcw5\",\"CGA-w52c-j6q8-cf23\",\"CGA-w7jq-8v28-882j\",\"CVE-2024-28180\",\"GO-2024-2631\"],\"cve\":\"CVE-2024-28180\",\"id\":\"GHSA-c5q2-7r4c-mv6g\",\"modified_at\":1739473645000,\"published_at\":1709852084000,\"summary\":\"Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-053290257b9479659\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271526,\"finding_id\":\"NGNhMjdiNWNjOTEwMTliZGEyYzhlYjg2YzliYTRlYWF-NzM1NzFmMGZiZDI0Mjc1ODI4ODAxMzRlYTJkMWVhY2M=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765421721839,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"i-053290257b9479659\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271526,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"gopkg.in/square/go-jose.v2\"],\"name\":\"gopkg.in/square/go-jose.v2\",\"normalized_name\":\"gopkg.in/square/go-jose.v2\",\"version\":\"v2.6.0\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":true},\"resource_id\":\"73571f0fbd2427582880134ea2d1eacc\",\"resource_name\":\"i-053290257b9479659\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":true,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.03644,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.6,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:A/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":4.3,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\"}},\"status\":\"auto_closed\",\"title\":\"Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)\",\"vulnerability\":{\"cwes\":[\"CWE-409\"],\"hash\":\"89c9a99fe3d5d66e9a98f65c64ca0057a9d31143d3724f56a894093b3f78c2a8\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838271525,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"ecosystem:go\",\"alias:go-2024-2631\",\"event_type:close\",\"image:ami-0afa99f6d7a0af2bf\",\"alias:cga-hmfp-f3v3-528v\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"instance_type:i3en.2xlarge\",\"hash:89c9a99fe3d5d66e9a98f65c64ca0057a9d31143d3724f56a894093b3f78c2a8\",\"source:datadog\",\"severity:low\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"fix_available:available\",\"asset_type:host\",\"cluster_name:machop\",\"base_severity:medium\",\"aws:ec2:fleet-id:fleet-1aa5a186-ab36-c1b4-063a-86028119420b\",\"asset_id:i-053290257b9479659\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"site:datadoghq.com\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"alias:cga-w7jq-8v28-882j\",\"in_production:false\",\"vuln_id:89c9a99fe3d5d66e9a98f65c64ca0057a9d31143d3724f56a894093b3f78c2a8\",\"is_kube_cluster_experimental:false\",\"alias:cve-2024-28180\",\"availability-zone:us-west-2a\",\"alias:cga-g5hx-8r47-pf39\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"score:2.6\",\"team:compute-cloud-accounts\",\"package_name:gopkg.in/square/go-jose.v2\",\"kube_node:ip-10-150-70-73.us-west-2.compute.internal\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2a\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-6bf23963f9da330\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"alias:cga-w52c-j6q8-cf23\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"epss_raw_score:0.03644\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"alias:cga-v3wf-pwmr-vcw5\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"package_version:v2.6.0\",\"exposure_time_days:4\",\"base_score:4.3\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"alias:cga-chh8-vhg4-2qj7\",\"security-group:sg-0ad037192bd9b2cfd\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"scored:false\",\"cve:cve-2024-28180\",\"kube_node_role:compute\",\"cluster:kafka-collab-intake-001\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"alias:cga-m474-c57g-8945\",\"ng_local_storage:true\",\"region:us-west-2\",\"alias:cga-r356-23m2-5p37\",\"alias:cga-hrqx-74pg-5m88\",\"app:kafka\",\"team:streaming-platform\",\"alias:cga-9vg5-h493-cxr7\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"dd_rule_type:not-empty\",\"kafka_broker_id:10000\",\"kube_node_role:kafka-medium\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"alias:cga-9vf9-m4f8-6392\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"last_detected_minutes:0\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"previous_status:open\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271526}},{\"id\":\"NWEzNGIyY2U2ZDQ5YWQ1MzI4YjJmNThmNjIwYmUzZWN-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-21908\"],\"cve\":\"CVE-2025-21908\",\"id\":\"TRIVY-CVE-2025-21908\",\"modified_at\":1759349912000,\"published_at\":1743524121000,\"summary\":\"kernel: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-051d6c5170313e729\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271495,\"finding_id\":\"NWEzNGIyY2U2ZDQ5YWQ1MzI4YjJmNThmNjIwYmUzZWN-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765397453913,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"i-051d6c5170313e729\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271495,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-common\"],\"name\":\"linux\",\"normalized_name\":\"linux\",\"version\":\"5.15.0-161.171\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":false},\"resource_id\":\"0aead7bacd260b9f23a21c955a84dd57\",\"resource_name\":\"i-051d6c5170313e729\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00014,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback\",\"vulnerability\":{\"cwes\":[\"CWE-667\"],\"hash\":\"4570b3e1911225fe950b59c16276bbd1c54abcdfb97343c6346b720728e37a2f\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271495,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"asset_id:i-051d6c5170313e729\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"event_type:close\",\"image:ami-0afa99f6d7a0af2bf\",\"fix_available:unavailable\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"instance_type:i3en.2xlarge\",\"aws:ec2:fleet-id:fleet-1a9e8026-5b07-6494-a418-858a394c5003\",\"source:datadog\",\"severity:low\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"asset_type:host\",\"cluster_name:machop\",\"base_severity:medium\",\"vuln_id:4570b3e1911225fe950b59c16276bbd1c54abcdfb97343c6346b720728e37a2f\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"site:datadoghq.com\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"in_production:false\",\"is_kube_cluster_experimental:false\",\"availability-zone:us-west-2a\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"base_score:5.5\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"team:compute-cloud-accounts\",\"score:2.7\",\"cluster:kafka-aws-metrics-001\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2a\",\"ecosystem:deb\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-6bf23963f9da330\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"epss_raw_score:0.00014\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"package_name:linux\",\"exposure_time_days:5\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"package_version:5.15.0-161.171\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"security-group:sg-0ad037192bd9b2cfd\",\"kube_node:ip-10-150-69-64.us-west-2.compute.internal\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"scored:false\",\"kube_node_role:compute\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"ng_local_storage:true\",\"region:us-west-2\",\"app:kafka\",\"team:streaming-platform\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"dd_rule_type:not-empty\",\"alias:cve-2025-21908\",\"kafka_broker_id:10000\",\"kube_node_role:kafka-medium\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"last_detected_minutes:0\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"previous_status:open\",\"cve:cve-2025-21908\",\"hash:4570b3e1911225fe950b59c16276bbd1c54abcdfb97343c6346b720728e37a2f\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271495}},{\"id\":\"ZDc1MGVmYjlhNWE4ZDIxOGY0ZDFmMDQ5ZDU5NDhhNTl-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-39806\"],\"cve\":\"CVE-2025-39806\",\"id\":\"TRIVY-CVE-2025-39806\",\"modified_at\":1762193808000,\"published_at\":1758028551000,\"summary\":\"kernel: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-0fe66c7f2fe27288a\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271483,\"finding_id\":\"ZDc1MGVmYjlhNWE4ZDIxOGY0ZDFmMDQ5ZDU5NDhhNTl-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765438485381,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"i-0fe66c7f2fe27288a\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271483,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-common\"],\"name\":\"linux\",\"normalized_name\":\"linux\",\"version\":\"5.15.0-161.171\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"linux\",\"version\":\"5.15.0-163.173\"}]},\"recommended\":{\"name\":\"linux\",\"version\":\"5.15.0-163.173\"}},\"resource_id\":\"ccd780722c997ec5b77ea916b3c501ca\",\"resource_name\":\"i-0fe66c7f2fe27288a\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00036,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":3.6,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.8,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()\",\"vulnerability\":{\"hash\":\"f48ef5d7531edd145ad05e7a4d3ad369393a320e87e7854007d0777f1d24624f\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271483,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"event_type:close\",\"image:ami-0afa99f6d7a0af2bf\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"instance_type:i3en.2xlarge\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"source:datadog\",\"severity:low\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"fix_available:available\",\"asset_type:host\",\"cluster_name:machop\",\"base_severity:medium\",\"site:datadoghq.com\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"in_production:false\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"cve:cve-2025-39806\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"base_score:5.8\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"team:compute-cloud-accounts\",\"hash:f48ef5d7531edd145ad05e7a4d3ad369393a320e87e7854007d0777f1d24624f\",\"aws:ec2:fleet-id:fleet-3a3e802e-dba5-6cb6-8eb8-07aa81064fd3\",\"ecosystem:deb\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"kube_node:ip-10-150-64-123.us-west-2.compute.internal\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"exposure_time_days:4\",\"score:3.6\",\"package_name:linux\",\"alias:cve-2025-39806\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"package_version:5.15.0-161.171\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"security-group:sg-0ad037192bd9b2cfd\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"scored:false\",\"kube_node_role:compute\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"ng_local_storage:true\",\"region:us-west-2\",\"epss_raw_score:0.00036\",\"app:kafka\",\"team:streaming-platform\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"vuln_id:f48ef5d7531edd145ad05e7a4d3ad369393a320e87e7854007d0777f1d24624f\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"dd_rule_type:not-empty\",\"kube_node_role:kafka-medium\",\"asset_id:i-0fe66c7f2fe27288a\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"last_detected_minutes:0\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"kafka_broker_id:10002\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"previous_status:open\",\"cluster:kafka-error-tracking-001\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271483}}],\"meta\":{\"elapsed\":1195,\"page\":{\"after\":\"eyJhZnRlciI6IkF3QUFBWnNrS2JQNzd2ekswQUFBQUJoQlduTnJTMkpRTjBGQlFUTnZOMEpJYkRVM00wbDZURVlBQUFBa1pERTVZakkwTWprdFlqWTFPUzAwWlRnMExUZzVNMll0WkRVNE5HTTVOVGRqWTJGa0FBQUFFZyIsInZhbHVlcyI6WzE3NjU4MzgyNzE0ODMsIjIwMjUtMTItMTVUMjI6Mzc6NTEuNDgzWiIsLTI4NTQyMjg5Nl19\"},\"request_id\":\"pddv1ChZEV0JfaHozRVJJT3B1aUpZVnRRSGZBIiwKHMkNUONObwGrUBI2wC3SsGESwWt0gp1AaEa5fmMSDOob7VueP1L1GfbrUg\",\"status\":\"done\"},\"links\":{\"next\":\"/api/v2/security/findings?page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrS2JQNzd2ekswQUFBQUJoQlduTnJTMkpRTjBGQlFUTnZOMEpJYkRVM00wbDZURVlBQUFBa1pERTVZakkwTWprdFlqWTFPUzAwWlRnMExUZzVNMll0WkRVNE5HTTVOVGRqWTJGa0FBQUFFZyIsInZhbHVlcyI6WzE3NjU4MzgyNzE0ODMsIjIwMjUtMTItMTVUMjI6Mzc6NTEuNDgzWiIsLTI4NTQyMjg5Nl19\\u0026page%5Blimit%5D=10\\u0026sort=-%40detection_changed_at\"}}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/vnd.api+json" + } + ], + "headersSize": 683, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2025-12-15T22:38:02.362Z", + "time": 1359 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-Bad-Request-response_1087921447/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-Bad-Request-response_1087921447/frozen.json new file mode 100644 index 000000000000..fb12803853ac --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-Bad-Request-response_1087921447/frozen.json @@ -0,0 +1 @@ +"2025-12-17T16:27:52.376Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-Bad-Request-response_1087921447/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-Bad-Request-response_1087921447/recording.har new file mode 100644 index 000000000000..35d00c35b7e8 --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-Bad-Request-response_1087921447/recording.har @@ -0,0 +1,67 @@ +{ + "log": { + "_recordingName": "Security Monitoring/Search security findings returns \"Bad Request\" response", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "c47f7cfc83de8dd7156b7d2e2e9517da", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 36, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + }, + { + "_fromType": "array", + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 580, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/json", + "params": [], + "text": "{\"page\":{\"cursor\":\"invalid_cursor\"}}" + }, + "queryString": [], + "url": "https://api.datadoghq.com/api/v2/security/findings/search" + }, + "response": { + "bodySize": 159, + "content": { + "mimeType": "application/vnd.api+json", + "size": 159, + "text": "{\"errors\":[{\"status\":\"400\",\"title\":\"Bad Request\",\"detail\":\"document is missing required top-level members; must have one of: \\\"data\\\", \\\"meta\\\", \\\"errors\\\"\"}]}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/vnd.api+json" + } + ], + "headersSize": 675, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 400, + "statusText": "Bad Request" + }, + "startedDateTime": "2025-12-17T16:27:52.382Z", + "time": 89 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response-with-pagination_3585802019/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response-with-pagination_3585802019/frozen.json new file mode 100644 index 000000000000..11b19a8ae19d --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response-with-pagination_3585802019/frozen.json @@ -0,0 +1 @@ +"2025-12-15T22:44:41.939Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response-with-pagination_3585802019/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response-with-pagination_3585802019/recording.har new file mode 100644 index 000000000000..8bb6c9ec08c5 --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response-with-pagination_3585802019/recording.har @@ -0,0 +1,67 @@ +{ + "log": { + "_recordingName": "Security Monitoring/Search security findings returns \"OK\" response with pagination", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "c171c8a560a6017cc5481974daa56bd2", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 84, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + }, + { + "_fromType": "array", + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 576, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/json", + "params": [], + "text": "{\"data\":{\"attributes\":{\"filter\":\"@severity:(critical OR high)\",\"page\":{\"limit\":1}}}}" + }, + "queryString": [], + "url": "https://api.datadoghq.com/api/v2/security/findings/search" + }, + "response": { + "bodySize": 17457, + "content": { + "mimeType": "application/vnd.api+json", + "size": 17457, + "text": "{\"data\":[{\"id\":\"ZGVmLTAway1leWV-aS0wOGE2ZmE2ODdjOWE2ZDJkYg==\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"cloud_resource\":{\"account\":\"600865094333\",\"category\":\"compute\",\"cloud_provider\":\"aws\",\"configuration\":{\"account_id\":\"600865094333\",\"components\":{\"kubelet\":{\"config\":{\"content\":{\"address\":\"10.12.32.204\",\"allowedUnsafeSysctls\":[\"net.