diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 196165112da..26ded8599f2 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -30705,6 +30705,19 @@ components: example: /api/v2/scorecard/rules?page%5Blimit%5D=2&page%5Boffset%5D=2&page%5Bsize%5D=2 type: string type: object + ListSecurityFindingsResponse: + description: The expected response schema when listing security findings. + properties: + data: + description: Array of security findings matching the search query. + items: + $ref: '#/components/schemas/SecurityFindingsData' + type: array + links: + $ref: '#/components/schemas/SecurityFindingsLinks' + meta: + $ref: '#/components/schemas/SecurityFindingsMeta' + type: object ListTagsResponse: description: List tags response. properties: @@ -47272,6 +47285,148 @@ components: meta: $ref: '#/components/schemas/SecurityFilterMeta' type: object + SecurityFindingsAttributes: + description: The JSON object containing all attributes of the security finding. + properties: + attributes: + additionalProperties: {} + description: The custom attributes of the security finding. + example: + severity: high + status: open + type: object + tags: + description: List of tags associated with the security finding. + example: + - team:platform + - env:prod + items: + type: string + type: array + timestamp: + description: The Unix timestamp at which the detection changed for the resource. + Same value as @detection_changed_at. + example: 1765901760 + format: int64 + type: integer + type: object + SecurityFindingsData: + description: A single security finding. + properties: + attributes: + $ref: '#/components/schemas/SecurityFindingsAttributes' + id: + description: The unique ID of the security finding. + example: ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw== + type: string + type: + $ref: '#/components/schemas/SecurityFindingsDataType' + type: object + SecurityFindingsDataType: + default: finding + description: The type of the security finding resource. + enum: + - finding + example: finding + type: string + x-enum-varnames: + - FINDING + SecurityFindingsLinks: + description: Links for pagination. + properties: + next: + description: Link for the next page of results. Note that paginated requests + can also be made using the POST endpoint. + example: https://app.datadoghq.com/api/v2/security/findings?page[cursor]=eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ==&page[limit]=25 + type: string + type: object + SecurityFindingsMeta: + description: Metadata about the response. + properties: + elapsed: + description: The time elapsed in milliseconds. + example: 548 + format: int64 + type: integer + page: + $ref: '#/components/schemas/SecurityFindingsPage' + request_id: + description: The identifier of the request. + example: pddv1ChZwVlMxMUdYRFRMQ1lyb3B4MGNYbFlnIi0KHQu35LDbucx + type: string + status: + $ref: '#/components/schemas/SecurityFindingsStatus' + type: object + SecurityFindingsPage: + description: Pagination information. + properties: + after: + description: The cursor used to get the next page of results. + example: eyJhZnRlciI6IkFRQUFBWWJiaEJXQS1OY1dqUUFBQUFCQldXSmlhRUpYUVVGQlJFSktkbTlDTUdaWFRVbDNRVUUiLCJ2YWx1ZXMiOlsiY3JpdGljYWwiXX0= + type: string + type: object + SecurityFindingsSearchRequest: + description: The request body for searching security findings. + properties: + data: + $ref: '#/components/schemas/SecurityFindingsSearchRequestData' + type: object + SecurityFindingsSearchRequestData: + description: Request data for searching security findings. + properties: + attributes: + $ref: '#/components/schemas/SecurityFindingsSearchRequestDataAttributes' + type: object + SecurityFindingsSearchRequestDataAttributes: + description: Request attributes for searching security findings. + properties: + filter: + default: '*' + description: The search query following log search syntax. + example: '@severity:(critical OR high) @status:open team:platform' + type: string + page: + $ref: '#/components/schemas/SecurityFindingsSearchRequestPage' + sort: + $ref: '#/components/schemas/SecurityFindingsSort' + type: object + SecurityFindingsSearchRequestPage: + description: Pagination attributes for the search request. + properties: + cursor: + description: Get the next page of results with a cursor provided in the + previous query. + example: eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ== + type: string + limit: + default: 10 + description: The maximum number of security findings in the response. + example: 25 + format: int64 + maximum: 150 + minimum: 1 + type: integer + type: object + SecurityFindingsSort: + default: -@detection_changed_at + description: The sort parameters when querying security findings. + enum: + - '@detection_changed_at' + - -@detection_changed_at + type: string + x-enum-varnames: + - DETECTION_CHANGED_AT_ASC + - DETECTION_CHANGED_AT_DESC + SecurityFindingsStatus: + description: The status of the response. + enum: + - done + - timeout + example: done + type: string + x-enum-varnames: + - DONE + - TIMEOUT SecurityMonitoringFilter: description: The rule's suppression filter. properties: @@ -58490,6 +58645,8 @@ components: apm_service_catalog_read: View service catalog and service definitions. apm_service_catalog_write: Add, modify, and delete service catalog definitions when those definitions are maintained by Datadog. + appsec_vm_read: View infrastructure, application code, and library vulnerability + findings. billing_read: View your organization's billing information. cases_read: View Cases. cases_write: Create and update cases. @@ -80641,6 +80798,98 @@ paths: operator: OR permissions: - security_monitoring_cws_agent_rules_read + /api/v2/security/findings: + get: + description: 'Get a list of security findings that match a search query. + + + This endpoint requires one of the following permissions: + + - `security_monitoring_findings_read` + + - `appsec_vm_read` + + + ### Query Syntax + + + This endpoint uses the logs query syntax. Findings attributes (living in the + custom. namespace) are prefixed by @ when queried. Tags are queried without + a prefix. + + + Example: `@severity:(critical OR high) @status:open team:platform`' + operationId: ListSecurityFindings + parameters: + - description: The search query following log search syntax. + example: '@severity:(critical OR high) @status:open team:platform' + in: query + name: filter[query] + required: false + schema: + default: '*' + type: string + - description: Get the next page of results with a cursor provided in the previous + query. + example: eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ== + in: query + name: page[cursor] + required: false + schema: + type: string + - description: The maximum number of findings in the response. + example: 25 + in: query + name: page[limit] + required: false + schema: + default: 10 + format: int64 + maximum: 150 + minimum: 1 + type: integer + - description: Sorts by @detection_changed_at. + in: query + name: sort + required: false + schema: + $ref: '#/components/schemas/SecurityFindingsSort' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListSecurityFindingsResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/ForbiddenResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_findings_read + - AuthZ: + - appsec_vm_read + summary: List security findings + tags: + - Security Monitoring + x-pagination: + cursorParam: page[cursor] + cursorPath: meta.page.after + limitParam: page[limit] + resultsPath: data + x-permission: + operator: OR + permissions: + - security_monitoring_findings_read + - appsec_vm_read + x-unstable: '**Note**: This endpoint is in beta and subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/security/findings/cases: delete: description: 'Detach security findings from their case. @@ -80860,6 +81109,70 @@ paths: x-unstable: '**Note**: This endpoint is in beta and is subject to change. Please check the documentation regularly for updates.' + /api/v2/security/findings/search: + post: + description: 'Get a list of security findings that match a search query. + + + This endpoint requires one of the following permissions: + + - `security_monitoring_findings_read` + + - `appsec_vm_read` + + + ### Query Syntax + + + The API uses the logs query syntax. Findings attributes (living in the custom. + namespace) are prefixed by @ when queried. Tags are queried without a prefix. + + + Example: `@severity:(critical OR high) @status:open team:platform`' + operationId: SearchSecurityFindings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityFindingsSearchRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/ListSecurityFindingsResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/ForbiddenResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_findings_read + - AuthZ: + - appsec_vm_read + summary: Search security findings + tags: + - Security Monitoring + x-codegen-request-body-name: body + x-pagination: + cursorParam: body.data.attributes.page.cursor + cursorPath: meta.page.after + limitParam: body.data.attributes.page.limit + resultsPath: data + x-permission: + operator: OR + permissions: + - security_monitoring_findings_read + - appsec_vm_read + x-unstable: '**Note**: This endpoint is in beta and subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/security/sboms: get: description: 'Get a list of assets SBOMs for an organization. diff --git a/cassettes/features/v2/security_monitoring/List-security-findings-returns-Bad-Request-response.frozen b/cassettes/features/v2/security_monitoring/List-security-findings-returns-Bad-Request-response.frozen new file mode 100644 index 00000000000..c55732ac312 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/List-security-findings-returns-Bad-Request-response.frozen @@ -0,0 +1 @@ +2025-12-17T16:27:32.641Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/List-security-findings-returns-Bad-Request-response.yml b/cassettes/features/v2/security_monitoring/List-security-findings-returns-Bad-Request-response.yml new file mode 100644 index 00000000000..0e84161fbcc --- /dev/null +++ b/cassettes/features/v2/security_monitoring/List-security-findings-returns-Bad-Request-response.yml @@ -0,0 +1,20 @@ +http_interactions: +- recorded_at: Wed, 17 Dec 2025 16:27:32 GMT + request: + body: null + headers: + Accept: + - application/json + method: GET + uri: https://api.datadoghq.com/api/v2/security/findings?page%5Bcursor%5D=invalid_cursor + response: + body: + encoding: UTF-8 + string: '{"errors":[{"status":"400","detail":"Invalid filters"}]}' + headers: + Content-Type: + - application/vnd.api+json + status: + code: 400 + message: Bad Request +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/security_monitoring/List-security-findings-returns-OK-response-with-pagination.frozen b/cassettes/features/v2/security_monitoring/List-security-findings-returns-OK-response-with-pagination.frozen new file mode 100644 index 00000000000..5226ac2da3f --- /dev/null +++ b/cassettes/features/v2/security_monitoring/List-security-findings-returns-OK-response-with-pagination.frozen @@ -0,0 +1 @@ +2025-12-15T22:38:44.211Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/List-security-findings-returns-OK-response-with-pagination.yml b/cassettes/features/v2/security_monitoring/List-security-findings-returns-OK-response-with-pagination.yml new file mode 100644 index 00000000000..b76cfe50589 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/List-security-findings-returns-OK-response-with-pagination.yml @@ -0,0 +1,166 @@ +http_interactions: +- recorded_at: Mon, 15 Dec 2025 22:38:44 GMT + request: + body: null + headers: + Accept: + - application/json + method: GET + uri: https://api.datadoghq.com/api/v2/security/findings?page%5Blimit%5D=5 + response: + body: + encoding: UTF-8 + string: '{"data":[{"id":"OXBuLXltcS1yaGh-aS0wODVkZTgwNWY4NTJlZGQxNA==","type":"finding","attributes":{"attributes":{"custom":{"cloud_resource":{"account":"727006795293","category":"hosts","cloud_provider":"aws","configuration":{"account_id":"727006795293","agent_framework_id":"cis-ubuntu2204","agent_rule_id":"xccdf_org.ssgproject.content_rule_package_bind_removed","agent_version":"7.74.0-rc.3","evaluator":"xccdf","framework_requirement":["cis-ubuntu2004/DNS-Server","cis-rhel9/DNS-Server","cis-ubuntu2404/DNS-Server","cis-rhel8/DNS-Server","cis-rhel7/DNS-Server","cis-amzn2/DNS-Server","cis-al2023/DNS-Server","cis-ubuntu2204/DNS-Server","cis-almalinux9/DNS-Server"],"framework_requirement_control":["cis-ubuntu2004/DNS-Server/2.2.8","cis-ubuntu2404/DNS-Server/2.1.4","cis-rhel7/DNS-Server/2.2.4","cis-almalinux9/DNS-Server/2.1.4","cis-rhel8/DNS-Server/2.2.4","cis-rhel9/DNS-Server/2.1.4","cis-al2023/DNS-Server/2.2.5","cis-amzn2/DNS-Server/2.2.4","cis-ubuntu2204/DNS-Server/2.2.7"]},"region":"us-east-1"},"compliance":{"evaluation":"pass","framework_requirement_controls":["cis-ubuntu2004/DNS-Server/2.2.8","cis-ubuntu2404/DNS-Server/2.1.4","cis-rhel7/DNS-Server/2.2.4","cis-almalinux9/DNS-Server/2.1.4","cis-rhel8/DNS-Server/2.2.4","cis-rhel9/DNS-Server/2.1.4","cis-al2023/DNS-Server/2.2.5","cis-amzn2/DNS-Server/2.2.4","cis-ubuntu2204/DNS-Server/2.2.7"],"framework_requirements":["cis-ubuntu2004/DNS-Server","cis-rhel9/DNS-Server","cis-ubuntu2404/DNS-Server","cis-rhel8/DNS-Server","cis-rhel7/DNS-Server","cis-amzn2/DNS-Server","cis-al2023/DNS-Server","cis-ubuntu2204/DNS-Server","cis-almalinux9/DNS-Server"],"frameworks":[{"control":"2.2.8","framework":"cis-ubuntu2004","is_default":true,"message":"## + Description\n\nThe `named` service is provided by the `bind` package.\nThe + `bind` package can be removed with the following command:\n```\n\n$ apt-get + remove bind\n```\n\n\n## Rationale\n\nIf there is no need to make DNS server + software available,\nremoving it provides a safeguard against its activation.\n\n## + Remediation\n\n### Shell script\n\nThe following script can be run on the + host to remediate the issue.\n\n```\n#!/bin/bash\n\n# CAUTION: This remediation + script will remove bind9\n# from the system, and may remove any packages\n# + that depend on bind9. Execute this\n# remediation AFTER testing on a non-production\n# + system!\n\n\nDEBIAN_FRONTEND=noninteractive apt-get remove -y \"bind9\"\n```\n\n### + Ansible playbook\n\nThe following playbook can be run with Ansible to remediate + the issue.\n\n```\n- name: ''Uninstall bind Package: Ensure bind9 is removed''\n ansible.builtin.package:\n name: + bind9\n state: absent\n tags:\n - NIST-800-53-CM-6(a)\n - NIST-800-53-CM-7(a)\n - + NIST-800-53-CM-7(b)\n - disable_strategy\n - low_complexity\n - low_disruption\n - + low_severity\n - no_reboot_needed\n - package_bind_removed\n```\n","requirement":"DNS-Server","version":"1.0.0"},{"control":"2.2.7","framework":"cis-ubuntu2204","is_default":true,"message":"## + Description\n\nThe `named` service is provided by the `bind` package.\nThe + `bind` package can be removed with the following command:\n```\n\n$ apt-get + remove bind\n```\n\n\n## Rationale\n\nIf there is no need to make DNS server + software available,\nremoving it provides a safeguard against its activation.\n\n## + Remediation\n\n### Shell script\n\nThe following script can be run on the + host to remediate the issue.\n\n```\n#!/bin/bash\n\n# CAUTION: This remediation + script will remove bind9\n# from the system, and may remove any packages\n# + that depend on bind9. Execute this\n# remediation AFTER testing on a non-production\n# + system!\n\n\nDEBIAN_FRONTEND=noninteractive apt-get remove -y \"bind9\"\n```\n\n### + Ansible playbook\n\nThe following playbook can be run with Ansible to remediate + the issue.\n\n```\n- name: ''Uninstall bind Package: Ensure bind9 is removed''\n ansible.builtin.package:\n name: + bind9\n state: absent\n tags:\n - NIST-800-53-CM-6(a)\n - NIST-800-53-CM-7(a)\n - + NIST-800-53-CM-7(b)\n - disable_strategy\n - low_complexity\n - low_disruption\n - + low_severity\n - no_reboot_needed\n - package_bind_removed\n```\n","requirement":"DNS-Server","version":"2.0.0"},{"control":"2.2.4","framework":"cis-rhel7","is_default":true,"message":"## + Description\n\nThe `named` service is provided by the `bind` package.\nThe + `bind` package can be removed with the following command:\n```\n\n$ sudo yum + erase bind\n```\n\n\n## Rationale\n\nIf there is no need to make DNS server + software available,\nremoving it provides a safeguard against its activation.\n\n## + Remediation\n\n### Shell script\n\nThe following script can be run on the + host to remediate the issue.\n\n```\n#!/bin/bash\n\n# CAUTION: This remediation + script will remove bind\n#\t from the system, and may remove any packages\n#\t that + depend on bind. Execute this\n#\t remediation AFTER testing on a non-production\n#\t system!\n\nif + rpm -q --quiet \"bind\" ; then\n\n yum remove -y \"bind\"\n\nfi\n```\n\n### + Ansible playbook\n\nThe following playbook can be run with Ansible to remediate + the issue.\n\n```\n- name: Ensure bind is removed\n package:\n name: bind\n state: + absent\n tags:\n - CCE-80326-2\n - NIST-800-53-CM-6(a)\n - NIST-800-53-CM-7(a)\n - + NIST-800-53-CM-7(b)\n - disable_strategy\n - low_complexity\n - low_disruption\n - + low_severity\n - no_reboot_needed\n - package_bind_removed\n```\n","requirement":"DNS-Server","version":"3.1.1"},{"control":"2.2.4","framework":"cis-rhel8","is_default":true,"message":"## + Description\n\nThe `named` service is provided by the `bind` package.\nThe + `bind` package can be removed with the following command:\n```\n\n$ sudo yum + erase bind\n```\n\n\n## Rationale\n\nIf there is no need to make DNS server + software available,\nremoving it provides a safeguard against its activation.\n\n## + Remediation\n\n### Shell script\n\nThe following script can be run on the + host to remediate the issue.\n\n```\n#!/bin/bash\n\n# CAUTION: This remediation + script will remove bind\n# from the system, and may remove any packages\n# + that depend on bind. Execute this\n# remediation AFTER testing on a non-production\n# + system!\n\n\nif rpm -q --quiet \"bind\" ; then\nyum remove -y \"bind\"\nfi\n```\n\n### + Ansible playbook\n\nThe following playbook can be run with Ansible to remediate + the issue.\n\n```\n- name: ''Uninstall bind Package: Ensure bind is removed''\n ansible.builtin.package:\n name: + bind\n state: absent\n tags:\n - CCE-82408-6\n - NIST-800-53-CM-6(a)\n - + NIST-800-53-CM-7(a)\n - NIST-800-53-CM-7(b)\n - disable_strategy\n - low_complexity\n - + low_disruption\n - low_severity\n - no_reboot_needed\n - package_bind_removed\n```\n","requirement":"DNS-Server","version":"3.0.0"},{"control":"2.1.4","framework":"cis-rhel9","is_default":true,"message":"## + Description\n\nThe `named` service is provided by the `bind` package.\nThe + `bind` package can be removed with the following command:\n```\n\n$ sudo dnf + remove bind\n```\nOn Red Hat Enterprise Linux 9.6 and newer, the `bind` command + is also provided by the `bind9.18` package.\nThe `bind9.18` package can be + removed with the following command:\n```\n\n$ sudo dnf remove bind9.18\n```\n\n\n## + Rationale\n\nIf there is no need to make DNS server software available,\nremoving + it provides a safeguard against its activation.\n\n## Remediation\n\n### Shell + script\n\nThe following script can be run on the host to remediate the issue.\n\n```\n#!/bin/bash\n\n# + CAUTION: This remediation script will remove bind and bind9.18\n# from the + system, and may remove any packages\n# that depend on bind and bind9.18. Execute + this\n# remediation AFTER testing on a non-production\n# system!\n\n\nif rpm + -q --quiet \"bind\" ; then\ndnf remove -y --noautoremove \"bind\"\nfi\n\nif + rpm -q --quiet \"bind9.18\" ; then\ndnf remove -y --noautoremove \"bind9.18\"\nfi\n```\n\n### + Ansible playbook\n\nThe following playbook can be run with Ansible to remediate + the issue.