diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 196165112da..26ded8599f2 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -30705,6 +30705,19 @@ components: example: /api/v2/scorecard/rules?page%5Blimit%5D=2&page%5Boffset%5D=2&page%5Bsize%5D=2 type: string type: object + ListSecurityFindingsResponse: + description: The expected response schema when listing security findings. + properties: + data: + description: Array of security findings matching the search query. + items: + $ref: '#/components/schemas/SecurityFindingsData' + type: array + links: + $ref: '#/components/schemas/SecurityFindingsLinks' + meta: + $ref: '#/components/schemas/SecurityFindingsMeta' + type: object ListTagsResponse: description: List tags response. properties: @@ -47272,6 +47285,148 @@ components: meta: $ref: '#/components/schemas/SecurityFilterMeta' type: object + SecurityFindingsAttributes: + description: The JSON object containing all attributes of the security finding. + properties: + attributes: + additionalProperties: {} + description: The custom attributes of the security finding. + example: + severity: high + status: open + type: object + tags: + description: List of tags associated with the security finding. + example: + - team:platform + - env:prod + items: + type: string + type: array + timestamp: + description: The Unix timestamp at which the detection changed for the resource. + Same value as @detection_changed_at. + example: 1765901760 + format: int64 + type: integer + type: object + SecurityFindingsData: + description: A single security finding. + properties: + attributes: + $ref: '#/components/schemas/SecurityFindingsAttributes' + id: + description: The unique ID of the security finding. + example: ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw== + type: string + type: + $ref: '#/components/schemas/SecurityFindingsDataType' + type: object + SecurityFindingsDataType: + default: finding + description: The type of the security finding resource. + enum: + - finding + example: finding + type: string + x-enum-varnames: + - FINDING + SecurityFindingsLinks: + description: Links for pagination. + properties: + next: + description: Link for the next page of results. Note that paginated requests + can also be made using the POST endpoint. + example: https://app.datadoghq.com/api/v2/security/findings?page[cursor]=eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ==&page[limit]=25 + type: string + type: object + SecurityFindingsMeta: + description: Metadata about the response. + properties: + elapsed: + description: The time elapsed in milliseconds. + example: 548 + format: int64 + type: integer + page: + $ref: '#/components/schemas/SecurityFindingsPage' + request_id: + description: The identifier of the request. + example: pddv1ChZwVlMxMUdYRFRMQ1lyb3B4MGNYbFlnIi0KHQu35LDbucx + type: string + status: + $ref: '#/components/schemas/SecurityFindingsStatus' + type: object + SecurityFindingsPage: + description: Pagination information. + properties: + after: + description: The cursor used to get the next page of results. + example: eyJhZnRlciI6IkFRQUFBWWJiaEJXQS1OY1dqUUFBQUFCQldXSmlhRUpYUVVGQlJFSktkbTlDTUdaWFRVbDNRVUUiLCJ2YWx1ZXMiOlsiY3JpdGljYWwiXX0= + type: string + type: object + SecurityFindingsSearchRequest: + description: The request body for searching security findings. + properties: + data: + $ref: '#/components/schemas/SecurityFindingsSearchRequestData' + type: object + SecurityFindingsSearchRequestData: + description: Request data for searching security findings. + properties: + attributes: + $ref: '#/components/schemas/SecurityFindingsSearchRequestDataAttributes' + type: object + SecurityFindingsSearchRequestDataAttributes: + description: Request attributes for searching security findings. + properties: + filter: + default: '*' + description: The search query following log search syntax. + example: '@severity:(critical OR high) @status:open team:platform' + type: string + page: + $ref: '#/components/schemas/SecurityFindingsSearchRequestPage' + sort: + $ref: '#/components/schemas/SecurityFindingsSort' + type: object + SecurityFindingsSearchRequestPage: + description: Pagination attributes for the search request. + properties: + cursor: + description: Get the next page of results with a cursor provided in the + previous query. + example: eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ== + type: string + limit: + default: 10 + description: The maximum number of security findings in the response. + example: 25 + format: int64 + maximum: 150 + minimum: 1 + type: integer + type: object + SecurityFindingsSort: + default: -@detection_changed_at + description: The sort parameters when querying security findings. + enum: + - '@detection_changed_at' + - -@detection_changed_at + type: string + x-enum-varnames: + - DETECTION_CHANGED_AT_ASC + - DETECTION_CHANGED_AT_DESC + SecurityFindingsStatus: + description: The status of the response. + enum: + - done + - timeout + example: done + type: string + x-enum-varnames: + - DONE + - TIMEOUT SecurityMonitoringFilter: description: The rule's suppression filter. properties: @@ -58490,6 +58645,8 @@ components: apm_service_catalog_read: View service catalog and service definitions. apm_service_catalog_write: Add, modify, and delete service catalog definitions when those definitions are maintained by Datadog. + appsec_vm_read: View infrastructure, application code, and library vulnerability + findings. billing_read: View your organization's billing information. cases_read: View Cases. cases_write: Create and update cases. @@ -80641,6 +80798,98 @@ paths: operator: OR permissions: - security_monitoring_cws_agent_rules_read + /api/v2/security/findings: + get: + description: 'Get a list of security findings that match a search query. + + + This endpoint requires one of the following permissions: + + - `security_monitoring_findings_read` + + - `appsec_vm_read` + + + ### Query Syntax + + + This endpoint uses the logs query syntax. Findings attributes (living in the + custom. namespace) are prefixed by @ when queried. Tags are queried without + a prefix. + + + Example: `@severity:(critical OR high) @status:open team:platform`' + operationId: ListSecurityFindings + parameters: + - description: The search query following log search syntax. + example: '@severity:(critical OR high) @status:open team:platform' + in: query + name: filter[query] + required: false + schema: + default: '*' + type: string + - description: Get the next page of results with a cursor provided in the previous + query. + example: eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ== + in: query + name: page[cursor] + required: false + schema: + type: string + - description: The maximum number of findings in the response. + example: 25 + in: query + name: page[limit] + required: false + schema: + default: 10 + format: int64 + maximum: 150 + minimum: 1 + type: integer + - description: Sorts by @detection_changed_at. + in: query + name: sort + required: false + schema: + $ref: '#/components/schemas/SecurityFindingsSort' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListSecurityFindingsResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/ForbiddenResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_findings_read + - AuthZ: + - appsec_vm_read + summary: List security findings + tags: + - Security Monitoring + x-pagination: + cursorParam: page[cursor] + cursorPath: meta.page.after + limitParam: page[limit] + resultsPath: data + x-permission: + operator: OR + permissions: + - security_monitoring_findings_read + - appsec_vm_read + x-unstable: '**Note**: This endpoint is in beta and subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/security/findings/cases: delete: description: 'Detach security findings from their case. @@ -80860,6 +81109,70 @@ paths: x-unstable: '**Note**: This endpoint is in beta and is subject to change. Please check the documentation regularly for updates.' + /api/v2/security/findings/search: + post: + description: 'Get a list of security findings that match a search query. + + + This endpoint requires one of the following permissions: + + - `security_monitoring_findings_read` + + - `appsec_vm_read` + + + ### Query Syntax + + + The API uses the logs query syntax. Findings attributes (living in the custom. + namespace) are prefixed by @ when queried. Tags are queried without a prefix. + + + Example: `@severity:(critical OR high) @status:open team:platform`' + operationId: SearchSecurityFindings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityFindingsSearchRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListSecurityFindingsResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/ForbiddenResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_findings_read + - AuthZ: + - appsec_vm_read + summary: Search security findings + tags: + - Security Monitoring + x-codegen-request-body-name: body + x-pagination: + cursorParam: body.data.attributes.page.cursor + cursorPath: meta.page.after + limitParam: body.data.attributes.page.limit + resultsPath: data + x-permission: + operator: OR + permissions: + - security_monitoring_findings_read + - appsec_vm_read + x-unstable: '**Note**: This endpoint is in beta and subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/security/sboms: get: description: 'Get a list of assets SBOMs for an organization. diff --git a/examples/v2/security-monitoring/ListSecurityFindings.java b/examples/v2/security-monitoring/ListSecurityFindings.java new file mode 100644 index 00000000000..4d4fb976b48 --- /dev/null +++ b/examples/v2/security-monitoring/ListSecurityFindings.java @@ -0,0 +1,25 @@ +// List security findings returns "OK" response + +import com.datadog.api.client.ApiClient; +import com.datadog.api.client.ApiException; +import com.datadog.api.client.v2.api.SecurityMonitoringApi; +import com.datadog.api.client.v2.model.ListSecurityFindingsResponse; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = ApiClient.getDefaultApiClient(); + defaultClient.setUnstableOperationEnabled("v2.listSecurityFindings", true); + SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); + + try { + ListSecurityFindingsResponse result = apiInstance.listSecurityFindings(); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling SecurityMonitoringApi#listSecurityFindings"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} diff --git a/examples/v2/security-monitoring/ListSecurityFindings_2925663885.java b/examples/v2/security-monitoring/ListSecurityFindings_2925663885.java new file mode 100644 index 00000000000..356478786d2 --- /dev/null +++ b/examples/v2/security-monitoring/ListSecurityFindings_2925663885.java @@ -0,0 +1,28 @@ +// List security findings returns "OK" response with pagination + +import com.datadog.api.client.ApiClient; +import com.datadog.api.client.ApiException; +import com.datadog.api.client.v2.api.SecurityMonitoringApi; +import com.datadog.api.client.v2.api.SecurityMonitoringApi.ListSecurityFindingsOptionalParameters; +import com.datadog.api.client.v2.model.ListSecurityFindingsResponse; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = ApiClient.getDefaultApiClient(); + defaultClient.setUnstableOperationEnabled("v2.listSecurityFindings", true); + SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); + + try { + ListSecurityFindingsResponse result = + apiInstance.listSecurityFindings( + new ListSecurityFindingsOptionalParameters().pageLimit(5L)); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling SecurityMonitoringApi#listSecurityFindings"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} diff --git a/examples/v2/security-monitoring/SearchSecurityFindings.java b/examples/v2/security-monitoring/SearchSecurityFindings.java new file mode 100644 index 00000000000..135cfdc1d67 --- /dev/null +++ b/examples/v2/security-monitoring/SearchSecurityFindings.java @@ -0,0 +1,36 @@ +// Search security findings returns "OK" response + +import com.datadog.api.client.ApiClient; +import com.datadog.api.client.ApiException; +import com.datadog.api.client.v2.api.SecurityMonitoringApi; +import com.datadog.api.client.v2.model.ListSecurityFindingsResponse; +import com.datadog.api.client.v2.model.SecurityFindingsSearchRequest; +import com.datadog.api.client.v2.model.SecurityFindingsSearchRequestData; +import com.datadog.api.client.v2.model.SecurityFindingsSearchRequestDataAttributes; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = ApiClient.getDefaultApiClient(); + defaultClient.setUnstableOperationEnabled("v2.searchSecurityFindings", true); + SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); + + SecurityFindingsSearchRequest body = + new SecurityFindingsSearchRequest() + .data( + new SecurityFindingsSearchRequestData() + .attributes( + new SecurityFindingsSearchRequestDataAttributes() + .filter("@severity:(critical OR high)"))); + + try { + ListSecurityFindingsResponse result = apiInstance.searchSecurityFindings(body); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling SecurityMonitoringApi#searchSecurityFindings"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} diff --git a/examples/v2/security-monitoring/SearchSecurityFindings_3678541639.java b/examples/v2/security-monitoring/SearchSecurityFindings_3678541639.java new file mode 100644 index 00000000000..d6e8b8437f1 --- /dev/null +++ b/examples/v2/security-monitoring/SearchSecurityFindings_3678541639.java @@ -0,0 +1,38 @@ +// Search security findings returns "OK" response with pagination + +import com.datadog.api.client.ApiClient; +import com.datadog.api.client.ApiException; +import com.datadog.api.client.v2.api.SecurityMonitoringApi; +import com.datadog.api.client.v2.model.ListSecurityFindingsResponse; +import com.datadog.api.client.v2.model.SecurityFindingsSearchRequest; +import com.datadog.api.client.v2.model.SecurityFindingsSearchRequestData; +import com.datadog.api.client.v2.model.SecurityFindingsSearchRequestDataAttributes; +import com.datadog.api.client.v2.model.SecurityFindingsSearchRequestPage; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = ApiClient.getDefaultApiClient(); + defaultClient.setUnstableOperationEnabled("v2.searchSecurityFindings", true); + SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); + + SecurityFindingsSearchRequest body = + new SecurityFindingsSearchRequest() + .data( + new SecurityFindingsSearchRequestData() + .attributes( + new SecurityFindingsSearchRequestDataAttributes() + .filter("@severity:(critical OR high)") + .page(new SecurityFindingsSearchRequestPage().limit(1L)))); + + try { + ListSecurityFindingsResponse result = apiInstance.searchSecurityFindings(body); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling SecurityMonitoringApi#searchSecurityFindings"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} diff --git a/src/main/java/com/datadog/api/client/ApiClient.java b/src/main/java/com/datadog/api/client/ApiClient.java index 055495902d1..923c44c5c27 100644 --- a/src/main/java/com/datadog/api/client/ApiClient.java +++ b/src/main/java/com/datadog/api/client/ApiClient.java @@ -723,12 +723,14 @@ public class ApiClient { put("v2.listFindings", false); put("v2.listMultipleRulesets", false); put("v2.listScannedAssetsMetadata", false); + put("v2.listSecurityFindings", false); put("v2.listSecurityMonitoringHistsignals", false); put("v2.listThreatHuntingJobs", false); put("v2.listVulnerabilities", false); put("v2.listVulnerableAssets", false); put("v2.muteFindings", false); put("v2.runThreatHuntingJob", false); + put("v2.searchSecurityFindings", false); put("v2.searchSecurityMonitoringHistsignals", false); put("v2.createDataset", false); put("v2.deleteDataset", false); diff --git a/src/main/java/com/datadog/api/client/v2/api/SecurityMonitoringApi.java b/src/main/java/com/datadog/api/client/v2/api/SecurityMonitoringApi.java index a62e4b387a1..37a5f2ec189 100644 --- a/src/main/java/com/datadog/api/client/v2/api/SecurityMonitoringApi.java +++ b/src/main/java/com/datadog/api/client/v2/api/SecurityMonitoringApi.java @@ -36,6 +36,7 @@ import com.datadog.api.client.v2.model.JobCreateResponse; import com.datadog.api.client.v2.model.ListAssetsSBOMsResponse; import com.datadog.api.client.v2.model.ListFindingsResponse; +import com.datadog.api.client.v2.model.ListSecurityFindingsResponse; import com.datadog.api.client.v2.model.ListThreatHuntingJobsResponse; import com.datadog.api.client.v2.model.ListVulnerabilitiesResponse; import com.datadog.api.client.v2.model.ListVulnerableAssetsResponse; @@ -50,6 +51,12 @@ import com.datadog.api.client.v2.model.SecurityFilterResponse; import com.datadog.api.client.v2.model.SecurityFilterUpdateRequest; import com.datadog.api.client.v2.model.SecurityFiltersResponse; +import com.datadog.api.client.v2.model.SecurityFindingsData; +import com.datadog.api.client.v2.model.SecurityFindingsSearchRequest; +import com.datadog.api.client.v2.model.SecurityFindingsSearchRequestData; +import com.datadog.api.client.v2.model.SecurityFindingsSearchRequestDataAttributes; +import com.datadog.api.client.v2.model.SecurityFindingsSearchRequestPage; +import com.datadog.api.client.v2.model.SecurityFindingsSort; import com.datadog.api.client.v2.model.SecurityMonitoringListRulesResponse; import com.datadog.api.client.v2.model.SecurityMonitoringRuleConvertPayload; import com.datadog.api.client.v2.model.SecurityMonitoringRuleConvertResponse; @@ -8692,6 +8699,306 @@ public ApiResponse listSecurityFiltersWithHttpInfo() new GenericType() {}); } + /** Manage optional parameters to listSecurityFindings. */ + public static class ListSecurityFindingsOptionalParameters { + private String filterQuery; + private String pageCursor; + private Long pageLimit; + private SecurityFindingsSort sort; + + /** + * Set filterQuery. + * + * @param filterQuery The search query following log search syntax. (optional, default to "*") + * @return ListSecurityFindingsOptionalParameters + */ + public ListSecurityFindingsOptionalParameters filterQuery(String filterQuery) { + this.filterQuery = filterQuery; + return this; + } + + /** + * Set pageCursor. + * + * @param pageCursor Get the next page of results with a cursor provided in the previous query. + * (optional) + * @return ListSecurityFindingsOptionalParameters + */ + public ListSecurityFindingsOptionalParameters pageCursor(String pageCursor) { + this.pageCursor = pageCursor; + return this; + } + + /** + * Set pageLimit. + * + * @param pageLimit The maximum number of findings in the response. (optional, default to 10) + * @return ListSecurityFindingsOptionalParameters + */ + public ListSecurityFindingsOptionalParameters pageLimit(Long pageLimit) { + this.pageLimit = pageLimit; + return this; + } + + /** + * Set sort. + * + * @param sort Sorts by @detection_changed_at. (optional, default to "-@detection_changed_at") + * @return ListSecurityFindingsOptionalParameters + */ + public ListSecurityFindingsOptionalParameters sort(SecurityFindingsSort sort) { + this.sort = sort; + return this; + } + } + + /** + * List security findings. + * + *

See {@link #listSecurityFindingsWithHttpInfo}. + * + * @return ListSecurityFindingsResponse + * @throws ApiException if fails to make API call + */ + public ListSecurityFindingsResponse listSecurityFindings() throws ApiException { + return listSecurityFindingsWithHttpInfo(new ListSecurityFindingsOptionalParameters()).getData(); + } + + /** + * List security findings. + * + *

See {@link #listSecurityFindingsWithHttpInfoAsync}. + * + * @return CompletableFuture<ListSecurityFindingsResponse> + */ + public CompletableFuture listSecurityFindingsAsync() { + return listSecurityFindingsWithHttpInfoAsync(new ListSecurityFindingsOptionalParameters()) + .thenApply( + response -> { + return response.getData(); + }); + } + + /** + * List security findings. + * + *

See {@link #listSecurityFindingsWithHttpInfo}. + * + * @param parameters Optional parameters for the request. + * @return ListSecurityFindingsResponse + * @throws ApiException if fails to make API call + */ + public ListSecurityFindingsResponse listSecurityFindings( + ListSecurityFindingsOptionalParameters parameters) throws ApiException { + return listSecurityFindingsWithHttpInfo(parameters).getData(); + } + + /** + * List security findings. + * + *

See {@link #listSecurityFindingsWithHttpInfoAsync}. + * + * @param parameters Optional parameters for the request. + * @return CompletableFuture<ListSecurityFindingsResponse> + */ + public CompletableFuture listSecurityFindingsAsync( + ListSecurityFindingsOptionalParameters parameters) { + return listSecurityFindingsWithHttpInfoAsync(parameters) + .thenApply( + response -> { + return response.getData(); + }); + } + + /** + * List security findings. + * + *

See {@link #listSecurityFindingsWithHttpInfo}. + * + * @return PaginationIterable<SecurityFindingsData> + */ + public PaginationIterable listSecurityFindingsWithPagination() { + ListSecurityFindingsOptionalParameters parameters = + new ListSecurityFindingsOptionalParameters(); + return listSecurityFindingsWithPagination(parameters); + } + + /** + * List security findings. + * + *

See {@link #listSecurityFindingsWithHttpInfo}. + * + * @return ListSecurityFindingsResponse + */ + public PaginationIterable listSecurityFindingsWithPagination( + ListSecurityFindingsOptionalParameters parameters) { + String resultsPath = "getData"; + String valueGetterPath = "getMeta.getPage.getAfter"; + String valueSetterPath = "pageCursor"; + Boolean valueSetterParamOptional = true; + Long limit; + + if (parameters.pageLimit == null) { + limit = 10l; + parameters.pageLimit(limit); + } else { + limit = parameters.pageLimit; + } + + LinkedHashMap args = new LinkedHashMap(); + args.put("optionalParams", parameters); + + PaginationIterable iterator = + new PaginationIterable( + this, + "listSecurityFindings", + resultsPath, + valueGetterPath, + valueSetterPath, + valueSetterParamOptional, + true, + limit, + args); + + return iterator; + } + + /** + * Get a list of security findings that match a search query. + * + *

This endpoint requires one of the following permissions: - + * security_monitoring_findings_read - appsec_vm_read + * + *

Query Syntax

+ * + *

This endpoint uses the logs query syntax. Findings attributes (living in the custom. + * namespace) are prefixed by @ when queried. Tags are queried without a prefix. + * + *

Example: @severity:(critical OR high) @status:open team:platform + * + * @param parameters Optional parameters for the request. + * @return ApiResponse<ListSecurityFindingsResponse> + * @throws ApiException if fails to make API call + * @http.response.details + * + * + * + * + * + * + * + *
Response details
Status Code Description Response Headers
200 OK -
400 Bad Request -
403 Forbidden -
429 Too many requests -
+ */ + public ApiResponse listSecurityFindingsWithHttpInfo( + ListSecurityFindingsOptionalParameters parameters) throws ApiException { + // Check if unstable operation is enabled + String operationId = "listSecurityFindings"; + if (apiClient.isUnstableOperationEnabled("v2." + operationId)) { + apiClient.getLogger().warning(String.format("Using unstable operation '%s'", operationId)); + } else { + throw new ApiException(0, String.format("Unstable operation '%s' is disabled", operationId)); + } + Object localVarPostBody = null; + String filterQuery = parameters.filterQuery; + String pageCursor = parameters.pageCursor; + Long pageLimit = parameters.pageLimit; + SecurityFindingsSort sort = parameters.sort; + // create path and map variables + String localVarPath = "/api/v2/security/findings"; + + List localVarQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + + localVarQueryParams.addAll(apiClient.parameterToPairs("", "filter[query]", filterQuery)); + localVarQueryParams.addAll(apiClient.parameterToPairs("", "page[cursor]", pageCursor)); + localVarQueryParams.addAll(apiClient.parameterToPairs("", "page[limit]", pageLimit)); + localVarQueryParams.addAll(apiClient.parameterToPairs("", "sort", sort)); + + Invocation.Builder builder = + apiClient.createBuilder( + "v2.SecurityMonitoringApi.listSecurityFindings", + localVarPath, + localVarQueryParams, + localVarHeaderParams, + new HashMap(), + new String[] {"application/json"}, + new String[] {"apiKeyAuth", "appKeyAuth", "AuthZ"}); + return apiClient.invokeAPI( + "GET", + builder, + localVarHeaderParams, + new String[] {}, + localVarPostBody, + new HashMap(), + false, + new GenericType() {}); + } + + /** + * List security findings. + * + *

See {@link #listSecurityFindingsWithHttpInfo}. + * + * @param parameters Optional parameters for the request. + * @return CompletableFuture<ApiResponse<ListSecurityFindingsResponse>> + */ + public CompletableFuture> + listSecurityFindingsWithHttpInfoAsync(ListSecurityFindingsOptionalParameters parameters) { + // Check if unstable operation is enabled + String operationId = "listSecurityFindings"; + if (apiClient.isUnstableOperationEnabled("v2." + operationId)) { + apiClient.getLogger().warning(String.format("Using unstable operation '%s'", operationId)); + } else { + CompletableFuture> result = + new CompletableFuture<>(); + result.completeExceptionally( + new ApiException(0, String.format("Unstable operation '%s' is disabled", operationId))); + return result; + } + Object localVarPostBody = null; + String filterQuery = parameters.filterQuery; + String pageCursor = parameters.pageCursor; + Long pageLimit = parameters.pageLimit; + SecurityFindingsSort sort = parameters.sort; + // create path and map variables + String localVarPath = "/api/v2/security/findings"; + + List localVarQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + + localVarQueryParams.addAll(apiClient.parameterToPairs("", "filter[query]", filterQuery)); + localVarQueryParams.addAll(apiClient.parameterToPairs("", "page[cursor]", pageCursor)); + localVarQueryParams.addAll(apiClient.parameterToPairs("", "page[limit]", pageLimit)); + localVarQueryParams.addAll(apiClient.parameterToPairs("", "sort", sort)); + + Invocation.Builder builder; + try { + builder = + apiClient.createBuilder( + "v2.SecurityMonitoringApi.listSecurityFindings", + localVarPath, + localVarQueryParams, + localVarHeaderParams, + new HashMap(), + new String[] {"application/json"}, + new String[] {"apiKeyAuth", "appKeyAuth", "AuthZ"}); + } catch (ApiException ex) { + CompletableFuture> result = + new CompletableFuture<>(); + result.completeExceptionally(ex); + return result; + } + return apiClient.invokeAPIAsync( + "GET", + builder, + localVarHeaderParams, + new String[] {}, + localVarPostBody, + new HashMap(), + false, + new GenericType() {}); + } + /** Manage optional parameters to listSecurityMonitoringHistsignals. */ public static class ListSecurityMonitoringHistsignalsOptionalParameters { private String filterQuery; @@ -12183,6 +12490,222 @@ public CompletableFuture> runThreatHuntingJobWith new GenericType() {}); } + /** + * Search security findings. + * + *

See {@link #searchSecurityFindingsWithHttpInfo}. + * + * @param body (required) + * @return ListSecurityFindingsResponse + * @throws ApiException if fails to make API call + */ + public ListSecurityFindingsResponse searchSecurityFindings(SecurityFindingsSearchRequest body) + throws ApiException { + return searchSecurityFindingsWithHttpInfo(body).getData(); + } + + /** + * Search security findings. + * + *

See {@link #searchSecurityFindingsWithHttpInfoAsync}. + * + * @param body (required) + * @return CompletableFuture<ListSecurityFindingsResponse> + */ + public CompletableFuture searchSecurityFindingsAsync( + SecurityFindingsSearchRequest body) { + return searchSecurityFindingsWithHttpInfoAsync(body) + .thenApply( + response -> { + return response.getData(); + }); + } + + /** + * Search security findings. + * + *

See {@link #searchSecurityFindingsWithHttpInfo}. + * + * @param body (required) + * @return PaginationIterable<SecurityFindingsData> + */ + public PaginationIterable searchSecurityFindingsWithPagination( + SecurityFindingsSearchRequest body) { + String resultsPath = "getData"; + String valueGetterPath = "getMeta.getPage.getAfter"; + String valueSetterPath = "body.getData.getAttributes.getPage.setCursor"; + Boolean valueSetterParamOptional = false; + Long limit; + + if (body.getData() == null) { + body.setData(new SecurityFindingsSearchRequestData()); + } + + if (body.getData().getAttributes() == null) { + body.getData().setAttributes(new SecurityFindingsSearchRequestDataAttributes()); + } + + if (body.getData().getAttributes().getPage() == null) { + body.getData().getAttributes().setPage(new SecurityFindingsSearchRequestPage()); + } + + if (body.getData().getAttributes().getPage().getLimit() == null) { + limit = 10l; + body.getData().getAttributes().getPage().setLimit(limit); + } else { + limit = body.getData().getAttributes().getPage().getLimit(); + } + + LinkedHashMap args = new LinkedHashMap(); + args.put("body", body); + + PaginationIterable iterator = + new PaginationIterable( + this, + "searchSecurityFindings", + resultsPath, + valueGetterPath, + valueSetterPath, + valueSetterParamOptional, + true, + limit, + args); + + return iterator; + } + + /** + * Get a list of security findings that match a search query. + * + *

This endpoint requires one of the following permissions: - + * security_monitoring_findings_read - appsec_vm_read + * + *

Query Syntax

+ * + *

The API uses the logs query syntax. Findings attributes (living in the custom. namespace) + * are prefixed by @ when queried. Tags are queried without a prefix. + * + *