*\"],\"apiVersion\":\"kubelet.config.k8s.io/v1beta1\",\"authentication\":{\"anonymous\":{\"enabled\":false},\"webhook\":{\"cacheTTL\":\"60m\",\"enabled\":true},\"x509\":{\"clientCAFile\":{\"certificate\":{\"authorityKeyId\":\"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96\",\"commonName\":\"parent31-k8s\",\"dnsNames\":[\"parent31-k8s\"],\"fingerprint\":\"SHA256:DP/0ES6hkVPMrFizcIMEbQ75QGpwuWZZzShkn1KGQLA\",\"notAfter\":\"2030-09-28T18:40:34Z\",\"notBefore\":\"2025-09-29T18:40:04Z\",\"serialNumber\":\"680167176125483697456383252717454423151202771482\",\"subjectKeyId\":\"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96\"},\"dirGroup\":\"root\",\"dirMode\":2147484141,\"dirUser\":\"root\",\"group\":\"root\",\"mode\":420,\"path\":\"/etc/vaultd/certs/vault-ca.cert\",\"user\":\"root\"}}},\"authorization\":{\"mode\":\"Webhook\",\"webhook\":{\"cacheAuthorizedTTL\":\"60m\"}},\"cgroupDriver\":\"systemd\",\"cgroupsPerQOS\":true,\"clusterDomain\":\"parent31.cluster.local\",\"containerLogMaxFiles\":3,\"containerLogMaxSize\":\"20Mi\",\"cpuCFSQuota\":false,\"cpuManagerPolicy\":\"static\",\"enforceNodeAllocatable\":[\"pods\"],\"featureGates\":{\"AllowUnsafeMalformedObjectDeletion\":false,\"CBORServingAndStorage\":false,\"ClearingNominatedNodeNameAfterBinding\":false,\"ClusterTrustBundle\":false,\"ClusterTrustBundleProjection\":false,\"ComponentFlagz\":false,\"ComponentStatusz\":false,\"ContainerRestartRules\":false,\"ContainerStopSignals\":false,\"CoordinatedLeaderElection\":false,\"DRAConsumableCapacity\":true,\"DRADeviceBindingConditions\":true,\"DRADeviceTaints\":true,\"DRAExtendedResource\":true,\"DRAPartitionableDevices\":true,\"DRASchedulerFilterTimeout\":true,\"DeclarativeValidationTakeover\":false,\"DeploymentReplicaSetTerminatingReplicas\":false,\"DynamicResourceAllocation\":true,\"EnvFiles\":false,\"ExternalServiceAccountTokenSigner\":true,\"HPAConfigurableTolerance\":false,\"HostnameOverride\":false,\"ImageVolume\":true,\"InPlacePodVerticalScalingExclusiveCPUs\":false,\"InPlacePodVerticalScalingExclusiveMemory\":false,\"JobManagedBy\":false,\"KubeletCrashLoopBackOffMax\":false,\"KubeletEnsureSecretPulledImages\":false,\"KubeletFineGrainedAuthz\":false,\"MaxUnavailableStatefulSet\":true,\"MutableCSINodeAllocatableCount\":true,\"MutatingAdmissionPolicy\":true,\"NominatedNodeNameForExpectation\":false,\"PodCertificateRequest\":false,\"PodLogsQuerySplitStreams\":false,\"PodTopologyLabelsAdmission\":false,\"ReduceDefaultCrashLoopBackOffDecay\":false,\"RelaxedServiceNameValidation\":false,\"RemoteRequestHeaderUID\":false,\"ResourceHealthStatus\":false,\"SELinuxChangePolicy\":false,\"SchedulerAsyncPreemption\":false,\"ServiceAccountNodeAudienceRestriction\":false,\"StorageCapacityScoring\":false,\"StorageVersionMigrator\":false,\"StrictIPCIDRValidation\":false,\"WatchCacheInitializationPostStartHook\":false,\"WatchList\":true},\"imageMaximumGCAge\":\"22h\",\"kind\":\"KubeletConfiguration\",\"kubeReserved\":{\"cpu\":\"100m\",\"memory\":\"300Mi\"},\"kubeReservedCgroup\":\"kuberuntime\",\"maxPods\":45,\"providerID\":\"aws:///us-west-2c/i-08a6fa687c9a6d2db\",\"readOnlyPort\":0,\"registerWithTaints\":[{\"effect\":\"NoSchedule\",\"key\":\"ebs.csi.aws.com/agent-not-ready\",\"value\":\"true\"},{\"effect\":\"NoSchedule\",\"key\":\"node\",\"value\":\"nodeless\"}],\"registryBurst\":20,\"registryPullQPS\":8,\"streamingConnectionIdleTimeout\":\"4h\",\"systemReserved\":{\"cpu\":\"100m\",\"memory\":\"3507947110\"},\"systemReservedCgroup\":\"system\",\"tlsCertFile\":{\"certificate\":{\"authorityKeyId\":\"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96\",\"commonName\":\"system:node:ip-10-12-32-204.us-west-2.compute.internal\",\"fingerprint\":\"SHA256:FBQHjmcexGGgB42hmh2FLq1lRwyoz1HYRpJRd2pnsII\",\"ipAddresses\":[\"10.12.32.204\"],\"notAfter\":\"2025-12-22T16:50:32Z\",\"notBefore\":\"2025-12-15T22:38:56Z\",\"organization\":[\"system:nodes\"],\"serialNumber\":\"127630705538822312578970595637812130230650020432\",\"subjectKeyId\":\"67:A8:EE:1D:53:9F:B8:54:1B:3F:17:CF:7D:90:5A:BD:16:80:64:D7\"},\"dirGroup\":\"root\",\"dirMode\":2147484141,\"dirUser\":\"root\",\"group\":\"root\",\"mode\":420,\"path\":\"/var/lib/kubelet/pki/kubelet-cert.pem\",\"user\":\"root\"},\"tlsPrivateKeyFile\":{\"group\":\"root\",\"mode\":384,\"path\":\"/var/lib/kubelet/pki/kubelet-key.pem\",\"user\":\"root\"}},\"group\":\"root\",\"mode\":384,\"path\":\"/etc/kubernetes/kubelet-configuration.yaml\",\"user\":\"root\"},\"event-burst\":100,\"event-qps\":50,\"hostname-override\":\"ip-10-12-32-204.us-west-2.compute.internal\",\"image-credential-provider-bin-dir\":{\"group\":\"root\",\"mode\":2147484141,\"path\":\"/usr/local/bin\",\"user\":\"root\"},\"image-credential-provider-config\":{\"content\":{\"apiVersion\":\"kubelet.config.k8s.io/v1\",\"kind\":\"CredentialProviderConfig\",\"providers\":[{\"apiVersion\":\"credentialprovider.kubelet.k8s.io/v1\",\"defaultCacheDuration\":\"12h\",\"matchImages\":[\"*.dkr.ecr.*.amazonaws.com\",\"*.dkr.ecr-fips.*.amazonaws.com\"],\"name\":\"ecr-credential-provider\"}]},\"group\":\"root\",\"mode\":292,\"path\":\"/etc/kubernetes/kubelet-credential-provider-config.yaml\",\"user\":\"root\"},\"kubeconfig\":{\"group\":\"root\",\"kubeconfig\":{\"clusters\":{\"kubernetes\":{\"certificateAuthority\":{\"certificate\":{\"authorityKeyId\":\"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96\",\"commonName\":\"parent31-k8s\",\"dnsNames\":[\"parent31-k8s\"],\"fingerprint\":\"SHA256:DP/0ES6hkVPMrFizcIMEbQ75QGpwuWZZzShkn1KGQLA\",\"notAfter\":\"2030-09-28T18:40:34Z\",\"notBefore\":\"2025-09-29T18:40:04Z\",\"serialNumber\":\"680167176125483697456383252717454423151202771482\",\"subjectKeyId\":\"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96\"},\"dirGroup\":\"root\",\"dirMode\":2147484141,\"dirUser\":\"root\",\"group\":\"root\",\"mode\":420,\"path\":\"/etc/vaultd/certs/vault-ca.cert\",\"user\":\"root\"},\"server\":\"https://k8s-parent31.prtest03.staging.dog\"}},\"contexts\":{\"kubelet\":{\"cluster\":\"kubernetes\",\"user\":\"kubelet\"}},\"currentContext\":\"\",\"users\":{\"kubelet\":{\"clientCertificate\":{\"certificate\":{\"authorityKeyId\":\"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96\",\"commonName\":\"system:node:ip-10-12-32-204.us-west-2.compute.internal\",\"fingerprint\":\"SHA256:FBQHjmcexGGgB42hmh2FLq1lRwyoz1HYRpJRd2pnsII\",\"ipAddresses\":[\"10.12.32.204\"],\"notAfter\":\"2025-12-22T16:50:32Z\",\"notBefore\":\"2025-12-15T22:38:56Z\",\"organization\":[\"system:nodes\"],\"serialNumber\":\"127630705538822312578970595637812130230650020432\",\"subjectKeyId\":\"67:A8:EE:1D:53:9F:B8:54:1B:3F:17:CF:7D:90:5A:BD:16:80:64:D7\"},\"dirGroup\":\"root\",\"dirMode\":2147484141,\"dirUser\":\"root\",\"group\":\"root\",\"mode\":420,\"path\":\"/var/lib/kubelet/pki/kubelet-cert.pem\",\"user\":\"root\"},\"clientKey\":{\"group\":\"root\",\"mode\":384,\"path\":\"/var/lib/kubelet/pki/kubelet-key.pem\",\"user\":\"root\"},\"usePassword\":false,\"useToken\":false}}},\"mode\":420,\"path\":\"/var/lib/kubelet/kubeconfig.yaml\",\"user\":\"root\"},\"make-iptables-util-chains\":true,\"pod-max-pids\":-1,\"skippedFlags\":{\"--cloud-provider\":\"external\",\"--cluster-dns\":\"172.17.0.2\",\"--config-dir\":\"/etc/kubernetes/config.d\",\"--container-runtime-endpoint\":\"unix:///run/containerd/containerd.sock\",\"--healthz-bind-address\":\"10.12.32.204\",\"--node-ip\":\"10.12.32.204\",\"--node-labels\":\"node.datadoghq.com/cgroup=v2\"}}},\"framework_requirement\":[\"fedramp-low/Identification-and-Authentication\",\"fedramp-moderate/Identification-and-Authentication\",\"pci-dss/Protect-Stored-Account-Data\",\"cis-kubernetes/Kubelet\",\"fedramp-high/Identification-and-Authentication\",\"nist-800-53/Identification and Authentication\",\"pci-dss/Apply-Secure-Configurations-to-All-System-Components\"],\"framework_requirement_control\":[\"cis-kubernetes/Kubelet/4.2.10\",\"nist-800-53/Identification and Authentication/IA-7\",\"fedramp-high/Identification-and-Authentication/IA-7\",\"pci-dss/Apply-Secure-Configurations-to-All-System-Components/2.2.7\",\"fedramp-low/Identification-and-Authentication/IA-7\",\"fedramp-moderate/Identification-and-Authentication/IA-7\",\"pci-dss/Protect-Stored-Account-Data/3.6.1.2\",\"pci-dss/Protect-Stored-Account-Data/3.6.1.1\"],\"is_default_crawl\":false,\"kube_node_name\":\"kube-system_nodeless-amd64-d-m6a-2xlarge\",\"kubeletService\":{\"content\":[\"Unit\"],\"group\":\"root\",\"mode\":420,\"path\":\"/etc/systemd/system/kubelet.service\",\"user\":\"root\"},\"version\":\"202403\"},\"region\":\"us-west-2\"},\"compliance\":{\"evaluation\":\"pass\",\"framework_requirement_controls\":[\"cis-kubernetes/Kubelet/4.2.10\",\"nist-800-53/Identification and Authentication/IA-7\",\"fedramp-high/Identification-and-Authentication/IA-7\",\"pci-dss/Apply-Secure-Configurations-to-All-System-Components/2.2.7\",\"fedramp-low/Identification-and-Authentication/IA-7\",\"fedramp-moderate/Identification-and-Authentication/IA-7\",\"pci-dss/Protect-Stored-Account-Data/3.6.1.2\",\"pci-dss/Protect-Stored-Account-Data/3.6.1.1\"],\"framework_requirements\":[\"fedramp-low/Identification-and-Authentication\",\"fedramp-moderate/Identification-and-Authentication\",\"pci-dss/Protect-Stored-Account-Data\",\"cis-kubernetes/Kubelet\",\"fedramp-high/Identification-and-Authentication\",\"nist-800-53/Identification and Authentication\",\"pci-dss/Apply-Secure-Configurations-to-All-System-Components\"],\"frameworks\":[{\"control\":\"4.2.10\",\"framework\":\"cis-kubernetes\",\"is_default\":true,\"requirement\":\"Kubelet\",\"version\":\"1.9.0\"},{\"control\":\"IA-7\",\"framework\":\"fedramp-high\",\"is_default\":true,\"requirement\":\"Identification-and-Authentication\",\"version\":\"5\"},{\"control\":\"IA-7\",\"framework\":\"fedramp-low\",\"is_default\":true,\"requirement\":\"Identification-and-Authentication\",\"version\":\"5\"},{\"control\":\"IA-7\",\"framework\":\"fedramp-moderate\",\"is_default\":true,\"requirement\":\"Identification-and-Authentication\",\"version\":\"5\"},{\"control\":\"IA-7\",\"framework\":\"nist-800-53\",\"is_default\":true,\"requirement\":\"Identification and Authentication\",\"version\":\"rev5\"},{\"control\":\"2.2.7\",\"framework\":\"pci-dss\",\"is_default\":true,\"requirement\":\"Apply-Secure-Configurations-to-All-System-Components\",\"version\":\"4.0.1\"},{\"control\":\"3.6.1.1\",\"framework\":\"pci-dss\",\"is_default\":true,\"requirement\":\"Protect-Stored-Account-Data\",\"version\":\"4.0.1\"},{\"control\":\"3.6.1.2\",\"framework\":\"pci-dss\",\"is_default\":true,\"requirement\":\"Protect-Stored-Account-Data\",\"version\":\"4.0.1\"}]},\"description\":\"%%%\\n## Description\\n\\nKubelet client certificate rotation should be enabled. The `--rotate-certificates` setting tells the kubelet to rotate its client certificates by creating new CSRs when its existing credentials expire. This automated periodic rotation ensures that there is no downtime due to expired certificates and thus addresses availability in the CIA security triad.\\n\\n**Note**: This recommendation only applies if you let kubelets get their certificates from the API server. In cases where your kubelet certificates come from an outside authority or tool (for example, Vault), then you need to manually do the rotation. \\n\\n## Remediation\\n\\n1. If using a kubelet config file, edit the file to add the line `rotateCertificates: true`.\\n2. If using command line arguments, edit the kubelet service file `/etc/systemd/system/kubelet.service.d/10-kubeadm.conf` on each worker node and add the argument below from the `KUBELET_CERTIFICATE_ARGS` variable.\\n ```\\n --rotate-certificates=true\\n ```\\n3. Restart the kubelet service.\\n\\n%%%\",\"detection_changed_at\":1765838670804,\"finding_id\":\"ZGVmLTAway1leWV-aS0wOGE2ZmE2ODdjOWE2ZDJkYg==\",\"finding_type\":\"misconfiguration\",\"first_seen_at\":1765838670804,\"k8s\":{\"cluster_id\":\"parent31\"},\"last_seen_at\":1765838670804,\"metadata\":{\"schema_version\":\"2\"},\"resource_id\":\"i-08a6fa687c9a6d2db\",\"resource_name\":\"kube-system_nodeless-amd64-d-m6a-2xlarge\",\"resource_type\":\"kubernetes_worker_node\",\"rule\":{\"default_rule_id\":\"def-00k-eye\",\"id\":\"def-00k-eye\",\"name\":\"The kubelet client certificate rotation should be enabled\",\"type\":\"cloud configuration\",\"version\":7},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8,\"value\":\"high\",\"value_id\":3}},\"status\":\"open\",\"title\":\"The kubelet client certificate rotation should be enabled\",\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"scored:true\",\"kernel:none\",\"kube_node_role:nodeless\",\"dd_compute_k8s_platform_version:v6-260-2\",\"k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-200m-v2\",\"kube_cluster_name:parent31\",\"k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule\",\"nodegroup:kube-system_nodeless-amd64-d-m6a-2xlarge\",\"name:kube-system_nodeless-amd64-d-m6a-2xlarge\",\"framework:fedramp-low\",\"requirement:identification_and_authentication\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s\",\"control:2.2.7\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true\",\"iam_profile:k8s/prtest03-staging-dog-parent31-kube-node_v2\",\"site:datadoghq.com\",\"framework_version:pci-dss_v4.0.1\",\"framework:cis-kubernetes\",\"nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-2xlarge\",\"framework:nist-800-53\",\"aws:ec2:fleet-id:fleet-30af8106-a33c-c1bc-8e30-8c2aef2d524c\",\"requirement:protect-stored-account-data\",\"framework_version:nist-800-53_vrev5\",\"framework:fedramp-moderate\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"requirement:identification-and-authentication\",\"node.datadoghq.com/flavor:standard\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-m6a-2xlarge\",\"adp_enabled:false\",\"kube_node_role:nodeless-amd64-d-m6a-2xlarge\",\"kubernetes.io/cluster/parent31:owned\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard\",\"team:compute-cloud-accounts\",\"image:ami-0e7b60ad05b2da7ed\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless\",\"ng_local_storage:false\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"security-group:sg-041983b0e52f0b956\",\"auto-discovery.cluster-autoscaler.k8s.io/parent31\",\"ng_cluster_autoscaler:true\",\"account:staging-prtest03-hazel-parent\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system\",\"kubernetes_cluster:parent31\",\"account_id:600865094333\",\"aws:ec2launchtemplate:id:lt-0e13322d92afb436c\",\"k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"framework_version:fedramp-moderate_v5\",\"k8s.io/cluster-autoscaler/node-template/label/class:nodeless\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:28983228826\",\"framework_version:cis-kubernetes_v1.9.0\",\"agent_release_candidate_cluster:false\",\"host:i-08a6fa687c9a6d2db\",\"role:kube-node\",\"env:staging\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"instance-type:m6a.2xlarge\",\"control:ia-7\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:372mi\",\"framework_version:fedramp-low_v5\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95\",\"scope:kubernetes\",\"security:compliance\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64\",\"kube_node_role:compute\",\"k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-200m-v2\",\"nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64\",\"control:3.6.1.1\",\"control:3.6.1.2\",\"datacenter:prtest03.staging.dog\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"framework:pci-dss\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-2xlarge\",\"region:us-west-2\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:53034256170\",\"nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller\",\"kube_node:ip-10-12-32-204.us-west-2.compute.internal\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false\",\"framework_version:fedramp-high_v5\",\"node.datadoghq.com/cgroup:v2\",\"node.datadoghq.com/version:v6-260-2\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"security-group:sg-040bae0963d96a1c5\",\"cluster_name:parent31\",\"aws_account:600865094333\",\"autoscaling_group:prtest03-staging-dog-parent31-k8s-ng-asg-4defb27385fb49b0\",\"cpu_arch:amd64\",\"requirement:kubelet\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"requirement:apply-secure-configurations-to-all-system-components\",\"instance_type:m6a.2xlarge\",\"orch_cluster_id:69945bda-00ed-44d6-8ddd-5ee7cecf1c1d\",\"source:kubernetes\",\"framework:fedramp-high\",\"control:4.2.10\",\"source:compliance-agent\"],\"timestamp\":1765838670804}}],\"meta\":{\"elapsed\":916,\"page\":{\"after\":\"eyJhZnRlciI6IkF3QUFBWnNrTDh2VTlLUDFyQUFBQUJoQlduTnJURGgyVlVGQlF6QnVTVVJUUTBwbk5HbE9jSE1BQUFBa1pqRTVZakkwTW1ZdFpEUXhOeTAwWW1GbExUZ3haRFl0WkRZME5EazFNelE0TkRabEFBQUg0ZyIsInZhbHVlcyI6WzE3NjU4Mzg2NzA4MDQsIjIwMjUtMTItMTVUMjI6NDQ6MzAuODA0WiIsLTE5MDU4MTMzMl19\"},\"request_id\":\"pddv1ChZXeHI2X1VLUFMyQ25KRjFhNTgwWlZ3Ii0KHSOVjxpVE2yfxdGytC3aiBt_PLDLzISoQQFbf2XXEgys6s_dxBVNuv6xlig\",\"status\":\"done\"},\"links\":{\"next\":\"/api/v2/security/findings?filter%5Bquery%5D=%40severity%3Acritical+OR+%40severity%3Ahigh\\u0026page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrTDh2VTlLUDFyQUFBQUJoQlduTnJURGgyVlVGQlF6QnVTVVJUUTBwbk5HbE9jSE1BQUFBa1pqRTVZakkwTW1ZdFpEUXhOeTAwWW1GbExUZ3haRFl0WkRZME5EazFNelE0TkRabEFBQUg0ZyIsInZhbHVlcyI6WzE3NjU4Mzg2NzA4MDQsIjIwMjUtMTItMTVUMjI6NDQ6MzAuODA0WiIsLTE5MDU4MTMzMl19\\u0026page%5Blimit%5D=1\\u0026sort=-%40detection_changed_at\"}}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/vnd.api+json" + } + ], + "headersSize": 683, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2025-12-15T22:44:41.945Z", + "time": 1040 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response_2164909507/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response_2164909507/frozen.json new file mode 100644 index 000000000000..bb7baa30918f --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response_2164909507/frozen.json @@ -0,0 +1 @@ +"2025-12-15T22:43:55.549Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response_2164909507/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response_2164909507/recording.har new file mode 100644 index 000000000000..38481f13233f --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Search-security-findings-returns-OK-response_2164909507/recording.har @@ -0,0 +1,67 @@ +{ + "log": { + "_recordingName": "Security Monitoring/Search security findings returns \"OK\" response", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "1ec3068ea915e8825cf5890a31d08a6d", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 65, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + }, + { + "_fromType": "array", + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 580, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/json", + "params": [], + "text": "{\"data\":{\"attributes\":{\"filter\":\"@severity:(critical OR high)\"}}}" + }, + "queryString": [], + "url": "https://api.datadoghq.com/api/v2/security/findings/search" + }, + "response": { + "bodySize": 57082, + "content": { + "mimeType": "application/vnd.api+json", + "size": 57082, + "text": "{\"data\":[{\"id\":\"Y2RiNWYyMmQ2Nzg2ZTBkYjA1ZTc5NDM3MDU5NGJhNTh-MWIxYTc2ZDZkNDZlYmE0YjFlY2RkMDY0NjRlYjIwZTk=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-45337\",\"GO-2024-3321\"],\"cve\":\"CVE-2024-45337\",\"id\":\"GHSA-v778-237x-gjrc\",\"modified_at\":1738337443000,\"published_at\":1733954584000,\"summary\":\"Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"990060747993\",\"cloud_provider\":\"aws\",\"display_name\":\"ip-10-151-60-149.us-west-2.compute.internal-raboot-c\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838619159,\"finding_id\":\"Y2RiNWYyMmQ2Nzg2ZTBkYjA1ZTc5NDM3MDU5NGJhNTh-MWIxYTc2ZDZkNDZlYmE0YjFlY2RkMDY0NjRlYjIwZTk=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765838614786,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0e7b60ad05b2da7ed\",\"name\":\"ip-10-151-60-149.us-west-2.compute.internal-raboot-c\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"raboot-c\"},\"last_seen_at\":1765838619159,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"golang.org/x/crypto\"],\"name\":\"golang.org/x/crypto\",\"normalized_name\":\"golang.org/x/crypto\",\"version\":\"v0.18.0\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"golang.org/x/crypto\",\"version\":\"0.31.0\"}]},\"recommended\":{\"name\":\"golang.org/x/crypto\",\"version\":\"0.31.0\"}},\"resource_id\":\"1b1a76d6d46eba4b1ecdd06464eb20e9\",\"resource_name\":\"ip-10-151-60-149.us-west-2.compute.internal-raboot-c\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/NHAS/CVE-2024-45337-POC\",\"https://github.com/NHAS/VULNERABLE-CVE-2024-45337\",\"https://github.com/peace-maker/CVE-2024-45337\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.42906,\"epss_severity\":\"medium\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":7,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":9.1,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\"}},\"status\":\"open\",\"title\":\"Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto\",\"vulnerability\":{\"cwes\":[\"CWE-285\"],\"hash\":\"2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"kube_node_role:nodeless\",\"aws:ec2launchtemplate:id:lt-0105c69a444a8e9fb\",\"ecosystem:go\",\"dd_compute_k8s_platform_version:v6-260-2\",\"k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-200m-v2\",\"aws_account:990060747993\",\"fix_version:v0.46.0\",\"instance-type:c6a.2xlarge\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:13480074445\",\"kubernetes_cluster:raboot-c\",\"source:datadog\",\"k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule\",\"vulnerability_status:open\",\"fix_available:available\",\"cluster_name:raboot-c\",\"iam_profile:k8s/prtest02-staging-dog-raboot-c-kube-node_v2\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s\",\"asset_type:host\",\"new:true\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true\",\"site:datadoghq.com\",\"kubernetes.io/cluster/raboot-c:owned\",\"assignee:none\",\"alias:go-2024-3321\",\"assignee_id:none\",\"in_production:false\",\"cve:cve-2024-45337\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-c6a-2xlarge\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"node.datadoghq.com/flavor:standard\",\"adp_enabled:false\",\"autoscaling_group:prtest02-staging-dog-raboot-c-k8s-ng-asg-faab57746e6215c5\",\"base_score:9.1\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-c6a-2xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard\",\"team:compute-cloud-accounts\",\"public_exploit_available:true\",\"image:ami-0e7b60ad05b2da7ed\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless\",\"ng_local_storage:false\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"ng_cluster_autoscaler:true\",\"asset_id:ip-10-151-60-149.us-west-2.compute.internal-raboot-c\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system\",\"k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"instance_type:c6a.2xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/class:nodeless\",\"security-group:sg-0975ebcfe01315df0\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"epss_raw_score:0.42906\",\"nodegroup:kube-system_nodeless-amd64-d-c6a-2xlarge\",\"exposure_time_days:0\",\"score:7.0\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"package_version:v0.18.0\",\"base_severity:critical\",\"account:staging-prtest02-ember-c\",\"security-group:sg-08568810eba5fc2d8\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"aws:ec2:fleet-id:fleet-0c1e1c15-ce07-ce8f-0eb2-2982e1977208\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:372mi\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95\",\"scored:false\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64\",\"severity:high\",\"kube_node_role:compute\",\"k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-200m-v2\",\"nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64\",\"os_name:ubuntu\",\"alias:cve-2024-45337\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"region:us-west-2\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:53034256170\",\"nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller\",\"kube_cluster_name:raboot-c\",\"orch_cluster_id:76cfd63e-1d3b-4bf3-b0b0-93e1423ef6cc\",\"name:kube-system_nodeless-amd64-d-c6a-2xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false\",\"nodegroups.datadoghq.com/name:nodeless-amd64-d-c6a-2xlarge\",\"node.datadoghq.com/cgroup:v2\",\"node.datadoghq.com/version:v6-260-2\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"vuln_id:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31\",\"hash:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"cpu_arch:amd64\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"kube_node:ip-10-151-60-149.us-west-2.compute.internal\",\"kube_node_role:nodeless-amd64-d-c6a-2xlarge\",\"package_name:golang.org/x/crypto\",\"auto-discovery.cluster-autoscaler.k8s.io/raboot-c\",\"event_type:new\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"env:staging\"],\"timestamp\":1765838619159}},{\"id\":\"YTA2ODU1YjVjYWZlZWY5Y2MyMzczMTY4MDdhYjRlMWJ-ZWExMDk2NDQ2ZjM3Mjg2MzZkMzA3ZWQ5M2ZiNDdlZjM=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CGA-rqqc-qwmr-qw72\",\"CGA-vmcg-54pm-cp7r\",\"CVE-2024-27304\",\"GHSA-7jwh-3vrq-q3m8\",\"GO-2024-2606\"],\"cve\":\"CVE-2024-27304\",\"id\":\"GHSA-mrww-27vc-gghv\",\"modified_at\":1734042636000,\"published_at\":1709585004000,\"summary\":\"pgx SQL Injection via Protocol Message Size Overflow\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"727006795293\",\"cloud_provider\":\"aws\",\"display_name\":\"i-048e423259eb6256a\",\"region\":\"us-east-1\"},\"detection_changed_at\":1765838618317,\"finding_id\":\"YTA2ODU1YjVjYWZlZWY5Y2MyMzczMTY4MDdhYjRlMWJ-ZWExMDk2NDQ2ZjM3Mjg2MzZkMzA3ZWQ5M2ZiNDdlZjM=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765826319813,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0d63de838a36a5577\",\"name\":\"i-048e423259eb6256a\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"stripe\"},\"last_seen_at\":1765838618317,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/jackc/pgx/v4\"],\"name\":\"github.com/jackc/pgx/v4\",\"normalized_name\":\"github.com/jackc/pgx/v4\",\"version\":\"v4.18.1\"},\"related_services\":[\"exposed_to_attacks:false\"],\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/jackc/pgx/v4\",\"version\":\"4.18.2\"}]},\"recommended\":{\"name\":\"github.com/jackc/pgx/v4\",\"version\":\"4.18.2\"}},\"resource_id\":\"ea1096446f3728636d307ed93fb47ef3\",\"resource_name\":\"i-048e423259eb6256a\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/roaris/CVE-2024-27304-PoC\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.01391,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":7.3,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L/MAV:A\"},\"base\":{\"score\":9.3,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U\"}},\"status\":\"auto_closed\",\"title\":\"pgx SQL Injection via Protocol Message Size Overflow\",\"vulnerability\":{\"cwes\":[\"CWE-89\",\"CWE-190\"],\"hash\":\"82a26ba1ef91184df0a023d923e2542542cfd589155f06f5b4a08dae468d4b2e\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838618317,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1b\",\"kube_node_role:nodeless\",\"ecosystem:go\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge\",\"event_type:close\",\"availability-zone:us-east-1b\",\"package_version:v4.18.1\",\"source:datadog\",\"kube_node_role:nodeless-amd64-d-m6a-4xlarge\",\"k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule\",\"site:datad0g.com\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:106068512341\",\"fix_available:available\",\"fix_version:v4.18.3\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:15900m\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s\",\"asset_type:host\",\"aws:ec2launchtemplate:id:lt-0ab29ef7bcf9901c8\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true\",\"assignee:none\",\"assignee_id:none\",\"in_production:false\",\"aws_account:727006795293\",\"is_kube_cluster_experimental:false\",\"node.datadoghq.com/flavor:standard\",\"adp_enabled:false\",\"instance_type:m6a.4xlarge\",\"nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge\",\"base_score:9.3\",\"auto-discovery.cluster-autoscaler.k8s.io/stripe\",\"alias:cga-vmcg-54pm-cp7r\",\"kubernetes.io/cluster/stripe:owned\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard\",\"nodegroup:kube-system_nodeless-amd64-d-m6a-4xlarge\",\"public_exploit_available:true\",\"region:us-east-1\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless\",\"ng_local_storage:false\",\"close_count:0\",\"ng_cluster_autoscaler:true\",\"service_exposed_to_attacks:false\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system\",\"k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"alias:cve-2024-27304\",\"k8s.io/cluster-autoscaler/node-template/label/class:nodeless\",\"asset_id:i-048e423259eb6256a\",\"cve:cve-2024-27304\",\"account:staging\",\"name:kube-system_nodeless-amd64-d-m6a-4xlarge\",\"image:ami-0d63de838a36a5577\",\"vuln_id:82a26ba1ef91184df0a023d923e2542542cfd589155f06f5b4a08dae468d4b2e\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-m6a-4xlarge\",\"node.datadoghq.com/version:v6-269-0\",\"kube_cluster_name:stripe\",\"exposure_time_days:0\",\"aws:ec2:fleet-id:fleet-c5172d35-9624-6c05-2c30-812acd886a16\",\"cluster_name:stripe\",\"score:7.3\",\"role:kube-node\",\"env:staging\",\"base_severity:critical\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"security-group:sg-faa8cdb1\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95\",\"hash:82a26ba1ef91184df0a023d923e2542542cfd589155f06f5b4a08dae468d4b2e\",\"scored:false\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64\",\"alias:go-2024-2606\",\"severity:high\",\"kube_node_role:compute\",\"nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64\",\"kube_node:ip-10-131-1-21.ec2.internal\",\"os_name:ubuntu\",\"alias:ghsa-7jwh-3vrq-q3m8\",\"nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:745mi\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false\",\"security-group:sg-0a3744a5f247135d1\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:59987440026\",\"node.datadoghq.com/cgroup:v2\",\"instance-type:m6a.4xlarge\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"dd_compute_k8s_platform_version:v6-269-0\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-300m-v1\",\"autoscaling_group:us1-staging-dog-stripe-k8s-ng-asg-8a5078b204fcfc2d\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"orch_cluster_id:4c9f3702-c3bd-4d69-871b-cfa039a397df\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-300m-v1\",\"last_detected_minutes:0\",\"epss_raw_score:0.01391\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"datacenter:us1.staging.dog\",\"previous_status:open\",\"iam_profile:k8s/us1-staging-dog-stripe-kube-node_v2\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:160\",\"alias:cga-rqqc-qwmr-qw72\",\"package_name:github.com/jackc/pgx/v4\",\"kubernetes_cluster:stripe\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"env:staging\"],\"timestamp\":1765838618317}},{\"id\":\"NjUxZDEyZGRmOTI0ZmI1NTg1YzJkOTI5NzQ1ZjQ0MzJ-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-10220\",\"GO-2024-3286\"],\"cve\":\"CVE-2024-10220\",\"id\":\"GHSA-27wf-5967-98gx\",\"modified_at\":1734126344000,\"published_at\":1732311135000,\"summary\":\" Kubernetes