diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 196165112d..26ded8599f 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -30705,6 +30705,19 @@ components: example: /api/v2/scorecard/rules?page%5Blimit%5D=2&page%5Boffset%5D=2&page%5Bsize%5D=2 type: string type: object + ListSecurityFindingsResponse: + description: The expected response schema when listing security findings. + properties: + data: + description: Array of security findings matching the search query. + items: + $ref: '#/components/schemas/SecurityFindingsData' + type: array + links: + $ref: '#/components/schemas/SecurityFindingsLinks' + meta: + $ref: '#/components/schemas/SecurityFindingsMeta' + type: object ListTagsResponse: description: List tags response. properties: @@ -47272,6 +47285,148 @@ components: meta: $ref: '#/components/schemas/SecurityFilterMeta' type: object + SecurityFindingsAttributes: + description: The JSON object containing all attributes of the security finding. + properties: + attributes: + additionalProperties: {} + description: The custom attributes of the security finding. + example: + severity: high + status: open + type: object + tags: + description: List of tags associated with the security finding. + example: + - team:platform + - env:prod + items: + type: string + type: array + timestamp: + description: The Unix timestamp at which the detection changed for the resource. + Same value as @detection_changed_at. + example: 1765901760 + format: int64 + type: integer + type: object + SecurityFindingsData: + description: A single security finding. + properties: + attributes: + $ref: '#/components/schemas/SecurityFindingsAttributes' + id: + description: The unique ID of the security finding. + example: ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw== + type: string + type: + $ref: '#/components/schemas/SecurityFindingsDataType' + type: object + SecurityFindingsDataType: + default: finding + description: The type of the security finding resource. + enum: + - finding + example: finding + type: string + x-enum-varnames: + - FINDING + SecurityFindingsLinks: + description: Links for pagination. + properties: + next: + description: Link for the next page of results. Note that paginated requests + can also be made using the POST endpoint. + example: https://app.datadoghq.com/api/v2/security/findings?page[cursor]=eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ==&page[limit]=25 + type: string + type: object + SecurityFindingsMeta: + description: Metadata about the response. + properties: + elapsed: + description: The time elapsed in milliseconds. + example: 548 + format: int64 + type: integer + page: + $ref: '#/components/schemas/SecurityFindingsPage' + request_id: + description: The identifier of the request. + example: pddv1ChZwVlMxMUdYRFRMQ1lyb3B4MGNYbFlnIi0KHQu35LDbucx + type: string + status: + $ref: '#/components/schemas/SecurityFindingsStatus' + type: object + SecurityFindingsPage: + description: Pagination information. + properties: + after: + description: The cursor used to get the next page of results. + example: eyJhZnRlciI6IkFRQUFBWWJiaEJXQS1OY1dqUUFBQUFCQldXSmlhRUpYUVVGQlJFSktkbTlDTUdaWFRVbDNRVUUiLCJ2YWx1ZXMiOlsiY3JpdGljYWwiXX0= + type: string + type: object + SecurityFindingsSearchRequest: + description: The request body for searching security findings. + properties: + data: + $ref: '#/components/schemas/SecurityFindingsSearchRequestData' + type: object + SecurityFindingsSearchRequestData: + description: Request data for searching security findings. + properties: + attributes: + $ref: '#/components/schemas/SecurityFindingsSearchRequestDataAttributes' + type: object + SecurityFindingsSearchRequestDataAttributes: + description: Request attributes for searching security findings. + properties: + filter: + default: '*' + description: The search query following log search syntax. + example: '@severity:(critical OR high) @status:open team:platform' + type: string + page: + $ref: '#/components/schemas/SecurityFindingsSearchRequestPage' + sort: + $ref: '#/components/schemas/SecurityFindingsSort' + type: object + SecurityFindingsSearchRequestPage: + description: Pagination attributes for the search request. + properties: + cursor: + description: Get the next page of results with a cursor provided in the + previous query. + example: eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ== + type: string + limit: + default: 10 + description: The maximum number of security findings in the response. + example: 25 + format: int64 + maximum: 150 + minimum: 1 + type: integer + type: object + SecurityFindingsSort: + default: -@detection_changed_at + description: The sort parameters when querying security findings. + enum: + - '@detection_changed_at' + - -@detection_changed_at + type: string + x-enum-varnames: + - DETECTION_CHANGED_AT_ASC + - DETECTION_CHANGED_AT_DESC + SecurityFindingsStatus: + description: The status of the response. + enum: + - done + - timeout + example: done + type: string + x-enum-varnames: + - DONE + - TIMEOUT SecurityMonitoringFilter: description: The rule's suppression filter. properties: @@ -58490,6 +58645,8 @@ components: apm_service_catalog_read: View service catalog and service definitions. apm_service_catalog_write: Add, modify, and delete service catalog definitions when those definitions are maintained by Datadog. + appsec_vm_read: View infrastructure, application code, and library vulnerability + findings. billing_read: View your organization's billing information. cases_read: View Cases. cases_write: Create and update cases. @@ -80641,6 +80798,98 @@ paths: operator: OR permissions: - security_monitoring_cws_agent_rules_read + /api/v2/security/findings: + get: + description: 'Get a list of security findings that match a search query. + + + This endpoint requires one of the following permissions: + + - `security_monitoring_findings_read` + + - `appsec_vm_read` + + + ### Query Syntax + + + This endpoint uses the logs query syntax. Findings attributes (living in the + custom. namespace) are prefixed by @ when queried. Tags are queried without + a prefix. + + + Example: `@severity:(critical OR high) @status:open team:platform`' + operationId: ListSecurityFindings + parameters: + - description: The search query following log search syntax. + example: '@severity:(critical OR high) @status:open team:platform' + in: query + name: filter[query] + required: false + schema: + default: '*' + type: string + - description: Get the next page of results with a cursor provided in the previous + query. + example: eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ== + in: query + name: page[cursor] + required: false + schema: + type: string + - description: The maximum number of findings in the response. + example: 25 + in: query + name: page[limit] + required: false + schema: + default: 10 + format: int64 + maximum: 150 + minimum: 1 + type: integer + - description: Sorts by @detection_changed_at. + in: query + name: sort + required: false + schema: + $ref: '#/components/schemas/SecurityFindingsSort' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListSecurityFindingsResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/ForbiddenResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_findings_read + - AuthZ: + - appsec_vm_read + summary: List security findings + tags: + - Security Monitoring + x-pagination: + cursorParam: page[cursor] + cursorPath: meta.page.after + limitParam: page[limit] + resultsPath: data + x-permission: + operator: OR + permissions: + - security_monitoring_findings_read + - appsec_vm_read + x-unstable: '**Note**: This endpoint is in beta and subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/security/findings/cases: delete: description: 'Detach security findings from their case. @@ -80860,6 +81109,70 @@ paths: x-unstable: '**Note**: This endpoint is in beta and is subject to change. Please check the documentation regularly for updates.' + /api/v2/security/findings/search: + post: + description: 'Get a list of security findings that match a search query. + + + This endpoint requires one of the following permissions: + + - `security_monitoring_findings_read` + + - `appsec_vm_read` + + + ### Query Syntax + + + The API uses the logs query syntax. Findings attributes (living in the custom. + namespace) are prefixed by @ when queried. Tags are queried without a prefix. + + + Example: `@severity:(critical OR high) @status:open team:platform`' + operationId: SearchSecurityFindings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityFindingsSearchRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListSecurityFindingsResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/ForbiddenResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_findings_read + - AuthZ: + - appsec_vm_read + summary: Search security findings + tags: + - Security Monitoring + x-codegen-request-body-name: body + x-pagination: + cursorParam: body.data.attributes.page.cursor + cursorPath: meta.page.after + limitParam: body.data.attributes.page.limit + resultsPath: data + x-permission: + operator: OR + permissions: + - security_monitoring_findings_read + - appsec_vm_read + x-unstable: '**Note**: This endpoint is in beta and subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/security/sboms: get: description: 'Get a list of assets SBOMs for an organization. diff --git a/docs/datadog_api_client.v2.model.rst b/docs/datadog_api_client.v2.model.rst index 6220d558aa..3c604f53a8 100644 --- a/docs/datadog_api_client.v2.model.rst +++ b/docs/datadog_api_client.v2.model.rst @@ -13157,6 +13157,13 @@ datadog\_api\_client.v2.model.list\_rules\_response\_links module :members: :show-inheritance: +datadog\_api\_client.v2.model.list\_security\_findings\_response module +----------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.list_security_findings_response + :members: + :show-inheritance: + datadog\_api\_client.v2.model.list\_tags\_response module --------------------------------------------------------- @@ -21004,6 +21011,90 @@ datadog\_api\_client.v2.model.security\_filters\_response module :members: :show-inheritance: +datadog\_api\_client.v2.model.security\_findings\_attributes module +------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_findings_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_findings\_data module +------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_findings_data + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_findings\_data\_type module +------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_findings_data_type + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_findings\_links module +-------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_findings_links + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_findings\_meta module +------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_findings_meta + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_findings\_page module +------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_findings_page + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_findings\_search\_request module +------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.security_findings_search_request + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_findings\_search\_request\_data module +------------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.security_findings_search_request_data + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_findings\_search\_request\_data\_attributes module +------------------------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.security_findings_search_request_data_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_findings\_search\_request\_page module +------------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.security_findings_search_request_page + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_findings\_sort module +------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_findings_sort + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_findings\_status module +--------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_findings_status + :members: + :show-inheritance: + datadog\_api\_client.v2.model.security\_monitoring\_filter module ----------------------------------------------------------------- diff --git a/examples/v2/security-monitoring/ListSecurityFindings.py b/examples/v2/security-monitoring/ListSecurityFindings.py new file mode 100644 index 0000000000..2a365a4886 --- /dev/null +++ b/examples/v2/security-monitoring/ListSecurityFindings.py @@ -0,0 +1,14 @@ +""" +List security findings returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi + +configuration = Configuration() +configuration.unstable_operations["list_security_findings"] = True +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.list_security_findings() + + print(response) diff --git a/examples/v2/security-monitoring/ListSecurityFindings_2925663885.py b/examples/v2/security-monitoring/ListSecurityFindings_2925663885.py new file mode 100644 index 0000000000..386538c7fc --- /dev/null +++ b/examples/v2/security-monitoring/ListSecurityFindings_2925663885.py @@ -0,0 +1,16 @@ +""" +List security findings returns "OK" response with pagination +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi + +configuration = Configuration() +configuration.unstable_operations["list_security_findings"] = True +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.list_security_findings( + page_limit=5, + ) + + print(response) diff --git a/examples/v2/security-monitoring/SearchSecurityFindings.py b/examples/v2/security-monitoring/SearchSecurityFindings.py new file mode 100644 index 0000000000..209cc2e87f --- /dev/null +++ b/examples/v2/security-monitoring/SearchSecurityFindings.py @@ -0,0 +1,27 @@ +""" +Search security findings returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi +from datadog_api_client.v2.model.security_findings_search_request import SecurityFindingsSearchRequest +from datadog_api_client.v2.model.security_findings_search_request_data import SecurityFindingsSearchRequestData +from datadog_api_client.v2.model.security_findings_search_request_data_attributes import ( + SecurityFindingsSearchRequestDataAttributes, +) + +body = SecurityFindingsSearchRequest( + data=SecurityFindingsSearchRequestData( + attributes=SecurityFindingsSearchRequestDataAttributes( + filter="@severity:(critical OR high)", + ), + ), +) + +configuration = Configuration() +configuration.unstable_operations["search_security_findings"] = True +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.search_security_findings(body=body) + + print(response) diff --git a/examples/v2/security-monitoring/SearchSecurityFindings_3678541639.py b/examples/v2/security-monitoring/SearchSecurityFindings_3678541639.py new file mode 100644 index 0000000000..4392dfaacc --- /dev/null +++ b/examples/v2/security-monitoring/SearchSecurityFindings_3678541639.py @@ -0,0 +1,31 @@ +""" +Search security findings returns "OK" response with pagination +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi +from datadog_api_client.v2.model.security_findings_search_request import SecurityFindingsSearchRequest +from datadog_api_client.v2.model.security_findings_search_request_data import SecurityFindingsSearchRequestData +from datadog_api_client.v2.model.security_findings_search_request_data_attributes import ( + SecurityFindingsSearchRequestDataAttributes, +) +from datadog_api_client.v2.model.security_findings_search_request_page import SecurityFindingsSearchRequestPage + +body = SecurityFindingsSearchRequest( + data=SecurityFindingsSearchRequestData( + attributes=SecurityFindingsSearchRequestDataAttributes( + filter="@severity:(critical OR high)", + page=SecurityFindingsSearchRequestPage( + limit=1, + ), + ), + ), +) + +configuration = Configuration() +configuration.unstable_operations["search_security_findings"] = True +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.search_security_findings(body=body) + + print(response) diff --git a/src/datadog_api_client/configuration.py b/src/datadog_api_client/configuration.py index e119326653..d777481ff9 100644 --- a/src/datadog_api_client/configuration.py +++ b/src/datadog_api_client/configuration.py @@ -282,12 +282,14 @@ def __init__( "v2.list_findings": False, "v2.list_multiple_rulesets": False, "v2.list_scanned_assets_metadata": False, + "v2.list_security_findings": False, "v2.list_security_monitoring_histsignals": False, "v2.list_threat_hunting_jobs": False, "v2.list_vulnerabilities": False, "v2.list_vulnerable_assets": False, "v2.mute_findings": False, "v2.run_threat_hunting_job": False, + "v2.search_security_findings": False, "v2.search_security_monitoring_histsignals": False, "v2.create_dataset": False, "v2.delete_dataset": False, diff --git a/src/datadog_api_client/v2/api/security_monitoring_api.py b/src/datadog_api_client/v2/api/security_monitoring_api.py index 10259f0459..cb1b20f19f 100644 --- a/src/datadog_api_client/v2/api/security_monitoring_api.py +++ b/src/datadog_api_client/v2/api/security_monitoring_api.py @@ -36,6 +36,9 @@ from datadog_api_client.v2.model.bulk_mute_findings_response import BulkMuteFindingsResponse from datadog_api_client.v2.model.bulk_mute_findings_request import BulkMuteFindingsRequest from datadog_api_client.v2.model.get_finding_response import GetFindingResponse +from datadog_api_client.v2.model.list_security_findings_response import ListSecurityFindingsResponse +from datadog_api_client.v2.model.security_findings_sort import SecurityFindingsSort +from datadog_api_client.v2.model.security_findings_data import SecurityFindingsData from datadog_api_client.v2.model.detach_case_request import DetachCaseRequest from datadog_api_client.v2.model.finding_case_response_array import FindingCaseResponseArray from datadog_api_client.v2.model.create_case_request_array import CreateCaseRequestArray @@ -43,6 +46,7 @@ from datadog_api_client.v2.model.attach_case_request import AttachCaseRequest from datadog_api_client.v2.model.attach_jira_issue_request import AttachJiraIssueRequest from datadog_api_client.v2.model.create_jira_issue_request_array import CreateJiraIssueRequestArray +from datadog_api_client.v2.model.security_findings_search_request import SecurityFindingsSearchRequest from datadog_api_client.v2.model.list_assets_sbo_ms_response import ListAssetsSBOMsResponse from datadog_api_client.v2.model.asset_type import AssetType from datadog_api_client.v2.model.sbom_component_license_type import SBOMComponentLicenseType @@ -1461,6 +1465,47 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._list_security_findings_endpoint = _Endpoint( + settings={ + "response_type": (ListSecurityFindingsResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/security/findings", + "operation_id": "list_security_findings", + "http_method": "GET", + "version": "v2", + }, + params_map={ + "filter_query": { + "openapi_types": (str,), + "attribute": "filter[query]", + "location": "query", + }, + "page_cursor": { + "openapi_types": (str,), + "attribute": "page[cursor]", + "location": "query", + }, + "page_limit": { + "validation": { + "inclusive_maximum": 150, + "inclusive_minimum": 1, + }, + "openapi_types": (int,), + "attribute": "page[limit]", + "location": "query", + }, + "sort": { + "openapi_types": (SecurityFindingsSort,), + "attribute": "sort", + "location": "query", + }, + }, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + self._list_security_monitoring_histsignals_endpoint = _Endpoint( settings={ "response_type": (SecurityMonitoringSignalsListResponse,), @@ -2091,6 +2136,26 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._search_security_findings_endpoint = _Endpoint( + settings={ + "response_type": (ListSecurityFindingsResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/security/findings/search", + "operation_id": "search_security_findings", + "http_method": "POST", + "version": "v2", + }, + params_map={ + "body": { + "required": True, + "openapi_types": (SecurityFindingsSearchRequest,), + "location": "body", + }, + }, + headers_map={"accept": ["application/json"], "content_type": ["application/json"]}, + api_client=api_client, + ) + self._search_security_monitoring_histsignals_endpoint = _Endpoint( settings={ "response_type": (SecurityMonitoringSignalsListResponse,), @@ -3739,6 +3804,104 @@ def list_security_filters( kwargs: Dict[str, Any] = {} return self._list_security_filters_endpoint.call_with_http_info(**kwargs) + def list_security_findings( + self, + *, + filter_query: Union[str, UnsetType] = unset, + page_cursor: Union[str, UnsetType] = unset, + page_limit: Union[int, UnsetType] = unset, + sort: Union[SecurityFindingsSort, UnsetType] = unset, + ) -> ListSecurityFindingsResponse: + """List security findings. + + Get a list of security findings that match a search query. + + This endpoint requires one of the following permissions: + + * ``security_monitoring_findings_read`` + * ``appsec_vm_read`` + + **Query Syntax** + + This endpoint uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix. + + Example: ``@severity:(critical OR high) @status:open team:platform`` + + :param filter_query: The search query following log search syntax. + :type filter_query: str, optional + :param page_cursor: Get the next page of results with a cursor provided in the previous query. + :type page_cursor: str, optional + :param page_limit: The maximum number of findings in the response. + :type page_limit: int, optional + :param sort: Sorts by @detection_changed_at. + :type sort: SecurityFindingsSort, optional + :rtype: ListSecurityFindingsResponse + """ + kwargs: Dict[str, Any] = {} + if filter_query is not unset: + kwargs["filter_query"] = filter_query + + if page_cursor is not unset: + kwargs["page_cursor"] = page_cursor + + if page_limit is not unset: + kwargs["page_limit"] = page_limit + + if sort is not unset: + kwargs["sort"] = sort + + return self._list_security_findings_endpoint.call_with_http_info(**kwargs) + + def list_security_findings_with_pagination( + self, + *, + filter_query: Union[str, UnsetType] = unset, + page_cursor: Union[str, UnsetType] = unset, + page_limit: Union[int, UnsetType] = unset, + sort: Union[SecurityFindingsSort, UnsetType] = unset, + ) -> collections.abc.Iterable[SecurityFindingsData]: + """List security findings. + + Provide a paginated version of :meth:`list_security_findings`, returning all items. + + :param filter_query: The search query following log search syntax. + :type filter_query: str, optional + :param page_cursor: Get the next page of results with a cursor provided in the previous query. + :type page_cursor: str, optional + :param page_limit: The maximum number of findings in the response. + :type page_limit: int, optional + :param sort: Sorts by @detection_changed_at. + :type sort: SecurityFindingsSort, optional + + :return: A generator of paginated results. + :rtype: collections.abc.Iterable[SecurityFindingsData] + """ + kwargs: Dict[str, Any] = {} + if filter_query is not unset: + kwargs["filter_query"] = filter_query + + if page_cursor is not unset: + kwargs["page_cursor"] = page_cursor + + if page_limit is not unset: + kwargs["page_limit"] = page_limit + + if sort is not unset: + kwargs["sort"] = sort + + local_page_size = get_attribute_from_path(kwargs, "page_limit", 10) + endpoint = self._list_security_findings_endpoint + set_attribute_from_path(kwargs, "page_limit", local_page_size, endpoint.params_map) + pagination = { + "limit_value": local_page_size, + "results_path": "data", + "cursor_param": "page_cursor", + "cursor_path": "meta.page.after", + "endpoint": endpoint, + "kwargs": kwargs, + } + return endpoint.call_with_http_info_paginated(pagination) + def list_security_monitoring_histsignals( self, *, @@ -4553,6 +4716,62 @@ def run_threat_hunting_job( return self._run_threat_hunting_job_endpoint.call_with_http_info(**kwargs) + def search_security_findings( + self, + body: SecurityFindingsSearchRequest, + ) -> ListSecurityFindingsResponse: + """Search security findings. + + Get a list of security findings that match a search query. + + This endpoint requires one of the following permissions: + + * ``security_monitoring_findings_read`` + * ``appsec_vm_read`` + + **Query Syntax** + + The API uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix. + + Example: ``@severity:(critical OR high) @status:open team:platform`` + + :type body: SecurityFindingsSearchRequest + :rtype: ListSecurityFindingsResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["body"] = body + + return self._search_security_findings_endpoint.call_with_http_info(**kwargs) + + def search_security_findings_with_pagination( + self, + body: SecurityFindingsSearchRequest, + ) -> collections.abc.Iterable[SecurityFindingsData]: + """Search security findings. + + Provide a paginated version of :meth:`search_security_findings`, returning all items. + + :type body: SecurityFindingsSearchRequest + + :return: A generator of paginated results. + :rtype: collections.abc.Iterable[SecurityFindingsData] + """ + kwargs: Dict[str, Any] = {} + kwargs["body"] = body + + local_page_size = get_attribute_from_path(kwargs, "body.data.attributes.page.limit", 10) + endpoint = self._search_security_findings_endpoint + set_attribute_from_path(kwargs, "body.data.attributes.page.limit", local_page_size, endpoint.params_map) + pagination = { + "limit_value": local_page_size, + "results_path": "data", + "cursor_param": "body.data.attributes.page.cursor", + "cursor_path": "meta.page.after", + "endpoint": endpoint, + "kwargs": kwargs, + } + return endpoint.call_with_http_info_paginated(pagination) + def search_security_monitoring_histsignals( self, *, diff --git a/src/datadog_api_client/v2/model/list_security_findings_response.py b/src/datadog_api_client/v2/model/list_security_findings_response.py new file mode 100644 index 0000000000..963dc720c6 --- /dev/null +++ b/src/datadog_api_client/v2/model/list_security_findings_response.py @@ -0,0 +1,66 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_findings_data import SecurityFindingsData + from datadog_api_client.v2.model.security_findings_links import SecurityFindingsLinks + from datadog_api_client.v2.model.security_findings_meta import SecurityFindingsMeta + + +class ListSecurityFindingsResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_findings_data import SecurityFindingsData + from datadog_api_client.v2.model.security_findings_links import SecurityFindingsLinks + from datadog_api_client.v2.model.security_findings_meta