Example: @severity:(critical OR high) @status:open team:platform + * + * @param body (required) + * @return ApiResponse<ListSecurityFindingsResponse> + * @throws ApiException if fails to make API call + * @http.response.details + * + * + * + * + * + * + * + *
Response details
Status Code Description Response Headers
200 OK -
400 Bad Request -
403 Forbidden -
429 Too many requests -
+ */ + public ApiResponse searchSecurityFindingsWithHttpInfo( + SecurityFindingsSearchRequest body) throws ApiException { + // Check if unstable operation is enabled + String operationId = "searchSecurityFindings"; + if (apiClient.isUnstableOperationEnabled("v2." + operationId)) { + apiClient.getLogger().warning(String.format("Using unstable operation '%s'", operationId)); + } else { + throw new ApiException(0, String.format("Unstable operation '%s' is disabled", operationId)); + } + Object localVarPostBody = body; + + // verify the required parameter 'body' is set + if (body == null) { + throw new ApiException( + 400, "Missing the required parameter 'body' when calling searchSecurityFindings"); + } + // create path and map variables + String localVarPath = "/api/v2/security/findings/search"; + + Map localVarHeaderParams = new HashMap(); + + Invocation.Builder builder = + apiClient.createBuilder( + "v2.SecurityMonitoringApi.searchSecurityFindings", + localVarPath, + new ArrayList(), + localVarHeaderParams, + new HashMap(), + new String[] {"application/json"}, + new String[] {"apiKeyAuth", "appKeyAuth", "AuthZ"}); + return apiClient.invokeAPI( + "POST", + builder, + localVarHeaderParams, + new String[] {"application/json"}, + localVarPostBody, + new HashMap(), + false, + new GenericType() {}); + } + + /** + * Search security findings. + * + *