kubelet arbitrary command execution\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"i-0287cce0c5ced7759\"},\"detection_changed_at\":1765838618125,\"finding_id\":\"NjUxZDEyZGRmOTI0ZmI1NTg1YzJkOTI5NzQ1ZjQ0MzJ-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765837776218,\"host\":{\"name\":\"i-0287cce0c5ced7759\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"stripe\"},\"last_seen_at\":1765838618125,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"k8s.io/kubernetes\"],\"name\":\"k8s.io/kubernetes\",\"normalized_name\":\"k8s.io/kubernetes\",\"version\":\"v1.30.0\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"k8s.io/kubernetes\",\"version\":\"1.30.3\"}]},\"recommended\":{\"name\":\"k8s.io/kubernetes\",\"version\":\"1.30.3\"}},\"resource_id\":\"6c7a1c87e14ed31c51524564bccc6627\",\"resource_name\":\"i-0287cce0c5ced7759\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/filipzag/CVE-2024-10220\",\"https://github.com/any2sec/cve-2024-10220\",\"https://github.com/XiaomingX/cve-2024-10220-githooks\",\"https://github.com/mrk336/CVE-2024-10220-Kubernetes-gitRepo-Volume-Vulnerability\",\"https://github.com/candranapits/poc-CVE-2024-10220\",\"https://github.com/orgC/CVE-2024-10220-demo\",\"https://github.com/mochizuki875/CVE-2024-10220-githooks\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.22805,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":7.1,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":8.6,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N\"}},\"status\":\"auto_closed\",\"title\":\" Kubernetes kubelet arbitrary command execution\",\"vulnerability\":{\"cwes\":[\"CWE-22\"],\"hash\":\"ad302a93e517fd0a5e85db047457aa1de46605d3ccd9cee8a922ffc0986903fd\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838618125,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"fix_version:v1.32.8\",\"kube_cluster_name:stripe\",\"base_score:8.6\",\"exposure_time_days:0\",\"ecosystem:go\",\"score:7.1\",\"cluster_name:stripe\",\"cve:cve-2024-10220\",\"event_type:close\",\"nodegroups.datadoghq.com/name:flink-metering-jose-jobmanager\",\"env:staging\",\"source:datadog\",\"vuln_id:ad302a93e517fd0a5e85db047457aa1de46605d3ccd9cee8a922ffc0986903fd\",\"site:datad0g.com\",\"package_version:v1.30.0\",\"fix_available:available\",\"scored:false\",\"kube_node_role:compute\",\"severity:high\",\"asset_type:host\",\"os_name:ubuntu\",\"instance_type:m5.2xlarge\",\"assignee:none\",\"alias:go-2024-3286\",\"assignee_id:none\",\"in_production:false\",\"kube_node_role:flink-metering-jose-jobmanager\",\"epss_raw_score:0.22805\",\"alias:cve-2024-10220\",\"is_kube_cluster_experimental:false\",\"hash:ad302a93e517fd0a5e85db047457aa1de46605d3ccd9cee8a922ffc0986903fd\",\"adp_enabled:false\",\"node.datadoghq.com/cgroup:v2\",\"tool:infra\",\"kube_node:ip-10-131-0-241.ec2.internal\",\"public_exploit_available:true\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"asset_id:i-0287cce0c5ced7759\",\"orch_cluster_id:4c9f3702-c3bd-4d69-871b-cfa039a397df\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"ng_cluster_autoscaler:true\",\"last_detected_minutes:0\",\"base_severity:high\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"node.datadoghq.com/version:v6-271-0\",\"datacenter:us1.staging.dog\",\"previous_status:open\",\"nodegroups.datadoghq.com/namespace:metering\",\"package_name:k8s.io/kubernetes\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838618125}},{\"id\":\"NjI4MzY3YWUxYzhjZDU0OTNlZGY2NDc5Y2Q2ZTNmOWF-ZGFmYjNkMmQ4ZjYzODRhYzM4NmFhNGZhNmNmNmM0ZDk=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CGA-rqqc-qwmr-qw72\",\"CGA-vmcg-54pm-cp7r\",\"CVE-2024-27304\",\"GHSA-7jwh-3vrq-q3m8\",\"GO-2024-2606\"],\"cve\":\"CVE-2024-27304\",\"id\":\"GHSA-mrww-27vc-gghv\",\"modified_at\":1734042636000,\"published_at\":1709585004000,\"summary\":\"pgx SQL Injection via Protocol Message Size Overflow\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"727006795293\",\"cloud_provider\":\"aws\",\"display_name\":\"i-0f1ef8599b4b41431\",\"region\":\"us-east-1\"},\"detection_changed_at\":1765838618006,\"finding_id\":\"NjI4MzY3YWUxYzhjZDU0OTNlZGY2NDc5Y2Q2ZTNmOWF-ZGFmYjNkMmQ4ZjYzODRhYzM4NmFhNGZhNmNmNmM0ZDk=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765833769555,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0d63de838a36a5577\",\"name\":\"i-0f1ef8599b4b41431\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"oddish-b\"},\"last_seen_at\":1765838618006,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/jackc/pgx\"],\"name\":\"github.com/jackc/pgx\",\"normalized_name\":\"github.com/jackc/pgx\",\"version\":\"v3.3.0+incompatible\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/jackc/pgx\",\"version\":\"4.18.2\"}]},\"recommended\":{\"name\":\"github.com/jackc/pgx\",\"version\":\"4.18.2\"}},\"resource_id\":\"dafb3d2d8f6384ac386aa4fa6cf6c4d9\",\"resource_name\":\"i-0f1ef8599b4b41431\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/roaris/CVE-2024-27304-PoC\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.01391,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8.9,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":9.3,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U\"}},\"status\":\"auto_closed\",\"title\":\"pgx SQL Injection via Protocol Message Size Overflow\",\"vulnerability\":{\"cwes\":[\"CWE-89\",\"CWE-190\"],\"hash\":\"7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838618006,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1b\",\"hash:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae\",\"kube_node_role:nodeless\",\"ecosystem:go\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge\",\"event_type:close\",\"availability-zone:us-east-1b\",\"vuln_id:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae\",\"k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-200m-v2\",\"asset_id:i-0f1ef8599b4b41431\",\"source:datadog\",\"kube_node_role:nodeless-amd64-d-m6a-4xlarge\",\"k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule\",\"site:datad0g.com\",\"aws:ec2launchtemplate:id:lt-0aa5742eec024a5e8\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:106068512341\",\"fix_available:available\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:15900m\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s\",\"asset_type:host\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true\",\"assignee:none\",\"assignee_id:none\",\"in_production:false\",\"aws_account:727006795293\",\"is_kube_cluster_experimental:false\",\"node.datadoghq.com/flavor:standard\",\"adp_enabled:false\",\"package_version:v3.3.0_incompatible\",\"instance_type:m6a.4xlarge\",\"nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge\",\"base_score:9.3\",\"kube_cluster_name:oddish-b\",\"iam_profile:k8s/us1-staging-dog-oddish-b-kube-node_v2\",\"alias:cga-vmcg-54pm-cp7r\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard\",\"nodegroup:kube-system_nodeless-amd64-d-m6a-4xlarge\",\"public_exploit_available:true\",\"autoscaling_group:us1-staging-dog-oddish-b-k8s-ng-asg-376ded054ca1c4df\",\"kubernetes.io/cluster/oddish-b:owned\",\"region:us-east-1\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless\",\"ng_local_storage:false\",\"close_count:0\",\"ng_cluster_autoscaler:true\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system\",\"k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"alias:cve-2024-27304\",\"k8s.io/cluster-autoscaler/node-template/label/class:nodeless\",\"cve:cve-2024-27304\",\"account:staging\",\"name:kube-system_nodeless-amd64-d-m6a-4xlarge\",\"image:ami-0d63de838a36a5577\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-m6a-4xlarge\",\"node.datadoghq.com/version:v6-269-0\",\"exposure_time_days:0\",\"cluster_name:oddish-b\",\"security-group:sg-0b9e1c6b4773288df\",\"orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54\",\"role:kube-node\",\"package_name:github.com/jackc/pgx\",\"env:staging\",\"base_severity:critical\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"security-group:sg-faa8cdb1\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95\",\"scored:false\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64\",\"alias:go-2024-2606\",\"severity:high\",\"kube_node_role:compute\",\"k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-200m-v2\",\"nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64\",\"os_name:ubuntu\",\"alias:ghsa-7jwh-3vrq-q3m8\",\"aws:ec2:fleet-id:fleet-7bbf19a6-a3a4-ee94-0c38-a582da17231b\",\"nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:745mi\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:59987440026\",\"node.datadoghq.com/cgroup:v2\",\"instance-type:m6a.4xlarge\",\"score:8.9\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"dd_compute_k8s_platform_version:v6-269-0\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"last_detected_minutes:0\",\"epss_raw_score:0.01391\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"kube_node:ip-10-128-39-138.ec2.internal\",\"datacenter:us1.staging.dog\",\"previous_status:open\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:160\",\"alias:cga-rqqc-qwmr-qw72\",\"kubernetes_cluster:oddish-b\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"auto-discovery.cluster-autoscaler.k8s.io/oddish-b\",\"env:staging\"],\"timestamp\":1765838618006}},{\"id\":\"YzE5MmY0MWI2OTdkN2Y5NTZiNmNiODI1ZTdiNDhlZTh-YzZlMmY1ZGIwOTU0ODIzM2MwZDFmNTdjZmZjMTdjMzQ=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-45337\",\"GO-2024-3321\"],\"cve\":\"CVE-2024-45337\",\"id\":\"GHSA-v778-237x-gjrc\",\"modified_at\":1738337443000,\"published_at\":1733954584000,\"summary\":\"Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"i-068207de5f413c29f\"},\"detection_changed_at\":1765838617916,\"finding_id\":\"YzE5MmY0MWI2OTdkN2Y5NTZiNmNiODI1ZTdiNDhlZTh-YzZlMmY1ZGIwOTU0ODIzM2MwZDFmNTdjZmZjMTdjMzQ=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765837162559,\"host\":{\"name\":\"i-068207de5f413c29f\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"oddish-b\"},\"last_seen_at\":1765838617916,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"golang.org/x/crypto\"],\"name\":\"golang.org/x/crypto\",\"normalized_name\":\"golang.org/x/crypto\",\"version\":\"v0.18.0\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"golang.org/x/crypto\",\"version\":\"0.31.0\"}]},\"recommended\":{\"name\":\"golang.org/x/crypto\",\"version\":\"0.31.0\"}},\"resource_id\":\"c6e2f5db09548233c0d1f57cffc17c34\",\"resource_name\":\"i-068207de5f413c29f\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/NHAS/CVE-2024-45337-POC\",\"https://github.com/NHAS/VULNERABLE-CVE-2024-45337\",\"https://github.com/peace-maker/CVE-2024-45337\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.42906,\"epss_severity\":\"medium\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":7,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":9.1,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\"}},\"status\":\"auto_closed\",\"title\":\"Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto\",\"vulnerability\":{\"cwes\":[\"CWE-285\"],\"hash\":\"2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838617916,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"epss_raw_score:0.42906\",\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"cluster_name:oddish-b\",\"score:7.0\",\"ecosystem:go\",\"event_type:close\",\"orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54\",\"env:staging\",\"fix_version:v0.46.0\",\"package_version:v0.18.0\",\"base_severity:critical\",\"source:datadog\",\"site:datad0g.com\",\"fix_available:available\",\"scored:false\",\"kube_node_role:compute\",\"severity:high\",\"asset_type:host\",\"os_name:ubuntu\",\"asset_id:i-068207de5f413c29f\",\"alias:cve-2024-45337\",\"assignee:none\",\"alias:go-2024-3321\",\"assignee_id:none\",\"cve:cve-2024-45337\",\"in_production:false\",\"node.datadoghq.com/flavor:nodeless-fastephemeral\",\"kube_node:ip-10-128-37-184.ec2.internal\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"node.datadoghq.com/cgroup:v2\",\"nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"kube_cluster_name:oddish-b\",\"instance_type:m6gd.8xlarge\",\"base_score:9.1\",\"vuln_id:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31\",\"hash:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31\",\"kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"public_exploit_available:true\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"vulnerability_status:auto-closed\",\"ng_cluster_autoscaler:true\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"node.datadoghq.com/version:v6-271-0\",\"datacenter:us1.staging.dog\",\"package_name:golang.org/x/crypto\",\"previous_status:open\",\"cpu_arch:arm64\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838617916}},{\"id\":\"NjlhMzIwMDBjNmVlZDNmZGFjMTUwODFmNzc3ZjA0OTl-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CGA-rqqc-qwmr-qw72\",\"CGA-vmcg-54pm-cp7r\",\"CVE-2024-27304\",\"GHSA-7jwh-3vrq-q3m8\",\"GO-2024-2606\"],\"cve\":\"CVE-2024-27304\",\"id\":\"GHSA-mrww-27vc-gghv\",\"modified_at\":1734042636000,\"published_at\":1709585004000,\"summary\":\"pgx SQL Injection via Protocol Message Size Overflow\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"i-0287cce0c5ced7759\"},\"detection_changed_at\":1765838617865,\"finding_id\":\"NjlhMzIwMDBjNmVlZDNmZGFjMTUwODFmNzc3ZjA0OTl-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765837776218,\"host\":{\"name\":\"i-0287cce0c5ced7759\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"stripe\"},\"last_seen_at\":1765838617865,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/jackc/pgx\"],\"name\":\"github.com/jackc/pgx\",\"normalized_name\":\"github.com/jackc/pgx\",\"version\":\"v3.3.0+incompatible\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/jackc/pgx\",\"version\":\"4.18.2\"}]},\"recommended\":{\"name\":\"github.com/jackc/pgx\",\"version\":\"4.18.2\"}},\"resource_id\":\"6c7a1c87e14ed31c51524564bccc6627\",\"resource_name\":\"i-0287cce0c5ced7759\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/roaris/CVE-2024-27304-PoC\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.01391,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8.9,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":9.3,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U\"}},\"status\":\"auto_closed\",\"title\":\"pgx SQL Injection via Protocol Message Size Overflow\",\"vulnerability\":{\"cwes\":[\"CWE-89\",\"CWE-190\"],\"hash\":\"7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838617865,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kube_cluster_name:stripe\",\"hash:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae\",\"exposure_time_days:0\",\"ecosystem:go\",\"cluster_name:stripe\",\"event_type:close\",\"nodegroups.datadoghq.com/name:flink-metering-jose-jobmanager\",\"vuln_id:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae\",\"package_name:github.com/jackc/pgx\",\"env:staging\",\"base_severity:critical\",\"source:datadog\",\"site:datad0g.com\",\"fix_available:available\",\"scored:false\",\"alias:go-2024-2606\",\"kube_node_role:compute\",\"severity:high\",\"asset_type:host\",\"os_name:ubuntu\",\"instance_type:m5.2xlarge\",\"assignee:none\",\"alias:ghsa-7jwh-3vrq-q3m8\",\"assignee_id:none\",\"in_production:false\",\"kube_node_role:flink-metering-jose-jobmanager\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"node.datadoghq.com/cgroup:v2\",\"package_version:v3.3.0_incompatible\",\"score:8.9\",\"tool:infra\",\"base_score:9.3\",\"kube_node:ip-10-131-0-241.ec2.internal\",\"alias:cga-vmcg-54pm-cp7r\",\"public_exploit_available:true\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"ng_local_storage:false\",\"asset_id:i-0287cce0c5ced7759\",\"close_count:0\",\"orch_cluster_id:4c9f3702-c3bd-4d69-871b-cfa039a397df\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"ng_cluster_autoscaler:true\",\"last_detected_minutes:0\",\"epss_raw_score:0.01391\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"node.datadoghq.com/version:v6-271-0\",\"datacenter:us1.staging.dog\",\"alias:cve-2024-27304\",\"previous_status:open\",\"cve:cve-2024-27304\",\"alias:cga-rqqc-qwmr-qw72\",\"nodegroups.datadoghq.com/namespace:metering\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838617865}},{\"id\":\"NTE0YWUwMWUwYjdiMTJlNTdmMjkwZGU3NjYwYzc3ZGF-MjRmYmFmY2UzNGZjNzRlZGY1NjI5M2ExZGIwNjBkZjM=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CGA-rqqc-qwmr-qw72\",\"CGA-vmcg-54pm-cp7r\",\"CVE-2024-27304\",\"GHSA-mrww-27vc-gghv\",\"GO-2024-2606\"],\"cve\":\"CVE-2024-27304\",\"id\":\"GHSA-7jwh-3vrq-q3m8\",\"modified_at\":1729574941941,\"published_at\":1709585125000,\"summary\":\"pgproto3 