\n\n```\n- name: ''Uninstall bind Package: Ensure bind is removed''\n ansible.builtin.package:\n name: + bind\n state: absent\n tags:\n - CCE-86505-5\n - NIST-800-53-CM-6(a)\n - + NIST-800-53-CM-7(a)\n - NIST-800-53-CM-7(b)\n - disable_strategy\n - low_complexity\n - + low_disruption\n - low_severity\n - no_reboot_needed\n - package_bind_removed\n\n- + name: ''Uninstall bind Package: Ensure bind9.18 is removed''\n ansible.builtin.package:\n name: + bind9.18\n state: absent\n tags:\n - CCE-86505-5\n - NIST-800-53-CM-6(a)\n - + NIST-800-53-CM-7(a)\n - NIST-800-53-CM-7(b)\n - disable_strategy\n - low_complexity\n - + low_disruption\n - low_severity\n - no_reboot_needed\n - package_bind_removed\n```\n","requirement":"DNS-Server","version":"2.0.0"},{"control":"2.1.4","framework":"cis-almalinux9","is_default":true,"message":"## + Description\n\nThe `named` service is provided by the `bind` package.\nThe + `bind` package can be removed with the following command:\n```\n\n$ sudo dnf + remove bind\n```\n\n\n## Rationale\n\nIf there is no need to make DNS server + software available,\nremoving it provides a safeguard against its activation.\n\n## + Remediation\n\n### Shell script\n\nThe following script can be run on the + host to remediate the issue.\n\n```\n#!/bin/bash\n\n# CAUTION: This remediation + script will remove bind\n# from the system, and may remove any packages\n# + that depend on bind. Execute this\n# remediation AFTER testing on a non-production\n# + system!\n\n\nif rpm -q --quiet \"bind\" ; then\ndnf remove -y --noautoremove + \"bind\"\nfi\n```\n\n### Ansible playbook\n\nThe following playbook can be + run with Ansible to remediate the issue.\n\n```\n- name: ''Uninstall bind + Package: Ensure bind is removed''\n ansible.builtin.package:\n name: bind\n state: + absent\n tags:\n - NIST-800-53-CM-6(a)\n - NIST-800-53-CM-7(a)\n - NIST-800-53-CM-7(b)\n - + disable_strategy\n - low_complexity\n - low_disruption\n - low_severity\n - + no_reboot_needed\n - package_bind_removed\n```\n","requirement":"DNS-Server","version":"2.0.0"},{"control":"2.2.4","framework":"cis-amzn2","is_default":true,"message":"## + Description\n\nThe `named` service is provided by the `bind` package.\nThe + `bind` package can be removed with the following command:\n```\n\n$ sudo yum + erase bind\n```\n\n\n## Rationale\n\nIf there is no need to make DNS server + software available,\nremoving it provides a safeguard against its activation.\n\n## + Remediation\n\n### Shell script\n\nThe following script can be run on the + host to remediate the issue.\n\n```\n#!/bin/bash\n\n# CAUTION: This remediation + script will remove bind\n#\t from the system, and may remove any packages\n#\t that + depend on bind. Execute this\n#\t remediation AFTER testing on a non-production\n#\t system!\n\nif + rpm -q --quiet \"bind\" ; then\n\n yum remove -y \"bind\"\n\nfi\n```\n\n### + Ansible playbook\n\nThe following playbook can be run with Ansible to remediate + the issue.\n\n```\n- name: Ensure bind is removed\n package:\n name: bind\n state: + absent\n tags:\n - NIST-800-53-CM-6(a)\n - NIST-800-53-CM-7(a)\n - NIST-800-53-CM-7(b)\n - + disable_strategy\n - low_complexity\n - low_disruption\n - low_severity\n - + no_reboot_needed\n - package_bind_removed\n```\n","requirement":"DNS-Server","version":"3.0.0"},{"control":"2.2.5","framework":"cis-al2023","is_default":true,"message":"## + Description\n\nThe `named` service is provided by the `bind` package.\nThe + `bind` package can be removed with the following command:\n```\n\n$ sudo dnf + remove bind\n```\n\n\n## Rationale\n\nIf there is no need to make DNS server + software available,\nremoving it provides a safeguard against its activation.\n\n## + Remediation\n\n### Shell script\n\nThe following script can be run on the + host to remediate the issue.\n\n```\n#!/bin/bash\n\n# CAUTION: This remediation + script will remove bind\n# from the system, and may remove any packages\n# + that depend on bind. Execute this\n# remediation AFTER testing on a non-production\n# + system!\n\n\nif rpm -q --quiet \"bind\" ; then\ndnf remove -y --noautoremove + \"bind\"\nfi\n```\n\n### Ansible playbook\n\nThe following playbook can be + run with Ansible to remediate the issue.\n\n```\n- name: ''Uninstall bind + Package: Ensure bind is removed''\n ansible.builtin.package:\n name: bind\n state: + absent\n tags:\n - NIST-800-53-CM-6(a)\n - NIST-800-53-CM-7(a)\n - NIST-800-53-CM-7(b)\n - + disable_strategy\n - low_complexity\n - low_disruption\n - low_severity\n - + no_reboot_needed\n - package_bind_removed\n```\n","requirement":"DNS-Server","version":"1.0.0"},{"control":"2.2.5","framework":"cis-al2023","is_default":true,"requirement":"DNS-Server","version":"1.0.0"},{"control":"2.1.4","framework":"cis-almalinux9","is_default":true,"requirement":"DNS-Server","version":"2.0.0"},{"control":"2.2.4","framework":"cis-amzn2","is_default":true,"requirement":"DNS-Server","version":"3.0.0"},{"control":"2.2.4","framework":"cis-rhel7","is_default":true,"requirement":"DNS-Server","version":"3.1.1"},{"control":"2.2.4","framework":"cis-rhel8","is_default":true,"requirement":"DNS-Server","version":"3.0.0"},{"control":"2.1.4","framework":"cis-rhel9","is_default":true,"requirement":"DNS-Server","version":"2.0.0"},{"control":"2.2.8","framework":"cis-ubuntu2004","is_default":true,"requirement":"DNS-Server","version":"1.0.0"},{"control":"2.2.7","framework":"cis-ubuntu2204","is_default":true,"requirement":"DNS-Server","version":"2.0.0"},{"control":"2.1.4","framework":"cis-ubuntu2404","is_default":true,"requirement":"DNS-Server","version":"1.0.0"}]},"description":"%%%\n## + Description\n\nThe `named` service is provided by the `bind` package.\nThe + `bind` package can be removed with the following command:\n```\n\n$ apt-get + remove bind\n```\n\n\n## Rationale\n\nIf there is no need to make DNS server + software available,\nremoving it provides a safeguard against its activation.\n\n## + Remediation\n\n### Shell script\n\nThe following script can be run on the + host to remediate the issue.\n\n```\n#!/bin/bash\n\n# CAUTION: This remediation + script will remove bind9\n# from the system, and may remove any packages\n# + that depend on bind9. Execute this\n# remediation AFTER testing on a non-production\n# + system!\n\n\nDEBIAN_FRONTEND=noninteractive apt-get remove -y \"bind9\"\n```\n\n### + Ansible playbook\n\nThe following playbook can be run with Ansible to remediate + the issue.\n\n```\n- name: ''Uninstall bind Package: Ensure bind9 is removed''\n ansible.builtin.package:\n name: + bind9\n state: absent\n tags:\n - NIST-800-53-CM-6(a)\n - NIST-800-53-CM-7(a)\n - + NIST-800-53-CM-7(b)\n - disable_strategy\n - low_complexity\n - low_disruption\n - + low_severity\n - no_reboot_needed\n - package_bind_removed\n```\n\n%%%","detection_changed_at":1765838312079,"finding_id":"OXBuLXltcS1yaGh-aS0wODVkZTgwNWY4NTJlZGQxNA==","finding_type":"misconfiguration","first_seen_at":1765838312079,"host":{"cloud_provider":"aws","name":"i-085de805f852edd14"},"k8s":{"cluster_id":"heatran"},"last_seen_at":1765838312079,"metadata":{"schema_version":"2"},"resource_id":"i-085de805f852edd14","resource_name":"i-085de805f852edd14","resource_type":"host","rule":{"default_rule_id":"def-000-zlf","id":"9pn-ymq-rhh","name":"Uninstall + bind Package","type":"infrastructure configuration","version":25},"severity":"low","severity_details":{"adjusted":{"score":2,"value":"low","value_id":1}},"status":"open","title":"Uninstall + bind Package","workflow":{"mute":{"is_muted":false}}}},"tags":["scored:true","kernel:none","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1c","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","availability-zone:us-east-1c","role:kube-node","env:staging","image:ami-0a8a2ad2689e7c22d","control:2.2.4","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","kubernetes.io/cluster/heatran:owned","k8s.io/cluster-autoscaler/node-template/resources/memory:5971764ki","site:datad0g.com","framework:cis-ubuntu2204","adp_enabled:true","security:compliance","auto-discovery.cluster-autoscaler.k8s.io/heatran","chart_name:koutris-infra","security-group:sg-0a2e60dd3f9a5a6ab","kube_node_role:compute","control:2.2.7","control:2.2.8","control:2.2.5","autoscaling_group:us1-staging-dog-heatran-k8s-ng-asg-a6848eee38b2f3a8","kube_cluster_name:heatran","orch_cluster_id:0659afbc-9c8d-401f-926c-8d0a7d64a5d8","dd_compute_k8s_platform_version:v6-271-0","name:koutris_koutris-fw-2c8g","kubernetes_cluster:heatran","release:koutris-infra","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:koutris","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:93mi","kube_node:ip-10-112-62-173.ec2.internal","aws_account:727006795293","host:i-085de805f852edd14","k8s.io/cluster-autoscaler/node-template/resources/cpu:1900m","pci_compliance_level:tier_two","is_kube_cluster_experimental:false","aws:ec2launchtemplate:id:lt-0565e94873111d4dc","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false","requirement:dns-server","node.datadoghq.com/cgroup:v2","k8s.io/cluster-autoscaler/enabled:yes","team:monitor-intake","security-group:sg-0ebe29714ed14f3c3","region:us-east-1","control:2.1.4","aws:ec2:fleet-id:fleet-4fbf0515-3c0e-e685-0c1a-01aa4d0a88dd","ng_local_storage:false","cluster_name:heatran","cpu_arch:amd64","ng_cluster_autoscaler:true","nodegroup:koutris_koutris-fw-2c8g","source:host-benchmarks","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/koutris-fw-2c8g","account_id:727006795293","iam_profile:k8s/us1-staging-dog-heatran-kube-node_v2","instance_type:m6i.large","node.datadoghq.com/base-image:ubuntu_22_04","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","node.datadoghq.com/version:v6-271-0","aws:ec2launchtemplate:version:1","k8s.io/cluster-autoscaler/node-template/resources/pods:20","datacenter:us1.staging.dog","k8s.io/cluster-autoscaler/node-template/taint/node:koutris-fw-2c8g:noschedule","kube_node_role:koutris-fw-2c8g","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:koutris-fw-2c8g","account:staging","framework_version:cis-ubuntu2204_v2.0.0","source:compliance-agent","nodegroups.datadoghq.com/name:koutris-fw-2c8g","agent_release_candidate_cluster:false","instance-type:m6i.large","nodegroups.datadoghq.com/namespace:koutris"],"timestamp":1765838312079}},{"id":"YTcxZGViZjIxNDMwYzMzM2ZjZTJlMzQ3NzZkZmEzZWF-OTljOTc5NDQ2OGY3Zjk3YmEzZGE2YzUxODZhMzQ4M2M=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2024-26740"],"cve":"CVE-2024-26740","id":"TRIVY-CVE-2024-26740","modified_at":1742227413000,"published_at":1712164551000,"summary":"kernel: + net/sched: act_mirred: use the backlog for mirred ingress","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"ip-10-151-58-63.us-west-2.compute.internal-raboot-c"},"detection_changed_at":1765838311928,"finding_id":"YTcxZGViZjIxNDMwYzMzM2ZjZTJlMzQ3NzZkZmEzZWF-OTljOTc5NDQ2OGY3Zjk3YmEzZGE2YzUxODZhMzQ4M2M=","finding_type":"host_and_container_vulnerability","first_seen_at":1765838305292,"host":{"name":"ip-10-151-58-63.us-west-2.compute.internal-raboot-c","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"raboot-c"},"last_seen_at":1765838311928,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-tools-common"],"name":"linux","normalized_name":"linux","version":"5.15.0-164.174"},"remediation":{"is_available":false},"resource_id":"99c9794468f7f97ba3da6c5186a3483c","resource_name":"ip-10-151-58-63.us-west-2.compute.internal-raboot-c","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00007,"epss_severity":"low"},"impact_cvss":"safer","value":false},"is_production":{"impact_cvss":"safer","value":false}},"severity":"low","severity_details":{"adjusted":{"score":2.7,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.5,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}},"status":"open","title":"kernel: + net/sched: act_mirred: use the backlog for mirred ingress","vulnerability":{"cwes":["CWE-667"],"hash":"7006ac6847128f6a8d00b409db2695db2509f2ffcac2f023ccd33af9fc50a060","stack":{"ecosystem":"deb"}},"workflow":{"mute":{"is_muted":false}}}},"tags":["exposure_time_days:0","kube_node_role:nodeless","kube_node:ip-10-151-58-63.us-west-2.compute.internal","package_name:linux","epss_raw_score:0.000070","fix_available:unavailable","env:staging","datacenter:prtest02.staging.dog","source:datadog","severity:low","hash:7006ac6847128f6a8d00b409db2695db2509f2ffcac2f023ccd33af9fc50a060","vulnerability_status:open","cluster_name:raboot-c","scored:false","kube_node_role:compute","asset_type:host","new:true","base_severity:medium","os_name:ubuntu","site:datadoghq.com","assignee:none","assignee_id:none","in_production:false","kube_cluster_name:raboot-c","vuln_id:7006ac6847128f6a8d00b409db2695db2509f2ffcac2f023ccd33af9fc50a060","is_kube_cluster_experimental:false","orch_cluster_id:76cfd63e-1d3b-4bf3-b0b0-93e1423ef6cc","node.datadoghq.com/flavor:standard","nodegroups.datadoghq.com/name:nodeless-amd64-d-c6a-2xlarge","adp_enabled:false","public_exploit_available:false","alias:cve-2024-26740","node.datadoghq.com/cgroup:v2","node.datadoghq.com/version:v6-260-2","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","base_score:5.5","score:2.7","dd_rule_type:not-empty","ecosystem:deb","os_version:22.04","ng_local_storage:false","close_count:0","cve:cve-2024-26740","cpu_arch:amd64","ng_cluster_autoscaler:true","package_version:5.15.0-164.174","last_detected_minutes:0","node.datadoghq.com/base-image:ubuntu_22_04","kube_node_role:nodeless-amd64-d-c6a-2xlarge","instance_type:c6a.2xlarge","event_type:new","asset_id:ip-10-151-58-63.us-west-2.compute.internal-raboot-c","type:component_with_known_vulnerability","eenv:staging","origin:agent","agent_release_candidate_cluster:false","env:staging"],"timestamp":1765838311928}},{"id":"MDdjY2IxZjk1MzQ2NDIzOWJjYWE1Yjk4NmU3MWNiZGF-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2025-38057"],"cve":"CVE-2025-38057","id":"TRIVY-CVE-2025-38057","modified_at":1765059350000,"published_at":1750241738000,"summary":"kernel: + espintcp: fix skb leaks","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"ip-10-12-87-102.us-west-2.compute.internal-grooky"},"detection_changed_at":1765838311625,"finding_id":"MDdjY2IxZjk1MzQ2NDIzOWJjYWE1Yjk4NmU3MWNiZGF-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=","finding_type":"host_and_container_vulnerability","first_seen_at":1765838306213,"host":{"name":"ip-10-12-87-102.us-west-2.compute.internal-grooky","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"grooky"},"last_seen_at":1765838311912,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-tools-6.8.0-1040-aws","linux-modules-6.8.0-1044-aws","linux-aws-6.8-headers-6.8.0-1040"],"name":"linux-aws-6.8","normalized_name":"linux-aws-6.8","version":"6.8.0-1040.42~22.04.1"},"remediation":{"is_available":false},"resource_id":"bbbd1d4b047c44f8f95e5bd24523f7a3","resource_name":"ip-10-12-87-102.us-west-2.compute.internal-grooky","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00015,"epss_severity":"low"},"impact_cvss":"safer","value":false},"is_production":{"impact_cvss":"safer","value":false}},"severity":"low","severity_details":{"adjusted":{"score":2.7,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.5,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}},"status":"open","title":"kernel: + espintcp: fix skb leaks","vulnerability":{"cwes":["CWE-401"],"hash":"2d7834d0e13e82fb456bdd55f899695eac53e854edd35696150e726551ccbd6a","stack":{"ecosystem":"deb"}},"workflow":{"mute":{"is_muted":false}}}},"tags":["cluster_name:grooky","exposure_time_days:0","kube_node_role:nodeless","event_type:none","fix_available:unavailable","env:staging","vuln_id:2d7834d0e13e82fb456bdd55f899695eac53e854edd35696150e726551ccbd6a","hash:2d7834d0e13e82fb456bdd55f899695eac53e854edd35696150e726551ccbd6a","package_name:linux-aws-6.8","nodegroups.datadoghq.com/name:nodeless-arm64-d-c6g-4xlarge","source:datadog","severity:low","vulnerability_status:open","kube_cluster_name:grooky","scored:false","kube_node_role:compute","asset_type:host","base_severity:medium","os_name:ubuntu","site:datadoghq.com","datacenter:prtest03.staging.dog","assignee:none","asset_id:ip-10-12-87-102.us-west-2.compute.internal-grooky","assignee_id:none","in_production:false","is_kube_cluster_experimental:false","node.datadoghq.com/flavor:standard","orch_cluster_id:093ee83e-2ab7-4c08-8f9e-b580f7bb8115","adp_enabled:false","running_kernel:false","public_exploit_available:false","node.datadoghq.com/cgroup:v2","node.datadoghq.com/version:v6-260-2","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","base_score:5.5","score:2.7","dd_rule_type:not-empty","ecosystem:deb","os_version:22.04","ng_local_storage:false","close_count:0","package_version:6.8.0-1040.42_22.04.1","ng_cluster_autoscaler:true","kube_node:ip-10-12-87-102.us-west-2.compute.internal","alias:cve-2025-38057","last_detected_minutes:0","node.datadoghq.com/base-image:ubuntu_22_04","instance_type:c6g.4xlarge","cve:cve-2025-38057","cpu_arch:arm64","kube_node_role:nodeless-arm64-d-c6g-4xlarge","epss_raw_score:0.00015","type:component_with_known_vulnerability","eenv:staging","origin:agent","agent_release_candidate_cluster:false","env:staging"],"timestamp":1765838311625}},{"id":"MGQwMzY2ODc3OTYzNDE2ZWE3YjVhMmFmOWQ3OWI5ZjV-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2025-40114"],"cve":"CVE-2025-40114","id":"TRIVY-CVE-2025-40114","modified_at":1759331744000,"published_at":1744960544000,"summary":"kernel: + iio: light: Add check for array bounds in veml6075_read_int_time_ms","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"ip-10-12-87-102.us-west-2.compute.internal-grooky"},"detection_changed_at":1765838311522,"finding_id":"MGQwMzY2ODc3OTYzNDE2ZWE3YjVhMmFmOWQ3OWI5ZjV-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=","finding_type":"host_and_container_vulnerability","first_seen_at":1765838306213,"host":{"name":"ip-10-12-87-102.us-west-2.compute.internal-grooky","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"grooky"},"last_seen_at":1765838311522,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-tools-6.8.0-1040-aws","linux-aws-6.8-tools-6.8.0-1040","linux-modules-6.8.0-1040-aws"],"name":"linux-aws-6.8","normalized_name":"linux-aws-6.8","version":"6.8.0-1040.42~22.04.1"},"remediation":{"is_available":true,"package":{"base":[{"name":"linux-aws-6.8","version":"6.8.0-1041.43~22.04.1"}]},"recommended":{"name":"linux-aws-6.8","version":"6.8.0-1041.43~22.04.1"}},"resource_id":"bbbd1d4b047c44f8f95e5bd24523f7a3","resource_name":"ip-10-12-87-102.us-west-2.compute.internal-grooky","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00018,"epss_severity":"low"},"impact_cvss":"safer","value":false},"is_production":{"impact_cvss":"safer","value":false}},"severity":"medium","severity_details":{"adjusted":{"score":4.7,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":7.8,"value":"high","value_id":3,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}},"status":"open","title":"kernel: + iio: light: Add check for array bounds in veml6075_read_int_time_ms","vulnerability":{"cwes":["CWE-129"],"hash":"a62facb5685f29ada4e069863e0edc360411f4283477fa21fa3c7fec6b39e603","stack":{"ecosystem":"deb"}},"workflow":{"mute":{"is_muted":false}}}},"tags":["cluster_name:grooky","exposure_time_days:0","kube_node_role:nodeless","event_type:none","env:staging","package_name:linux-aws-6.8","nodegroups.datadoghq.com/name:nodeless-arm64-d-c6g-4xlarge","source:datadog","vulnerability_status:open","fix_available:available","kube_cluster_name:grooky","vuln_id:a62facb5685f29ada4e069863e0edc360411f4283477fa21fa3c7fec6b39e603","scored:false","kube_node_role:compute","hash:a62facb5685f29ada4e069863e0edc360411f4283477fa21fa3c7fec6b39e603","asset_type:host","os_name:ubuntu","site:datadoghq.com","datacenter:prtest03.staging.dog","assignee:none","asset_id:ip-10-12-87-102.us-west-2.compute.internal-grooky","assignee_id:none","cve:cve-2025-40114","in_production:false","alias:cve-2025-40114","is_kube_cluster_experimental:false","node.datadoghq.com/flavor:standard","orch_cluster_id:093ee83e-2ab7-4c08-8f9e-b580f7bb8115","adp_enabled:false","running_kernel:false","public_exploit_available:false","node.datadoghq.com/cgroup:v2","node.datadoghq.com/version:v6-260-2","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","base_score:7.8","score:4.7","severity:medium","dd_rule_type:not-empty","ecosystem:deb","os_version:22.04","ng_local_storage:false","close_count:0","package_version:6.8.0-1040.42_22.04.1","ng_cluster_autoscaler:true","kube_node:ip-10-12-87-102.us-west-2.compute.internal","last_detected_minutes:0","base_severity:high","node.datadoghq.com/base-image:ubuntu_22_04","instance_type:c6g.4xlarge","cpu_arch:arm64","kube_node_role:nodeless-arm64-d-c6g-4xlarge","type:component_with_known_vulnerability","epss_raw_score:0.00018","eenv:staging","origin:agent","agent_release_candidate_cluster:false","env:staging"],"timestamp":1765838311522}},{"id":"ZmM0NTk0NmQzNzIwNTk0ZTQ0ODM5OWM1MDI5ODBhNDZ-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["BIT-golang-2025-47912","CVE-2025-47912"],"cve":"CVE-2025-47912","id":"GO-2025-4010","modified_at":1762437598375,"published_at":1761774598000,"summary":"Insufficient + validation of bracketed IPv6 hostnames in net/url","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"ip-10-12-87-102.us-west-2.compute.internal-grooky"},"detection_changed_at":1765838311417,"finding_id":"ZmM0NTk0NmQzNzIwNTk0ZTQ0ODM5OWM1MDI5ODBhNDZ-YmJiZDFkNGIwNDdjNDRmOGY5NWU1YmQyNDUyM2Y3YTM=","finding_type":"host_and_container_vulnerability","first_seen_at":1765838306213,"host":{"name":"ip-10-12-87-102.us-west-2.compute.internal-grooky","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"grooky"},"last_seen_at":1765838311417,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["stdlib"],"name":"stdlib","normalized_name":"stdlib","version":"v1.22.10"},"remediation":{"is_available":true,"package":{"base":[{"name":"stdlib","version":"1.25.2"}]},"recommended":{"name":"stdlib","version":"1.25.2"}},"resource_id":"bbbd1d4b047c44f8f95e5bd24523f7a3","resource_name":"ip-10-12-87-102.us-west-2.compute.internal-grooky","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00025,"epss_severity":"low"},"impact_cvss":"safer","value":false},"is_production":{"impact_cvss":"safer","value":false}},"severity":"low","severity_details":{"adjusted":{"score":2.8,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.3,"value":"medium","value_id":2,"vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}},"status":"open","title":"Insufficient + validation of bracketed IPv6 hostnames in net/url","vulnerability":{"hash":"1505a97f3a8bd19c9a5d29f14c9d60749f479ac2de30a8a8b95fbfb5e4b7db53","stack":{"ecosystem":"go","language":"go"}},"workflow":{"mute":{"is_muted":false}}}},"tags":["cluster_name:grooky","exposure_time_days:0","kube_node_role:nodeless","ecosystem:go","env:staging","cve:cve-2025-47912","nodegroups.datadoghq.com/name:nodeless-arm64-d-c6g-4xlarge","epss_raw_score:0.00025","alias:cve-2025-47912","source:datadog","severity:low","vulnerability_status:open","fix_available:available","kube_cluster_name:grooky","scored:false","kube_node_role:compute","asset_type:host","new:true","base_severity:medium","os_name:ubuntu","site:datadoghq.com","datacenter:prtest03.staging.dog","assignee:none","asset_id:ip-10-12-87-102.us-west-2.compute.internal-grooky","assignee_id:none","in_production:false","is_kube_cluster_experimental:false","node.datadoghq.com/flavor:standard","orch_cluster_id:093ee83e-2ab7-4c08-8f9e-b580f7bb8115","alias:bit-golang-2025-47912","adp_enabled:false","public_exploit_available:false","node.datadoghq.com/cgroup:v2","node.datadoghq.com/version:v6-260-2","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","base_score:5.3","score:2.8","dd_rule_type:not-empty","os_version:22.04","ng_local_storage:false","close_count:0","package_version:v1.22.10","package_name:stdlib","ng_cluster_autoscaler:true","kube_node:ip-10-12-87-102.us-west-2.compute.internal","hash:1505a97f3a8bd19c9a5d29f14c9d60749f479ac2de30a8a8b95fbfb5e4b7db53","last_detected_minutes:0","node.datadoghq.com/base-image:ubuntu_22_04","event_type:new","instance_type:c6g.4xlarge","vuln_id:1505a97f3a8bd19c9a5d29f14c9d60749f479ac2de30a8a8b95fbfb5e4b7db53","cpu_arch:arm64","kube_node_role:nodeless-arm64-d-c6g-4xlarge","type:component_with_known_vulnerability","eenv:staging","origin:agent","agent_release_candidate_cluster:false","env:staging"],"timestamp":1765838311417}}],"meta":{"elapsed":1248,"page":{"after":"eyJhZnRlciI6IkF3QUFBWnNrS2tfNUZKWWZDd0FBQUJoQlduTnJTMnRmTlVGQlFqWkNNM3BmZVhadWJXNXhVMElBQUFBa1pqRTVZakkwTW1FdE5USmlaQzAwTldVd0xUZzRNREF0WW1ZeVlXSmlOR1k0TldRM0FBQUFMZyIsInZhbHVlcyI6WzE3NjU4MzgzMTE0MTcsIjIwMjUtMTItMTVUMjI6Mzg6MzEuNDE3WiIsMzQ1MzgyNjY3XX0="},"request_id":"pddv1ChZubmNwVFVjWVJRLW9xSWIybklHWXJ3Ii0KHaszALDHDfJD6z3rlnQLgHugKbU0hTnqHR56Yrc4Egx3bkYPy7veSr6fRk0","status":"done"},"links":{"next":"/api/v2/security/findings?page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrS2tfNUZKWWZDd0FBQUJoQlduTnJTMnRmTlVGQlFqWkNNM3BmZVhadWJXNXhVMElBQUFBa1pqRTVZakkwTW1FdE5USmlaQzAwTldVd0xUZzRNREF0WW1ZeVlXSmlOR1k0TldRM0FBQUFMZyIsInZhbHVlcyI6WzE3NjU4MzgzMTE0MTcsIjIwMjUtMTItMTVUMjI6Mzg6MzEuNDE3WiIsMzQ1MzgyNjY3XX0%3D\u0026page%5Blimit%5D=5\u0026sort=-%40detection_changed_at"}}' + headers: + Content-Type: + - application/vnd.api+json + status: + code: 200 + message: OK +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/security_monitoring/List-security-findings-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/List-security-findings-returns-OK-response.frozen new file mode 100644 index 00000000000..1fdc64cd55b --- /dev/null +++ b/cassettes/features/v2/security_monitoring/List-security-findings-returns-OK-response.frozen @@ -0,0 +1 @@ +2025-12-15T22:38:02.352Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/List-security-findings-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/List-security-findings-returns-OK-response.yml new file mode 100644 index 00000000000..4d0fd8a11bf --- /dev/null +++ b/cassettes/features/v2/security_monitoring/List-security-findings-returns-OK-response.yml @@ -0,0 +1,40 @@ +http_interactions: +- recorded_at: Mon, 15 Dec 2025 22:38:02 GMT + request: + body: null + headers: + Accept: + - application/json + method: GET + uri: https://api.datadoghq.com/api/v2/security/findings + response: + body: + encoding: UTF-8 + string: '{"data":[{"id":"MWIxMjUyZGJjMjE3ZTFmZTcwZDdlMDNiNTI2YjQ3ZDB-MmQ5ZDgzMTJiMGIwYmM5ZGRmZjQ5OTk4ZmMzYWYyNmM=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2025-38626"],"cve":"CVE-2025-38626","id":"TRIVY-CVE-2025-38626","modified_at":1764176984000,"published_at":1755879336000,"summary":"kernel: + f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"i-048dfba6091eb0d1d","region":"us-west-2"},"detection_changed_at":1765838271832,"finding_id":"MWIxMjUyZGJjMjE3ZTFmZTcwZDdlMDNiNTI2YjQ3ZDB-MmQ5ZDgzMTJiMGIwYmM5ZGRmZjQ5OTk4ZmMzYWYyNmM=","finding_type":"host_and_container_vulnerability","first_seen_at":1765435671872,"host":{"cloud_provider":"aws","image":"ami-0cc8c76c477f8196c","name":"i-048dfba6091eb0d1d","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"bonsly"},"last_seen_at":1765838271832,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-tools-common"],"name":"linux","normalized_name":"linux","version":"5.15.0-161.171"},"related_services":["exposed_to_attacks:false","elasticsearch-bundles"],"remediation":{"is_available":false},"resource_id":"2d9d8312b0b0bc9ddff49998fc3af26c","resource_name":"i-048dfba6091eb0d1d","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00018,"epss_severity":"low"},"impact_cvss":"safer","value":false},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"low","severity_details":{"adjusted":{"score":2.7,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.5,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}},"status":"auto_closed","title":"kernel: + f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode","vulnerability":{"hash":"99066567a1e5dbddd8e7f5e3724f31dbf66cac57a143756e292be14481f28759","stack":{"ecosystem":"deb"}},"workflow":{"auto_closed_at":1765838271832,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","event_type:close","fix_available:unavailable","security-group:sg-0f39702193288cb41","source:datadog","severity:low","auto-discovery.cluster-autoscaler.k8s.io/bonsly","asset_type:host","nodegroup:elasticsearch-bundles_elasticsearch-bundles-data","image:ami-0cc8c76c477f8196c","base_severity:medium","site:datadoghq.com","assignee:none","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:elasticsearch-bundles-data","name:elasticsearch-bundles_elasticsearch-bundles-data","vuln_id:99066567a1e5dbddd8e7f5e3724f31dbf66cac57a143756e292be14481f28759","app:elasticsearch","assignee_id:none","in_production:false","availability-zone:us-west-2b","is_kube_cluster_experimental:false","tags.datadoghq.com/version:8.19.6","adp_enabled:false","public_exploit_available:false","iam_profile:k8s/prtest02-staging-dog-bonsly-kube-node_v2","base_score:5.5","elasticsearch-role:data","team:compute-cloud-accounts","score:2.7","aws:ec2launchtemplate:id:lt-0e2373e62ce4d91a0","nodegroups.datadoghq.com/name:elasticsearch-bundles-data","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2b","managed_by_team:mars","hash:99066567a1e5dbddd8e7f5e3724f31dbf66cac57a143756e292be14481f28759","ecosystem:deb","kube_node:ip-10-150-76-207.us-west-2.compute.internal","ng_local_storage:false","close_count:0","ng_cluster_autoscaler:true","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:88mi","nodegroups.datadoghq.com/namespace:elasticsearch-bundles","service_exposed_to_attacks:false","account:staging-prtest02-yodel","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","k8s.io/cluster-autoscaler/node-template/resources/pods:20","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:mars","orch_cluster_id:ee224680-a73d-4437-809c-8cbdc2513b6c","cluster_name:bonsly","cpu_arch:arm64","epss_raw_score:0.00018","eenv:staging","agent_release_candidate_cluster:false","k8s.io/cluster-autoscaler/node-template/taint/node:elasticsearch-bundles-data:noschedule","exposure_time_days:4","service:elasticsearch-bundles","package_name:linux","package_version:5.15.0-161.171","role:kube-node","env:staging","datacenter:prtest02.staging.dog","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","asset_id:i-048dfba6091eb0d1d","datastore:elasticsearch","scored:false","kube_node_role:compute","kubernetes_cluster:bonsly","security-group:sg-0209ab6974808b99b","os_name:ubuntu","node.datadoghq.com/version:v6-257-3","autoscaling_group:prtest02-staging-dog-bonsly-k8s-ng-asg-e030273153b4de8b","kube_cluster_name:bonsly","instance-type:m6g.large","kube_node_role:elasticsearch-bundles-data","chart_name:elasticsearch","region:us-west-2","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/elasticsearch-bundles-data","k8s.io/cluster-autoscaler/node-template/resources/cpu:1900m","instance_type:m6g.large","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false","aws_account:204235354797","k8s.io/cluster-autoscaler/node-template/label/team:data-science","node.datadoghq.com/cgroup:v2","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","team:data-science","dd_rule_type:not-empty","os_version:22.04","aws:ec2:fleet-id:fleet-121c8084-5187-cc16-a418-27881156a65a","vulnerability_status:auto-closed","cve:cve-2025-38626","kubernetes.io/cluster/bonsly:owned","last_detected_minutes:0","elasticsearch_cluster:elasticsearch-bundles","tag:data","node.datadoghq.com/base-image:ubuntu_22_04","dd_compute_k8s_platform_version:v6-257-3","cluster:elasticsearch-bundles","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:elasticsearch-bundles","k8s.io/cluster-autoscaler/node-template/resources/memory:7131mi","previous_status:open","alias:cve-2025-38626","type:component_with_known_vulnerability","origin:agent","env:staging"],"timestamp":1765838271832}},{"id":"ZGEwMTA4NDdiZjM0ZjI5ZDBlYmMyMzM3NWFkYmUyNWN-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2025-22073"],"cve":"CVE-2025-22073","id":"TRIVY-CVE-2025-22073","modified_at":1762201062000,"published_at":1744816561000,"summary":"kernel: + spufs: fix a leak on spufs_new_file() failure","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"i-0fe66c7f2fe27288a","region":"us-west-2"},"detection_changed_at":1765838271620,"finding_id":"ZGEwMTA4NDdiZjM0ZjI5ZDBlYmMyMzM3NWFkYmUyNWN-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=","finding_type":"host_and_container_vulnerability","first_seen_at":1765438485381,"host":{"cloud_provider":"aws","image":"ami-0afa99f6d7a0af2bf","name":"i-0fe66c7f2fe27288a","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"machop"},"last_seen_at":1765838271620,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-tools-6.8.0-1040-aws","linux-aws-6.8-tools-6.8.0-1040","linux-headers-6.8.0-1040-aws","linux-aws-6.8-headers-6.8.0-1040","linux-modules-6.8.0-1040-aws"],"name":"linux-aws-6.8","normalized_name":"linux-aws-6.8","version":"6.8.0-1040.42~22.04.1"},"related_services":["exposed_to_attacks:false","kafka"],"remediation":{"is_available":true,"package":{"base":[{"name":"linux-aws-6.8","version":"6.8.0-1041.43~22.04.1"}]},"recommended":{"name":"linux-aws-6.8","version":"6.8.0-1041.43~22.04.1"}},"resource_id":"ccd780722c997ec5b77ea916b3c501ca","resource_name":"i-0fe66c7f2fe27288a","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00023,"epss_severity":"low"},"impact_cvss":"safer","value":false},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"low","severity_details":{"adjusted":{"score":2.7,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.5,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}},"status":"auto_closed","title":"kernel: + spufs: fix a leak on spufs_new_file() failure","vulnerability":{"cwes":["CWE-401"],"hash":"faaac328c2e1d67f56a7d4aa1ed18a013ec6d28bf7312a14ad15692994675f50","stack":{"ecosystem":"deb"}},"workflow":{"auto_closed_at":1765838271063,"mute":{"is_muted":false}}}},"tags":["kernel:none","vuln_id:faaac328c2e1d67f56a7d4aa1ed18a013ec6d28bf7312a14ad15692994675f50","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","image:ami-0afa99f6d7a0af2bf","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","instance_type:i3en.2xlarge","aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea","source:datadog","severity:low","k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","fix_available:available","asset_type:host","cluster_name:machop","base_severity:medium","site:datadoghq.com","auto-discovery.cluster-autoscaler.k8s.io/machop","k8s.io/cluster-autoscaler/node-template/label/version:1","version:1","k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups","assignee:none","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium","assignee_id:none","in_production:false","availability-zone:us-west-2c","is_kube_cluster_experimental:false","hash:faaac328c2e1d67f56a7d4aa1ed18a013ec6d28bf7312a14ad15692994675f50","adp_enabled:false","public_exploit_available:false","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium","base_score:5.5","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform","team:compute-cloud-accounts","score:2.7","alias:cve-2025-22073","aws:ec2:fleet-id:fleet-3a3e802e-dba5-6cb6-8eb8-07aa81064fd3","ecosystem:deb","close_count:0","k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m","iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c","package_version:6.8.0-1040.42_22.04.1","ng_cluster_autoscaler:true","nodegroup:kafka_kafka-medium","service_exposed_to_attacks:false","account:staging-prtest02-yodel","cve:cve-2025-22073","cloud_provider:aws","nodegroups.datadoghq.com/namespace:kafka","orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","name:kafka_kafka-medium","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","topicmappr_map:pool1","nodegroups.datadoghq.com/name:kafka-medium","eenv:staging","agent_release_candidate_cluster:false","instance-type:i3en.2xlarge","kube_node:ip-10-150-64-123.us-west-2.compute.internal","k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule","service:kafka","kubernetes.io/cluster/machop:owned","exposure_time_days:4","k8s.io/cluster-autoscaler/node-template/label/service:kafka","event_type:none","role:kube-node","env:staging","datacenter:prtest02.staging.dog","package_name:linux-aws-6.8","security-group:sg-0ad037192bd9b2cfd","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","epss_raw_score:0.00023","scored:false","kube_node_role:compute","autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6","security-group:sg-0209ab6974808b99b","os_name:ubuntu","chart_name:kafka-nodegroups","node.datadoghq.com/version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/pods:45","ng_local_storage:true","region:us-west-2","app:kafka","team:streaming-platform","running_kernel:false","aws_account:204235354797","node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","node.datadoghq.com/cgroup:v2","k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi","k8s.io/cluster-autoscaler/node-template/label/app:kafka","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka","dd_rule_type:not-empty","kube_node_role:kafka-medium","asset_id:i-0fe66c7f2fe27288a","os_version:22.04","vulnerability_status:auto-closed","cpu_arch:amd64","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392","last_detected_minutes:0","kube_cluster_name:machop","node.datadoghq.com/base-image:ubuntu_22_04","dd_compute_k8s_platform_version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi","kafka_node_flavor:medium","kafka_broker_id:10002","k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform","cluster:kafka-error-tracking-001","managed_by_team:streaming-platform","type:component_with_known_vulnerability","origin:agent","kubernetes_cluster:machop","env:staging"],"timestamp":1765838271620}},{"id":"MGZkNzMyYTYxMzcxNWQ0YmNmNTI1NTY2MGM4N2Q1MDh-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2024-35998"],"cve":"CVE-2024-35998","id":"TRIVY-CVE-2024-35998","modified_at":1736532731000,"published_at":1716200114000,"summary":"kernel: + smb3: fix lock ordering potential deadlock in cifs_sync_mid_result","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"i-0fe66c7f2fe27288a","region":"us-west-2"},"detection_changed_at":1765838271581,"finding_id":"MGZkNzMyYTYxMzcxNWQ0YmNmNTI1NTY2MGM4N2Q1MDh-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=","finding_type":"host_and_container_vulnerability","first_seen_at":1765438485381,"host":{"cloud_provider":"aws","image":"ami-0afa99f6d7a0af2bf","name":"i-0fe66c7f2fe27288a","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"machop"},"last_seen_at":1765838271581,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-tools-common"],"name":"linux","normalized_name":"linux","version":"5.15.0-161.171"},"related_services":["exposed_to_attacks:false","kafka"],"remediation":{"is_available":false},"resource_id":"ccd780722c997ec5b77ea916b3c501ca","resource_name":"i-0fe66c7f2fe27288a","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00026,"epss_severity":"low"},"impact_cvss":"safer","value":false},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"low","severity_details":{"adjusted":{"score":2.7,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.5,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}},"status":"auto_closed","title":"kernel: + smb3: fix lock ordering potential deadlock in