import SecurityFindingsMeta + + return { + "data": ([SecurityFindingsData],), + "links": (SecurityFindingsLinks,), + "meta": (SecurityFindingsMeta,), + } + + attribute_map = { + "data": "data", + "links": "links", + "meta": "meta", + } + + def __init__( + self_, + data: Union[List[SecurityFindingsData], UnsetType] = unset, + links: Union[SecurityFindingsLinks, UnsetType] = unset, + meta: Union[SecurityFindingsMeta, UnsetType] = unset, + **kwargs, + ): + """ + The expected response schema when listing security findings. + + :param data: Array of security findings matching the search query. + :type data: [SecurityFindingsData], optional + + :param links: Links for pagination. + :type links: SecurityFindingsLinks, optional + + :param meta: Metadata about the response. + :type meta: SecurityFindingsMeta, optional + """ + if data is not unset: + kwargs["data"] = data + if links is not unset: + kwargs["links"] = links + if meta is not unset: + kwargs["meta"] = meta + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_findings_attributes.py b/src/datadog_api_client/v2/model/security_findings_attributes.py new file mode 100644 index 0000000000..b74876c207 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_findings_attributes.py @@ -0,0 +1,75 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Any, Dict, List, Union + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + date, + datetime, + none_type, + unset, + UnsetType, + UUID, +) + + +class SecurityFindingsAttributes(ModelNormal): + @cached_property + def openapi_types(_): + return { + "attributes": ( + { + str: ( + bool, + date, + datetime, + dict, + float, + int, + list, + str, + UUID, + none_type, + ) + }, + ), + "tags": ([str],), + "timestamp": (int,), + } + + attribute_map = { + "attributes": "attributes", + "tags": "tags", + "timestamp": "timestamp", + } + + def __init__( + self_, + attributes: Union[Dict[str, Any], UnsetType] = unset, + tags: Union[List[str], UnsetType] = unset, + timestamp: Union[int, UnsetType] = unset, + **kwargs, + ): + """ + The JSON object containing all attributes of the security finding. + + :param attributes: The custom attributes of the security finding. + :type attributes: {str: (bool, date, datetime, dict, float, int, list, str, UUID, none_type,)}, optional + + :param tags: List of tags associated with the security finding. + :type tags: [str], optional + + :param timestamp: The Unix timestamp at which the detection changed for the resource. Same value as @detection_changed_at. + :type timestamp: int, optional + """ + if attributes is not unset: + kwargs["attributes"] = attributes + if tags is not unset: + kwargs["tags"] = tags + if timestamp is not unset: + kwargs["timestamp"] = timestamp + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_findings_data.py b/src/datadog_api_client/v2/model/security_findings_data.py new file mode 100644 index 0000000000..2c297fdf0f --- /dev/null +++ b/src/datadog_api_client/v2/model/security_findings_data.py @@ -0,0 +1,64 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_findings_attributes import SecurityFindingsAttributes + from datadog_api_client.v2.model.security_findings_data_type import SecurityFindingsDataType + + +class SecurityFindingsData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_findings_attributes import SecurityFindingsAttributes + from datadog_api_client.v2.model.security_findings_data_type import SecurityFindingsDataType + + return { + "attributes": (SecurityFindingsAttributes,), + "id": (str,), + "type": (SecurityFindingsDataType,), + } + + attribute_map = { + "attributes": "attributes", + "id": "id", + "type": "type", + } + + def __init__( + self_, + attributes: Union[SecurityFindingsAttributes, UnsetType] = unset, + id: Union[str, UnsetType] = unset, + type: Union[SecurityFindingsDataType, UnsetType] = unset, + **kwargs, + ): + """ + A single security finding. + + :param attributes: The JSON object containing all attributes of the security finding. + :type attributes: SecurityFindingsAttributes, optional + + :param id: The unique ID of the security finding. + :type id: str, optional + + :param type: The type of the security finding resource. + :type type: SecurityFindingsDataType, optional + """ + if attributes is not unset: + kwargs["attributes"] = attributes + if id is not unset: + kwargs["id"] = id + if type is not unset: + kwargs["type"] = type + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_findings_data_type.py b/src/datadog_api_client/v2/model/security_findings_data_type.py new file mode 100644 index 0000000000..b1780a7c84 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_findings_data_type.py @@ -0,0 +1,35 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class SecurityFindingsDataType(ModelSimple): + """ + The type of the security finding resource. + + :param value: If omitted defaults to "finding". Must be one of ["finding"]. + :type value: str + """ + + allowed_values = { + "finding", + } + FINDING: ClassVar["SecurityFindingsDataType"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +SecurityFindingsDataType.FINDING = SecurityFindingsDataType("finding") diff --git a/src/datadog_api_client/v2/model/security_findings_links.py b/src/datadog_api_client/v2/model/security_findings_links.py new file mode 100644 index 0000000000..940b6183e0 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_findings_links.py @@ -0,0 +1,36 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +class SecurityFindingsLinks(ModelNormal): + @cached_property + def openapi_types(_): + return { + "next": (str,), + } + + attribute_map = { + "next": "next", + } + + def __init__(self_, next: Union[str, UnsetType] = unset, **kwargs): + """ + Links for pagination. + + :param next: Link for the next page of results. Note that paginated requests can also be made using the POST endpoint. + :type next: str, optional + """ + if next is not unset: + kwargs["next"] = next + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_findings_meta.py b/src/datadog_api_client/v2/model/security_findings_meta.py new file mode 100644 index 0000000000..b9b4b7c6ee --- /dev/null +++ b/src/datadog_api_client/v2/model/security_findings_meta.py @@ -0,0 +1,72 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_findings_page import SecurityFindingsPage + from datadog_api_client.v2.model.security_findings_status import SecurityFindingsStatus + + +class SecurityFindingsMeta(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_findings_page import SecurityFindingsPage + from datadog_api_client.v2.model.security_findings_status import SecurityFindingsStatus + + return { + "elapsed": (int,), + "page": (SecurityFindingsPage,), + "request_id": (str,), + "status": (SecurityFindingsStatus,), + } + + attribute_map = { + "elapsed": "elapsed", + "page": "page", + "request_id": "request_id", + "status": "status", + } + + def __init__( + self_, + elapsed: Union[int, UnsetType] = unset, + page: Union[SecurityFindingsPage, UnsetType] = unset, + request_id: Union[str, UnsetType] = unset, + status: Union[SecurityFindingsStatus, UnsetType] = unset, + **kwargs, + ): + """ + Metadata about the response. + + :param elapsed: The time elapsed in milliseconds. + :type elapsed: int, optional + + :param page: Pagination information. + :type page: SecurityFindingsPage, optional + + :param request_id: The identifier of the request. + :type request_id: str, optional + + :param status: The status of the response. + :type status: SecurityFindingsStatus, optional + """ + if elapsed is not unset: + kwargs["elapsed"] = elapsed + if page is not unset: + kwargs["page"] = page + if request_id is not unset: + kwargs["request_id"] = request_id + if status is not unset: + kwargs["status"] = status + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_findings_page.py b/src/datadog_api_client/v2/model/security_findings_page.py new file mode 100644 index 0000000000..522297d19d --- /dev/null +++ b/src/datadog_api_client/v2/model/security_findings_page.py @@ -0,0 +1,36 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +class SecurityFindingsPage(ModelNormal): + @cached_property + def openapi_types(_): + return { + "after": (str,), + } + + attribute_map = { + "after": "after", + } + + def __init__(self_, after: Union[str, UnsetType] = unset, **kwargs): + """ + Pagination information. + + :param after: The cursor used to get the next page of results. + :type after: str, optional + """ + if after is not unset: + kwargs["after"] = after + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_findings_search_request.py b/src/datadog_api_client/v2/model/security_findings_search_request.py new file mode 100644 index 0000000000..36246d7972 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_findings_search_request.py @@ -0,0 +1,42 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_findings_search_request_data import SecurityFindingsSearchRequestData + + +class SecurityFindingsSearchRequest(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_findings_search_request_data import SecurityFindingsSearchRequestData + + return { + "data": (SecurityFindingsSearchRequestData,), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: Union[SecurityFindingsSearchRequestData, UnsetType] = unset, **kwargs): + """ + The request body for searching security findings. + + :param data: Request data for searching security findings. + :type data: SecurityFindingsSearchRequestData, optional + """ + if data is not unset: + kwargs["data"] = data + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_findings_search_request_data.py b/src/datadog_api_client/v2/model/security_findings_search_request_data.py new file mode 100644 index 0000000000..5bb6d2ab6e --- /dev/null +++ b/src/datadog_api_client/v2/model/security_findings_search_request_data.py @@ -0,0 +1,46 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_findings_search_request_data_attributes import ( + SecurityFindingsSearchRequestDataAttributes, + ) + + +class SecurityFindingsSearchRequestData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_findings_search_request_data_attributes import ( + SecurityFindingsSearchRequestDataAttributes, + ) + + return { + "attributes": (SecurityFindingsSearchRequestDataAttributes,), + } + + attribute_map = { + "attributes": "attributes", + } + + def __init__(self_, attributes: Union[SecurityFindingsSearchRequestDataAttributes, UnsetType] = unset, **kwargs): + """ + Request data for searching security findings. + + :param attributes: Request attributes for searching security findings. + :type attributes: SecurityFindingsSearchRequestDataAttributes, optional + """ + if attributes is not unset: + kwargs["attributes"] = attributes + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_findings_search_request_data_attributes.py b/src/datadog_api_client/v2/model/security_findings_search_request_data_attributes.py new file mode 100644 index 0000000000..b75ac7ad8e --- /dev/null +++ b/src/datadog_api_client/v2/model/security_findings_search_request_data_attributes.py @@ -0,0 +1,64 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_findings_search_request_page import SecurityFindingsSearchRequestPage + from datadog_api_client.v2.model.security_findings_sort import SecurityFindingsSort + + +class SecurityFindingsSearchRequestDataAttributes(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_findings_search_request_page import SecurityFindingsSearchRequestPage + from datadog_api_client.v2.model.security_findings_sort import SecurityFindingsSort + + return { + "filter": (str,), + "page": (SecurityFindingsSearchRequestPage,), + "sort": (SecurityFindingsSort,), + } + + attribute_map = { + "filter": "filter", + "page": "page", + "sort": "sort", + } + + def __init__( + self_, + filter: Union[str, UnsetType] = unset, + page: Union[SecurityFindingsSearchRequestPage, UnsetType] = unset, + sort: Union[SecurityFindingsSort, UnsetType] = unset, + **kwargs, + ): + """ + Request attributes for searching security findings. + + :param filter: The search query following log search syntax. + :type filter: str, optional + + :param page: Pagination attributes for the search request. + :type page: SecurityFindingsSearchRequestPage, optional + + :param sort: The sort parameters when querying security findings. + :type sort: SecurityFindingsSort, optional + """ + if filter is not unset: + kwargs["filter"] = filter + if page is not unset: + kwargs["page"] = page + if sort is not unset: + kwargs["sort"] = sort + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_findings_search_request_page.py b/src/datadog_api_client/v2/model/security_findings_search_request_page.py new file mode 100644 index 0000000000..a7248798f0 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_findings_search_request_page.py @@ -0,0 +1,50 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +class SecurityFindingsSearchRequestPage(ModelNormal): + validations = { + "limit": { + "inclusive_maximum": 150, + "inclusive_minimum": 1, + }, + } + + @cached_property + def openapi_types(_): + return { + "cursor": (str,), + "limit": (int,), + } + + attribute_map = { + "cursor": "cursor", + "limit": "limit", + } + + def __init__(self_, cursor: Union[str, UnsetType] = unset, limit: Union[int, UnsetType] = unset, **kwargs): + """ + Pagination attributes for the search request. + + :param cursor: Get the next page of results with a cursor provided in the previous query. + :type cursor: str, optional + + :param limit: The maximum number of security findings in the response. + :type limit: int, optional + """ + if cursor is not unset: + kwargs["cursor"] = cursor + if limit is not unset: + kwargs["limit"] = limit + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_findings_sort.py b/src/datadog_api_client/v2/model/security_findings_sort.py new file mode 100644 index 0000000000..f4c024e758 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_findings_sort.py @@ -0,0 +1,38 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class SecurityFindingsSort(ModelSimple): + """ + The sort parameters when querying security findings. + + :param value: If omitted defaults to "-@detection_changed_at". Must be one of ["@detection_changed_at", "-@detection_changed_at"]. + :type value: str + """ + + allowed_values = { + "@detection_changed_at", + "-@detection_changed_at", + } + DETECTION_CHANGED_AT_ASC: ClassVar["SecurityFindingsSort"] + DETECTION_CHANGED_AT_DESC: ClassVar["SecurityFindingsSort"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +SecurityFindingsSort.DETECTION_CHANGED_AT_ASC = SecurityFindingsSort("@detection_changed_at") +SecurityFindingsSort.DETECTION_CHANGED_AT_DESC = SecurityFindingsSort("-@detection_changed_at") diff --git a/src/datadog_api_client/v2/model/security_findings_status.py b/src/datadog_api_client/v2/model/security_findings_status.py new file mode 100644 index 0000000000..6deeddd9bf --- /dev/null +++ b/src/datadog_api_client/v2/model/security_findings_status.py @@ -0,0 +1,38 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class SecurityFindingsStatus(ModelSimple): + """ + The status of the response. + + :param value: Must be one of ["done", "timeout"]. + :type value: str + """ + + allowed_values = { + "done", + "timeout", + } + DONE: ClassVar["SecurityFindingsStatus"] + TIMEOUT: ClassVar["SecurityFindingsStatus"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +SecurityFindingsStatus.DONE = SecurityFindingsStatus("done") +SecurityFindingsStatus.TIMEOUT = SecurityFindingsStatus("timeout") diff --git a/src/datadog_api_client/v2/models/__init__.py b/src/datadog_api_client/v2/models/__init__.py index 8217f826ec..85b6d4552b 100644 --- a/src/datadog_api_client/v2/models/__init__.py +++ b/src/datadog_api_client/v2/models/__init__.py @@ -2464,6 +2464,7 @@ from datadog_api_client.v2.model.list_rules_response import ListRulesResponse from datadog_api_client.v2.model.list_rules_response_data_item import ListRulesResponseDataItem from datadog_api_client.v2.model.list_rules_response_links import ListRulesResponseLinks +from datadog_api_client.v2.model.list_security_findings_response import ListSecurityFindingsResponse from datadog_api_client.v2.model.list_tags_response import ListTagsResponse from datadog_api_client.v2.model.list_tags_response_data import ListTagsResponseData from datadog_api_client.v2.model.list_tags_response_data_attributes import ListTagsResponseDataAttributes @@ -4167,6 +4168,20 @@ from datadog_api_client.v2.model.security_filter_update_data import SecurityFilterUpdateData from datadog_api_client.v2.model.security_filter_update_request import SecurityFilterUpdateRequest from datadog_api_client.v2.model.security_filters_response import SecurityFiltersResponse +from datadog_api_client.v2.model.security_findings_attributes import SecurityFindingsAttributes +from datadog_api_client.v2.model.security_findings_data import SecurityFindingsData +from datadog_api_client.v2.model.security_findings_data_type import SecurityFindingsDataType +from datadog_api_client.v2.model.security_findings_links import SecurityFindingsLinks +from datadog_api_client.v2.model.security_findings_meta import SecurityFindingsMeta +from datadog_api_client.v2.model.security_findings_page import SecurityFindingsPage +from datadog_api_client.v2.model.security_findings_search_request import SecurityFindingsSearchRequest +from datadog_api_client.v2.model.security_findings_search_request_data import SecurityFindingsSearchRequestData +from datadog_api_client.v2.model.security_findings_search_request_data_attributes import ( + SecurityFindingsSearchRequestDataAttributes, +) +from datadog_api_client.v2.model.security_findings_search_request_page import SecurityFindingsSearchRequestPage +from datadog_api_client.v2.model.security_findings_sort import SecurityFindingsSort +from datadog_api_client.v2.model.security_findings_status import SecurityFindingsStatus from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter from datadog_api_client.v2.model.security_monitoring_filter_action import SecurityMonitoringFilterAction from datadog_api_client.v2.model.security_monitoring_list_rules_response import SecurityMonitoringListRulesResponse @@ -7000,6 +7015,7 @@ "ListRulesResponse", "ListRulesResponseDataItem", "ListRulesResponseLinks", + "ListSecurityFindingsResponse", "ListTagsResponse", "ListTagsResponseData", "ListTagsResponseDataAttributes", @@ -8129,6 +8145,18 @@ "SecurityFilterUpdateData", "SecurityFilterUpdateRequest", "SecurityFiltersResponse", + "SecurityFindingsAttributes", + "SecurityFindingsData", + "SecurityFindingsDataType", + "SecurityFindingsLinks", + "SecurityFindingsMeta", + "SecurityFindingsPage", + "SecurityFindingsSearchRequest", + "SecurityFindingsSearchRequestData", + "SecurityFindingsSearchRequestDataAttributes", + "SecurityFindingsSearchRequestPage", + "SecurityFindingsSort", + "SecurityFindingsStatus", "SecurityMonitoringFilter", "SecurityMonitoringFilterAction", "SecurityMonitoringListRulesResponse", diff --git a/tests/v2/cassettes/test_scenarios/test_list_security_findings_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_list_security_findings_returns_bad_request_response.frozen new file mode 100644 index 0000000000..c55732ac31 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_list_security_findings_returns_bad_request_response.frozen @@ -0,0 +1 @@ +2025-12-17T16:27:32.641Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_list_security_findings_returns_bad_request_response.yaml b/tests/v2/cassettes/test_scenarios/test_list_security_findings_returns_bad_request_response.yaml new file mode 100644 index 0000000000..0cee93a72f --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_list_security_findings_returns_bad_request_response.yaml @@ -0,0 +1,18 @@ +interactions: +- request: + body: null + headers: + accept: + - application/json + method: GET + uri: https://api.datadoghq.com/api/v2/security/findings?page%5Bcursor%5D=invalid_cursor + response: + body: + string: '{"errors":[{"status":"400","detail":"Invalid filters"}]}' + headers: + content-type: + - application/vnd.api+json + status: + code: 400 + message: Bad Request +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_list_security_findings_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_list_security_findings_returns_ok_response.frozen new file mode 100644 index 0000000000..1fdc64cd55 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_list_security_findings_returns_ok_response.frozen @@ -0,0 +1 @@ +2025-12-15T22:38:02.352Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_list_security_findings_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_list_security_findings_returns_ok_response.yaml new file mode 100644 index 0000000000..08fc6943d0 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_list_security_findings_returns_ok_response.yaml @@ -0,0 +1,38 @@ +interactions: +- request: + body: null + headers: + accept: + - application/json + method: GET + uri: https://api.datadoghq.com/api/v2/security/findings + response: + body: + string: '{"data":[{"id":"MWIxMjUyZGJjMjE3ZTFmZTcwZDdlMDNiNTI2YjQ3ZDB-MmQ5ZDgzMTJiMGIwYmM5ZGRmZjQ5OTk4ZmMzYWYyNmM=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2025-38626"],"cve":"CVE-2025-38626","id":"TRIVY-CVE-2025-38626","modified_at":1764176984000,"published_at":1755879336000,"summary":"kernel: + f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"i-048dfba6091eb0d1d","region":"us-west-2"},"detection_changed_at":1765838271832,"finding_id":"MWIxMjUyZGJjMjE3ZTFmZTcwZDdlMDNiNTI2YjQ3ZDB-MmQ5ZDgzMTJiMGIwYmM5ZGRmZjQ5OTk4ZmMzYWYyNmM=","finding_type":"host_and_container_vulnerability","first_seen_at":1765435671872,"host":{"cloud_provider":"aws","image":"ami-0cc8c76c477f8196c","name":"i-048dfba6091eb0d1d","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"bonsly"},"last_seen_at":1765838271832,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-tools-common"],"name":"linux","normalized_name":"linux","version":"5.15.0-161.171"},"related_services":["exposed_to_attacks:false","elasticsearch-bundles"],"remediation":{"is_available":false},"resource_id":"2d9d8312b0b0bc9ddff49998fc3af26c","resource_name":"i-048dfba6091eb0d1d","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00018,"epss_severity":"low"},"impact_cvss":"safer","value":false},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"low","severity_details":{"adjusted":{"score":2.7,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.5,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}},"status":"auto_closed","title":"kernel: + f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode","vulnerability":{"hash":"99066567a1e5dbddd8e7f5e3724f31dbf66cac57a143756e292be14481f28759","stack":{"ecosystem":"deb"}},"workflow":{"auto_closed_at":1765838271832,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","event_type:close","fix_available:unavailable","security-group:sg-0f39702193288cb41","source:datadog","severity:low","auto-discovery.cluster-autoscaler.k8s.io/bonsly","asset_type:host","nodegroup:elasticsearch-bundles_elasticsearch-bundles-data","image:ami-0cc8c76c477f8196c","base_severity:medium","site:datadoghq.com","assignee:none","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:elasticsearch-bundles-data","name:elasticsearch-bundles_elasticsearch-bundles-data","vuln_id:99066567a1e5dbddd8e7f5e3724f31dbf66cac57a143756e292be14481f28759","app:elasticsearch","assignee_id:none","in_production:false","availability-zone:us-west-2b","is_kube_cluster_experimental:false","tags.datadoghq.com/version:8.19.6","adp_enabled:false","public_exploit_available:false","iam_profile:k8s/prtest02-staging-dog-bonsly-kube-node_v2","base_score:5.5","elasticsearch-role:data","team:compute-cloud-accounts","score:2.7","aws:ec2launchtemplate:id:lt-0e2373e62ce4d91a0","nodegroups.datadoghq.com/name:elasticsearch-bundles-data","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2b","managed_by_team:mars","hash:99066567a1e5dbddd8e7f5e3724f31dbf66cac57a143756e292be14481f28759","ecosystem:deb","kube_node:ip-10-150-76-207.us-west-2.compute.internal","ng_local_storage:false","close_count:0","ng_cluster_autoscaler:true","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:88mi","nodegroups.datadoghq.com/namespace:elasticsearch-bundles","service_exposed_to_attacks:false","account:staging-prtest02-yodel","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","k8s.io/cluster-autoscaler/node-template/resources/pods:20","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:mars","orch_cluster_id:ee224680-a73d-4437-809c-8cbdc2513b6c","cluster_name:bonsly","cpu_arch:arm64","epss_raw_score:0.00018","eenv:staging","agent_release_candidate_cluster:false","k8s.io/cluster-autoscaler/node-template/taint/node:elasticsearch-bundles-data:noschedule","exposure_time_days:4","service:elasticsearch-bundles","package_name:linux","package_version:5.15.0-161.171","role:kube-node","env:staging","datacenter:prtest02.staging.dog","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","asset_id:i-048dfba6091eb0d1d","datastore:elasticsearch","scored:false","kube_node_role:compute","kubernetes_cluster:bonsly","security-group:sg-0209ab6974808b99b","os_name:ubuntu","node.datadoghq.com/version:v6-257-3","autoscaling_group:prtest02-staging-dog-bonsly-k8s-ng-asg-e030273153b4de8b","kube_cluster_name:bonsly","instance-type:m6g.large","kube_node_role:elasticsearch-bundles-data","chart_name:elasticsearch","region:us-west-2","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/elasticsearch-bundles-data","k8s.io/cluster-autoscaler/node-template/resources/cpu:1900m","instance_type:m6g.large","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false","aws_account:204235354797","k8s.io/cluster-autoscaler/node-template/label/team:data-science","node.datadoghq.com/cgroup:v2","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","team:data-science","dd_rule_type:not-empty","os_version:22.04","aws:ec2:fleet-id:fleet-121c8084-5187-cc16-a418-27881156a65a","vulnerability_status:auto-closed","cve:cve-2025-38626","kubernetes.io/cluster/bonsly:owned","last_detected_minutes:0","elasticsearch_cluster:elasticsearch-bundles","tag:data","node.datadoghq.com/base-image:ubuntu_22_04","dd_compute_k8s_platform_version:v6-257-3","cluster:elasticsearch-bundles","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:elasticsearch-bundles","k8s.io/cluster-autoscaler/node-template/resources/memory:7131mi","previous_status:open","alias:cve-2025-38626","type:component_with_known_vulnerability","origin:agent","env:staging"],"timestamp":1765838271832}},{"id":"ZGEwMTA4NDdiZjM0ZjI5ZDBlYmMyMzM3NWFkYmUyNWN-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2025-22073"],"cve":"CVE-2025-22073","id":"TRIVY-CVE-2025-22073","modified_at":1762201062000,"published_at":1744816561000,"summary":"kernel: + spufs: fix a leak on spufs_new_file() failure","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"i-0fe66c7f2fe27288a","region":"us-west-2"},"detection_changed_at":1765838271620,"finding_id":"ZGEwMTA4NDdiZjM0ZjI5ZDBlYmMyMzM3NWFkYmUyNWN-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=","finding_type":"host_and_container_vulnerability","first_seen_at":1765438485381,"host":{"cloud_provider":"aws","image":"ami-0afa99f6d7a0af2bf","name":"i-0fe66c7f2fe27288a","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"machop"},"last_seen_at":1765838271620,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-tools-6.8.0-1040-aws","linux-aws-6.8-tools-6.8.0-1040","linux-headers-6.8.0-1040-aws","linux-aws-6.8-headers-6.8.0-1040","linux-modules-6.8.0-1040-aws"],"name":"linux-aws-6.8","normalized_name":"linux-aws-6.8","version":"6.8.0-1040.42~22.04.1"},"related_services":["exposed_to_attacks:false","kafka"],"remediation":{"is_available":true,"package":{"base":[{"name":"linux-aws-6.8","version":"6.8.0-1041.43~22.04.1"}]},"recommended":{"name":"linux-aws-6.8","version":"6.8.0-1041.43~22.04.1"}},"resource_id":"ccd780722c997ec5b77ea916b3c501ca","resource_name":"i-0fe66c7f2fe27288a","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00023,"epss_severity":"low"},"impact_cvss":"safer","value":false},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"low","severity_details":{"adjusted":{"score":2.7,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.5,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}},"status":"auto_closed","title":"kernel: + spufs: fix a leak on spufs_new_file() failure","vulnerability":{"cwes":["CWE-401"],"hash":"faaac328c2e1d67f56a7d4aa1ed18a013ec6d28bf7312a14ad15692994675f50","stack":{"ecosystem":"deb"}},"workflow":{"auto_closed_at":1765838271063,"mute":{"is_muted":false}}}},"tags":["kernel:none","vuln_id:faaac328c2e1d67f56a7d4aa1ed18a013ec6d28bf7312a14ad15692994675f50","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","image:ami-0afa99f6d7a0af2bf","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","instance_type:i3en.2xlarge","aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea","source:datadog","severity:low","k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","fix_available:available","asset_type:host","cluster_name:machop","base_severity:medium","site:datadoghq.com","auto-discovery.cluster-autoscaler.k8s.io/machop","k8s.io/cluster-autoscaler/node-template/label/version:1","version:1","k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups","assignee:none","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium","assignee_id:none","in_production:false","availability-zone:us-west-2c","is_kube_cluster_experimental:false","hash:faaac328c2e1d67f56a7d4aa1ed18a013ec6d28bf7312a14ad15692994675f50","adp_enabled:false","public_exploit_available:false","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium","base_score:5.5","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform","team:compute-cloud-accounts","score:2.7","alias:cve-2025-22073","aws:ec2:fleet-id:fleet-3a3e802e-dba5-6cb6-8eb8-07aa81064fd3","ecosystem:deb","close_count:0","k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m","iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c","package_version:6.8.0-1040.42_22.04.1","ng_cluster_autoscaler:true","nodegroup:kafka_kafka-medium","service_exposed_to_attacks:false","account:staging-prtest02-yodel","cve:cve-2025-22073","cloud_provider:aws","nodegroups.datadoghq.com/namespace:kafka","orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","name:kafka_kafka-medium","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","topicmappr_map:pool1","nodegroups.datadoghq.com/name:kafka-medium","eenv:staging","agent_release_candidate_cluster:false","instance-type:i3en.2xlarge","kube_node:ip-10-150-64-123.us-west-2.compute.internal","k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule","service:kafka","kubernetes.io/cluster/machop:owned","exposure_time_days:4","k8s.io/cluster-autoscaler/node-template/label/service:kafka","event_type:none","role:kube-node","env:staging","datacenter:prtest02.staging.dog","package_name:linux-aws-6.8","security-group:sg-0ad037192bd9b2cfd","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","epss_raw_score:0.00023","scored:false","kube_node_role:compute","autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6","security-group:sg-0209ab6974808b99b","os_name:ubuntu","chart_name:kafka-nodegroups","node.datadoghq.com/version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/pods:45","ng_local_storage:true","region:us-west-2","app:kafka","team:streaming-platform","running_kernel:false","aws_account:204235354797","node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","node.datadoghq.com/cgroup:v2","k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi","k8s.io/cluster-autoscaler/node-template/label/app:kafka","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka","dd_rule_type:not-empty","kube_node_role:kafka-medium","asset_id:i-0fe66c7f2fe27288a","os_version:22.04","vulnerability_status:auto-closed","cpu_arch:amd64","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392","last_detected_minutes:0","kube_cluster_name:machop","node.datadoghq.com/base-image:ubuntu_22_04","dd_compute_k8s_platform_version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi","kafka_node_flavor:medium","kafka_broker_id:10002","k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform","cluster:kafka-error-tracking-001","managed_by_team:streaming-platform","type:component_with_known_vulnerability","origin:agent","kubernetes_cluster:machop","env:staging"],"timestamp":1765838271620}},{"id":"MGZkNzMyYTYxMzcxNWQ0YmNmNTI1NTY2MGM4N2Q1MDh-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2024-35998"],"cve":"CVE-2024-35998","id":"TRIVY-CVE-2024-35998","modified_at":1736532731000,"published_at":1716200114000,"summary":"kernel: + smb3: fix lock ordering potential deadlock in cifs_sync_mid_result","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"i-0fe66c7f2fe27288a","region":"us-west-2"},"detection_changed_at":1765838271581,"finding_id":"MGZkNzMyYTYxMzcxNWQ0YmNmNTI1NTY2MGM4N2Q1MDh-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=","finding_type":"host_and_container_vulnerability","first_seen_at":1765438485381,"host":{"cloud_provider":"aws","image":"ami-0afa99f6d7a0af2bf","name":"i-0fe66c7f2fe27288a","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"machop"},"last_seen_at":1765838271581,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-tools-common"],"name":"linux","normalized_name":"linux","version":"5.15.0-161.171"},"related_services":["exposed_to_attacks:false","kafka"],"remediation":{"is_available":false},"resource_id":"ccd780722c997ec5b77ea916b3c501ca","resource_name":"i-0fe66c7f2fe27288a","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00026,"epss_severity":"low"},"impact_cvss":"safer","value":false},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"low","severity_details":{"adjusted":{"score":2.7,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.5,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}},"status":"auto_closed","title":"kernel: + smb3: fix lock ordering potential deadlock in cifs_sync_mid_result","vulnerability":{"cwes":["CWE-667"],"hash":"ca8998093cb8d3951624a7fb1696297c187b2065f96216107dcf0bbec01af443","stack":{"ecosystem":"deb"}},"workflow":{"auto_closed_at":1765838271581,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","event_type:close","image:ami-0afa99f6d7a0af2bf","fix_available:unavailable","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","instance_type:i3en.2xlarge","aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea","source:datadog","severity:low","k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","asset_type:host","cluster_name:machop","base_severity:medium","site:datadoghq.com","auto-discovery.cluster-autoscaler.k8s.io/machop","k8s.io/cluster-autoscaler/node-template/label/version:1","version:1","k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups","assignee:none","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium","assignee_id:none","in_production:false","availability-zone:us-west-2c","is_kube_cluster_experimental:false","adp_enabled:false","public_exploit_available:false","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium","base_score:5.5","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform","team:compute-cloud-accounts","score:2.7","aws:ec2:fleet-id:fleet-3a3e802e-dba5-6cb6-8eb8-07aa81064fd3","ecosystem:deb","close_count:0","k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m","iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c","ng_cluster_autoscaler:true","nodegroup:kafka_kafka-medium","service_exposed_to_attacks:false","account:staging-prtest02-yodel","hash:ca8998093cb8d3951624a7fb1696297c187b2065f96216107dcf0bbec01af443","cloud_provider:aws","nodegroups.datadoghq.com/namespace:kafka","orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","name:kafka_kafka-medium","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","topicmappr_map:pool1","nodegroups.datadoghq.com/name:kafka-medium","eenv:staging","agent_release_candidate_cluster:false","instance-type:i3en.2xlarge","kube_node:ip-10-150-64-123.us-west-2.compute.internal","k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule","service:kafka","kubernetes.io/cluster/machop:owned","exposure_time_days:4","package_name:linux","k8s.io/cluster-autoscaler/node-template/label/service:kafka","package_version:5.15.0-161.171","role:kube-node","env:staging","datacenter:prtest02.staging.dog","security-group:sg-0ad037192bd9b2cfd","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","epss_raw_score:0.00026","alias:cve-2024-35998","scored:false","kube_node_role:compute","autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6","security-group:sg-0209ab6974808b99b","os_name:ubuntu","chart_name:kafka-nodegroups","node.datadoghq.com/version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/pods:45","ng_local_storage:true","region:us-west-2","app:kafka","team:streaming-platform","aws_account:204235354797","node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","node.datadoghq.com/cgroup:v2","k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi","k8s.io/cluster-autoscaler/node-template/label/app:kafka","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka","dd_rule_type:not-empty","kube_node_role:kafka-medium","asset_id:i-0fe66c7f2fe27288a","os_version:22.04","vulnerability_status:auto-closed","cpu_arch:amd64","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392","last_detected_minutes:0","kube_cluster_name:machop","node.datadoghq.com/base-image:ubuntu_22_04","cve:cve-2024-35998","dd_compute_k8s_platform_version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi","kafka_node_flavor:medium","vuln_id:ca8998093cb8d3951624a7fb1696297c187b2065f96216107dcf0bbec01af443","kafka_broker_id:10002","k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform","previous_status:open","cluster:kafka-error-tracking-001","managed_by_team:streaming-platform","type:component_with_known_vulnerability","origin:agent","kubernetes_cluster:machop","env:staging"],"timestamp":1765838271581}},{"id":"ZTlhYTM5OTg5Yzc4OTQ0OGNkZTY2NWI0YzVjZGFjYTl-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["BIT-golang-2024-24789","CGA-4r7q-83hj-9rrp","CVE-2024-24789","GHSA-236w-p7wf-5ph8"],"cve":"CVE-2024-24789","id":"GO-2024-2888","modified_at":1729574938470,"published_at":1717541335000,"summary":"Mishandling + of corrupt central directory record in archive/zip","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"i-012cdbc8991688ee9","region":"us-west-2"},"detection_changed_at":1765838271577,"finding_id":"ZTlhYTM5OTg5Yzc4OTQ0OGNkZTY2NWI0YzVjZGFjYTl-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=","finding_type":"host_and_container_vulnerability","first_seen_at":1765421661872,"host":{"cloud_provider":"aws","image":"ami-0cc8c76c477f8196c","name":"i-012cdbc8991688ee9","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"bonsly"},"last_seen_at":1765838271577,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["stdlib"],"name":"stdlib","normalized_name":"stdlib","version":"v1.22.1"},"related_services":["exposed_to_attacks:false","elasticsearch-monitors"],"remediation":{"is_available":true,"package":{"base":[{"name":"stdlib","version":"1.22.4"}]},"recommended":{"name":"stdlib","version":"1.22.4"}},"resource_id":"048dd9053223ae333e673207dfd83394","resource_name":"i-012cdbc8991688ee9","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00006,"epss_severity":"low"},"impact_cvss":"safer","value":false},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"low","severity_details":{"adjusted":{"score":2.7,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.5,"value":"medium","value_id":2,"vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}},"status":"auto_closed","title":"Mishandling + of corrupt central directory record in archive/zip","vulnerability":{"hash":"918ae76520381741e62c216ef01bd4d6ea21fa1730e4dcf1a11ad3141dd4a7f6","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838271577,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","ecosystem:go","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:148mi","alias:cve-2024-24789","event_type:close","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","alias:cga-4r7q-83hj-9rrp","security-group:sg-0f39702193288cb41","aws:ec2launchtemplate:id:lt-08847a5158ca7c73a","source:datadog","severity:low","auto-discovery.cluster-autoscaler.k8s.io/bonsly","fix_available:available","hash:918ae76520381741e62c216ef01bd4d6ea21fa1730e4dcf1a11ad3141dd4a7f6","nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data","asset_type:host","image:ami-0cc8c76c477f8196c","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data","base_severity:medium","site:datadoghq.com","instance-type:m6gd.xlarge","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/elasticsearch-monitors-cell-c0-data","assignee:none","app:elasticsearch","cluster:elasticsearch-monitors-cell-c0","assignee_id:none","package_version:v1.22.1","in_production:false","alias:bit-golang-2024-24789","availability-zone:us-west-2c","is_kube_cluster_experimental:false","adp_enabled:false","tags.datadoghq.com/version:8.19.6","public_exploit_available:false","iam_profile:k8s/prtest02-staging-dog-bonsly-kube-node_v2","base_score:5.5","elasticsearch-role:data","team:compute-cloud-accounts","score:2.7","cell:none","managed_by_team:mars","close_count:0","k8s.io/cluster-autoscaler/node-template/label/team:monitor-resources-indexing","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:236991611392","pool:data","package_name:stdlib","ng_cluster_autoscaler:true","service_exposed_to_attacks:false","account:staging-prtest02-yodel","vuln_id:918ae76520381741e62c216ef01bd4d6ea21fa1730e4dcf1a11ad3141dd4a7f6","cloud_provider:aws","instance_type:m6gd.xlarge","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:mars","orch_cluster_id:ee224680-a73d-4437-809c-8cbdc2513b6c","cluster_name:bonsly","cpu_arch:arm64","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","k8s.io/cluster-autoscaler/node-template/resources/memory:15009mi","eenv:staging","agent_release_candidate_cluster:false","asset_id:i-012cdbc8991688ee9","exposure_time_days:4","elasticsearch_cluster:elasticsearch-monitors-cell-c0","alias:ghsa-236w-p7wf-5ph8","role:kube-node","env:staging","datacenter:prtest02.staging.dog","cve:cve-2024-24789","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","datastore:elasticsearch","scored:false","k8s.io/cluster-autoscaler/node-template/resources/cpu:3900m","kube_node_role:compute","team:monitor-resources-indexing","k8s.io/cluster-autoscaler/node-template/resources/pods:40","kubernetes_cluster:bonsly","security-group:sg-0209ab6974808b99b","os_name:ubuntu","node.datadoghq.com/version:v6-257-3","kube_cluster_name:bonsly","epss_raw_score:0.000060","nodegroup:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data","ng_local_storage:true","chart_name:elasticsearch","region:us-west-2","nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0","aws_account:204235354797","node.datadoghq.com/cgroup:v2","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","name:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data","kube_node_role:elasticsearch-monitors-cell-c0-data","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0","dd_rule_type:not-empty","os_version:22.04","vulnerability_status:auto-closed","autoscaling_group:prtest02-staging-dog-bonsly-k8s-ng-asg-1c82e59d5bb84439","kubernetes.io/cluster/bonsly:owned","service:elasticsearch-monitors","last_detected_minutes:0","node.datadoghq.com/base-image:ubuntu_22_04","dd_compute_k8s_platform_version:v6-257-3","aws:ec2:fleet-id:fleet-98a72b26-0bbc-411c-ac98-8e08a9b23a52","previous_status:open","k8s.io/cluster-autoscaler/node-template/taint/node:elasticsearch-monitors-cell-c0-data:noschedule","type:component_with_known_vulnerability","origin:agent","kube_node:ip-10-150-85-76.us-west-2.compute.internal","env:staging"],"timestamp":1765838271577}},{"id":"M2JkYTQ1MzFmYTNlODAzZTI1ZjNlMWE1MWMzZWU5Mjh-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2024-2236"],"cve":"CVE-2024-2236","id":"TRIVY-CVE-2024-2236","modified_at":1743614137000,"published_at":1709763357000,"summary":"libgcrypt: + vulnerable to Marvin Attack","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"i-051d6c5170313e729","region":"us-west-2"},"detection_changed_at":1765838271574,"finding_id":"M2JkYTQ1MzFmYTNlODAzZTI1ZjNlMWE1MWMzZWU5Mjh-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=","finding_type":"host_and_container_vulnerability","first_seen_at":1765397453913,"host":{"cloud_provider":"aws","image":"ami-0afa99f6d7a0af2bf","name":"i-051d6c5170313e729","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"machop"},"last_seen_at":1765838271574,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["libgcrypt20"],"name":"libgcrypt20","normalized_name":"libgcrypt20","version":"1.9.4-3ubuntu3"},"related_services":["exposed_to_attacks:false","kafka"],"remediation":{"is_available":false},"resource_id":"0aead7bacd260b9f23a21c955a84dd57","resource_name":"i-051d6c5170313e729","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00222,"epss_severity":"low"},"impact_cvss":"neutral","value":false},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"low","severity_details":{"adjusted":{"score":3.2,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:A/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.9,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}},"status":"auto_closed","title":"libgcrypt: + vulnerable to Marvin Attack","vulnerability":{"cwes":["CWE-208"],"hash":"8119a960f15010996dbda07e35608345ef82c25294c7288a45fd2dae7b0182bd","stack":{"ecosystem":"deb"}},"workflow":{"auto_closed_at":1765838271574,"mute":{"is_muted":false}}}},"tags":["kernel:none","asset_id:i-051d6c5170313e729","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","event_type:close","image:ami-0afa99f6d7a0af2bf","fix_available:unavailable","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea","instance_type:i3en.2xlarge","aws:ec2:fleet-id:fleet-1a9e8026-5b07-6494-a418-858a394c5003","source:datadog","severity:low","epss_raw_score:0.00222","k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","package_version:1.9.4-3ubuntu3","asset_type:host","cve:cve-2024-2236","cluster_name:machop","base_severity:medium","auto-discovery.cluster-autoscaler.k8s.io/machop","site:datadoghq.com","k8s.io/cluster-autoscaler/node-template/label/version:1","version:1","k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups","assignee:none","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium","assignee_id:none","in_production:false","is_kube_cluster_experimental:false","availability-zone:us-west-2a","adp_enabled:false","public_exploit_available:false","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium","base_score:5.9","package_name:libgcrypt20","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform","team:compute-cloud-accounts","cluster:kafka-aws-metrics-001","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2a","ecosystem:deb","autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-6bf23963f9da330","close_count:0","k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m","iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2","ng_cluster_autoscaler:true","nodegroup:kafka_kafka-medium","service_exposed_to_attacks:false","account:staging-prtest02-yodel","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","nodegroups.datadoghq.com/namespace:kafka","orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc","aws:ec2launchtemplate:version:1","name:kafka_kafka-medium","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","topicmappr_map:pool1","nodegroups.datadoghq.com/name:kafka-medium","eenv:staging","agent_release_candidate_cluster:false","instance-type:i3en.2xlarge","alias:cve-2024-2236","k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule","service:kafka","kubernetes.io/cluster/machop:owned","exposure_time_days:5","k8s.io/cluster-autoscaler/node-template/label/service:kafka","role:kube-node","env:staging","datacenter:prtest02.staging.dog","security-group:sg-0ad037192bd9b2cfd","kube_node:ip-10-150-69-64.us-west-2.compute.internal","score:3.2","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","scored:false","kube_node_role:compute","security-group:sg-0209ab6974808b99b","os_name:ubuntu","chart_name:kafka-nodegroups","node.datadoghq.com/version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/pods:45","ng_local_storage:true","region:us-west-2","app:kafka","team:streaming-platform","aws_account:204235354797","node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi","node.datadoghq.com/cgroup:v2","k8s.io/cluster-autoscaler/node-template/label/app:kafka","tool:infra","vuln_id:8119a960f15010996dbda07e35608345ef82c25294c7288a45fd2dae7b0182bd","k8s.io/cluster-autoscaler/enabled:yes","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka","dd_rule_type:not-empty","kafka_broker_id:10000","kube_node_role:kafka-medium","os_version:22.04","hash:8119a960f15010996dbda07e35608345ef82c25294c7288a45fd2dae7b0182bd","vulnerability_status:auto-closed","cpu_arch:amd64","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392","last_detected_minutes:0","kube_cluster_name:machop","node.datadoghq.com/base-image:ubuntu_22_04","dd_compute_k8s_platform_version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi","kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform","previous_status:open","managed_by_team:streaming-platform","type:component_with_known_vulnerability","origin:agent","kubernetes_cluster:machop","env:staging"],"timestamp":1765838271574}},{"id":"M2QxOTQwOWMwZmViZGRlOTU2MDY2ZGRmODhlNWYxNGN-MjA1YThmN2UxODE1NmY1NjRmODNhZDQ2NzM3MTA5MWY=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2025-38215"],"cve":"CVE-2025-38215","id":"TRIVY-CVE-2025-38215","modified_at":1762193769000,"published_at":1751638529000,"summary":"kernel: + fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"ip-10-150-67-24.us-west-2.compute.internal-machop","region":"us-west-2"},"detection_changed_at":1765838271539,"finding_id":"M2QxOTQwOWMwZmViZGRlOTU2MDY2ZGRmODhlNWYxNGN-MjA1YThmN2UxODE1NmY1NjRmODNhZDQ2NzM3MTA5MWY=","finding_type":"host_and_container_vulnerability","first_seen_at":1765445995855,"host":{"cloud_provider":"aws","image":"ami-0afa99f6d7a0af2bf","name":"ip-10-150-67-24.us-west-2.compute.internal-machop","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"machop"},"last_seen_at":1765838271539,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-modules-6.8.0-1041-aws","linux-tools-6.8.0-1040-aws","linux-aws-6.8-tools-6.8.0-1040","linux-headers-6.8.0-1040-aws","linux-aws-6.8-headers-6.8.0-1040","linux-headers-6.8.0-1041-aws","linux-modules-6.8.0-1040-aws","linux-aws-6.8-headers-6.8.0-1041"],"name":"linux-aws-6.8","normalized_name":"linux-aws-6.8","version":"6.8.0-1041.43~22.04.1"},"related_services":["exposed_to_attacks:false","kafka"],"remediation":{"is_available":false},"resource_id":"205a8f7e18156f564f83ad467371091f","resource_name":"ip-10-150-67-24.us-west-2.compute.internal-machop","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00058,"epss_severity":"low"},"impact_cvss":"neutral","value":false},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"medium","severity_details":{"adjusted":{"score":4.7,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":7,"value":"high","value_id":3,"vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}},"status":"auto_closed","title":"kernel: + fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var","vulnerability":{"hash":"63e993a9f0ae0d64cd927f6117fa09ae0790921bc1da8fec4768f603d7ac0ac8","stack":{"ecosystem":"deb"}},"workflow":{"auto_closed_at":1765838270450,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","image:ami-0afa99f6d7a0af2bf","fix_available:unavailable","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","instance_type:i3en.2xlarge","aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea","source:datadog","k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","asset_type:host","cluster_name:machop","vuln_id:63e993a9f0ae0d64cd927f6117fa09ae0790921bc1da8fec4768f603d7ac0ac8","site:datadoghq.com","auto-discovery.cluster-autoscaler.k8s.io/machop","k8s.io/cluster-autoscaler/node-template/label/version:1","package_version:6.8.0-1041.43_22.04.1","version:1","k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups","assignee:none","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium","assignee_id:none","in_production:false","availability-zone:us-west-2c","is_kube_cluster_experimental:false","kube_node:ip-10-150-67-24.us-west-2.compute.internal","adp_enabled:false","public_exploit_available:false","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform","team:compute-cloud-accounts","severity:medium","running_kernel:true","ecosystem:deb","close_count:0","k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m","iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c","ng_cluster_autoscaler:true","nodegroup:kafka_kafka-medium","service_exposed_to_attacks:false","account:staging-prtest02-yodel","cloud_provider:aws","nodegroups.datadoghq.com/namespace:kafka","orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","name:kafka_kafka-medium","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","topicmappr_map:pool1","asset_id:ip-10-150-67-24.us-west-2.compute.internal-machop","nodegroups.datadoghq.com/name:kafka-medium","eenv:staging","agent_release_candidate_cluster:false","instance-type:i3en.2xlarge","k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule","service:kafka","kubernetes.io/cluster/machop:owned","exposure_time_days:4","k8s.io/cluster-autoscaler/node-template/label/service:kafka","event_type:none","role:kube-node","env:staging","datacenter:prtest02.staging.dog","package_name:linux-aws-6.8","security-group:sg-0ad037192bd9b2cfd","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","scored:false","kube_node_role:compute","autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6","security-group:sg-0209ab6974808b99b","os_name:ubuntu","chart_name:kafka-nodegroups","node.datadoghq.com/version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/pods:45","ng_local_storage:true","region:us-west-2","app:kafka","team:streaming-platform","running_kernel:false","aws_account:204235354797","node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","node.datadoghq.com/cgroup:v2","k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi","k8s.io/cluster-autoscaler/node-template/label/app:kafka","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka","score:4.7","base_score:7.0","dd_rule_type:not-empty","alias:cve-2025-38215","kube_node_role:kafka-medium","os_version:22.04","vulnerability_status:auto-closed","cpu_arch:amd64","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392","aws:ec2:fleet-id:fleet-321c02a4-730f-4616-0eb0-8d80d9952fcf","last_detected_minutes:0","hash:63e993a9f0ae0d64cd927f6117fa09ae0790921bc1da8fec4768f603d7ac0ac8","base_severity:high","kube_cluster_name:machop","node.datadoghq.com/base-image:ubuntu_22_04","dd_compute_k8s_platform_version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi","kafka_node_flavor:medium","kafka_broker_id:10002","k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform","cluster:kafka-apm-stats-intake-001","epss_raw_score:0.00058","cve:cve-2025-38215","managed_by_team:streaming-platform","type:component_with_known_vulnerability","origin:agent","kubernetes_cluster:machop","env:staging"],"timestamp":1765838271539}},{"id":"MTE0MGIxYWM1OWVmMjc2YjhiOGNmMTUzNTRlNzBjYWF-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2025-40016"],"cve":"CVE-2025-40016","id":"TRIVY-CVE-2025-40016","modified_at":1761075085000,"published_at":1760976938000,"summary":"kernel: + media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"i-012cdbc8991688ee9","region":"us-west-2"},"detection_changed_at":1765838271538,"finding_id":"MTE0MGIxYWM1OWVmMjc2YjhiOGNmMTUzNTRlNzBjYWF-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=","finding_type":"host_and_container_vulnerability","first_seen_at":1765421661872,"host":{"cloud_provider":"aws","image":"ami-0cc8c76c477f8196c","name":"i-012cdbc8991688ee9","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"bonsly"},"last_seen_at":1765838271538,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-tools-common"],"name":"linux","normalized_name":"linux","version":"5.15.0-161.171"},"related_services":["exposed_to_attacks:false","elasticsearch-monitors"],"remediation":{"is_available":false},"resource_id":"048dd9053223ae333e673207dfd83394","resource_name":"i-012cdbc8991688ee9","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00026,"epss_severity":"low"},"impact_cvss":"neutral","value":false},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"medium","severity_details":{"adjusted":{"score":4.7,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":7,"value":"high","value_id":3,"vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}},"status":"auto_closed","title":"kernel: + media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID","vulnerability":{"hash":"7b4dd037d291b0e36b6afcbc93621c10831fdaa66a0ac6d217eb1121fb62bfc5","stack":{"ecosystem":"deb"}},"workflow":{"auto_closed_at":1765838271538,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:148mi","event_type:close","fix_available:unavailable","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","security-group:sg-0f39702193288cb41","aws:ec2launchtemplate:id:lt-08847a5158ca7c73a","source:datadog","auto-discovery.cluster-autoscaler.k8s.io/bonsly","nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data","asset_type:host","image:ami-0cc8c76c477f8196c","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data","site:datadoghq.com","instance-type:m6gd.xlarge","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/elasticsearch-monitors-cell-c0-data","assignee:none","app:elasticsearch","cluster:elasticsearch-monitors-cell-c0","assignee_id:none","in_production:false","availability-zone:us-west-2c","is_kube_cluster_experimental:false","adp_enabled:false","tags.datadoghq.com/version:8.19.6","public_exploit_available:false","iam_profile:k8s/prtest02-staging-dog-bonsly-kube-node_v2","elasticsearch-role:data","team:compute-cloud-accounts","severity:medium","cell:none","managed_by_team:mars","ecosystem:deb","close_count:0","k8s.io/cluster-autoscaler/node-template/label/team:monitor-resources-indexing","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:236991611392","pool:data","ng_cluster_autoscaler:true","service_exposed_to_attacks:false","account:staging-prtest02-yodel","cloud_provider:aws","instance_type:m6gd.xlarge","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:mars","orch_cluster_id:ee224680-a73d-4437-809c-8cbdc2513b6c","vuln_id:7b4dd037d291b0e36b6afcbc93621c10831fdaa66a0ac6d217eb1121fb62bfc5","cluster_name:bonsly","cpu_arch:arm64","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","k8s.io/cluster-autoscaler/node-template/resources/memory:15009mi","eenv:staging","agent_release_candidate_cluster:false","asset_id:i-012cdbc8991688ee9","exposure_time_days:4","package_name:linux","elasticsearch_cluster:elasticsearch-monitors-cell-c0","package_version:5.15.0-161.171","role:kube-node","env:staging","datacenter:prtest02.staging.dog","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","epss_raw_score:0.00026","datastore:elasticsearch","scored:false","k8s.io/cluster-autoscaler/node-template/resources/cpu:3900m","kube_node_role:compute","team:monitor-resources-indexing","k8s.io/cluster-autoscaler/node-template/resources/pods:40","kubernetes_cluster:bonsly","security-group:sg-0209ab6974808b99b","os_name:ubuntu","node.datadoghq.com/version:v6-257-3","kube_cluster_name:bonsly","nodegroup:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data","ng_local_storage:true","chart_name:elasticsearch","region:us-west-2","nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0","aws_account:204235354797","node.datadoghq.com/cgroup:v2","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","name:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data","kube_node_role:elasticsearch-monitors-cell-c0-data","base_score:7.0","score:4.7","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0","dd_rule_type:not-empty","hash:7b4dd037d291b0e36b6afcbc93621c10831fdaa66a0ac6d217eb1121fb62bfc5","os_version:22.04","vulnerability_status:auto-closed","autoscaling_group:prtest02-staging-dog-bonsly-k8s-ng-asg-1c82e59d5bb84439","kubernetes.io/cluster/bonsly:owned","service:elasticsearch-monitors","last_detected_minutes:0","base_severity:high","node.datadoghq.com/base-image:ubuntu_22_04","dd_compute_k8s_platform_version:v6-257-3","aws:ec2:fleet-id:fleet-98a72b26-0bbc-411c-ac98-8e08a9b23a52","cve:cve-2025-40016","previous_status:open","alias:cve-2025-40016","k8s.io/cluster-autoscaler/node-template/taint/node:elasticsearch-monitors-cell-c0-data:noschedule","type:component_with_known_vulnerability","origin:agent","kube_node:ip-10-150-85-76.us-west-2.compute.internal","env:staging"],"timestamp":1765838271538}},{"id":"NGNhMjdiNWNjOTEwMTliZGEyYzhlYjg2YzliYTRlYWF-NzM1NzFmMGZiZDI0Mjc1ODI4ODAxMzRlYTJkMWVhY2M=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CGA-9vf9-m4f8-6392","CGA-9vg5-h493-cxr7","CGA-chh8-vhg4-2qj7","CGA-g5hx-8r47-pf39","CGA-hmfp-f3v3-528v","CGA-hrqx-74pg-5m88","CGA-m474-c57g-8945","CGA-r356-23m2-5p37","CGA-v3wf-pwmr-vcw5","CGA-w52c-j6q8-cf23","CGA-w7jq-8v28-882j","CVE-2024-28180","GO-2024-2631"],"cve":"CVE-2024-28180","id":"GHSA-c5q2-7r4c-mv6g","modified_at":1739473645000,"published_at":1709852084000,"summary":"Go + JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"i-053290257b9479659","region":"us-west-2"},"detection_changed_at":1765838271526,"finding_id":"NGNhMjdiNWNjOTEwMTliZGEyYzhlYjg2YzliYTRlYWF-NzM1NzFmMGZiZDI0Mjc1ODI4ODAxMzRlYTJkMWVhY2M=","finding_type":"host_and_container_vulnerability","first_seen_at":1765421721839,"host":{"cloud_provider":"aws","image":"ami-0afa99f6d7a0af2bf","name":"i-053290257b9479659","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"machop"},"last_seen_at":1765838271526,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["gopkg.in/square/go-jose.v2"],"name":"gopkg.in/square/go-jose.v2","normalized_name":"gopkg.in/square/go-jose.v2","version":"v2.6.0"},"related_services":["exposed_to_attacks:false","kafka"],"remediation":{"is_available":true},"resource_id":"73571f0fbd2427582880134ea2d1eacc","resource_name":"i-053290257b9479659","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":true,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.03644,"epss_severity":"low"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"low","severity_details":{"adjusted":{"score":2.6,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:A/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":4.3,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}},"status":"auto_closed","title":"Go + JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)","vulnerability":{"cwes":["CWE-409"],"hash":"89c9a99fe3d5d66e9a98f65c64ca0057a9d31143d3724f56a894093b3f78c2a8","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838271525,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","ecosystem:go","alias:go-2024-2631","event_type:close","image:ami-0afa99f6d7a0af2bf","alias:cga-hmfp-f3v3-528v","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea","instance_type:i3en.2xlarge","hash:89c9a99fe3d5d66e9a98f65c64ca0057a9d31143d3724f56a894093b3f78c2a8","source:datadog","severity:low","k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","fix_available:available","asset_type:host","cluster_name:machop","base_severity:medium","aws:ec2:fleet-id:fleet-1aa5a186-ab36-c1b4-063a-86028119420b","asset_id:i-053290257b9479659","auto-discovery.cluster-autoscaler.k8s.io/machop","site:datadoghq.com","k8s.io/cluster-autoscaler/node-template/label/version:1","version:1","k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups","assignee:none","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium","assignee_id:none","alias:cga-w7jq-8v28-882j","in_production:false","vuln_id:89c9a99fe3d5d66e9a98f65c64ca0057a9d31143d3724f56a894093b3f78c2a8","is_kube_cluster_experimental:false","alias:cve-2024-28180","availability-zone:us-west-2a","alias:cga-g5hx-8r47-pf39","adp_enabled:false","public_exploit_available:false","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform","score:2.6","team:compute-cloud-accounts","package_name:gopkg.in/square/go-jose.v2","kube_node:ip-10-150-70-73.us-west-2.compute.internal","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2a","autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-6bf23963f9da330","close_count:0","k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m","alias:cga-w52c-j6q8-cf23","iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2","ng_cluster_autoscaler:true","nodegroup:kafka_kafka-medium","service_exposed_to_attacks:false","account:staging-prtest02-yodel","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","nodegroups.datadoghq.com/namespace:kafka","orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc","aws:ec2launchtemplate:version:1","name:kafka_kafka-medium","epss_raw_score:0.03644","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","topicmappr_map:pool1","nodegroups.datadoghq.com/name:kafka-medium","eenv:staging","agent_release_candidate_cluster:false","instance-type:i3en.2xlarge","alias:cga-v3wf-pwmr-vcw5","k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule","service:kafka","kubernetes.io/cluster/machop:owned","package_version:v2.6.0","exposure_time_days:4","base_score:4.3","k8s.io/cluster-autoscaler/node-template/label/service:kafka","role:kube-node","env:staging","datacenter:prtest02.staging.dog","alias:cga-chh8-vhg4-2qj7","security-group:sg-0ad037192bd9b2cfd","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","scored:false","cve:cve-2024-28180","kube_node_role:compute","cluster:kafka-collab-intake-001","security-group:sg-0209ab6974808b99b","os_name:ubuntu","chart_name:kafka-nodegroups","node.datadoghq.com/version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/pods:45","alias:cga-m474-c57g-8945","ng_local_storage:true","region:us-west-2","alias:cga-r356-23m2-5p37","alias:cga-hrqx-74pg-5m88","app:kafka","team:streaming-platform","alias:cga-9vg5-h493-cxr7","aws_account:204235354797","node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi","node.datadoghq.com/cgroup:v2","k8s.io/cluster-autoscaler/node-template/label/app:kafka","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka","dd_rule_type:not-empty","kafka_broker_id:10000","kube_node_role:kafka-medium","os_version:22.04","vulnerability_status:auto-closed","cpu_arch:amd64","alias:cga-9vf9-m4f8-6392","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392","last_detected_minutes:0","kube_cluster_name:machop","node.datadoghq.com/base-image:ubuntu_22_04","dd_compute_k8s_platform_version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi","kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform","previous_status:open","managed_by_team:streaming-platform","type:component_with_known_vulnerability","origin:agent","kubernetes_cluster:machop","env:staging"],"timestamp":1765838271526}},{"id":"NWEzNGIyY2U2ZDQ5YWQ1MzI4YjJmNThmNjIwYmUzZWN-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2025-21908"],"cve":"CVE-2025-21908","id":"TRIVY-CVE-2025-21908","modified_at":1759349912000,"published_at":1743524121000,"summary":"kernel: + NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"i-051d6c5170313e729","region":"us-west-2"},"detection_changed_at":1765838271495,"finding_id":"NWEzNGIyY2U2ZDQ5YWQ1MzI4YjJmNThmNjIwYmUzZWN-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=","finding_type":"host_and_container_vulnerability","first_seen_at":1765397453913,"host":{"cloud_provider":"aws","image":"ami-0afa99f6d7a0af2bf","name":"i-051d6c5170313e729","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"machop"},"last_seen_at":1765838271495,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-tools-common"],"name":"linux","normalized_name":"linux","version":"5.15.0-161.171"},"related_services":["exposed_to_attacks:false","kafka"],"remediation":{"is_available":false},"resource_id":"0aead7bacd260b9f23a21c955a84dd57","resource_name":"i-051d6c5170313e729","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00014,"epss_severity":"low"},"impact_cvss":"safer","value":false},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"low","severity_details":{"adjusted":{"score":2.7,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.5,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}},"status":"auto_closed","title":"kernel: + NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback","vulnerability":{"cwes":["CWE-667"],"hash":"4570b3e1911225fe950b59c16276bbd1c54abcdfb97343c6346b720728e37a2f","stack":{"ecosystem":"deb"}},"workflow":{"auto_closed_at":1765838271495,"mute":{"is_muted":false}}}},"tags":["kernel:none","asset_id:i-051d6c5170313e729","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","event_type:close","image:ami-0afa99f6d7a0af2bf","fix_available:unavailable","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea","instance_type:i3en.2xlarge","aws:ec2:fleet-id:fleet-1a9e8026-5b07-6494-a418-858a394c5003","source:datadog","severity:low","k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","asset_type:host","cluster_name:machop","base_severity:medium","vuln_id:4570b3e1911225fe950b59c16276bbd1c54abcdfb97343c6346b720728e37a2f","auto-discovery.cluster-autoscaler.k8s.io/machop","site:datadoghq.com","k8s.io/cluster-autoscaler/node-template/label/version:1","version:1","k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups","assignee:none","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium","assignee_id:none","in_production:false","is_kube_cluster_experimental:false","availability-zone:us-west-2a","adp_enabled:false","public_exploit_available:false","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium","base_score:5.5","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform","team:compute-cloud-accounts","score:2.7","cluster:kafka-aws-metrics-001","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2a","ecosystem:deb","autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-6bf23963f9da330","close_count:0","k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m","iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2","ng_cluster_autoscaler:true","nodegroup:kafka_kafka-medium","service_exposed_to_attacks:false","account:staging-prtest02-yodel","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","nodegroups.datadoghq.com/namespace:kafka","orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc","aws:ec2launchtemplate:version:1","name:kafka_kafka-medium","epss_raw_score:0.00014","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","topicmappr_map:pool1","nodegroups.datadoghq.com/name:kafka-medium","eenv:staging","agent_release_candidate_cluster:false","instance-type:i3en.2xlarge","k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule","service:kafka","kubernetes.io/cluster/machop:owned","package_name:linux","exposure_time_days:5","k8s.io/cluster-autoscaler/node-template/label/service:kafka","package_version:5.15.0-161.171","role:kube-node","env:staging","datacenter:prtest02.staging.dog","security-group:sg-0ad037192bd9b2cfd","kube_node:ip-10-150-69-64.us-west-2.compute.internal","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","scored:false","kube_node_role:compute","security-group:sg-0209ab6974808b99b","os_name:ubuntu","chart_name:kafka-nodegroups","node.datadoghq.com/version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/pods:45","ng_local_storage:true","region:us-west-2","app:kafka","team:streaming-platform","aws_account:204235354797","node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi","node.datadoghq.com/cgroup:v2","k8s.io/cluster-autoscaler/node-template/label/app:kafka","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka","dd_rule_type:not-empty","alias:cve-2025-21908","kafka_broker_id:10000","kube_node_role:kafka-medium","os_version:22.04","vulnerability_status:auto-closed","cpu_arch:amd64","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392","last_detected_minutes:0","kube_cluster_name:machop","node.datadoghq.com/base-image:ubuntu_22_04","dd_compute_k8s_platform_version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi","kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform","previous_status:open","cve:cve-2025-21908","hash:4570b3e1911225fe950b59c16276bbd1c54abcdfb97343c6346b720728e37a2f","managed_by_team:streaming-platform","type:component_with_known_vulnerability","origin:agent","kubernetes_cluster:machop","env:staging"],"timestamp":1765838271495}},{"id":"ZDc1MGVmYjlhNWE4ZDIxOGY0ZDFmMDQ5ZDU5NDhhNTl-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2025-39806"],"cve":"CVE-2025-39806","id":"TRIVY-CVE-2025-39806","modified_at":1762193808000,"published_at":1758028551000,"summary":"kernel: + HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"i-0fe66c7f2fe27288a","region":"us-west-2"},"detection_changed_at":1765838271483,"finding_id":"ZDc1MGVmYjlhNWE4ZDIxOGY0ZDFmMDQ5ZDU5NDhhNTl-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=","finding_type":"host_and_container_vulnerability","first_seen_at":1765438485381,"host":{"cloud_provider":"aws","image":"ami-0afa99f6d7a0af2bf","name":"i-0fe66c7f2fe27288a","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"machop"},"last_seen_at":1765838271483,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-tools-common"],"name":"linux","normalized_name":"linux","version":"5.15.0-161.171"},"related_services":["exposed_to_attacks:false","kafka"],"remediation":{"is_available":true,"package":{"base":[{"name":"linux","version":"5.15.0-163.173"}]},"recommended":{"name":"linux","version":"5.15.0-163.173"}},"resource_id":"ccd780722c997ec5b77ea916b3c501ca","resource_name":"i-0fe66c7f2fe27288a","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00036,"epss_severity":"low"},"impact_cvss":"neutral","value":false},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"low","severity_details":{"adjusted":{"score":3.6,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.8,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H"}},"status":"auto_closed","title":"kernel: + HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()","vulnerability":{"hash":"f48ef5d7531edd145ad05e7a4d3ad369393a320e87e7854007d0777f1d24624f","stack":{"ecosystem":"deb"}},"workflow":{"auto_closed_at":1765838271483,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","event_type:close","image:ami-0afa99f6d7a0af2bf","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","instance_type:i3en.2xlarge","aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea","source:datadog","severity:low","k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","fix_available:available","asset_type:host","cluster_name:machop","base_severity:medium","site:datadoghq.com","auto-discovery.cluster-autoscaler.k8s.io/machop","k8s.io/cluster-autoscaler/node-template/label/version:1","version:1","k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups","assignee:none","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium","assignee_id:none","in_production:false","availability-zone:us-west-2c","is_kube_cluster_experimental:false","cve:cve-2025-39806","adp_enabled:false","public_exploit_available:false","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium","base_score:5.8","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform","team:compute-cloud-accounts","hash:f48ef5d7531edd145ad05e7a4d3ad369393a320e87e7854007d0777f1d24624f","aws:ec2:fleet-id:fleet-3a3e802e-dba5-6cb6-8eb8-07aa81064fd3","ecosystem:deb","close_count:0","k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m","iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c","ng_cluster_autoscaler:true","nodegroup:kafka_kafka-medium","service_exposed_to_attacks:false","account:staging-prtest02-yodel","cloud_provider:aws","nodegroups.datadoghq.com/namespace:kafka","orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","name:kafka_kafka-medium","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","topicmappr_map:pool1","nodegroups.datadoghq.com/name:kafka-medium","eenv:staging","agent_release_candidate_cluster:false","instance-type:i3en.2xlarge","kube_node:ip-10-150-64-123.us-west-2.compute.internal","k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule","service:kafka","kubernetes.io/cluster/machop:owned","exposure_time_days:4","score:3.6","package_name:linux","alias:cve-2025-39806","k8s.io/cluster-autoscaler/node-template/label/service:kafka","package_version:5.15.0-161.171","role:kube-node","env:staging","datacenter:prtest02.staging.dog","security-group:sg-0ad037192bd9b2cfd","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","scored:false","kube_node_role:compute","autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6","security-group:sg-0209ab6974808b99b","os_name:ubuntu","chart_name:kafka-nodegroups","node.datadoghq.com/version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/pods:45","ng_local_storage:true","region:us-west-2","epss_raw_score:0.00036","app:kafka","team:streaming-platform","aws_account:204235354797","node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","vuln_id:f48ef5d7531edd145ad05e7a4d3ad369393a320e87e7854007d0777f1d24624f","node.datadoghq.com/cgroup:v2","k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi","k8s.io/cluster-autoscaler/node-template/label/app:kafka","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka","dd_rule_type:not-empty","kube_node_role:kafka-medium","asset_id:i-0fe66c7f2fe27288a","os_version:22.04","vulnerability_status:auto-closed","cpu_arch:amd64","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392","last_detected_minutes:0","kube_cluster_name:machop","node.datadoghq.com/base-image:ubuntu_22_04","dd_compute_k8s_platform_version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi","kafka_node_flavor:medium","kafka_broker_id:10002","k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform","previous_status:open","cluster:kafka-error-tracking-001","managed_by_team:streaming-platform","type:component_with_known_vulnerability","origin:agent","kubernetes_cluster:machop","env:staging"],"timestamp":1765838271483}}],"meta":{"elapsed":1195,"page":{"after":"eyJhZnRlciI6IkF3QUFBWnNrS2JQNzd2ekswQUFBQUJoQlduTnJTMkpRTjBGQlFUTnZOMEpJYkRVM00wbDZURVlBQUFBa1pERTVZakkwTWprdFlqWTFPUzAwWlRnMExUZzVNMll0WkRVNE5HTTVOVGRqWTJGa0FBQUFFZyIsInZhbHVlcyI6WzE3NjU4MzgyNzE0ODMsIjIwMjUtMTItMTVUMjI6Mzc6NTEuNDgzWiIsLTI4NTQyMjg5Nl19"},"request_id":"pddv1ChZEV0JfaHozRVJJT3B1aUpZVnRRSGZBIiwKHMkNUONObwGrUBI2wC3SsGESwWt0gp1AaEa5fmMSDOob7VueP1L1GfbrUg","status":"done"},"links":{"next":"/api/v2/security/findings?page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrS2JQNzd2ekswQUFBQUJoQlduTnJTMkpRTjBGQlFUTnZOMEpJYkRVM00wbDZURVlBQUFBa1pERTVZakkwTWprdFlqWTFPUzAwWlRnMExUZzVNMll0WkRVNE5HTTVOVGRqWTJGa0FBQUFFZyIsInZhbHVlcyI6WzE3NjU4MzgyNzE0ODMsIjIwMjUtMTItMTVUMjI6Mzc6NTEuNDgzWiIsLTI4NTQyMjg5Nl19\u0026page%5Blimit%5D=10\u0026sort=-%40detection_changed_at"}}' + headers: + content-type: + - application/vnd.api+json + status: + code: 200 + message: OK +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_list_security_findings_returns_ok_response_with_pagination.frozen b/tests/v2/cassettes/test_scenarios/test_list_security_findings_returns_ok_response_with_pagination.frozen new file mode 100644 index 0000000000..5226ac2da3 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_list_security_findings_returns_ok_response_with_pagination.frozen @@ -0,0 +1 @@ +2025-12-15T22:38:44.211Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_list_security_findings_returns_ok_response_with_pagination.yaml b/tests/v2/cassettes/test_scenarios/test_list_security_findings_returns_ok_response_with_pagination.yaml new file mode 100644 index 0000000000..b80999f74b --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_list_security_findings_returns_ok_response_with_pagination.yaml @@ -0,0 +1,164 @@ +interactions: +- request: + body: null + headers: + accept: + - application/json + method: GET + uri: https://api.datadoghq.com/api/v2/security/findings?page%5Blimit%5D=5 + response: + body: + string: '{"data":[{"id":"OXBuLXltcS1yaGh-aS0wODVkZTgwNWY4NTJlZGQxNA==","type":"finding","attributes":{"attributes":{"custom":{"cloud_resource":{"account":"727006795293","category":"hosts","cloud_provider":"aws","configuration":{"account_id":"727006795293","agent_framework_id":"cis-ubuntu2204","agent_rule_id":"xccdf_org.ssgproject.content_rule_package_bind_removed","agent_version":"7.74.0-rc.3","evaluator":"xccdf","framework_requirement":["cis-ubuntu2004/DNS-Server","cis-rhel9/DNS-Server","cis-ubuntu2404/DNS-Server","cis-rhel8/DNS-Server","cis-rhel7/DNS-Server","cis-amzn2/DNS-Server","cis-al2023/DNS-Server","cis-ubuntu2204/DNS-Server","cis-almalinux9/DNS-Server"],"framework_requirement_control":["cis-ubuntu2004/DNS-Server/2.2.8","cis-ubuntu2404/DNS-Server/2.1.4","cis-rhel7/DNS-Server/2.2.4","cis-almalinux9/DNS-Server/2.1.4","cis-rhel8/DNS-Server/2.2.4","cis-rhel9/DNS-Server/2.1.4","cis-al2023/DNS-Server/2.2.5","cis-amzn2/DNS-Server/2.2.4","cis-ubuntu2204/DNS-Server/2.2.7"]},"region":"us-east-1"},"compliance":{"evaluation":"pass","framework_requirement_controls":["cis-ubuntu2004/DNS-Server/2.2.8","cis-ubuntu2404/DNS-Server/2.1.4","cis-rhel7/DNS-Server/2.2.4","cis-almalinux9/DNS-Server/2.1.4","cis-rhel8/DNS-Server/2.2.4","cis-rhel9/DNS-Server/2.1.4","cis-al2023/DNS-Server/2.2.5","cis-amzn2/DNS-Server/2.2.4","cis-ubuntu2204/DNS-Server/2.2.7"],"framework_requirements":["cis-ubuntu2004/DNS-Server","cis-rhel9/DNS-Server","cis-ubuntu2404/DNS-Server","cis-rhel8/DNS-Server","cis-rhel7/DNS-Server","cis-amzn2/DNS-Server","cis-al2023/DNS-Server","cis-ubuntu2204/DNS-Server","cis-almalinux9/DNS-Server"],"frameworks":[{"control":"2.2.8","framework":"cis-ubuntu2004","is_default":true,"message":"## + Description\n\nThe `named` service is provided by the `bind` package.