See {@link #searchSecurityFindingsWithHttpInfo}. + * + * @param body (required) + * @return CompletableFuture<ApiResponse<ListSecurityFindingsResponse>> + */ + public CompletableFuture> + searchSecurityFindingsWithHttpInfoAsync(SecurityFindingsSearchRequest body) { + // Check if unstable operation is enabled + String operationId = "searchSecurityFindings"; + if (apiClient.isUnstableOperationEnabled("v2." + operationId)) { + apiClient.getLogger().warning(String.format("Using unstable operation '%s'", operationId)); + } else { + CompletableFuture> result = + new CompletableFuture<>(); + result.completeExceptionally( + new ApiException(0, String.format("Unstable operation '%s' is disabled", operationId))); + return result; + } + Object localVarPostBody = body; + + // verify the required parameter 'body' is set + if (body == null) { + CompletableFuture> result = + new CompletableFuture<>(); + result.completeExceptionally( + new ApiException( + 400, "Missing the required parameter 'body' when calling searchSecurityFindings")); + return result; + } + // create path and map variables + String localVarPath = "/api/v2/security/findings/search"; + + Map localVarHeaderParams = new HashMap(); + + Invocation.Builder builder; + try { + builder = + apiClient.createBuilder( + "v2.SecurityMonitoringApi.searchSecurityFindings", + localVarPath, + new ArrayList(), + localVarHeaderParams, + new HashMap(), + new String[] {"application/json"}, + new String[] {"apiKeyAuth", "appKeyAuth", "AuthZ"}); + } catch (ApiException ex) { + CompletableFuture> result = + new CompletableFuture<>(); + result.completeExceptionally(ex); + return result; + } + return apiClient.invokeAPIAsync( + "POST", + builder, + localVarHeaderParams, + new String[] {"application/json"}, + localVarPostBody, + new HashMap(), + false, + new GenericType() {}); + } + /** Manage optional parameters to searchSecurityMonitoringHistsignals. */ public static class SearchSecurityMonitoringHistsignalsOptionalParameters { private SecurityMonitoringSignalListRequest body; diff --git a/src/main/java/com/datadog/api/client/v2/model/ListSecurityFindingsResponse.java b/src/main/java/com/datadog/api/client/v2/model/ListSecurityFindingsResponse.java new file mode 100644 index 00000000000..265eb7a3725 --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/ListSecurityFindingsResponse.java @@ -0,0 +1,208 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.fasterxml.jackson.annotation.JsonAnyGetter; +import com.fasterxml.jackson.annotation.JsonAnySetter; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Objects; + +/** The expected response schema when listing security findings. */ +@JsonPropertyOrder({ + ListSecurityFindingsResponse.JSON_PROPERTY_DATA, + ListSecurityFindingsResponse.JSON_PROPERTY_LINKS, + ListSecurityFindingsResponse.JSON_PROPERTY_META +}) +@jakarta.annotation.Generated( + value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") +public class ListSecurityFindingsResponse { + @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_DATA = "data"; + private List data = null; + + public static final String JSON_PROPERTY_LINKS = "links"; + private SecurityFindingsLinks links; + + public static final String JSON_PROPERTY_META = "meta"; + private SecurityFindingsMeta meta; + + public ListSecurityFindingsResponse data(List data) { + this.data = data; + for (SecurityFindingsData item : data) { + this.unparsed |= item.unparsed; + } + return this; + } + + public ListSecurityFindingsResponse addDataItem(SecurityFindingsData dataItem) { + if (this.data == null) { + this.data = new ArrayList<>(); + } + this.data.add(dataItem); + this.unparsed |= dataItem.unparsed; + return this; + } + + /** + * Array of security findings matching the search query. + * + * @return data + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_DATA) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public List getData() { + return data; + } + + public void setData(List data) { + this.data = data; + } + + public ListSecurityFindingsResponse links(SecurityFindingsLinks links) { + this.links = links; + this.unparsed |= links.unparsed; + return this; + } + + /** + * Links for pagination. + * + * @return links + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_LINKS) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public SecurityFindingsLinks getLinks() { + return links; + } + + public void setLinks(SecurityFindingsLinks links) { + this.links = links; + } + + public ListSecurityFindingsResponse meta(SecurityFindingsMeta meta) { + this.meta = meta; + this.unparsed |= meta.unparsed; + return this; + } + + /** + * Metadata about the response. + * + * @return meta + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_META) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public SecurityFindingsMeta getMeta() { + return meta; + } + + public void setMeta(SecurityFindingsMeta meta) { + this.meta = meta; + } + + /** + * A container for additional, undeclared properties. This is a holder for any undeclared + * properties as specified with the 'additionalProperties' keyword in the OAS document. + */ + private Map additionalProperties; + + /** + * Set the additional (undeclared) property with the specified name and value. If the property + * does not already exist, create it otherwise replace it. + * + * @param key The arbitrary key to set + * @param value The associated value + * @return ListSecurityFindingsResponse + */ + @JsonAnySetter + public ListSecurityFindingsResponse putAdditionalProperty(String key, Object value) { + if (this.additionalProperties == null) { + this.additionalProperties = new HashMap(); + } + this.additionalProperties.put(key, value); + return this; + } + + /** + * Return the additional (undeclared) property. + * + * @return The additional properties + */ + @JsonAnyGetter + public Map getAdditionalProperties() { + return additionalProperties; + } + + /** + * Return the additional (undeclared) property with the specified name. + * + * @param key The arbitrary key to get + * @return The specific additional property for the given key + */ + public Object getAdditionalProperty(String key) { + if (this.additionalProperties == null) { + return null; + } + return this.additionalProperties.get(key); + } + + /** Return true if this ListSecurityFindingsResponse object is equal to o. */ + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + ListSecurityFindingsResponse listSecurityFindingsResponse = (ListSecurityFindingsResponse) o; + return Objects.equals(this.data, listSecurityFindingsResponse.data) + && Objects.equals(this.links, listSecurityFindingsResponse.links) + && Objects.equals(this.meta, listSecurityFindingsResponse.meta) + && Objects.equals( + this.additionalProperties, listSecurityFindingsResponse.additionalProperties); + } + + @Override + public int hashCode() { + return Objects.hash(data, links, meta, additionalProperties); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class ListSecurityFindingsResponse {\n"); + sb.append(" data: ").append(toIndentedString(data)).append("\n"); + sb.append(" links: ").append(toIndentedString(links)).append("\n"); + sb.append(" meta: ").append(toIndentedString(meta)).append("\n"); + sb.append(" additionalProperties: ") + .append(toIndentedString(additionalProperties)) + .append("\n"); + sb.append('}'); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsAttributes.java b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsAttributes.java new file mode 100644 index 00000000000..3995871c57c --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsAttributes.java @@ -0,0 +1,211 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.fasterxml.jackson.annotation.JsonAnyGetter; +import com.fasterxml.jackson.annotation.JsonAnySetter; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Objects; + +/** The JSON object containing all attributes of the security finding. */ +@JsonPropertyOrder({ + SecurityFindingsAttributes.JSON_PROPERTY_ATTRIBUTES, + SecurityFindingsAttributes.JSON_PROPERTY_TAGS, + SecurityFindingsAttributes.JSON_PROPERTY_TIMESTAMP +}) +@jakarta.annotation.Generated( + value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") +public class SecurityFindingsAttributes { + @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_ATTRIBUTES = "attributes"; + private Map attributes = null; + + public static final String JSON_PROPERTY_TAGS = "tags"; + private List tags = null; + + public static final String JSON_PROPERTY_TIMESTAMP = "timestamp"; + private Long timestamp; + + public SecurityFindingsAttributes attributes(Map attributes) { + this.attributes = attributes; + return this; + } + + public SecurityFindingsAttributes putAttributesItem(String key, Object attributesItem) { + if (this.attributes == null) { + this.attributes = new HashMap<>(); + } + this.attributes.put(key, attributesItem); + return this; + } + + /** + * The custom attributes of the security finding. + * + * @return attributes + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_ATTRIBUTES) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public Map getAttributes() { + return attributes; + } + + public void setAttributes(Map attributes) { + this.attributes = attributes; + } + + public SecurityFindingsAttributes tags(List tags) { + this.tags = tags; + return this; + } + + public SecurityFindingsAttributes addTagsItem(String tagsItem) { + if (this.tags == null) { + this.tags = new ArrayList<>(); + } + this.tags.add(tagsItem); + return this; + } + + /** + * List of tags associated with the security finding. + * + * @return tags + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_TAGS) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public List getTags() { + return tags; + } + + public void setTags(List tags) { + this.tags = tags; + } + + public SecurityFindingsAttributes timestamp(Long timestamp) { + this.timestamp = timestamp; + return this; + } + + /** + * The Unix timestamp at which the detection changed for the resource. Same value + * as @detection_changed_at. + * + * @return timestamp + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_TIMESTAMP) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public Long getTimestamp() { + return timestamp; + } + + public void setTimestamp(Long timestamp) { + this.timestamp = timestamp; + } + + /** + * A container for additional, undeclared properties. This is a holder for any undeclared + * properties as specified with the 'additionalProperties' keyword in the OAS document. + */ + private Map additionalProperties; + + /** + * Set the additional (undeclared) property with the specified name and value. If the property + * does not already exist, create it otherwise replace it. + * + * @param key The arbitrary key to set + * @param value The associated value + * @return SecurityFindingsAttributes + */ + @JsonAnySetter + public SecurityFindingsAttributes putAdditionalProperty(String key, Object value) { + if (this.additionalProperties == null) { + this.additionalProperties = new HashMap(); + } + this.additionalProperties.put(key, value); + return this; + } + + /** + * Return the additional (undeclared) property. + * + * @return The additional properties + */ + @JsonAnyGetter + public Map getAdditionalProperties() { + return additionalProperties; + } + + /** + * Return the additional (undeclared) property with the specified name. + * + * @param key The arbitrary key to get + * @return The specific additional property for the given key + */ + public Object getAdditionalProperty(String key) { + if (this.additionalProperties == null) { + return null; + } + return this.additionalProperties.get(key); + } + + /** Return true if this SecurityFindingsAttributes object is equal to o. */ + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + SecurityFindingsAttributes securityFindingsAttributes = (SecurityFindingsAttributes) o; + return Objects.equals(this.attributes, securityFindingsAttributes.attributes) + && Objects.equals(this.tags, securityFindingsAttributes.tags) + && Objects.equals(this.timestamp, securityFindingsAttributes.timestamp) + && Objects.equals( + this.additionalProperties, securityFindingsAttributes.additionalProperties); + } + + @Override + public int hashCode() { + return Objects.hash(attributes, tags, timestamp, additionalProperties); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class SecurityFindingsAttributes {\n"); + sb.append(" attributes: ").append(toIndentedString(attributes)).append("\n"); + sb.append(" tags: ").append(toIndentedString(tags)).append("\n"); + sb.append(" timestamp: ").append(toIndentedString(timestamp)).append("\n"); + sb.append(" additionalProperties: ") + .append(toIndentedString(additionalProperties)) + .append("\n"); + sb.append('}'); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsData.java b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsData.java new file mode 100644 index 00000000000..0e1f0b01da1 --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsData.java @@ -0,0 +1,196 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.fasterxml.jackson.annotation.JsonAnyGetter; +import com.fasterxml.jackson.annotation.JsonAnySetter; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +/** A single security finding. */ +@JsonPropertyOrder({ + SecurityFindingsData.JSON_PROPERTY_ATTRIBUTES, + SecurityFindingsData.JSON_PROPERTY_ID, + SecurityFindingsData.JSON_PROPERTY_TYPE +}) +@jakarta.annotation.Generated( + value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") +public class SecurityFindingsData { + @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_ATTRIBUTES = "attributes"; + private SecurityFindingsAttributes attributes; + + public static final String JSON_PROPERTY_ID = "id"; + private String id; + + public static final String JSON_PROPERTY_TYPE = "type"; + private SecurityFindingsDataType type = SecurityFindingsDataType.FINDING; + + public SecurityFindingsData attributes(SecurityFindingsAttributes attributes) { + this.attributes = attributes; + this.unparsed |= attributes.unparsed; + return this; + } + + /** + * The JSON object containing all attributes of the security finding. + * + * @return attributes + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_ATTRIBUTES) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public SecurityFindingsAttributes getAttributes() { + return attributes; + } + + public void setAttributes(SecurityFindingsAttributes attributes) { + this.attributes = attributes; + } + + public SecurityFindingsData id(String id) { + this.id = id; + return this; + } + + /** + * The unique ID of the security finding. + * + * @return id + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_ID) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public String getId() { + return id; + } + + public void setId(String id) { + this.id = id; + } + + public SecurityFindingsData type(SecurityFindingsDataType type) { + this.type = type; + this.unparsed |= !type.isValid(); + return this; + } + + /** + * The type of the security finding resource. + * + * @return type + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_TYPE) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public SecurityFindingsDataType getType() { + return type; + } + + public void setType(SecurityFindingsDataType type) { + if (!type.isValid()) { + this.unparsed = true; + } + this.type = type; + } + + /** + * A container for additional, undeclared properties. This is a holder for any undeclared + * properties as specified with the 'additionalProperties' keyword in the OAS document. + */ + private Map additionalProperties; + + /** + * Set the additional (undeclared) property with the specified name and value. If the property + * does not already exist, create it otherwise replace it. + * + * @param key The arbitrary key to set + * @param value The associated value + * @return SecurityFindingsData + */ + @JsonAnySetter + public SecurityFindingsData putAdditionalProperty(String key, Object value) { + if (this.additionalProperties == null) { + this.additionalProperties = new HashMap(); + } + this.additionalProperties.put(key, value); + return this; + } + + /** + * Return the additional (undeclared) property. + * + * @return The additional properties + */ + @JsonAnyGetter + public Map getAdditionalProperties() { + return additionalProperties; + } + + /** + * Return the additional (undeclared) property with the specified name. + * + * @param key The arbitrary key to get + * @return The specific additional property for the given key + */ + public Object getAdditionalProperty(String key) { + if (this.additionalProperties == null) { + return null; + } + return this.additionalProperties.get(key); + } + + /** Return true if this SecurityFindingsData object is equal to o. */ + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + SecurityFindingsData securityFindingsData = (SecurityFindingsData) o; + return Objects.equals(this.attributes, securityFindingsData.attributes) + && Objects.equals(this.id, securityFindingsData.id) + && Objects.equals(this.type, securityFindingsData.type) + && Objects.equals(this.additionalProperties, securityFindingsData.additionalProperties); + } + + @Override + public int hashCode() { + return Objects.hash(attributes, id, type, additionalProperties); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class SecurityFindingsData {\n"); + sb.append(" attributes: ").append(toIndentedString(attributes)).append("\n"); + sb.append(" id: ").append(toIndentedString(id)).append("\n"); + sb.append(" type: ").append(toIndentedString(type)).append("\n"); + sb.append(" additionalProperties: ") + .append(toIndentedString(additionalProperties)) + .append("\n"); + sb.append('}'); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsDataType.java b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsDataType.java new file mode 100644 index 00000000000..cf3782c0077 --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsDataType.java @@ -0,0 +1,55 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.datadog.api.client.ModelEnum; +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; +import com.fasterxml.jackson.databind.ser.std.StdSerializer; +import java.io.IOException; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; + +/** The type of the security finding resource. */ +@JsonSerialize(using = SecurityFindingsDataType.SecurityFindingsDataTypeSerializer.class) +public class SecurityFindingsDataType extends ModelEnum { + + private static final Set allowedValues = new HashSet(Arrays.asList("finding")); + + public static final SecurityFindingsDataType FINDING = new SecurityFindingsDataType("finding"); + + SecurityFindingsDataType(String value) { + super(value, allowedValues); + } + + public static class SecurityFindingsDataTypeSerializer + extends StdSerializer { + public SecurityFindingsDataTypeSerializer(Class t) { + super(t); + } + + public SecurityFindingsDataTypeSerializer() { + this(null); + } + + @Override + public void serialize( + SecurityFindingsDataType value, JsonGenerator jgen, SerializerProvider provider) + throws IOException, JsonProcessingException { + jgen.writeObject(value.value); + } + } + + @JsonCreator + public static SecurityFindingsDataType fromValue(String value) { + return new SecurityFindingsDataType(value); + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsLinks.java b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsLinks.java new file mode 100644 index 00000000000..a547b33901a --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsLinks.java @@ -0,0 +1,136 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.fasterxml.jackson.annotation.JsonAnyGetter; +import com.fasterxml.jackson.annotation.JsonAnySetter; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +/** Links for pagination. */ +@JsonPropertyOrder({SecurityFindingsLinks.JSON_PROPERTY_NEXT}) +@jakarta.annotation.Generated( + value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") +public class SecurityFindingsLinks { + @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_NEXT = "next"; + private String next; + + public SecurityFindingsLinks next(String next) { + this.next = next; + return this; + } + + /** + * Link for the next page of results. Note that paginated requests can also be made using the POST + * endpoint. + * + * @return next + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_NEXT) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public String getNext() { + return next; + } + + public void setNext(String next) { + this.next = next; + } + + /** + * A container for additional, undeclared properties. This is a holder for any undeclared + * properties as specified with the 'additionalProperties' keyword in the OAS document. + */ + private Map additionalProperties; + + /** + * Set the additional (undeclared) property with the specified name and value. If the property + * does not already exist, create it otherwise replace it. + * + * @param key The arbitrary key to set + * @param value The associated value + * @return SecurityFindingsLinks + */ + @JsonAnySetter + public SecurityFindingsLinks putAdditionalProperty(String key, Object value) { + if (this.additionalProperties == null) { + this.additionalProperties = new HashMap(); + } + this.additionalProperties.put(key, value); + return this; + } + + /** + * Return the additional (undeclared) property. + * + * @return The additional properties + */ + @JsonAnyGetter + public Map getAdditionalProperties() { + return additionalProperties; + } + + /** + * Return the additional (undeclared) property with the specified name. + * + * @param key The arbitrary key to get + * @return The specific additional property for the given key + */ + public Object getAdditionalProperty(String key) { + if (this.additionalProperties == null) { + return null; + } + return this.additionalProperties.get(key); + } + + /** Return true if this SecurityFindingsLinks object is equal to o. */ + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + SecurityFindingsLinks securityFindingsLinks = (SecurityFindingsLinks) o; + return Objects.equals(this.next, securityFindingsLinks.next) + && Objects.equals(this.additionalProperties, securityFindingsLinks.additionalProperties); + } + + @Override + public int hashCode() { + return Objects.hash(next, additionalProperties); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class SecurityFindingsLinks {\n"); + sb.append(" next: ").append(toIndentedString(next)).append("\n"); + sb.append(" additionalProperties: ") + .append(toIndentedString(additionalProperties)) + .append("\n"); + sb.append('}'); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsMeta.java b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsMeta.java new file mode 100644 index 00000000000..ee54fe57a98 --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsMeta.java @@ -0,0 +1,223 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.fasterxml.jackson.annotation.JsonAnyGetter; +import com.fasterxml.jackson.annotation.JsonAnySetter; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +/** Metadata about the response. */ +@JsonPropertyOrder({ + SecurityFindingsMeta.JSON_PROPERTY_ELAPSED, + SecurityFindingsMeta.JSON_PROPERTY_PAGE, + SecurityFindingsMeta.JSON_PROPERTY_REQUEST_ID, + SecurityFindingsMeta.JSON_PROPERTY_STATUS +}) +@jakarta.annotation.Generated( + value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") +public class SecurityFindingsMeta { + @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_ELAPSED = "elapsed"; + private Long elapsed; + + public static final String JSON_PROPERTY_PAGE = "page"; + private SecurityFindingsPage page; + + public static final String JSON_PROPERTY_REQUEST_ID = "request_id"; + private String requestId; + + public static final String JSON_PROPERTY_STATUS = "status"; + private SecurityFindingsStatus status; + + public SecurityFindingsMeta elapsed(Long elapsed) { + this.elapsed = elapsed; + return this; + } + + /** + * The time elapsed in milliseconds. + * + * @return elapsed + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_ELAPSED) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public Long getElapsed() { + return elapsed; + } + + public void setElapsed(Long elapsed) { + this.elapsed = elapsed; + } + + public SecurityFindingsMeta page(SecurityFindingsPage page) { + this.page = page; + this.unparsed |= page.unparsed; + return this; + } + + /** + * Pagination information. + * + * @return page + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_PAGE) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public SecurityFindingsPage getPage() { + return page; + } + + public void setPage(SecurityFindingsPage page) { + this.page = page; + } + + public SecurityFindingsMeta requestId(String requestId) { + this.requestId = requestId; + return this; + } + + /** + * The identifier of the request. + * + * @return requestId + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_REQUEST_ID) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public String getRequestId() { + return requestId; + } + + public void setRequestId(String requestId) { + this.requestId = requestId; + } + + public SecurityFindingsMeta status(SecurityFindingsStatus status) { + this.status = status; + this.unparsed |= !status.isValid(); + return this; + } + + /** + * The status of the response. + * + * @return status + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_STATUS) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public SecurityFindingsStatus getStatus() { + return status; + } + + public void setStatus(SecurityFindingsStatus status) { + if (!status.isValid()) { + this.unparsed = true; + } + this.status = status; + } + + /** + * A container for additional, undeclared properties. This is a holder for any undeclared + * properties as specified with the 'additionalProperties' keyword in the OAS document. + */ + private Map additionalProperties; + + /** + * Set the additional (undeclared) property with the specified name and value. If the property + * does not already exist, create it otherwise replace it. + * + * @param key The arbitrary key to set + * @param value The associated value + * @return SecurityFindingsMeta + */ + @JsonAnySetter + public SecurityFindingsMeta putAdditionalProperty(String key, Object value) { + if (this.additionalProperties == null) { + this.additionalProperties = new HashMap(); + } + this.additionalProperties.put(key, value); + return this; + } + + /** + * Return the additional (undeclared) property. + * + * @return The additional properties + */ + @JsonAnyGetter + public Map getAdditionalProperties() { + return additionalProperties; + } + + /** + * Return the additional (undeclared) property with the specified name. + * + * @param key The arbitrary key to get + * @return The specific additional property for the given key + */ + public Object getAdditionalProperty(String key) { + if (this.additionalProperties == null) { + return null; + } + return this.additionalProperties.get(key); + } + + /** Return true if this SecurityFindingsMeta object is equal to o. */ + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + SecurityFindingsMeta securityFindingsMeta = (SecurityFindingsMeta) o; + return Objects.equals(this.elapsed, securityFindingsMeta.elapsed) + && Objects.equals(this.page, securityFindingsMeta.page) + && Objects.equals(this.requestId, securityFindingsMeta.requestId) + && Objects.equals(this.status, securityFindingsMeta.status) + && Objects.equals(this.additionalProperties, securityFindingsMeta.additionalProperties); + } + + @Override + public int hashCode() { + return Objects.hash(elapsed, page, requestId, status, additionalProperties); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class SecurityFindingsMeta {\n"); + sb.append(" elapsed: ").append(toIndentedString(elapsed)).append("\n"); + sb.append(" page: ").append(toIndentedString(page)).append("\n"); + sb.append(" requestId: ").append(toIndentedString(requestId)).append("\n"); + sb.append(" status: ").append(toIndentedString(status)).append("\n"); + sb.append(" additionalProperties: ") + .append(toIndentedString(additionalProperties)) + .append("\n"); + sb.append('}'); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsPage.java b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsPage.java new file mode 100644 index 00000000000..d569455a555 --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsPage.java @@ -0,0 +1,135 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.fasterxml.jackson.annotation.JsonAnyGetter; +import com.fasterxml.jackson.annotation.JsonAnySetter; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +/** Pagination information. */ +@JsonPropertyOrder({SecurityFindingsPage.JSON_PROPERTY_AFTER}) +@jakarta.annotation.Generated( + value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") +public class SecurityFindingsPage { + @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_AFTER = "after"; + private String after; + + public SecurityFindingsPage after(String after) { + this.after = after; + return this; + } + + /** + * The cursor used to get the next page of results. + * + * @return after + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_AFTER) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public String getAfter() { + return after; + } + + public void setAfter(String after) { + this.after = after; + } + + /** + * A container for additional, undeclared properties. This is a holder for any undeclared + * properties as specified with the 'additionalProperties' keyword in the OAS document. + */ + private Map additionalProperties; + + /** + * Set the additional (undeclared) property with the specified name and value. If the property + * does not already exist, create it otherwise replace it. + * + * @param key The arbitrary key to set + * @param value The associated value + * @return SecurityFindingsPage + */ + @JsonAnySetter + public SecurityFindingsPage putAdditionalProperty(String key, Object value) { + if (this.additionalProperties == null) { + this.additionalProperties = new HashMap(); + } + this.additionalProperties.put(key, value); + return this; + } + + /** + * Return the additional (undeclared) property. + * + * @return The additional properties + */ + @JsonAnyGetter + public Map getAdditionalProperties() { + return additionalProperties; + } + + /** + * Return the additional (undeclared) property with the specified name. + * + * @param key The arbitrary key to get + * @return The specific additional property for the given key + */ + public Object getAdditionalProperty(String key) { + if (this.additionalProperties == null) { + return null; + } + return this.additionalProperties.get(key); + } + + /** Return true if this SecurityFindingsPage object is equal to o. */ + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + SecurityFindingsPage securityFindingsPage = (SecurityFindingsPage) o; + return Objects.equals(this.after, securityFindingsPage.after) + && Objects.equals(this.additionalProperties, securityFindingsPage.additionalProperties); + } + + @Override + public int hashCode() { + return Objects.hash(after, additionalProperties); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class SecurityFindingsPage {\n"); + sb.append(" after: ").append(toIndentedString(after)).append("\n"); + sb.append(" additionalProperties: ") + .append(toIndentedString(additionalProperties)) + .append("\n"); + sb.append('}'); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsSearchRequest.java b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsSearchRequest.java new file mode 100644 index 00000000000..f33e2f594c0 --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsSearchRequest.java @@ -0,0 +1,137 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.fasterxml.jackson.annotation.JsonAnyGetter; +import com.fasterxml.jackson.annotation.JsonAnySetter; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +/** The request body for searching security findings. */ +@JsonPropertyOrder({SecurityFindingsSearchRequest.JSON_PROPERTY_DATA}) +@jakarta.annotation.Generated( + value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") +public class SecurityFindingsSearchRequest { + @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_DATA = "data"; + private SecurityFindingsSearchRequestData data; + + public SecurityFindingsSearchRequest data(SecurityFindingsSearchRequestData data) { + this.data = data; + this.unparsed |= data.unparsed; + return this; + } + + /** + * Request data for searching security findings. + * + * @return data + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_DATA) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public SecurityFindingsSearchRequestData getData() { + return data; + } + + public void setData(SecurityFindingsSearchRequestData data) { + this.data = data; + } + + /** + * A container for additional, undeclared properties. This is a holder for any undeclared + * properties as specified with the 'additionalProperties' keyword in the OAS document. + */ + private Map additionalProperties; + + /** + * Set the additional (undeclared) property with the specified name and value. If the property + * does not already exist, create it otherwise replace it. + * + * @param key The arbitrary key to set + * @param value The associated value + * @return SecurityFindingsSearchRequest + */ + @JsonAnySetter + public SecurityFindingsSearchRequest putAdditionalProperty(String key, Object value) { + if (this.additionalProperties == null) { + this.additionalProperties = new HashMap(); + } + this.additionalProperties.put(key, value); + return this; + } + + /** + * Return the additional (undeclared) property. + * + * @return The additional properties + */ + @JsonAnyGetter + public Map getAdditionalProperties() { + return additionalProperties; + } + + /** + * Return the additional (undeclared) property