SQL Injection via Protocol Message Size Overflow\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"i-045e3e76dfdf37aae\"},\"detection_changed_at\":1765838617835,\"finding_id\":\"NTE0YWUwMWUwYjdiMTJlNTdmMjkwZGU3NjYwYzc3ZGF-MjRmYmFmY2UzNGZjNzRlZGY1NjI5M2ExZGIwNjBkZjM=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765837126551,\"host\":{\"name\":\"i-045e3e76dfdf37aae\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"oddish-b\"},\"last_seen_at\":1765838617835,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/jackc/pgproto3/v2\"],\"name\":\"github.com/jackc/pgproto3/v2\",\"normalized_name\":\"github.com/jackc/pgproto3/v2\",\"version\":\"v2.3.2\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/jackc/pgproto3/v2\",\"version\":\"2.3.3\"}]},\"recommended\":{\"name\":\"github.com/jackc/pgproto3/v2\",\"version\":\"2.3.3\"}},\"resource_id\":\"24fbafce34fc74edf56293a1db060df3\",\"resource_name\":\"i-045e3e76dfdf37aae\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/roaris/CVE-2024-27304-PoC\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.01391,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8.9,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":9.3,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U\"}},\"status\":\"auto_closed\",\"title\":\"pgproto3 SQL Injection via Protocol Message Size Overflow\",\"vulnerability\":{\"cwes\":[\"CWE-89\",\"CWE-190\"],\"hash\":\"f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838617835,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"fix_version:v2.3.4-0.20250125160525-bc041643406d\",\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"cluster_name:oddish-b\",\"ecosystem:go\",\"event_type:close\",\"orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54\",\"env:staging\",\"base_severity:critical\",\"source:datadog\",\"site:datad0g.com\",\"fix_available:available\",\"scored:false\",\"alias:go-2024-2606\",\"kube_node_role:compute\",\"severity:high\",\"asset_type:host\",\"os_name:ubuntu\",\"assignee:none\",\"assignee_id:none\",\"in_production:false\",\"node.datadoghq.com/flavor:nodeless-fastephemeral\",\"hash:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"node.datadoghq.com/cgroup:v2\",\"nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"score:8.9\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"base_score:9.3\",\"kube_cluster_name:oddish-b\",\"instance_type:m6gd.8xlarge\",\"package_version:v2.3.2\",\"alias:ghsa-mrww-27vc-gghv\",\"alias:cga-vmcg-54pm-cp7r\",\"kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"public_exploit_available:true\",\"dd_rule_type:not-empty\",\"vuln_id:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"vulnerability_status:auto-closed\",\"ng_cluster_autoscaler:true\",\"last_detected_minutes:0\",\"epss_raw_score:0.01391\",\"asset_id:i-045e3e76dfdf37aae\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"node.datadoghq.com/version:v6-271-0\",\"kube_node:ip-10-128-37-96.ec2.internal\",\"datacenter:us1.staging.dog\",\"alias:cve-2024-27304\",\"previous_status:open\",\"package_name:github.com/jackc/pgproto3/v2\",\"cve:cve-2024-27304\",\"alias:cga-rqqc-qwmr-qw72\",\"cpu_arch:arm64\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838617835}},{\"id\":\"ZjQ1YzE1NWQ5ODQ4NDk4ZmRjZTgyNTA1MzllZDY4OGV-N2YyZDlhNmRkMTE4NWYzODAyYTllZGFjMTczOTAzMTI=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-41110\",\"GO-2024-3005\"],\"cve\":\"CVE-2024-41110\",\"id\":\"GHSA-v23v-6jw2-98fq\",\"modified_at\":1723230467000,\"published_at\":1722334737000,\"summary\":\"Authz zero length regression\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"727006795293\",\"cloud_provider\":\"aws\",\"display_name\":\"i-0e04298f4842968e8\",\"region\":\"us-east-1\"},\"detection_changed_at\":1765838617779,\"finding_id\":\"ZjQ1YzE1NWQ5ODQ4NDk4ZmRjZTgyNTA1MzllZDY4OGV-N2YyZDlhNmRkMTE4NWYzODAyYTllZGFjMTczOTAzMTI=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765835798278,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0a8a2ad2689e7c22d\",\"name\":\"i-0e04298f4842968e8\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"oddish-b\"},\"last_seen_at\":1765838617779,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/docker/docker\"],\"name\":\"github.com/docker/docker\",\"normalized_name\":\"github.com/docker/docker\",\"version\":\"v26.0.1+incompatible\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/docker/docker\",\"version\":\"26.1.5\"}]},\"recommended\":{\"name\":\"github.com/docker/docker\",\"version\":\"26.1.5\"}},\"resource_id\":\"7f2d9a6dd1185f3802a9edac17390312\",\"resource_name\":\"i-0e04298f4842968e8\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/PauloParoPP/CVE-2024-41110-SCAN\",\"https://github.com/vvpoglazov/cve-2024-41110-checker\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.03074,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8.8,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":9.4,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\"}},\"status\":\"auto_closed\",\"title\":\"Authz zero length regression\",\"vulnerability\":{\"cwes\":[\"CWE-187\"],\"hash\":\"a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838617779,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1b\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"kube_node_role:nodeless\",\"ecosystem:go\",\"event_type:close\",\"availability-zone:us-east-1b\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"aws:ec2:fleet-id:fleet-d13f3304-a906-e61e-2c12-a78868beb555\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:186mi\",\"autoscaling_group:us1-staging-dog-oddish-b-k8s-ng-asg-25eaecca332303a0\",\"source:datadog\",\"k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule\",\"site:datad0g.com\",\"fix_available:available\",\"epss_raw_score:0.03074\",\"package_name:github.com/docker/docker\",\"asset_type:host\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-localstorage-amd64-m6id-xlarge\",\"nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-localstorage-amd64\",\"dd_compute_k8s_platform_version:v6-271-0\",\"nodegroup:kube-system_nodeless-localstorage-amd64-m6id-xlarge\",\"assignee:none\",\"vuln_id:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f\",\"assignee_id:none\",\"in_production:false\",\"aws_account:727006795293\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"kube_cluster_name:oddish-b\",\"base_score:9.4\",\"iam_profile:k8s/us1-staging-dog-oddish-b-kube-node_v2\",\"public_exploit_available:true\",\"kubernetes.io/cluster/oddish-b:owned\",\"region:us-east-1\",\"fix_version:v299999999.0.0-20200612211812-aaf470eca7b5_incompatible\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:236991611392\",\"ng_cluster_autoscaler:true\",\"k8s.io/cluster-autoscaler/node-template/label/nodeless-localstorage.datadoghq.com/instance-type:m6id.xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system\",\"name:kube-system_nodeless-localstorage-amd64-m6id-xlarge\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-localstorage-amd64-m6id-xlarge\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:13567106253\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"nodegroups.datadoghq.com/name:nodeless-localstorage-amd64-m6id-xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/class:nodeless\",\"account:staging\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:nodeless-localstorage\",\"k8s.io/cluster-autoscaler/node-template/taint/flavor:nodeless-localstorage:noschedule\",\"package_version:v26.0.1_incompatible\",\"exposure_time_days:0\",\"cluster_name:oddish-b\",\"security-group:sg-0b9e1c6b4773288df\",\"orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54\",\"role:kube-node\",\"env:staging\",\"instance_type:m6id.xlarge\",\"image:ami-0a8a2ad2689e7c22d\",\"base_severity:critical\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"asset_id:i-0e04298f4842968e8\",\"security-group:sg-faa8cdb1\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95\",\"scored:false\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:3900m\",\"severity:high\",\"kube_node_role:compute\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:40\",\"os_name:ubuntu\",\"node.datadoghq.com/flavor:nodeless-localstorage\",\"ng_local_storage:true\",\"alias:go-2024-3005\",\"nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller\",\"instance-type:m6id.xlarge\",\"node.datadoghq.com/cgroup:v2\",\"score:8.8\",\"kube_node:ip-10-128-71-26.ec2.internal\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"aws:ec2launchtemplate:id:lt-0ae5c167d7a085e7b\",\"k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64_flavor-nodeless-localstorage\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"last_detected_minutes:0\",\"kube_node_role:nodeless-localstorage-amd64-m6id-xlarge\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"hash:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f\",\"node.datadoghq.com/version:v6-271-0\",\"alias:cve-2024-41110\",\"datacenter:us1.staging.dog\",\"previous_status:open\",\"kubernetes_cluster:oddish-b\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"auto-discovery.cluster-autoscaler.k8s.io/oddish-b\",\"cve:cve-2024-41110\",\"env:staging\"],\"timestamp\":1765838617779}},{\"id\":\"OWZkNjcxMTNmY2M3ZGJkMTNiNWIxMjcyZDdjZGJjYTJ-ZDM3YTBhMTAxZjFjZjc4OGNlYmE5ODNkNzQwMWI2M2E=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CGA-rqqc-qwmr-qw72\",\"CGA-vmcg-54pm-cp7r\",\"CVE-2024-27304\",\"GHSA-mrww-27vc-gghv\",\"GO-2024-2606\"],\"cve\":\"CVE-2024-27304\",\"id\":\"GHSA-7jwh-3vrq-q3m8\",\"modified_at\":1729574941941,\"published_at\":1709585125000,\"summary\":\"pgproto3 SQL Injection via Protocol Message Size Overflow\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"i-0ef9daf3d9bd9c136\"},\"detection_changed_at\":1765838617692,\"finding_id\":\"OWZkNjcxMTNmY2M3ZGJkMTNiNWIxMjcyZDdjZGJjYTJ-ZDM3YTBhMTAxZjFjZjc4OGNlYmE5ODNkNzQwMWI2M2E=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765836977473,\"host\":{\"name\":\"i-0ef9daf3d9bd9c136\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"oddish-b\"},\"last_seen_at\":1765838617692,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/jackc/pgproto3/v2\"],\"name\":\"github.com/jackc/pgproto3/v2\",\"normalized_name\":\"github.com/jackc/pgproto3/v2\",\"version\":\"v2.3.2\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/jackc/pgproto3/v2\",\"version\":\"2.3.3\"}]},\"recommended\":{\"name\":\"github.com/jackc/pgproto3/v2\",\"version\":\"2.3.3\"}},\"resource_id\":\"d37a0a101f1cf788ceba983d7401b63a\",\"resource_name\":\"i-0ef9daf3d9bd9c136\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/roaris/CVE-2024-27304-PoC\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.01391,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8.9,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":9.3,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U\"}},\"status\":\"auto_closed\",\"title\":\"pgproto3 SQL Injection via Protocol Message Size Overflow\",\"vulnerability\":{\"cwes\":[\"CWE-89\",\"CWE-190\"],\"hash\":\"f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838617692,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"fix_version:v2.3.4-0.20250125160525-bc041643406d\",\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"cluster_name:oddish-b\",\"ecosystem:go\",\"event_type:close\",\"orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54\",\"env:staging\",\"base_severity:critical\",\"kube_node:ip-10-128-69-249.ec2.internal\",\"source:datadog\",\"site:datad0g.com\",\"fix_available:available\",\"scored:false\",\"alias:go-2024-2606\",\"kube_node_role:compute\",\"severity:high\",\"asset_type:host\",\"os_name:ubuntu\",\"assignee:none\",\"asset_id:i-0ef9daf3d9bd9c136\",\"assignee_id:none\",\"in_production:false\",\"node.datadoghq.com/flavor:nodeless-fastephemeral\",\"hash:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"node.datadoghq.com/cgroup:v2\",\"nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"score:8.9\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"base_score:9.3\",\"kube_cluster_name:oddish-b\",\"instance_type:m6gd.8xlarge\",\"package_version:v2.3.2\",\"alias:ghsa-mrww-27vc-gghv\",\"alias:cga-vmcg-54pm-cp7r\",\"kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"public_exploit_available:true\",\"dd_rule_type:not-empty\",\"vuln_id:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"vulnerability_status:auto-closed\",\"ng_cluster_autoscaler:true\",\"last_detected_minutes:0\",\"epss_raw_score:0.01391\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"node.datadoghq.com/version:v6-271-0\",\"datacenter:us1.staging.dog\",\"alias:cve-2024-27304\",\"previous_status:open\",\"package_name:github.com/jackc/pgproto3/v2\",\"cve:cve-2024-27304\",\"alias:cga-rqqc-qwmr-qw72\",\"cpu_arch:arm64\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838617692}},{\"id\":\"MjU5YjI1MWNiNzU4YzgxMmFkODFjZTIwMWUxNjc4ZWN-ZjA5ZTUwMDgzNWU3ZGVhYzBjOTJjYzU2NmU2NzMyNDQ=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-41110\",\"GO-2024-3005\"],\"cve\":\"CVE-2024-41110\",\"id\":\"GHSA-v23v-6jw2-98fq\",\"modified_at\":1723230467000,\"published_at\":1722334737000,\"summary\":\"Authz zero length regression\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"i-0e88c4cb2030f0900\"},\"detection_changed_at\":1765838617584,\"finding_id\":\"MjU5YjI1MWNiNzU4YzgxMmFkODFjZTIwMWUxNjc4ZWN-ZjA5ZTUwMDgzNWU3ZGVhYzBjOTJjYzU2NmU2NzMyNDQ=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765836323780,\"host\":{\"name\":\"i-0e88c4cb2030f0900\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"oddish-b\"},\"last_seen_at\":1765838617584,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/docker/docker\"],\"name\":\"github.com/docker/docker\",\"normalized_name\":\"github.com/docker/docker\",\"version\":\"v26.0.1+incompatible\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/docker/docker\",\"version\":\"26.1.5\"}]},\"recommended\":{\"name\":\"github.com/docker/docker\",\"version\":\"26.1.5\"}},\"resource_id\":\"f09e500835e7deac0c92cc566e673244\",\"resource_name\":\"i-0e88c4cb2030f0900\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/PauloParoPP/CVE-2024-41110-SCAN\",\"https://github.com/vvpoglazov/cve-2024-41110-checker\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.03074,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8.8,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":9.4,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\"}},\"status\":\"auto_closed\",\"title\":\"Authz zero length