\nThe + `bind` package can be removed with the following command:\n```\n\n$ apt-get + remove bind\n```\n\n\n## Rationale\n\nIf there is no need to make DNS server + software available,\nremoving it provides a safeguard against its activation.\n\n## + Remediation\n\n### Shell script\n\nThe following script can be run on the + host to remediate the issue.\n\n```\n#!/bin/bash\n\n# CAUTION: This remediation + script will remove bind9\n# from the system, and may remove any packages\n# + that depend on bind9. Execute this\n# remediation AFTER testing on a non-production\n# + system!\n\n\nDEBIAN_FRONTEND=noninteractive apt-get remove -y \"bind9\"\n```\n\n### + Ansible playbook\n\nThe following playbook can be run with Ansible to remediate + the issue.\n\n```\n- name: ''Uninstall bind Package: Ensure bind9 is removed''\n ansible.builtin.package:\n name: + bind9\n state: absent\n tags:\n - NIST-800-53-CM-6(a)\n - NIST-800-53-CM-7(a)\n - + NIST-800-53-CM-7(b)\n - disable_strategy\n - low_complexity\n - low_disruption\n - + low_severity\n - no_reboot_needed\n - package_bind_removed\n```\n","requirement":"DNS-Server","version":"1.0.0"},{"control":"2.2.7","framework":"cis-ubuntu2204","is_default":true,"message":"## + Description\n\nThe `named` service is provided by the `bind` package.\nThe + `bind` package can be removed with the following command:\n```\n\n$ apt-get + remove bind\n```\n\n\n## Rationale\n\nIf there is no need to make DNS server + software available,\nremoving it provides a safeguard against its activation.\n\n## + Remediation\n\n### Shell script\n\nThe following script can be run on the + host to remediate the issue.\n\n```\n#!/bin/bash\n\n# CAUTION: This remediation + script will remove bind9\n# from the system, and may remove any packages\n# + that depend on bind9. Execute this\n# remediation AFTER testing on a non-production\n# + system!\n\n\nDEBIAN_FRONTEND=noninteractive apt-get remove -y \"bind9\"\n```\n\n### + Ansible playbook\n\nThe following playbook can be run with Ansible to remediate + the issue.\n\n```\n- name: ''Uninstall bind Package: Ensure bind9 is removed''\n ansible.builtin.package:\n name: + bind9\n state: absent\n tags:\n - NIST-800-53-CM-6(a)\n - NIST-800-53-CM-7(a)\n - + NIST-800-53-CM-7(b)\n - disable_strategy\n - low_complexity\n - low_disruption\n - + low_severity\n - no_reboot_needed\n - package_bind_removed\n```\n","requirement":"DNS-Server","version":"2.0.0"},{"control":"2.2.4","framework":"cis-rhel7","is_default":true,"message":"## + Description\n\nThe `named` service is provided by the `bind` package.\nThe + `bind` package can be removed with the following command:\n```\n\n$ sudo yum + erase bind\n```\n\n\n## Rationale\n\nIf there is no need to make DNS server + software available,\nremoving it provides a safeguard against its activation.\n\n## + Remediation\n\n### Shell script\n\nThe following script can be run on the + host to remediate the issue.\n\n```\n#!/bin/bash\n\n# CAUTION: This remediation + script will remove bind\n#\t from the system, and may remove any packages\n#\t that + depend on bind. Execute this\n#\t remediation AFTER testing on a non-production\n#\t system!\n\nif + rpm -q --quiet \"bind\" ; then\n\n yum remove -y \"bind\"\n\nfi\n```\n\n### + Ansible playbook\n\nThe following playbook can be run with Ansible to remediate + the issue.\n\n```\n- name: Ensure bind is removed\n package:\n name: bind\n state: + absent\n tags:\n - CCE-80326-2\n - NIST-800-53-CM-6(a)\n - NIST-800-53-CM-7(a)\n - + NIST-800-53-CM-7(b)\n - disable_strategy\n - low_complexity\n - low_disruption\n - + low_severity\n - no_reboot_needed\n - package_bind_removed\n```\n","requirement":"DNS-Server","version":"3.1.1"},{"control":"2.2.4","framework":"cis-rhel8","is_default":true,"message":"## + Description\n\nThe `named` service is provided by the `bind` package.\nThe + `bind` package can be removed with the following command:\n```\n\n$ sudo yum + erase bind\n```\n\n\n## Rationale\n\nIf there is no need to make DNS server + software available,\nremoving it provides a safeguard against its activation.\n\n## + Remediation\n\n### Shell script\n\nThe following script can be run on the + host to remediate the issue.\n\n```\n#!/bin/bash\n\n# CAUTION: This remediation + script will remove bind\n# from the system, and may remove any packages\n# + that depend on bind. Execute this\n# remediation AFTER testing on a non-production\n# + system!\n\n\nif rpm -q --quiet \"bind\" ; then\nyum remove -y \"bind\"\nfi\n```\n\n### + Ansible playbook\n\nThe following playbook can be run with Ansible to remediate + the issue.\n\n```\n- name: ''Uninstall bind Package: Ensure bind is removed''\n ansible.builtin.package:\n name: + bind\n state: absent\n tags:\n - CCE-82408-6\n - NIST-800-53-CM-6(a)\n - + NIST-800-53-CM-7(a)\n - NIST-800-53-CM-7(b)\n - disable_strategy\n - low_complexity\n - + low_disruption\n - low_severity\n - no_reboot_needed\n - package_bind_removed\n```\n","requirement":"DNS-Server","version":"3.0.0"},{"control":"2.1.4","framework":"cis-rhel9","is_default":true,"message":"## + Description\n\nThe `named` service is provided by the `bind` package.\nThe + `bind` package can be removed with the following command:\n```\n\n$ sudo dnf + remove bind\n```\nOn Red Hat Enterprise Linux 9.6 and newer, the `bind` command + is also provided by the `bind9.18` package.\nThe `bind9.18` package can be + removed with the following command:\n```\n\n$ sudo dnf remove bind9.18\n```\n\n\n## + Rationale\n\nIf there is no need to make DNS server software available,\nremoving + it provides a safeguard against its activation.\n\n## Remediation\n\n### Shell + script\n\nThe following script can be run on the host to remediate the issue.\n\n```\n#!/bin/bash\n\n# + CAUTION: This remediation script will remove bind and bind9.18\n# from the + system, and may remove any packages\n# that depend on bind and bind9.18. Execute + this\n# remediation AFTER testing on a non-production\n# system!\n\n\nif rpm + -q --quiet \"bind\" ; then\ndnf remove -y --noautoremove \"bind\"\nfi\n\nif + rpm -q --quiet \"bind9.18\" ; then\ndnf remove -y --noautoremove \"bind9.18\"\nfi\n```\n\n### + Ansible playbook\n\nThe following playbook can be run with Ansible to remediate + the issue.\n\n```\n- name: ''Uninstall bind Package: Ensure bind is removed''\n ansible.builtin.package:\n name: + bind\n state: absent\n tags:\n - CCE-86505-5\n - NIST-800-53-CM-6(a)\n - + NIST-800-53-CM-7(a)\n - NIST-800-53-CM-7(b)\n - disable_strategy\n - low_complexity\n - + low_disruption\n - low_severity\n - no_reboot_needed\n - package_bind_removed\n\n- + name: ''Uninstall bind Package: Ensure bind9.18 is removed''\n ansible.builtin.package:\n name: + bind9.18\n state: absent\n tags:\n - CCE-86505-5\n - NIST-800-53-CM-6(a)\n - + NIST-800-53-CM-7(a)\n - NIST-800-53-CM-7(b)\n - disable_strategy\n - low_complexity\n - + low_disruption\n - low_severity\n - no_reboot_needed\n - package_bind_removed\n```\n","requirement":"DNS-Server","version":"2.0.0"},{"control":"2.1.4","framework":"cis-almalinux9","is_default":true,"message":"## + Description\n\nThe `named` service is provided by the `bind` package.\nThe + `bind` package can be removed with the following command:\n```\n\n$ sudo dnf + remove bind\n```\n\n\n## Rationale\n\nIf there is no need to make DNS server + software available,\nremoving it provides a safeguard against its activation.\n\n## + Remediation\n\n### Shell script\n\nThe following script can be run on the + host to remediate the issue.\n\n```\n#!/bin/bash\n\n# CAUTION: This remediation + script will remove bind\n# from the system, and may remove any packages\n# + that depend on bind. Execute this\n# remediation AFTER testing on a non-production\n# + system!\n\n\nif rpm -q --quiet \"bind\" ; then\ndnf remove -y --noautoremove + \"bind\"\nfi\n```\n\n### Ansible playbook\n\nThe following playbook can be + run with Ansible to remediate the issue.\n\n```\n- name: ''Uninstall bind + Package: Ensure bind is removed''\n ansible.builtin.package:\n name: bind\n state: + absent\n tags:\n - NIST-800-53-CM-6(a)\n - NIST-800-53-CM-7(a)\n - NIST-800-53-CM-7(b)\n - + disable_strategy\n - low_complexity\n - low_disruption\n - low_severity\n - + no_reboot_needed\n - package_bind_removed\n```\n","requirement":"DNS-Server","version":"2.0.0"},{"control":"2.2.4","framework":"cis-amzn2","is_default":true,"message":"## + Description\n\nThe `named` service is provided by the `bind` package.\nThe + `bind` package can be removed with the following command:\n```\n\n$ sudo yum + erase bind\n```\n\n\n## Rationale\n\nIf there is no need to make DNS server + software available,\nremoving it provides a safeguard against its activation.\n\n## + Remediation\n\n### Shell script\n\nThe following script can be run on the + host to remediate the issue.\n\n```\n#!/bin/bash\n\n# CAUTION: This remediation + script will remove bind\n#\t from the system, and may remove any packages\n#\t that + depend on bind. Execute this\n#\t remediation AFTER testing on a non-production\n#\t system!\n\nif + rpm -q --quiet \"bind\" ; then\n\n yum remove -y \"bind\"\n\nfi\n```\n\n### + Ansible playbook\n\nThe following playbook can be run with Ansible to remediate + the issue.\n\n```\n- name: Ensure bind is removed\n package:\n name: bind\n state: + absent\n tags:\n - NIST-800-53-CM-6(a)\n - NIST-800-53-CM-7(a)\n - NIST-800-53-CM-7(b)\n - + disable_strategy\n - low_complexity\n - low_disruption\n - low_severity\n - + no_reboot_needed\n - package_bind_removed\n```\n","requirement":"DNS-Server","version":"3.0.0"},{"control":"2.2.5","framework":"cis-al2023","is_default":true,"message":"## + Description\n\nThe `named` service is provided by the `bind` package.\nThe + `bind` package can be removed with the following command:\n```\n\n$ sudo dnf + remove bind\n```\n\n\n## Rationale\n\nIf there is no need to make DNS server + software available,\nremoving it provides a safeguard against its activation.\n\n## + Remediation\n\n### Shell script\n\nThe following script can be run on the + host to remediate the issue.\n\n```\n#!/bin/bash\n\n# CAUTION: This remediation + script will remove bind\n# from the system, and may remove any packages\n# + that depend on bind. Execute this\n# remediation AFTER testing on a non-production\n# + system!\n\n\nif rpm -q --quiet \"bind\" ; then\ndnf remove -y --noautoremove + \"bind\"\nfi\n```\n\n### Ansible playbook\n\nThe following playbook can be + run with Ansible to remediate the issue.\n\n```\n- name: ''Uninstall bind + Package: Ensure bind is removed''\n ansible.builtin.package:\n name: bind\n state: + absent\n tags:\n - NIST-800-53-CM-6(a)\n - NIST-800-53-CM-7(a)\n - NIST-800-53-CM-7(b)\n - + disable_strategy\n - low_complexity\n - low_disruption\n - low_severity\n - + no_reboot_needed\n - package_bind_removed\n```\n","requirement":"DNS-Server","version":"1.0.0"},{"control":"2.2.5","framework":"cis-al2023","is_default":true,"requirement":"DNS-Server","version":"1.0.0"},{"control":"2.1.4","framework":"cis-almalinux9","is_default":true,"requirement":"DNS-Server","version":"2.0.0"},{"control":"2.2.4","framework":"cis-amzn2","is_default":true,"requirement":"DNS-Server","version":"3.0.0"},{"control":"2.2.4","framework":"cis-rhel7","is_default":true,"requirement":"DNS-Server","version":"3.1.1"},{"control":"2.2.4","framework":"cis-rhel8","is_default":true,"requirement":"DNS-Server","version":"3.0.0"},{"control":"2.1.4","framework":"cis-rhel9","is_default":true,"requirement":"DNS-Server","version":"2.0.0"},{"control":"2.2.8","framework":"cis-ubuntu2004","is_default":true,"requirement":"DNS-Server","version":"1.0.0"},{"control":"2.2.7","framework":"cis-ubuntu2204","is_default":true,"requirement":"DNS-Server","version":"2.0.0"},{"control":"2.1.4","framework":"cis-ubuntu2404","is_default":true,"requirement":"DNS-Server","version":"1.0.0"}]},"description":"%%%\n## + Description\n\nThe `named` service is provided by the `bind` package.\nThe + `bind` package can be removed with the following command:\n```\n\n$ apt-get + remove bind\n```\n\n\n## Rationale\n\nIf there is no need to make DNS server + software available,\nremoving it provides a safeguard against its activation.\n\n## + Remediation\n\n### Shell script\n\nThe following script can be run on the + host to remediate the issue.\n\n```\n#!/bin/bash\n\n# CAUTION: This remediation + script will remove bind9\n# from the system, and may remove any packages\n# + that depend on bind9. Execute this\n# remediation AFTER testing on a non-production\n# + system!\n\n\nDEBIAN_FRONTEND=noninteractive apt-get remove -y \"bind9\"\n```\n\n### + Ansible playbook\n\nThe following playbook can be run with Ansible to remediate + the issue.\n\n```\n- name: ''Uninstall bind Package: Ensure bind9 is removed''\n ansible.builtin.package:\n name: + bind9\n state: absent\n tags:\n - NIST-800-53-CM-6(a)\n - NIST-800-53-CM-7(a)\n - + NIST-800-53-CM-7(b)\n - disable_strategy\n - low_complexity\n - low_disruption\n - + low_severity\n - no_reboot_needed\n - package_bind_removed\n```\n\n%%%","detection_changed_at":1765838312079,"finding_id":"OXBuLXltcS1yaGh-aS0wODVkZTgwNWY4NTJlZGQxNA==","finding_type":"misconfiguration","first_seen_at":1765838312079,"host":{"cloud_provider":"aws","name":"i-085de805f852edd14"},"k8s":{"cluster_id":"heatran"},"last_seen_at":1765838312079,"metadata":{"schema_version":"2"},"resource_id":"i-085de805f852edd14","resource_name":"i-085de805f852edd14","resource_type":"host","rule":{"default_rule_id":"def-000-zlf","id":"9pn-ymq-rhh","name":"Uninstall + bind Package","type":"infrastructure configuration","version":25},"severity":"low","severity_details":{"adjusted":{"score":2,"value":"low","value_id":1}},"status":"open","title":"Uninstall + bind Package","workflow":{"mute":{"is_muted":false}}}},"tags":["scored:true","kernel:none","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1c","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","availability-zone:us-east-1c","role:kube-node","env:staging","image:ami-0a8a2ad2689e7c22d","control:2.2.4","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","kubernetes.io/cluster/heatran:owned","k8s.io/cluster-autoscaler/node-template/resources/memory:5971764ki","site:datad0g.com","framework:cis-ubuntu2204","adp_enabled:true","security:compliance","auto-discovery.cluster-autoscaler.k8s.io/heatran","chart_name:koutris-infra","security-group:sg-0a2e60dd3f9a5a6ab","kube_node_role:compute","control:2.2.7","control:2.2.8","control:2.2.5","autoscaling_group:us1-staging-dog-heatran-k8s-ng-asg-a6848eee38b2f3a8","kube_cluster_name:heatran","orch_cluster_id:0659afbc-9c8d-401f-926c-8d0a7d64a5d8","dd_compute_k8s_platform_version:v6-271-0","name:koutris_koutris-fw-2c8g","kubernetes_cluster:heatran","release:koutris-infra","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:koutris","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:93mi","kube_node:ip-10-112-62-173.ec2.internal","aws_account:727006795293","host:i-085de805f852edd14","k8s.io/cluster-autoscaler/node-template/resources/cpu:1900m","pci_compliance_level:tier_two","is_kube_cluster_experimental:false","aws:ec2launchtemplate:id:lt-0565e94873111d4dc","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false","requirement:dns-server","node.datadoghq.com/cgroup:v2","k8s.io/cluster-autoscaler/enabled:yes","team:monitor-intake","security-group:sg-0ebe29714ed14f3c3","region:us-east-1","control:2.1.4","aws:ec2:fleet-id:fleet-4fbf0515-3c0e-e685-0c1a-01aa4d0a88dd","ng_local_storage:false","cluster_name:heatran","cpu_arch:amd64","ng_cluster_autoscaler:true","nodegroup:koutris_koutris-fw-2c8g","source:host-benchmarks","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/koutris-fw-2c8g","account_id:727006795293","iam_profile:k8s/us1-staging-dog-heatran-kube-node_v2","instance_type:m6i.large","node.datadoghq.com/base-image:ubuntu_22_04","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","node.datadoghq.com/version:v6-271-0","aws:ec2launchtemplate:version:1","k8s.io/cluster-autoscaler/node-template/resources/pods:20","datacenter:us1.staging.dog","k8s.io/cluster-autoscaler/node-template/taint/node:koutris-fw-2c8g:noschedule","kube_node_role:koutris-fw-2c8g","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:koutris-fw-2c8g","account:staging","framework_version:cis-ubuntu2204_v2.0.0","source:compliance-agent","nodegroups.datadoghq.com/name:koutris-fw-2c8g","agent_release_candidate_cluster:false","instance-type:m6i.large","nodegroups.datadoghq.com/namespace:koutris"],"timestamp":1765838312079}},{"id":"YTcxZGViZjIxNDMwYzMzM2ZjZTJlMzQ3NzZkZmEzZWF-OTljOTc5NDQ2OGY3Zjk3YmEzZGE2YzUxODZhMzQ4M2M=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2024-26740"],"cve":"CVE-2024-26740","id":"TRIVY-CVE-2024-26740","modified_at":1742227413000,"published_at":1712164551000,"summary":"kernel: + net/sched: act_mirred: use the backlog for mirred ingress","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"ip-10-151-58-63.us-west-2.compute.internal-raboot-c"},"detection_changed_at":1765838311928,"finding_id":"YTcxZGViZjIxNDMwYzMzM2ZjZTJlMzQ3NzZkZmEzZWF-OTljOTc5NDQ2OGY3Zjk3YmEzZGE2YzUxODZhMzQ4M2M=","finding_type":"host_and_container_vulnerability","first_seen_at":1765838305292,"host":{"name":"ip-10-151-58-63.us-west-2.compute.internal-raboot-c","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"raboot-c"},"last_seen_at":1765838311928,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-tools-common"],"name":"linux","normalized_name":"linux","version":"5.15.0-164.174"},"remediation":{"is_available":false},"resource_id":"99c9794468f7f97ba3da6c5186a3483c","resource_name":"ip-10-151-58-63.us-west-2.compute.internal-raboot-c","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00007,"epss_severity":"low"},"impact_cvss":"safer","value":false},"is_production":{"impact_cvss":"safer","value":false}},"severity":"low","severity_details":{"adjusted":{"score":2.7,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.5,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}},"status":"open","title":"kernel: + net/sched: act_mirred: use the backlog for mirred ingress","vulnerability":{"cwes":["CWE-667"],"hash":"7006ac6847128f6a8d00b409db2695db2509f2ffcac2f023ccd33af9fc50a060","stack":{"ecosystem":"deb"}},"workflow":{"mute":{"is_muted":false}}}},"tags":["exposure_time_days:0","kube_node_role:nodeless","kube_node:ip-10-151-58-63.us-west-2.compute.internal","package_name:linux","epss_raw_score:0.000070","fix_available:unavailable","env:staging","datacenter:prtest02.staging.dog","source:datadog","severity:low","hash:7006ac6847128f6a8d00b409db2695db2509f2ffcac2f023ccd33af9fc50a060","vulnerability_status:open","cluster_name:raboot-c","scored:false","kube_node_role:compute","asset_type:host","new:true","base_severity:medium","os_name:ubuntu","site:datadoghq.com","assignee:none","assignee_id:none","in_production:false","kube_cluster_name:raboot-c","vuln_id:7006ac6847128f6a8d00b409db2695db2509f2ffcac2f023ccd33af9fc50a060","is_kube_cluster_experimental:false","orch_cluster_id:76cfd63e-1d3b-4bf3-b0b0-93e1423ef6cc","node.datadoghq.com/flavor:standard","nodegroups.datadoghq.com/name:nodeless-amd64-d-c6a-2xlarge","adp_enabled:false","public_exploit_available:false","alias:cve-2024-26740","node.datadoghq.com/cgroup:v2","node.datadoghq.com/version:v6-260-2","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","base_score:5.5","score:2.7","dd_rule_type:not-empty","ecosystem:deb","os_version:22.04","ng_local_storage:false","close_count:0","cve:cve-2024-26740","cpu_arch:amd64","ng_cluster_autoscaler:true","package_version:5.15.0-164.174","last_detected_minutes:0","node.datadoghq.com/base-image:ubuntu_22_04","kube_node_role:nodeless-amd64-d-c6a-2xlarge","instance_type:c6a.2xlarge","event_type:new","asset_id:ip-10-151-58-63.us-west-2.compute.internal-raboot-c","type:component_with_known_vulnerability","eenv:staging","origin:agent","agent_release_candidate_cluster:false","env:staging"],"timestamp":1765838311928}},{"id":"MDdjY2IxZjk1MzQ2NDIzOWJjYWE1Yjk4NmU3MWNiZGF-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2025-38057"],"cve":"CVE-2025-38057","id":"TRIVY-CVE-2025-38057","modified_at":1765059350000,"published_at":1750241738000,"summary":"kernel: + espintcp: fix skb leaks","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"ip-10-12-87-102.us-west-2.compute.internal-grooky"},"detection_changed_at":1765838311625,"finding_id":"MDdjY2IxZjk1MzQ2NDIzOWJjYWE1Yjk4NmU3MWNiZGF-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=","finding_type":"host_and_container_vulnerability","first_seen_at":1765838306213,"host":{"name":"ip-10-12-87-102.us-west-2.compute.internal-grooky","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"grooky"},"last_seen_at":1765838311912,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-tools-6.8.0-1040-aws","linux-modules-6.8.0-1044-aws","linux-aws-6.8-headers-6.8.0-1040"],"name":"linux-aws-6.8","normalized_name":"linux-aws-6.8","version":"6.8.0-1040.42~22.04.1"},"remediation":{"is_available":false},"resource_id":"bbbd1d4b047c44f8f95e5bd24523f7a3","resource_name":"ip-10-12-87-102.us-west-2.compute.internal-grooky","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00015,"epss_severity":"low"},"impact_cvss":"safer","value":false},"is_production":{"impact_cvss":"safer","value":false}},"severity":"low","severity_details":{"adjusted":{"score":2.7,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.5,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}},"status":"open","title":"kernel: + espintcp: fix skb leaks","vulnerability":{"cwes":["CWE-401"],"hash":"2d7834d0e13e82fb456bdd55f899695eac53e854edd35696150e726551ccbd6a","stack":{"ecosystem":"deb"}},"workflow":{"mute":{"is_muted":false}}}},"tags":["cluster_name:grooky","exposure_time_days:0","kube_node_role:nodeless","event_type:none","fix_available:unavailable","env:staging","vuln_id:2d7834d0e13e82fb456bdd55f899695eac53e854edd35696150e726551ccbd6a","hash:2d7834d0e13e82fb456bdd55f899695eac53e854edd35696150e726551ccbd6a","package_name:linux-aws-6.8","nodegroups.datadoghq.com/name:nodeless-arm64-d-c6g-4xlarge","source:datadog","severity:low","vulnerability_status:open","kube_cluster_name:grooky","scored:false","kube_node_role:compute","asset_type:host","base_severity:medium","os_name:ubuntu","site:datadoghq.com","datacenter:prtest03.staging.dog","assignee:none","asset_id:ip-10-12-87-102.us-west-2.compute.internal-grooky","assignee_id:none","in_production:false","is_kube_cluster_experimental:false","node.datadoghq.com/flavor:standard","orch_cluster_id:093ee83e-2ab7-4c08-8f9e-b580f7bb8115","adp_enabled:false","running_kernel:false","public_exploit_available:false","node.datadoghq.com/cgroup:v2","node.datadoghq.com/version:v6-260-2","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","base_score:5.5","score:2.7","dd_rule_type:not-empty","ecosystem:deb","os_version:22.04","ng_local_storage:false","close_count:0","package_version:6.8.0-1040.42_22.04.1","ng_cluster_autoscaler:true","kube_node:ip-10-12-87-102.us-west-2.compute.internal","alias:cve-2025-38057","last_detected_minutes:0","node.datadoghq.com/base-image:ubuntu_22_04","instance_type:c6g.4xlarge","cve:cve-2025-38057","cpu_arch:arm64","kube_node_role:nodeless-arm64-d-c6g-4xlarge","epss_raw_score:0.00015","type:component_with_known_vulnerability","eenv:staging","origin:agent","agent_release_candidate_cluster:false","env:staging"],"timestamp":1765838311625}},{"id":"MGQwMzY2ODc3OTYzNDE2ZWE3YjVhMmFmOWQ3OWI5ZjV-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2025-40114"],"cve":"CVE-2025-40114","id":"TRIVY-CVE-2025-40114","modified_at":1759331744000,"published_at":1744960544000,"summary":"kernel: + iio: light: Add check for array bounds in