with the specified name. + * + * @param key The arbitrary key to get + * @return The specific additional property for the given key + */ + public Object getAdditionalProperty(String key) { + if (this.additionalProperties == null) { + return null; + } + return this.additionalProperties.get(key); + } + + /** Return true if this SecurityFindingsSearchRequest object is equal to o. */ + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + SecurityFindingsSearchRequest securityFindingsSearchRequest = (SecurityFindingsSearchRequest) o; + return Objects.equals(this.data, securityFindingsSearchRequest.data) + && Objects.equals( + this.additionalProperties, securityFindingsSearchRequest.additionalProperties); + } + + @Override + public int hashCode() { + return Objects.hash(data, additionalProperties); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class SecurityFindingsSearchRequest {\n"); + sb.append(" data: ").append(toIndentedString(data)).append("\n"); + sb.append(" additionalProperties: ") + .append(toIndentedString(additionalProperties)) + .append("\n"); + sb.append('}'); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsSearchRequestData.java b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsSearchRequestData.java new file mode 100644 index 00000000000..0ff924042a2 --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsSearchRequestData.java @@ -0,0 +1,139 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.fasterxml.jackson.annotation.JsonAnyGetter; +import com.fasterxml.jackson.annotation.JsonAnySetter; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +/** Request data for searching security findings. */ +@JsonPropertyOrder({SecurityFindingsSearchRequestData.JSON_PROPERTY_ATTRIBUTES}) +@jakarta.annotation.Generated( + value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") +public class SecurityFindingsSearchRequestData { + @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_ATTRIBUTES = "attributes"; + private SecurityFindingsSearchRequestDataAttributes attributes; + + public SecurityFindingsSearchRequestData attributes( + SecurityFindingsSearchRequestDataAttributes attributes) { + this.attributes = attributes; + this.unparsed |= attributes.unparsed; + return this; + } + + /** + * Request attributes for searching security findings. + * + * @return attributes + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_ATTRIBUTES) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public SecurityFindingsSearchRequestDataAttributes getAttributes() { + return attributes; + } + + public void setAttributes(SecurityFindingsSearchRequestDataAttributes attributes) { + this.attributes = attributes; + } + + /** + * A container for additional, undeclared properties. This is a holder for any undeclared + * properties as specified with the 'additionalProperties' keyword in the OAS document. + */ + private Map additionalProperties; + + /** + * Set the additional (undeclared) property with the specified name and value. If the property + * does not already exist, create it otherwise replace it. + * + * @param key The arbitrary key to set + * @param value The associated value + * @return SecurityFindingsSearchRequestData + */ + @JsonAnySetter + public SecurityFindingsSearchRequestData putAdditionalProperty(String key, Object value) { + if (this.additionalProperties == null) { + this.additionalProperties = new HashMap(); + } + this.additionalProperties.put(key, value); + return this; + } + + /** + * Return the additional (undeclared) property. + * + * @return The additional properties + */ + @JsonAnyGetter + public Map getAdditionalProperties() { + return additionalProperties; + } + + /** + * Return the additional (undeclared) property with the specified name. + * + * @param key The arbitrary key to get + * @return The specific additional property for the given key + */ + public Object getAdditionalProperty(String key) { + if (this.additionalProperties == null) { + return null; + } + return this.additionalProperties.get(key); + } + + /** Return true if this SecurityFindingsSearchRequestData object is equal to o. */ + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + SecurityFindingsSearchRequestData securityFindingsSearchRequestData = + (SecurityFindingsSearchRequestData) o; + return Objects.equals(this.attributes, securityFindingsSearchRequestData.attributes) + && Objects.equals( + this.additionalProperties, securityFindingsSearchRequestData.additionalProperties); + } + + @Override + public int hashCode() { + return Objects.hash(attributes, additionalProperties); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class SecurityFindingsSearchRequestData {\n"); + sb.append(" attributes: ").append(toIndentedString(attributes)).append("\n"); + sb.append(" additionalProperties: ") + .append(toIndentedString(additionalProperties)) + .append("\n"); + sb.append('}'); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsSearchRequestDataAttributes.java b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsSearchRequestDataAttributes.java new file mode 100644 index 00000000000..78ee86da160 --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsSearchRequestDataAttributes.java @@ -0,0 +1,200 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.fasterxml.jackson.annotation.JsonAnyGetter; +import com.fasterxml.jackson.annotation.JsonAnySetter; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +/** Request attributes for searching security findings. */ +@JsonPropertyOrder({ + SecurityFindingsSearchRequestDataAttributes.JSON_PROPERTY_FILTER, + SecurityFindingsSearchRequestDataAttributes.JSON_PROPERTY_PAGE, + SecurityFindingsSearchRequestDataAttributes.JSON_PROPERTY_SORT +}) +@jakarta.annotation.Generated( + value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") +public class SecurityFindingsSearchRequestDataAttributes { + @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_FILTER = "filter"; + private String filter = "*"; + + public static final String JSON_PROPERTY_PAGE = "page"; + private SecurityFindingsSearchRequestPage page; + + public static final String JSON_PROPERTY_SORT = "sort"; + private SecurityFindingsSort sort = SecurityFindingsSort.DETECTION_CHANGED_AT_DESC; + + public SecurityFindingsSearchRequestDataAttributes filter(String filter) { + this.filter = filter; + return this; + } + + /** + * The search query following log search syntax. + * + * @return filter + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_FILTER) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public String getFilter() { + return filter; + } + + public void setFilter(String filter) { + this.filter = filter; + } + + public SecurityFindingsSearchRequestDataAttributes page(SecurityFindingsSearchRequestPage page) { + this.page = page; + this.unparsed |= page.unparsed; + return this; + } + + /** + * Pagination attributes for the search request. + * + * @return page + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_PAGE) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public SecurityFindingsSearchRequestPage getPage() { + return page; + } + + public void setPage(SecurityFindingsSearchRequestPage page) { + this.page = page; + } + + public SecurityFindingsSearchRequestDataAttributes sort(SecurityFindingsSort sort) { + this.sort = sort; + this.unparsed |= !sort.isValid(); + return this; + } + + /** + * The sort parameters when querying security findings. + * + * @return sort + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_SORT) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public SecurityFindingsSort getSort() { + return sort; + } + + public void setSort(SecurityFindingsSort sort) { + if (!sort.isValid()) { + this.unparsed = true; + } + this.sort = sort; + } + + /** + * A container for additional, undeclared properties. This is a holder for any undeclared + * properties as specified with the 'additionalProperties' keyword in the OAS document. + */ + private Map additionalProperties; + + /** + * Set the additional (undeclared) property with the specified name and value. If the property + * does not already exist, create it otherwise replace it. + * + * @param key The arbitrary key to set + * @param value The associated value + * @return SecurityFindingsSearchRequestDataAttributes + */ + @JsonAnySetter + public SecurityFindingsSearchRequestDataAttributes putAdditionalProperty( + String key, Object value) { + if (this.additionalProperties == null) { + this.additionalProperties = new HashMap(); + } + this.additionalProperties.put(key, value); + return this; + } + + /** + * Return the additional (undeclared) property. + * + * @return The additional properties + */ + @JsonAnyGetter + public Map getAdditionalProperties() { + return additionalProperties; + } + + /** + * Return the additional (undeclared) property with the specified name. + * + * @param key The arbitrary key to get + * @return The specific additional property for the given key + */ + public Object getAdditionalProperty(String key) { + if (this.additionalProperties == null) { + return null; + } + return this.additionalProperties.get(key); + } + + /** Return true if this SecurityFindingsSearchRequestDataAttributes object is equal to o. */ + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + SecurityFindingsSearchRequestDataAttributes securityFindingsSearchRequestDataAttributes = + (SecurityFindingsSearchRequestDataAttributes) o; + return Objects.equals(this.filter, securityFindingsSearchRequestDataAttributes.filter) + && Objects.equals(this.page, securityFindingsSearchRequestDataAttributes.page) + && Objects.equals(this.sort, securityFindingsSearchRequestDataAttributes.sort) + && Objects.equals( + this.additionalProperties, + securityFindingsSearchRequestDataAttributes.additionalProperties); + } + + @Override + public int hashCode() { + return Objects.hash(filter, page, sort, additionalProperties); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class SecurityFindingsSearchRequestDataAttributes {\n"); + sb.append(" filter: ").append(toIndentedString(filter)).append("\n"); + sb.append(" page: ").append(toIndentedString(page)).append("\n"); + sb.append(" sort: ").append(toIndentedString(sort)).append("\n"); + sb.append(" additionalProperties: ") + .append(toIndentedString(additionalProperties)) + .append("\n"); + sb.append('}'); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsSearchRequestPage.java b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsSearchRequestPage.java new file mode 100644 index 00000000000..f81ce59e84d --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsSearchRequestPage.java @@ -0,0 +1,166 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.fasterxml.jackson.annotation.JsonAnyGetter; +import com.fasterxml.jackson.annotation.JsonAnySetter; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +/** Pagination attributes for the search request. */ +@JsonPropertyOrder({ + SecurityFindingsSearchRequestPage.JSON_PROPERTY_CURSOR, + SecurityFindingsSearchRequestPage.JSON_PROPERTY_LIMIT +}) +@jakarta.annotation.Generated( + value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") +public class SecurityFindingsSearchRequestPage { + @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_CURSOR = "cursor"; + private String cursor; + + public static final String JSON_PROPERTY_LIMIT = "limit"; + private Long limit = 10l; + + public SecurityFindingsSearchRequestPage cursor(String cursor) { + this.cursor = cursor; + return this; + } + + /** + * Get the next page of results with a cursor provided in the previous query. + * + * @return cursor + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_CURSOR) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public String getCursor() { + return cursor; + } + + public void setCursor(String cursor) { + this.cursor = cursor; + } + + public SecurityFindingsSearchRequestPage limit(Long limit) { + this.limit = limit; + return this; + } + + /** + * The maximum number of security findings in the response. minimum: 1 maximum: 150 + * + * @return limit + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_LIMIT) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public Long getLimit() { + return limit; + } + + public void setLimit(Long limit) { + this.limit = limit; + } + + /** + * A container for additional, undeclared properties. This is a holder for any undeclared + * properties as specified with the 'additionalProperties' keyword in the OAS document. + */ + private Map additionalProperties; + + /** + * Set the additional (undeclared) property with the specified name and value. If the property + * does not already exist, create it otherwise replace it. + * + * @param key The arbitrary key to set + * @param value The associated value + * @return SecurityFindingsSearchRequestPage + */ + @JsonAnySetter + public SecurityFindingsSearchRequestPage putAdditionalProperty(String key, Object value) { + if (this.additionalProperties == null) { + this.additionalProperties = new HashMap(); + } + this.additionalProperties.put(key, value); + return this; + } + + /** + * Return the additional (undeclared) property. + * + * @return The additional properties + */ + @JsonAnyGetter + public Map getAdditionalProperties() { + return additionalProperties; + } + + /** + * Return the additional (undeclared) property with the specified name. + * + * @param key The arbitrary key to get + * @return The specific additional property for the given key + */ + public Object getAdditionalProperty(String key) { + if (this.additionalProperties == null) { + return null; + } + return this.additionalProperties.get(key); + } + + /** Return true if this SecurityFindingsSearchRequestPage object is equal to o. */ + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + SecurityFindingsSearchRequestPage securityFindingsSearchRequestPage = + (SecurityFindingsSearchRequestPage) o; + return Objects.equals(this.cursor, securityFindingsSearchRequestPage.cursor) + && Objects.equals(this.limit, securityFindingsSearchRequestPage.limit) + && Objects.equals( + this.additionalProperties, securityFindingsSearchRequestPage.additionalProperties); + } + + @Override + public int hashCode() { + return Objects.hash(cursor, limit, additionalProperties); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class SecurityFindingsSearchRequestPage {\n"); + sb.append(" cursor: ").append(toIndentedString(cursor)).append("\n"); + sb.append(" limit: ").append(toIndentedString(limit)).append("\n"); + sb.append(" additionalProperties: ") + .append(toIndentedString(additionalProperties)) + .append("\n"); + sb.append('}'); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsSort.java b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsSort.java new file mode 100644 index 00000000000..a28721bc3be --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsSort.java @@ -0,0 +1,58 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.datadog.api.client.ModelEnum; +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; +import com.fasterxml.jackson.databind.ser.std.StdSerializer; +import java.io.IOException; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; + +/** The sort parameters when querying security findings. */ +@JsonSerialize(using = SecurityFindingsSort.SecurityFindingsSortSerializer.class) +public class SecurityFindingsSort extends ModelEnum { + + private static final Set allowedValues = + new HashSet(Arrays.asList("@detection_changed_at", "-@detection_changed_at")); + + public static final SecurityFindingsSort DETECTION_CHANGED_AT_ASC = + new SecurityFindingsSort("@detection_changed_at"); + public static final SecurityFindingsSort DETECTION_CHANGED_AT_DESC = + new SecurityFindingsSort("-@detection_changed_at"); + + SecurityFindingsSort(String value) { + super(value, allowedValues); + } + + public static class SecurityFindingsSortSerializer extends StdSerializer { + public SecurityFindingsSortSerializer(Class t) { + super(t); + } + + public SecurityFindingsSortSerializer() { + this(null); + } + + @Override + public void serialize( + SecurityFindingsSort value, JsonGenerator jgen, SerializerProvider provider) + throws IOException, JsonProcessingException { + jgen.writeObject(value.value); + } + } + + @JsonCreator + public static SecurityFindingsSort fromValue(String value) { + return new SecurityFindingsSort(value); + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsStatus.java b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsStatus.java new file mode 100644 index 00000000000..0c2cb153a1b --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityFindingsStatus.java @@ -0,0 +1,57 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.datadog.api.client.ModelEnum; +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; +import com.fasterxml.jackson.databind.ser.std.StdSerializer; +import java.io.IOException; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; + +/** The status of the response. */ +@JsonSerialize(using = SecurityFindingsStatus.SecurityFindingsStatusSerializer.class) +public class SecurityFindingsStatus extends ModelEnum { + + private static final Set allowedValues = + new HashSet(Arrays.asList("done", "timeout")); + + public static final SecurityFindingsStatus DONE = new SecurityFindingsStatus("done"); + public static final SecurityFindingsStatus TIMEOUT = new SecurityFindingsStatus("timeout"); + + SecurityFindingsStatus(String value) { + super(value, allowedValues); + } + + public static class SecurityFindingsStatusSerializer + extends StdSerializer { + public SecurityFindingsStatusSerializer(Class t) { + super(t); + } + + public SecurityFindingsStatusSerializer() { + this(null); + } + + @Override + public void serialize( + SecurityFindingsStatus value, JsonGenerator jgen, SerializerProvider provider) + throws IOException, JsonProcessingException { + jgen.writeObject(value.value); + } + } + + @JsonCreator + public static SecurityFindingsStatus fromValue(String value) { + return new SecurityFindingsStatus(value); + } +} diff --git a/src/test/resources/cassettes/features/v2/List_security_findings_returns_Bad_Request_response.freeze b/src/test/resources/cassettes/features/v2/List_security_findings_returns_Bad_Request_response.freeze new file mode 100644 index 00000000000..c55732ac312 --- /dev/null +++ b/src/test/resources/cassettes/features/v2/List_security_findings_returns_Bad_Request_response.freeze @@ -0,0 +1 @@ +2025-12-17T16:27:32.641Z \ No newline at end of file diff --git a/src/test/resources/cassettes/features/v2/List_security_findings_returns_Bad_Request_response.json b/src/test/resources/cassettes/features/v2/List_security_findings_returns_Bad_Request_response.json new file mode 100644 index 00000000000..648ec16c0eb --- /dev/null +++ b/src/test/resources/cassettes/features/v2/List_security_findings_returns_Bad_Request_response.json @@ -0,0 +1,33 @@ +[ + { + "httpRequest": { + "headers": {}, + "method": "GET", + "path": "/api/v2/security/findings", + "queryStringParameters": { + "page[cursor]": [ + "invalid_cursor" + ] + }, + "keepAlive": false, + "secure": true + }, + "httpResponse": { + "body": "{\"errors\":[{\"status\":\"400\",\"detail\":\"Invalid filters\"}]}", + "headers": { + "Content-Type": [ + "application/vnd.api+json" + ] + }, + "statusCode": 400, + "reasonPhrase": "Bad Request" + }, + "times": { + "remainingTimes": 1 + }, + "timeToLive": { + "unlimited": true + }, + "id": "7ded4102-477e-b50b-16f7-221ef8152259" + } +] \ No newline at end of file diff --git a/src/test/resources/cassettes/features/v2/List_security_findings_returns_OK_response.freeze b/src/test/resources/cassettes/features/v2/List_security_findings_returns_OK_response.freeze new file mode 100644 index 00000000000..1fdc64cd55b --- /dev/null +++ b/src/test/resources/cassettes/features/v2/List_security_findings_returns_OK_response.freeze @@ -0,0 +1 @@ +2025-12-15T22:38:02.352Z \ No newline at end of file diff --git a/src/test/resources/cassettes/features/v2/List_security_findings_returns_OK_response.json b/src/test/resources/cassettes/features/v2/List_security_findings_returns_OK_response.json new file mode 100644 index 00000000000..84900069225 --- /dev/null +++ b/src/test/resources/cassettes/features/v2/List_security_findings_returns_OK_response.json @@ -0,0 +1,28 @@ +[ + { + "httpRequest": { + "headers": {}, + "method": "GET", + "path": "/api/v2/security/findings", + "keepAlive": false, + "secure": true + }, + "httpResponse": { + "body": "{\"data\":[{\"id\":\"MWIxMjUyZGJjMjE3ZTFmZTcwZDdlMDNiNTI2YjQ3ZDB-MmQ5ZDgzMTJiMGIwYmM5ZGRmZjQ5OTk4ZmMzYWYyNmM=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-38626\"],\"cve\":\"CVE-2025-38626\",\"id\":\"TRIVY-CVE-2025-38626\",\"modified_at\":1764176984000,\"published_at\":1755879336000,\"summary\":\"kernel: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-048dfba6091eb0d1d\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271832,\"finding_id\":\"MWIxMjUyZGJjMjE3ZTFmZTcwZDdlMDNiNTI2YjQ3ZDB-MmQ5ZDgzMTJiMGIwYmM5ZGRmZjQ5OTk4ZmMzYWYyNmM=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765435671872,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0cc8c76c477f8196c\",\"name\":\"i-048dfba6091eb0d1d\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"bonsly\"},\"last_seen_at\":1765838271832,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-common\"],\"name\":\"linux\",\"normalized_name\":\"linux\",\"version\":\"5.15.0-161.171\"},\"related_services\":[\"exposed_to_attacks:false\",\"elasticsearch-bundles\"],\"remediation\":{\"is_available\":false},\"resource_id\":\"2d9d8312b0b0bc9ddff49998fc3af26c\",\"resource_name\":\"i-048dfba6091eb0d1d\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00018,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode\",\"vulnerability\":{\"hash\":\"99066567a1e5dbddd8e7f5e3724f31dbf66cac57a143756e292be14481f28759\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271832,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"event_type:close\",\"fix_available:unavailable\",\"security-group:sg-0f39702193288cb41\",\"source:datadog\",\"severity:low\",\"auto-discovery.cluster-autoscaler.k8s.io/bonsly\",\"asset_type:host\",\"nodegroup:elasticsearch-bundles_elasticsearch-bundles-data\",\"image:ami-0cc8c76c477f8196c\",\"base_severity:medium\",\"site:datadoghq.com\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:elasticsearch-bundles-data\",\"name:elasticsearch-bundles_elasticsearch-bundles-data\",\"vuln_id:99066567a1e5dbddd8e7f5e3724f31dbf66cac57a143756e292be14481f28759\",\"app:elasticsearch\",\"assignee_id:none\",\"in_production:false\",\"availability-zone:us-west-2b\",\"is_kube_cluster_experimental:false\",\"tags.datadoghq.com/version:8.19.6\",\"adp_enabled:false\",\"public_exploit_available:false\",\"iam_profile:k8s/prtest02-staging-dog-bonsly-kube-node_v2\",\"base_score:5.5\",\"elasticsearch-role:data\",\"team:compute-cloud-accounts\",\"score:2.7\",\"aws:ec2launchtemplate:id:lt-0e2373e62ce4d91a0\",\"nodegroups.datadoghq.com/name:elasticsearch-bundles-data\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2b\",\"managed_by_team:mars\",\"hash:99066567a1e5dbddd8e7f5e3724f31dbf66cac57a143756e292be14481f28759\",\"ecosystem:deb\",\"kube_node:ip-10-150-76-207.us-west-2.compute.internal\",\"ng_local_storage:false\",\"close_count:0\",\"ng_cluster_autoscaler:true\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:88mi\",\"nodegroups.datadoghq.com/namespace:elasticsearch-bundles\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:20\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:mars\",\"orch_cluster_id:ee224680-a73d-4437-809c-8cbdc2513b6c\",\"cluster_name:bonsly\",\"cpu_arch:arm64\",\"epss_raw_score:0.00018\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"k8s.io/cluster-autoscaler/node-template/taint/node:elasticsearch-bundles-data:noschedule\",\"exposure_time_days:4\",\"service:elasticsearch-bundles\",\"package_name:linux\",\"package_version:5.15.0-161.171\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"asset_id:i-048dfba6091eb0d1d\",\"datastore:elasticsearch\",\"scored:false\",\"kube_node_role:compute\",\"kubernetes_cluster:bonsly\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"node.datadoghq.com/version:v6-257-3\",\"autoscaling_group:prtest02-staging-dog-bonsly-k8s-ng-asg-e030273153b4de8b\",\"kube_cluster_name:bonsly\",\"instance-type:m6g.large\",\"kube_node_role:elasticsearch-bundles-data\",\"chart_name:elasticsearch\",\"region:us-west-2\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/elasticsearch-bundles-data\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:1900m\",\"instance_type:m6g.large\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false\",\"aws_account:204235354797\",\"k8s.io/cluster-autoscaler/node-template/label/team:data-science\",\"node.datadoghq.com/cgroup:v2\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"team:data-science\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"aws:ec2:fleet-id:fleet-121c8084-5187-cc16-a418-27881156a65a\",\"vulnerability_status:auto-closed\",\"cve:cve-2025-38626\",\"kubernetes.io/cluster/bonsly:owned\",\"last_detected_minutes:0\",\"elasticsearch_cluster:elasticsearch-bundles\",\"tag:data\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"cluster:elasticsearch-bundles\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:elasticsearch-bundles\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:7131mi\",\"previous_status:open\",\"alias:cve-2025-38626\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"env:staging\"],\"timestamp\":1765838271832}},{\"id\":\"ZGEwMTA4NDdiZjM0ZjI5ZDBlYmMyMzM3NWFkYmUyNWN-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-22073\"],\"cve\":\"CVE-2025-22073\",\"id\":\"TRIVY-CVE-2025-22073\",\"modified_at\":1762201062000,\"published_at\":1744816561000,\"summary\":\"kernel: spufs: fix a leak on spufs_new_file() failure\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-0fe66c7f2fe27288a\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271620,\"finding_id\":\"ZGEwMTA4NDdiZjM0ZjI5ZDBlYmMyMzM3NWFkYmUyNWN-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765438485381,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"i-0fe66c7f2fe27288a\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271620,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-6.8.0-1040-aws\",\"linux-aws-6.8-tools-6.8.0-1040\",\"linux-headers-6.8.0-1040-aws\",\"linux-aws-6.8-headers-6.8.0-1040\",\"linux-modules-6.8.0-1040-aws\"],\"name\":\"linux-aws-6.8\",\"normalized_name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1040.42~22.04.1\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1041.43~22.04.1\"}]},\"recommended\":{\"name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1041.43~22.04.1\"}},\"resource_id\":\"ccd780722c997ec5b77ea916b3c501ca\",\"resource_name\":\"i-0fe66c7f2fe27288a\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00023,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: spufs: fix a leak on spufs_new_file() failure\",\"vulnerability\":{\"cwes\":[\"CWE-401\"],\"hash\":\"faaac328c2e1d67f56a7d4aa1ed18a013ec6d28bf7312a14ad15692994675f50\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271063,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"vuln_id:faaac328c2e1d67f56a7d4aa1ed18a013ec6d28bf7312a14ad15692994675f50\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"image:ami-0afa99f6d7a0af2bf\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"instance_type:i3en.2xlarge\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"source:datadog\",\"severity:low\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"fix_available:available\",\"asset_type:host\",\"cluster_name:machop\",\"base_severity:medium\",\"site:datadoghq.com\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"in_production:false\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"hash:faaac328c2e1d67f56a7d4aa1ed18a013ec6d28bf7312a14ad15692994675f50\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"base_score:5.5\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"team:compute-cloud-accounts\",\"score:2.7\",\"alias:cve-2025-22073\",\"aws:ec2:fleet-id:fleet-3a3e802e-dba5-6cb6-8eb8-07aa81064fd3\",\"ecosystem:deb\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"package_version:6.8.0-1040.42_22.04.1\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cve:cve-2025-22073\",\"cloud_provider:aws\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"kube_node:ip-10-150-64-123.us-west-2.compute.internal\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"exposure_time_days:4\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"event_type:none\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"package_name:linux-aws-6.8\",\"security-group:sg-0ad037192bd9b2cfd\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"epss_raw_score:0.00023\",\"scored:false\",\"kube_node_role:compute\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"ng_local_storage:true\",\"region:us-west-2\",\"app:kafka\",\"team:streaming-platform\",\"running_kernel:false\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"dd_rule_type:not-empty\",\"kube_node_role:kafka-medium\",\"asset_id:i-0fe66c7f2fe27288a\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"last_detected_minutes:0\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"kafka_broker_id:10002\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"cluster:kafka-error-tracking-001\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271620}},{\"id\":\"MGZkNzMyYTYxMzcxNWQ0YmNmNTI1NTY2MGM4N2Q1MDh-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-35998\"],\"cve\":\"CVE-2024-35998\",\"id\":\"TRIVY-CVE-2024-35998\",\"modified_at\":1736532731000,\"published_at\":1716200114000,\"summary\":\"kernel: smb3: fix lock ordering potential deadlock in cifs_sync_mid_result\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-0fe66c7f2fe27288a\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271581,\"finding_id\":\"MGZkNzMyYTYxMzcxNWQ0YmNmNTI1NTY2MGM4N2Q1MDh-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765438485381,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"i-0fe66c7f2fe27288a\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271581,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-common\"],\"name\":\"linux\",\"normalized_name\":\"linux\",\"version\":\"5.15.0-161.171\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":false},\"resource_id\":\"ccd780722c997ec5b77ea916b3c501ca\",\"resource_name\":\"i-0fe66c7f2fe27288a\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00026,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: smb3: fix lock ordering potential deadlock in cifs_sync_mid_result\",\"vulnerability\":{\"cwes\":[\"CWE-667\"],\"hash\":\"ca8998093cb8d3951624a7fb1696297c187b2065f96216107dcf0bbec01af443\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271581,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"event_type:close\",\"image:ami-0afa99f6d7a0af2bf\",\"fix_available:unavailable\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"instance_type:i3en.2xlarge\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"source:datadog\",\"severity:low\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"asset_type:host\",\"cluster_name:machop\",\"base_severity:medium\",\"site:datadoghq.com\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"in_production:false\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"base_score:5.5\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"team:compute-cloud-accounts\",\"score:2.7\",\"aws:ec2:fleet-id:fleet-3a3e802e-dba5-6cb6-8eb8-07aa81064fd3\",\"ecosystem:deb\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"hash:ca8998093cb8d3951624a7fb1696297c187b2065f96216107dcf0bbec01af443\",\"cloud_provider:aws\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"kube_node:ip-10-150-64-123.us-west-2.compute.internal\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"exposure_time_days:4\",\"package_name:linux\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"package_version:5.15.0-161.171\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"security-group:sg-0ad037192bd9b2cfd\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"epss_raw_score:0.00026\",\"alias:cve-2024-35998\",\"scored:false\",\"kube_node_role:compute\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"ng_local_storage:true\",\"region:us-west-2\",\"app:kafka\",\"team:streaming-platform\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"dd_rule_type:not-empty\",\"kube_node_role:kafka-medium\",\"asset_id:i-0fe66c7f2fe27288a\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"last_detected_minutes:0\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"cve:cve-2024-35998\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"vuln_id:ca8998093cb8d3951624a7fb1696297c187b2065f96216107dcf0bbec01af443\",\"kafka_broker_id:10002\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"previous_status:open\",\"cluster:kafka-error-tracking-001\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271581}},{\"id\":\"ZTlhYTM5OTg5Yzc4OTQ0OGNkZTY2NWI0YzVjZGFjYTl-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"BIT-golang-2024-24789\",\"CGA-4r7q-83hj-9rrp\",\"CVE-2024-24789\",\"GHSA-236w-p7wf-5ph8\"],\"cve\":\"CVE-2024-24789\",\"id\":\"GO-2024-2888\",\"modified_at\":1729574938470,\"published_at\":1717541335000,\"summary\":\"Mishandling of corrupt central directory record in