cifs_sync_mid_result","vulnerability":{"cwes":["CWE-667"],"hash":"ca8998093cb8d3951624a7fb1696297c187b2065f96216107dcf0bbec01af443","stack":{"ecosystem":"deb"}},"workflow":{"auto_closed_at":1765838271581,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","event_type:close","image:ami-0afa99f6d7a0af2bf","fix_available:unavailable","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","instance_type:i3en.2xlarge","aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea","source:datadog","severity:low","k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","asset_type:host","cluster_name:machop","base_severity:medium","site:datadoghq.com","auto-discovery.cluster-autoscaler.k8s.io/machop","k8s.io/cluster-autoscaler/node-template/label/version:1","version:1","k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups","assignee:none","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium","assignee_id:none","in_production:false","availability-zone:us-west-2c","is_kube_cluster_experimental:false","adp_enabled:false","public_exploit_available:false","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium","base_score:5.5","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform","team:compute-cloud-accounts","score:2.7","aws:ec2:fleet-id:fleet-3a3e802e-dba5-6cb6-8eb8-07aa81064fd3","ecosystem:deb","close_count:0","k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m","iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c","ng_cluster_autoscaler:true","nodegroup:kafka_kafka-medium","service_exposed_to_attacks:false","account:staging-prtest02-yodel","hash:ca8998093cb8d3951624a7fb1696297c187b2065f96216107dcf0bbec01af443","cloud_provider:aws","nodegroups.datadoghq.com/namespace:kafka","orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","name:kafka_kafka-medium","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","topicmappr_map:pool1","nodegroups.datadoghq.com/name:kafka-medium","eenv:staging","agent_release_candidate_cluster:false","instance-type:i3en.2xlarge","kube_node:ip-10-150-64-123.us-west-2.compute.internal","k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule","service:kafka","kubernetes.io/cluster/machop:owned","exposure_time_days:4","package_name:linux","k8s.io/cluster-autoscaler/node-template/label/service:kafka","package_version:5.15.0-161.171","role:kube-node","env:staging","datacenter:prtest02.staging.dog","security-group:sg-0ad037192bd9b2cfd","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","epss_raw_score:0.00026","alias:cve-2024-35998","scored:false","kube_node_role:compute","autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6","security-group:sg-0209ab6974808b99b","os_name:ubuntu","chart_name:kafka-nodegroups","node.datadoghq.com/version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/pods:45","ng_local_storage:true","region:us-west-2","app:kafka","team:streaming-platform","aws_account:204235354797","node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","node.datadoghq.com/cgroup:v2","k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi","k8s.io/cluster-autoscaler/node-template/label/app:kafka","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka","dd_rule_type:not-empty","kube_node_role:kafka-medium","asset_id:i-0fe66c7f2fe27288a","os_version:22.04","vulnerability_status:auto-closed","cpu_arch:amd64","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392","last_detected_minutes:0","kube_cluster_name:machop","node.datadoghq.com/base-image:ubuntu_22_04","cve:cve-2024-35998","dd_compute_k8s_platform_version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi","kafka_node_flavor:medium","vuln_id:ca8998093cb8d3951624a7fb1696297c187b2065f96216107dcf0bbec01af443","kafka_broker_id:10002","k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform","previous_status:open","cluster:kafka-error-tracking-001","managed_by_team:streaming-platform","type:component_with_known_vulnerability","origin:agent","kubernetes_cluster:machop","env:staging"],"timestamp":1765838271581}},{"id":"ZTlhYTM5OTg5Yzc4OTQ0OGNkZTY2NWI0YzVjZGFjYTl-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["BIT-golang-2024-24789","CGA-4r7q-83hj-9rrp","CVE-2024-24789","GHSA-236w-p7wf-5ph8"],"cve":"CVE-2024-24789","id":"GO-2024-2888","modified_at":1729574938470,"published_at":1717541335000,"summary":"Mishandling + of corrupt central directory record in archive/zip","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"i-012cdbc8991688ee9","region":"us-west-2"},"detection_changed_at":1765838271577,"finding_id":"ZTlhYTM5OTg5Yzc4OTQ0OGNkZTY2NWI0YzVjZGFjYTl-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=","finding_type":"host_and_container_vulnerability","first_seen_at":1765421661872,"host":{"cloud_provider":"aws","image":"ami-0cc8c76c477f8196c","name":"i-012cdbc8991688ee9","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"bonsly"},"last_seen_at":1765838271577,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["stdlib"],"name":"stdlib","normalized_name":"stdlib","version":"v1.22.1"},"related_services":["exposed_to_attacks:false","elasticsearch-monitors"],"remediation":{"is_available":true,"package":{"base":[{"name":"stdlib","version":"1.22.4"}]},"recommended":{"name":"stdlib","version":"1.22.4"}},"resource_id":"048dd9053223ae333e673207dfd83394","resource_name":"i-012cdbc8991688ee9","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00006,"epss_severity":"low"},"impact_cvss":"safer","value":false},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"low","severity_details":{"adjusted":{"score":2.7,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.5,"value":"medium","value_id":2,"vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}},"status":"auto_closed","title":"Mishandling + of corrupt central directory record in archive/zip","vulnerability":{"hash":"918ae76520381741e62c216ef01bd4d6ea21fa1730e4dcf1a11ad3141dd4a7f6","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838271577,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","ecosystem:go","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:148mi","alias:cve-2024-24789","event_type:close","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","alias:cga-4r7q-83hj-9rrp","security-group:sg-0f39702193288cb41","aws:ec2launchtemplate:id:lt-08847a5158ca7c73a","source:datadog","severity:low","auto-discovery.cluster-autoscaler.k8s.io/bonsly","fix_available:available","hash:918ae76520381741e62c216ef01bd4d6ea21fa1730e4dcf1a11ad3141dd4a7f6","nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data","asset_type:host","image:ami-0cc8c76c477f8196c","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data","base_severity:medium","site:datadoghq.com","instance-type:m6gd.xlarge","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/elasticsearch-monitors-cell-c0-data","assignee:none","app:elasticsearch","cluster:elasticsearch-monitors-cell-c0","assignee_id:none","package_version:v1.22.1","in_production:false","alias:bit-golang-2024-24789","availability-zone:us-west-2c","is_kube_cluster_experimental:false","adp_enabled:false","tags.datadoghq.com/version:8.19.6","public_exploit_available:false","iam_profile:k8s/prtest02-staging-dog-bonsly-kube-node_v2","base_score:5.5","elasticsearch-role:data","team:compute-cloud-accounts","score:2.7","cell:none","managed_by_team:mars","close_count:0","k8s.io/cluster-autoscaler/node-template/label/team:monitor-resources-indexing","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:236991611392","pool:data","package_name:stdlib","ng_cluster_autoscaler:true","service_exposed_to_attacks:false","account:staging-prtest02-yodel","vuln_id:918ae76520381741e62c216ef01bd4d6ea21fa1730e4dcf1a11ad3141dd4a7f6","cloud_provider:aws","instance_type:m6gd.xlarge","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:mars","orch_cluster_id:ee224680-a73d-4437-809c-8cbdc2513b6c","cluster_name:bonsly","cpu_arch:arm64","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","k8s.io/cluster-autoscaler/node-template/resources/memory:15009mi","eenv:staging","agent_release_candidate_cluster:false","asset_id:i-012cdbc8991688ee9","exposure_time_days:4","elasticsearch_cluster:elasticsearch-monitors-cell-c0","alias:ghsa-236w-p7wf-5ph8","role:kube-node","env:staging","datacenter:prtest02.staging.dog","cve:cve-2024-24789","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","datastore:elasticsearch","scored:false","k8s.io/cluster-autoscaler/node-template/resources/cpu:3900m","kube_node_role:compute","team:monitor-resources-indexing","k8s.io/cluster-autoscaler/node-template/resources/pods:40","kubernetes_cluster:bonsly","security-group:sg-0209ab6974808b99b","os_name:ubuntu","node.datadoghq.com/version:v6-257-3","kube_cluster_name:bonsly","epss_raw_score:0.000060","nodegroup:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data","ng_local_storage:true","chart_name:elasticsearch","region:us-west-2","nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0","aws_account:204235354797","node.datadoghq.com/cgroup:v2","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","name:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data","kube_node_role:elasticsearch-monitors-cell-c0-data","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0","dd_rule_type:not-empty","os_version:22.04","vulnerability_status:auto-closed","autoscaling_group:prtest02-staging-dog-bonsly-k8s-ng-asg-1c82e59d5bb84439","kubernetes.io/cluster/bonsly:owned","service:elasticsearch-monitors","last_detected_minutes:0","node.datadoghq.com/base-image:ubuntu_22_04","dd_compute_k8s_platform_version:v6-257-3","aws:ec2:fleet-id:fleet-98a72b26-0bbc-411c-ac98-8e08a9b23a52","previous_status:open","k8s.io/cluster-autoscaler/node-template/taint/node:elasticsearch-monitors-cell-c0-data:noschedule","type:component_with_known_vulnerability","origin:agent","kube_node:ip-10-150-85-76.us-west-2.compute.internal","env:staging"],"timestamp":1765838271577}},{"id":"M2JkYTQ1MzFmYTNlODAzZTI1ZjNlMWE1MWMzZWU5Mjh-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2024-2236"],"cve":"CVE-2024-2236","id":"TRIVY-CVE-2024-2236","modified_at":1743614137000,"published_at":1709763357000,"summary":"libgcrypt: + vulnerable to Marvin Attack","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"i-051d6c5170313e729","region":"us-west-2"},"detection_changed_at":1765838271574,"finding_id":"M2JkYTQ1MzFmYTNlODAzZTI1ZjNlMWE1MWMzZWU5Mjh-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=","finding_type":"host_and_container_vulnerability","first_seen_at":1765397453913,"host":{"cloud_provider":"aws","image":"ami-0afa99f6d7a0af2bf","name":"i-051d6c5170313e729","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"machop"},"last_seen_at":1765838271574,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["libgcrypt20"],"name":"libgcrypt20","normalized_name":"libgcrypt20","version":"1.9.4-3ubuntu3"},"related_services":["exposed_to_attacks:false","kafka"],"remediation":{"is_available":false},"resource_id":"0aead7bacd260b9f23a21c955a84dd57","resource_name":"i-051d6c5170313e729","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00222,"epss_severity":"low"},"impact_cvss":"neutral","value":false},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"low","severity_details":{"adjusted":{"score":3.2,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:A/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.9,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}},"status":"auto_closed","title":"libgcrypt: + vulnerable to Marvin Attack","vulnerability":{"cwes":["CWE-208"],"hash":"8119a960f15010996dbda07e35608345ef82c25294c7288a45fd2dae7b0182bd","stack":{"ecosystem":"deb"}},"workflow":{"auto_closed_at":1765838271574,"mute":{"is_muted":false}}}},"tags":["kernel:none","asset_id:i-051d6c5170313e729","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","event_type:close","image:ami-0afa99f6d7a0af2bf","fix_available:unavailable","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea","instance_type:i3en.2xlarge","aws:ec2:fleet-id:fleet-1a9e8026-5b07-6494-a418-858a394c5003","source:datadog","severity:low","epss_raw_score:0.00222","k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","package_version:1.9.4-3ubuntu3","asset_type:host","cve:cve-2024-2236","cluster_name:machop","base_severity:medium","auto-discovery.cluster-autoscaler.k8s.io/machop","site:datadoghq.com","k8s.io/cluster-autoscaler/node-template/label/version:1","version:1","k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups","assignee:none","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium","assignee_id:none","in_production:false","is_kube_cluster_experimental:false","availability-zone:us-west-2a","adp_enabled:false","public_exploit_available:false","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium","base_score:5.9","package_name:libgcrypt20","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform","team:compute-cloud-accounts","cluster:kafka-aws-metrics-001","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2a","ecosystem:deb","autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-6bf23963f9da330","close_count:0","k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m","iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2","ng_cluster_autoscaler:true","nodegroup:kafka_kafka-medium","service_exposed_to_attacks:false","account:staging-prtest02-yodel","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","nodegroups.datadoghq.com/namespace:kafka","orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc","aws:ec2launchtemplate:version:1","name:kafka_kafka-medium","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","topicmappr_map:pool1","nodegroups.datadoghq.com/name:kafka-medium","eenv:staging","agent_release_candidate_cluster:false","instance-type:i3en.2xlarge","alias:cve-2024-2236","k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule","service:kafka","kubernetes.io/cluster/machop:owned","exposure_time_days:5","k8s.io/cluster-autoscaler/node-template/label/service:kafka","role:kube-node","env:staging","datacenter:prtest02.staging.dog","security-group:sg-0ad037192bd9b2cfd","kube_node:ip-10-150-69-64.us-west-2.compute.internal","score:3.2","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","scored:false","kube_node_role:compute","security-group:sg-0209ab6974808b99b","os_name:ubuntu","chart_name:kafka-nodegroups","node.datadoghq.com/version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/pods:45","ng_local_storage:true","region:us-west-2","app:kafka","team:streaming-platform","aws_account:204235354797","node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi","node.datadoghq.com/cgroup:v2","k8s.io/cluster-autoscaler/node-template/label/app:kafka","tool:infra","vuln_id:8119a960f15010996dbda07e35608345ef82c25294c7288a45fd2dae7b0182bd","k8s.io/cluster-autoscaler/enabled:yes","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka","dd_rule_type:not-empty","kafka_broker_id:10000","kube_node_role:kafka-medium","os_version:22.04","hash:8119a960f15010996dbda07e35608345ef82c25294c7288a45fd2dae7b0182bd","vulnerability_status:auto-closed","cpu_arch:amd64","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392","last_detected_minutes:0","kube_cluster_name:machop","node.datadoghq.com/base-image:ubuntu_22_04","dd_compute_k8s_platform_version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi","kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform","previous_status:open","managed_by_team:streaming-platform","type:component_with_known_vulnerability","origin:agent","kubernetes_cluster:machop","env:staging"],"timestamp":1765838271574}},{"id":"M2QxOTQwOWMwZmViZGRlOTU2MDY2ZGRmODhlNWYxNGN-MjA1YThmN2UxODE1NmY1NjRmODNhZDQ2NzM3MTA5MWY=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2025-38215"],"cve":"CVE-2025-38215","id":"TRIVY-CVE-2025-38215","modified_at":1762193769000,"published_at":1751638529000,"summary":"kernel: + fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"ip-10-150-67-24.us-west-2.compute.internal-machop","region":"us-west-2"},"detection_changed_at":1765838271539,"finding_id":"M2QxOTQwOWMwZmViZGRlOTU2MDY2ZGRmODhlNWYxNGN-MjA1YThmN2UxODE1NmY1NjRmODNhZDQ2NzM3MTA5MWY=","finding_type":"host_and_container_vulnerability","first_seen_at":1765445995855,"host":{"cloud_provider":"aws","image":"ami-0afa99f6d7a0af2bf","name":"ip-10-150-67-24.us-west-2.compute.internal-machop","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"machop"},"last_seen_at":1765838271539,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-modules-6.8.0-1041-aws","linux-tools-6.8.0-1040-aws","linux-aws-6.8-tools-6.8.0-1040","linux-headers-6.8.0-1040-aws","linux-aws-6.8-headers-6.8.0-1040","linux-headers-6.8.0-1041-aws","linux-modules-6.8.0-1040-aws","linux-aws-6.8-headers-6.8.0-1041"],"name":"linux-aws-6.8","normalized_name":"linux-aws-6.8","version":"6.8.0-1041.43~22.04.1"},"related_services":["exposed_to_attacks:false","kafka"],"remediation":{"is_available":false},"resource_id":"205a8f7e18156f564f83ad467371091f","resource_name":"ip-10-150-67-24.us-west-2.compute.internal-machop","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00058,"epss_severity":"low"},"impact_cvss":"neutral","value":false},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"medium","severity_details":{"adjusted":{"score":4.7,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":7,"value":"high","value_id":3,"vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}},"status":"auto_closed","title":"kernel: + fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var","vulnerability":{"hash":"63e993a9f0ae0d64cd927f6117fa09ae0790921bc1da8fec4768f603d7ac0ac8","stack":{"ecosystem":"deb"}},"workflow":{"auto_closed_at":1765838270450,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","image:ami-0afa99f6d7a0af2bf","fix_available:unavailable","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","instance_type:i3en.2xlarge","aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea","source:datadog","k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","asset_type:host","cluster_name:machop","vuln_id:63e993a9f0ae0d64cd927f6117fa09ae0790921bc1da8fec4768f603d7ac0ac8","site:datadoghq.com","auto-discovery.cluster-autoscaler.k8s.io/machop","k8s.io/cluster-autoscaler/node-template/label/version:1","package_version:6.8.0-1041.43_22.04.1","version:1","k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups","assignee:none","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium","assignee_id:none","in_production:false","availability-zone:us-west-2c","is_kube_cluster_experimental:false","kube_node:ip-10-150-67-24.us-west-2.compute.internal","adp_enabled:false","public_exploit_available:false","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform","team:compute-cloud-accounts","severity:medium","running_kernel:true","ecosystem:deb","close_count:0","k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m","iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c","ng_cluster_autoscaler:true","nodegroup:kafka_kafka-medium","service_exposed_to_attacks:false","account:staging-prtest02-yodel","cloud_provider:aws","nodegroups.datadoghq.com/namespace:kafka","orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","name:kafka_kafka-medium","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","topicmappr_map:pool1","asset_id:ip-10-150-67-24.us-west-2.compute.internal-machop","nodegroups.datadoghq.com/name:kafka-medium","eenv:staging","agent_release_candidate_cluster:false","instance-type:i3en.2xlarge","k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule","service:kafka","kubernetes.io/cluster/machop:owned","exposure_time_days:4","k8s.io/cluster-autoscaler/node-template/label/service:kafka","event_type:none","role:kube-node","env:staging","datacenter:prtest02.staging.dog","package_name:linux-aws-6.8","security-group:sg-0ad037192bd9b2cfd","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","scored:false","kube_node_role:compute","autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6","security-group:sg-0209ab6974808b99b","os_name:ubuntu","chart_name:kafka-nodegroups","node.datadoghq.com/version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/pods:45","ng_local_storage:true","region:us-west-2","app:kafka","team:streaming-platform","running_kernel:false","aws_account:204235354797","node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","node.datadoghq.com/cgroup:v2","k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi","k8s.io/cluster-autoscaler/node-template/label/app:kafka","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka","score:4.7","base_score:7.0","dd_rule_type:not-empty","alias:cve-2025-38215","kube_node_role:kafka-medium","os_version:22.04","vulnerability_status:auto-closed","cpu_arch:amd64","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392","aws:ec2:fleet-id:fleet-321c02a4-730f-4616-0eb0-8d80d9952fcf","last_detected_minutes:0","hash:63e993a9f0ae0d64cd927f6117fa09ae0790921bc1da8fec4768f603d7ac0ac8","base_severity:high","kube_cluster_name:machop","node.datadoghq.com/base-image:ubuntu_22_04","dd_compute_k8s_platform_version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi","kafka_node_flavor:medium","kafka_broker_id:10002","k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform","cluster:kafka-apm-stats-intake-001","epss_raw_score:0.00058","cve:cve-2025-38215","managed_by_team:streaming-platform","type:component_with_known_vulnerability","origin:agent","kubernetes_cluster:machop","env:staging"],"timestamp":1765838271539}},{"id":"MTE0MGIxYWM1OWVmMjc2YjhiOGNmMTUzNTRlNzBjYWF-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2025-40016"],"cve":"CVE-2025-40016","id":"TRIVY-CVE-2025-40016","modified_at":1761075085000,"published_at":1760976938000,"summary":"kernel: + media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"i-012cdbc8991688ee9","region":"us-west-2"},"detection_changed_at":1765838271538,"finding_id":"MTE0MGIxYWM1OWVmMjc2YjhiOGNmMTUzNTRlNzBjYWF-MDQ4ZGQ5MDUzMjIzYWUzMzNlNjczMjA3ZGZkODMzOTQ=","finding_type":"host_and_container_vulnerability","first_seen_at":1765421661872,"host":{"cloud_provider":"aws","image":"ami-0cc8c76c477f8196c","name":"i-012cdbc8991688ee9","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"bonsly"},"last_seen_at":1765838271538,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-tools-common"],"name":"linux","normalized_name":"linux","version":"5.15.0-161.171"},"related_services":["exposed_to_attacks:false","elasticsearch-monitors"],"remediation":{"is_available":false},"resource_id":"048dd9053223ae333e673207dfd83394","resource_name":"i-012cdbc8991688ee9","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00026,"epss_severity":"low"},"impact_cvss":"neutral","value":false},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"medium","severity_details":{"adjusted":{"score":4.7,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":7,"value":"high","value_id":3,"vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}},"status":"auto_closed","title":"kernel: + media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID","vulnerability":{"hash":"7b4dd037d291b0e36b6afcbc93621c10831fdaa66a0ac6d217eb1121fb62bfc5","stack":{"ecosystem":"deb"}},"workflow":{"auto_closed_at":1765838271538,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:148mi","event_type:close","fix_available:unavailable","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","security-group:sg-0f39702193288cb41","aws:ec2launchtemplate:id:lt-08847a5158ca7c73a","source:datadog","auto-discovery.cluster-autoscaler.k8s.io/bonsly","nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data","asset_type:host","image:ami-0cc8c76c477f8196c","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:elasticsearch-monitors-cell-c0-data","site:datadoghq.com","instance-type:m6gd.xlarge","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/elasticsearch-monitors-cell-c0-data","assignee:none","app:elasticsearch","cluster:elasticsearch-monitors-cell-c0","assignee_id:none","in_production:false","availability-zone:us-west-2c","is_kube_cluster_experimental:false","adp_enabled:false","tags.datadoghq.com/version:8.19.6","public_exploit_available:false","iam_profile:k8s/prtest02-staging-dog-bonsly-kube-node_v2","elasticsearch-role:data","team:compute-cloud-accounts","severity:medium","cell:none","managed_by_team:mars","ecosystem:deb","close_count:0","k8s.io/cluster-autoscaler/node-template/label/team:monitor-resources-indexing","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:236991611392","pool:data","ng_cluster_autoscaler:true","service_exposed_to_attacks:false","account:staging-prtest02-yodel","cloud_provider:aws","instance_type:m6gd.xlarge","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:mars","orch_cluster_id:ee224680-a73d-4437-809c-8cbdc2513b6c","vuln_id:7b4dd037d291b0e36b6afcbc93621c10831fdaa66a0ac6d217eb1121fb62bfc5","cluster_name:bonsly","cpu_arch:arm64","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","k8s.io/cluster-autoscaler/node-template/resources/memory:15009mi","eenv:staging","agent_release_candidate_cluster:false","asset_id:i-012cdbc8991688ee9","exposure_time_days:4","package_name:linux","elasticsearch_cluster:elasticsearch-monitors-cell-c0","package_version:5.15.0-161.171","role:kube-node","env:staging","datacenter:prtest02.staging.dog","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","epss_raw_score:0.00026","datastore:elasticsearch","scored:false","k8s.io/cluster-autoscaler/node-template/resources/cpu:3900m","kube_node_role:compute","team:monitor-resources-indexing","k8s.io/cluster-autoscaler/node-template/resources/pods:40","kubernetes_cluster:bonsly","security-group:sg-0209ab6974808b99b","os_name:ubuntu","node.datadoghq.com/version:v6-257-3","kube_cluster_name:bonsly","nodegroup:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data","ng_local_storage:true","chart_name:elasticsearch","region:us-west-2","nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0","aws_account:204235354797","node.datadoghq.com/cgroup:v2","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","name:elasticsearch-monitors-cell-c0_elasticsearch-monitors-cell-c0-data","kube_node_role:elasticsearch-monitors-cell-c0-data","base_score:7.0","score:4.7","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:elasticsearch-monitors-cell-c0","dd_rule_type:not-empty","hash:7b4dd037d291b0e36b6afcbc93621c10831fdaa66a0ac6d217eb1121fb62bfc5","os_version:22.04","vulnerability_status:auto-closed","autoscaling_group:prtest02-staging-dog-bonsly-k8s-ng-asg-1c82e59d5bb84439","kubernetes.io/cluster/bonsly:owned","service:elasticsearch-monitors","last_detected_minutes:0","base_severity:high","node.datadoghq.com/base-image:ubuntu_22_04","dd_compute_k8s_platform_version:v6-257-3","aws:ec2:fleet-id:fleet-98a72b26-0bbc-411c-ac98-8e08a9b23a52","cve:cve-2025-40016","previous_status:open","alias:cve-2025-40016","k8s.io/cluster-autoscaler/node-template/taint/node:elasticsearch-monitors-cell-c0-data:noschedule","type:component_with_known_vulnerability","origin:agent","kube_node:ip-10-150-85-76.us-west-2.compute.internal","env:staging"],"timestamp":1765838271538}},{"id":"NGNhMjdiNWNjOTEwMTliZGEyYzhlYjg2YzliYTRlYWF-NzM1NzFmMGZiZDI0Mjc1ODI4ODAxMzRlYTJkMWVhY2M=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CGA-9vf9-m4f8-6392","CGA-9vg5-h493-cxr7","CGA-chh8-vhg4-2qj7","CGA-g5hx-8r47-pf39","CGA-hmfp-f3v3-528v","CGA-hrqx-74pg-5m88","CGA-m474-c57g-8945","CGA-r356-23m2-5p37","CGA-v3wf-pwmr-vcw5","CGA-w52c-j6q8-cf23","CGA-w7jq-8v28-882j","CVE-2024-28180","GO-2024-2631"],"cve":"CVE-2024-28180","id":"GHSA-c5q2-7r4c-mv6g","modified_at":1739473645000,"published_at":1709852084000,"summary":"Go + JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"i-053290257b9479659","region":"us-west-2"},"detection_changed_at":1765838271526,"finding_id":"NGNhMjdiNWNjOTEwMTliZGEyYzhlYjg2YzliYTRlYWF-NzM1NzFmMGZiZDI0Mjc1ODI4ODAxMzRlYTJkMWVhY2M=","finding_type":"host_and_container_vulnerability","first_seen_at":1765421721839,"host":{"cloud_provider":"aws","image":"ami-0afa99f6d7a0af2bf","name":"i-053290257b9479659","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"machop"},"last_seen_at":1765838271526,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["gopkg.in/square/go-jose.v2"],"name":"gopkg.in/square/go-jose.v2","normalized_name":"gopkg.in/square/go-jose.v2","version":"v2.6.0"},"related_services":["exposed_to_attacks:false","kafka"],"remediation":{"is_available":true},"resource_id":"73571f0fbd2427582880134ea2d1eacc","resource_name":"i-053290257b9479659","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":true,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.03644,"epss_severity":"low"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"low","severity_details":{"adjusted":{"score":2.6,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:A/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":4.3,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}},"status":"auto_closed","title":"Go + JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)","vulnerability":{"cwes":["CWE-409"],"hash":"89c9a99fe3d5d66e9a98f65c64ca0057a9d31143d3724f56a894093b3f78c2a8","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838271525,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","ecosystem:go","alias:go-2024-2631","event_type:close","image:ami-0afa99f6d7a0af2bf","alias:cga-hmfp-f3v3-528v","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea","instance_type:i3en.2xlarge","hash:89c9a99fe3d5d66e9a98f65c64ca0057a9d31143d3724f56a894093b3f78c2a8","source:datadog","severity:low","k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","fix_available:available","asset_type:host","cluster_name:machop","base_severity:medium","aws:ec2:fleet-id:fleet-1aa5a186-ab36-c1b4-063a-86028119420b","asset_id:i-053290257b9479659","auto-discovery.cluster-autoscaler.k8s.io/machop","site:datadoghq.com","k8s.io/cluster-autoscaler/node-template/label/version:1","version:1","k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups","assignee:none","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium","assignee_id:none","alias:cga-w7jq-8v28-882j","in_production:false","vuln_id:89c9a99fe3d5d66e9a98f65c64ca0057a9d31143d3724f56a894093b3f78c2a8","is_kube_cluster_experimental:false","alias:cve-2024-28180","availability-zone:us-west-2a","alias:cga-g5hx-8r47-pf39","adp_enabled:false","public_exploit_available:false","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform","score:2.6","team:compute-cloud-accounts","package_name:gopkg.in/square/go-jose.v2","kube_node:ip-10-150-70-73.us-west-2.compute.internal","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2a","autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-6bf23963f9da330","close_count:0","k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m","alias:cga-w52c-j6q8-cf23","iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2","ng_cluster_autoscaler:true","nodegroup:kafka_kafka-medium","service_exposed_to_attacks:false","account:staging-prtest02-yodel","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","nodegroups.datadoghq.com/namespace:kafka","orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc","aws:ec2launchtemplate:version:1","name:kafka_kafka-medium","epss_raw_score:0.03644","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","topicmappr_map:pool1","nodegroups.datadoghq.com/name:kafka-medium","eenv:staging","agent_release_candidate_cluster:false","instance-type:i3en.2xlarge","alias:cga-v3wf-pwmr-vcw5","k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule","service:kafka","kubernetes.io/cluster/machop:owned","package_version:v2.6.0","exposure_time_days:4","base_score:4.3","k8s.io/cluster-autoscaler/node-template/label/service:kafka","role:kube-node","env:staging","datacenter:prtest02.staging.dog","alias:cga-chh8-vhg4-2qj7","security-group:sg-0ad037192bd9b2cfd","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","scored:false","cve:cve-2024-28180","kube_node_role:compute","cluster:kafka-collab-intake-001","security-group:sg-0209ab6974808b99b","os_name:ubuntu","chart_name:kafka-nodegroups","node.datadoghq.com/version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/pods:45","alias:cga-m474-c57g-8945","ng_local_storage:true","region:us-west-2","alias:cga-r356-23m2-5p37","alias:cga-hrqx-74pg-5m88","app:kafka","team:streaming-platform","alias:cga-9vg5-h493-cxr7","aws_account:204235354797","node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi","node.datadoghq.com/cgroup:v2","k8s.io/cluster-autoscaler/node-template/label/app:kafka","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka","dd_rule_type:not-empty","kafka_broker_id:10000","kube_node_role:kafka-medium","os_version:22.04","vulnerability_status:auto-closed","cpu_arch:amd64","alias:cga-9vf9-m4f8-6392","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392","last_detected_minutes:0","kube_cluster_name:machop","node.datadoghq.com/base-image:ubuntu_22_04","dd_compute_k8s_platform_version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi","kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform","previous_status:open","managed_by_team:streaming-platform","type:component_with_known_vulnerability","origin:agent","kubernetes_cluster:machop","env:staging"],"timestamp":1765838271526}},{"id":"NWEzNGIyY2U2ZDQ5YWQ1MzI4YjJmNThmNjIwYmUzZWN-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2025-21908"],"cve":"CVE-2025-21908","id":"TRIVY-CVE-2025-21908","modified_at":1759349912000,"published_at":1743524121000,"summary":"kernel: + NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"i-051d6c5170313e729","region":"us-west-2"},"detection_changed_at":1765838271495,"finding_id":"NWEzNGIyY2U2ZDQ5YWQ1MzI4YjJmNThmNjIwYmUzZWN-MGFlYWQ3YmFjZDI2MGI5ZjIzYTIxYzk1NWE4NGRkNTc=","finding_type":"host_and_container_vulnerability","first_seen_at":1765397453913,"host":{"cloud_provider":"aws","image":"ami-0afa99f6d7a0af2bf","name":"i-051d6c5170313e729","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"machop"},"last_seen_at":1765838271495,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-tools-common"],"name":"linux","normalized_name":"linux","version":"5.15.0-161.171"},"related_services":["exposed_to_attacks:false","kafka"],"remediation":{"is_available":false},"resource_id":"0aead7bacd260b9f23a21c955a84dd57","resource_name":"i-051d6c5170313e729","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00014,"epss_severity":"low"},"impact_cvss":"safer","value":false},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"low","severity_details":{"adjusted":{"score":2.7,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:H/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.5,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}},"status":"auto_closed","title":"kernel: + NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback","vulnerability":{"cwes":["CWE-667"],"hash":"4570b3e1911225fe950b59c16276bbd1c54abcdfb97343c6346b720728e37a2f","stack":{"ecosystem":"deb"}},"workflow":{"auto_closed_at":1765838271495,"mute":{"is_muted":false}}}},"tags":["kernel:none","asset_id:i-051d6c5170313e729","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","event_type:close","image:ami-0afa99f6d7a0af2bf","fix_available:unavailable","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea","instance_type:i3en.2xlarge","aws:ec2:fleet-id:fleet-1a9e8026-5b07-6494-a418-858a394c5003","source:datadog","severity:low","k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","asset_type:host","cluster_name:machop","base_severity:medium","vuln_id:4570b3e1911225fe950b59c16276bbd1c54abcdfb97343c6346b720728e37a2f","auto-discovery.cluster-autoscaler.k8s.io/machop","site:datadoghq.com","k8s.io/cluster-autoscaler/node-template/label/version:1","version:1","k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups","assignee:none","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium","assignee_id:none","in_production:false","is_kube_cluster_experimental:false","availability-zone:us-west-2a","adp_enabled:false","public_exploit_available:false","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium","base_score:5.5","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform","team:compute-cloud-accounts","score:2.7","cluster:kafka-aws-metrics-001","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2a","ecosystem:deb","autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-6bf23963f9da330","close_count:0","k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m","iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2","ng_cluster_autoscaler:true","nodegroup:kafka_kafka-medium","service_exposed_to_attacks:false","account:staging-prtest02-yodel","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","nodegroups.datadoghq.com/namespace:kafka","orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc","aws:ec2launchtemplate:version:1","name:kafka_kafka-medium","epss_raw_score:0.00014","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","topicmappr_map:pool1","nodegroups.datadoghq.com/name:kafka-medium","eenv:staging","agent_release_candidate_cluster:false","instance-type:i3en.2xlarge","k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule","service:kafka","kubernetes.io/cluster/machop:owned","package_name:linux","exposure_time_days:5","k8s.io/cluster-autoscaler/node-template/label/service:kafka","package_version:5.15.0-161.171","role:kube-node","env:staging","datacenter:prtest02.staging.dog","security-group:sg-0ad037192bd9b2cfd","kube_node:ip-10-150-69-64.us-west-2.compute.internal","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","scored:false","kube_node_role:compute","security-group:sg-0209ab6974808b99b","os_name:ubuntu","chart_name:kafka-nodegroups","node.datadoghq.com/version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/pods:45","ng_local_storage:true","region:us-west-2","app:kafka","team:streaming-platform","aws_account:204235354797","node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi","node.datadoghq.com/cgroup:v2","k8s.io/cluster-autoscaler/node-template/label/app:kafka","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka","dd_rule_type:not-empty","alias:cve-2025-21908","kafka_broker_id:10000","kube_node_role:kafka-medium","os_version:22.04","vulnerability_status:auto-closed","cpu_arch:amd64","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392","last_detected_minutes:0","kube_cluster_name:machop","node.datadoghq.com/base-image:ubuntu_22_04","dd_compute_k8s_platform_version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi","kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform","previous_status:open","cve:cve-2025-21908","hash:4570b3e1911225fe950b59c16276bbd1c54abcdfb97343c6346b720728e37a2f","managed_by_team:streaming-platform","type:component_with_known_vulnerability","origin:agent","kubernetes_cluster:machop","env:staging"],"timestamp":1765838271495}},{"id":"ZDc1MGVmYjlhNWE4ZDIxOGY0ZDFmMDQ5ZDU5NDhhNTl-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2025-39806"],"cve":"CVE-2025-39806","id":"TRIVY-CVE-2025-39806","modified_at":1762193808000,"published_at":1758028551000,"summary":"kernel: + HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"204235354797","cloud_provider":"aws","display_name":"i-0fe66c7f2fe27288a","region":"us-west-2"},"detection_changed_at":1765838271483,"finding_id":"ZDc1MGVmYjlhNWE4ZDIxOGY0ZDFmMDQ5ZDU5NDhhNTl-Y2NkNzgwNzIyYzk5N2VjNWI3N2VhOTE2YjNjNTAxY2E=","finding_type":"host_and_container_vulnerability","first_seen_at":1765438485381,"host":{"cloud_provider":"aws","image":"ami-0afa99f6d7a0af2bf","name":"i-0fe66c7f2fe27288a","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"machop"},"last_seen_at":1765838271483,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["linux-tools-common"],"name":"linux","normalized_name":"linux","version":"5.15.0-161.171"},"related_services":["exposed_to_attacks:false","kafka"],"remediation":{"is_available":true,"package":{"base":[{"name":"linux","version":"5.15.0-163.173"}]},"recommended":{"name":"linux","version":"5.15.0-163.173"}},"resource_id":"ccd780722c997ec5b77ea916b3c501ca","resource_name":"i-0fe66c7f2fe27288a","resource_type":"host","risk":{"has_exploit_available":false,"has_high_exploitability_chance":false,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"type":"unavailable"},"impact_cvss":"safer","value":false},"has_high_exploitability_chance":{"evidence":{"epss_score":0.00036,"epss_severity":"low"},"impact_cvss":"neutral","value":false},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"low","severity_details":{"adjusted":{"score":3.6,"value":"low","value_id":1,"vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":5.8,"value":"medium","value_id":2,"vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H"}},"status":"auto_closed","title":"kernel: + HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()","vulnerability":{"hash":"f48ef5d7531edd145ad05e7a4d3ad369393a320e87e7854007d0777f1d24624f","stack":{"ecosystem":"deb"}},"workflow":{"auto_closed_at":1765838271483,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","event_type:close","image:ami-0afa99f6d7a0af2bf","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","instance_type:i3en.2xlarge","aws:ec2launchtemplate:id:lt-04cf13e9622f0ffea","source:datadog","severity:low","k8s.io/cluster-autoscaler/node-template/label/node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","fix_available:available","asset_type:host","cluster_name:machop","base_severity:medium","site:datadoghq.com","auto-discovery.cluster-autoscaler.k8s.io/machop","k8s.io/cluster-autoscaler/node-template/label/version:1","version:1","k8s.io/cluster-autoscaler/node-template/label/chart_name:kafka-nodegroups","assignee:none","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:kafka-medium","assignee_id:none","in_production:false","availability-zone:us-west-2c","is_kube_cluster_experimental:false","cve:cve-2025-39806","adp_enabled:false","public_exploit_available:false","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/kafka-medium","base_score:5.8","k8s.io/cluster-autoscaler/node-template/label/managed_by_team:streaming-platform","team:compute-cloud-accounts","hash:f48ef5d7531edd145ad05e7a4d3ad369393a320e87e7854007d0777f1d24624f","aws:ec2:fleet-id:fleet-3a3e802e-dba5-6cb6-8eb8-07aa81064fd3","ecosystem:deb","close_count:0","k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m","iam_profile:k8s/prtest02-staging-dog-machop-kube-node_v2","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c","ng_cluster_autoscaler:true","nodegroup:kafka_kafka-medium","service_exposed_to_attacks:false","account:staging-prtest02-yodel","cloud_provider:aws","nodegroups.datadoghq.com/namespace:kafka","orch_cluster_id:982811b0-dc08-4859-b606-beb26c920dcc","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","name:kafka_kafka-medium","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","topicmappr_map:pool1","nodegroups.datadoghq.com/name:kafka-medium","eenv:staging","agent_release_candidate_cluster:false","instance-type:i3en.2xlarge","kube_node:ip-10-150-64-123.us-west-2.compute.internal","k8s.io/cluster-autoscaler/node-template/label/kafka_node_flavor:medium","k8s.io/cluster-autoscaler/node-template/taint/node:kafka-medium:noschedule","service:kafka","kubernetes.io/cluster/machop:owned","exposure_time_days:4","score:3.6","package_name:linux","alias:cve-2025-39806","k8s.io/cluster-autoscaler/node-template/label/service:kafka","package_version:5.15.0-161.171","role:kube-node","env:staging","datacenter:prtest02.staging.dog","security-group:sg-0ad037192bd9b2cfd","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","scored:false","kube_node_role:compute","autoscaling_group:prtest02-staging-dog-machop-k8s-ng-asg-89839a03c35d12d6","security-group:sg-0209ab6974808b99b","os_name:ubuntu","chart_name:kafka-nodegroups","node.datadoghq.com/version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/pods:45","ng_local_storage:true","region:us-west-2","epss_raw_score:0.00036","app:kafka","team:streaming-platform","aws_account:204235354797","node-lifecycle.datadoghq.com/allow-delete-data-on-eviction:true","vuln_id:f48ef5d7531edd145ad05e7a4d3ad369393a320e87e7854007d0777f1d24624f","node.datadoghq.com/cgroup:v2","k8s.io/cluster-autoscaler/node-template/resources/memory:62990mi","k8s.io/cluster-autoscaler/node-template/label/app:kafka","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kafka","dd_rule_type:not-empty","kube_node_role:kafka-medium","asset_id:i-0fe66c7f2fe27288a","os_version:22.04","vulnerability_status:auto-closed","cpu_arch:amd64","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:4999991611392","last_detected_minutes:0","kube_cluster_name:machop","node.datadoghq.com/base-image:ubuntu_22_04","dd_compute_k8s_platform_version:v6-257-3","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:1001mi","kafka_node_flavor:medium","kafka_broker_id:10002","k8s.io/cluster-autoscaler/node-template/label/team:streaming-platform","previous_status:open","cluster:kafka-error-tracking-001","managed_by_team:streaming-platform","type:component_with_known_vulnerability","origin:agent","kubernetes_cluster:machop","env:staging"],"timestamp":1765838271483}}],"meta":{"elapsed":1195,"page":{"after":"eyJhZnRlciI6IkF3QUFBWnNrS2JQNzd2ekswQUFBQUJoQlduTnJTMkpRTjBGQlFUTnZOMEpJYkRVM00wbDZURVlBQUFBa1pERTVZakkwTWprdFlqWTFPUzAwWlRnMExUZzVNMll0WkRVNE5HTTVOVGRqWTJGa0FBQUFFZyIsInZhbHVlcyI6WzE3NjU4MzgyNzE0ODMsIjIwMjUtMTItMTVUMjI6Mzc6NTEuNDgzWiIsLTI4NTQyMjg5Nl19"},"request_id":"pddv1ChZEV0JfaHozRVJJT3B1aUpZVnRRSGZBIiwKHMkNUONObwGrUBI2wC3SsGESwWt0gp1AaEa5fmMSDOob7VueP1L1GfbrUg","status":"done"},"links":{"next":"/api/v2/security/findings?page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrS2JQNzd2ekswQUFBQUJoQlduTnJTMkpRTjBGQlFUTnZOMEpJYkRVM00wbDZURVlBQUFBa1pERTVZakkwTWprdFlqWTFPUzAwWlRnMExUZzVNMll0WkRVNE5HTTVOVGRqWTJGa0FBQUFFZyIsInZhbHVlcyI6WzE3NjU4MzgyNzE0ODMsIjIwMjUtMTItMTVUMjI6Mzc6NTEuNDgzWiIsLTI4NTQyMjg5Nl19\u0026page%5Blimit%5D=10\u0026sort=-%40detection_changed_at"}}' + headers: + Content-Type: + - application/vnd.api+json + status: + code: 200 + message: OK +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/security_monitoring/Search-security-findings-returns-Bad-Request-response.frozen b/cassettes/features/v2/security_monitoring/Search-security-findings-returns-Bad-Request-response.frozen new file mode 100644 index 00000000000..88d23fa2be0 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Search-security-findings-returns-Bad-Request-response.frozen @@ -0,0 +1 @@ +2025-12-17T16:27:52.376Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Search-security-findings-returns-Bad-Request-response.yml b/cassettes/features/v2/security_monitoring/Search-security-findings-returns-Bad-Request-response.yml new file mode 100644 index 00000000000..9c0434955c1 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Search-security-findings-returns-Bad-Request-response.yml @@ -0,0 +1,26 @@ +http_interactions: +- recorded_at: Wed, 17 Dec 2025 16:27:52 GMT + request: + body: + encoding: UTF-8 + string: '{"page":{"cursor":"invalid_cursor"}}' + headers: + Accept: + - application/json + Content-Type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security/findings/search + response: + body: + encoding: UTF-8 + string: '{"errors":[{"status":"400","title":"Bad Request","detail":"document + is missing required top-level members; must have one of: \"data\", \"meta\", + \"errors\""}]}' + headers: + Content-Type: + - application/vnd.api+json + status: + code: 400 + message: Bad Request +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/security_monitoring/Search-security-findings-returns-OK-response-with-pagination.frozen b/cassettes/features/v2/security_monitoring/Search-security-findings-returns-OK-response-with-pagination.frozen new file mode 100644 index 00000000000..0c4f31d38c8 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Search-security-findings-returns-OK-response-with-pagination.frozen @@ -0,0 +1 @@ +2025-12-15T22:44:41.939Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Search-security-findings-returns-OK-response-with-pagination.yml b/cassettes/features/v2/security_monitoring/Search-security-findings-returns-OK-response-with-pagination.yml new file mode 100644 index 00000000000..bd173032669 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Search-security-findings-returns-OK-response-with-pagination.yml @@ -0,0 +1,45 @@ +http_interactions: +- recorded_at: Mon, 15 Dec 2025 22:44:41 GMT + request: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"filter":"@severity:(critical OR high)","page":{"limit":1}}}}' + headers: + Accept: + - application/json + Content-Type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security/findings/search + response: + body: + encoding: UTF-8 + string: '{"data":[{"id":"ZGVmLTAway1leWV-aS0wOGE2ZmE2ODdjOWE2ZDJkYg==","type":"finding","attributes":{"attributes":{"custom":{"cloud_resource":{"account":"600865094333","category":"compute","cloud_provider":"aws","configuration":{"account_id":"600865094333","components":{"kubelet":{"config":{"content":{"address":"10.12.32.204","allowedUnsafeSysctls":["net.*"],"apiVersion":"kubelet.config.k8s.io/v1beta1","authentication":{"anonymous":{"enabled":false},"webhook":{"cacheTTL":"60m","enabled":true},"x509":{"clientCAFile":{"certificate":{"authorityKeyId":"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96","commonName":"parent31-k8s","dnsNames":["parent31-k8s"],"fingerprint":"SHA256:DP/0ES6hkVPMrFizcIMEbQ75QGpwuWZZzShkn1KGQLA","notAfter":"2030-09-28T18:40:34Z","notBefore":"2025-09-29T18:40:04Z","serialNumber":"680167176125483697456383252717454423151202771482","subjectKeyId":"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96"},"dirGroup":"root","dirMode":2147484141,"dirUser":"root","group":"root","mode":420,"path":"/etc/vaultd/certs/vault-ca.cert","user":"root"}}},"authorization":{"mode":"Webhook","webhook":{"cacheAuthorizedTTL":"60m"}},"cgroupDriver":"systemd","cgroupsPerQOS":true,"clusterDomain":"parent31.cluster.local","containerLogMaxFiles":3,"containerLogMaxSize":"20Mi","cpuCFSQuota":false,"cpuManagerPolicy":"static","enforceNodeAllocatable":["pods"],"featureGates":{"AllowUnsafeMalformedObjectDeletion":false,"CBORServingAndStorage":false,"ClearingNominatedNodeNameAfterBinding":false,"ClusterTrustBundle":false,"ClusterTrustBundleProjection":false,"ComponentFlagz":false,"ComponentStatusz":false,"ContainerRestartRules":false,"ContainerStopSignals":false,"CoordinatedLeaderElection":false,"DRAConsumableCapacity":true,"DRADeviceBindingConditions":true,"DRADeviceTaints":true,"DRAExtendedResource":true,"DRAPartitionableDevices":true,"DRASchedulerFilterTimeout":true,"DeclarativeValidationTakeover":false,"DeploymentReplicaSetTerminatingReplicas":false,"DynamicResourceAllocation":true,"EnvFiles":false,"ExternalServiceAccountTokenSigner":true,"HPAConfigurableTolerance":false,"HostnameOverride":false,"ImageVolume":true,"InPlacePodVerticalScalingExclusiveCPUs":false,"InPlacePodVerticalScalingExclusiveMemory":false,"JobManagedBy":false,"KubeletCrashLoopBackOffMax":false,"KubeletEnsureSecretPulledImages":false,"KubeletFineGrainedAuthz":false,"MaxUnavailableStatefulSet":true,"MutableCSINodeAllocatableCount":true,"MutatingAdmissionPolicy":true,"NominatedNodeNameForExpectation":false,"PodCertificateRequest":false,"PodLogsQuerySplitStreams":false,"PodTopologyLabelsAdmission":false,"ReduceDefaultCrashLoopBackOffDecay":false,"RelaxedServiceNameValidation":false,"RemoteRequestHeaderUID":false,"ResourceHealthStatus":false,"SELinuxChangePolicy":false,"SchedulerAsyncPreemption":false,"ServiceAccountNodeAudienceRestriction":false,"StorageCapacityScoring":false,"StorageVersionMigrator":false,"StrictIPCIDRValidation":false,"WatchCacheInitializationPostStartHook":false,"WatchList":true},"imageMaximumGCAge":"22h","kind":"KubeletConfiguration","kubeReserved":{"cpu":"100m","memory":"300Mi"},"kubeReservedCgroup":"kuberuntime","maxPods":45,"providerID":"aws:///us-west-2c/i-08a6fa687c9a6d2db","readOnlyPort":0,"registerWithTaints":[{"effect":"NoSchedule","key":"ebs.csi.aws.com/agent-not-ready","value":"true"},{"effect":"NoSchedule","key":"node","value":"nodeless"}],"registryBurst":20,"registryPullQPS":8,"streamingConnectionIdleTimeout":"4h","systemReserved":{"cpu":"100m","memory":"3507947110"},"systemReservedCgroup":"system","tlsCertFile":{"certificate":{"authorityKeyId":"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96","commonName":"system:node:ip-10-12-32-204.us-west-2.compute.internal","fingerprint":"SHA256:FBQHjmcexGGgB42hmh2FLq1lRwyoz1HYRpJRd2pnsII","ipAddresses":["10.12.32.204"],"notAfter":"2025-12-22T16:50:32Z","notBefore":"2025-12-15T22:38:56Z","organization":["system:nodes"],"serialNumber":"127630705538822312578970595637812130230650020432","subjectKeyId":"67:A8:EE:1D:53:9F:B8:54:1B:3F:17:CF:7D:90:5A:BD:16:80:64:D7"},"dirGroup":"root","dirMode":2147484141,"dirUser":"root","group":"root","mode":420,"path":"/var/lib/kubelet/pki/kubelet-cert.pem","user":"root"},"tlsPrivateKeyFile":{"group":"root","mode":384,"path":"/var/lib/kubelet/pki/kubelet-key.pem","user":"root"}},"group":"root","mode":384,"path":"/etc/kubernetes/kubelet-configuration.yaml","user":"root"},"event-burst":100,"event-qps":50,"hostname-override":"ip-10-12-32-204.us-west-2.compute.internal","image-credential-provider-bin-dir":{"group":"root","mode":2147484141,"path":"/usr/local/bin","user":"root"},"image-credential-provider-config":{"content":{"apiVersion":"kubelet.config.k8s.io/v1","kind":"CredentialProviderConfig","providers":[{"apiVersion":"credentialprovider.kubelet.k8s.io/v1","defaultCacheDuration":"12h","matchImages":["*.dkr.ecr.*.amazonaws.com","*.dkr.ecr-fips.*.amazonaws.com"],"name":"ecr-credential-provider"}]},"group":"root","mode":292,"path":"/etc/kubernetes/kubelet-credential-provider-config.yaml","user":"root"},"kubeconfig":{"group":"root","kubeconfig":{"clusters":{"kubernetes":{"certificateAuthority":{"certificate":{"authorityKeyId":"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96","commonName":"parent31-k8s","dnsNames":["parent31-k8s"],"fingerprint":"SHA256:DP/0ES6hkVPMrFizcIMEbQ75QGpwuWZZzShkn1KGQLA","notAfter":"2030-09-28T18:40:34Z","notBefore":"2025-09-29T18:40:04Z","serialNumber":"680167176125483697456383252717454423151202771482","subjectKeyId":"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96"},"dirGroup":"root","dirMode":2147484141,"dirUser":"root","group":"root","mode":420,"path":"/etc/vaultd/certs/vault-ca.cert","user":"root"},"server":"https://k8s-parent31.prtest03.staging.dog"}},"contexts":{"kubelet":{"cluster":"kubernetes","user":"kubelet"}},"currentContext":"","users":{"kubelet":{"clientCertificate":{"certificate":{"authorityKeyId":"5B:1D:26:C2:84:4A:37:36:57:E4:95:53:4D:19:0B:FD:36:1A:EB:96","commonName":"system:node:ip-10-12-32-204.us-west-2.compute.internal","fingerprint":"SHA256:FBQHjmcexGGgB42hmh2FLq1lRwyoz1HYRpJRd2pnsII","ipAddresses":["10.12.32.204"],"notAfter":"2025-12-22T16:50:32Z","notBefore":"2025-12-15T22:38:56Z","organization":["system:nodes"],"serialNumber":"127630705538822312578970595637812130230650020432","subjectKeyId":"67:A8:EE:1D:53:9F:B8:54:1B:3F:17:CF:7D:90:5A:BD:16:80:64:D7"},"dirGroup":"root","dirMode":2147484141,"dirUser":"root","group":"root","mode":420,"path":"/var/lib/kubelet/pki/kubelet-cert.pem","user":"root"},"clientKey":{"group":"root","mode":384,"path":"/var/lib/kubelet/pki/kubelet-key.pem","user":"root"},"usePassword":false,"useToken":false}}},"mode":420,"path":"/var/lib/kubelet/kubeconfig.yaml","user":"root"},"make-iptables-util-chains":true,"pod-max-pids":-1,"skippedFlags":{"--cloud-provider":"external","--cluster-dns":"172.17.0.2","--config-dir":"/etc/kubernetes/config.d","--container-runtime-endpoint":"unix:///run/containerd/containerd.sock","--healthz-bind-address":"10.12.32.204","--node-ip":"10.12.32.204","--node-labels":"node.datadoghq.com/cgroup=v2"}}},"framework_requirement":["fedramp-low/Identification-and-Authentication","fedramp-moderate/Identification-and-Authentication","pci-dss/Protect-Stored-Account-Data","cis-kubernetes/Kubelet","fedramp-high/Identification-and-Authentication","nist-800-53/Identification + and Authentication","pci-dss/Apply-Secure-Configurations-to-All-System-Components"],"framework_requirement_control":["cis-kubernetes/Kubelet/4.2.10","nist-800-53/Identification + and Authentication/IA-7","fedramp-high/Identification-and-Authentication/IA-7","pci-dss/Apply-Secure-Configurations-to-All-System-Components/2.2.7","fedramp-low/Identification-and-Authentication/IA-7","fedramp-moderate/Identification-and-Authentication/IA-7","pci-dss/Protect-Stored-Account-Data/3.6.1.2","pci-dss/Protect-Stored-Account-Data/3.6.1.1"],"is_default_crawl":false,"kube_node_name":"kube-system_nodeless-amd64-d-m6a-2xlarge","kubeletService":{"content":["Unit"],"group":"root","mode":420,"path":"/etc/systemd/system/kubelet.service","user":"root"},"version":"202403"},"region":"us-west-2"},"compliance":{"evaluation":"pass","framework_requirement_controls":["cis-kubernetes/Kubelet/4.2.10","nist-800-53/Identification + and Authentication/IA-7","fedramp-high/Identification-and-Authentication/IA-7","pci-dss/Apply-Secure-Configurations-to-All-System-Components/2.2.7","fedramp-low/Identification-and-Authentication/IA-7","fedramp-moderate/Identification-and-Authentication/IA-7","pci-dss/Protect-Stored-Account-Data/3.6.1.2","pci-dss/Protect-Stored-Account-Data/3.6.1.1"],"framework_requirements":["fedramp-low/Identification-and-Authentication","fedramp-moderate/Identification-and-Authentication","pci-dss/Protect-Stored-Account-Data","cis-kubernetes/Kubelet","fedramp-high/Identification-and-Authentication","nist-800-53/Identification + and Authentication","pci-dss/Apply-Secure-Configurations-to-All-System-Components"],"frameworks":[{"control":"4.2.10","framework":"cis-kubernetes","is_default":true,"requirement":"Kubelet","version":"1.9.0"},{"control":"IA-7","framework":"fedramp-high","is_default":true,"requirement":"Identification-and-Authentication","version":"5"},{"control":"IA-7","framework":"fedramp-low","is_default":true,"requirement":"Identification-and-Authentication","version":"5"},{"control":"IA-7","framework":"fedramp-moderate","is_default":true,"requirement":"Identification-and-Authentication","version":"5"},{"control":"IA-7","framework":"nist-800-53","is_default":true,"requirement":"Identification + and Authentication","version":"rev5"},{"control":"2.2.7","framework":"pci-dss","is_default":true,"requirement":"Apply-Secure-Configurations-to-All-System-Components","version":"4.0.1"},{"control":"3.6.1.1","framework":"pci-dss","is_default":true,"requirement":"Protect-Stored-Account-Data","version":"4.0.1"},{"control":"3.6.1.2","framework":"pci-dss","is_default":true,"requirement":"Protect-Stored-Account-Data","version":"4.0.1"}]},"description":"%%%\n## + Description\n\nKubelet client certificate rotation should be enabled. The + `--rotate-certificates` setting tells the kubelet to rotate its client certificates + by creating new CSRs when its existing credentials expire. This automated + periodic rotation ensures that there is no downtime due to expired certificates + and thus addresses availability in the CIA security triad.\n\n**Note**: This + recommendation only applies if you let kubelets get their certificates from + the API server. In cases where your kubelet certificates come from an outside + authority or tool (for example, Vault), then you need to manually do the rotation. + \n\n## Remediation\n\n1. If using a kubelet config file, edit the file to + add the line `rotateCertificates: true`.\n2. If using command line arguments, + edit the kubelet service file `/etc/systemd/system/kubelet.service.d/10-kubeadm.conf` + on each worker node and add the argument below from the `KUBELET_CERTIFICATE_ARGS` + variable.\n ```\n --rotate-certificates=true\n ```\n3. Restart the + kubelet service.