regression\",\"vulnerability\":{\"cwes\":[\"CWE-187\"],\"hash\":\"a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838617584,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"exposure_time_days:0\",\"package_version:v26.0.1_incompatible\",\"kube_node_role:nodeless\",\"cluster_name:oddish-b\",\"ecosystem:go\",\"event_type:close\",\"orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54\",\"env:staging\",\"base_severity:critical\",\"source:datadog\",\"site:datad0g.com\",\"fix_available:available\",\"epss_raw_score:0.03074\",\"scored:false\",\"kube_node_role:compute\",\"severity:high\",\"package_name:github.com/docker/docker\",\"asset_type:host\",\"os_name:ubuntu\",\"assignee:none\",\"vuln_id:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f\",\"assignee_id:none\",\"in_production:false\",\"alias:go-2024-3005\",\"node.datadoghq.com/flavor:nodeless-fastephemeral\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"node.datadoghq.com/cgroup:v2\",\"score:8.8\",\"nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"asset_id:i-0e88c4cb2030f0900\",\"kube_cluster_name:oddish-b\",\"base_score:9.4\",\"instance_type:m6gd.8xlarge\",\"kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"public_exploit_available:true\",\"dd_rule_type:not-empty\",\"fix_version:v299999999.0.0-20200612211812-aaf470eca7b5_incompatible\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"vulnerability_status:auto-closed\",\"ng_cluster_autoscaler:true\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"hash:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f\",\"kube_node:ip-10-128-69-26.ec2.internal\",\"node.datadoghq.com/version:v6-271-0\",\"alias:cve-2024-41110\",\"datacenter:us1.staging.dog\",\"previous_status:open\",\"cpu_arch:arm64\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"cve:cve-2024-41110\",\"env:staging\"],\"timestamp\":1765838617584}}],\"meta\":{\"elapsed\":1369,\"page\":{\"after\":\"eyJhZnRlciI6IkF3QUFBWnNrTHZ2d2NDUnlSQUFBQUJoQlduTnJUSFoyZDBGQlFsSkxaV05HYVMxcGNVbDNSV2tBQUFBa1pERTVZakkwTW1ZdE1ESXpOQzAwT0RaaUxUZ3hNbVl0T1RGaFlUZ3lOemcyTkRRMkFBQURjQSIsInZhbHVlcyI6WzE3NjU4Mzg2MTc1ODQsIjIwMjUtMTItMTVUMjI6NDM6MzcuNTg0WiIsMTg4MTQzNjc0MF19\"},\"request_id\":\"pddv1ChZNOVExUVJTblR5Q3JvSmtydGt3ck9BIi0KHZfc9G79MgJZpw5AiBM4qDleF_HVmgTTjgrQEVbBEgxR6Pf9JbnOhfIiPxQ\",\"status\":\"done\"},\"links\":{\"next\":\"/api/v2/security/findings?filter%5Bquery%5D=%40severity%3Acritical+OR+%40severity%3Ahigh\\u0026page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrTHZ2d2NDUnlSQUFBQUJoQlduTnJUSFoyZDBGQlFsSkxaV05HYVMxcGNVbDNSV2tBQUFBa1pERTVZakkwTW1ZdE1ESXpOQzAwT0RaaUxUZ3hNbVl0T1RGaFlUZ3lOemcyTkRRMkFBQURjQSIsInZhbHVlcyI6WzE3NjU4Mzg2MTc1ODQsIjIwMjUtMTItMTVUMjI6NDM6MzcuNTg0WiIsMTg4MTQzNjc0MF19\\u0026page%5Blimit%5D=10\\u0026sort=-%40detection_changed_at\"}}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/vnd.api+json" + } + ], + "headersSize": 682, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2025-12-15T22:43:55.555Z", + "time": 1488 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/examples/v2/security-monitoring/ListSecurityFindings.ts b/examples/v2/security-monitoring/ListSecurityFindings.ts new file mode 100644 index 000000000000..e9f602edec1f --- /dev/null +++ b/examples/v2/security-monitoring/ListSecurityFindings.ts @@ -0,0 +1,18 @@ +/** + * List security findings returns "OK" response + */ + +import { client, v2 } from "@datadog/datadog-api-client"; + +const configuration = client.createConfiguration(); +configuration.unstableOperations["v2.listSecurityFindings"] = true; +const apiInstance = new v2.SecurityMonitoringApi(configuration); + +apiInstance + .listSecurityFindings() + .then((data: v2.ListSecurityFindingsResponse) => { + console.log( + "API called successfully. Returned data: " + JSON.stringify(data) + ); + }) + .catch((error: any) => console.error(error)); diff --git a/examples/v2/security-monitoring/ListSecurityFindings_2925663885.ts b/examples/v2/security-monitoring/ListSecurityFindings_2925663885.ts new file mode 100644 index 000000000000..990bedbc86fb --- /dev/null +++ b/examples/v2/security-monitoring/ListSecurityFindings_2925663885.ts @@ -0,0 +1,22 @@ +/** + * List security findings returns "OK" response with pagination + */ + +import { client, v2 } from "@datadog/datadog-api-client"; + +const configuration = client.createConfiguration(); +configuration.unstableOperations["v2.listSecurityFindings"] = true; +const apiInstance = new v2.SecurityMonitoringApi(configuration); + +const params: v2.SecurityMonitoringApiListSecurityFindingsRequest = { + pageLimit: 5, +}; + +apiInstance + .listSecurityFindings(params) + .then((data: v2.ListSecurityFindingsResponse) => { + console.log( + "API called successfully. Returned data: " + JSON.stringify(data) + ); + }) + .catch((error: any) => console.error(error)); diff --git a/examples/v2/security-monitoring/SearchSecurityFindings.ts b/examples/v2/security-monitoring/SearchSecurityFindings.ts new file mode 100644 index 000000000000..7f368acb0e46 --- /dev/null +++ b/examples/v2/security-monitoring/SearchSecurityFindings.ts @@ -0,0 +1,28 @@ +/** + * Search security findings returns "OK" response + */ + +import { client, v2 } from "@datadog/datadog-api-client"; + +const configuration = client.createConfiguration(); +configuration.unstableOperations["v2.searchSecurityFindings"] = true; +const apiInstance = new v2.SecurityMonitoringApi(configuration); + +const params: v2.SecurityMonitoringApiSearchSecurityFindingsRequest = { + body: { + data: { + attributes: { + filter: "@severity:(critical OR high)", + }, + }, + }, +}; + +apiInstance + .searchSecurityFindings(params) + .then((data: v2.ListSecurityFindingsResponse) => { + console.log( + "API called successfully. Returned data: " + JSON.stringify(data) + ); + }) + .catch((error: any) => console.error(error)); diff --git a/examples/v2/security-monitoring/SearchSecurityFindings_3678541639.ts b/examples/v2/security-monitoring/SearchSecurityFindings_3678541639.ts new file mode 100644 index 000000000000..e1805296395a --- /dev/null +++ b/examples/v2/security-monitoring/SearchSecurityFindings_3678541639.ts @@ -0,0 +1,31 @@ +/** + * Search security findings returns "OK" response with pagination + */ + +import { client, v2 } from "@datadog/datadog-api-client"; + +const configuration = client.createConfiguration(); +configuration.unstableOperations["v2.searchSecurityFindings"] = true; +const apiInstance = new v2.SecurityMonitoringApi(configuration); + +const params: v2.SecurityMonitoringApiSearchSecurityFindingsRequest = { + body: { + data: { + attributes: { + filter: "@severity:(critical OR high)", + page: { + limit: 1, + }, + }, + }, + }, +}; + +apiInstance + .searchSecurityFindings(params) + .then((data: v2.ListSecurityFindingsResponse) => { + console.log( + "API called successfully. Returned data: " + JSON.stringify(data) + ); + }) + .catch((error: any) => console.error(error)); diff --git a/features/support/scenarios_model_mapping.ts b/features/support/scenarios_model_mapping.ts index 58bddf5a680b..0c47f5d3c05b 100644 --- a/features/support/scenarios_model_mapping.ts +++ b/features/support/scenarios_model_mapping.ts @@ -3909,6 +3909,25 @@ export const ScenariosModelMappings: {[key: string]: {[key: string]: any}} = { }, "operationResponseType": "GetFindingResponse", }, + "v2.ListSecurityFindings": { + "filterQuery": { + "type": "string", + "format": "", + }, + "pageCursor": { + "type": "string", + "format": "", + }, + "pageLimit": { + "type": "number", + "format": "int64", + }, + "sort": { + "type": "SecurityFindingsSort", + "format": "", + }, + "operationResponseType": "ListSecurityFindingsResponse", + }, "v2.CreateCases": { "body": { "type": "CreateCaseRequestArray", @@ -3948,6 +3967,13 @@ export const ScenariosModelMappings: {[key: string]: {[key: string]: any}} = { }, "operationResponseType": "FindingCaseResponse", }, + "v2.SearchSecurityFindings": { + "body": { + "type": "SecurityFindingsSearchRequest", + "format": "", + }, + "operationResponseType": "ListSecurityFindingsResponse", + }, "v2.ListAssetsSBOMs": { "pageToken": { "type": "string", diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index b3955e02b342..7434addb83f1 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -1321,6 +1321,32 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: List security findings returns "Bad Request" response + Given operation "ListSecurityFindings" enabled + And new "ListSecurityFindings" request + And request contains "page[cursor]" parameter with value "invalid_cursor" + When the request is sent + Then the response status is 400 Bad Request + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: List security findings returns "OK" response + Given operation "ListSecurityFindings" enabled + And new "ListSecurityFindings" request + When the request is sent + Then the response status is 200 OK + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: List security findings returns "OK" response with pagination + Given operation "ListSecurityFindings" enabled + And new "ListSecurityFindings" request + And request contains "page[limit]" parameter with value 5 + When the request is sent + Then the response status is 200 OK + And the response "data" has length 5 + And the response "meta.page" has field "after" + And the response "links" has field "next" + @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: List threat hunting jobs returns "Bad Request" response Given operation "ListThreatHuntingJobs" enabled @@ -1574,6 +1600,33 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: Search security findings returns "Bad Request" response + Given operation "SearchSecurityFindings" enabled + And new "SearchSecurityFindings" request + And body with value {"page": {"cursor": "invalid_cursor"}} + When the request is sent + Then the response status is 400 Bad Request + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: Search security findings returns "OK" response + Given operation "SearchSecurityFindings" enabled + And new "SearchSecurityFindings" request + And body with value {"data": {"attributes": {"filter": "@severity:(critical OR high)"}}} + When the request is sent + Then the response status is 200 OK + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform @with-pagination + Scenario: Search security findings returns "OK" response with pagination + Given operation "SearchSecurityFindings" enabled + And new "SearchSecurityFindings" request + And body with value {"data": {"attributes": {"filter": "@severity:(critical OR high)", "page": {"limit": 1}}}} + When the request is sent + Then the response status is 200 OK + And the response "data" has length 1 + And the response "meta.page" has field "after" + And the response "links" has field "next" + @skip @team:DataDog/k9-cloud-security-platform Scenario: Test a rule returns "Bad Request" response Given new "TestSecurityMonitoringRule" request diff --git a/features/v2/undo.json b/features/v2/undo.json index e0f0b98d0c96..6aaa0f3d9764 100644 --- a/features/v2/undo.json +++ b/features/v2/undo.json @@ -3732,6 +3732,12 @@ "type": "safe" } }, + "ListSecurityFindings": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "DetachCase": { "tag": "Security Monitoring", "undo": { @@ -3776,6 +3782,12 @@ "type": "unsafe" } }, + "SearchSecurityFindings": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "ListAssetsSBOMs": { "tag": "Security Monitoring", "undo": { diff --git a/packages/datadog-api-client-common/configuration.ts b/packages/datadog-api-client-common/configuration.ts index b94887bb37de..ab06496a6e0d 100644 --- a/packages/datadog-api-client-common/configuration.ts +++ b/packages/datadog-api-client-common/configuration.ts @@ -257,12 +257,14 @@ export function createConfiguration( "v2.listFindings": false, "v2.listMultipleRulesets": false, "v2.listScannedAssetsMetadata": false, + "v2.listSecurityFindings": false, "v2.listSecurityMonitoringHistsignals": false, "v2.listThreatHuntingJobs": false, "v2.listVulnerabilities": false, "v2.listVulnerableAssets": false, "v2.muteFindings": false, "v2.runThreatHuntingJob": false, + "v2.searchSecurityFindings": false, "v2.searchSecurityMonitoringHistsignals": false, "v2.createDataset": false, "v2.deleteDataset": false, diff --git a/packages/datadog-api-client-v2/apis/SecurityMonitoringApi.ts b/packages/datadog-api-client-v2/apis/SecurityMonitoringApi.ts index 1947cd7e7ca8..76793ae59188 100644 --- a/packages/datadog-api-client-v2/apis/SecurityMonitoringApi.ts +++ b/packages/datadog-api-client-v2/apis/SecurityMonitoringApi.ts @@ -49,6 +49,7 @@ import { JobCreateResponse } from "../models/JobCreateResponse"; import { JSONAPIErrorResponse } from "../models/JSONAPIErrorResponse"; import { ListAssetsSBOMsResponse } from "../models/ListAssetsSBOMsResponse"; import { ListFindingsResponse } from "../models/ListFindingsResponse"; +import { ListSecurityFindingsResponse } from "../models/ListSecurityFindingsResponse"; import { ListThreatHuntingJobsResponse } from "../models/ListThreatHuntingJobsResponse"; import { ListVulnerabilitiesResponse } from "../models/ListVulnerabilitiesResponse"; import { ListVulnerableAssetsResponse } from "../models/ListVulnerableAssetsResponse"; @@ -64,6 +65,12 @@ import { SecurityFilterCreateRequest } from "../models/SecurityFilterCreateReque import { SecurityFilterResponse } from "../models/SecurityFilterResponse"; import { SecurityFiltersResponse } from "../models/SecurityFiltersResponse"; import { SecurityFilterUpdateRequest } from "../models/SecurityFilterUpdateRequest"; +import { SecurityFindingsData } from "../models/SecurityFindingsData"; +import { SecurityFindingsSearchRequest } from "../models/SecurityFindingsSearchRequest"; +import { SecurityFindingsSearchRequestData } from "../models/SecurityFindingsSearchRequestData"; +import { SecurityFindingsSearchRequestDataAttributes } from "../models/SecurityFindingsSearchRequestDataAttributes"; +import { SecurityFindingsSearchRequestPage } from "../models/SecurityFindingsSearchRequestPage"; +import { SecurityFindingsSort } from "../models/SecurityFindingsSort"; import { SecurityMonitoringListRulesResponse } from "../models/SecurityMonitoringListRulesResponse"; import { SecurityMonitoringRuleConvertPayload } from "../models/SecurityMonitoringRuleConvertPayload"; import { SecurityMonitoringRuleConvertResponse } from "../models/SecurityMonitoringRuleConvertResponse"; @@ -2484,6 +2491,70 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { return requestContext; } + public async listSecurityFindings( + filterQuery?: string, + pageCursor?: string, + pageLimit?: number, + sort?: SecurityFindingsSort, + _options?: Configuration + ): Promise { + const _config = _options || this.configuration; + + logger.warn("Using unstable operation 'listSecurityFindings'"); + if (!_config.unstableOperations["v2.listSecurityFindings"]) { + throw new Error("Unstable operation 'listSecurityFindings' is disabled"); + } + + // Path Params + const localVarPath = "/api/v2/security/findings"; + + // Make Request Context + const requestContext = _config + .getServer("v2.SecurityMonitoringApi.listSecurityFindings") + .makeRequestContext(localVarPath, HttpMethod.GET); + requestContext.setHeaderParam("Accept", "application/json"); + requestContext.setHttpConfig(_config.httpConfig); + + // Query Params + if (filterQuery !== undefined) { + requestContext.setQueryParam( + "filter[query]", + ObjectSerializer.serialize(filterQuery, "string", ""), + "" + ); + } + if (pageCursor !== undefined) { + requestContext.setQueryParam( + "page[cursor]", + ObjectSerializer.serialize(pageCursor, "string", ""), + "" + ); + } + if (pageLimit !== undefined) { + requestContext.setQueryParam( + "page[limit]", + ObjectSerializer.serialize(pageLimit, "number", "int64"), + "" + ); + } + if (sort !== undefined) { + requestContext.setQueryParam( + "sort", + ObjectSerializer.serialize(sort, "SecurityFindingsSort", ""), + "" + ); + } + + // Apply auth methods + applySecurityAuthentication(_config, requestContext, [ + "apiKeyAuth", + "appKeyAuth", + "AuthZ", + ]); + + return requestContext; + } + public async listSecurityMonitoringHistsignals( filterQuery?: string, filterFrom?: Date, @@ -3582,6 +3653,55 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { return requestContext; } + public async searchSecurityFindings( + body: SecurityFindingsSearchRequest, + _options?: Configuration + ): Promise { + const _config = _options || this.configuration; + + logger.warn("Using unstable operation 'searchSecurityFindings'"); + if (!