archive/zip\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-012cdbc8991688ee9\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271577,\"finding_id\":\"ZTlhYTM5OTg5Yzc4OTQ0OGNkZTY2NWI0YzVjZGFjYTl-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765421661872,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0cc8c76c477f8196c\",\"name\":\"i-012cdbc8991688ee9\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"bonsly\"},\"last_seen_at\":1765838271577,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"stdlib\"],\"name\":\"stdlib\",\"normalized_name\":\"stdlib\",\"version\":\"v1.22.1\"},\"related_services\":[\"exposed_to_attacks:false\",\"elasticsearch-monitors\"],\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"stdlib\",\"version\":\"1.22.4\"}]},\"recommended\":{\"name\":\"stdlib\",\"version\":\"1.22.4\"}},\"resource_id\":\"048dd9053223ae333e673207dfd83394\",\"resource_name\":\"i-012cdbc8991688ee9\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00006,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\"}},\"status\":\"auto_closed\",\"title\":\"Mishandling of corrupt central directory record in archive/zip\",\"vulnerability\":{\"hash\":\"918ae76520381741e62c216ef01bd4d6ea21fa1730e4dcf1a11ad3141dd4a7f6\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838271577,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"ecosystem:go\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:148mi\",\"alias:cve-2024-24789\",\"event_type:close\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"alias:cga-4r7q-83hj-9rrp\",\"security-group:sg-0f39702193288cb41\",\"aws:ec2launchtemplate:id:lt-08847a5158ca7c73a\",\"source:datadog\",\"severity:low\",\"auto-discovery.cluster-autoscaler.k8s.io/bonsly\",\"fix_available:available\",\"hash:918ae76520381741e62c216ef01bd4d6ea21fa1730e4dcf1a11ad3141dd4a7f6\",\"nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data\",\"asset_type:host\",\"image:ami-0cc8c76c477f8196c\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data\",\"base_severity:medium\",\"site:datadoghq.com\",\"instance-type:m6gd.xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/elasticsearch-monitors-cell-c0-data\",\"assignee:none\",\"app:elasticsearch\",\"cluster:elasticsearch-monitors-cell-c0\",\"assignee_id:none\",\"package_version:v1.22.1\",\"in_production:false\",\"alias:bit-golang-2024-24789\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"tags.datadoghq.com/version:8.19.6\",\"public_exploit_available:false\",\"iam_profile:k8s/prtest02-staging-dog-bonsly-kube-node_v2\",\"base_score:5.5\",\"elasticsearch-role:data\",\"team:compute-cloud-accounts\",\"score:2.7\",\"cell:none\",\"managed_by_team:mars\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/label/team:monitor-resources-indexing\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:236991611392\",\"pool:data\",\"package_name:stdlib\",\"ng_cluster_autoscaler:true\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"vuln_id:918ae76520381741e62c216ef01bd4d6ea21fa1730e4dcf1a11ad3141dd4a7f6\",\"cloud_provider:aws\",\"instance_type:m6gd.xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:mars\",\"orch_cluster_id:ee224680-a73d-4437-809c-8cbdc2513b6c\",\"cluster_name:bonsly\",\"cpu_arch:arm64\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:15009mi\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"asset_id:i-012cdbc8991688ee9\",\"exposure_time_days:4\",\"elasticsearch_cluster:elasticsearch-monitors-cell-c0\",\"alias:ghsa-236w-p7wf-5ph8\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"cve:cve-2024-24789\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"datastore:elasticsearch\",\"scored:false\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:3900m\",\"kube_node_role:compute\",\"team:monitor-resources-indexing\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:40\",\"kubernetes_cluster:bonsly\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"node.datadoghq.com/version:v6-257-3\",\"kube_cluster_name:bonsly\",\"epss_raw_score:0.000060\",\"nodegroup:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data\",\"ng_local_storage:true\",\"chart_name:elasticsearch\",\"region:us-west-2\",\"nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0\",\"aws_account:204235354797\",\"node.datadoghq.com/cgroup:v2\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"name:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data\",\"kube_node_role:elasticsearch-monitors-cell-c0-data\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"autoscaling_group:prtest02-staging-dog-bonsly-k8s-ng-asg-1c82e59d5bb84439\",\"kubernetes.io/cluster/bonsly:owned\",\"service:elasticsearch-monitors\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"aws:ec2:fleet-id:fleet-98a72b26-0bbc-411c-ac98-8e08a9b23a52\",\"previous_status:open\",\"k8s.io/cluster-autoscaler/node-template/taint/node:elasticsearch-monitors-cell-c0-data:noschedule\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kube_node:ip-10-150-85-76.us-west-2.compute.internal\",\"env:staging\"],\"timestamp\":1765838271577}},{\"id\":\"M2JkYTQ1MzFmYTNlODAzZTI1ZjNlMWE1MWMzZWU5Mjh-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-2236\"],\"cve\":\"CVE-2024-2236\",\"id\":\"TRIVY-CVE-2024-2236\",\"modified_at\":1743614137000,\"published_at\":1709763357000,\"summary\":\"libgcrypt: vulnerable to Marvin Attack\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-051d6c5170313e729\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271574,\"finding_id\":\"M2JkYTQ1MzFmYTNlODAzZTI1ZjNlMWE1MWMzZWU5Mjh-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765397453913,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"i-051d6c5170313e729\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271574,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"libgcrypt20\"],\"name\":\"libgcrypt20\",\"normalized_name\":\"libgcrypt20\",\"version\":\"1.9.4-3ubuntu3\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":false},\"resource_id\":\"0aead7bacd260b9f23a21c955a84dd57\",\"resource_name\":\"i-051d6c5170313e729\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00222,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":3.2,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:A/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.9,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\"}},\"status\":\"auto_closed\",\"title\":\"libgcrypt: vulnerable to Marvin Attack\",\"vulnerability\":{\"cwes\":[\"CWE-208\"],\"hash\":\"8119a960f15010996dbda07e35608345ef82c25294c7288a45fd2dae7b0182bd\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271574,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"asset_id:i-051d6c5170313e729\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"event_type:close\",\"image:ami-0afa99f6d7a0af2bf\",\"fix_available:unavailable\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"instance_type:i3en.2xlarge\",\"aws:ec2:fleet-id:fleet-1a9e8026-5b07-6494-a418-858a394c5003\",\"source:datadog\",\"severity:low\",\"epss_raw_score:0.00222\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"package_version:1.9.4-3ubuntu3\",\"asset_type:host\",\"cve:cve-2024-2236\",\"cluster_name:machop\",\"base_severity:medium\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"site:datadoghq.com\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"in_production:false\",\"is_kube_cluster_experimental:false\",\"availability-zone:us-west-2a\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"base_score:5.9\",\"package_name:libgcrypt20\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"team:compute-cloud-accounts\",\"cluster:kafka-aws-metrics-001\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2a\",\"ecosystem:deb\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-6bf23963f9da330\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"alias:cve-2024-2236\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"exposure_time_days:5\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"security-group:sg-0ad037192bd9b2cfd\",\"kube_node:ip-10-150-69-64.us-west-2.compute.internal\",\"score:3.2\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"scored:false\",\"kube_node_role:compute\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"ng_local_storage:true\",\"region:us-west-2\",\"app:kafka\",\"team:streaming-platform\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"vuln_id:8119a960f15010996dbda07e35608345ef82c25294c7288a45fd2dae7b0182bd\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"dd_rule_type:not-empty\",\"kafka_broker_id:10000\",\"kube_node_role:kafka-medium\",\"os_version:22.04\",\"hash:8119a960f15010996dbda07e35608345ef82c25294c7288a45fd2dae7b0182bd\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"last_detected_minutes:0\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"previous_status:open\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271574}},{\"id\":\"M2QxOTQwOWMwZmViZGRlOTU2MDY2ZGRmODhlNWYxNGN-MjA1YThmN2UxODE1NmY1NjRmODNhZDQ2NzM3MTA5MWY=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-38215\"],\"cve\":\"CVE-2025-38215\",\"id\":\"TRIVY-CVE-2025-38215\",\"modified_at\":1762193769000,\"published_at\":1751638529000,\"summary\":\"kernel: fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"ip-10-150-67-24.us-west-2.compute.internal-machop\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271539,\"finding_id\":\"M2QxOTQwOWMwZmViZGRlOTU2MDY2ZGRmODhlNWYxNGN-MjA1YThmN2UxODE1NmY1NjRmODNhZDQ2NzM3MTA5MWY=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765445995855,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"ip-10-150-67-24.us-west-2.compute.internal-machop\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271539,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-modules-6.8.0-1041-aws\",\"linux-tools-6.8.0-1040-aws\",\"linux-aws-6.8-tools-6.8.0-1040\",\"linux-headers-6.8.0-1040-aws\",\"linux-aws-6.8-headers-6.8.0-1040\",\"linux-headers-6.8.0-1041-aws\",\"linux-modules-6.8.0-1040-aws\",\"linux-aws-6.8-headers-6.8.0-1041\"],\"name\":\"linux-aws-6.8\",\"normalized_name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1041.43~22.04.1\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":false},\"resource_id\":\"205a8f7e18156f564f83ad467371091f\",\"resource_name\":\"ip-10-150-67-24.us-west-2.compute.internal-machop\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00058,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"medium\",\"severity_details\":{\"adjusted\":{\"score\":4.7,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":7,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\",\"vulnerability\":{\"hash\":\"63e993a9f0ae0d64cd927f6117fa09ae0790921bc1da8fec4768f603d7ac0ac8\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838270450,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"image:ami-0afa99f6d7a0af2bf\",\"fix_available:unavailable\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"instance_type:i3en.2xlarge\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"source:datadog\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"asset_type:host\",\"cluster_name:machop\",\"vuln_id:63e993a9f0ae0d64cd927f6117fa09ae0790921bc1da8fec4768f603d7ac0ac8\",\"site:datadoghq.com\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"package_version:6.8.0-1041.43_22.04.1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"in_production:false\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"kube_node:ip-10-150-67-24.us-west-2.compute.internal\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"team:compute-cloud-accounts\",\"severity:medium\",\"running_kernel:true\",\"ecosystem:deb\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"asset_id:ip-10-150-67-24.us-west-2.compute.internal-machop\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"exposure_time_days:4\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"event_type:none\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"package_name:linux-aws-6.8\",\"security-group:sg-0ad037192bd9b2cfd\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"scored:false\",\"kube_node_role:compute\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"ng_local_storage:true\",\"region:us-west-2\",\"app:kafka\",\"team:streaming-platform\",\"running_kernel:false\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"score:4.7\",\"base_score:7.0\",\"dd_rule_type:not-empty\",\"alias:cve-2025-38215\",\"kube_node_role:kafka-medium\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"aws:ec2:fleet-id:fleet-321c02a4-730f-4616-0eb0-8d80d9952fcf\",\"last_detected_minutes:0\",\"hash:63e993a9f0ae0d64cd927f6117fa09ae0790921bc1da8fec4768f603d7ac0ac8\",\"base_severity:high\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"kafka_broker_id:10002\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"cluster:kafka-apm-stats-intake-001\",\"epss_raw_score:0.00058\",\"cve:cve-2025-38215\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271539}},{\"id\":\"MTE0MGIxYWM1OWVmMjc2YjhiOGNmMTUzNTRlNzBjYWF-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-40016\"],\"cve\":\"CVE-2025-40016\",\"id\":\"TRIVY-CVE-2025-40016\",\"modified_at\":1761075085000,\"published_at\":1760976938000,\"summary\":\"kernel: media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-012cdbc8991688ee9\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271538,\"finding_id\":\"MTE0MGIxYWM1OWVmMjc2YjhiOGNmMTUzNTRlNzBjYWF-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765421661872,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0cc8c76c477f8196c\",\"name\":\"i-012cdbc8991688ee9\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"bonsly\"},\"last_seen_at\":1765838271538,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-common\"],\"name\":\"linux\",\"normalized_name\":\"linux\",\"version\":\"5.15.0-161.171\"},\"related_services\":[\"exposed_to_attacks:false\",\"elasticsearch-monitors\"],\"remediation\":{\"is_available\":false},\"resource_id\":\"048dd9053223ae333e673207dfd83394\",\"resource_name\":\"i-012cdbc8991688ee9\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00026,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"medium\",\"severity_details\":{\"adjusted\":{\"score\":4.7,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":7,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID\",\"vulnerability\":{\"hash\":\"7b4dd037d291b0e36b6afcbc93621c10831fdaa66a0ac6d217eb1121fb62bfc5\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271538,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:148mi\",\"event_type:close\",\"fix_available:unavailable\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"security-group:sg-0f39702193288cb41\",\"aws:ec2launchtemplate:id:lt-08847a5158ca7c73a\",\"source:datadog\",\"auto-discovery.cluster-autoscaler.k8s.io/bonsly\",\"nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data\",\"asset_type:host\",\"image:ami-0cc8c76c477f8196c\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data\",\"site:datadoghq.com\",\"instance-type:m6gd.xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/elasticsearch-monitors-cell-c0-data\",\"assignee:none\",\"app:elasticsearch\",\"cluster:elasticsearch-monitors-cell-c0\",\"assignee_id:none\",\"in_production:false\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"tags.datadoghq.com/version:8.19.6\",\"public_exploit_available:false\",\"iam_profile:k8s/prtest02-staging-dog-bonsly-kube-node_v2\",\"elasticsearch-role:data\",\"team:compute-cloud-accounts\",\"severity:medium\",\"cell:none\",\"managed_by_team:mars\",\"ecosystem:deb\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/label/team:monitor-resources-indexing\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:236991611392\",\"pool:data\",\"ng_cluster_autoscaler:true\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"instance_type:m6gd.xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:mars\",\"orch_cluster_id:ee224680-a73d-4437-809c-8cbdc2513b6c\",\"vuln_id:7b4dd037d291b0e36b6afcbc93621c10831fdaa66a0ac6d217eb1121fb62bfc5\",\"cluster_name:bonsly\",\"cpu_arch:arm64\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:15009mi\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"asset_id:i-012cdbc8991688ee9\",\"exposure_time_days:4\",\"package_name:linux\",\"elasticsearch_cluster:elasticsearch-monitors-cell-c0\",\"package_version:5.15.0-161.171\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"epss_raw_score:0.00026\",\"datastore:elasticsearch\",\"scored:false\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:3900m\",\"kube_node_role:compute\",\"team:monitor-resources-indexing\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:40\",\"kubernetes_cluster:bonsly\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"node.datadoghq.com/version:v6-257-3\",\"kube_cluster_name:bonsly\",\"nodegroup:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data\",\"ng_local_storage:true\",\"chart_name:elasticsearch\",\"region:us-west-2\",\"nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0\",\"aws_account:204235354797\",\"node.datadoghq.com/cgroup:v2\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"name:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data\",\"kube_node_role:elasticsearch-monitors-cell-c0-data\",\"base_score:7.0\",\"score:4.7\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0\",\"dd_rule_type:not-empty\",\"hash:7b4dd037d291b0e36b6afcbc93621c10831fdaa66a0ac6d217eb1121fb62bfc5\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"autoscaling_group:prtest02-staging-dog-bonsly-k8s-ng-asg-1c82e59d5bb84439\",\"kubernetes.io/cluster/bonsly:owned\",\"service:elasticsearch-monitors\",\"last_detected_minutes:0\",\"base_severity:high\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"aws:ec2:fleet-id:fleet-98a72b26-0bbc-411c-ac98-8e08a9b23a52\",\"cve:cve-2025-40016\",\"previous_status:open\",\"alias:cve-2025-40016\",\"k8s.io/cluster-autoscaler/node-template/taint/node:elasticsearch-monitors-cell-c0-data:noschedule\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kube_node:ip-10-150-85-76.us-west-2.compute.internal\",\"env:staging\"],\"timestamp\":1765838271538}},{\"id\":\"NGNhMjdiNWNjOTEwMTliZGEyYzhlYjg2YzliYTRlYWF-NzM1NzFmMGZiZDI0Mjc1ODI4ODAxMzRlYTJkMWVhY2M=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CGA-9vf9-m4f8-6392\",\"CGA-9vg5-h493-cxr7\",\"CGA-chh8-vhg4-2qj7\",\"CGA-g5hx-8r47-pf39\",\"CGA-hmfp-f3v3-528v\",\"CGA-hrqx-74pg-5m88\",\"CGA-m474-c57g-8945\",\"CGA-r356-23m2-5p37\",\"CGA-v3wf-pwmr-vcw5\",\"CGA-w52c-j6q8-cf23\",\"CGA-w7jq-8v28-882j\",\"CVE-2024-28180\",\"GO-2024-2631\"],\"cve\":\"CVE-2024-28180\",\"id\":\"GHSA-c5q2-7r4c-mv6g\",\"modified_at\":1739473645000,\"published_at\":1709852084000,\"summary\":\"Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-053290257b9479659\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271526,\"finding_id\":\"NGNhMjdiNWNjOTEwMTliZGEyYzhlYjg2YzliYTRlYWF-NzM1NzFmMGZiZDI0Mjc1ODI4ODAxMzRlYTJkMWVhY2M=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765421721839,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"i-053290257b9479659\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271526,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"gopkg.in/square/go-jose.v2\"],\"name\":\"gopkg.in/square/go-jose.v2\",\"normalized_name\":\"gopkg.in/square/go-jose.v2\",\"version\":\"v2.6.0\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":true},\"resource_id\":\"73571f0fbd2427582880134ea2d1eacc\",\"resource_name\":\"i-053290257b9479659\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":true,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.03644,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.6,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:A/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":4.3,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\"}},\"status\":\"auto_closed\",\"title\":\"Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)\",\"vulnerability\":{\"cwes\":[\"CWE-409\"],\"hash\":\"89c9a99fe3d5d66e9a98f65c64ca0057a9d31143d3724f56a894093b3f78c2a8\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838271525,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"ecosystem:go\",\"alias:go-2024-2631\",\"event_type:close\",\"image:ami-0afa99f6d7a0af2bf\",\"alias:cga-hmfp-f3v3-528v\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"instance_type:i3en.2xlarge\",\"hash:89c9a99fe3d5d66e9a98f65c64ca0057a9d31143d3724f56a894093b3f78c2a8\",\"source:datadog\",\"severity:low\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"fix_available:available\",\"asset_type:host\",\"cluster_name:machop\",\"base_severity:medium\",\"aws:ec2:fleet-id:fleet-1aa5a186-ab36-c1b4-063a-86028119420b\",\"asset_id:i-053290257b9479659\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"site:datadoghq.com\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"alias:cga-w7jq-8v28-882j\",\"in_production:false\",\"vuln_id:89c9a99fe3d5d66e9a98f65c64ca0057a9d31143d3724f56a894093b3f78c2a8\",\"is_kube_cluster_experimental:false\",\"alias:cve-2024-28180\",\"availability-zone:us-west-2a\",\"alias:cga-g5hx-8r47-pf39\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"score:2.6\",\"team:compute-cloud-accounts\",\"package_name:gopkg.in/square/go-jose.v2\",\"kube_node:ip-10-150-70-73.us-west-2.compute.internal\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2a\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-6bf23963f9da330\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"alias:cga-w52c-j6q8-cf23\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"epss_raw_score:0.03644\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"alias:cga-v3wf-pwmr-vcw5\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"package_version:v2.6.0\",\"exposure_time_days:4\",\"base_score:4.3\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"alias:cga-chh8-vhg4-2qj7\",\"security-group:sg-0ad037192bd9b2cfd\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"scored:false\",\"cve:cve-2024-28180\",\"kube_node_role:compute\",\"cluster:kafka-collab-intake-001\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"alias:cga-m474-c57g-8945\",\"ng_local_storage:true\",\"region:us-west-2\",\"alias:cga-r356-23m2-5p37\",\"alias:cga-hrqx-74pg-5m88\",\"app:kafka\",\"team:streaming-platform\",\"alias:cga-9vg5-h493-cxr7\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"dd_rule_type:not-empty\",\"kafka_broker_id:10000\",\"kube_node_role:kafka-medium\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"alias:cga-9vf9-m4f8-6392\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"last_detected_minutes:0\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"previous_status:open\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271526}},{\"id\":\"NWEzNGIyY2U2ZDQ5YWQ1MzI4YjJmNThmNjIwYmUzZWN-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-21908\"],\"cve\":\"CVE-2025-21908\",\"id\":\"TRIVY-CVE-2025-21908\",\"modified_at\":1759349912000,\"published_at\":1743524121000,\"summary\":\"kernel: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-051d6c5170313e729\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271495,\"finding_id\":\"NWEzNGIyY2U2ZDQ5YWQ1MzI4YjJmNThmNjIwYmUzZWN-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765397453913,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"i-051d6c5170313e729\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271495,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-common\"],\"name\":\"linux\",\"normalized_name\":\"linux\",\"version\":\"5.15.0-161.171\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":false},\"resource_id\":\"0aead7bacd260b9f23a21c955a84dd57\",\"resource_name\":\"i-051d6c5170313e729\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00014,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback\",\"vulnerability\":{\"cwes\":[\"CWE-667\"],\"hash\":\"4570b3e1911225fe950b59c16276bbd1c54abcdfb97343c6346b720728e37a2f\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271495,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"asset_id:i-051d6c5170313e729\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"event_type:close\",\"image:ami-0afa99f6d7a0af2bf\",\"fix_available:unavailable\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"instance_type:i3en.2xlarge\",\"aws:ec2:fleet-id:fleet-1a9e8026-5b07-6494-a418-858a394c5003\",\"source:datadog\",\"severity:low\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"asset_type:host\",\"cluster_name:machop\",\"base_severity:medium\",\"vuln_id:4570b3e1911225fe950b59c16276bbd1c54abcdfb97343c6346b720728e37a2f\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"site:datadoghq.com\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"in_production:false\",\"is_kube_cluster_experimental:false\",\"availability-zone:us-west-2a\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"base_score:5.5\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"team:compute-cloud-accounts\",\"score:2.7\",\"cluster:kafka-aws-metrics-001\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2a\",\"ecosystem:deb\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-6bf23963f9da330\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"epss_raw_score:0.00014\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"package_name:linux\",\"exposure_time_days:5\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"package_version:5.15.0-161.171\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"security-group:sg-0ad037192bd9b2cfd\",\"kube_node:ip-10-150-69-64.us-west-2.compute.internal\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"scored:false\",\"kube_node_role:compute\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"ng_local_storage:true\",\"region:us-west-2\",\"app:kafka\",\"team:streaming-platform\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"dd_rule_type:not-empty\",\"alias:cve-2025-21908\",\"kafka_broker_id:10000\",\"kube_node_role:kafka-medium\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"last_detected_minutes:0\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"previous_status:open\",\"cve:cve-2025-21908\",\"hash:4570b3e1911225fe950b59c16276bbd1c54abcdfb97343c6346b720728e37a2f\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271495}},{\"id\":\"ZDc1MGVmYjlhNWE4ZDIxOGY0ZDFmMDQ5ZDU5NDhhNTl-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-39806\"],\"cve\":\"CVE-2025-39806\",\"id\":\"TRIVY-CVE-2025-39806\",\"modified_at\":1762193808000,\"published_at\":1758028551000,\"summary\":\"kernel: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"204235354797\",\"cloud_provider\":\"aws\",\"display_name\":\"i-0fe66c7f2fe27288a\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838271483,\"finding_id\":\"ZDc1MGVmYjlhNWE4ZDIxOGY0ZDFmMDQ5ZDU5NDhhNTl-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765438485381,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0afa99f6d7a0af2bf\",\"name\":\"i-0fe66c7f2fe27288a\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"machop\"},\"last_seen_at\":1765838271483,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-common\"],\"name\":\"linux\",\"normalized_name\":\"linux\",\"version\":\"5.15.0-161.171\"},\"related_services\":[\"exposed_to_attacks:false\",\"kafka\"],\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"linux\",\"version\":\"5.15.0-163.173\"}]},\"recommended\":{\"name\":\"linux\",\"version\":\"5.15.0-163.173\"}},\"resource_id\":\"ccd780722c997ec5b77ea916b3c501ca\",\"resource_name\":\"i-0fe66c7f2fe27288a\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00036,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":3.6,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.8,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H\"}},\"status\":\"auto_closed\",\"title\":\"kernel: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()\",\"vulnerability\":{\"hash\":\"f48ef5d7531edd145ad05e7a4d3ad369393a320e87e7854007d0777f1d24624f\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"auto_closed_at\":1765838271483,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"event_type:close\",\"image:ami-0afa99f6d7a0af2bf\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"instance_type:i3en.2xlarge\",\"aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea\",\"source:datadog\",\"severity:low\",\"k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"fix_available:available\",\"asset_type:host\",\"cluster_name:machop\",\"base_severity:medium\",\"site:datadoghq.com\",\"auto-discovery.cluster-autoscaler.k8s.io/machop\",\"k8s.io/cluster-autoscaler/node-template/label/version:1\",\"version:1\",\"k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups\",\"assignee:none\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium\",\"assignee_id:none\",\"in_production:false\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"cve:cve-2025-39806\",\"adp_enabled:false\",\"public_exploit_available:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium\",\"base_score:5.8\",\"k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform\",\"team:compute-cloud-accounts\",\"hash:f48ef5d7531edd145ad05e7a4d3ad369393a320e87e7854007d0777f1d24624f\",\"aws:ec2:fleet-id:fleet-3a3e802e-dba5-6cb6-8eb8-07aa81064fd3\",\"ecosystem:deb\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"ng_cluster_autoscaler:true\",\"nodegroup:kafka_kafka-medium\",\"service_exposed_to_attacks:false\",\"account:staging-prtest02-yodel\",\"cloud_provider:aws\",\"nodegroups.datadoghq.com/namespace:kafka\",\"orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"name:kafka_kafka-medium\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"topicmappr_map:pool1\",\"nodegroups.datadoghq.com/name:kafka-medium\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"instance-type:i3en.2xlarge\",\"kube_node:ip-10-150-64-123.us-west-2.compute.internal\",\"k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium\",\"k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule\",\"service:kafka\",\"kubernetes.io/cluster/machop:owned\",\"exposure_time_days:4\",\"score:3.6\",\"package_name:linux\",\"alias:cve-2025-39806\",\"k8s.io/cluster-autoscaler/node-template/label/service:kafka\",\"package_version:5.15.0-161.171\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"security-group:sg-0ad037192bd9b2cfd\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"scored:false\",\"kube_node_role:compute\",\"autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6\",\"security-group:sg-0209ab6974808b99b\",\"os_name:ubuntu\",\"chart_name:kafka-nodegroups\",\"node.datadoghq.com/version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"ng_local_storage:true\",\"region:us-west-2\",\"epss_raw_score:0.00036\",\"app:kafka\",\"team:streaming-platform\",\"aws_account:204235354797\",\"node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true\",\"vuln_id:f48ef5d7531edd145ad05e7a4d3ad369393a320e87e7854007d0777f1d24624f\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi\",\"k8s.io/cluster-autoscaler/node-template/label/app:kafka\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka\",\"dd_rule_type:not-empty\",\"kube_node_role:kafka-medium\",\"asset_id:i-0fe66c7f2fe27288a\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392\",\"last_detected_minutes:0\",\"kube_cluster_name:machop\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"dd_compute_k8s_platform_version:v6-257-3\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi\",\"kafka_node_flavor:medium\",\"kafka_broker_id:10002\",\"k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform\",\"previous_status:open\",\"cluster:kafka-error-tracking-001\",\"managed_by_team:streaming-platform\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"kubernetes_cluster:machop\",\"env:staging\"],\"timestamp\":1765838271483}}],\"meta\":{\"elapsed\":1195,\"page\":{\"after\":\"eyJhZnRlciI6IkF3QUFBWnNrS2JQNzd2ekswQUFBQUJoQlduTnJTMkpRTjBGQlFUTnZOMEpJYkRVM00wbDZURVlBQUFBa1pERTVZakkwTWprdFlqWTFPUzAwWlRnMExUZzVNMll0WkRVNE5HTTVOVGRqWTJGa0FBQUFFZyIsInZhbHVlcyI6WzE3NjU4MzgyNzE0ODMsIjIwMjUtMTItMTVUMjI6Mzc6NTEuNDgzWiIsLTI4NTQyMjg5Nl19\"},\"request_id\":\"pddv1ChZEV0JfaHozRVJJT3B1aUpZVnRRSGZBIiwKHMkNUONObwGrUBI2wC3SsGESwWt0gp1AaEa5fmMSDOob7VueP1L1GfbrUg\",\"status\":\"done\"},\"links\":{\"next\":\"/api/v2/security/findings?page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrS2JQNzd2ekswQUFBQUJoQlduTnJTMkpRTjBGQlFUTnZOMEpJYkRVM00wbDZURVlBQUFBa1pERTVZakkwTWprdFlqWTFPUzAwWlRnMExUZzVNMll0WkRVNE5HTTVOVGRqWTJGa0FBQUFFZyIsInZhbHVlcyI6WzE3NjU4MzgyNzE0ODMsIjIwMjUtMTItMTVUMjI6Mzc6NTEuNDgzWiIsLTI4NTQyMjg5Nl19\\u0026page%5Blimit%5D=10\\u0026sort=-%40detection_changed_at\"}}", + "headers": { + "Content-Type": [ + "application/vnd.api+json" + ] + }, + "statusCode": 200, + "reasonPhrase": "OK" + }, + "times": { + "remainingTimes": 1 + }, + "timeToLive": { + "unlimited": true + }, + "id": "a212c1f1-0527-bc27-9525-4c51e88ee1e0" + } +] \ No newline at end of file diff --git a/src/test/resources/cassettes/features/v2/List_security_findings_returns_OK_response_with_pagination.freeze b/src/test/resources/cassettes/features/v2/List_security_findings_returns_OK_response_with_pagination.freeze new file mode 100644 index 00000000000..5226ac2da3f --- /dev/null +++ b/src/test/resources/cassettes/features/v2/List_security_findings_returns_OK_response_with_pagination.freeze @@ -0,0 +1 @@ +2025-12-15T22:38:44.211Z \ No newline at end of file diff --git a/src/test/resources/cassettes/features/v2/List_security_findings_returns_OK_response_with_pagination.json b/src/test/resources/cassettes/features/v2/List_security_findings_returns_OK_response_with_pagination.json new file mode 100644 index 00000000000..2dd1da0e19a --- /dev/null +++ b/src/test/resources/cassettes/features/v2/List_security_findings_returns_OK_response_with_pagination.json @@ -0,0 +1,33 @@ +[ + { + "httpRequest": { + "headers": {}, + "method": "GET", + "path": "/api/v2/security/findings", + "queryStringParameters": { + "page[limit]": [ + "5" + ] + }, + "keepAlive": false, + "secure": true + }, + "httpResponse": { + "body": "{\"data\":[{\"id\":\"OXBuLXltcS1yaGh-aS0wODVkZTgwNWY4NTJlZGQxNA==\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"cloud_resource\":{\"account\":\"727006795293\",\"category\":\"hosts\",\"cloud_provider\":\"aws\",\"configuration\":{\"account_id\":\"727006795293\",\"agent_framework_id\":\"cis-ubuntu2204\",\"agent_rule_id\":\"xccdf_org.ssgproject.content_rule_package_bind_removed\",\"agent_version\":\"7.74.0-rc.3\",\"evaluator\":\"xccdf\",\"framework_requirement\":[\"cis-ubuntu2004/DNS-Server\",\"cis-rhel9/DNS-Server\",\"cis-ubuntu2404/DNS-Server\",\"cis-rhel8/DNS-Server\",\"cis-rhel7/DNS-Server\",\"cis-amzn2/DNS-Server\",\"cis-al2023/DNS-Server\",\"cis-ubuntu2204/DNS-Server\",\"cis-almalinux9/DNS-Server\"],\"framework_requirement_control\":[\"cis-ubuntu2004/DNS-Server/2.2.8\",\"cis-ubuntu2404/DNS-Server/2.1.4\",\"cis-rhel7/DNS-Server/2.2.4\",\"cis-almalinux9/DNS-Server/2.1.4\",\"cis-rhel8/DNS-Server/2.2.4\",\"cis-rhel9/DNS-Server/2.1.4\",\"cis-al2023/DNS-Server/2.2.5\",\"cis-amzn2/DNS-Server/2.2.4\",\"cis-ubuntu2204/DNS-Server/2.2.7\"]},\"region\":\"us-east-1\"},\"compliance\":{\"evaluation\":\"pass\",\"framework_requirement_controls\":[\"cis-ubuntu2004/DNS-Server/2.2.8\",\"cis-ubuntu2404/DNS-Server/2.1.4\",\"cis-rhel7/DNS-Server/2.2.4\",\"cis-almalinux9/DNS-Server/2.1.4\",\"cis-rhel8/DNS-Server/2.2.4\",\"cis-rhel9/DNS-Server/2.1.4\",\"cis-al2023/DNS-Server/2.2.5\",\"cis-amzn2/DNS-Server/2.2.4\",\"cis-ubuntu2204/DNS-Server/2.2.7\"],\"framework_requirements\":[\"cis-ubuntu2004/DNS-Server\",\"cis-rhel9/DNS-Server\",\"cis-ubuntu2404/DNS-Server\",\"cis-rhel8/DNS-Server\",\"cis-rhel7/DNS-Server\",\"cis-amzn2/DNS-Server\",\"cis-al2023/DNS-Server\",\"cis-ubuntu2204/DNS-Server\",\"cis-almalinux9/DNS-Server\"],\"frameworks\":[{\"control\":\"2.2.8\",\"framework\":\"cis-ubuntu2004\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ apt-get remove bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind9\\n# from the system, and may remove any packages\\n# that depend on bind9. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nDEBIAN_FRONTEND=noninteractive apt-get remove -y \\\"bind9\\\"\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind9 is removed'\\n ansible.builtin.package:\\n name: bind9\\n state: absent\\n tags:\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"1.0.0\"},{\"control\":\"2.2.7\",\"framework\":\"cis-ubuntu2204\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ apt-get remove bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind9\\n# from the system, and may remove any packages\\n# that depend on bind9. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nDEBIAN_FRONTEND=noninteractive apt-get remove -y \\\"bind9\\\"\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind9 is removed'\\n ansible.builtin.package:\\n name: bind9\\n state: absent\\n tags:\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"2.0.0\"},{\"control\":\"2.2.4\",\"framework\":\"cis-rhel7\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ sudo yum erase bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind\\n#\\t from the system, and may remove any packages\\n#\\t that depend on bind. Execute this\\n#\\t remediation AFTER testing on a non-production\\n#\\t system!\\n\\nif rpm -q --quiet \\\"bind\\\" ; then\\n\\n yum remove -y \\\"bind\\\"\\n\\nfi\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: Ensure bind is removed\\n package:\\n name: bind\\n state: absent\\n tags:\\n - CCE-80326-2\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"3.1.1\"},{\"control\":\"2.2.4\",\"framework\":\"cis-rhel8\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ sudo yum erase bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind\\n# from the system, and may remove any packages\\n# that depend on bind. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nif rpm -q --quiet \\\"bind\\\" ; then\\nyum remove -y \\\"bind\\\"\\nfi\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind is removed'\\n ansible.builtin.package:\\n name: bind\\n state: absent\\n tags:\\n - CCE-82408-6\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"3.0.0\"},{\"control\":\"2.1.4\",\"framework\":\"cis-rhel9\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ sudo dnf remove bind\\n```\\nOn Red Hat Enterprise Linux 9.6 and newer, the `bind` command is also provided by the `bind9.18` package.\\nThe `bind9.18` package can be removed with the following command:\\n```\\n\\n$ sudo dnf remove bind9.18\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind and bind9.18\\n# from the system, and may remove any packages\\n# that depend on bind and bind9.18. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nif rpm -q --quiet \\\"bind\\\" ; then\\ndnf remove -y --noautoremove \\\"bind\\\"\\nfi\\n\\nif rpm -q --quiet \\\"bind9.18\\\" ; then\\ndnf remove -y --noautoremove \\\"bind9.18\\\"\\nfi\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind is removed'\\n ansible.builtin.package:\\n name: bind\\n state: absent\\n tags:\\n - CCE-86505-5\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n\\n- name: 'Uninstall bind Package: Ensure bind9.18 is removed'\\n ansible.builtin.package:\\n name: bind9.18\\n state: absent\\n tags:\\n - CCE-86505-5\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"2.0.0\"},{\"control\":\"2.1.4\",\"framework\":\"cis-almalinux9\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ sudo dnf remove bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind\\n# from the system, and may remove any packages\\n# that depend on bind. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nif rpm -q --quiet \\\"bind\\\" ; then\\ndnf remove -y --noautoremove \\\"bind\\\"\\nfi\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind is removed'\\n ansible.builtin.package:\\n name: bind\\n state: absent\\n tags:\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"2.0.0\"},{\"control\":\"2.2.4\",\"framework\":\"cis-amzn2\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ sudo yum erase bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind\\n#\\t from the system, and may remove any packages\\n#\\t that depend on bind. Execute this\\n#\\t remediation AFTER testing on a non-production\\n#\\t system!\\n\\nif rpm -q --quiet \\\"bind\\\" ; then\\n\\n yum remove -y \\\"bind\\\"\\n\\nfi\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: Ensure bind is removed\\n package:\\n name: bind\\n state: absent\\n tags:\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"3.0.0\"},{\"control\":\"2.2.5\",\"framework\":\"cis-al2023\",\"is_default\":true,\"message\":\"## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ sudo dnf remove bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind\\n# from the system, and may remove any packages\\n# that depend on bind. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nif rpm -q --quiet \\\"bind\\\" ; then\\ndnf remove -y --noautoremove \\\"bind\\\"\\nfi\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind is removed'\\n ansible.builtin.package:\\n name: bind\\n state: absent\\n tags:\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\",\"requirement\":\"DNS-Server\",\"version\":\"1.0.0\"},{\"control\":\"2.2.5\",\"framework\":\"cis-al2023\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"1.0.0\"},{\"control\":\"2.1.4\",\"framework\":\"cis-almalinux9\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"2.0.0\"},{\"control\":\"2.2.4\",\"framework\":\"cis-amzn2\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"3.0.0\"},{\"control\":\"2.2.4\",\"framework\":\"cis-rhel7\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"3.1.1\"},{\"control\":\"2.2.4\",\"framework\":\"cis-rhel8\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"3.0.0\"},{\"control\":\"2.1.4\",\"framework\":\"cis-rhel9\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"2.0.0\"},{\"control\":\"2.2.8\",\"framework\":\"cis-ubuntu2004\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"1.0.0\"},{\"control\":\"2.2.7\",\"framework\":\"cis-ubuntu2204\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"2.0.0\"},{\"control\":\"2.1.4\",\"framework\":\"cis-ubuntu2404\",\"is_default\":true,\"requirement\":\"DNS-Server\",\"version\":\"1.0.0\"}]},\"description\":\"%%%\\n## Description\\n\\nThe `named` service is provided by the `bind` package.\\nThe `bind` package can be removed with the following command:\\n```\\n\\n$ apt-get remove bind\\n```\\n\\n\\n## Rationale\\n\\nIf there is no need to make DNS server software available,\\nremoving it provides a safeguard against its activation.\\n\\n## Remediation\\n\\n### Shell script\\n\\nThe following script can be run on the host to remediate the issue.\\n\\n```\\n#!/bin/bash\\n\\n# CAUTION: This remediation script will remove bind9\\n# from the system, and may remove any packages\\n# that depend on bind9. Execute this\\n# remediation AFTER testing on a non-production\\n# system!\\n\\n\\nDEBIAN_FRONTEND=noninteractive apt-get remove -y \\\"bind9\\\"\\n```\\n\\n### Ansible playbook\\n\\nThe following playbook can be run with Ansible to remediate the issue.\\n\\n```\\n- name: 'Uninstall bind Package: Ensure bind9 is removed'\\n ansible.builtin.package:\\n name: bind9\\n state: absent\\n tags:\\n - NIST-800-53-CM-6(a)\\n - NIST-800-53-CM-7(a)\\n - NIST-800-53-CM-7(b)\\n - disable_strategy\\n - low_complexity\\n - low_disruption\\n - low_severity\\n - no_reboot_needed\\n - package_bind_removed\\n```\\n\\n%%%\",\"detection_changed_at\":1765838312079,\"finding_id\":\"OXBuLXltcS1yaGh-aS0wODVkZTgwNWY4NTJlZGQxNA==\",\"finding_type\":\"misconfiguration\",\"first_seen_at\":1765838312079,\"host\":{\"cloud_provider\":\"aws\",\"name\":\"i-085de805f852edd14\"},\"k8s\":{\"cluster_id\":\"heatran\"},\"last_seen_at\":1765838312079,\"metadata\":{\"schema_version\":\"2\"},\"resource_id\":\"i-085de805f852edd14\",\"resource_name\":\"i-085de805f852edd14\",\"resource_type\":\"host\",\"rule\":{\"default_rule_id\":\"def-000-zlf\",\"id\":\"9pn-ymq-rhh\",\"name\":\"Uninstall bind Package\",\"type\":\"infrastructure configuration\",\"version\":25},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2,\"value\":\"low\",\"value_id\":1}},\"status\":\"open\",\"title\":\"Uninstall bind Package\",\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"scored:true\",\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1c\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"availability-zone:us-east-1c\",\"role:kube-node\",\"env:staging\",\"image:ami-0a8a2ad2689e7c22d\",\"control:2.2.4\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"kubernetes.io/cluster/heatran:owned\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:5971764ki\",\"site:datad0g.com\",\"framework:cis-ubuntu2204\",\"adp_enabled:true\",\"security:compliance\",\"auto-discovery.cluster-autoscaler.k8s.io/heatran\",\"chart_name:koutris-infra\",\"security-group:sg-0a2e60dd3f9a5a6ab\",\"kube_node_role:compute\",\"control:2.2.7\",\"control:2.2.8\",\"control:2.2.5\",\"autoscaling_group:us1-staging-dog-heatran-k8s-ng-asg-a6848eee38b2f3a8\",\"kube_cluster_name:heatran\",\"orch_cluster_id:0659afbc-9c8d-401f-926c-8d0a7d64a5d8\",\"dd_compute_k8s_platform_version:v6-271-0\",\"name:koutris_koutris-fw-2c8g\",\"kubernetes_cluster:heatran\",\"release:koutris-infra\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:koutris\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:93mi\",\"kube_node:ip-10-112-62-173.ec2.internal\",\"aws_account:727006795293\",\"host:i-085de805f852edd14\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:1900m\",\"pci_compliance_level:tier_two\",\"is_kube_cluster_experimental:false\",\"aws:ec2launchtemplate:id:lt-0565e94873111d4dc\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false\",\"requirement:dns-server\",\"node.datadoghq.com/cgroup:v2\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"team:monitor-intake\",\"security-group:sg-0ebe29714ed14f3c3\",\"region:us-east-1\",\"control:2.1.4\",\"aws:ec2:fleet-id:fleet-4fbf0515-3c0e-e685-0c1a-01aa4d0a88dd\",\"ng_local_storage:false\",\"cluster_name:heatran\",\"cpu_arch:amd64\",\"ng_cluster_autoscaler:true\",\"nodegroup:koutris_koutris-fw-2c8g\",\"source:host-benchmarks\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/koutris-fw-2c8g\",\"account_id:727006795293\",\"iam_profile:k8s/us1-staging-dog-heatran-kube-node_v2\",\"instance_type:m6i.large\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"node.datadoghq.com/version:v6-271-0\",\"aws:ec2launchtemplate:version:1\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:20\",\"datacenter:us1.staging.dog\",\"k8s.io/cluster-autoscaler/node-template/taint/node:koutris-fw-2c8g:noschedule\",\"kube_node_role:koutris-fw-2c8g\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:koutris-fw-2c8g\",\"account:staging\",\"framework_version:cis-ubuntu2204_v2.0.0\",\"source:compliance-agent\",\"nodegroups.datadoghq.com/name:koutris-fw-2c8g\",\"agent_release_candidate_cluster:false\",\"instance-type:m6i.large\",\"nodegroups.datadoghq.com/namespace:koutris\"],\"timestamp\":1765838312079}},{\"id\":\"YTcxZGViZjIxNDMwYzMzM2ZjZTJlMzQ3NzZkZmEzZWF-OTljOTc5NDQ2OGY3Zjk3YmEzZGE2YzUxODZhMzQ4M2M=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-26740\"],\"cve\":\"CVE-2024-26740\",\"id\":\"TRIVY-CVE-2024-26740\",\"modified_at\":1742227413000,\"published_at\":1712164551000,\"summary\":\"kernel: net/sched: act_mirred: use the backlog for mirred ingress\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"ip-10-151-58-63.us-west-2.compute.internal-raboot-c\"},\"detection_changed_at\":1765838311928,\"finding_id\":\"YTcxZGViZjIxNDMwYzMzM2ZjZTJlMzQ3NzZkZmEzZWF-OTljOTc5NDQ2OGY3Zjk3YmEzZGE2YzUxODZhMzQ4M2M=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765838305292,\"host\":{\"name\":\"ip-10-151-58-63.us-west-2.compute.internal-raboot-c\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"raboot-c\"},\"last_seen_at\":1765838311928,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-common\"],\"name\":\"linux\",\"normalized_name\":\"linux\",\"version\":\"5.15.0-164.174\"},\"remediation\":{\"is_available\":false},\"resource_id\":\"99c9794468f7f97ba3da6c5186a3483c\",\"resource_name\":\"ip-10-151-58-63.us-west-2.compute.internal-raboot-c\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00007,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}},\"status\":\"open\",\"title\":\"kernel: net/sched: act_mirred: use the backlog for mirred ingress\",\"vulnerability\":{\"cwes\":[\"CWE-667\"],\"hash\":\"7006ac6847128f6a8d00b409db2695db2509f2ffcac2f023ccd33af9fc50a060\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"kube_node:ip-10-151-58-63.us-west-2.compute.internal\",\"package_name:linux\",\"epss_raw_score:0.000070\",\"fix_available:unavailable\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"source:datadog\",\"severity:low\",\"hash:7006ac6847128f6a8d00b409db2695db2509f2ffcac2f023ccd33af9fc50a060\",\"vulnerability_status:open\",\"cluster_name:raboot-c\",\"scored:false\",\"kube_node_role:compute\",\"asset_type:host\",\"new:true\",\"base_severity:medium\",\"os_name:ubuntu\",\"site:datadoghq.com\",\"assignee:none\",\"assignee_id:none\",\"in_production:false\",\"kube_cluster_name:raboot-c\",\"vuln_id:7006ac6847128f6a8d00b409db2695db2509f2ffcac2f023ccd33af9fc50a060\",\"is_kube_cluster_experimental:false\",\"orch_cluster_id:76cfd63e-1d3b-4bf3-b0b0-93e1423ef6cc\",\"node.datadoghq.com/flavor:standard\",\"nodegroups.datadoghq.com/name:nodeless-amd64-d-c6a-2xlarge\",\"adp_enabled:false\",\"public_exploit_available:false\",\"alias:cve-2024-26740\",\"node.datadoghq.com/cgroup:v2\",\"node.datadoghq.com/version:v6-260-2\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"base_score:5.5\",\"score:2.7\",\"dd_rule_type:not-empty\",\"ecosystem:deb\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"cve:cve-2024-26740\",\"cpu_arch:amd64\",\"ng_cluster_autoscaler:true\",\"package_version:5.15.0-164.174\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"kube_node_role:nodeless-amd64-d-c6a-2xlarge\",\"instance_type:c6a.2xlarge\",\"event_type:new\",\"asset_id:ip-10-151-58-63.us-west-2.compute.internal-raboot-c\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838311928}},{\"id\":\"MDdjY2IxZjk1MzQ2NDIzOWJjYWE1Yjk4NmU3MWNiZGF-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-38057\"],\"cve\":\"CVE-2025-38057\",\"id\":\"TRIVY-CVE-2025-38057\",\"modified_at\":1765059350000,\"published_at\":1750241738000,\"summary\":\"kernel: espintcp: fix skb leaks\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\"},\"detection_changed_at\":1765838311625,\"finding_id\":\"MDdjY2IxZjk1MzQ2NDIzOWJjYWE1Yjk4NmU3MWNiZGF-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765838306213,\"host\":{\"name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"grooky\"},\"last_seen_at\":1765838311912,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-6.8.0-1040-aws\",\"linux-modules-6.8.0-1044-aws\",\"linux-aws-6.8-headers-6.8.0-1040\"],\"name\":\"linux-aws-6.8\",\"normalized_name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1040.42~22.04.1\"},\"remediation\":{\"is_available\":false},\"resource_id\":\"bbbd1d4b047c44f8f95e5bd24523f7a3\",\"resource_name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00015,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.7,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.5,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\"}},\"status\":\"open\",\"title\":\"kernel: espintcp: fix skb leaks\",\"vulnerability\":{\"cwes\":[\"CWE-401\"],\"hash\":\"2d7834d0e13e82fb456bdd55f899695eac53e854edd35696150e726551ccbd6a\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"cluster_name:grooky\",\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"event_type:none\",\"fix_available:unavailable\",\"env:staging\",\"vuln_id:2d7834d0e13e82fb456bdd55f899695eac53e854edd35696150e726551ccbd6a\",\"hash:2d7834d0e13e82fb456bdd55f899695eac53e854edd35696150e726551ccbd6a\",\"package_name:linux-aws-6.8\",\"nodegroups.datadoghq.com/name:nodeless-arm64-d-c6g-4xlarge\",\"source:datadog\",\"severity:low\",\"vulnerability_status:open\",\"kube_cluster_name:grooky\",\"scored:false\",\"kube_node_role:compute\",\"asset_type:host\",\"base_severity:medium\",\"os_name:ubuntu\",\"site:datadoghq.com\",\"datacenter:prtest03.staging.dog\",\"assignee:none\",\"asset_id:ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"assignee_id:none\",\"in_production:false\",\"is_kube_cluster_experimental:false\",\"node.datadoghq.com/flavor:standard\",\"orch_cluster_id:093ee83e-2ab7-4c08-8f9e-b580f7bb8115\",\"adp_enabled:false\",\"running_kernel:false\",\"public_exploit_available:false\",\"node.datadoghq.com/cgroup:v2\",\"node.datadoghq.com/version:v6-260-2\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"base_score:5.5\",\"score:2.7\",\"dd_rule_type:not-empty\",\"ecosystem:deb\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"package_version:6.8.0-1040.42_22.04.1\",\"ng_cluster_autoscaler:true\",\"kube_node:ip-10-12-87-102.us-west-2.compute.internal\",\"alias:cve-2025-38057\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"instance_type:c6g.4xlarge\",\"cve:cve-2025-38057\",\"cpu_arch:arm64\",\"kube_node_role:nodeless-arm64-d-c6g-4xlarge\",\"epss_raw_score:0.00015\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838311625}},{\"id\":\"MGQwMzY2ODc3OTYzNDE2ZWE3YjVhMmFmOWQ3OWI5ZjV-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2025-40114\"],\"cve\":\"CVE-2025-40114\",\"id\":\"TRIVY-CVE-2025-40114\",\"modified_at\":1759331744000,\"published_at\":1744960544000,\"summary\":\"kernel: iio: light: Add check for array bounds in veml6075_read_int_time_ms\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\"},\"detection_changed_at\":1765838311522,\"finding_id\":\"MGQwMzY2ODc3OTYzNDE2ZWE3YjVhMmFmOWQ3OWI5ZjV-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765838306213,\"host\":{\"name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"grooky\"},\"last_seen_at\":1765838311522,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"linux-tools-6.8.0-1040-aws\",\"linux-aws-6.8-tools-6.8.0-1040\",\"linux-modules-6.8.0-1040-aws\"],\"name\":\"linux-aws-6.8\",\"normalized_name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1040.42~22.04.1\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1041.43~22.04.1\"}]},\"recommended\":{\"name\":\"linux-aws-6.8\",\"version\":\"6.8.0-1041.43~22.04.1\"}},\"resource_id\":\"bbbd1d4b047c44f8f95e5bd24523f7a3\",\"resource_name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00018,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"medium\",\"severity_details\":{\"adjusted\":{\"score\":4.7,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":7.8,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\"}},\"status\":\"open\",\"title\":\"kernel: iio: light: Add check for array bounds in veml6075_read_int_time_ms\",\"vulnerability\":{\"cwes\":[\"CWE-129\"],\"hash\":\"a62facb5685f29ada4e069863e0edc360411f4283477fa21fa3c7fec6b39e603\",\"stack\":{\"ecosystem\":\"deb\"}},\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"cluster_name:grooky\",\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"event_type:none\",\"env:staging\",\"package_name:linux-aws-6.8\",\"nodegroups.datadoghq.com/name:nodeless-arm64-d-c6g-4xlarge\",\"source:datadog\",\"vulnerability_status:open\",\"fix_available:available\",\"kube_cluster_name:grooky\",\"vuln_id:a62facb5685f29ada4e069863e0edc360411f4283477fa21fa3c7fec6b39e603\",\"scored:false\",\"kube_node_role:compute\",\"hash:a62facb5685f29ada4e069863e0edc360411f4283477fa21fa3c7fec6b39e603\",\"asset_type:host\",\"os_name:ubuntu\",\"site:datadoghq.com\",\"datacenter:prtest03.staging.dog\",\"assignee:none\",\"asset_id:ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"assignee_id:none\",\"cve:cve-2025-40114\",\"in_production:false\",\"alias:cve-2025-40114\",\"is_kube_cluster_experimental:false\",\"node.datadoghq.com/flavor:standard\",\"orch_cluster_id:093ee83e-2ab7-4c08-8f9e-b580f7bb8115\",\"adp_enabled:false\",\"running_kernel:false\",\"public_exploit_available:false\",\"node.datadoghq.com/cgroup:v2\",\"node.datadoghq.com/version:v6-260-2\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"base_score:7.8\",\"score:4.7\",\"severity:medium\",\"dd_rule_type:not-empty\",\"ecosystem:deb\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"package_version:6.8.0-1040.42_22.04.1\",\"ng_cluster_autoscaler:true\",\"kube_node:ip-10-12-87-102.us-west-2.compute.internal\",\"last_detected_minutes:0\",\"base_severity:high\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"instance_type:c6g.4xlarge\",\"cpu_arch:arm64\",\"kube_node_role:nodeless-arm64-d-c6g-4xlarge\",\"type:component_with_known_vulnerability\",\"epss_raw_score:0.00018\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838311522}},{\"id\":\"ZmM0NTk0NmQzNzIwNTk0ZTQ0ODM5OWM1MDI5ODBhNDZ-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"BIT-golang-2025-47912\",\"CVE-2025-47912\"],\"cve\":\"CVE-2025-47912\",\"id\":\"GO-2025-4010\",\"modified_at\":1762437598375,\"published_at\":1761774598000,\"summary\":\"Insufficient validation of bracketed IPv6 hostnames in net/url\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\"},\"detection_changed_at\":1765838311417,\"finding_id\":\"ZmM0NTk0NmQzNzIwNTk0ZTQ0ODM5OWM1MDI5ODBhNDZ-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765838306213,\"host\":{\"name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"grooky\"},\"last_seen_at\":1765838311417,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"stdlib\"],\"name\":\"stdlib\",\"normalized_name\":\"stdlib\",\"version\":\"v1.22.10\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"stdlib\",\"version\":\"1.25.2\"}]},\"recommended\":{\"name\":\"stdlib\",\"version\":\"1.25.2\"}},\"resource_id\":\"bbbd1d4b047c44f8f95e5bd24523f7a3\",\"resource_name\":\"ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":false,\"has_high_exploitability_chance\":false,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"type\":\"unavailable\"},\"impact_cvss\":\"safer\",\"value\":false},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.00025,\"epss_severity\":\"low\"},\"impact_cvss\":\"safer\",\"value\":false},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"low\",\"severity_details\":{\"adjusted\":{\"score\":2.8,\"value\":\"low\",\"value_id\":1,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":5.3,\"value\":\"medium\",\"value_id\":2,\"vector\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\"}},\"status\":\"open\",\"title\":\"Insufficient validation of bracketed IPv6 hostnames in net/url\",\"vulnerability\":{\"hash\":\"1505a97f3a8bd19c9a5d29f14c9d60749f479ac2de30a8a8b95fbfb5e4b7db53\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"cluster_name:grooky\",\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"ecosystem:go\",\"env:staging\",\"cve:cve-2025-47912\",\"nodegroups.datadoghq.com/name:nodeless-arm64-d-c6g-4xlarge\",\"epss_raw_score:0.00025\",\"alias:cve-2025-47912\",\"source:datadog\",\"severity:low\",\"vulnerability_status:open\",\"fix_available:available\",\"kube_cluster_name:grooky\",\"scored:false\",\"kube_node_role:compute\",\"asset_type:host\",\"new:true\",\"base_severity:medium\",\"os_name:ubuntu\",\"site:datadoghq.com\",\"datacenter:prtest03.staging.dog\",\"assignee:none\",\"asset_id:ip-10-12-87-102.us-west-2.compute.internal-grooky\",\"assignee_id:none\",\"in_production:false\",\"is_kube_cluster_experimental:false\",\"node.datadoghq.com/flavor:standard\",\"orch_cluster_id:093ee83e-2ab7-4c08-8f9e-b580f7bb8115\",\"alias:bit-golang-2025-47912\",\"adp_enabled:false\",\"public_exploit_available:false\",\"node.datadoghq.com/cgroup:v2\",\"node.datadoghq.com/version:v6-260-2\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"base_score:5.3\",\"score:2.8\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"package_version:v1.22.10\",\"package_name:stdlib\",\"ng_cluster_autoscaler:true\",\"kube_node:ip-10-12-87-102.us-west-2.compute.internal\",\"hash:1505a97f3a8bd19c9a5d29f14c9d60749f479ac2de30a8a8b95fbfb5e4b7db53\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"event_type:new\",\"instance_type:c6g.4xlarge\",\"vuln_id:1505a97f3a8bd19c9a5d29f14c9d60749f479ac2de30a8a8b95fbfb5e4b7db53\",\"cpu_arch:arm64\",\"kube_node_role:nodeless-arm64-d-c6g-4xlarge\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838311417}}],\"meta\":{\"elapsed\":1248,\"page\":{\"after\":\"eyJhZnRlciI6IkF3QUFBWnNrS2tfNUZKWWZDd0FBQUJoQlduTnJTMnRmTlVGQlFqWkNNM3BmZVhadWJXNXhVMElBQUFBa1pqRTVZakkwTW1FdE5USmlaQzAwTldVd0xUZzRNREF0WW1ZeVlXSmlOR1k0TldRM0FBQUFMZyIsInZhbHVlcyI6WzE3NjU4MzgzMTE0MTcsIjIwMjUtMTItMTVUMjI6Mzg6MzEuNDE3WiIsMzQ1MzgyNjY3XX0=\"},\"request_id\":\"pddv1ChZubmNwVFVjWVJRLW9xSWIybklHWXJ3Ii0KHaszALDHDfJD6z3rlnQLgHugKbU0hTnqHR56Yrc4Egx3bkYPy7veSr6fRk0\",\"status\":\"done\"},\"links\":{\"next\":\"/api/v2/security/findings?page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrS2tfNUZKWWZDd0FBQUJoQlduTnJTMnRmTlVGQlFqWkNNM3BmZVhadWJXNXhVMElBQUFBa1pqRTVZakkwTW1FdE5USmlaQzAwTldVd0xUZzRNREF0WW1ZeVlXSmlOR1k0TldRM0FBQUFMZyIsInZhbHVlcyI6WzE3NjU4MzgzMTE0MTcsIjIwMjUtMTItMTVUMjI6Mzg6MzEuNDE3WiIsMzQ1MzgyNjY3XX0%3D\\u0026page%5Blimit%5D=5\\u0026sort=-%40detection_changed_at\"}}", + "headers": { + "Content-Type": [ + "application/vnd.api+json" + ] + }, + "statusCode": 200, + "reasonPhrase": "OK" + }, + "times": { + "remainingTimes": 1 + }, + "timeToLive": { + "unlimited": true + }, + "id": "430f92d4-6487-cafa-52e1-3d93529533fe" + } +] \ No newline at end of file diff --git a/src/test/resources/cassettes/features/v2/Search_security_findings_returns_Bad_Request_response.freeze b/src/test/resources/cassettes/features/v2/Search_security_findings_returns_Bad_Request_response.freeze new file mode 100644 index 00000000000..88d23fa2be0 --- /dev/null +++ b/src/test/resources/cassettes/features/v2/Search_security_findings_returns_Bad_Request_response.freeze @@ -0,0 +1 @@ +2025-12-17T16:27:52.376Z \ No newline at end of file diff --git a/src/test/resources/cassettes/features/v2/Search_security_findings_returns_Bad_Request_response.json b/src/test/resources/cassettes/features/v2/Search_security_findings_returns_Bad_Request_response.json new file mode 100644 index 00000000000..c4d7d1ec5bb --- /dev/null +++ b/src/test/resources/cassettes/features/v2/Search_security_findings_returns_Bad_Request_response.json @@ -0,0 +1,32 @@ +[ + { + "httpRequest": { + "body": { + "type": "JSON", + "json": "{\"page\":{\"cursor\":\"invalid_cursor\"}}" + }, + "headers": {}, + "method": "POST", + "path": "/api/v2/security/findings/search", + "keepAlive": false, + "secure": true + }, + "httpResponse": { + "body": "{\"errors\":[{\"status\":\"400\",\"title\":\"Bad Request\",\"detail\":\"document is missing required top-level members; must have one of: \\\"data\\\", \\\"meta\\\", \\\"errors\\\"\"}]}", + "headers": { + "Content-Type": [ + "application/vnd.api+json" + ] + }, + "statusCode": 400, + "reasonPhrase": "Bad Request" + }, + "times": { + "remainingTimes": 1 + }, + "timeToLive": { + "unlimited": true + }, + "id": "c47f7cfc-83de-8dd7-156b-7d2e2e9517da" + } +] \ No newline at end of file diff --git a/src/test/resources/cassettes/features/v2/Search_security_findings_returns_OK_response.freeze b/src/test/resources/cassettes/features/v2/Search_security_findings_returns_OK_response.freeze new file mode 100644 index 00000000000..8305206aaf0 --- /dev/null +++ b/src/test/resources/cassettes/features/v2/Search_security_findings_returns_OK_response.freeze @@ -0,0 +1 @@ +2025-12-15T22:43:55.549Z \ No newline at end of file diff --git a/src/test/resources/cassettes/features/v2/Search_security_findings_returns_OK_response.json b/src/test/resources/cassettes/features/v2/Search_security_findings_returns_OK_response.json new file mode 100644 index 00000000000..d4bd4e56736 --- /dev/null +++ b/src/test/resources/cassettes/features/v2/Search_security_findings_returns_OK_response.json @@ -0,0 +1,32 @@ +[ + { + "httpRequest": { + "body": { + "type": "JSON", + "json": "{\"data\":{\"attributes\":{\"filter\":\"@severity:(critical OR high)\"}}}" + }, + "headers": {}, + "method": "POST", + "path": "/api/v2/security/findings/search", + "keepAlive": false, + "secure": true + }, + "httpResponse": { + "body": "{\"data\":[{\"id\":\"Y2RiNWYyMmQ2Nzg2ZTBkYjA1ZTc5NDM3MDU5NGJhNTh-MWIxYTc2ZDZkNDZlYmE0YjFlY2RkMDY0NjRlYjIwZTk=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-45337\",\"GO-2024-3321\"],\"cve\":\"CVE-2024-45337\",\"id\":\"GHSA-v778-237x-gjrc\",\"modified_at\":1738337443000,\"published_at\":1733954584000,\"summary\":\"Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"990060747993\",\"cloud_provider\":\"aws\",\"display_name\":\"ip-10-151-60-149.us-west-2.compute.internal-raboot-c\",\"region\":\"us-west-2\"},\"detection_changed_at\":1765838619159,\"finding_id\":\"Y2RiNWYyMmQ2Nzg2ZTBkYjA1ZTc5NDM3MDU5NGJhNTh-MWIxYTc2ZDZkNDZlYmE0YjFlY2RkMDY0NjRlYjIwZTk=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765838614786,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0e7b60ad05b2da7ed\",\"name\":\"ip-10-151-60-149.us-west-2.compute.internal-raboot-c\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"raboot-c\"},\"last_seen_at\":1765838619159,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"golang.org/x/crypto\"],\"name\":\"golang.org/x/crypto\",\"normalized_name\":\"golang.org/x/crypto\",\"version\":\"v0.18.0\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"golang.org/x/crypto\",\"version\":\"0.31.0\"}]},\"recommended\":{\"name\":\"golang.org/x/crypto\",\"version\":\"0.31.0\"}},\"resource_id\":\"1b1a76d6d46eba4b1ecdd06464eb20e9\",\"resource_name\":\"ip-10-151-60-149.us-west-2.compute.internal-raboot-c\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/NHAS/CVE-2024-45337-POC\",\"https://github.com/NHAS/VULNERABLE-CVE-2024-45337\",\"https://github.com/peace-maker/CVE-2024-45337\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.42906,\"epss_severity\":\"medium\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":7,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":9.1,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\"}},\"status\":\"open\",\"title\":\"Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto\",\"vulnerability\":{\"cwes\":[\"CWE-285\"],\"hash\":\"2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"kube_node_role:nodeless\",\"aws:ec2launchtemplate:id:lt-0105c69a444a8e9fb\",\"ecosystem:go\",\"dd_compute_k8s_platform_version:v6-260-2\",\"k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-200m-v2\",\"aws_account:990060747993\",\"fix_version:v0.46.0\",\"instance-type:c6a.2xlarge\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:13480074445\",\"kubernetes_cluster:raboot-c\",\"source:datadog\",\"k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule\",\"vulnerability_status:open\",\"fix_available:available\",\"cluster_name:raboot-c\",\"iam_profile:k8s/prtest02-staging-dog-raboot-c-kube-node_v2\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s\",\"asset_type:host\",\"new:true\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true\",\"site:datadoghq.com\",\"kubernetes.io/cluster/raboot-c:owned\",\"assignee:none\",\"alias:go-2024-3321\",\"assignee_id:none\",\"in_production:false\",\"cve:cve-2024-45337\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-c6a-2xlarge\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"node.datadoghq.com/flavor:standard\",\"adp_enabled:false\",\"autoscaling_group:prtest02-staging-dog-raboot-c-k8s-ng-asg-faab57746e6215c5\",\"base_score:9.1\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-c6a-2xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard\",\"team:compute-cloud-accounts\",\"public_exploit_available:true\",\"image:ami-0e7b60ad05b2da7ed\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless\",\"ng_local_storage:false\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"ng_cluster_autoscaler:true\",\"asset_id:ip-10-151-60-149.us-west-2.compute.internal-raboot-c\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system\",\"k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"instance_type:c6a.2xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/class:nodeless\",\"security-group:sg-0975ebcfe01315df0\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"epss_raw_score:0.42906\",\"nodegroup:kube-system_nodeless-amd64-d-c6a-2xlarge\",\"exposure_time_days:0\",\"score:7.0\",\"role:kube-node\",\"env:staging\",\"datacenter:prtest02.staging.dog\",\"package_version:v0.18.0\",\"base_severity:critical\",\"account:staging-prtest02-ember-c\",\"security-group:sg-08568810eba5fc2d8\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"aws:ec2:fleet-id:fleet-0c1e1c15-ce07-ce8f-0eb2-2982e1977208\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:372mi\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95\",\"scored:false\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64\",\"severity:high\",\"kube_node_role:compute\",\"k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-200m-v2\",\"nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64\",\"os_name:ubuntu\",\"alias:cve-2024-45337\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"region:us-west-2\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:53034256170\",\"nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller\",\"kube_cluster_name:raboot-c\",\"orch_cluster_id:76cfd63e-1d3b-4bf3-b0b0-93e1423ef6cc\",\"name:kube-system_nodeless-amd64-d-c6a-2xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false\",\"nodegroups.datadoghq.com/name:nodeless-amd64-d-c6a-2xlarge\",\"node.datadoghq.com/cgroup:v2\",\"node.datadoghq.com/version:v6-260-2\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"vuln_id:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31\",\"hash:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"cpu_arch:amd64\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"kube_node:ip-10-151-60-149.us-west-2.compute.internal\",\"kube_node_role:nodeless-amd64-d-c6a-2xlarge\",\"package_name:golang.org/x/crypto\",\"auto-discovery.cluster-autoscaler.k8s.io/raboot-c\",\"event_type:new\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"env:staging\"],\"timestamp\":1765838619159}},{\"id\":\"YTA2ODU1YjVjYWZlZWY5Y2MyMzczMTY4MDdhYjRlMWJ-ZWExMDk2NDQ2ZjM3Mjg2MzZkMzA3ZWQ5M2ZiNDdlZjM=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CGA-rqqc-qwmr-qw72\",\"CGA-vmcg-54pm-cp7r\",\"CVE-2024-27304\",\"GHSA-7jwh-3vrq-q3m8\",\"GO-2024-2606\"],\"cve\":\"CVE-2024-27304\",\"id\":\"GHSA-mrww-27vc-gghv\",\"modified_at\":1734042636000,\"published_at\":1709585004000,\"summary\":\"pgx