\n\n%%%","detection_changed_at":1765838670804,"finding_id":"ZGVmLTAway1leWV-aS0wOGE2ZmE2ODdjOWE2ZDJkYg==","finding_type":"misconfiguration","first_seen_at":1765838670804,"k8s":{"cluster_id":"parent31"},"last_seen_at":1765838670804,"metadata":{"schema_version":"2"},"resource_id":"i-08a6fa687c9a6d2db","resource_name":"kube-system_nodeless-amd64-d-m6a-2xlarge","resource_type":"kubernetes_worker_node","rule":{"default_rule_id":"def-00k-eye","id":"def-00k-eye","name":"The + kubelet client certificate rotation should be enabled","type":"cloud configuration","version":7},"severity":"high","severity_details":{"adjusted":{"score":8,"value":"high","value_id":3}},"status":"open","title":"The + kubelet client certificate rotation should be enabled","workflow":{"mute":{"is_muted":false}}}},"tags":["scored:true","kernel:none","kube_node_role:nodeless","dd_compute_k8s_platform_version:v6-260-2","k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-200m-v2","kube_cluster_name:parent31","k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule","nodegroup:kube-system_nodeless-amd64-d-m6a-2xlarge","name:kube-system_nodeless-amd64-d-m6a-2xlarge","framework:fedramp-low","requirement:identification_and_authentication","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s","control:2.2.7","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true","iam_profile:k8s/prtest03-staging-dog-parent31-kube-node_v2","site:datadoghq.com","framework_version:pci-dss_v4.0.1","framework:cis-kubernetes","nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-2xlarge","framework:nist-800-53","aws:ec2:fleet-id:fleet-30af8106-a33c-c1bc-8e30-8c2aef2d524c","requirement:protect-stored-account-data","framework_version:nist-800-53_vrev5","framework:fedramp-moderate","availability-zone:us-west-2c","is_kube_cluster_experimental:false","requirement:identification-and-authentication","node.datadoghq.com/flavor:standard","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-m6a-2xlarge","adp_enabled:false","kube_node_role:nodeless-amd64-d-m6a-2xlarge","kubernetes.io/cluster/parent31:owned","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard","team:compute-cloud-accounts","image:ami-0e7b60ad05b2da7ed","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless","ng_local_storage:false","k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c","security-group:sg-041983b0e52f0b956","auto-discovery.cluster-autoscaler.k8s.io/parent31","ng_cluster_autoscaler:true","account:staging-prtest03-hazel-parent","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system","kubernetes_cluster:parent31","account_id:600865094333","aws:ec2launchtemplate:id:lt-0e13322d92afb436c","k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","framework_version:fedramp-moderate_v5","k8s.io/cluster-autoscaler/node-template/label/class:nodeless","k8s.io/cluster-autoscaler/node-template/resources/memory:28983228826","framework_version:cis-kubernetes_v1.9.0","agent_release_candidate_cluster:false","host:i-08a6fa687c9a6d2db","role:kube-node","env:staging","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","instance-type:m6a.2xlarge","control:ia-7","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:372mi","framework_version:fedramp-low_v5","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95","scope:kubernetes","security:compliance","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64","kube_node_role:compute","k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-200m-v2","nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64","control:3.6.1.1","control:3.6.1.2","datacenter:prtest03.staging.dog","k8s.io/cluster-autoscaler/node-template/resources/pods:45","framework:pci-dss","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-2xlarge","region:us-west-2","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:53034256170","nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller","kube_node:ip-10-12-32-204.us-west-2.compute.internal","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false","framework_version:fedramp-high_v5","node.datadoghq.com/cgroup:v2","node.datadoghq.com/version:v6-260-2","nodegroups.datadoghq.com/namespace:kube-system","k8s.io/cluster-autoscaler/enabled:yes","security-group:sg-040bae0963d96a1c5","cluster_name:parent31","aws_account:600865094333","autoscaling_group:prtest03-staging-dog-parent31-k8s-ng-asg-4defb27385fb49b0","cpu_arch:amd64","requirement:kubelet","node.datadoghq.com/base-image:ubuntu_22_04","requirement:apply-secure-configurations-to-all-system-components","instance_type:m6a.2xlarge","orch_cluster_id:69945bda-00ed-44d6-8ddd-5ee7cecf1c1d","source:kubernetes","framework:fedramp-high","control:4.2.10","source:compliance-agent"],"timestamp":1765838670804}}],"meta":{"elapsed":916,"page":{"after":"eyJhZnRlciI6IkF3QUFBWnNrTDh2VTlLUDFyQUFBQUJoQlduTnJURGgyVlVGQlF6QnVTVVJUUTBwbk5HbE9jSE1BQUFBa1pqRTVZakkwTW1ZdFpEUXhOeTAwWW1GbExUZ3haRFl0WkRZME5EazFNelE0TkRabEFBQUg0ZyIsInZhbHVlcyI6WzE3NjU4Mzg2NzA4MDQsIjIwMjUtMTItMTVUMjI6NDQ6MzAuODA0WiIsLTE5MDU4MTMzMl19"},"request_id":"pddv1ChZXeHI2X1VLUFMyQ25KRjFhNTgwWlZ3Ii0KHSOVjxpVE2yfxdGytC3aiBt_PLDLzISoQQFbf2XXEgys6s_dxBVNuv6xlig","status":"done"},"links":{"next":"/api/v2/security/findings?filter%5Bquery%5D=%40severity%3Acritical+OR+%40severity%3Ahigh\u0026page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrTDh2VTlLUDFyQUFBQUJoQlduTnJURGgyVlVGQlF6QnVTVVJUUTBwbk5HbE9jSE1BQUFBa1pqRTVZakkwTW1ZdFpEUXhOeTAwWW1GbExUZ3haRFl0WkRZME5EazFNelE0TkRabEFBQUg0ZyIsInZhbHVlcyI6WzE3NjU4Mzg2NzA4MDQsIjIwMjUtMTItMTVUMjI6NDQ6MzAuODA0WiIsLTE5MDU4MTMzMl19\u0026page%5Blimit%5D=1\u0026sort=-%40detection_changed_at"}}' + headers: + Content-Type: + - application/vnd.api+json + status: + code: 200 + message: OK +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/security_monitoring/Search-security-findings-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Search-security-findings-returns-OK-response.frozen new file mode 100644 index 00000000000..8305206aaf0 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Search-security-findings-returns-OK-response.frozen @@ -0,0 +1 @@ +2025-12-15T22:43:55.549Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Search-security-findings-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Search-security-findings-returns-OK-response.yml new file mode 100644 index 00000000000..12f096336dd --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Search-security-findings-returns-OK-response.yml @@ -0,0 +1,44 @@ +http_interactions: +- recorded_at: Mon, 15 Dec 2025 22:43:55 GMT + request: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"filter":"@severity:(critical OR high)"}}}' + headers: + Accept: + - application/json + Content-Type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security/findings/search + response: + body: + encoding: UTF-8 + string: '{"data":[{"id":"Y2RiNWYyMmQ2Nzg2ZTBkYjA1ZTc5NDM3MDU5NGJhNTh-MWIxYTc2ZDZkNDZlYmE0YjFlY2RkMDY0NjRlYjIwZTk=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2024-45337","GO-2024-3321"],"cve":"CVE-2024-45337","id":"GHSA-v778-237x-gjrc","modified_at":1738337443000,"published_at":1733954584000,"summary":"Misuse + of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"990060747993","cloud_provider":"aws","display_name":"ip-10-151-60-149.us-west-2.compute.internal-raboot-c","region":"us-west-2"},"detection_changed_at":1765838619159,"finding_id":"Y2RiNWYyMmQ2Nzg2ZTBkYjA1ZTc5NDM3MDU5NGJhNTh-MWIxYTc2ZDZkNDZlYmE0YjFlY2RkMDY0NjRlYjIwZTk=","finding_type":"host_and_container_vulnerability","first_seen_at":1765838614786,"host":{"cloud_provider":"aws","image":"ami-0e7b60ad05b2da7ed","name":"ip-10-151-60-149.us-west-2.compute.internal-raboot-c","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"raboot-c"},"last_seen_at":1765838619159,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["golang.org/x/crypto"],"name":"golang.org/x/crypto","normalized_name":"golang.org/x/crypto","version":"v0.18.0"},"remediation":{"is_available":true,"package":{"base":[{"name":"golang.org/x/crypto","version":"0.31.0"}]},"recommended":{"name":"golang.org/x/crypto","version":"0.31.0"}},"resource_id":"1b1a76d6d46eba4b1ecdd06464eb20e9","resource_name":"ip-10-151-60-149.us-west-2.compute.internal-raboot-c","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/NHAS/CVE-2024-45337-POC","https://github.com/NHAS/VULNERABLE-CVE-2024-45337","https://github.com/peace-maker/CVE-2024-45337"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.42906,"epss_severity":"medium"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false}},"severity":"high","severity_details":{"adjusted":{"score":7,"value":"high","value_id":3,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":9.1,"value":"critical","value_id":4,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}},"status":"open","title":"Misuse + of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto","vulnerability":{"cwes":["CWE-285"],"hash":"2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31","stack":{"ecosystem":"go","language":"go"}},"workflow":{"mute":{"is_muted":false}}}},"tags":["kernel:none","kube_node_role:nodeless","aws:ec2launchtemplate:id:lt-0105c69a444a8e9fb","ecosystem:go","dd_compute_k8s_platform_version:v6-260-2","k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-200m-v2","aws_account:990060747993","fix_version:v0.46.0","instance-type:c6a.2xlarge","k8s.io/cluster-autoscaler/node-template/resources/memory:13480074445","kubernetes_cluster:raboot-c","source:datadog","k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule","vulnerability_status:open","fix_available:available","cluster_name:raboot-c","iam_profile:k8s/prtest02-staging-dog-raboot-c-kube-node_v2","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s","asset_type:host","new:true","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true","site:datadoghq.com","kubernetes.io/cluster/raboot-c:owned","assignee:none","alias:go-2024-3321","assignee_id:none","in_production:false","cve:cve-2024-45337","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-c6a-2xlarge","availability-zone:us-west-2c","is_kube_cluster_experimental:false","node.datadoghq.com/flavor:standard","adp_enabled:false","autoscaling_group:prtest02-staging-dog-raboot-c-k8s-ng-asg-faab57746e6215c5","base_score:9.1","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-c6a-2xlarge","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard","team:compute-cloud-accounts","public_exploit_available:true","image:ami-0e7b60ad05b2da7ed","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless","ng_local_storage:false","close_count:0","k8s.io/cluster-autoscaler/node-template/resources/cpu:7900m","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-west-2c","ng_cluster_autoscaler:true","asset_id:ip-10-151-60-149.us-west-2.compute.internal-raboot-c","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system","k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","instance_type:c6a.2xlarge","k8s.io/cluster-autoscaler/node-template/label/class:nodeless","security-group:sg-0975ebcfe01315df0","eenv:staging","agent_release_candidate_cluster:false","epss_raw_score:0.42906","nodegroup:kube-system_nodeless-amd64-d-c6a-2xlarge","exposure_time_days:0","score:7.0","role:kube-node","env:staging","datacenter:prtest02.staging.dog","package_version:v0.18.0","base_severity:critical","account:staging-prtest02-ember-c","security-group:sg-08568810eba5fc2d8","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","aws:ec2:fleet-id:fleet-0c1e1c15-ce07-ce8f-0eb2-2982e1977208","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:372mi","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95","scored:false","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64","severity:high","kube_node_role:compute","k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-200m-v2","nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64","os_name:ubuntu","alias:cve-2024-45337","k8s.io/cluster-autoscaler/node-template/resources/pods:45","region:us-west-2","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:53034256170","nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller","kube_cluster_name:raboot-c","orch_cluster_id:76cfd63e-1d3b-4bf3-b0b0-93e1423ef6cc","name:kube-system_nodeless-amd64-d-c6a-2xlarge","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false","nodegroups.datadoghq.com/name:nodeless-amd64-d-c6a-2xlarge","node.datadoghq.com/cgroup:v2","node.datadoghq.com/version:v6-260-2","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","vuln_id:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31","hash:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31","dd_rule_type:not-empty","os_version:22.04","cpu_arch:amd64","last_detected_minutes:0","node.datadoghq.com/base-image:ubuntu_22_04","kube_node:ip-10-151-60-149.us-west-2.compute.internal","kube_node_role:nodeless-amd64-d-c6a-2xlarge","package_name:golang.org/x/crypto","auto-discovery.cluster-autoscaler.k8s.io/raboot-c","event_type:new","type:component_with_known_vulnerability","origin:agent","env:staging"],"timestamp":1765838619159}},{"id":"YTA2ODU1YjVjYWZlZWY5Y2MyMzczMTY4MDdhYjRlMWJ-ZWExMDk2NDQ2ZjM3Mjg2MzZkMzA3ZWQ5M2ZiNDdlZjM=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CGA-rqqc-qwmr-qw72","CGA-vmcg-54pm-cp7r","CVE-2024-27304","GHSA-7jwh-3vrq-q3m8","GO-2024-2606"],"cve":"CVE-2024-27304","id":"GHSA-mrww-27vc-gghv","modified_at":1734042636000,"published_at":1709585004000,"summary":"pgx + SQL Injection via Protocol Message Size Overflow","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"727006795293","cloud_provider":"aws","display_name":"i-048e423259eb6256a","region":"us-east-1"},"detection_changed_at":1765838618317,"finding_id":"YTA2ODU1YjVjYWZlZWY5Y2MyMzczMTY4MDdhYjRlMWJ-ZWExMDk2NDQ2ZjM3Mjg2MzZkMzA3ZWQ5M2ZiNDdlZjM=","finding_type":"host_and_container_vulnerability","first_seen_at":1765826319813,"host":{"cloud_provider":"aws","image":"ami-0d63de838a36a5577","name":"i-048e423259eb6256a","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"stripe"},"last_seen_at":1765838618317,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["github.com/jackc/pgx/v4"],"name":"github.com/jackc/pgx/v4","normalized_name":"github.com/jackc/pgx/v4","version":"v4.18.1"},"related_services":["exposed_to_attacks:false"],"remediation":{"is_available":true,"package":{"base":[{"name":"github.com/jackc/pgx/v4","version":"4.18.2"}]},"recommended":{"name":"github.com/jackc/pgx/v4","version":"4.18.2"}},"resource_id":"ea1096446f3728636d307ed93fb47ef3","resource_name":"i-048e423259eb6256a","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false,"is_publicly_accessible":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/roaris/CVE-2024-27304-PoC"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.01391,"epss_severity":"low"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false},"is_publicly_accessible":{"value":false}},"severity":"high","severity_details":{"adjusted":{"score":7.3,"value":"high","value_id":3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L/MAV:A"},"base":{"score":9.3,"value":"critical","value_id":4,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"}},"status":"auto_closed","title":"pgx + SQL Injection via Protocol Message Size Overflow","vulnerability":{"cwes":["CWE-89","CWE-190"],"hash":"82a26ba1ef91184df0a023d923e2542542cfd589155f06f5b4a08dae468d4b2e","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838618317,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1b","kube_node_role:nodeless","ecosystem:go","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge","event_type:close","availability-zone:us-east-1b","package_version:v4.18.1","source:datadog","kube_node_role:nodeless-amd64-d-m6a-4xlarge","k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule","site:datad0g.com","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:106068512341","fix_available:available","fix_version:v4.18.3","k8s.io/cluster-autoscaler/node-template/resources/cpu:15900m","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s","asset_type:host","aws:ec2launchtemplate:id:lt-0ab29ef7bcf9901c8","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true","assignee:none","assignee_id:none","in_production:false","aws_account:727006795293","is_kube_cluster_experimental:false","node.datadoghq.com/flavor:standard","adp_enabled:false","instance_type:m6a.4xlarge","nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge","base_score:9.3","auto-discovery.cluster-autoscaler.k8s.io/stripe","alias:cga-vmcg-54pm-cp7r","kubernetes.io/cluster/stripe:owned","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard","nodegroup:kube-system_nodeless-amd64-d-m6a-4xlarge","public_exploit_available:true","region:us-east-1","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless","ng_local_storage:false","close_count:0","ng_cluster_autoscaler:true","service_exposed_to_attacks:false","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system","k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","alias:cve-2024-27304","k8s.io/cluster-autoscaler/node-template/label/class:nodeless","asset_id:i-048e423259eb6256a","cve:cve-2024-27304","account:staging","name:kube-system_nodeless-amd64-d-m6a-4xlarge","image:ami-0d63de838a36a5577","vuln_id:82a26ba1ef91184df0a023d923e2542542cfd589155f06f5b4a08dae468d4b2e","eenv:staging","agent_release_candidate_cluster:false","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-m6a-4xlarge","node.datadoghq.com/version:v6-269-0","kube_cluster_name:stripe","exposure_time_days:0","aws:ec2:fleet-id:fleet-c5172d35-9624-6c05-2c30-812acd886a16","cluster_name:stripe","score:7.3","role:kube-node","env:staging","base_severity:critical","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","security-group:sg-faa8cdb1","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95","hash:82a26ba1ef91184df0a023d923e2542542cfd589155f06f5b4a08dae468d4b2e","scored:false","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64","alias:go-2024-2606","severity:high","kube_node_role:compute","nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64","kube_node:ip-10-131-1-21.ec2.internal","os_name:ubuntu","alias:ghsa-7jwh-3vrq-q3m8","nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:745mi","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false","security-group:sg-0a3744a5f247135d1","k8s.io/cluster-autoscaler/node-template/resources/memory:59987440026","node.datadoghq.com/cgroup:v2","instance-type:m6a.4xlarge","nodegroups.datadoghq.com/namespace:kube-system","dd_compute_k8s_platform_version:v6-269-0","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-300m-v1","autoscaling_group:us1-staging-dog-stripe-k8s-ng-asg-8a5078b204fcfc2d","dd_rule_type:not-empty","os_version:22.04","orch_cluster_id:4c9f3702-c3bd-4d69-871b-cfa039a397df","vulnerability_status:auto-closed","cpu_arch:amd64","k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-300m-v1","last_detected_minutes:0","epss_raw_score:0.01391","node.datadoghq.com/base-image:ubuntu_22_04","datacenter:us1.staging.dog","previous_status:open","iam_profile:k8s/us1-staging-dog-stripe-kube-node_v2","k8s.io/cluster-autoscaler/node-template/resources/pods:160","alias:cga-rqqc-qwmr-qw72","package_name:github.com/jackc/pgx/v4","kubernetes_cluster:stripe","type:component_with_known_vulnerability","origin:agent","env:staging"],"timestamp":1765838618317}},{"id":"NjUxZDEyZGRmOTI0ZmI1NTg1YzJkOTI5NzQ1ZjQ0MzJ-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2024-10220","GO-2024-3286"],"cve":"CVE-2024-10220","id":"GHSA-27wf-5967-98gx","modified_at":1734126344000,"published_at":1732311135000,"summary":" + Kubernetes kubelet arbitrary command execution","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"i-0287cce0c5ced7759"},"detection_changed_at":1765838618125,"finding_id":"NjUxZDEyZGRmOTI0ZmI1NTg1YzJkOTI5NzQ1ZjQ0MzJ-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=","finding_type":"host_and_container_vulnerability","first_seen_at":1765837776218,"host":{"name":"i-0287cce0c5ced7759","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"stripe"},"last_seen_at":1765838618125,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["k8s.io/kubernetes"],"name":"k8s.io/kubernetes","normalized_name":"k8s.io/kubernetes","version":"v1.30.0"},"remediation":{"is_available":true,"package":{"base":[{"name":"k8s.io/kubernetes","version":"1.30.3"}]},"recommended":{"name":"k8s.io/kubernetes","version":"1.30.3"}},"resource_id":"6c7a1c87e14ed31c51524564bccc6627","resource_name":"i-0287cce0c5ced7759","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/filipzag/CVE-2024-10220","https://github.com/any2sec/cve-2024-10220","https://github.com/XiaomingX/cve-2024-10220-githooks","https://github.com/mrk336/CVE-2024-10220-Kubernetes-gitRepo-Volume-Vulnerability","https://github.com/candranapits/poc-CVE-2024-10220","https://github.com/orgC/CVE-2024-10220-demo","https://github.com/mochizuki875/CVE-2024-10220-githooks"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.22805,"epss_severity":"low"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false}},"severity":"high","severity_details":{"adjusted":{"score":7.1,"value":"high","value_id":3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L"},"base":{"score":8.6,"value":"high","value_id":3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"}},"status":"auto_closed","title":" + Kubernetes kubelet arbitrary command