_config.unstableOperations["v2.searchSecurityFindings"]) { + throw new Error( + "Unstable operation 'searchSecurityFindings' is disabled" + ); + } + + // verify required parameter 'body' is not null or undefined + if (body === null || body === undefined) { + throw new RequiredError("body", "searchSecurityFindings"); + } + + // Path Params + const localVarPath = "/api/v2/security/findings/search"; + + // Make Request Context + const requestContext = _config + .getServer("v2.SecurityMonitoringApi.searchSecurityFindings") + .makeRequestContext(localVarPath, HttpMethod.POST); + requestContext.setHeaderParam("Accept", "application/json"); + requestContext.setHttpConfig(_config.httpConfig); + + // Body Params + const contentType = ObjectSerializer.getPreferredMediaType([ + "application/json", + ]); + requestContext.setHeaderParam("Content-Type", contentType); + const serializedBody = ObjectSerializer.stringify( + ObjectSerializer.serialize(body, "SecurityFindingsSearchRequest", ""), + contentType + ); + requestContext.setBody(serializedBody); + + // Apply auth methods + applySecurityAuthentication(_config, requestContext, [ + "apiKeyAuth", + "appKeyAuth", + "AuthZ", + ]); + + return requestContext; + } + public async searchSecurityMonitoringHistsignals( body?: SecurityMonitoringSignalListRequest, _options?: Configuration @@ -7246,6 +7366,68 @@ export class SecurityMonitoringApiResponseProcessor { ); } + /** + * Unwraps the actual response sent by the server from the response context and deserializes the response content + * to the expected objects + * + * @params response Response returned by the server for a request to listSecurityFindings + * @throws ApiException if the response code was not in [200, 299] + */ + public async listSecurityFindings( + response: ResponseContext + ): Promise { + const contentType = ObjectSerializer.normalizeMediaType( + response.headers["content-type"] + ); + if (response.httpStatusCode === 200) { + const body: ListSecurityFindingsResponse = ObjectSerializer.deserialize( + ObjectSerializer.parse(await response.body.text(), contentType), + "ListSecurityFindingsResponse" + ) as ListSecurityFindingsResponse; + return body; + } + if ( + response.httpStatusCode === 400 || + response.httpStatusCode === 403 || + response.httpStatusCode === 429 + ) { + const bodyText = ObjectSerializer.parse( + await response.body.text(), + contentType + ); + let body: APIErrorResponse; + try { + body = ObjectSerializer.deserialize( + bodyText, + "APIErrorResponse" + ) as APIErrorResponse; + } catch (error) { + logger.debug(`Got error deserializing error: ${error}`); + throw new ApiException( + response.httpStatusCode, + bodyText + ); + } + throw new ApiException(response.httpStatusCode, body); + } + + // Work around for missing responses in specification, e.g. for petstore.yaml + if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) { + const body: ListSecurityFindingsResponse = ObjectSerializer.deserialize( + ObjectSerializer.parse(await response.body.text(), contentType), + "ListSecurityFindingsResponse", + "" + ) as ListSecurityFindingsResponse; + return body; + } + + const body = (await response.body.text()) || ""; + throw new ApiException( + response.httpStatusCode, + 'Unknown API Status Code!\nBody: "' + body + '"' + ); + } + /** * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects @@ -8030,6 +8212,68 @@ export class SecurityMonitoringApiResponseProcessor { ); } + /** + * Unwraps the actual response sent by the server from the response context and deserializes the response content + * to the expected objects + * + * @params response Response returned by the server for a request to searchSecurityFindings + * @throws ApiException if the response code was not in [200, 299] + */ + public async searchSecurityFindings( + response: ResponseContext + ): Promise { + const contentType = ObjectSerializer.normalizeMediaType( + response.headers["content-type"] + ); + if (response.httpStatusCode === 200) { + const body: ListSecurityFindingsResponse = ObjectSerializer.deserialize( + ObjectSerializer.parse(await response.body.text(), contentType), + "ListSecurityFindingsResponse" + ) as ListSecurityFindingsResponse; + return body; + } + if ( + response.httpStatusCode === 400 || + response.httpStatusCode === 403 || + response.httpStatusCode === 429 + ) { + const bodyText = ObjectSerializer.parse( + await response.body.text(), + contentType + ); + let body: APIErrorResponse; + try { + body = ObjectSerializer.deserialize( + bodyText, + "APIErrorResponse" + ) as APIErrorResponse; + } catch (error) { + logger.debug(`Got error deserializing error: ${error}`); + throw new ApiException( + response.httpStatusCode, + bodyText + ); + } + throw new ApiException(response.httpStatusCode, body); + } + + // Work around for missing responses in specification, e.g. for petstore.yaml + if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) { + const body: ListSecurityFindingsResponse = ObjectSerializer.deserialize( + ObjectSerializer.parse(await response.body.text(), contentType), + "ListSecurityFindingsResponse", + "" + ) as ListSecurityFindingsResponse; + return body; + } + + const body = (await response.body.text()) || ""; + throw new ApiException( + response.httpStatusCode, + 'Unknown API Status Code!\nBody: "' + body + '"' + ); + } + /** * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects @@ -9317,6 +9561,29 @@ export interface SecurityMonitoringApiListScannedAssetsMetadataRequest { filterLastSuccessEnv?: string; } +export interface SecurityMonitoringApiListSecurityFindingsRequest { + /** + * The search query following log search syntax. + * @type string + */ + filterQuery?: string; + /** + * Get the next page of results with a cursor provided in the previous query. + * @type string + */ + pageCursor?: string; + /** + * The maximum number of findings in the response. + * @type number + */ + pageLimit?: number; + /** + * Sorts by @detection_changed_at. + * @type SecurityFindingsSort + */ + sort?: SecurityFindingsSort; +} + export interface SecurityMonitoringApiListSecurityMonitoringHistsignalsRequest { /** * The search query for security signals. @@ -9781,6 +10048,13 @@ export interface SecurityMonitoringApiRunThreatHuntingJobRequest { body: RunThreatHuntingJobRequest; } +export interface SecurityMonitoringApiSearchSecurityFindingsRequest { + /** + * @type SecurityFindingsSearchRequest + */ + body: SecurityFindingsSearchRequest; +} + export interface SecurityMonitoringApiSearchSecurityMonitoringHistsignalsRequest { /** * @type SecurityMonitoringSignalListRequest @@ -11234,6 +11508,95 @@ export class SecurityMonitoringApi { }); } + /** + * Get a list of security findings that match a search query. + * + * This endpoint requires one of the following permissions: + * - `security_monitoring_findings_read` + * - `appsec_vm_read` + * + * ### Query Syntax + * + * This endpoint uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix. + * + * Example: `@severity:(critical OR high) @status:open team:platform` + * @param param The request object + */ + public listSecurityFindings( + param: SecurityMonitoringApiListSecurityFindingsRequest = {}, + options?: Configuration + ): Promise { + const requestContextPromise = this.requestFactory.listSecurityFindings( + param.filterQuery, + param.pageCursor, + param.pageLimit, + param.sort, + options + ); + return requestContextPromise.then((requestContext) => { + return this.configuration.httpApi + .send(requestContext) + .then((responseContext) => { + return this.responseProcessor.listSecurityFindings(responseContext); + }); + }); + } + + /** + * Provide a paginated version of listSecurityFindings returning a generator with all the items. + */ + public async *listSecurityFindingsWithPagination( + param: SecurityMonitoringApiListSecurityFindingsRequest = {}, + options?: Configuration + ): AsyncGenerator { + let pageSize = 10; + if (param.pageLimit !== undefined) { + pageSize = param.pageLimit; + } + param.pageLimit = pageSize; + while (true) { + const requestContext = await this.requestFactory.listSecurityFindings( + param.filterQuery, + param.pageCursor, + param.pageLimit, + param.sort, + options + ); + const responseContext = await this.configuration.httpApi.send( + requestContext + ); + + const response = await this.responseProcessor.listSecurityFindings( + responseContext + ); + const responseData = response.data; + if (responseData === undefined) { + break; + } + const results = responseData; + for (const item of results) { + yield item; + } + if (results.length < pageSize) { + break; + } + const cursorMeta = response.meta; + if (cursorMeta === undefined) { + break; + } + const cursorMetaPage = cursorMeta.page; + if (cursorMetaPage === undefined) { + break; + } + const cursorMetaPageAfter = cursorMetaPage.after; + if (cursorMetaPageAfter === undefined) { + break; + } + + param.pageCursor = cursorMetaPageAfter; + } + } + /** * List hist signals. * @param param The request object @@ -11718,6 +12081,100 @@ export class SecurityMonitoringApi { }); } + /** + * Get a list of security findings that match a search query. + * + * This endpoint requires one of the following permissions: + * - `security_monitoring_findings_read` + * - `appsec_vm_read` + * + * ### Query Syntax + * + * The API uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix. + * + * Example: `@severity:(critical OR high) @status:open team:platform` + * @param param The request object + */ + public searchSecurityFindings( + param: SecurityMonitoringApiSearchSecurityFindingsRequest, + options?: Configuration + ): Promise { + const requestContextPromise = this.requestFactory.searchSecurityFindings( + param.body, + options + ); + return requestContextPromise.then((requestContext) => { + return this.configuration.httpApi + .send(requestContext) + .then((responseContext) => { + return this.responseProcessor.searchSecurityFindings(responseContext); + }); + }); + } + + /** + * Provide a paginated version of searchSecurityFindings returning a generator with all the items. + */ + public async *searchSecurityFindingsWithPagination( + param: SecurityMonitoringApiSearchSecurityFindingsRequest, + options?: Configuration + ): AsyncGenerator { + let pageSize = 10; + if (param.body.data === undefined) { + param.body.data = new SecurityFindingsSearchRequestData(); + } + if (param.body.data.attributes === undefined) { + param.body.data.attributes = + new SecurityFindingsSearchRequestDataAttributes(); + } + if (param.body.data.attributes.page === undefined) { + param.body.data.attributes.page = new SecurityFindingsSearchRequestPage(); + } + if (param.body.data.attributes.page.limit === undefined) { + param.body.data.attributes.page.limit = pageSize; + } else { + pageSize = param.body.data.attributes.page.limit; + } + while (true) { + const requestContext = await this.requestFactory.searchSecurityFindings( + param.body, + options + ); + const responseContext = await this.configuration.httpApi.send( + requestContext + ); + + const response = await this.responseProcessor.searchSecurityFindings( + responseContext + ); + const responseData = response.data; + if (responseData === undefined) { + break; + } + const results = responseData; + for (const item of results) { + yield item; + } + if (results.length < pageSize) { + break; + } + const cursorMeta = response.meta; + if (cursorMeta === undefined) { + break; + } + const cursorMetaPage = cursorMeta.page; + if (cursorMetaPage === undefined) { + break; + } + const cursorMetaPageAfter = cursorMetaPage.after; + if (cursorMetaPageAfter === undefined) { + break; + } + + param.body.data.attributes.page.cursor = cursorMetaPageAfter; + } + } + /** * Search hist signals. * @param param The request object diff --git a/packages/datadog-api-client-v2/index.ts b/packages/datadog-api-client-v2/index.ts index 3242bff3dd33..a5a473b013b7 100644 --- a/packages/datadog-api-client-v2/index.ts +++ b/packages/datadog-api-client-v2/index.ts @@ -782,6 +782,7 @@ export { SecurityMonitoringApiListFindingsRequest, SecurityMonitoringApiListMultipleRulesetsRequest, SecurityMonitoringApiListScannedAssetsMetadataRequest, + SecurityMonitoringApiListSecurityFindingsRequest, SecurityMonitoringApiListSecurityMonitoringHistsignalsRequest, SecurityMonitoringApiListSecurityMonitoringRulesRequest, SecurityMonitoringApiListSecurityMonitoringSignalsRequest, @@ -793,6 +794,7 @@ export { SecurityMonitoringApiPatchSignalNotificationRuleRequest, SecurityMonitoringApiPatchVulnerabilityNotificationRuleRequest, SecurityMonitoringApiRunThreatHuntingJobRequest, + SecurityMonitoringApiSearchSecurityFindingsRequest, SecurityMonitoringApiSearchSecurityMonitoringHistsignalsRequest, SecurityMonitoringApiSearchSecurityMonitoringSignalsRequest, SecurityMonitoringApiTestExistingSecurityMonitoringRuleRequest, @@ -2838,6 +2840,7 @@ export { ListRelationCatalogResponseLinks } from "./models/ListRelationCatalogRe export { ListRulesResponse } from "./models/ListRulesResponse"; export { ListRulesResponseDataItem } from "./models/ListRulesResponseDataItem"; export { ListRulesResponseLinks } from "./models/ListRulesResponseLinks"; +export { ListSecurityFindingsResponse } from "./models/ListSecurityFindingsResponse"; export { ListTagsResponse } from "./models/ListTagsResponse"; export { ListTagsResponseData } from "./models/ListTagsResponseData"; export { ListTagsResponseDataAttributes } from "./models/ListTagsResponseDataAttributes"; @@ -3952,6 +3955,18 @@ export { SecurityFilterType } from "./models/SecurityFilterType"; export { SecurityFilterUpdateAttributes } from "./models/SecurityFilterUpdateAttributes"; export { SecurityFilterUpdateData } from "./models/SecurityFilterUpdateData"; export { SecurityFilterUpdateRequest } from "./models/SecurityFilterUpdateRequest"; +export { SecurityFindingsAttributes } from "./models/SecurityFindingsAttributes"; +export { SecurityFindingsData } from "./models/SecurityFindingsData"; +export { SecurityFindingsDataType } from "./models/SecurityFindingsDataType"; +export { SecurityFindingsLinks } from "./models/SecurityFindingsLinks"; +export { SecurityFindingsMeta } from "./models/SecurityFindingsMeta"; +export { SecurityFindingsPage } from "./models/SecurityFindingsPage"; +export { SecurityFindingsSearchRequest } from "./models/SecurityFindingsSearchRequest"; +export { SecurityFindingsSearchRequestData } from "./models/SecurityFindingsSearchRequestData"; +export { SecurityFindingsSearchRequestDataAttributes } from "./models/SecurityFindingsSearchRequestDataAttributes"; +export { SecurityFindingsSearchRequestPage } from "./models/SecurityFindingsSearchRequestPage"; +export { SecurityFindingsSort } from "./models/SecurityFindingsSort"; +export { SecurityFindingsStatus } from "./models/SecurityFindingsStatus"; export { SecurityMonitoringFilter } from "./models/SecurityMonitoringFilter"; export { SecurityMonitoringFilterAction } from "./models/SecurityMonitoringFilterAction"; export { SecurityMonitoringListRulesResponse } from "./models/SecurityMonitoringListRulesResponse"; diff --git a/packages/datadog-api-client-v2/models/ListSecurityFindingsResponse.ts b/packages/datadog-api-client-v2/models/ListSecurityFindingsResponse.ts new file mode 100644 index 000000000000..e0f8e0a3b2da --- /dev/null +++ b/packages/datadog-api-client-v2/models/ListSecurityFindingsResponse.ts @@ -0,0 +1,71 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { SecurityFindingsData } from "./SecurityFindingsData"; +import { SecurityFindingsLinks } from "./SecurityFindingsLinks"; +import { SecurityFindingsMeta } from "./SecurityFindingsMeta"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * The expected response schema when listing security findings. + */ +export class ListSecurityFindingsResponse { + /** + * Array of security findings matching the search query. + */ + "data"?: Array; + /** + * Links for pagination. + */ + "links"?: SecurityFindingsLinks; + /** + * Metadata about the response. + */ + "meta"?: SecurityFindingsMeta; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + data: { + baseName: "data", + type: "Array", + }, + links: { + baseName: "links", + type: "SecurityFindingsLinks", + }, + meta: { + baseName: "meta", + type: "SecurityFindingsMeta", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return ListSecurityFindingsResponse.