SQL Injection via Protocol Message Size Overflow\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"727006795293\",\"cloud_provider\":\"aws\",\"display_name\":\"i-048e423259eb6256a\",\"region\":\"us-east-1\"},\"detection_changed_at\":1765838618317,\"finding_id\":\"YTA2ODU1YjVjYWZlZWY5Y2MyMzczMTY4MDdhYjRlMWJ-ZWExMDk2NDQ2ZjM3Mjg2MzZkMzA3ZWQ5M2ZiNDdlZjM=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765826319813,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0d63de838a36a5577\",\"name\":\"i-048e423259eb6256a\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"stripe\"},\"last_seen_at\":1765838618317,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/jackc/pgx/v4\"],\"name\":\"github.com/jackc/pgx/v4\",\"normalized_name\":\"github.com/jackc/pgx/v4\",\"version\":\"v4.18.1\"},\"related_services\":[\"exposed_to_attacks:false\"],\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/jackc/pgx/v4\",\"version\":\"4.18.2\"}]},\"recommended\":{\"name\":\"github.com/jackc/pgx/v4\",\"version\":\"4.18.2\"}},\"resource_id\":\"ea1096446f3728636d307ed93fb47ef3\",\"resource_name\":\"i-048e423259eb6256a\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false,\"is_publicly_accessible\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/roaris/CVE-2024-27304-PoC\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.01391,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false},\"is_publicly_accessible\":{\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":7.3,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L/MAV:A\"},\"base\":{\"score\":9.3,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U\"}},\"status\":\"auto_closed\",\"title\":\"pgx SQL Injection via Protocol Message Size Overflow\",\"vulnerability\":{\"cwes\":[\"CWE-89\",\"CWE-190\"],\"hash\":\"82a26ba1ef91184df0a023d923e2542542cfd589155f06f5b4a08dae468d4b2e\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838618317,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1b\",\"kube_node_role:nodeless\",\"ecosystem:go\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge\",\"event_type:close\",\"availability-zone:us-east-1b\",\"package_version:v4.18.1\",\"source:datadog\",\"kube_node_role:nodeless-amd64-d-m6a-4xlarge\",\"k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule\",\"site:datad0g.com\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:106068512341\",\"fix_available:available\",\"fix_version:v4.18.3\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:15900m\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s\",\"asset_type:host\",\"aws:ec2launchtemplate:id:lt-0ab29ef7bcf9901c8\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true\",\"assignee:none\",\"assignee_id:none\",\"in_production:false\",\"aws_account:727006795293\",\"is_kube_cluster_experimental:false\",\"node.datadoghq.com/flavor:standard\",\"adp_enabled:false\",\"instance_type:m6a.4xlarge\",\"nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge\",\"base_score:9.3\",\"auto-discovery.cluster-autoscaler.k8s.io/stripe\",\"alias:cga-vmcg-54pm-cp7r\",\"kubernetes.io/cluster/stripe:owned\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard\",\"nodegroup:kube-system_nodeless-amd64-d-m6a-4xlarge\",\"public_exploit_available:true\",\"region:us-east-1\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless\",\"ng_local_storage:false\",\"close_count:0\",\"ng_cluster_autoscaler:true\",\"service_exposed_to_attacks:false\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system\",\"k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"alias:cve-2024-27304\",\"k8s.io/cluster-autoscaler/node-template/label/class:nodeless\",\"asset_id:i-048e423259eb6256a\",\"cve:cve-2024-27304\",\"account:staging\",\"name:kube-system_nodeless-amd64-d-m6a-4xlarge\",\"image:ami-0d63de838a36a5577\",\"vuln_id:82a26ba1ef91184df0a023d923e2542542cfd589155f06f5b4a08dae468d4b2e\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-m6a-4xlarge\",\"node.datadoghq.com/version:v6-269-0\",\"kube_cluster_name:stripe\",\"exposure_time_days:0\",\"aws:ec2:fleet-id:fleet-c5172d35-9624-6c05-2c30-812acd886a16\",\"cluster_name:stripe\",\"score:7.3\",\"role:kube-node\",\"env:staging\",\"base_severity:critical\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"security-group:sg-faa8cdb1\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95\",\"hash:82a26ba1ef91184df0a023d923e2542542cfd589155f06f5b4a08dae468d4b2e\",\"scored:false\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64\",\"alias:go-2024-2606\",\"severity:high\",\"kube_node_role:compute\",\"nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64\",\"kube_node:ip-10-131-1-21.ec2.internal\",\"os_name:ubuntu\",\"alias:ghsa-7jwh-3vrq-q3m8\",\"nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:745mi\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false\",\"security-group:sg-0a3744a5f247135d1\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:59987440026\",\"node.datadoghq.com/cgroup:v2\",\"instance-type:m6a.4xlarge\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"dd_compute_k8s_platform_version:v6-269-0\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-300m-v1\",\"autoscaling_group:us1-staging-dog-stripe-k8s-ng-asg-8a5078b204fcfc2d\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"orch_cluster_id:4c9f3702-c3bd-4d69-871b-cfa039a397df\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-300m-v1\",\"last_detected_minutes:0\",\"epss_raw_score:0.01391\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"datacenter:us1.staging.dog\",\"previous_status:open\",\"iam_profile:k8s/us1-staging-dog-stripe-kube-node_v2\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:160\",\"alias:cga-rqqc-qwmr-qw72\",\"package_name:github.com/jackc/pgx/v4\",\"kubernetes_cluster:stripe\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"env:staging\"],\"timestamp\":1765838618317}},{\"id\":\"NjUxZDEyZGRmOTI0ZmI1NTg1YzJkOTI5NzQ1ZjQ0MzJ-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-10220\",\"GO-2024-3286\"],\"cve\":\"CVE-2024-10220\",\"id\":\"GHSA-27wf-5967-98gx\",\"modified_at\":1734126344000,\"published_at\":1732311135000,\"summary\":\" Kubernetes kubelet arbitrary command execution\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"i-0287cce0c5ced7759\"},\"detection_changed_at\":1765838618125,\"finding_id\":\"NjUxZDEyZGRmOTI0ZmI1NTg1YzJkOTI5NzQ1ZjQ0MzJ-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765837776218,\"host\":{\"name\":\"i-0287cce0c5ced7759\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"stripe\"},\"last_seen_at\":1765838618125,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"k8s.io/kubernetes\"],\"name\":\"k8s.io/kubernetes\",\"normalized_name\":\"k8s.io/kubernetes\",\"version\":\"v1.30.0\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"k8s.io/kubernetes\",\"version\":\"1.30.3\"}]},\"recommended\":{\"name\":\"k8s.io/kubernetes\",\"version\":\"1.30.3\"}},\"resource_id\":\"6c7a1c87e14ed31c51524564bccc6627\",\"resource_name\":\"i-0287cce0c5ced7759\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/filipzag/CVE-2024-10220\",\"https://github.com/any2sec/cve-2024-10220\",\"https://github.com/XiaomingX/cve-2024-10220-githooks\",\"https://github.com/mrk336/CVE-2024-10220-Kubernetes-gitRepo-Volume-Vulnerability\",\"https://github.com/candranapits/poc-CVE-2024-10220\",\"https://github.com/orgC/CVE-2024-10220-demo\",\"https://github.com/mochizuki875/CVE-2024-10220-githooks\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.22805,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":7.1,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":8.6,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N\"}},\"status\":\"auto_closed\",\"title\":\" Kubernetes kubelet arbitrary command execution\",\"vulnerability\":{\"cwes\":[\"CWE-22\"],\"hash\":\"ad302a93e517fd0a5e85db047457aa1de46605d3ccd9cee8a922ffc0986903fd\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838618125,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"fix_version:v1.32.8\",\"kube_cluster_name:stripe\",\"base_score:8.6\",\"exposure_time_days:0\",\"ecosystem:go\",\"score:7.1\",\"cluster_name:stripe\",\"cve:cve-2024-10220\",\"event_type:close\",\"nodegroups.datadoghq.com/name:flink-metering-jose-jobmanager\",\"env:staging\",\"source:datadog\",\"vuln_id:ad302a93e517fd0a5e85db047457aa1de46605d3ccd9cee8a922ffc0986903fd\",\"site:datad0g.com\",\"package_version:v1.30.0\",\"fix_available:available\",\"scored:false\",\"kube_node_role:compute\",\"severity:high\",\"asset_type:host\",\"os_name:ubuntu\",\"instance_type:m5.2xlarge\",\"assignee:none\",\"alias:go-2024-3286\",\"assignee_id:none\",\"in_production:false\",\"kube_node_role:flink-metering-jose-jobmanager\",\"epss_raw_score:0.22805\",\"alias:cve-2024-10220\",\"is_kube_cluster_experimental:false\",\"hash:ad302a93e517fd0a5e85db047457aa1de46605d3ccd9cee8a922ffc0986903fd\",\"adp_enabled:false\",\"node.datadoghq.com/cgroup:v2\",\"tool:infra\",\"kube_node:ip-10-131-0-241.ec2.internal\",\"public_exploit_available:true\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"asset_id:i-0287cce0c5ced7759\",\"orch_cluster_id:4c9f3702-c3bd-4d69-871b-cfa039a397df\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"ng_cluster_autoscaler:true\",\"last_detected_minutes:0\",\"base_severity:high\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"node.datadoghq.com/version:v6-271-0\",\"datacenter:us1.staging.dog\",\"previous_status:open\",\"nodegroups.datadoghq.com/namespace:metering\",\"package_name:k8s.io/kubernetes\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838618125}},{\"id\":\"NjI4MzY3YWUxYzhjZDU0OTNlZGY2NDc5Y2Q2ZTNmOWF-ZGFmYjNkMmQ4ZjYzODRhYzM4NmFhNGZhNmNmNmM0ZDk=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CGA-rqqc-qwmr-qw72\",\"CGA-vmcg-54pm-cp7r\",\"CVE-2024-27304\",\"GHSA-7jwh-3vrq-q3m8\",\"GO-2024-2606\"],\"cve\":\"CVE-2024-27304\",\"id\":\"GHSA-mrww-27vc-gghv\",\"modified_at\":1734042636000,\"published_at\":1709585004000,\"summary\":\"pgx SQL Injection via Protocol Message Size Overflow\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"727006795293\",\"cloud_provider\":\"aws\",\"display_name\":\"i-0f1ef8599b4b41431\",\"region\":\"us-east-1\"},\"detection_changed_at\":1765838618006,\"finding_id\":\"NjI4MzY3YWUxYzhjZDU0OTNlZGY2NDc5Y2Q2ZTNmOWF-ZGFmYjNkMmQ4ZjYzODRhYzM4NmFhNGZhNmNmNmM0ZDk=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765833769555,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0d63de838a36a5577\",\"name\":\"i-0f1ef8599b4b41431\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"oddish-b\"},\"last_seen_at\":1765838618006,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/jackc/pgx\"],\"name\":\"github.com/jackc/pgx\",\"normalized_name\":\"github.com/jackc/pgx\",\"version\":\"v3.3.0+incompatible\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/jackc/pgx\",\"version\":\"4.18.2\"}]},\"recommended\":{\"name\":\"github.com/jackc/pgx\",\"version\":\"4.18.2\"}},\"resource_id\":\"dafb3d2d8f6384ac386aa4fa6cf6c4d9\",\"resource_name\":\"i-0f1ef8599b4b41431\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/roaris/CVE-2024-27304-PoC\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.01391,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8.9,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":9.3,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U\"}},\"status\":\"auto_closed\",\"title\":\"pgx SQL Injection via Protocol Message Size Overflow\",\"vulnerability\":{\"cwes\":[\"CWE-89\",\"CWE-190\"],\"hash\":\"7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838618006,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1b\",\"hash:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae\",\"kube_node_role:nodeless\",\"ecosystem:go\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge\",\"event_type:close\",\"availability-zone:us-east-1b\",\"vuln_id:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae\",\"k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-200m-v2\",\"asset_id:i-0f1ef8599b4b41431\",\"source:datadog\",\"kube_node_role:nodeless-amd64-d-m6a-4xlarge\",\"k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule\",\"site:datad0g.com\",\"aws:ec2launchtemplate:id:lt-0aa5742eec024a5e8\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:106068512341\",\"fix_available:available\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:15900m\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s\",\"asset_type:host\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true\",\"assignee:none\",\"assignee_id:none\",\"in_production:false\",\"aws_account:727006795293\",\"is_kube_cluster_experimental:false\",\"node.datadoghq.com/flavor:standard\",\"adp_enabled:false\",\"package_version:v3.3.0_incompatible\",\"instance_type:m6a.4xlarge\",\"nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge\",\"base_score:9.3\",\"kube_cluster_name:oddish-b\",\"iam_profile:k8s/us1-staging-dog-oddish-b-kube-node_v2\",\"alias:cga-vmcg-54pm-cp7r\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard\",\"nodegroup:kube-system_nodeless-amd64-d-m6a-4xlarge\",\"public_exploit_available:true\",\"autoscaling_group:us1-staging-dog-oddish-b-k8s-ng-asg-376ded054ca1c4df\",\"kubernetes.io/cluster/oddish-b:owned\",\"region:us-east-1\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless\",\"ng_local_storage:false\",\"close_count:0\",\"ng_cluster_autoscaler:true\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system\",\"k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"alias:cve-2024-27304\",\"k8s.io/cluster-autoscaler/node-template/label/class:nodeless\",\"cve:cve-2024-27304\",\"account:staging\",\"name:kube-system_nodeless-amd64-d-m6a-4xlarge\",\"image:ami-0d63de838a36a5577\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-m6a-4xlarge\",\"node.datadoghq.com/version:v6-269-0\",\"exposure_time_days:0\",\"cluster_name:oddish-b\",\"security-group:sg-0b9e1c6b4773288df\",\"orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54\",\"role:kube-node\",\"package_name:github.com/jackc/pgx\",\"env:staging\",\"base_severity:critical\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"security-group:sg-faa8cdb1\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95\",\"scored:false\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64\",\"alias:go-2024-2606\",\"severity:high\",\"kube_node_role:compute\",\"k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-200m-v2\",\"nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64\",\"os_name:ubuntu\",\"alias:ghsa-7jwh-3vrq-q3m8\",\"aws:ec2:fleet-id:fleet-7bbf19a6-a3a4-ee94-0c38-a582da17231b\",\"nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:745mi\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:59987440026\",\"node.datadoghq.com/cgroup:v2\",\"instance-type:m6a.4xlarge\",\"score:8.9\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"dd_compute_k8s_platform_version:v6-269-0\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"last_detected_minutes:0\",\"epss_raw_score:0.01391\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"kube_node:ip-10-128-39-138.ec2.internal\",\"datacenter:us1.staging.dog\",\"previous_status:open\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:160\",\"alias:cga-rqqc-qwmr-qw72\",\"kubernetes_cluster:oddish-b\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"auto-discovery.cluster-autoscaler.k8s.io/oddish-b\",\"env:staging\"],\"timestamp\":1765838618006}},{\"id\":\"YzE5MmY0MWI2OTdkN2Y5NTZiNmNiODI1ZTdiNDhlZTh-YzZlMmY1ZGIwOTU0ODIzM2MwZDFmNTdjZmZjMTdjMzQ=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-45337\",\"GO-2024-3321\"],\"cve\":\"CVE-2024-45337\",\"id\":\"GHSA-v778-237x-gjrc\",\"modified_at\":1738337443000,\"published_at\":1733954584000,\"summary\":\"Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"i-068207de5f413c29f\"},\"detection_changed_at\":1765838617916,\"finding_id\":\"YzE5MmY0MWI2OTdkN2Y5NTZiNmNiODI1ZTdiNDhlZTh-YzZlMmY1ZGIwOTU0ODIzM2MwZDFmNTdjZmZjMTdjMzQ=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765837162559,\"host\":{\"name\":\"i-068207de5f413c29f\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"oddish-b\"},\"last_seen_at\":1765838617916,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"golang.org/x/crypto\"],\"name\":\"golang.org/x/crypto\",\"normalized_name\":\"golang.org/x/crypto\",\"version\":\"v0.18.0\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"golang.org/x/crypto\",\"version\":\"0.31.0\"}]},\"recommended\":{\"name\":\"golang.org/x/crypto\",\"version\":\"0.31.0\"}},\"resource_id\":\"c6e2f5db09548233c0d1f57cffc17c34\",\"resource_name\":\"i-068207de5f413c29f\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/NHAS/CVE-2024-45337-POC\",\"https://github.com/NHAS/VULNERABLE-CVE-2024-45337\",\"https://github.com/peace-maker/CVE-2024-45337\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.42906,\"epss_severity\":\"medium\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":7,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X\"},\"base\":{\"score\":9.1,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\"}},\"status\":\"auto_closed\",\"title\":\"Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto\",\"vulnerability\":{\"cwes\":[\"CWE-285\"],\"hash\":\"2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838617916,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"epss_raw_score:0.42906\",\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"cluster_name:oddish-b\",\"score:7.0\",\"ecosystem:go\",\"event_type:close\",\"orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54\",\"env:staging\",\"fix_version:v0.46.0\",\"package_version:v0.18.0\",\"base_severity:critical\",\"source:datadog\",\"site:datad0g.com\",\"fix_available:available\",\"scored:false\",\"kube_node_role:compute\",\"severity:high\",\"asset_type:host\",\"os_name:ubuntu\",\"asset_id:i-068207de5f413c29f\",\"alias:cve-2024-45337\",\"assignee:none\",\"alias:go-2024-3321\",\"assignee_id:none\",\"cve:cve-2024-45337\",\"in_production:false\",\"node.datadoghq.com/flavor:nodeless-fastephemeral\",\"kube_node:ip-10-128-37-184.ec2.internal\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"node.datadoghq.com/cgroup:v2\",\"nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"kube_cluster_name:oddish-b\",\"instance_type:m6gd.8xlarge\",\"base_score:9.1\",\"vuln_id:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31\",\"hash:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31\",\"kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"public_exploit_available:true\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"vulnerability_status:auto-closed\",\"ng_cluster_autoscaler:true\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"node.datadoghq.com/version:v6-271-0\",\"datacenter:us1.staging.dog\",\"package_name:golang.org/x/crypto\",\"previous_status:open\",\"cpu_arch:arm64\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838617916}},{\"id\":\"NjlhMzIwMDBjNmVlZDNmZGFjMTUwODFmNzc3ZjA0OTl-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CGA-rqqc-qwmr-qw72\",\"CGA-vmcg-54pm-cp7r\",\"CVE-2024-27304\",\"GHSA-7jwh-3vrq-q3m8\",\"GO-2024-2606\"],\"cve\":\"CVE-2024-27304\",\"id\":\"GHSA-mrww-27vc-gghv\",\"modified_at\":1734042636000,\"published_at\":1709585004000,\"summary\":\"pgx SQL Injection via Protocol Message Size Overflow\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"i-0287cce0c5ced7759\"},\"detection_changed_at\":1765838617865,\"finding_id\":\"NjlhMzIwMDBjNmVlZDNmZGFjMTUwODFmNzc3ZjA0OTl-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765837776218,\"host\":{\"name\":\"i-0287cce0c5ced7759\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"stripe\"},\"last_seen_at\":1765838617865,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/jackc/pgx\"],\"name\":\"github.com/jackc/pgx\",\"normalized_name\":\"github.com/jackc/pgx\",\"version\":\"v3.3.0+incompatible\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/jackc/pgx\",\"version\":\"4.18.2\"}]},\"recommended\":{\"name\":\"github.com/jackc/pgx\",\"version\":\"4.18.2\"}},\"resource_id\":\"6c7a1c87e14ed31c51524564bccc6627\",\"resource_name\":\"i-0287cce0c5ced7759\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/roaris/CVE-2024-27304-PoC\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.01391,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8.9,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":9.3,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U\"}},\"status\":\"auto_closed\",\"title\":\"pgx SQL Injection via Protocol Message Size Overflow\",\"vulnerability\":{\"cwes\":[\"CWE-89\",\"CWE-190\"],\"hash\":\"7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838617865,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kube_cluster_name:stripe\",\"hash:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae\",\"exposure_time_days:0\",\"ecosystem:go\",\"cluster_name:stripe\",\"event_type:close\",\"nodegroups.datadoghq.com/name:flink-metering-jose-jobmanager\",\"vuln_id:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae\",\"package_name:github.com/jackc/pgx\",\"env:staging\",\"base_severity:critical\",\"source:datadog\",\"site:datad0g.com\",\"fix_available:available\",\"scored:false\",\"alias:go-2024-2606\",\"kube_node_role:compute\",\"severity:high\",\"asset_type:host\",\"os_name:ubuntu\",\"instance_type:m5.2xlarge\",\"assignee:none\",\"alias:ghsa-7jwh-3vrq-q3m8\",\"assignee_id:none\",\"in_production:false\",\"kube_node_role:flink-metering-jose-jobmanager\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"node.datadoghq.com/cgroup:v2\",\"package_version:v3.3.0_incompatible\",\"score:8.9\",\"tool:infra\",\"base_score:9.3\",\"kube_node:ip-10-131-0-241.ec2.internal\",\"alias:cga-vmcg-54pm-cp7r\",\"public_exploit_available:true\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"ng_local_storage:false\",\"asset_id:i-0287cce0c5ced7759\",\"close_count:0\",\"orch_cluster_id:4c9f3702-c3bd-4d69-871b-cfa039a397df\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"ng_cluster_autoscaler:true\",\"last_detected_minutes:0\",\"epss_raw_score:0.01391\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"node.datadoghq.com/version:v6-271-0\",\"datacenter:us1.staging.dog\",\"alias:cve-2024-27304\",\"previous_status:open\",\"cve:cve-2024-27304\",\"alias:cga-rqqc-qwmr-qw72\",\"nodegroups.datadoghq.com/namespace:metering\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838617865}},{\"id\":\"NTE0YWUwMWUwYjdiMTJlNTdmMjkwZGU3NjYwYzc3ZGF-MjRmYmFmY2UzNGZjNzRlZGY1NjI5M2ExZGIwNjBkZjM=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CGA-rqqc-qwmr-qw72\",\"CGA-vmcg-54pm-cp7r\",\"CVE-2024-27304\",\"GHSA-mrww-27vc-gghv\",\"GO-2024-2606\"],\"cve\":\"CVE-2024-27304\",\"id\":\"GHSA-7jwh-3vrq-q3m8\",\"modified_at\":1729574941941,\"published_at\":1709585125000,\"summary\":\"pgproto3 SQL Injection via Protocol Message Size Overflow\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"i-045e3e76dfdf37aae\"},\"detection_changed_at\":1765838617835,\"finding_id\":\"NTE0YWUwMWUwYjdiMTJlNTdmMjkwZGU3NjYwYzc3ZGF-MjRmYmFmY2UzNGZjNzRlZGY1NjI5M2ExZGIwNjBkZjM=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765837126551,\"host\":{\"name\":\"i-045e3e76dfdf37aae\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"oddish-b\"},\"last_seen_at\":1765838617835,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/jackc/pgproto3/v2\"],\"name\":\"github.com/jackc/pgproto3/v2\",\"normalized_name\":\"github.com/jackc/pgproto3/v2\",\"version\":\"v2.3.2\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/jackc/pgproto3/v2\",\"version\":\"2.3.3\"}]},\"recommended\":{\"name\":\"github.com/jackc/pgproto3/v2\",\"version\":\"2.3.3\"}},\"resource_id\":\"24fbafce34fc74edf56293a1db060df3\",\"resource_name\":\"i-045e3e76dfdf37aae\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/roaris/CVE-2024-27304-PoC\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.01391,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8.9,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":9.3,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U\"}},\"status\":\"auto_closed\",\"title\":\"pgproto3 SQL Injection via Protocol Message Size Overflow\",\"vulnerability\":{\"cwes\":[\"CWE-89\",\"CWE-190\"],\"hash\":\"f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838617835,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"fix_version:v2.3.4-0.20250125160525-bc041643406d\",\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"cluster_name:oddish-b\",\"ecosystem:go\",\"event_type:close\",\"orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54\",\"env:staging\",\"base_severity:critical\",\"source:datadog\",\"site:datad0g.com\",\"fix_available:available\",\"scored:false\",\"alias:go-2024-2606\",\"kube_node_role:compute\",\"severity:high\",\"asset_type:host\",\"os_name:ubuntu\",\"assignee:none\",\"assignee_id:none\",\"in_production:false\",\"node.datadoghq.com/flavor:nodeless-fastephemeral\",\"hash:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"node.datadoghq.com/cgroup:v2\",\"nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"score:8.9\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"base_score:9.3\",\"kube_cluster_name:oddish-b\",\"instance_type:m6gd.8xlarge\",\"package_version:v2.3.2\",\"alias:ghsa-mrww-27vc-gghv\",\"alias:cga-vmcg-54pm-cp7r\",\"kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"public_exploit_available:true\",\"dd_rule_type:not-empty\",\"vuln_id:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"vulnerability_status:auto-closed\",\"ng_cluster_autoscaler:true\",\"last_detected_minutes:0\",\"epss_raw_score:0.01391\",\"asset_id:i-045e3e76dfdf37aae\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"node.datadoghq.com/version:v6-271-0\",\"kube_node:ip-10-128-37-96.ec2.internal\",\"datacenter:us1.staging.dog\",\"alias:cve-2024-27304\",\"previous_status:open\",\"package_name:github.com/jackc/pgproto3/v2\",\"cve:cve-2024-27304\",\"alias:cga-rqqc-qwmr-qw72\",\"cpu_arch:arm64\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838617835}},{\"id\":\"ZjQ1YzE1NWQ5ODQ4NDk4ZmRjZTgyNTA1MzllZDY4OGV-N2YyZDlhNmRkMTE4NWYzODAyYTllZGFjMTczOTAzMTI=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-41110\",\"GO-2024-3005\"],\"cve\":\"CVE-2024-41110\",\"id\":\"GHSA-v23v-6jw2-98fq\",\"modified_at\":1723230467000,\"published_at\":1722334737000,\"summary\":\"Authz zero length regression\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"account\":\"727006795293\",\"cloud_provider\":\"aws\",\"display_name\":\"i-0e04298f4842968e8\",\"region\":\"us-east-1\"},\"detection_changed_at\":1765838617779,\"finding_id\":\"ZjQ1YzE1NWQ5ODQ4NDk4ZmRjZTgyNTA1MzllZDY4OGV-N2YyZDlhNmRkMTE4NWYzODAyYTllZGFjMTczOTAzMTI=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765835798278,\"host\":{\"cloud_provider\":\"aws\",\"image\":\"ami-0a8a2ad2689e7c22d\",\"name\":\"i-0e04298f4842968e8\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"oddish-b\"},\"last_seen_at\":1765838617779,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/docker/docker\"],\"name\":\"github.com/docker/docker\",\"normalized_name\":\"github.com/docker/docker\",\"version\":\"v26.0.1+incompatible\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/docker/docker\",\"version\":\"26.1.5\"}]},\"recommended\":{\"name\":\"github.com/docker/docker\",\"version\":\"26.1.5\"}},\"resource_id\":\"7f2d9a6dd1185f3802a9edac17390312\",\"resource_name\":\"i-0e04298f4842968e8\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/PauloParoPP/CVE-2024-41110-SCAN\",\"https://github.com/vvpoglazov/cve-2024-41110-checker\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.03074,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8.8,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":9.4,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\"}},\"status\":\"auto_closed\",\"title\":\"Authz zero length regression\",\"vulnerability\":{\"cwes\":[\"CWE-187\"],\"hash\":\"a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838617779,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"kernel:none\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1b\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246\",\"kube_node_role:nodeless\",\"ecosystem:go\",\"event_type:close\",\"availability-zone:us-east-1b\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true\",\"aws:ec2:fleet-id:fleet-d13f3304-a906-e61e-2c12-a78868beb555\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:186mi\",\"autoscaling_group:us1-staging-dog-oddish-b-k8s-ng-asg-25eaecca332303a0\",\"source:datadog\",\"k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule\",\"site:datad0g.com\",\"fix_available:available\",\"epss_raw_score:0.03074\",\"package_name:github.com/docker/docker\",\"asset_type:host\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-localstorage-amd64-m6id-xlarge\",\"nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-localstorage-amd64\",\"dd_compute_k8s_platform_version:v6-271-0\",\"nodegroup:kube-system_nodeless-localstorage-amd64-m6id-xlarge\",\"assignee:none\",\"vuln_id:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f\",\"assignee_id:none\",\"in_production:false\",\"aws_account:727006795293\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"kube_cluster_name:oddish-b\",\"base_score:9.4\",\"iam_profile:k8s/us1-staging-dog-oddish-b-kube-node_v2\",\"public_exploit_available:true\",\"kubernetes.io/cluster/oddish-b:owned\",\"region:us-east-1\",\"fix_version:v299999999.0.0-20200612211812-aaf470eca7b5_incompatible\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless\",\"close_count:0\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:236991611392\",\"ng_cluster_autoscaler:true\",\"k8s.io/cluster-autoscaler/node-template/label/nodeless-localstorage.datadoghq.com/instance-type:m6id.xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system\",\"name:kube-system_nodeless-localstorage-amd64-m6id-xlarge\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-localstorage-amd64-m6id-xlarge\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:13567106253\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"nodegroups.datadoghq.com/name:nodeless-localstorage-amd64-m6id-xlarge\",\"k8s.io/cluster-autoscaler/node-template/label/class:nodeless\",\"account:staging\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s\",\"eenv:staging\",\"agent_release_candidate_cluster:false\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:nodeless-localstorage\",\"k8s.io/cluster-autoscaler/node-template/taint/flavor:nodeless-localstorage:noschedule\",\"package_version:v26.0.1_incompatible\",\"exposure_time_days:0\",\"cluster_name:oddish-b\",\"security-group:sg-0b9e1c6b4773288df\",\"orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54\",\"role:kube-node\",\"env:staging\",\"instance_type:m6id.xlarge\",\"image:ami-0a8a2ad2689e7c22d\",\"base_severity:critical\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"asset_id:i-0e04298f4842968e8\",\"security-group:sg-faa8cdb1\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95\",\"scored:false\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:3900m\",\"severity:high\",\"kube_node_role:compute\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:40\",\"os_name:ubuntu\",\"node.datadoghq.com/flavor:nodeless-localstorage\",\"ng_local_storage:true\",\"alias:go-2024-3005\",\"nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller\",\"instance-type:m6id.xlarge\",\"node.datadoghq.com/cgroup:v2\",\"score:8.8\",\"kube_node:ip-10-128-71-26.ec2.internal\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"aws:ec2launchtemplate:id:lt-0ae5c167d7a085e7b\",\"k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64_flavor-nodeless-localstorage\",\"dd_rule_type:not-empty\",\"os_version:22.04\",\"vulnerability_status:auto-closed\",\"cpu_arch:amd64\",\"last_detected_minutes:0\",\"kube_node_role:nodeless-localstorage-amd64-m6id-xlarge\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"hash:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f\",\"node.datadoghq.com/version:v6-271-0\",\"alias:cve-2024-41110\",\"datacenter:us1.staging.dog\",\"previous_status:open\",\"kubernetes_cluster:oddish-b\",\"type:component_with_known_vulnerability\",\"origin:agent\",\"auto-discovery.cluster-autoscaler.k8s.io/oddish-b\",\"cve:cve-2024-41110\",\"env:staging\"],\"timestamp\":1765838617779}},{\"id\":\"OWZkNjcxMTNmY2M3ZGJkMTNiNWIxMjcyZDdjZGJjYTJ-ZDM3YTBhMTAxZjFjZjc4OGNlYmE5ODNkNzQwMWI2M2E=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CGA-rqqc-qwmr-qw72\",\"CGA-vmcg-54pm-cp7r\",\"CVE-2024-27304\",\"GHSA-mrww-27vc-gghv\",\"GO-2024-2606\"],\"cve\":\"CVE-2024-27304\",\"id\":\"GHSA-7jwh-3vrq-q3m8\",\"modified_at\":1729574941941,\"published_at\":1709585125000,\"summary\":\"pgproto3 