veml6075_read_int_time_ms","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"ip-10-12-87-102.us-west-2.compute.internal-grooky"},"detection_changed_at":1765838311522,"finding_id":"MGQwMzY2ODc3OTYzNDE2ZWE3YjVhMmFmOWQ3OWI5ZjV-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=","finding_type":"host_and_container_vulnerability","first_seen_at":1765838306213,"host":{"name":"ip-10-12-87-102.us-west-2.compute.internal-grooky","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"grooky"},"last_seen_at":1765838311522,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-tools-6.8.0-1040-aws","linux-aws-6.8-tools-6.8.0-1040","linux-modules-6.8.0-1040-aws"],"name":"linux-aws-6.8","normalized_name":"linux-aws-6.8","version":"6.8.0-1040.42~22.04.1"},"remediation":{"is_available":true,"package":{"base":[{"name":"linux-aws-6.8","version":"6.8.0-1041.43~22.04.1"}]},"recommended":{"name":"linux-aws-6.8","version":"6.8.0-1041.43~22.04.1"}},"resource_id":"bbbd1d4b047c44f8f95e5bd24523f7a3","resource_name":"ip-10-12-87-102.us-west-2.compute.internal-grooky","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00018,"epss_severity":"low"},"impact_cvss":"safer","value":false},"is_production":{"impact_cvss":"safer","value":false}},"severity":"medium","severity_details":{"adjusted":{"score":4.7,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":7.8,"value":"high","value_id":3,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}},"status":"open","title":"kernel: + iio: light: Add check for array bounds in veml6075_read_int_time_ms","vulnerability":{"cwes":["CWE-129"],"hash":"a62facb5685f29ada4e069863e0edc360411f4283477fa21fa3c7fec6b39e603","stack":{"ecosystem":"deb"}},"workflow":{"mute":{"is_muted":false}}}},"tags":["cluster_name:grooky","exposure_time_days:0","kube_node_role:nodeless","event_type:none","env:staging","package_name:linux-aws-6.8","nodegroups.datadoghq.com/name:nodeless-arm64-d-c6g-4xlarge","source:datadog","vulnerability_status:open","fix_available:available","kube_cluster_name:grooky","vuln_id:a62facb5685f29ada4e069863e0edc360411f4283477fa21fa3c7fec6b39e603","scored:false","kube_node_role:compute","hash:a62facb5685f29ada4e069863e0edc360411f4283477fa21fa3c7fec6b39e603","asset_type:host","os_name:ubuntu","site:datadoghq.com","datacenter:prtest03.staging.dog","assignee:none","asset_id:ip-10-12-87-102.us-west-2.compute.internal-grooky","assignee_id:none","cve:cve-2025-40114","in_production:false","alias:cve-2025-40114","is_kube_cluster_experimental:false","node.datadoghq.com/flavor:standard","orch_cluster_id:093ee83e-2ab7-4c08-8f9e-b580f7bb8115","adp_enabled:false","running_kernel:false","public_exploit_available:false","node.datadoghq.com/cgroup:v2","node.datadoghq.com/version:v6-260-2","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","base_score:7.8","score:4.7","severity:medium","dd_rule_type:not-empty","ecosystem:deb","os_version:22.04","ng_local_storage:false","close_count:0","package_version:6.8.0-1040.42_22.04.1","ng_cluster_autoscaler:true","kube_node:ip-10-12-87-102.us-west-2.compute.internal","last_detected_minutes:0","base_severity:high","node.datadoghq.com/base-image:ubuntu_22_04","instance_type:c6g.4xlarge","cpu_arch:arm64","kube_node_role:nodeless-arm64-d-c6g-4xlarge","type:component_with_known_vulnerability","epss_raw_score:0.00018","eenv:staging","origin:agent","agent_release_candidate_cluster:false","env:staging"],"timestamp":1765838311522}},{"id":"ZmM0NTk0NmQzNzIwNTk0ZTQ0ODM5OWM1MDI5ODBhNDZ-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["BIT-golang-2025-47912","CVE-2025-47912"],"cve":"CVE-2025-47912","id":"GO-2025-4010","modified_at":1762437598375,"published_at":1761774598000,"summary":"Insufficient + validation of bracketed IPv6 hostnames in net/url","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"ip-10-12-87-102.us-west-2.compute.internal-grooky"},"detection_changed_at":1765838311417,"finding_id":"ZmM0NTk0NmQzNzIwNTk0ZTQ0ODM5OWM1MDI5ODBhNDZ-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=","finding_type":"host_and_container_vulnerability","first_seen_at":1765838306213,"host":{"name":"ip-10-12-87-102.us-west-2.compute.internal-grooky","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"grooky"},"last_seen_at":1765838311417,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["stdlib"],"name":"stdlib","normalized_name":"stdlib","version":"v1.22.10"},"remediation":{"is_available":true,"package":{"base":[{"name":"stdlib","version":"1.25.2"}]},"recommended":{"name":"stdlib","version":"1.25.2"}},"resource_id":"bbbd1d4b047c44f8f95e5bd24523f7a3","resource_name":"ip-10-12-87-102.us-west-2.compute.internal-grooky","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00025,"epss_severity":"low"},"impact_cvss":"safer","value":false},"is_production":{"impact_cvss":"safer","value":false}},"severity":"low","severity_details":{"adjusted":{"score":2.8,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.3,"value":"medium","value_id":2,"vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}},"status":"open","title":"Insufficient + validation of bracketed IPv6 hostnames in net/url","vulnerability":{"hash":"1505a97f3a8bd19c9a5d29f14c9d60749f479ac2de30a8a8b95fbfb5e4b7db53","stack":{"ecosystem":"go","language":"go"}},"workflow":{"mute":{"is_muted":false}}}},"tags":["cluster_name:grooky","exposure_time_days:0","kube_node_role:nodeless","ecosystem:go","env:staging","cve:cve-2025-47912","nodegroups.datadoghq.com/name:nodeless-arm64-d-c6g-4xlarge","epss_raw_score:0.00025","alias:cve-2025-47912","source:datadog","severity:low","vulnerability_status:open","fix_available:available","kube_cluster_name:grooky","scored:false","kube_node_role:compute","asset_type:host","new:true","base_severity:medium","os_name:ubuntu","site:datadoghq.com","datacenter:prtest03.staging.dog","assignee:none","asset_id:ip-10-12-87-102.us-west-2.compute.internal-grooky","assignee_id:none","in_production:false","is_kube_cluster_experimental:false","node.datadoghq.com/flavor:standard","orch_cluster_id:093ee83e-2ab7-4c08-8f9e-b580f7bb8115","alias:bit-golang-2025-47912","adp_enabled:false","public_exploit_available:false","node.datadoghq.com/cgroup:v2","node.datadoghq.com/version:v6-260-2","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","base_score:5.3","score:2.8","dd_rule_type:not-empty","os_version:22.04","ng_local_storage:false","close_count:0","package_version:v1.22.10","package_name:stdlib","ng_cluster_autoscaler:true","kube_node:ip-10-12-87-102.us-west-2.compute.internal","hash:1505a97f3a8bd19c9a5d29f14c9d60749f479ac2de30a8a8b95fbfb5e4b7db53","last_detected_minutes:0","node.datadoghq.com/base-image:ubuntu_22_04","event_type:new","instance_type:c6g.4xlarge","vuln_id:1505a97f3a8bd19c9a5d29f14c9d60749f479ac2de30a8a8b95fbfb5e4b7db53","cpu_arch:arm64","kube_node_role:nodeless-arm64-d-c6g-4xlarge","type:component_with_known_vulnerability","eenv:staging","origin:agent","agent_release_candidate_cluster:false","env:staging"],"timestamp":1765838311417}}],"meta":{"elapsed":1248,"page":{"after":"eyJhZnRlciI6IkF3QUFBWnNrS2tfNUZKWWZDd0FBQUJoQlduTnJTMnRmTlVGQlFqWkNNM3BmZVhadWJXNXhVMElBQUFBa1pqRTVZakkwTW1FdE5USmlaQzAwTldVd0xUZzRNREF0WW1ZeVlXSmlOR1k0TldRM0FBQUFMZyIsInZhbHVlcyI6WzE3NjU4MzgzMTE0MTcsIjIwMjUtMTItMTVUMjI6Mzg6MzEuNDE3WiIsMzQ1MzgyNjY3XX0="},"request_id":"pddv1ChZubmNwVFVjWVJRLW9xSWIybklHWXJ3Ii0KHaszALDHDfJD6z3rlnQLgHugKbU0hTnqHR56Yrc4Egx3bkYPy7veSr6fRk0","status":"done"},"links":{"next":"/api/v2/security/findings?page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrS2tfNUZKWWZDd0FBQUJoQlduTnJTMnRmTlVGQlFqWkNNM3BmZVhadWJXNXhVMElBQUFBa1pqRTVZakkwTW1FdE5USmlaQzAwTldVd0xUZzRNREF0WW1ZeVlXSmlOR1k0TldRM0FBQUFMZyIsInZhbHVlcyI6WzE3NjU4MzgzMTE0MTcsIjIwMjUtMTItMTVUMjI6Mzg6MzEuNDE3WiIsMzQ1MzgyNjY3XX0%3D\u0026page%5Blimit%5D=5\u0026sort=-%40detection_changed_at"}}' + headers: + content-type: + - application/vnd.api+json + status: + code: 200 + message: OK +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_search_security_findings_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_search_security_findings_returns_bad_request_response.frozen new file mode 100644 index 0000000000..88d23fa2be --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_search_security_findings_returns_bad_request_response.frozen @@ -0,0 +1 @@ +2025-12-17T16:27:52.376Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_search_security_findings_returns_bad_request_response.yaml b/tests/v2/cassettes/test_scenarios/test_search_security_findings_returns_bad_request_response.yaml new file mode 100644 index 0000000000..779d730a1f --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_search_security_findings_returns_bad_request_response.yaml @@ -0,0 +1,22 @@ +interactions: +- request: + body: '{"page":{"cursor":"invalid_cursor"}}' + headers: + accept: + - application/json + content-type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security/findings/search + response: + body: + string: '{"errors":[{"status":"400","title":"Bad Request","detail":"document + is missing required top-level members; must have one of: \"data\", \"meta\", + \"errors\""}]}' + headers: + content-type: + - application/vnd.api+json + status: + code: 400 + message: Bad Request +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_search_security_findings_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_search_security_findings_returns_ok_response.frozen new file mode 100644 index 0000000000..8305206aaf --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_search_security_findings_returns_ok_response.frozen @@ -0,0 +1 @@ +2025-12-15T22:43:55.549Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_search_security_findings_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_search_security_findings_returns_ok_response.yaml new file mode 100644 index 0000000000..a75ca88b93 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_search_security_findings_returns_ok_response.yaml @@ -0,0 +1,40 @@ +interactions: +- request: + body: '{"data":{"attributes":{"filter":"@severity:(critical OR high)"}}}' + headers: + accept: + - application/json + content-type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security/findings/search + response: + body: + string: '{"data":[{"id":"Y2RiNWYyMmQ2Nzg2ZTBkYjA1ZTc5NDM3MDU5NGJhNTh-MWIxYTc2ZDZkNDZlYmE0YjFlY2RkMDY0NjRlYjIwZTk=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2024-45337","GO-2024-3321"],"cve":"CVE-2024-45337","id":"GHSA-v778-237x-gjrc","modified_at":1738337443000,"published_at":1733954584000,"summary":"Misuse + of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"990060747993","cloud_provider":"aws","display_name":"ip-10-151-60-149.us-west-2.compute.internal-raboot-c","region":"us-west-2"},"detection_changed_at":1765838619159,"finding_id":"Y2RiNWYyMmQ2Nzg2ZTBkYjA1ZTc5NDM3MDU5NGJhNTh-MWIxYTc2ZDZkNDZlYmE0YjFlY2RkMDY0NjRlYjIwZTk=","finding_type":"host_and_container_vulnerability","first_seen_at":1765838614786,"host":{"cloud_provider":"aws","image":"ami-0e7b60ad05b2da7ed","name":"ip-10-151-60-149.us-west-2.compute.internal-raboot-c","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"raboot-c"},"last_seen_at":1765838619159,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["golang.org/x/crypto"],"name":"golang.org/x/crypto","normalized_name":"golang.org/x/crypto","version":"v0.18.0"},"remediation":{"is_available":true,"package":{"base":[{"name":"golang.org/x/crypto","version":"0.31.0"}]},"recommended":{"name":"golang.org/x/crypto","version":"0.31.0"}},"resource_id":"1b1a76d6d46eba4b1ecdd06464eb20e9","resource_name":"ip-10-151-60-149.us-west-2.compute.internal-raboot-c","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/NHAS/CVE-2024-45337-POC","https://github.com/NHAS/VULNERABLE-CVE-2024-45337","https://github.com/peace-maker/CVE-2024-45337"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.42906,"epss_severity":"medium"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false}},"severity":"high","severity_details":{"adjusted":{"score":7,"value":"high","value_id":3,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":9.1,"value":"critical","value_id":4,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}},"status":"open","title":"Misuse + of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto","vulnerability":{"cwes":["CWE-285"],"hash":"2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31","stack":{"ecosystem":"go","language":"go"}},"workflow":{"mute":{"is_muted":false}}}},"tags":["kernel:none","kube_node_role:nodeless","aws:ec2launchtemplate:id:lt-0105c69a444a8e9fb","ecosystem:go","dd_compute_k8s_platform_version:v6-260-2","k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-200m-v2","aws_account:990060747993","fix_version:v0.46.0","instance-type:c6a.2xlarge","k8s.io/cluster-autoscaler/node-template/resources/memory:13480074445","kubernetes_cluster:raboot-c","source:datadog","k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule","vulnerability_status:open","fix_available:available","cluster_name:raboot-c","iam_profile:k8s/prtest02-staging-dog-raboot-c-kube-node_v2","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s","asset_type:host","new:true","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true","site:datadoghq.com","kubernetes.io/cluster/raboot-c:owned","assignee:none","alias:go-2024-3321","assignee_id:none","in_production:false","cve:cve-2024-45337","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-c6a-2xlarge","availability-zone:us-west-2c","is_kube_cluster_experimental:false","node.datadoghq.com/flavor:standard","adp_enabled:false","autoscaling_group:prtest02-staging-dog-raboot-c-k8s-ng-asg-faab57746e6215c5","base_score:9.1","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-c6a-2xlarge","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard","team:compute-cloud-accounts","public_exploit_available:true","image:ami-0e7b60ad05b2da7ed","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless","ng_local_storage:false","close_count:0","k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c","ng_cluster_autoscaler:true","asset_id:ip-10-151-60-149.us-west-2.compute.internal-raboot-c","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system","k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","instance_type:c6a.2xlarge","k8s.io/cluster-autoscaler/node-template/label/class:nodeless","security-group:sg-0975ebcfe01315df0","eenv:staging","agent_release_candidate_cluster:false","epss_raw_score:0.42906","nodegroup:kube-system_nodeless-amd64-d-c6a-2xlarge","exposure_time_days:0","score:7.0","role:kube-node","env:staging","datacenter:prtest02.staging.dog","package_version:v0.18.0","base_severity:critical","account:staging-prtest02-ember-c","security-group:sg-08568810eba5fc2d8","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","aws:ec2:fleet-id:fleet-0c1e1c15-ce07-ce8f-0eb2-2982e1977208","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:372mi","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95","scored:false","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64","severity:high","kube_node_role:compute","k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-200m-v2","nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64","os_name:ubuntu","alias:cve-2024-45337","k8s.io/cluster-autoscaler/node-template/resources/pods:45","region:us-west-2","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:53034256170","nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller","kube_cluster_name:raboot-c","orch_cluster_id:76cfd63e-1d3b-4bf3-b0b0-93e1423ef6cc","name:kube-system_nodeless-amd64-d-c6a-2xlarge","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false","nodegroups.datadoghq.com/name:nodeless-amd64-d-c6a-2xlarge","node.datadoghq.com/cgroup:v2","node.datadoghq.com/version:v6-260-2","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","vuln_id:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31","hash:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31","dd_rule_type:not-empty","os_version:22.04","cpu_arch:amd64","last_detected_minutes:0","node.datadoghq.com/base-image:ubuntu_22_04","kube_node:ip-10-151-60-149.us-west-2.compute.internal","kube_node_role:nodeless-amd64-d-c6a-2xlarge","package_name:golang.org/x/crypto","auto-discovery.cluster-autoscaler.k8s.io/raboot-c","event_type:new","type:component_with_known_vulnerability","origin:agent","env:staging"],"timestamp":1765838619159}},{"id":"YTA2ODU1YjVjYWZlZWY5Y2MyMzczMTY4MDdhYjRlMWJ-ZWExMDk2NDQ2ZjM3Mjg2MzZkMzA3ZWQ5M2ZiNDdlZjM=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CGA-rqqc-qwmr-qw72","CGA-vmcg-54pm-cp7r","CVE-2024-27304","GHSA-7jwh-3vrq-q3m8","GO-2024-2606"],"cve":"CVE-2024-27304","id":"GHSA-mrww-27vc-gghv","modified_at":1734042636000,"published_at":1709585004000,"summary":"pgx + SQL Injection via Protocol Message Size Overflow","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"727006795293","cloud_provider":"aws","display_name":"i-048e423259eb6256a","region":"us-east-1"},"detection_changed_at":1765838618317,"finding_id":"YTA2ODU1YjVjYWZlZWY5Y2MyMzczMTY4MDdhYjRlMWJ-ZWExMDk2NDQ2ZjM3Mjg2MzZkMzA3ZWQ5M2ZiNDdlZjM=","finding_type":"host_and_container_vulnerability","first_seen_at":1765826319813,"host":{"cloud_provider":"aws","image":"ami-0d63de838a36a5577","name":"i-048e423259eb6256a","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"stripe"},"last_seen_at":1765838618317,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["github.com/jackc/pgx/v4"],"name":"github.com/jackc/pgx/v4","normalized_name":"github.com/jackc/pgx/v4","version":"v4.18.1"},"related_services":["exposed_to_attacks:false"],"remediation":{"is_available":true,"package":{"base":[{"name":"github.com/jackc/pgx/v4","version":"4.18.2"}]},"recommended":{"name":"github.com/jackc/pgx/v4","version":"4.18.2"}},"resource_id":"ea1096446f3728636d307ed93fb47ef3","resource_name":"i-048e423259eb6256a","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/roaris/CVE-2024-27304-PoC"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.01391,"epss_severity":"low"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"high","severity_details":{"adjusted":{"score":7.3,"value":"high","value_id":3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L/MAV:A"},"base":{"score":9.3,"value":"critical","value_id":4,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"}},"status":"auto_closed","title":"pgx + SQL Injection via Protocol Message Size Overflow","vulnerability":{"cwes":["CWE-89","CWE-190"],"hash":"82a26ba1ef91184df0a023d923e2542542cfd589155f06f5b4a08dae468d4b2e","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838618317,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1b","kube_node_role:nodeless","ecosystem:go","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge","event_type:close","availability-zone:us-east-1b","package_version:v4.18.1","source:datadog","kube_node_role:nodeless-amd64-d-m6a-4xlarge","k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule","site:datad0g.com","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:106068512341","fix_available:available","fix_version:v4.18.3","k8s.io/cluster-autoscaler/node-template/resources/cpu:15900m","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s","asset_type:host","aws:ec2launchtemplate:id:lt-0ab29ef7bcf9901c8","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true","assignee:none","assignee_id:none","in_production:false","aws_account:727006795293","is_kube_cluster_experimental:false","node.datadoghq.com/flavor:standard","adp_enabled:false","instance_type:m6a.4xlarge","nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge","base_score:9.3","auto-discovery.cluster-autoscaler.k8s.io/stripe","alias:cga-vmcg-54pm-cp7r","kubernetes.io/cluster/stripe:owned","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard","nodegroup:kube-system_nodeless-amd64-d-m6a-4xlarge","public_exploit_available:true","region:us-east-1","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless","ng_local_storage:false","close_count:0","ng_cluster_autoscaler:true","service_exposed_to_attacks:false","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system","k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","alias:cve-2024-27304","k8s.io/cluster-autoscaler/node-template/label/class:nodeless","asset_id:i-048e423259eb6256a","cve:cve-2024-27304","account:staging","name:kube-system_nodeless-amd64-d-m6a-4xlarge","image:ami-0d63de838a36a5577","vuln_id:82a26ba1ef91184df0a023d923e2542542cfd589155f06f5b4a08dae468d4b2e","eenv:staging","agent_release_candidate_cluster:false","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-m6a-4xlarge","node.datadoghq.com/version:v6-269-0","kube_cluster_name:stripe","exposure_time_days:0","aws:ec2:fleet-id:fleet-c5172d35-9624-6c05-2c30-812acd886a16","cluster_name:stripe","score:7.3","role:kube-node","env:staging","base_severity:critical","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","security-group:sg-faa8cdb1","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95","hash:82a26ba1ef91184df0a023d923e2542542cfd589155f06f5b4a08dae468d4b2e","scored:false","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64","alias:go-2024-2606","severity:high","kube_node_role:compute","nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64","kube_node:ip-10-131-1-21.ec2.internal","os_name:ubuntu","alias:ghsa-7jwh-3vrq-q3m8","nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:745mi","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false","security-group:sg-0a3744a5f247135d1","k8s.io/cluster-autoscaler/node-template/resources/memory:59987440026","node.datadoghq.com/cgroup:v2","instance-type:m6a.4xlarge","nodegroups.datadoghq.com/namespace:kube-system","dd_compute_k8s_platform_version:v6-269-0","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-300m-v1","autoscaling_group:us1-staging-dog-stripe-k8s-ng-asg-8a5078b204fcfc2d","dd_rule_type:not-empty","os_version:22.04","orch_cluster_id:4c9f3702-c3bd-4d69-871b-cfa039a397df","vulnerability_status:auto-closed","cpu_arch:amd64","k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-300m-v1","last_detected_minutes:0","epss_raw_score:0.01391","node.datadoghq.com/base-image:ubuntu_22_04","datacenter:us1.staging.dog","previous_status:open","iam_profile:k8s/us1-staging-dog-stripe-kube-node_v2","k8s.io/cluster-autoscaler/node-template/resources/pods:160","alias:cga-rqqc-qwmr-qw72","package_name:github.com/jackc/pgx/v4","kubernetes_cluster:stripe","type:component_with_known_vulnerability","origin:agent","env:staging"],"timestamp":1765838618317}},{"id":"NjUxZDEyZGRmOTI0ZmI1NTg1YzJkOTI5NzQ1ZjQ0MzJ-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2024-10220","GO-2024-3286"],"cve":"CVE-2024-10220","id":"GHSA-27wf-5967-98gx","modified_at":1734126344000,"published_at":1732311135000,"summary":" + Kubernetes kubelet arbitrary command execution","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"i-0287cce0c5ced7759"},"detection_changed_at":1765838618125,"finding_id":"NjUxZDEyZGRmOTI0ZmI1NTg1YzJkOTI5NzQ1ZjQ0MzJ-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=","finding_type":"host_and_container_vulnerability","first_seen_at":1765837776218,"host":{"name":"i-0287cce0c5ced7759","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"stripe"},"last_seen_at":1765838618125,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["k8s.io/kubernetes"],"name":"k8s.io/kubernetes","normalized_name":"k8s.io/kubernetes","version":"v1.30.0"},"remediation":{"is_available":true,"package":{"base":[{"name":"k8s.io/kubernetes","version":"1.30.3"}]},"recommended":{"name":"k8s.io/kubernetes","version":"1.30.3"}},"resource_id":"6c7a1c87e14ed31c51524564bccc6627","resource_name":"i-0287cce0c5ced7759","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/filipzag/CVE-2024-10220","https://github.com/any2sec/cve-2024-10220","https://github.com/XiaomingX/cve-2024-10220-githooks","https://github.com/mrk336/CVE-2024-10220-Kubernetes-gitRepo-Volume-Vulnerability","https://github.com/candranapits/poc-CVE-2024-10220","https://github.com/orgC/CVE-2024-10220-demo","https://github.com/mochizuki875/CVE-2024-10220-githooks"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.22805,"epss_severity":"low"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false}},"severity":"high","severity_details":{"adjusted":{"score":7.1,"value":"high","value_id":3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L"},"base":{"score":8.6,"value":"high","value_id":3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"}},"status":"auto_closed","title":" + Kubernetes kubelet arbitrary command execution","vulnerability":{"cwes":["CWE-22"],"hash":"ad302a93e517fd0a5e85db047457aa1de46605d3ccd9cee8a922ffc0986903fd","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838618125,"mute":{"is_muted":false}}}},"tags":["fix_version:v1.32.8","kube_cluster_name:stripe","base_score:8.6","exposure_time_days:0","ecosystem:go","score:7.1","cluster_name:stripe","cve:cve-2024-10220","event_type:close","nodegroups.datadoghq.com/name:flink-metering-jose-jobmanager","env:staging","source:datadog","vuln_id:ad302a93e517fd0a5e85db047457aa1de46605d3ccd9cee8a922ffc0986903fd","site:datad0g.com","package_version:v1.30.0","fix_available:available","scored:false","kube_node_role:compute","severity:high","asset_type:host","os_name:ubuntu","instance_type:m5.2xlarge","assignee:none","alias:go-2024-3286","assignee_id:none","in_production:false","kube_node_role:flink-metering-jose-jobmanager","epss_raw_score:0.22805","alias:cve-2024-10220","is_kube_cluster_experimental:false","hash:ad302a93e517fd0a5e85db047457aa1de46605d3ccd9cee8a922ffc0986903fd","adp_enabled:false","node.datadoghq.com/cgroup:v2","tool:infra","kube_node:ip-10-131-0-241.ec2.internal","public_exploit_available:true","dd_rule_type:not-empty","os_version:22.04","ng_local_storage:false","close_count:0","asset_id:i-0287cce0c5ced7759","orch_cluster_id:4c9f3702-c3bd-4d69-871b-cfa039a397df","vulnerability_status:auto-closed","cpu_arch:amd64","ng_cluster_autoscaler:true","last_detected_minutes:0","base_severity:high","node.datadoghq.com/base-image:ubuntu_22_04","node.datadoghq.com/version:v6-271-0","datacenter:us1.staging.dog","previous_status:open","nodegroups.datadoghq.com/namespace:metering","package_name:k8s.io/kubernetes","type:component_with_known_vulnerability","eenv:staging","origin:agent","agent_release_candidate_cluster:false","env:staging"],"timestamp":1765838618125}},{"id":"NjI4MzY3YWUxYzhjZDU0OTNlZGY2NDc5Y2Q2ZTNmOWF-ZGFmYjNkMmQ4ZjYzODRhYzM4NmFhNGZhNmNmNmM0ZDk=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CGA-rqqc-qwmr-qw72","CGA-vmcg-54pm-cp7r","CVE-2024-27304","GHSA-7jwh-3vrq-q3m8","GO-2024-2606"],"cve":"CVE-2024-27304","id":"GHSA-mrww-27vc-gghv","modified_at":1734042636000,"published_at":1709585004000,"summary":"pgx + SQL Injection