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/ObjectSerializer.ts b/packages/datadog-api-client-v2/models/ObjectSerializer.ts index a516b43547ef..387f01de47e5 100644 --- a/packages/datadog-api-client-v2/models/ObjectSerializer.ts +++ b/packages/datadog-api-client-v2/models/ObjectSerializer.ts @@ -1430,6 +1430,7 @@ import { ListRelationCatalogResponseLinks } from "./ListRelationCatalogResponseL import { ListRulesResponse } from "./ListRulesResponse"; import { ListRulesResponseDataItem } from "./ListRulesResponseDataItem"; import { ListRulesResponseLinks } from "./ListRulesResponseLinks"; +import { ListSecurityFindingsResponse } from "./ListSecurityFindingsResponse"; import { ListTagsResponse } from "./ListTagsResponse"; import { ListTagsResponseData } from "./ListTagsResponseData"; import { ListTagsResponseDataAttributes } from "./ListTagsResponseDataAttributes"; @@ -2244,6 +2245,15 @@ import { SecurityFilterUpdateAttributes } from "./SecurityFilterUpdateAttributes import { SecurityFilterUpdateData } from "./SecurityFilterUpdateData"; import { SecurityFilterUpdateRequest } from "./SecurityFilterUpdateRequest"; import { SecurityFiltersResponse } from "./SecurityFiltersResponse"; +import { SecurityFindingsAttributes } from "./SecurityFindingsAttributes"; +import { SecurityFindingsData } from "./SecurityFindingsData"; +import { SecurityFindingsLinks } from "./SecurityFindingsLinks"; +import { SecurityFindingsMeta } from "./SecurityFindingsMeta"; +import { SecurityFindingsPage } from "./SecurityFindingsPage"; +import { SecurityFindingsSearchRequest } from "./SecurityFindingsSearchRequest"; +import { SecurityFindingsSearchRequestData } from "./SecurityFindingsSearchRequestData"; +import { SecurityFindingsSearchRequestDataAttributes } from "./SecurityFindingsSearchRequestDataAttributes"; +import { SecurityFindingsSearchRequestPage } from "./SecurityFindingsSearchRequestPage"; import { SecurityMonitoringFilter } from "./SecurityMonitoringFilter"; import { SecurityMonitoringListRulesResponse } from "./SecurityMonitoringListRulesResponse"; import { SecurityMonitoringReferenceTable } from "./SecurityMonitoringReferenceTable"; @@ -4048,6 +4058,9 @@ const enumsMap: { [key: string]: any[] } = { SecretRuleDataType: ["secret_rule"], SecurityFilterFilteredDataType: ["logs"], SecurityFilterType: ["security_filters"], + SecurityFindingsDataType: ["finding"], + SecurityFindingsSort: ["@detection_changed_at", "-@detection_changed_at"], + SecurityFindingsStatus: ["done", "timeout"], SecurityMonitoringFilterAction: ["require", "suppress"], SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration: [ 300, 600, 900, 1800, 3600, 10800, @@ -6105,6 +6118,7 @@ const typeMap: { [index: string]: any } = { ListRulesResponse: ListRulesResponse, ListRulesResponseDataItem: ListRulesResponseDataItem, ListRulesResponseLinks: ListRulesResponseLinks, + ListSecurityFindingsResponse: ListSecurityFindingsResponse, ListTagsResponse: ListTagsResponse, ListTagsResponseData: ListTagsResponseData, ListTagsResponseDataAttributes: ListTagsResponseDataAttributes, @@ -7090,6 +7104,16 @@ const typeMap: { [index: string]: any } = { SecurityFilterUpdateData: SecurityFilterUpdateData, SecurityFilterUpdateRequest: SecurityFilterUpdateRequest, SecurityFiltersResponse: SecurityFiltersResponse, + SecurityFindingsAttributes: SecurityFindingsAttributes, + SecurityFindingsData: SecurityFindingsData, + SecurityFindingsLinks: SecurityFindingsLinks, + SecurityFindingsMeta: SecurityFindingsMeta, + SecurityFindingsPage: SecurityFindingsPage, + SecurityFindingsSearchRequest: SecurityFindingsSearchRequest, + SecurityFindingsSearchRequestData: SecurityFindingsSearchRequestData, + SecurityFindingsSearchRequestDataAttributes: + SecurityFindingsSearchRequestDataAttributes, + SecurityFindingsSearchRequestPage: SecurityFindingsSearchRequestPage, SecurityMonitoringFilter: SecurityMonitoringFilter, SecurityMonitoringListRulesResponse: SecurityMonitoringListRulesResponse, SecurityMonitoringReferenceTable: SecurityMonitoringReferenceTable, diff --git a/packages/datadog-api-client-v2/models/SecurityFindingsAttributes.ts b/packages/datadog-api-client-v2/models/SecurityFindingsAttributes.ts new file mode 100644 index 000000000000..6af11f139cf6 --- /dev/null +++ b/packages/datadog-api-client-v2/models/SecurityFindingsAttributes.ts @@ -0,0 +1,69 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * The JSON object containing all attributes of the security finding. + */ +export class SecurityFindingsAttributes { + /** + * The custom attributes of the security finding. + */ + "attributes"?: { [key: string]: any }; + /** + * List of tags associated with the security finding. + */ + "tags"?: Array; + /** + * The Unix timestamp at which the detection changed for the resource. Same value as @detection_changed_at. + */ + "timestamp"?: number; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + attributes: { + baseName: "attributes", + type: "{ [key: string]: any; }", + }, + tags: { + baseName: "tags", + type: "Array", + }, + timestamp: { + baseName: "timestamp", + type: "number", + format: "int64", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityFindingsAttributes.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/SecurityFindingsData.ts b/packages/datadog-api-client-v2/models/SecurityFindingsData.ts new file mode 100644 index 000000000000..91c4057f92bf --- /dev/null +++ b/packages/datadog-api-client-v2/models/SecurityFindingsData.ts @@ -0,0 +1,70 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { SecurityFindingsAttributes } from "./SecurityFindingsAttributes"; +import { SecurityFindingsDataType } from "./SecurityFindingsDataType"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * A single security finding. + */ +export class SecurityFindingsData { + /** + * The JSON object containing all attributes of the security finding. + */ + "attributes"?: SecurityFindingsAttributes; + /** + * The unique ID of the security finding. + */ + "id"?: string; + /** + * The type of the security finding resource. + */ + "type"?: SecurityFindingsDataType; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + attributes: { + baseName: "attributes", + type: "SecurityFindingsAttributes", + }, + id: { + baseName: "id", + type: "string", + }, + type: { + baseName: "type", + type: "SecurityFindingsDataType", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityFindingsData.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/SecurityFindingsDataType.ts b/packages/datadog-api-client-v2/models/SecurityFindingsDataType.ts new file mode 100644 index 000000000000..ae1882789ea0 --- /dev/null +++ b/packages/datadog-api-client-v2/models/SecurityFindingsDataType.ts @@ -0,0 +1,14 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { UnparsedObject } from "../../datadog-api-client-common/util"; + +/** + * The type of the security finding resource. + */ + +export type SecurityFindingsDataType = typeof FINDING | UnparsedObject; +export const FINDING = "finding"; diff --git a/packages/datadog-api-client-v2/models/SecurityFindingsLinks.ts b/packages/datadog-api-client-v2/models/SecurityFindingsLinks.ts new file mode 100644 index 000000000000..fe9370d98b65 --- /dev/null +++ b/packages/datadog-api-client-v2/models/SecurityFindingsLinks.ts @@ -0,0 +1,52 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Links for pagination. + */ +export class SecurityFindingsLinks { + /** + * Link for the next page of results. Note that paginated requests can also be made using the POST endpoint. + */ + "next"?: string; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + next: { + baseName: "next", + type: "string", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityFindingsLinks.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/SecurityFindingsMeta.ts b/packages/datadog-api-client-v2/models/SecurityFindingsMeta.ts new file mode 100644 index 000000000000..ec998cf9d5ff --- /dev/null +++ b/packages/datadog-api-client-v2/models/SecurityFindingsMeta.ts @@ -0,0 +1,79 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { SecurityFindingsPage } from "./SecurityFindingsPage"; +import { SecurityFindingsStatus } from "./SecurityFindingsStatus"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Metadata about the response. + */ +export class SecurityFindingsMeta { + /** + * The time elapsed in milliseconds. + */ + "elapsed"?: number; + /** + * Pagination information. + */ + "page"?: SecurityFindingsPage; + /** + * The identifier of the request. + */ + "requestId"?: string; + /** + * The status of the response. + */ + "status"?: SecurityFindingsStatus; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + elapsed: { + baseName: "elapsed", + type: "number", + format: "int64", + }, + page: { + baseName: "page", + type: "SecurityFindingsPage", + }, + requestId: { + baseName: "request_id", + type: "string", + }, + status: { + baseName: "status", + type: "SecurityFindingsStatus", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityFindingsMeta.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/SecurityFindingsPage.ts b/packages/datadog-api-client-v2/models/SecurityFindingsPage.ts new file mode 100644 index 000000000000..5fde88648f81 --- /dev/null +++ b/packages/datadog-api-client-v2/models/SecurityFindingsPage.ts @@ -0,0 +1,52 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Pagination information. + */ +export class SecurityFindingsPage { + /** + * The cursor used to get the next page of results. + */ + "after"?: string; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + after: { + baseName: "after", + type: "string", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityFindingsPage.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/SecurityFindingsSearchRequest.ts b/packages/datadog-api-client-v2/models/SecurityFindingsSearchRequest.ts new file mode 100644 index 000000000000..1276df2f0487 --- /dev/null +++ b/packages/datadog-api-client-v2/models/SecurityFindingsSearchRequest.ts @@ -0,0 +1,53 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { SecurityFindingsSearchRequestData } from "./SecurityFindingsSearchRequestData"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * The request body for searching security findings. + */ +export class SecurityFindingsSearchRequest { + /** + * Request data for searching security findings. + */ + "data"?: SecurityFindingsSearchRequestData; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + data: { + baseName: "data", + type: "SecurityFindingsSearchRequestData", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityFindingsSearchRequest.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/SecurityFindingsSearchRequestData.ts b/packages/datadog-api-client-v2/models/SecurityFindingsSearchRequestData.ts new file mode 100644 index 000000000000..540d888291c8 --- /dev/null +++ b/packages/datadog-api-client-v2/models/SecurityFindingsSearchRequestData.ts @@ -0,0 +1,53 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { SecurityFindingsSearchRequestDataAttributes } from "./SecurityFindingsSearchRequestDataAttributes"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Request data for searching security findings. + */ +export class SecurityFindingsSearchRequestData { + /** + * Request attributes for searching security findings. + */ + "attributes"?: SecurityFindingsSearchRequestDataAttributes; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + attributes: { + baseName: "attributes", + type: "SecurityFindingsSearchRequestDataAttributes", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityFindingsSearchRequestData.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/SecurityFindingsSearchRequestDataAttributes.ts b/packages/datadog-api-client-v2/models/SecurityFindingsSearchRequestDataAttributes.ts new file mode 100644 index 000000000000..2c2451009853 --- /dev/null +++ b/packages/datadog-api-client-v2/models/SecurityFindingsSearchRequestDataAttributes.ts @@ -0,0 +1,70 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { SecurityFindingsSearchRequestPage } from "./SecurityFindingsSearchRequestPage"; +import { SecurityFindingsSort } from "./SecurityFindingsSort"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Request attributes for searching security findings. + */ +export class SecurityFindingsSearchRequestDataAttributes { + /** + * The search query following log search syntax. + */ + "filter"?: string; + /** + * Pagination attributes for the search request. + */ + "page"?: SecurityFindingsSearchRequestPage; + /** + * The sort parameters when querying security findings. + */ + "sort"?: SecurityFindingsSort; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + filter: { + baseName: "filter", + type: "string", + }, + page: { + baseName: "page", + type: "SecurityFindingsSearchRequestPage", + }, + sort: { + baseName: "sort", + type: "SecurityFindingsSort", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityFindingsSearchRequestDataAttributes.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/SecurityFindingsSearchRequestPage.ts b/packages/datadog-api-client-v2/models/SecurityFindingsSearchRequestPage.ts new file mode 100644 index 000000000000..10729e50c9fd --- /dev/null +++ b/packages/datadog-api-client-v2/models/SecurityFindingsSearchRequestPage.ts @@ -0,0 +1,61 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Pagination attributes for the search request. + */ +export class SecurityFindingsSearchRequestPage { + /** + * Get the next page of results with a cursor provided in the previous query. + */ + "cursor"?: string; + /** + * The maximum number of security findings in the response. + */ + "limit"?: number; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + cursor: { + baseName: "cursor", + type: "string", + }, + limit: { + baseName: "limit", + type: "number", + format: "int64", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityFindingsSearchRequestPage.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/SecurityFindingsSort.ts b/packages/datadog-api-client-v2/models/SecurityFindingsSort.ts new file mode 100644 index 000000000000..0ae7734a1746 --- /dev/null +++ b/packages/datadog-api-client-v2/models/SecurityFindingsSort.ts @@ -0,0 +1,18 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { UnparsedObject } from "../../datadog-api-client-common/util"; + +/** + * The sort parameters when querying security findings. + */ + +export type SecurityFindingsSort = + | typeof DETECTION_CHANGED_AT_ASC + | typeof DETECTION_CHANGED_AT_DESC + | UnparsedObject; +export const DETECTION_CHANGED_AT_ASC = "@detection_changed_at"; +export const DETECTION_CHANGED_AT_DESC = "-@detection_changed_at"; diff --git a/packages/datadog-api-client-v2/models/SecurityFindingsStatus.ts b/packages/datadog-api-client-v2/models/SecurityFindingsStatus.ts new file mode 100644 index 000000000000..96e72a080f68 --- /dev/null +++ b/packages/datadog-api-client-v2/models/SecurityFindingsStatus.ts @@ -0,0 +1,18 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { UnparsedObject } from "../../datadog-api-client-common/util"; + +/** + * The status of the response. + */ + +export type SecurityFindingsStatus = + | typeof DONE + | typeof TIMEOUT + | UnparsedObject; +export const DONE = "done"; +export const TIMEOUT = "timeout";