SQL Injection via Protocol Message Size Overflow\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"i-0ef9daf3d9bd9c136\"},\"detection_changed_at\":1765838617692,\"finding_id\":\"OWZkNjcxMTNmY2M3ZGJkMTNiNWIxMjcyZDdjZGJjYTJ-ZDM3YTBhMTAxZjFjZjc4OGNlYmE5ODNkNzQwMWI2M2E=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765836977473,\"host\":{\"name\":\"i-0ef9daf3d9bd9c136\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"oddish-b\"},\"last_seen_at\":1765838617692,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/jackc/pgproto3/v2\"],\"name\":\"github.com/jackc/pgproto3/v2\",\"normalized_name\":\"github.com/jackc/pgproto3/v2\",\"version\":\"v2.3.2\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/jackc/pgproto3/v2\",\"version\":\"2.3.3\"}]},\"recommended\":{\"name\":\"github.com/jackc/pgproto3/v2\",\"version\":\"2.3.3\"}},\"resource_id\":\"d37a0a101f1cf788ceba983d7401b63a\",\"resource_name\":\"i-0ef9daf3d9bd9c136\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/roaris/CVE-2024-27304-PoC\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.01391,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8.9,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":9.3,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U\"}},\"status\":\"auto_closed\",\"title\":\"pgproto3 SQL Injection via Protocol Message Size Overflow\",\"vulnerability\":{\"cwes\":[\"CWE-89\",\"CWE-190\"],\"hash\":\"f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838617692,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"fix_version:v2.3.4-0.20250125160525-bc041643406d\",\"exposure_time_days:0\",\"kube_node_role:nodeless\",\"cluster_name:oddish-b\",\"ecosystem:go\",\"event_type:close\",\"orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54\",\"env:staging\",\"base_severity:critical\",\"kube_node:ip-10-128-69-249.ec2.internal\",\"source:datadog\",\"site:datad0g.com\",\"fix_available:available\",\"scored:false\",\"alias:go-2024-2606\",\"kube_node_role:compute\",\"severity:high\",\"asset_type:host\",\"os_name:ubuntu\",\"assignee:none\",\"asset_id:i-0ef9daf3d9bd9c136\",\"assignee_id:none\",\"in_production:false\",\"node.datadoghq.com/flavor:nodeless-fastephemeral\",\"hash:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"node.datadoghq.com/cgroup:v2\",\"nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"score:8.9\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"base_score:9.3\",\"kube_cluster_name:oddish-b\",\"instance_type:m6gd.8xlarge\",\"package_version:v2.3.2\",\"alias:ghsa-mrww-27vc-gghv\",\"alias:cga-vmcg-54pm-cp7r\",\"kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"public_exploit_available:true\",\"dd_rule_type:not-empty\",\"vuln_id:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"vulnerability_status:auto-closed\",\"ng_cluster_autoscaler:true\",\"last_detected_minutes:0\",\"epss_raw_score:0.01391\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"node.datadoghq.com/version:v6-271-0\",\"datacenter:us1.staging.dog\",\"alias:cve-2024-27304\",\"previous_status:open\",\"package_name:github.com/jackc/pgproto3/v2\",\"cve:cve-2024-27304\",\"alias:cga-rqqc-qwmr-qw72\",\"cpu_arch:arm64\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"env:staging\"],\"timestamp\":1765838617692}},{\"id\":\"MjU5YjI1MWNiNzU4YzgxMmFkODFjZTIwMWUxNjc4ZWN-ZjA5ZTUwMDgzNWU3ZGVhYzBjOTJjYzU2NmU2NzMyNDQ=\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"advisory\":{\"aliases\":[\"CVE-2024-41110\",\"GO-2024-3005\"],\"cve\":\"CVE-2024-41110\",\"id\":\"GHSA-v23v-6jw2-98fq\",\"modified_at\":1723230467000,\"published_at\":1722334737000,\"summary\":\"Authz zero length regression\",\"type\":\"component_with_known_vulnerability\"},\"cloud_resource\":{\"display_name\":\"i-0e88c4cb2030f0900\"},\"detection_changed_at\":1765838617584,\"finding_id\":\"MjU5YjI1MWNiNzU4YzgxMmFkODFjZTIwMWUxNjc4ZWN-ZjA5ZTUwMDgzNWU3ZGVhYzBjOTJjYzU2NmU2NzMyNDQ=\",\"finding_type\":\"host_and_container_vulnerability\",\"first_seen_at\":1765836323780,\"host\":{\"name\":\"i-0e88c4cb2030f0900\",\"os\":{\"name\":\"ubuntu\",\"version\":\"22.04\"}},\"k8s\":{\"cluster_id\":\"oddish-b\"},\"last_seen_at\":1765838617584,\"metadata\":{\"schema_version\":\"2\"},\"origin\":[\"agent\"],\"package\":{\"additional_names\":[\"github.com/docker/docker\"],\"name\":\"github.com/docker/docker\",\"normalized_name\":\"github.com/docker/docker\",\"version\":\"v26.0.1+incompatible\"},\"remediation\":{\"is_available\":true,\"package\":{\"base\":[{\"name\":\"github.com/docker/docker\",\"version\":\"26.1.5\"}]},\"recommended\":{\"name\":\"github.com/docker/docker\",\"version\":\"26.1.5\"}},\"resource_id\":\"f09e500835e7deac0c92cc566e673244\",\"resource_name\":\"i-0e88c4cb2030f0900\",\"resource_type\":\"host\",\"risk\":{\"has_exploit_available\":true,\"has_high_exploitability_chance\":true,\"is_production\":false},\"risk_details\":{\"has_exploit_available\":{\"evidence\":{\"exploit_sources\":[\"GitHub\"],\"exploit_urls\":[\"https://github.com/PauloParoPP/CVE-2024-41110-SCAN\",\"https://github.com/vvpoglazov/cve-2024-41110-checker\"],\"type\":\"production_ready\"},\"impact_cvss\":\"neutral\",\"value\":true},\"has_high_exploitability_chance\":{\"evidence\":{\"epss_score\":0.03074,\"epss_severity\":\"low\"},\"impact_cvss\":\"neutral\",\"value\":true},\"is_production\":{\"impact_cvss\":\"safer\",\"value\":false}},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8.8,\"value\":\"high\",\"value_id\":3,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:L/IR:L/AR:L\"},\"base\":{\"score\":9.4,\"value\":\"critical\",\"value_id\":4,\"vector\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\"}},\"status\":\"auto_closed\",\"title\":\"Authz zero length regression\",\"vulnerability\":{\"cwes\":[\"CWE-187\"],\"hash\":\"a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f\",\"stack\":{\"ecosystem\":\"go\",\"language\":\"go\"}},\"workflow\":{\"auto_closed_at\":1765838617584,\"mute\":{\"is_muted\":false}}}},\"tags\":[\"exposure_time_days:0\",\"package_version:v26.0.1_incompatible\",\"kube_node_role:nodeless\",\"cluster_name:oddish-b\",\"ecosystem:go\",\"event_type:close\",\"orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54\",\"env:staging\",\"base_severity:critical\",\"source:datadog\",\"site:datad0g.com\",\"fix_available:available\",\"epss_raw_score:0.03074\",\"scored:false\",\"kube_node_role:compute\",\"severity:high\",\"package_name:github.com/docker/docker\",\"asset_type:host\",\"os_name:ubuntu\",\"assignee:none\",\"vuln_id:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f\",\"assignee_id:none\",\"in_production:false\",\"alias:go-2024-3005\",\"node.datadoghq.com/flavor:nodeless-fastephemeral\",\"is_kube_cluster_experimental:false\",\"adp_enabled:false\",\"node.datadoghq.com/cgroup:v2\",\"score:8.8\",\"nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"tool:infra\",\"asset_id:i-0e88c4cb2030f0900\",\"kube_cluster_name:oddish-b\",\"base_score:9.4\",\"instance_type:m6gd.8xlarge\",\"kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge\",\"public_exploit_available:true\",\"dd_rule_type:not-empty\",\"fix_version:v299999999.0.0-20200612211812-aaf470eca7b5_incompatible\",\"os_version:22.04\",\"ng_local_storage:false\",\"close_count:0\",\"vulnerability_status:auto-closed\",\"ng_cluster_autoscaler:true\",\"last_detected_minutes:0\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"hash:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f\",\"kube_node:ip-10-128-69-26.ec2.internal\",\"node.datadoghq.com/version:v6-271-0\",\"alias:cve-2024-41110\",\"datacenter:us1.staging.dog\",\"previous_status:open\",\"cpu_arch:arm64\",\"type:component_with_known_vulnerability\",\"eenv:staging\",\"origin:agent\",\"agent_release_candidate_cluster:false\",\"cve:cve-2024-41110\",\"env:staging\"],\"timestamp\":1765838617584}}],\"meta\":{\"elapsed\":1369,\"page\":{\"after\":\"eyJhZnRlciI6IkF3QUFBWnNrTHZ2d2NDUnlSQUFBQUJoQlduTnJUSFoyZDBGQlFsSkxaV05HYVMxcGNVbDNSV2tBQUFBa1pERTVZakkwTW1ZdE1ESXpOQzAwT0RaaUxUZ3hNbVl0T1RGaFlUZ3lOemcyTkRRMkFBQURjQSIsInZhbHVlcyI6WzE3NjU4Mzg2MTc1ODQsIjIwMjUtMTItMTVUMjI6NDM6MzcuNTg0WiIsMTg4MTQzNjc0MF19\"},\"request_id\":\"pddv1ChZNOVExUVJTblR5Q3JvSmtydGt3ck9BIi0KHZfc9G79MgJZpw5AiBM4qDleF_HVmgTTjgrQEVbBEgxR6Pf9JbnOhfIiPxQ\",\"status\":\"done\"},\"links\":{\"next\":\"/api/v2/security/findings?filter%5Bquery%5D=%40severity%3Acritical+OR+%40severity%3Ahigh\\u0026page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrTHZ2d2NDUnlSQUFBQUJoQlduTnJUSFoyZDBGQlFsSkxaV05HYVMxcGNVbDNSV2tBQUFBa1pERTVZakkwTW1ZdE1ESXpOQzAwT0RaaUxUZ3hNbVl0T1RGaFlUZ3lOemcyTkRRMkFBQURjQSIsInZhbHVlcyI6WzE3NjU4Mzg2MTc1ODQsIjIwMjUtMTItMTVUMjI6NDM6MzcuNTg0WiIsMTg4MTQzNjc0MF19\\u0026page%5Blimit%5D=10\\u0026sort=-%40detection_changed_at\"}}", + "headers": { + "Content-Type": [ + "application/vnd.api+json" + ] + }, + "statusCode": 200, + "reasonPhrase": "OK" + }, + "times": { + "remainingTimes": 1 + }, + "timeToLive": { + "unlimited": true + }, + "id": "1ec3068e-a915-e882-5cf5-890a31d08a6d" + } +] \ No newline at end of file diff --git a/src/test/resources/cassettes/features/v2/Search_security_findings_returns_OK_response_with_pagination.freeze b/src/test/resources/cassettes/features/v2/Search_security_findings_returns_OK_response_with_pagination.freeze new file mode 100644 index 00000000000..0c4f31d38c8 --- /dev/null +++ b/src/test/resources/cassettes/features/v2/Search_security_findings_returns_OK_response_with_pagination.freeze @@ -0,0 +1 @@ +2025-12-15T22:44:41.939Z \ No newline at end of file diff --git a/src/test/resources/cassettes/features/v2/Search_security_findings_returns_OK_response_with_pagination.json b/src/test/resources/cassettes/features/v2/Search_security_findings_returns_OK_response_with_pagination.json new file mode 100644 index 00000000000..3043fff996f --- /dev/null +++ b/src/test/resources/cassettes/features/v2/Search_security_findings_returns_OK_response_with_pagination.json @@ -0,0 +1,32 @@ +[ + { + "httpRequest": { + "body": { + "type": "JSON", + "json": "{\"data\":{\"attributes\":{\"filter\":\"@severity:(critical OR high)\",\"page\":{\"limit\":1}}}}" + }, + "headers": {}, + "method": "POST", + "path": "/api/v2/security/findings/search", + "keepAlive": false, + "secure": true + }, + "httpResponse": { + "body": "{\"data\":[{\"id\":\"ZGVmLTAway1leWV-aS0wOGE2ZmE2ODdjOWE2ZDJkYg==\",\"type\":\"finding\",\"attributes\":{\"attributes\":{\"custom\":{\"cloud_resource\":{\"account\":\"600865094333\",\"category\":\"compute\",\"cloud_provider\":\"aws\",\"configuration\":{\"account_id\":\"600865094333\",\"components\":{\"kubelet\":{\"config\":{\"content\":{\"address\":\"10.12.32.204\",\"allowedUnsafeSysctls\":[\"net.*\"],\"apiVersion\":\"kubelet.config.k8s.io/v1beta1\",\"authentication\":{\"anonymous\":{\"enabled\":false},\"webhook\":{\"cacheTTL\":\"60m\",\"enabled\":true},\"x509\":{\"clientCAFile\":{\"certificate\":{\"authorityKeyId\":\"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96\",\"commonName\":\"parent31-k8s\",\"dnsNames\":[\"parent31-k8s\"],\"fingerprint\":\"SHA256:DP/0ES6hkVPMrFizcIMEbQ75QGpwuWZZzShkn1KGQLA\",\"notAfter\":\"2030-09-28T18:40:34Z\",\"notBefore\":\"2025-09-29T18:40:04Z\",\"serialNumber\":\"680167176125483697456383252717454423151202771482\",\"subjectKeyId\":\"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96\"},\"dirGroup\":\"root\",\"dirMode\":2147484141,\"dirUser\":\"root\",\"group\":\"root\",\"mode\":420,\"path\":\"/etc/vaultd/certs/vault-ca.cert\",\"user\":\"root\"}}},\"authorization\":{\"mode\":\"Webhook\",\"webhook\":{\"cacheAuthorizedTTL\":\"60m\"}},\"cgroupDriver\":\"systemd\",\"cgroupsPerQOS\":true,\"clusterDomain\":\"parent31.cluster.local\",\"containerLogMaxFiles\":3,\"containerLogMaxSize\":\"20Mi\",\"cpuCFSQuota\":false,\"cpuManagerPolicy\":\"static\",\"enforceNodeAllocatable\":[\"pods\"],\"featureGates\":{\"AllowUnsafeMalformedObjectDeletion\":false,\"CBORServingAndStorage\":false,\"ClearingNominatedNodeNameAfterBinding\":false,\"ClusterTrustBundle\":false,\"ClusterTrustBundleProjection\":false,\"ComponentFlagz\":false,\"ComponentStatusz\":false,\"ContainerRestartRules\":false,\"ContainerStopSignals\":false,\"CoordinatedLeaderElection\":false,\"DRAConsumableCapacity\":true,\"DRADeviceBindingConditions\":true,\"DRADeviceTaints\":true,\"DRAExtendedResource\":true,\"DRAPartitionableDevices\":true,\"DRASchedulerFilterTimeout\":true,\"DeclarativeValidationTakeover\":false,\"DeploymentReplicaSetTerminatingReplicas\":false,\"DynamicResourceAllocation\":true,\"EnvFiles\":false,\"ExternalServiceAccountTokenSigner\":true,\"HPAConfigurableTolerance\":false,\"HostnameOverride\":false,\"ImageVolume\":true,\"InPlacePodVerticalScalingExclusiveCPUs\":false,\"InPlacePodVerticalScalingExclusiveMemory\":false,\"JobManagedBy\":false,\"KubeletCrashLoopBackOffMax\":false,\"KubeletEnsureSecretPulledImages\":false,\"KubeletFineGrainedAuthz\":false,\"MaxUnavailableStatefulSet\":true,\"MutableCSINodeAllocatableCount\":true,\"MutatingAdmissionPolicy\":true,\"NominatedNodeNameForExpectation\":false,\"PodCertificateRequest\":false,\"PodLogsQuerySplitStreams\":false,\"PodTopologyLabelsAdmission\":false,\"ReduceDefaultCrashLoopBackOffDecay\":false,\"RelaxedServiceNameValidation\":false,\"RemoteRequestHeaderUID\":false,\"ResourceHealthStatus\":false,\"SELinuxChangePolicy\":false,\"SchedulerAsyncPreemption\":false,\"ServiceAccountNodeAudienceRestriction\":false,\"StorageCapacityScoring\":false,\"StorageVersionMigrator\":false,\"StrictIPCIDRValidation\":false,\"WatchCacheInitializationPostStartHook\":false,\"WatchList\":true},\"imageMaximumGCAge\":\"22h\",\"kind\":\"KubeletConfiguration\",\"kubeReserved\":{\"cpu\":\"100m\",\"memory\":\"300Mi\"},\"kubeReservedCgroup\":\"kuberuntime\",\"maxPods\":45,\"providerID\":\"aws:///us-west-2c/i-08a6fa687c9a6d2db\",\"readOnlyPort\":0,\"registerWithTaints\":[{\"effect\":\"NoSchedule\",\"key\":\"ebs.csi.aws.com/agent-not-ready\",\"value\":\"true\"},{\"effect\":\"NoSchedule\",\"key\":\"node\",\"value\":\"nodeless\"}],\"registryBurst\":20,\"registryPullQPS\":8,\"streamingConnectionIdleTimeout\":\"4h\",\"systemReserved\":{\"cpu\":\"100m\",\"memory\":\"3507947110\"},\"systemReservedCgroup\":\"system\",\"tlsCertFile\":{\"certificate\":{\"authorityKeyId\":\"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96\",\"commonName\":\"system:node:ip-10-12-32-204.us-west-2.compute.internal\",\"fingerprint\":\"SHA256:FBQHjmcexGGgB42hmh2FLq1lRwyoz1HYRpJRd2pnsII\",\"ipAddresses\":[\"10.12.32.204\"],\"notAfter\":\"2025-12-22T16:50:32Z\",\"notBefore\":\"2025-12-15T22:38:56Z\",\"organization\":[\"system:nodes\"],\"serialNumber\":\"127630705538822312578970595637812130230650020432\",\"subjectKeyId\":\"67:A8:EE:1D:53:9F:B8:54:1B:3F:17:CF:7D:90:5A:BD:16:80:64:D7\"},\"dirGroup\":\"root\",\"dirMode\":2147484141,\"dirUser\":\"root\",\"group\":\"root\",\"mode\":420,\"path\":\"/var/lib/kubelet/pki/kubelet-cert.pem\",\"user\":\"root\"},\"tlsPrivateKeyFile\":{\"group\":\"root\",\"mode\":384,\"path\":\"/var/lib/kubelet/pki/kubelet-key.pem\",\"user\":\"root\"}},\"group\":\"root\",\"mode\":384,\"path\":\"/etc/kubernetes/kubelet-configuration.yaml\",\"user\":\"root\"},\"event-burst\":100,\"event-qps\":50,\"hostname-override\":\"ip-10-12-32-204.us-west-2.compute.internal\",\"image-credential-provider-bin-dir\":{\"group\":\"root\",\"mode\":2147484141,\"path\":\"/usr/local/bin\",\"user\":\"root\"},\"image-credential-provider-config\":{\"content\":{\"apiVersion\":\"kubelet.config.k8s.io/v1\",\"kind\":\"CredentialProviderConfig\",\"providers\":[{\"apiVersion\":\"credentialprovider.kubelet.k8s.io/v1\",\"defaultCacheDuration\":\"12h\",\"matchImages\":[\"*.dkr.ecr.*.amazonaws.com\",\"*.dkr.ecr-fips.*.amazonaws.com\"],\"name\":\"ecr-credential-provider\"}]},\"group\":\"root\",\"mode\":292,\"path\":\"/etc/kubernetes/kubelet-credential-provider-config.yaml\",\"user\":\"root\"},\"kubeconfig\":{\"group\":\"root\",\"kubeconfig\":{\"clusters\":{\"kubernetes\":{\"certificateAuthority\":{\"certificate\":{\"authorityKeyId\":\"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96\",\"commonName\":\"parent31-k8s\",\"dnsNames\":[\"parent31-k8s\"],\"fingerprint\":\"SHA256:DP/0ES6hkVPMrFizcIMEbQ75QGpwuWZZzShkn1KGQLA\",\"notAfter\":\"2030-09-28T18:40:34Z\",\"notBefore\":\"2025-09-29T18:40:04Z\",\"serialNumber\":\"680167176125483697456383252717454423151202771482\",\"subjectKeyId\":\"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96\"},\"dirGroup\":\"root\",\"dirMode\":2147484141,\"dirUser\":\"root\",\"group\":\"root\",\"mode\":420,\"path\":\"/etc/vaultd/certs/vault-ca.cert\",\"user\":\"root\"},\"server\":\"https://k8s-parent31.prtest03.staging.dog\"}},\"contexts\":{\"kubelet\":{\"cluster\":\"kubernetes\",\"user\":\"kubelet\"}},\"currentContext\":\"\",\"users\":{\"kubelet\":{\"clientCertificate\":{\"certificate\":{\"authorityKeyId\":\"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96\",\"commonName\":\"system:node:ip-10-12-32-204.us-west-2.compute.internal\",\"fingerprint\":\"SHA256:FBQHjmcexGGgB42hmh2FLq1lRwyoz1HYRpJRd2pnsII\",\"ipAddresses\":[\"10.12.32.204\"],\"notAfter\":\"2025-12-22T16:50:32Z\",\"notBefore\":\"2025-12-15T22:38:56Z\",\"organization\":[\"system:nodes\"],\"serialNumber\":\"127630705538822312578970595637812130230650020432\",\"subjectKeyId\":\"67:A8:EE:1D:53:9F:B8:54:1B:3F:17:CF:7D:90:5A:BD:16:80:64:D7\"},\"dirGroup\":\"root\",\"dirMode\":2147484141,\"dirUser\":\"root\",\"group\":\"root\",\"mode\":420,\"path\":\"/var/lib/kubelet/pki/kubelet-cert.pem\",\"user\":\"root\"},\"clientKey\":{\"group\":\"root\",\"mode\":384,\"path\":\"/var/lib/kubelet/pki/kubelet-key.pem\",\"user\":\"root\"},\"usePassword\":false,\"useToken\":false}}},\"mode\":420,\"path\":\"/var/lib/kubelet/kubeconfig.yaml\",\"user\":\"root\"},\"make-iptables-util-chains\":true,\"pod-max-pids\":-1,\"skippedFlags\":{\"--cloud-provider\":\"external\",\"--cluster-dns\":\"172.17.0.2\",\"--config-dir\":\"/etc/kubernetes/config.d\",\"--container-runtime-endpoint\":\"unix:///run/containerd/containerd.sock\",\"--healthz-bind-address\":\"10.12.32.204\",\"--node-ip\":\"10.12.32.204\",\"--node-labels\":\"node.datadoghq.com/cgroup=v2\"}}},\"framework_requirement\":[\"fedramp-low/Identification-and-Authentication\",\"fedramp-moderate/Identification-and-Authentication\",\"pci-dss/Protect-Stored-Account-Data\",\"cis-kubernetes/Kubelet\",\"fedramp-high/Identification-and-Authentication\",\"nist-800-53/Identification and Authentication\",\"pci-dss/Apply-Secure-Configurations-to-All-System-Components\"],\"framework_requirement_control\":[\"cis-kubernetes/Kubelet/4.2.10\",\"nist-800-53/Identification and Authentication/IA-7\",\"fedramp-high/Identification-and-Authentication/IA-7\",\"pci-dss/Apply-Secure-Configurations-to-All-System-Components/2.2.7\",\"fedramp-low/Identification-and-Authentication/IA-7\",\"fedramp-moderate/Identification-and-Authentication/IA-7\",\"pci-dss/Protect-Stored-Account-Data/3.6.1.2\",\"pci-dss/Protect-Stored-Account-Data/3.6.1.1\"],\"is_default_crawl\":false,\"kube_node_name\":\"kube-system_nodeless-amd64-d-m6a-2xlarge\",\"kubeletService\":{\"content\":[\"Unit\"],\"group\":\"root\",\"mode\":420,\"path\":\"/etc/systemd/system/kubelet.service\",\"user\":\"root\"},\"version\":\"202403\"},\"region\":\"us-west-2\"},\"compliance\":{\"evaluation\":\"pass\",\"framework_requirement_controls\":[\"cis-kubernetes/Kubelet/4.2.10\",\"nist-800-53/Identification and Authentication/IA-7\",\"fedramp-high/Identification-and-Authentication/IA-7\",\"pci-dss/Apply-Secure-Configurations-to-All-System-Components/2.2.7\",\"fedramp-low/Identification-and-Authentication/IA-7\",\"fedramp-moderate/Identification-and-Authentication/IA-7\",\"pci-dss/Protect-Stored-Account-Data/3.6.1.2\",\"pci-dss/Protect-Stored-Account-Data/3.6.1.1\"],\"framework_requirements\":[\"fedramp-low/Identification-and-Authentication\",\"fedramp-moderate/Identification-and-Authentication\",\"pci-dss/Protect-Stored-Account-Data\",\"cis-kubernetes/Kubelet\",\"fedramp-high/Identification-and-Authentication\",\"nist-800-53/Identification and Authentication\",\"pci-dss/Apply-Secure-Configurations-to-All-System-Components\"],\"frameworks\":[{\"control\":\"4.2.10\",\"framework\":\"cis-kubernetes\",\"is_default\":true,\"requirement\":\"Kubelet\",\"version\":\"1.9.0\"},{\"control\":\"IA-7\",\"framework\":\"fedramp-high\",\"is_default\":true,\"requirement\":\"Identification-and-Authentication\",\"version\":\"5\"},{\"control\":\"IA-7\",\"framework\":\"fedramp-low\",\"is_default\":true,\"requirement\":\"Identification-and-Authentication\",\"version\":\"5\"},{\"control\":\"IA-7\",\"framework\":\"fedramp-moderate\",\"is_default\":true,\"requirement\":\"Identification-and-Authentication\",\"version\":\"5\"},{\"control\":\"IA-7\",\"framework\":\"nist-800-53\",\"is_default\":true,\"requirement\":\"Identification and Authentication\",\"version\":\"rev5\"},{\"control\":\"2.2.7\",\"framework\":\"pci-dss\",\"is_default\":true,\"requirement\":\"Apply-Secure-Configurations-to-All-System-Components\",\"version\":\"4.0.1\"},{\"control\":\"3.6.1.1\",\"framework\":\"pci-dss\",\"is_default\":true,\"requirement\":\"Protect-Stored-Account-Data\",\"version\":\"4.0.1\"},{\"control\":\"3.6.1.2\",\"framework\":\"pci-dss\",\"is_default\":true,\"requirement\":\"Protect-Stored-Account-Data\",\"version\":\"4.0.1\"}]},\"description\":\"%%%\\n## Description\\n\\nKubelet client certificate rotation should be enabled. The `--rotate-certificates` setting tells the kubelet to rotate its client certificates by creating new CSRs when its existing credentials expire. This automated periodic rotation ensures that there is no downtime due to expired certificates and thus addresses availability in the CIA security triad.\\n\\n**Note**: This recommendation only applies if you let kubelets get their certificates from the API server. In cases where your kubelet certificates come from an outside authority or tool (for example, Vault), then you need to manually do the rotation. \\n\\n## Remediation\\n\\n1. If using a kubelet config file, edit the file to add the line `rotateCertificates: true`.\\n2. If using command line arguments, edit the kubelet service file `/etc/systemd/system/kubelet.service.d/10-kubeadm.conf` on each worker node and add the argument below from the `KUBELET_CERTIFICATE_ARGS` variable.\\n ```\\n --rotate-certificates=true\\n ```\\n3. Restart the kubelet service.\\n\\n%%%\",\"detection_changed_at\":1765838670804,\"finding_id\":\"ZGVmLTAway1leWV-aS0wOGE2ZmE2ODdjOWE2ZDJkYg==\",\"finding_type\":\"misconfiguration\",\"first_seen_at\":1765838670804,\"k8s\":{\"cluster_id\":\"parent31\"},\"last_seen_at\":1765838670804,\"metadata\":{\"schema_version\":\"2\"},\"resource_id\":\"i-08a6fa687c9a6d2db\",\"resource_name\":\"kube-system_nodeless-amd64-d-m6a-2xlarge\",\"resource_type\":\"kubernetes_worker_node\",\"rule\":{\"default_rule_id\":\"def-00k-eye\",\"id\":\"def-00k-eye\",\"name\":\"The kubelet client certificate rotation should be enabled\",\"type\":\"cloud configuration\",\"version\":7},\"severity\":\"high\",\"severity_details\":{\"adjusted\":{\"score\":8,\"value\":\"high\",\"value_id\":3}},\"status\":\"open\",\"title\":\"The kubelet client certificate rotation should be enabled\",\"workflow\":{\"mute\":{\"is_muted\":false}}}},\"tags\":[\"scored:true\",\"kernel:none\",\"kube_node_role:nodeless\",\"dd_compute_k8s_platform_version:v6-260-2\",\"k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-200m-v2\",\"kube_cluster_name:parent31\",\"k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule\",\"nodegroup:kube-system_nodeless-amd64-d-m6a-2xlarge\",\"name:kube-system_nodeless-amd64-d-m6a-2xlarge\",\"framework:fedramp-low\",\"requirement:identification_and_authentication\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s\",\"control:2.2.7\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true\",\"iam_profile:k8s/prtest03-staging-dog-parent31-kube-node_v2\",\"site:datadoghq.com\",\"framework_version:pci-dss_v4.0.1\",\"framework:cis-kubernetes\",\"nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-2xlarge\",\"framework:nist-800-53\",\"aws:ec2:fleet-id:fleet-30af8106-a33c-c1bc-8e30-8c2aef2d524c\",\"requirement:protect-stored-account-data\",\"framework_version:nist-800-53_vrev5\",\"framework:fedramp-moderate\",\"availability-zone:us-west-2c\",\"is_kube_cluster_experimental:false\",\"requirement:identification-and-authentication\",\"node.datadoghq.com/flavor:standard\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-m6a-2xlarge\",\"adp_enabled:false\",\"kube_node_role:nodeless-amd64-d-m6a-2xlarge\",\"kubernetes.io/cluster/parent31:owned\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard\",\"team:compute-cloud-accounts\",\"image:ami-0e7b60ad05b2da7ed\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless\",\"ng_local_storage:false\",\"k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m\",\"k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c\",\"security-group:sg-041983b0e52f0b956\",\"auto-discovery.cluster-autoscaler.k8s.io/parent31\",\"ng_cluster_autoscaler:true\",\"account:staging-prtest03-hazel-parent\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system\",\"kubernetes_cluster:parent31\",\"account_id:600865094333\",\"aws:ec2launchtemplate:id:lt-0e13322d92afb436c\",\"k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64\",\"cloud_provider:aws\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true\",\"aws:ec2launchtemplate:version:1\",\"framework_version:fedramp-moderate_v5\",\"k8s.io/cluster-autoscaler/node-template/label/class:nodeless\",\"k8s.io/cluster-autoscaler/node-template/resources/memory:28983228826\",\"framework_version:cis-kubernetes_v1.9.0\",\"agent_release_candidate_cluster:false\",\"host:i-08a6fa687c9a6d2db\",\"role:kube-node\",\"env:staging\",\"k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute\",\"instance-type:m6a.2xlarge\",\"control:ia-7\",\"k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:372mi\",\"framework_version:fedramp-low_v5\",\"k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95\",\"scope:kubernetes\",\"security:compliance\",\"k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64\",\"kube_node_role:compute\",\"k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-200m-v2\",\"nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64\",\"control:3.6.1.1\",\"control:3.6.1.2\",\"datacenter:prtest03.staging.dog\",\"k8s.io/cluster-autoscaler/node-template/resources/pods:45\",\"framework:pci-dss\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-2xlarge\",\"region:us-west-2\",\"k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:53034256170\",\"nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller\",\"kube_node:ip-10-12-32-204.us-west-2.compute.internal\",\"k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false\",\"framework_version:fedramp-high_v5\",\"node.datadoghq.com/cgroup:v2\",\"node.datadoghq.com/version:v6-260-2\",\"nodegroups.datadoghq.com/namespace:kube-system\",\"k8s.io/cluster-autoscaler/enabled:yes\",\"security-group:sg-040bae0963d96a1c5\",\"cluster_name:parent31\",\"aws_account:600865094333\",\"autoscaling_group:prtest03-staging-dog-parent31-k8s-ng-asg-4defb27385fb49b0\",\"cpu_arch:amd64\",\"requirement:kubelet\",\"node.datadoghq.com/base-image:ubuntu_22_04\",\"requirement:apply-secure-configurations-to-all-system-components\",\"instance_type:m6a.2xlarge\",\"orch_cluster_id:69945bda-00ed-44d6-8ddd-5ee7cecf1c1d\",\"source:kubernetes\",\"framework:fedramp-high\",\"control:4.2.10\",\"source:compliance-agent\"],\"timestamp\":1765838670804}}],\"meta\":{\"elapsed\":916,\"page\":{\"after\":\"eyJhZnRlciI6IkF3QUFBWnNrTDh2VTlLUDFyQUFBQUJoQlduTnJURGgyVlVGQlF6QnVTVVJUUTBwbk5HbE9jSE1BQUFBa1pqRTVZakkwTW1ZdFpEUXhOeTAwWW1GbExUZ3haRFl0WkRZME5EazFNelE0TkRabEFBQUg0ZyIsInZhbHVlcyI6WzE3NjU4Mzg2NzA4MDQsIjIwMjUtMTItMTVUMjI6NDQ6MzAuODA0WiIsLTE5MDU4MTMzMl19\"},\"request_id\":\"pddv1ChZXeHI2X1VLUFMyQ25KRjFhNTgwWlZ3Ii0KHSOVjxpVE2yfxdGytC3aiBt_PLDLzISoQQFbf2XXEgys6s_dxBVNuv6xlig\",\"status\":\"done\"},\"links\":{\"next\":\"/api/v2/security/findings?filter%5Bquery%5D=%40severity%3Acritical+OR+%40severity%3Ahigh\\u0026page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrTDh2VTlLUDFyQUFBQUJoQlduTnJURGgyVlVGQlF6QnVTVVJUUTBwbk5HbE9jSE1BQUFBa1pqRTVZakkwTW1ZdFpEUXhOeTAwWW1GbExUZ3haRFl0WkRZME5EazFNelE0TkRabEFBQUg0ZyIsInZhbHVlcyI6WzE3NjU4Mzg2NzA4MDQsIjIwMjUtMTItMTVUMjI6NDQ6MzAuODA0WiIsLTE5MDU4MTMzMl19\\u0026page%5Blimit%5D=1\\u0026sort=-%40detection_changed_at\"}}", + "headers": { + "Content-Type": [ + "application/vnd.api+json" + ] + }, + "statusCode": 200, + "reasonPhrase": "OK" + }, + "times": { + "remainingTimes": 1 + }, + "timeToLive": { + "unlimited": true + }, + "id": "c171c8a5-60a6-017c-c548-1974daa56bd2" + } +] \ No newline at end of file diff --git a/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature b/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature index b3955e02b34..7434addb83f 100644 --- a/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature +++ b/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature @@ -1321,6 +1321,32 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: List security findings returns "Bad Request" response + Given operation "ListSecurityFindings" enabled + And new "ListSecurityFindings" request + And request contains "page[cursor]" parameter with value "invalid_cursor" + When the request is sent + Then the response status is 400 Bad Request + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: List security findings returns "OK" response + Given operation "ListSecurityFindings" enabled + And new "ListSecurityFindings" request + When the request is sent + Then the response status is 200 OK + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: List security findings returns "OK" response with pagination + Given operation "ListSecurityFindings" enabled + And new "ListSecurityFindings" request + And request contains "page[limit]" parameter with value 5 + When the request is sent + Then the response status is 200 OK + And the response "data" has length 5 + And the response "meta.page" has field "after" + And the response "links" has field "next" + @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: List threat hunting jobs returns "Bad Request" response Given operation "ListThreatHuntingJobs" enabled @@ -1574,6 +1600,33 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: Search security findings returns "Bad Request" response + Given operation "SearchSecurityFindings" enabled + And new "SearchSecurityFindings" request + And body with value {"page": {"cursor": "invalid_cursor"}} + When the request is sent + Then the response status is 400 Bad Request + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: Search security findings returns "OK" response + Given operation "SearchSecurityFindings" enabled + And new "SearchSecurityFindings" request + And body with value {"data": {"attributes": {"filter": "@severity:(critical OR high)"}}} + When the request is sent + Then the response status is 200 OK + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform @with-pagination + Scenario: Search security findings returns "OK" response with pagination + Given operation "SearchSecurityFindings" enabled + And new "SearchSecurityFindings" request + And body with value {"data": {"attributes": {"filter": "@severity:(critical OR high)", "page": {"limit": 1}}}} + When the request is sent + Then the response status is 200 OK + And the response "data" has length 1 + And the response "meta.page" has field "after" + And the response "links" has field "next" + @skip @team:DataDog/k9-cloud-security-platform Scenario: Test a rule returns "Bad Request" response Given new "TestSecurityMonitoringRule" request diff --git a/src/test/resources/com/datadog/api/client/v2/api/undo.json b/src/test/resources/com/datadog/api/client/v2/api/undo.json index e0f0b98d0c9..6aaa0f3d976 100644 --- a/src/test/resources/com/datadog/api/client/v2/api/undo.json +++ b/src/test/resources/com/datadog/api/client/v2/api/undo.json @@ -3732,6 +3732,12 @@ "type": "safe" } }, + "ListSecurityFindings": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "DetachCase": { "tag": "Security Monitoring", "undo": { @@ -3776,6 +3782,12 @@ "type": "unsafe" } }, + "SearchSecurityFindings": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "ListAssetsSBOMs": { "tag": "Security Monitoring", "undo": {