via Protocol Message Size Overflow","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"727006795293","cloud_provider":"aws","display_name":"i-0f1ef8599b4b41431","region":"us-east-1"},"detection_changed_at":1765838618006,"finding_id":"NjI4MzY3YWUxYzhjZDU0OTNlZGY2NDc5Y2Q2ZTNmOWF-ZGFmYjNkMmQ4ZjYzODRhYzM4NmFhNGZhNmNmNmM0ZDk=","finding_type":"host_and_container_vulnerability","first_seen_at":1765833769555,"host":{"cloud_provider":"aws","image":"ami-0d63de838a36a5577","name":"i-0f1ef8599b4b41431","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"oddish-b"},"last_seen_at":1765838618006,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["github.com/jackc/pgx"],"name":"github.com/jackc/pgx","normalized_name":"github.com/jackc/pgx","version":"v3.3.0+incompatible"},"remediation":{"is_available":true,"package":{"base":[{"name":"github.com/jackc/pgx","version":"4.18.2"}]},"recommended":{"name":"github.com/jackc/pgx","version":"4.18.2"}},"resource_id":"dafb3d2d8f6384ac386aa4fa6cf6c4d9","resource_name":"i-0f1ef8599b4b41431","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/roaris/CVE-2024-27304-PoC"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.01391,"epss_severity":"low"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false}},"severity":"high","severity_details":{"adjusted":{"score":8.9,"value":"high","value_id":3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L"},"base":{"score":9.3,"value":"critical","value_id":4,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"}},"status":"auto_closed","title":"pgx + SQL Injection via Protocol Message Size Overflow","vulnerability":{"cwes":["CWE-89","CWE-190"],"hash":"7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838618006,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1b","hash:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae","kube_node_role:nodeless","ecosystem:go","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge","event_type:close","availability-zone:us-east-1b","vuln_id:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae","k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-200m-v2","asset_id:i-0f1ef8599b4b41431","source:datadog","kube_node_role:nodeless-amd64-d-m6a-4xlarge","k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule","site:datad0g.com","aws:ec2launchtemplate:id:lt-0aa5742eec024a5e8","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:106068512341","fix_available:available","k8s.io/cluster-autoscaler/node-template/resources/cpu:15900m","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s","asset_type:host","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true","assignee:none","assignee_id:none","in_production:false","aws_account:727006795293","is_kube_cluster_experimental:false","node.datadoghq.com/flavor:standard","adp_enabled:false","package_version:v3.3.0_incompatible","instance_type:m6a.4xlarge","nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge","base_score:9.3","kube_cluster_name:oddish-b","iam_profile:k8s/us1-staging-dog-oddish-b-kube-node_v2","alias:cga-vmcg-54pm-cp7r","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard","nodegroup:kube-system_nodeless-amd64-d-m6a-4xlarge","public_exploit_available:true","autoscaling_group:us1-staging-dog-oddish-b-k8s-ng-asg-376ded054ca1c4df","kubernetes.io/cluster/oddish-b:owned","region:us-east-1","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless","ng_local_storage:false","close_count:0","ng_cluster_autoscaler:true","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system","k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","alias:cve-2024-27304","k8s.io/cluster-autoscaler/node-template/label/class:nodeless","cve:cve-2024-27304","account:staging","name:kube-system_nodeless-amd64-d-m6a-4xlarge","image:ami-0d63de838a36a5577","eenv:staging","agent_release_candidate_cluster:false","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-m6a-4xlarge","node.datadoghq.com/version:v6-269-0","exposure_time_days:0","cluster_name:oddish-b","security-group:sg-0b9e1c6b4773288df","orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54","role:kube-node","package_name:github.com/jackc/pgx","env:staging","base_severity:critical","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","security-group:sg-faa8cdb1","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95","scored:false","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64","alias:go-2024-2606","severity:high","kube_node_role:compute","k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-200m-v2","nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64","os_name:ubuntu","alias:ghsa-7jwh-3vrq-q3m8","aws:ec2:fleet-id:fleet-7bbf19a6-a3a4-ee94-0c38-a582da17231b","nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:745mi","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false","k8s.io/cluster-autoscaler/node-template/resources/memory:59987440026","node.datadoghq.com/cgroup:v2","instance-type:m6a.4xlarge","score:8.9","nodegroups.datadoghq.com/namespace:kube-system","dd_compute_k8s_platform_version:v6-269-0","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","dd_rule_type:not-empty","os_version:22.04","vulnerability_status:auto-closed","cpu_arch:amd64","last_detected_minutes:0","epss_raw_score:0.01391","node.datadoghq.com/base-image:ubuntu_22_04","kube_node:ip-10-128-39-138.ec2.internal","datacenter:us1.staging.dog","previous_status:open","k8s.io/cluster-autoscaler/node-template/resources/pods:160","alias:cga-rqqc-qwmr-qw72","kubernetes_cluster:oddish-b","type:component_with_known_vulnerability","origin:agent","auto-discovery.cluster-autoscaler.k8s.io/oddish-b","env:staging"],"timestamp":1765838618006}},{"id":"YzE5MmY0MWI2OTdkN2Y5NTZiNmNiODI1ZTdiNDhlZTh-YzZlMmY1ZGIwOTU0ODIzM2MwZDFmNTdjZmZjMTdjMzQ=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2024-45337","GO-2024-3321"],"cve":"CVE-2024-45337","id":"GHSA-v778-237x-gjrc","modified_at":1738337443000,"published_at":1733954584000,"summary":"Misuse + of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"i-068207de5f413c29f"},"detection_changed_at":1765838617916,"finding_id":"YzE5MmY0MWI2OTdkN2Y5NTZiNmNiODI1ZTdiNDhlZTh-YzZlMmY1ZGIwOTU0ODIzM2MwZDFmNTdjZmZjMTdjMzQ=","finding_type":"host_and_container_vulnerability","first_seen_at":1765837162559,"host":{"name":"i-068207de5f413c29f","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"oddish-b"},"last_seen_at":1765838617916,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["golang.org/x/crypto"],"name":"golang.org/x/crypto","normalized_name":"golang.org/x/crypto","version":"v0.18.0"},"remediation":{"is_available":true,"package":{"base":[{"name":"golang.org/x/crypto","version":"0.31.0"}]},"recommended":{"name":"golang.org/x/crypto","version":"0.31.0"}},"resource_id":"c6e2f5db09548233c0d1f57cffc17c34","resource_name":"i-068207de5f413c29f","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/NHAS/CVE-2024-45337-POC","https://github.com/NHAS/VULNERABLE-CVE-2024-45337","https://github.com/peace-maker/CVE-2024-45337"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.42906,"epss_severity":"medium"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false}},"severity":"high","severity_details":{"adjusted":{"score":7,"value":"high","value_id":3,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":9.1,"value":"critical","value_id":4,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}},"status":"auto_closed","title":"Misuse + of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto","vulnerability":{"cwes":["CWE-285"],"hash":"2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838617916,"mute":{"is_muted":false}}}},"tags":["epss_raw_score:0.42906","exposure_time_days:0","kube_node_role:nodeless","cluster_name:oddish-b","score:7.0","ecosystem:go","event_type:close","orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54","env:staging","fix_version:v0.46.0","package_version:v0.18.0","base_severity:critical","source:datadog","site:datad0g.com","fix_available:available","scored:false","kube_node_role:compute","severity:high","asset_type:host","os_name:ubuntu","asset_id:i-068207de5f413c29f","alias:cve-2024-45337","assignee:none","alias:go-2024-3321","assignee_id:none","cve:cve-2024-45337","in_production:false","node.datadoghq.com/flavor:nodeless-fastephemeral","kube_node:ip-10-128-37-184.ec2.internal","is_kube_cluster_experimental:false","adp_enabled:false","node.datadoghq.com/cgroup:v2","nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","kube_cluster_name:oddish-b","instance_type:m6gd.8xlarge","base_score:9.1","vuln_id:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31","hash:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31","kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge","public_exploit_available:true","dd_rule_type:not-empty","os_version:22.04","ng_local_storage:false","close_count:0","vulnerability_status:auto-closed","ng_cluster_autoscaler:true","last_detected_minutes:0","node.datadoghq.com/base-image:ubuntu_22_04","node.datadoghq.com/version:v6-271-0","datacenter:us1.staging.dog","package_name:golang.org/x/crypto","previous_status:open","cpu_arch:arm64","type:component_with_known_vulnerability","eenv:staging","origin:agent","agent_release_candidate_cluster:false","env:staging"],"timestamp":1765838617916}},{"id":"NjlhMzIwMDBjNmVlZDNmZGFjMTUwODFmNzc3ZjA0OTl-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CGA-rqqc-qwmr-qw72","CGA-vmcg-54pm-cp7r","CVE-2024-27304","GHSA-7jwh-3vrq-q3m8","GO-2024-2606"],"cve":"CVE-2024-27304","id":"GHSA-mrww-27vc-gghv","modified_at":1734042636000,"published_at":1709585004000,"summary":"pgx + SQL Injection via Protocol Message Size Overflow","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"i-0287cce0c5ced7759"},"detection_changed_at":1765838617865,"finding_id":"NjlhMzIwMDBjNmVlZDNmZGFjMTUwODFmNzc3ZjA0OTl-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=","finding_type":"host_and_container_vulnerability","first_seen_at":1765837776218,"host":{"name":"i-0287cce0c5ced7759","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"stripe"},"last_seen_at":1765838617865,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["github.com/jackc/pgx"],"name":"github.com/jackc/pgx","normalized_name":"github.com/jackc/pgx","version":"v3.3.0+incompatible"},"remediation":{"is_available":true,"package":{"base":[{"name":"github.com/jackc/pgx","version":"4.18.2"}]},"recommended":{"name":"github.com/jackc/pgx","version":"4.18.2"}},"resource_id":"6c7a1c87e14ed31c51524564bccc6627","resource_name":"i-0287cce0c5ced7759","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/roaris/CVE-2024-27304-PoC"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.01391,"epss_severity":"low"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false}},"severity":"high","severity_details":{"adjusted":{"score":8.9,"value":"high","value_id":3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L"},"base":{"score":9.3,"value":"critical","value_id":4,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"}},"status":"auto_closed","title":"pgx + SQL Injection via Protocol Message Size Overflow","vulnerability":{"cwes":["CWE-89","CWE-190"],"hash":"7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838617865,"mute":{"is_muted":false}}}},"tags":["kube_cluster_name:stripe","hash:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae","exposure_time_days:0","ecosystem:go","cluster_name:stripe","event_type:close","nodegroups.datadoghq.com/name:flink-metering-jose-jobmanager","vuln_id:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae","package_name:github.com/jackc/pgx","env:staging","base_severity:critical","source:datadog","site:datad0g.com","fix_available:available","scored:false","alias:go-2024-2606","kube_node_role:compute","severity:high","asset_type:host","os_name:ubuntu","instance_type:m5.2xlarge","assignee:none","alias:ghsa-7jwh-3vrq-q3m8","assignee_id:none","in_production:false","kube_node_role:flink-metering-jose-jobmanager","is_kube_cluster_experimental:false","adp_enabled:false","node.datadoghq.com/cgroup:v2","package_version:v3.3.0_incompatible","score:8.9","tool:infra","base_score:9.3","kube_node:ip-10-131-0-241.ec2.internal","alias:cga-vmcg-54pm-cp7r","public_exploit_available:true","dd_rule_type:not-empty","os_version:22.04","ng_local_storage:false","asset_id:i-0287cce0c5ced7759","close_count:0","orch_cluster_id:4c9f3702-c3bd-4d69-871b-cfa039a397df","vulnerability_status:auto-closed","cpu_arch:amd64","ng_cluster_autoscaler:true","last_detected_minutes:0","epss_raw_score:0.01391","node.datadoghq.com/base-image:ubuntu_22_04","node.datadoghq.com/version:v6-271-0","datacenter:us1.staging.dog","alias:cve-2024-27304","previous_status:open","cve:cve-2024-27304","alias:cga-rqqc-qwmr-qw72","nodegroups.datadoghq.com/namespace:metering","type:component_with_known_vulnerability","eenv:staging","origin:agent","agent_release_candidate_cluster:false","env:staging"],"timestamp":1765838617865}},{"id":"NTE0YWUwMWUwYjdiMTJlNTdmMjkwZGU3NjYwYzc3ZGF-MjRmYmFmY2UzNGZjNzRlZGY1NjI5M2ExZGIwNjBkZjM=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CGA-rqqc-qwmr-qw72","CGA-vmcg-54pm-cp7r","CVE-2024-27304","GHSA-mrww-27vc-gghv","GO-2024-2606"],"cve":"CVE-2024-27304","id":"GHSA-7jwh-3vrq-q3m8","modified_at":1729574941941,"published_at":1709585125000,"summary":"pgproto3 + SQL Injection via Protocol Message Size Overflow","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"i-045e3e76dfdf37aae"},"detection_changed_at":1765838617835,"finding_id":"NTE0YWUwMWUwYjdiMTJlNTdmMjkwZGU3NjYwYzc3ZGF-MjRmYmFmY2UzNGZjNzRlZGY1NjI5M2ExZGIwNjBkZjM=","finding_type":"host_and_container_vulnerability","first_seen_at":1765837126551,"host":{"name":"i-045e3e76dfdf37aae","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"oddish-b"},"last_seen_at":1765838617835,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["github.com/jackc/pgproto3/v2"],"name":"github.com/jackc/pgproto3/v2","normalized_name":"github.com/jackc/pgproto3/v2","version":"v2.3.2"},"remediation":{"is_available":true,"package":{"base":[{"name":"github.com/jackc/pgproto3/v2","version":"2.3.3"}]},"recommended":{"name":"github.com/jackc/pgproto3/v2","version":"2.3.3"}},"resource_id":"24fbafce34fc74edf56293a1db060df3","resource_name":"i-045e3e76dfdf37aae","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/roaris/CVE-2024-27304-PoC"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.01391,"epss_severity":"low"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false}},"severity":"high","severity_details":{"adjusted":{"score":8.9,"value":"high","value_id":3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L"},"base":{"score":9.3,"value":"critical","value_id":4,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"}},"status":"auto_closed","title":"pgproto3 + SQL Injection via Protocol Message Size Overflow","vulnerability":{"cwes":["CWE-89","CWE-190"],"hash":"f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838617835,"mute":{"is_muted":false}}}},"tags":["fix_version:v2.3.4-0.20250125160525-bc041643406d","exposure_time_days:0","kube_node_role:nodeless","cluster_name:oddish-b","ecosystem:go","event_type:close","orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54","env:staging","base_severity:critical","source:datadog","site:datad0g.com","fix_available:available","scored:false","alias:go-2024-2606","kube_node_role:compute","severity:high","asset_type:host","os_name:ubuntu","assignee:none","assignee_id:none","in_production:false","node.datadoghq.com/flavor:nodeless-fastephemeral","hash:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e","is_kube_cluster_experimental:false","adp_enabled:false","node.datadoghq.com/cgroup:v2","nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge","score:8.9","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","base_score:9.3","kube_cluster_name:oddish-b","instance_type:m6gd.8xlarge","package_version:v2.3.2","alias:ghsa-mrww-27vc-gghv","alias:cga-vmcg-54pm-cp7r","kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge","public_exploit_available:true","dd_rule_type:not-empty","vuln_id:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e","os_version:22.04","ng_local_storage:false","close_count:0","vulnerability_status:auto-closed","ng_cluster_autoscaler:true","last_detected_minutes:0","epss_raw_score:0.01391","asset_id:i-045e3e76dfdf37aae","node.datadoghq.com/base-image:ubuntu_22_04","node.datadoghq.com/version:v6-271-0","kube_node:ip-10-128-37-96.ec2.internal","datacenter:us1.staging.dog","alias:cve-2024-27304","previous_status:open","package_name:github.com/jackc/pgproto3/v2","cve:cve-2024-27304","alias:cga-rqqc-qwmr-qw72","cpu_arch:arm64","type:component_with_known_vulnerability","eenv:staging","origin:agent","agent_release_candidate_cluster:false","env:staging"],"timestamp":1765838617835}},{"id":"ZjQ1YzE1NWQ5ODQ4NDk4ZmRjZTgyNTA1MzllZDY4OGV-N2YyZDlhNmRkMTE4NWYzODAyYTllZGFjMTczOTAzMTI=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2024-41110","GO-2024-3005"],"cve":"CVE-2024-41110","id":"GHSA-v23v-6jw2-98fq","modified_at":1723230467000,"published_at":1722334737000,"summary":"Authz + zero length regression","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"727006795293","cloud_provider":"aws","display_name":"i-0e04298f4842968e8","region":"us-east-1"},"detection_changed_at":1765838617779,"finding_id":"ZjQ1YzE1NWQ5ODQ4NDk4ZmRjZTgyNTA1MzllZDY4OGV-N2YyZDlhNmRkMTE4NWYzODAyYTllZGFjMTczOTAzMTI=","finding_type":"host_and_container_vulnerability","first_seen_at":1765835798278,"host":{"cloud_provider":"aws","image":"ami-0a8a2ad2689e7c22d","name":"i-0e04298f4842968e8","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"oddish-b"},"last_seen_at":1765838617779,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["github.com/docker/docker"],"name":"github.com/docker/docker","normalized_name":"github.com/docker/docker","version":"v26.0.1+incompatible"},"remediation":{"is_available":true,"package":{"base":[{"name":"github.com/docker/docker","version":"26.1.5"}]},"recommended":{"name":"github.com/docker/docker","version":"26.1.5"}},"resource_id":"7f2d9a6dd1185f3802a9edac17390312","resource_name":"i-0e04298f4842968e8","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/PauloParoPP/CVE-2024-41110-SCAN","https://github.com/vvpoglazov/cve-2024-41110-checker"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.03074,"epss_severity":"low"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false}},"severity":"high","severity_details":{"adjusted":{"score":8.8,"value":"high","value_id":3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:L/IR:L/AR:L"},"base":{"score":9.4,"value":"critical","value_id":4,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}},"status":"auto_closed","title":"Authz + zero length regression","vulnerability":{"cwes":["CWE-187"],"hash":"a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838617779,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1b","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","kube_node_role:nodeless","ecosystem:go","event_type:close","availability-zone:us-east-1b","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","aws:ec2:fleet-id:fleet-d13f3304-a906-e61e-2c12-a78868beb555","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:186mi","autoscaling_group:us1-staging-dog-oddish-b-k8s-ng-asg-25eaecca332303a0","source:datadog","k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule","site:datad0g.com","fix_available:available","epss_raw_score:0.03074","package_name:github.com/docker/docker","asset_type:host","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-localstorage-amd64-m6id-xlarge","nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-localstorage-amd64","dd_compute_k8s_platform_version:v6-271-0","nodegroup:kube-system_nodeless-localstorage-amd64-m6id-xlarge","assignee:none","vuln_id:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f","assignee_id:none","in_production:false","aws_account:727006795293","is_kube_cluster_experimental:false","adp_enabled:false","kube_cluster_name:oddish-b","base_score:9.4","iam_profile:k8s/us1-staging-dog-oddish-b-kube-node_v2","public_exploit_available:true","kubernetes.io/cluster/oddish-b:owned","region:us-east-1","fix_version:v299999999.0.0-20200612211812-aaf470eca7b5_incompatible","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless","close_count:0","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:236991611392","ng_cluster_autoscaler:true","k8s.io/cluster-autoscaler/node-template/label/nodeless-localstorage.datadoghq.com/instance-type:m6id.xlarge","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system","name:kube-system_nodeless-localstorage-amd64-m6id-xlarge","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-localstorage-amd64-m6id-xlarge","k8s.io/cluster-autoscaler/node-template/resources/memory:13567106253","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","nodegroups.datadoghq.com/name:nodeless-localstorage-amd64-m6id-xlarge","k8s.io/cluster-autoscaler/node-template/label/class:nodeless","account:staging","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","eenv:staging","agent_release_candidate_cluster:false","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:nodeless-localstorage","k8s.io/cluster-autoscaler/node-template/taint/flavor:nodeless-localstorage:noschedule","package_version:v26.0.1_incompatible","exposure_time_days:0","cluster_name:oddish-b","security-group:sg-0b9e1c6b4773288df","orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54","role:kube-node","env:staging","instance_type:m6id.xlarge","image:ami-0a8a2ad2689e7c22d","base_severity:critical","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","asset_id:i-0e04298f4842968e8","security-group:sg-faa8cdb1","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95","scored:false","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64","k8s.io/cluster-autoscaler/node-template/resources/cpu:3900m","severity:high","kube_node_role:compute","k8s.io/cluster-autoscaler/node-template/resources/pods:40","os_name:ubuntu","node.datadoghq.com/flavor:nodeless-localstorage","ng_local_storage:true","alias:go-2024-3005","nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller","instance-type:m6id.xlarge","node.datadoghq.com/cgroup:v2","score:8.8","kube_node:ip-10-128-71-26.ec2.internal","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","aws:ec2launchtemplate:id:lt-0ae5c167d7a085e7b","k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64_flavor-nodeless-localstorage","dd_rule_type:not-empty","os_version:22.04","vulnerability_status:auto-closed","cpu_arch:amd64","last_detected_minutes:0","kube_node_role:nodeless-localstorage-amd64-m6id-xlarge","node.datadoghq.com/base-image:ubuntu_22_04","hash:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f","node.datadoghq.com/version:v6-271-0","alias:cve-2024-41110","datacenter:us1.staging.dog","previous_status:open","kubernetes_cluster:oddish-b","type:component_with_known_vulnerability","origin:agent","auto-discovery.cluster-autoscaler.k8s.io/oddish-b","cve:cve-2024-41110","env:staging"],"timestamp":1765838617779}},{"id":"OWZkNjcxMTNmY2M3ZGJkMTNiNWIxMjcyZDdjZGJjYTJ-ZDM3YTBhMTAxZjFjZjc4OGNlYmE5ODNkNzQwMWI2M2E=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CGA-rqqc-qwmr-qw72","CGA-vmcg-54pm-cp7r","CVE-2024-27304","GHSA-mrww-27vc-gghv","GO-2024-2606"],"cve":"CVE-2024-27304","id":"GHSA-7jwh-3vrq-q3m8","modified_at":1729574941941,"published_at":1709585125000,"summary":"pgproto3 + SQL Injection via Protocol Message Size Overflow","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"i-0ef9daf3d9bd9c136"},"detection_changed_at":1765838617692,"finding_id":"OWZkNjcxMTNmY2M3ZGJkMTNiNWIxMjcyZDdjZGJjYTJ-ZDM3YTBhMTAxZjFjZjc4OGNlYmE5ODNkNzQwMWI2M2E=","finding_type":"host_and_container_vulnerability","first_seen_at":1765836977473,"host":{"name":"i-0ef9daf3d9bd9c136","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"oddish-b"},"last_seen_at":1765838617692,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["github.com/jackc/pgproto3/v2"],"name":"github.com/jackc/pgproto3/v2","normalized_name":"github.com/jackc/pgproto3/v2","version":"v2.3.2"},"remediation":{"is_available":true,"package":{"base":[{"name":"github.com/jackc/pgproto3/v2","version":"2.3.3"}]},"recommended":{"name":"github.com/jackc/pgproto3/v2","version":"2.3.3"}},"resource_id":"d37a0a101f1cf788ceba983d7401b63a","resource_name":"i-0ef9daf3d9bd9c136","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/roaris/CVE-2024-27304-PoC"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.01391,"epss_severity":"low"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false}},"severity":"high","severity_details":{"adjusted":{"score":8.9,"value":"high","value_id":3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L"},"base":{"score":9.3,"value":"critical","value_id":4,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"}},"status":"auto_closed","title":"pgproto3 + SQL Injection via Protocol Message Size Overflow","vulnerability":{"cwes":["CWE-89","CWE-190"],"hash":"f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838617692,"mute":{"is_muted":false}}}},"tags":["fix_version:v2.3.4-0.20250125160525-bc041643406d","exposure_time_days:0","kube_node_role:nodeless","cluster_name:oddish-b","ecosystem:go","event_type:close","orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54","env:staging","base_severity:critical","kube_node:ip-10-128-69-249.ec2.internal","source:datadog","site:datad0g.com","fix_available:available","scored:false","alias:go-2024-2606","kube_node_role:compute","severity:high","asset_type:host","os_name:ubuntu","assignee:none","asset_id:i-0ef9daf3d9bd9c136","assignee_id:none","in_production:false","node.datadoghq.com/flavor:nodeless-fastephemeral","hash:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e","is_kube_cluster_experimental:false","adp_enabled:false","node.datadoghq.com/cgroup:v2","nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge","score:8.9","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","base_score:9.3","kube_cluster_name:oddish-b","instance_type:m6gd.8xlarge","package_version:v2.3.2","alias:ghsa-mrww-27vc-gghv","alias:cga-vmcg-54pm-cp7r","kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge","public_exploit_available:true","dd_rule_type:not-empty","vuln_id:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e","os_version:22.04","ng_local_storage:false","close_count:0","vulnerability_status:auto-closed","ng_cluster_autoscaler:true","last_detected_minutes:0","epss_raw_score:0.01391","node.datadoghq.com/base-image:ubuntu_22_04","node.datadoghq.com/version:v6-271-0","datacenter:us1.staging.dog","alias:cve-2024-27304","previous_status:open","package_name:github.com/jackc/pgproto3/v2","cve:cve-2024-27304","alias:cga-rqqc-qwmr-qw72","cpu_arch:arm64","type:component_with_known_vulnerability","eenv:staging","origin:agent","agent_release_candidate_cluster:false","env:staging"],"timestamp":1765838617692}},{"id":"MjU5YjI1MWNiNzU4YzgxMmFkODFjZTIwMWUxNjc4ZWN-ZjA5ZTUwMDgzNWU3ZGVhYzBjOTJjYzU2NmU2NzMyNDQ=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2024-41110","GO-2024-3005"],"cve":"CVE-2024-41110","id":"GHSA-v23v-6jw2-98fq","modified_at":1723230467000,"published_at":1722334737000,"summary":"Authz + zero length regression","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"i-0e88c4cb2030f0900"},"detection_changed_at":1765838617584,"finding_id":"MjU5YjI1MWNiNzU4YzgxMmFkODFjZTIwMWUxNjc4ZWN-ZjA5ZTUwMDgzNWU3ZGVhYzBjOTJjYzU2NmU2NzMyNDQ=","finding_type":"host_and_container_vulnerability","first_seen_at":1765836323780,"host":{"name":"i-0e88c4cb2030f0900","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"oddish-b"},"last_seen_at":1765838617584,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["github.com/docker/docker"],"name":"github.com/docker/docker","normalized_name":"github.com/docker/docker","version":"v26.0.1+incompatible"},"remediation":{"is_available":true,"package":{"base":[{"name":"github.com/docker/docker","version":"26.1.5"}]},"recommended":{"name":"github.com/docker/docker","version":"26.1.5"}},"resource_id":"f09e500835e7deac0c92cc566e673244","resource_name":"i-0e88c4cb2030f0900","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/PauloParoPP/CVE-2024-41110-SCAN","https://github.com/vvpoglazov/cve-2024-41110-checker"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.03074,"epss_severity":"low"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false}},"severity":"high","severity_details":{"adjusted":{"score":8.8,"value":"high","value_id":3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:L/IR:L/AR:L"},"base":{"score":9.4,"value":"critical","value_id":4,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}},"status":"auto_closed","title":"Authz + zero length regression","vulnerability":{"cwes":["CWE-187"],"hash":"a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838617584,"mute":{"is_muted":false}}}},"tags":["exposure_time_days:0","package_version:v26.0.1_incompatible","kube_node_role:nodeless","cluster_name:oddish-b","ecosystem:go","event_type:close","orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54","env:staging","base_severity:critical","source:datadog","site:datad0g.com","fix_available:available","epss_raw_score:0.03074","scored:false","kube_node_role:compute","severity:high","package_name:github.com/docker/docker","asset_type:host","os_name:ubuntu","assignee:none","vuln_id:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f","assignee_id:none","in_production:false","alias:go-2024-3005","node.datadoghq.com/flavor:nodeless-fastephemeral","is_kube_cluster_experimental:false","adp_enabled:false","node.datadoghq.com/cgroup:v2","score:8.8","nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","asset_id:i-0e88c4cb2030f0900","kube_cluster_name:oddish-b","base_score:9.4","instance_type:m6gd.8xlarge","kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge","public_exploit_available:true","dd_rule_type:not-empty","fix_version:v299999999.0.0-20200612211812-aaf470eca7b5_incompatible","os_version:22.04","ng_local_storage:false","close_count:0","vulnerability_status:auto-closed","ng_cluster_autoscaler:true","last_detected_minutes:0","node.datadoghq.com/base-image:ubuntu_22_04","hash:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f","kube_node:ip-10-128-69-26.ec2.internal","node.datadoghq.com/version:v6-271-0","alias:cve-2024-41110","datacenter:us1.staging.dog","previous_status:open","cpu_arch:arm64","type:component_with_known_vulnerability","eenv:staging","origin:agent","agent_release_candidate_cluster:false","cve:cve-2024-41110","env:staging"],"timestamp":1765838617584}}],"meta":{"elapsed":1369,"page":{"after":"eyJhZnRlciI6IkF3QUFBWnNrTHZ2d2NDUnlSQUFBQUJoQlduTnJUSFoyZDBGQlFsSkxaV05HYVMxcGNVbDNSV2tBQUFBa1pERTVZakkwTW1ZdE1ESXpOQzAwT0RaaUxUZ3hNbVl0T1RGaFlUZ3lOemcyTkRRMkFBQURjQSIsInZhbHVlcyI6WzE3NjU4Mzg2MTc1ODQsIjIwMjUtMTItMTVUMjI6NDM6MzcuNTg0WiIsMTg4MTQzNjc0MF19"},"request_id":"pddv1ChZNOVExUVJTblR5Q3JvSmtydGt3ck9BIi0KHZfc9G79MgJZpw5AiBM4qDleF_HVmgTTjgrQEVbBEgxR6Pf9JbnOhfIiPxQ","status":"done"},"links":{"next":"/api/v2/security/findings?filter%5Bquery%5D=%40severity%3Acritical+OR+%40severity%3Ahigh\u0026page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrTHZ2d2NDUnlSQUFBQUJoQlduTnJUSFoyZDBGQlFsSkxaV05HYVMxcGNVbDNSV2tBQUFBa1pERTVZakkwTW1ZdE1ESXpOQzAwT0RaaUxUZ3hNbVl0T1RGaFlUZ3lOemcyTkRRMkFBQURjQSIsInZhbHVlcyI6WzE3NjU4Mzg2MTc1ODQsIjIwMjUtMTItMTVUMjI6NDM6MzcuNTg0WiIsMTg4MTQzNjc0MF19\u0026page%5Blimit%5D=10\u0026sort=-%40detection_changed_at"}}' + headers: + content-type: + - application/vnd.api+json + status: + code: 200 + message: OK +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_search_security_findings_returns_ok_response_with_pagination.frozen b/tests/v2/cassettes/test_scenarios/test_search_security_findings_returns_ok_response_with_pagination.frozen new file mode 100644 index 0000000000..0c4f31d38c --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_search_security_findings_returns_ok_response_with_pagination.frozen @@ -0,0 +1 @@ +2025-12-15T22:44:41.939Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_search_security_findings_returns_ok_response_with_pagination.yaml b/tests/v2/cassettes/test_scenarios/test_search_security_findings_returns_ok_response_with_pagination.yaml new file mode 100644 index 0000000000..575db2ebbf --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_search_security_findings_returns_ok_response_with_pagination.yaml @@ -0,0 +1,41 @@ +interactions: +- request: + body: '{"data":{"attributes":{"filter":"@severity:(critical OR high)","page":{"limit":1}}}}' + headers: + accept: + - application/json + content-type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security/findings/search + response: + body: + string: '{"data":[{"id":"ZGVmLTAway1leWV-aS0wOGE2ZmE2ODdjOWE2ZDJkYg==","type":"finding","attributes":{"attributes":{"custom":{"cloud_resource":{"account":"600865094333","category":"compute","cloud_provider":"aws","configuration":{"account_id":"600865094333","components":{"kubelet":{"config":{"content":{"address":"10.12.32.204","allowedUnsafeSysctls":["net.*"],"apiVersion":"kubelet.config.k8s.io/v1beta1","authentication":{"anonymous":{"enabled":false},"webhook":{"cacheTTL":"60m","enabled":true},"x509":{"clientCAFile":{"certificate":{"authorityKeyId":"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96","commonName":"parent31-k8s","dnsNames":["parent31-k8s"],"fingerprint":"SHA256:DP/0ES6hkVPMrFizcIMEbQ75QGpwuWZZzShkn1KGQLA","notAfter":"2030-09-28T18:40:34Z","notBefore":"2025-09-29T18:40:04Z","serialNumber":"680167176125483697456383252717454423151202771482","subjectKeyId":"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96"},"dirGroup":"root","dirMode":2147484141,"dirUser":"root","group":"root","mode":420,"path":"/etc/vaultd/certs/vault-ca.cert","user":"root"}}},"authorization":{"mode":"Webhook","webhook":{"cacheAuthorizedTTL":"60m"}},"cgroupDriver":"systemd","cgroupsPerQOS":true,"clusterDomain":"parent31.cluster.local","containerLogMaxFiles":3,"containerLogMaxSize":"20Mi","cpuCFSQuota":false,"cpuManagerPolicy":"static","enforceNodeAllocatable":["pods"],"featureGates":{"AllowUnsafeMalformedObjectDeletion":false,"CBORServingAndStorage":false,"ClearingNominatedNodeNameAfterBinding":false,"ClusterTrustBundle":false,"ClusterTrustBundleProjection":false,"ComponentFlagz":false,"ComponentStatusz":false,"ContainerRestartRules":false,"ContainerStopSignals":false,"CoordinatedLeaderElection":false,"DRAConsumableCapacity":true,"DRADeviceBindingConditions":true,"DRADeviceTaints":true,"DRAExtendedResource":true,"DRAPartitionableDevices":true,"DRASchedulerFilterTimeout":true,"DeclarativeValidationTakeover":false,"DeploymentReplicaSetTerminatingReplicas":false,"DynamicResourceAllocation":true,"EnvFiles":false,"ExternalServiceAccountTokenSigner":true,"HPAConfigurableTolerance":false,"HostnameOverride":false,"ImageVolume":true,"InPlacePodVerticalScalingExclusiveCPUs":false,"InPlacePodVerticalScalingExclusiveMemory":false,"JobManagedBy":false,"KubeletCrashLoopBackOffMax":false,"KubeletEnsureSecretPulledImages":false,"KubeletFineGrainedAuthz":false,"MaxUnavailableStatefulSet":true,"MutableCSINodeAllocatableCount":true,"MutatingAdmissionPolicy":true,"NominatedNodeNameForExpectation":false,"PodCertificateRequest":false,"PodLogsQuerySplitStreams":false,"PodTopologyLabelsAdmission":false,"ReduceDefaultCrashLoopBackOffDecay":false,"RelaxedServiceNameValidation":false,"RemoteRequestHeaderUID":false,"ResourceHealthStatus":false,"SELinuxChangePolicy":false,"SchedulerAsyncPreemption":false,"ServiceAccountNodeAudienceRestriction":false,"StorageCapacityScoring":false,"StorageVersionMigrator":false,"StrictIPCIDRValidation":false,"WatchCacheInitializationPostStartHook":false,"WatchList":true},"imageMaximumGCAge":"22h","kind":"KubeletConfiguration","kubeReserved":{"cpu":"100m","memory":"300Mi"},"kubeReservedCgroup":"kuberuntime","maxPods":45,"providerID":"aws:///us-west-2c/i-08a6fa687c9a6d2db","readOnlyPort":0,"registerWithTaints":[{"effect":"NoSchedule","key":"ebs.csi.aws.com/agent-not-ready","value":"true"},{"effect":"NoSchedule","key":"node","value":"nodeless"}],"registryBurst":20,"registryPullQPS":8,"streamingConnectionIdleTimeout":"4h","systemReserved":{"cpu":"100m","memory":"3507947110"},"systemReservedCgroup":"system","tlsCertFile":{"certificate":{"authorityKeyId":"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96","commonName":"system:node:ip-10-12-32-204.us-west-2.compute.internal","fingerprint":"SHA256:FBQHjmcexGGgB42hmh2FLq1lRwyoz1HYRpJRd2pnsII","ipAddresses":["10.12.32.204"],"notAfter":"2025-12-22T16:50:32Z","notBefore":"2025-12-15T22:38:56Z","organization":["system:nodes"],"serialNumber":"127630705538822312578970595637812130230650020432","subjectKeyId":"67:A8:EE:1D:53:9F:B8:54:1B:3F:17:CF:7D:90:5A:BD:16:80:64:D7"},"dirGroup":"root","dirMode":2147484141,"dirUser":"root","group":"root","mode":420,"path":"/var/lib/kubelet/pki/kubelet-cert.pem","user":"root"},"tlsPrivateKeyFile":{"group":"root","mode":384,"path":"/var/lib/kubelet/pki/kubelet-key.pem","user":"root"}},"group":"root","mode":384,"path":"/etc/kubernetes/kubelet-configuration.yaml","user":"root"},"event-burst":100,"event-qps":50,"hostname-override":"ip-10-12-32-204.us-west-2.compute.internal","image-credential-provider-bin-dir":{"group":"root","mode":2147484141,"path":"/usr/local/bin","user":"root"},"image-credential-provider-config":{"content":{"apiVersion":"kubelet.config.k8s.io/v1","kind":"CredentialProviderConfig","providers":[{"apiVersion":"credentialprovider.kubelet.k8s.io/v1","defaultCacheDuration":"12h","matchImages":["*.dkr.ecr.*.amazonaws.com","*.dkr.ecr-fips.*.amazonaws.com"],"name":"ecr-credential-provider"}]},"group":"root","mode":292,"path":"/etc/kubernetes/kubelet-credential-provider-config.yaml","user":"root"},"kubeconfig":{"group":"root","kubeconfig":{"clusters":{"kubernetes":{"certificateAuthority":{"certificate":{"authorityKeyId":"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96","commonName":"parent31-k8s","dnsNames":["parent31-k8s"],"fingerprint":"SHA256:DP/0ES6hkVPMrFizcIMEbQ75QGpwuWZZzShkn1KGQLA","notAfter":"2030-09-28T18:40:34Z","notBefore":"2025-09-29T18:40:04Z","serialNumber":"680167176125483697456383252717454423151202771482","subjectKeyId":"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96"},"dirGroup":"root","dirMode":2147484141,"dirUser":"root","group":"root","mode":420,"path":"/etc/vaultd/certs/vault-ca.cert","user":"root"},"server":"https://k8s-parent31.prtest03.staging.dog"}},"contexts":{"kubelet":{"cluster":"kubernetes","user":"kubelet"}},"currentContext":"","users":{"kubelet":{"clientCertificate":{"certificate":{"authorityKeyId":"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96","commonName":"system:node:ip-10-12-32-204.us-west-2.compute.internal","fingerprint":"SHA256:FBQHjmcexGGgB42hmh2FLq1lRwyoz1HYRpJRd2pnsII","ipAddresses":["10.12.32.204"],"notAfter":"2025-12-22T16:50:32Z","notBefore":"2025-12-15T22:38:56Z","organization":["system:nodes"],"serialNumber":"127630705538822312578970595637812130230650020432","subjectKeyId":"67:A8:EE:1D:53:9F:B8:54:1B:3F:17:CF:7D:90:5A:BD:16:80:64:D7"},"dirGroup":"root","dirMode":2147484141,"dirUser":"root","group":"root","mode":420,"path":"/var/lib/kubelet/pki/kubelet-cert.pem","user":"root"},"clientKey":{"group":"root","mode":384,"path":"/var/lib/kubelet/pki/kubelet-key.pem","user":"root"},"usePassword":false,"useToken":false}}},"mode":420,"path":"/var/lib/kubelet/kubeconfig.yaml","user":"root"},"make-iptables-util-chains":true,"pod-max-pids":-1,"skippedFlags":{"--cloud-provider":"external","--cluster-dns":"172.17.0.2","--config-dir":"/etc/kubernetes/config.d","--container-runtime-endpoint":"unix:///run/containerd/containerd.sock","--healthz-bind-address":"10.12.32.204","--node-ip":"10.12.32.204","--node-labels":"node.datadoghq.com/cgroup=v2"}}},"framework_requirement":["fedramp-low/Identification-and-Authentication","fedramp-moderate/Identification-and-Authentication","pci-dss/Protect-Stored-Account-Data","cis-kubernetes/Kubelet","fedramp-high/Identification-and-Authentication","nist-800-53/Identification + and Authentication","pci-dss/Apply-Secure-Configurations-to-All-System-Components"],"framework_requirement_control":["cis-kubernetes/Kubelet/4.2.10","nist-800-53/Identification + and Authentication/IA-7","fedramp-high/Identification-and-Authentication/IA-7","pci-dss/Apply-Secure-Configurations-to-All-System-Components/2.2.7","fedramp-low/Identification-and-Authentication/IA-7","fedramp-moderate/Identification-and-Authentication/IA-7","pci-dss/Protect-Stored-Account-Data/3.6.1.2","pci-dss/Protect-Stored-Account-Data/3.6.1.1"],"is_default_crawl":false,"kube_node_name":"kube-system_nodeless-amd64-d-m6a-2xlarge","kubeletService":{"content":["Unit"],"group":"root","mode":420,"path":"/etc/systemd/system/kubelet.service","user":"root"},"version":"202403"},"region":"us-west-2"},"compliance":{"evaluation":"pass","framework_requirement_controls":["cis-kubernetes/Kubelet/4.2.10","nist-800-53/Identification + and Authentication/IA-7","fedramp-high/Identification-and-Authentication/IA-7","pci-dss/Apply-Secure-Configurations-to-All-System-Components/2.2.7","fedramp-low/Identification-and-Authentication/IA-7","fedramp-moderate/Identification-and-Authentication/IA-7","pci-dss/Protect-Stored-Account-Data/3.6.1.2","pci-dss/Protect-Stored-Account-Data/3.6.1.1"],"framework_requirements":["fedramp-low/Identification-and-Authentication","fedramp-moderate/Identification-and-Authentication","pci-dss/Protect-Stored-Account-Data","cis-kubernetes/Kubelet","fedramp-high/Identification-and-Authentication","nist-800-53/Identification + and Authentication","pci-dss/Apply-Secure-Configurations-to-All-System-Components"],"frameworks":[{"control":"4.2.10","framework":"cis-kubernetes","is_default":true,"requirement":"Kubelet","version":"1.9.0"},{"control":"IA-7","framework":"fedramp-high","is_default":true,"requirement":"Identification-and-Authentication","version":"5"},{"control":"IA-7","framework":"fedramp-low","is_default":true,"requirement":"Identification-and-Authentication","version":"5"},{"control":"IA-7","framework":"fedramp-moderate","is_default":true,"requirement":"Identification-and-Authentication","version":"5"},{"control":"IA-7","framework":"nist-800-53","is_default":true,"requirement":"Identification + and Authentication","version":"rev5"},{"control":"2.2.7","framework":"pci-dss","is_default":true,"requirement":"Apply-Secure-Configurations-to-All-System-Components","version":"4.0.1"},{"control":"3.6.1.1","framework":"pci-dss","is_default":true,"requirement":"Protect-Stored-Account-Data","version":"4.0.1"},{"control":"3.6.1.2","framework":"pci-dss","is_default":true,"requirement":"Protect-Stored-Account-Data","version":"4.0.1"}]},"description":"%%%\n## + Description\n\nKubelet client certificate rotation should be enabled. The + `--rotate-certificates` setting tells the kubelet to rotate its client certificates + by creating new CSRs when its existing credentials expire. This automated + periodic rotation ensures that there is no downtime due to expired certificates + and thus addresses availability in the CIA security triad.\n\n**Note**: This + recommendation only applies if you let kubelets get their certificates from + the API server. In cases where your kubelet certificates come from an outside + authority or tool (for example, Vault), then you need to manually do the rotation. + \n\n## Remediation\n\n1. If using a kubelet config file, edit the file to + add the line `rotateCertificates: true`.\n2. If using command line arguments, + edit the kubelet service file `/etc/systemd/system/kubelet.service.d/10-kubeadm.conf` + on each worker node and add the argument below from the `KUBELET_CERTIFICATE_ARGS` + variable.\n ```\n --rotate-certificates=true\n ```\n3. Restart the + kubelet service.\n\n%%%","detection_changed_at":1765838670804,"finding_id":"ZGVmLTAway1leWV-aS0wOGE2ZmE2ODdjOWE2ZDJkYg==","finding_type":"misconfiguration","first_seen_at":1765838670804,"k8s":{"cluster_id":"parent31"},"last_seen_at":1765838670804,"metadata":{"schema_version":"2"},"resource_id":"i-08a6fa687c9a6d2db","resource_name":"kube-system_nodeless-amd64-d-m6a-2xlarge","resource_type":"kubernetes_worker_node","rule":{"default_rule_id":"def-00k-eye","id":"def-00k-eye","name":"The + kubelet client certificate rotation should be enabled","type":"cloud configuration","version":7},"severity":"high","severity_details":{"adjusted":{"score":8,"value":"high","value_id":3}},"status":"open","title":"The + kubelet client certificate rotation should be enabled","workflow":{"mute":{"is_muted":false}}}},"tags":["scored:true","kernel:none","kube_node_role:nodeless","dd_compute_k8s_platform_version:v6-260-2","k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-200m-v2","kube_cluster_name:parent31","k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule","nodegroup:kube-system_nodeless-amd64-d-m6a-2xlarge","name:kube-system_nodeless-amd64-d-m6a-2xlarge","framework:fedramp-low","requirement:identification_and_authentication","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s","control:2.2.7","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true","iam_profile:k8s/prtest03-staging-dog-parent31-kube-node_v2","site:datadoghq.com","framework_version:pci-dss_v4.0.1","framework:cis-kubernetes","nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-2xlarge","framework:nist-800-53","aws:ec2:fleet-id:fleet-30af8106-a33c-c1bc-8e30-8c2aef2d524c","requirement:protect-stored-account-data","framework_version:nist-800-53_vrev5","framework:fedramp-moderate","availability-zone:us-west-2c","is_kube_cluster_experimental:false","requirement:identification-and-authentication","node.datadoghq.com/flavor:standard","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-m6a-2xlarge","adp_enabled:false","kube_node_role:nodeless-amd64-d-m6a-2xlarge","kubernetes.io/cluster/parent31:owned","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard","team:compute-cloud-accounts","image:ami-0e7b60ad05b2da7ed","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless","ng_local_storage:false","k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c","security-group:sg-041983b0e52f0b956","auto-discovery.cluster-autoscaler.k8s.io/parent31","ng_cluster_autoscaler:true","account:staging-prtest03-hazel-parent","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system","kubernetes_cluster:parent31","account_id:600865094333","aws:ec2launchtemplate:id:lt-0e13322d92afb436c","k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","framework_version:fedramp-moderate_v5","k8s.io/cluster-autoscaler/node-template/label/class:nodeless","k8s.io/cluster-autoscaler/node-template/resources/memory:28983228826","framework_version:cis-kubernetes_v1.9.0","agent_release_candidate_cluster:false","host:i-08a6fa687c9a6d2db","role:kube-node","env:staging","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","instance-type:m6a.2xlarge","control:ia-7","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:372mi","framework_version:fedramp-low_v5","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95","scope:kubernetes","security:compliance","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64","kube_node_role:compute","k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-200m-v2","nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64","control:3.6.1.1","control:3.6.1.2","datacenter:prtest03.staging.dog","k8s.io/cluster-autoscaler/node-template/resources/pods:45","framework:pci-dss","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-2xlarge","region:us-west-2","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:53034256170","nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller","kube_node:ip-10-12-32-204.us-west-2.compute.internal","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false","framework_version:fedramp-high_v5","node.datadoghq.com/cgroup:v2","node.datadoghq.com/version:v6-260-2","nodegroups.datadoghq.com/namespace:kube-system","k8s.io/cluster-autoscaler/enabled:yes","security-group:sg-040bae0963d96a1c5","cluster_name:parent31","aws_account:600865094333","autoscaling_group:prtest03-staging-dog-parent31-k8s-ng-asg-4defb27385fb49b0","cpu_arch:amd64","requirement:kubelet","node.datadoghq.com/base-image:ubuntu_22_04","requirement:apply-secure-configurations-to-all-system-components","instance_type:m6a.2xlarge","orch_cluster_id:69945bda-00ed-44d6-8ddd-5ee7cecf1c1d","source:kubernetes","framework:fedramp-high","control:4.2.10","source:compliance-agent"],"timestamp":1765838670804}}],"meta":{"elapsed":916,"page":{"after":"eyJhZnRlciI6IkF3QUFBWnNrTDh2VTlLUDFyQUFBQUJoQlduTnJURGgyVlVGQlF6QnVTVVJUUTBwbk5HbE9jSE1BQUFBa1pqRTVZakkwTW1ZdFpEUXhOeTAwWW1GbExUZ3haRFl0WkRZME5EazFNelE0TkRabEFBQUg0ZyIsInZhbHVlcyI6WzE3NjU4Mzg2NzA4MDQsIjIwMjUtMTItMTVUMjI6NDQ6MzAuODA0WiIsLTE5MDU4MTMzMl19"},"request_id":"pddv1ChZXeHI2X1VLUFMyQ25KRjFhNTgwWlZ3Ii0KHSOVjxpVE2yfxdGytC3aiBt_PLDLzISoQQFbf2XXEgys6s_dxBVNuv6xlig","status":"done"},"links":{"next":"/api/v2/security/findings?filter%5Bquery%5D=%40severity%3Acritical+OR+%40severity%3Ahigh\u0026page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrTDh2VTlLUDFyQUFBQUJoQlduTnJURGgyVlVGQlF6QnVTVVJUUTBwbk5HbE9jSE1BQUFBa1pqRTVZakkwTW1ZdFpEUXhOeTAwWW1GbExUZ3haRFl0WkRZME5EazFNelE0TkRabEFBQUg0ZyIsInZhbHVlcyI6WzE3NjU4Mzg2NzA4MDQsIjIwMjUtMTItMTVUMjI6NDQ6MzAuODA0WiIsLTE5MDU4MTMzMl19\u0026page%5Blimit%5D=1\u0026sort=-%40detection_changed_at"}}' + headers: + content-type: + - application/vnd.api+json + status: + code: 200 + message: OK +version: 1 diff --git a/tests/v2/features/security_monitoring.feature b/tests/v2/features/security_monitoring.feature index b3955e02b3..7434addb83 100644 --- a/tests/v2/features/security_monitoring.feature +++ b/tests/v2/features/security_monitoring.feature @@ -1321,6 +1321,32 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: List security findings returns "Bad Request" response + Given operation "ListSecurityFindings" enabled + And new "ListSecurityFindings" request + And request contains "page[cursor]" parameter with value "invalid_cursor" + When the request is sent + Then the response status is 400 Bad Request + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: List security findings returns "OK" response + Given operation "ListSecurityFindings" enabled + And new "ListSecurityFindings" request + When the request is sent + Then the response status is 200 OK + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: List security findings returns "OK" response with pagination + Given operation "ListSecurityFindings" enabled + And new "ListSecurityFindings" request + And request contains "page[limit]" parameter with value 5 + When the request is sent + Then the response status is 200 OK + And the response "data" has length 5 + And the response "meta.page" has field "after" + And the response "links" has field "next" + @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: List threat hunting jobs returns "Bad Request" response Given operation "ListThreatHuntingJobs" enabled @@ -1574,6 +1600,33 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: Search security findings returns "Bad Request" response + Given operation "SearchSecurityFindings" enabled + And new "SearchSecurityFindings" request + And body with value {"page": {"cursor": "invalid_cursor"}} + When the request is sent + Then the response status is 400 Bad Request + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: Search security findings returns "OK" response + Given operation "SearchSecurityFindings" enabled + And new "SearchSecurityFindings" request + And body with value {"data": {"attributes": {"filter": "@severity:(critical OR high)"}}} + When the request is sent + Then the response status is 200 OK + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform @with-pagination + Scenario: Search security findings returns "OK" response with pagination + Given operation "SearchSecurityFindings" enabled + And new "SearchSecurityFindings" request + And body with value {"data": {"attributes": {"filter": "@severity:(critical OR high)", "page": {"limit": 1}}}} + When the request is sent + Then the response status is 200 OK + And the response "data" has length 1 + And the response "meta.page" has field "after" + And the response "links" has field "next" + @skip @team:DataDog/k9-cloud-security-platform Scenario: Test a rule returns "Bad Request" response Given new "TestSecurityMonitoringRule" request diff --git a/tests/v2/features/undo.json b/tests/v2/features/undo.json index e0f0b98d0c..6aaa0f3d97 100644 --- a/tests/v2/features/undo.json +++ b/tests/v2/features/undo.json @@ -3732,6 +3732,12 @@ "type": "safe" } }, + "ListSecurityFindings": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "DetachCase": { "tag": "Security Monitoring", "undo": { @@ -3776,6 +3782,12 @@ "type": "unsafe" } }, + "SearchSecurityFindings": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "ListAssetsSBOMs": { "tag": "Security Monitoring", "undo": {