execution","vulnerability":{"cwes":["CWE-22"],"hash":"ad302a93e517fd0a5e85db047457aa1de46605d3ccd9cee8a922ffc0986903fd","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838618125,"mute":{"is_muted":false}}}},"tags":["fix_version:v1.32.8","kube_cluster_name:stripe","base_score:8.6","exposure_time_days:0","ecosystem:go","score:7.1","cluster_name:stripe","cve:cve-2024-10220","event_type:close","nodegroups.datadoghq.com/name:flink-metering-jose-jobmanager","env:staging","source:datadog","vuln_id:ad302a93e517fd0a5e85db047457aa1de46605d3ccd9cee8a922ffc0986903fd","site:datad0g.com","package_version:v1.30.0","fix_available:available","scored:false","kube_node_role:compute","severity:high","asset_type:host","os_name:ubuntu","instance_type:m5.2xlarge","assignee:none","alias:go-2024-3286","assignee_id:none","in_production:false","kube_node_role:flink-metering-jose-jobmanager","epss_raw_score:0.22805","alias:cve-2024-10220","is_kube_cluster_experimental:false","hash:ad302a93e517fd0a5e85db047457aa1de46605d3ccd9cee8a922ffc0986903fd","adp_enabled:false","node.datadoghq.com/cgroup:v2","tool:infra","kube_node:ip-10-131-0-241.ec2.internal","public_exploit_available:true","dd_rule_type:not-empty","os_version:22.04","ng_local_storage:false","close_count:0","asset_id:i-0287cce0c5ced7759","orch_cluster_id:4c9f3702-c3bd-4d69-871b-cfa039a397df","vulnerability_status:auto-closed","cpu_arch:amd64","ng_cluster_autoscaler:true","last_detected_minutes:0","base_severity:high","node.datadoghq.com/base-image:ubuntu_22_04","node.datadoghq.com/version:v6-271-0","datacenter:us1.staging.dog","previous_status:open","nodegroups.datadoghq.com/namespace:metering","package_name:k8s.io/kubernetes","type:component_with_known_vulnerability","eenv:staging","origin:agent","agent_release_candidate_cluster:false","env:staging"],"timestamp":1765838618125}},{"id":"NjI4MzY3YWUxYzhjZDU0OTNlZGY2NDc5Y2Q2ZTNmOWF-ZGFmYjNkMmQ4ZjYzODRhYzM4NmFhNGZhNmNmNmM0ZDk=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CGA-rqqc-qwmr-qw72","CGA-vmcg-54pm-cp7r","CVE-2024-27304","GHSA-7jwh-3vrq-q3m8","GO-2024-2606"],"cve":"CVE-2024-27304","id":"GHSA-mrww-27vc-gghv","modified_at":1734042636000,"published_at":1709585004000,"summary":"pgx + SQL Injection via Protocol Message Size Overflow","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"727006795293","cloud_provider":"aws","display_name":"i-0f1ef8599b4b41431","region":"us-east-1"},"detection_changed_at":1765838618006,"finding_id":"NjI4MzY3YWUxYzhjZDU0OTNlZGY2NDc5Y2Q2ZTNmOWF-ZGFmYjNkMmQ4ZjYzODRhYzM4NmFhNGZhNmNmNmM0ZDk=","finding_type":"host_and_container_vulnerability","first_seen_at":1765833769555,"host":{"cloud_provider":"aws","image":"ami-0d63de838a36a5577","name":"i-0f1ef8599b4b41431","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"oddish-b"},"last_seen_at":1765838618006,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["github.com/jackc/pgx"],"name":"github.com/jackc/pgx","normalized_name":"github.com/jackc/pgx","version":"v3.3.0+incompatible"},"remediation":{"is_available":true,"package":{"base":[{"name":"github.com/jackc/pgx","version":"4.18.2"}]},"recommended":{"name":"github.com/jackc/pgx","version":"4.18.2"}},"resource_id":"dafb3d2d8f6384ac386aa4fa6cf6c4d9","resource_name":"i-0f1ef8599b4b41431","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/roaris/CVE-2024-27304-PoC"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.01391,"epss_severity":"low"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false}},"severity":"high","severity_details":{"adjusted":{"score":8.9,"value":"high","value_id":3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L"},"base":{"score":9.3,"value":"critical","value_id":4,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"}},"status":"auto_closed","title":"pgx + SQL Injection via Protocol Message Size Overflow","vulnerability":{"cwes":["CWE-89","CWE-190"],"hash":"7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838618006,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1b","hash:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae","kube_node_role:nodeless","ecosystem:go","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge","event_type:close","availability-zone:us-east-1b","vuln_id:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae","k8s.io/cluster-autoscaler/node-template/label/agent-profile.datadoghq.com/name:compute-nodeless-200m-v2","asset_id:i-0f1ef8599b4b41431","source:datadog","kube_node_role:nodeless-amd64-d-m6a-4xlarge","k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule","site:datad0g.com","aws:ec2launchtemplate:id:lt-0aa5742eec024a5e8","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:106068512341","fix_available:available","k8s.io/cluster-autoscaler/node-template/resources/cpu:15900m","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:5m0s","asset_type:host","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/enable-eni-pd:true","assignee:none","assignee_id:none","in_production:false","aws_account:727006795293","is_kube_cluster_experimental:false","node.datadoghq.com/flavor:standard","adp_enabled:false","package_version:v3.3.0_incompatible","instance_type:m6a.4xlarge","nodegroups.datadoghq.com/name:nodeless-amd64-d-m6a-4xlarge","base_score:9.3","kube_cluster_name:oddish-b","iam_profile:k8s/us1-staging-dog-oddish-b-kube-node_v2","alias:cga-vmcg-54pm-cp7r","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:standard","nodegroup:kube-system_nodeless-amd64-d-m6a-4xlarge","public_exploit_available:true","autoscaling_group:us1-staging-dog-oddish-b-k8s-ng-asg-376ded054ca1c4df","kubernetes.io/cluster/oddish-b:owned","region:us-east-1","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless","ng_local_storage:false","close_count:0","ng_cluster_autoscaler:true","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system","k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","alias:cve-2024-27304","k8s.io/cluster-autoscaler/node-template/label/class:nodeless","cve:cve-2024-27304","account:staging","name:kube-system_nodeless-amd64-d-m6a-4xlarge","image:ami-0d63de838a36a5577","eenv:staging","agent_release_candidate_cluster:false","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-amd64-d-m6a-4xlarge","node.datadoghq.com/version:v6-269-0","exposure_time_days:0","cluster_name:oddish-b","security-group:sg-0b9e1c6b4773288df","orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54","role:kube-node","package_name:github.com/jackc/pgx","env:staging","base_severity:critical","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","security-group:sg-faa8cdb1","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95","scored:false","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64","alias:go-2024-2606","severity:high","kube_node_role:compute","k8s.io/cluster-autoscaler/node-template/label/agent.datadoghq.com/datadogagentprofile:compute-nodeless-200m-v2","nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-amd64","os_name:ubuntu","alias:ghsa-7jwh-3vrq-q3m8","aws:ec2:fleet-id:fleet-7bbf19a6-a3a4-ee94-0c38-a582da17231b","nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:745mi","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:false","k8s.io/cluster-autoscaler/node-template/resources/memory:59987440026","node.datadoghq.com/cgroup:v2","instance-type:m6a.4xlarge","score:8.9","nodegroups.datadoghq.com/namespace:kube-system","dd_compute_k8s_platform_version:v6-269-0","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","dd_rule_type:not-empty","os_version:22.04","vulnerability_status:auto-closed","cpu_arch:amd64","last_detected_minutes:0","epss_raw_score:0.01391","node.datadoghq.com/base-image:ubuntu_22_04","kube_node:ip-10-128-39-138.ec2.internal","datacenter:us1.staging.dog","previous_status:open","k8s.io/cluster-autoscaler/node-template/resources/pods:160","alias:cga-rqqc-qwmr-qw72","kubernetes_cluster:oddish-b","type:component_with_known_vulnerability","origin:agent","auto-discovery.cluster-autoscaler.k8s.io/oddish-b","env:staging"],"timestamp":1765838618006}},{"id":"YzE5MmY0MWI2OTdkN2Y5NTZiNmNiODI1ZTdiNDhlZTh-YzZlMmY1ZGIwOTU0ODIzM2MwZDFmNTdjZmZjMTdjMzQ=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2024-45337","GO-2024-3321"],"cve":"CVE-2024-45337","id":"GHSA-v778-237x-gjrc","modified_at":1738337443000,"published_at":1733954584000,"summary":"Misuse + of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"i-068207de5f413c29f"},"detection_changed_at":1765838617916,"finding_id":"YzE5MmY0MWI2OTdkN2Y5NTZiNmNiODI1ZTdiNDhlZTh-YzZlMmY1ZGIwOTU0ODIzM2MwZDFmNTdjZmZjMTdjMzQ=","finding_type":"host_and_container_vulnerability","first_seen_at":1765837162559,"host":{"name":"i-068207de5f413c29f","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"oddish-b"},"last_seen_at":1765838617916,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["golang.org/x/crypto"],"name":"golang.org/x/crypto","normalized_name":"golang.org/x/crypto","version":"v0.18.0"},"remediation":{"is_available":true,"package":{"base":[{"name":"golang.org/x/crypto","version":"0.31.0"}]},"recommended":{"name":"golang.org/x/crypto","version":"0.31.0"}},"resource_id":"c6e2f5db09548233c0d1f57cffc17c34","resource_name":"i-068207de5f413c29f","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/NHAS/CVE-2024-45337-POC","https://github.com/NHAS/VULNERABLE-CVE-2024-45337","https://github.com/peace-maker/CVE-2024-45337"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.42906,"epss_severity":"medium"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false}},"severity":"high","severity_details":{"adjusted":{"score":7,"value":"high","value_id":3,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:X/RC:X/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X"},"base":{"score":9.1,"value":"critical","value_id":4,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}},"status":"auto_closed","title":"Misuse + of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto","vulnerability":{"cwes":["CWE-285"],"hash":"2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838617916,"mute":{"is_muted":false}}}},"tags":["epss_raw_score:0.42906","exposure_time_days:0","kube_node_role:nodeless","cluster_name:oddish-b","score:7.0","ecosystem:go","event_type:close","orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54","env:staging","fix_version:v0.46.0","package_version:v0.18.0","base_severity:critical","source:datadog","site:datad0g.com","fix_available:available","scored:false","kube_node_role:compute","severity:high","asset_type:host","os_name:ubuntu","asset_id:i-068207de5f413c29f","alias:cve-2024-45337","assignee:none","alias:go-2024-3321","assignee_id:none","cve:cve-2024-45337","in_production:false","node.datadoghq.com/flavor:nodeless-fastephemeral","kube_node:ip-10-128-37-184.ec2.internal","is_kube_cluster_experimental:false","adp_enabled:false","node.datadoghq.com/cgroup:v2","nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","kube_cluster_name:oddish-b","instance_type:m6gd.8xlarge","base_score:9.1","vuln_id:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31","hash:2e1b9d06d12bdbdeba39c6f6ade74fe9091a07496078481ff81ce72884abcd31","kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge","public_exploit_available:true","dd_rule_type:not-empty","os_version:22.04","ng_local_storage:false","close_count:0","vulnerability_status:auto-closed","ng_cluster_autoscaler:true","last_detected_minutes:0","node.datadoghq.com/base-image:ubuntu_22_04","node.datadoghq.com/version:v6-271-0","datacenter:us1.staging.dog","package_name:golang.org/x/crypto","previous_status:open","cpu_arch:arm64","type:component_with_known_vulnerability","eenv:staging","origin:agent","agent_release_candidate_cluster:false","env:staging"],"timestamp":1765838617916}},{"id":"NjlhMzIwMDBjNmVlZDNmZGFjMTUwODFmNzc3ZjA0OTl-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CGA-rqqc-qwmr-qw72","CGA-vmcg-54pm-cp7r","CVE-2024-27304","GHSA-7jwh-3vrq-q3m8","GO-2024-2606"],"cve":"CVE-2024-27304","id":"GHSA-mrww-27vc-gghv","modified_at":1734042636000,"published_at":1709585004000,"summary":"pgx + SQL Injection via Protocol Message Size Overflow","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"i-0287cce0c5ced7759"},"detection_changed_at":1765838617865,"finding_id":"NjlhMzIwMDBjNmVlZDNmZGFjMTUwODFmNzc3ZjA0OTl-NmM3YTFjODdlMTRlZDMxYzUxNTI0NTY0YmNjYzY2Mjc=","finding_type":"host_and_container_vulnerability","first_seen_at":1765837776218,"host":{"name":"i-0287cce0c5ced7759","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"stripe"},"last_seen_at":1765838617865,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["github.com/jackc/pgx"],"name":"github.com/jackc/pgx","normalized_name":"github.com/jackc/pgx","version":"v3.3.0+incompatible"},"remediation":{"is_available":true,"package":{"base":[{"name":"github.com/jackc/pgx","version":"4.18.2"}]},"recommended":{"name":"github.com/jackc/pgx","version":"4.18.2"}},"resource_id":"6c7a1c87e14ed31c51524564bccc6627","resource_name":"i-0287cce0c5ced7759","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/roaris/CVE-2024-27304-PoC"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.01391,"epss_severity":"low"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false}},"severity":"high","severity_details":{"adjusted":{"score":8.9,"value":"high","value_id":3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L"},"base":{"score":9.3,"value":"critical","value_id":4,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"}},"status":"auto_closed","title":"pgx + SQL Injection via Protocol Message Size Overflow","vulnerability":{"cwes":["CWE-89","CWE-190"],"hash":"7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838617865,"mute":{"is_muted":false}}}},"tags":["kube_cluster_name:stripe","hash:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae","exposure_time_days:0","ecosystem:go","cluster_name:stripe","event_type:close","nodegroups.datadoghq.com/name:flink-metering-jose-jobmanager","vuln_id:7562b2b924b89f55f238ab037f6f507bfb657c2183e353dfec1c1b796ab8eeae","package_name:github.com/jackc/pgx","env:staging","base_severity:critical","source:datadog","site:datad0g.com","fix_available:available","scored:false","alias:go-2024-2606","kube_node_role:compute","severity:high","asset_type:host","os_name:ubuntu","instance_type:m5.2xlarge","assignee:none","alias:ghsa-7jwh-3vrq-q3m8","assignee_id:none","in_production:false","kube_node_role:flink-metering-jose-jobmanager","is_kube_cluster_experimental:false","adp_enabled:false","node.datadoghq.com/cgroup:v2","package_version:v3.3.0_incompatible","score:8.9","tool:infra","base_score:9.3","kube_node:ip-10-131-0-241.ec2.internal","alias:cga-vmcg-54pm-cp7r","public_exploit_available:true","dd_rule_type:not-empty","os_version:22.04","ng_local_storage:false","asset_id:i-0287cce0c5ced7759","close_count:0","orch_cluster_id:4c9f3702-c3bd-4d69-871b-cfa039a397df","vulnerability_status:auto-closed","cpu_arch:amd64","ng_cluster_autoscaler:true","last_detected_minutes:0","epss_raw_score:0.01391","node.datadoghq.com/base-image:ubuntu_22_04","node.datadoghq.com/version:v6-271-0","datacenter:us1.staging.dog","alias:cve-2024-27304","previous_status:open","cve:cve-2024-27304","alias:cga-rqqc-qwmr-qw72","nodegroups.datadoghq.com/namespace:metering","type:component_with_known_vulnerability","eenv:staging","origin:agent","agent_release_candidate_cluster:false","env:staging"],"timestamp":1765838617865}},{"id":"NTE0YWUwMWUwYjdiMTJlNTdmMjkwZGU3NjYwYzc3ZGF-MjRmYmFmY2UzNGZjNzRlZGY1NjI5M2ExZGIwNjBkZjM=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CGA-rqqc-qwmr-qw72","CGA-vmcg-54pm-cp7r","CVE-2024-27304","GHSA-mrww-27vc-gghv","GO-2024-2606"],"cve":"CVE-2024-27304","id":"GHSA-7jwh-3vrq-q3m8","modified_at":1729574941941,"published_at":1709585125000,"summary":"pgproto3 + SQL Injection via Protocol Message Size Overflow","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"i-045e3e76dfdf37aae"},"detection_changed_at":1765838617835,"finding_id":"NTE0YWUwMWUwYjdiMTJlNTdmMjkwZGU3NjYwYzc3ZGF-MjRmYmFmY2UzNGZjNzRlZGY1NjI5M2ExZGIwNjBkZjM=","finding_type":"host_and_container_vulnerability","first_seen_at":1765837126551,"host":{"name":"i-045e3e76dfdf37aae","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"oddish-b"},"last_seen_at":1765838617835,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["github.com/jackc/pgproto3/v2"],"name":"github.com/jackc/pgproto3/v2","normalized_name":"github.com/jackc/pgproto3/v2","version":"v2.3.2"},"remediation":{"is_available":true,"package":{"base":[{"name":"github.com/jackc/pgproto3/v2","version":"2.3.3"}]},"recommended":{"name":"github.com/jackc/pgproto3/v2","version":"2.3.3"}},"resource_id":"24fbafce34fc74edf56293a1db060df3","resource_name":"i-045e3e76dfdf37aae","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/roaris/CVE-2024-27304-PoC"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.01391,"epss_severity":"low"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false}},"severity":"high","severity_details":{"adjusted":{"score":8.9,"value":"high","value_id":3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L"},"base":{"score":9.3,"value":"critical","value_id":4,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"}},"status":"auto_closed","title":"pgproto3 + SQL Injection via Protocol Message Size Overflow","vulnerability":{"cwes":["CWE-89","CWE-190"],"hash":"f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838617835,"mute":{"is_muted":false}}}},"tags":["fix_version:v2.3.4-0.20250125160525-bc041643406d","exposure_time_days:0","kube_node_role:nodeless","cluster_name:oddish-b","ecosystem:go","event_type:close","orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54","env:staging","base_severity:critical","source:datadog","site:datad0g.com","fix_available:available","scored:false","alias:go-2024-2606","kube_node_role:compute","severity:high","asset_type:host","os_name:ubuntu","assignee:none","assignee_id:none","in_production:false","node.datadoghq.com/flavor:nodeless-fastephemeral","hash:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e","is_kube_cluster_experimental:false","adp_enabled:false","node.datadoghq.com/cgroup:v2","nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge","score:8.9","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","base_score:9.3","kube_cluster_name:oddish-b","instance_type:m6gd.8xlarge","package_version:v2.3.2","alias:ghsa-mrww-27vc-gghv","alias:cga-vmcg-54pm-cp7r","kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge","public_exploit_available:true","dd_rule_type:not-empty","vuln_id:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e","os_version:22.04","ng_local_storage:false","close_count:0","vulnerability_status:auto-closed","ng_cluster_autoscaler:true","last_detected_minutes:0","epss_raw_score:0.01391","asset_id:i-045e3e76dfdf37aae","node.datadoghq.com/base-image:ubuntu_22_04","node.datadoghq.com/version:v6-271-0","kube_node:ip-10-128-37-96.ec2.internal","datacenter:us1.staging.dog","alias:cve-2024-27304","previous_status:open","package_name:github.com/jackc/pgproto3/v2","cve:cve-2024-27304","alias:cga-rqqc-qwmr-qw72","cpu_arch:arm64","type:component_with_known_vulnerability","eenv:staging","origin:agent","agent_release_candidate_cluster:false","env:staging"],"timestamp":1765838617835}},{"id":"ZjQ1YzE1NWQ5ODQ4NDk4ZmRjZTgyNTA1MzllZDY4OGV-N2YyZDlhNmRkMTE4NWYzODAyYTllZGFjMTczOTAzMTI=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2024-41110","GO-2024-3005"],"cve":"CVE-2024-41110","id":"GHSA-v23v-6jw2-98fq","modified_at":1723230467000,"published_at":1722334737000,"summary":"Authz + zero length regression","type":"component_with_known_vulnerability"},"cloud_resource":{"account":"727006795293","cloud_provider":"aws","display_name":"i-0e04298f4842968e8","region":"us-east-1"},"detection_changed_at":1765838617779,"finding_id":"ZjQ1YzE1NWQ5ODQ4NDk4ZmRjZTgyNTA1MzllZDY4OGV-N2YyZDlhNmRkMTE4NWYzODAyYTllZGFjMTczOTAzMTI=","finding_type":"host_and_container_vulnerability","first_seen_at":1765835798278,"host":{"cloud_provider":"aws","image":"ami-0a8a2ad2689e7c22d","name":"i-0e04298f4842968e8","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"oddish-b"},"last_seen_at":1765838617779,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["github.com/docker/docker"],"name":"github.com/docker/docker","normalized_name":"github.com/docker/docker","version":"v26.0.1+incompatible"},"remediation":{"is_available":true,"package":{"base":[{"name":"github.com/docker/docker","version":"26.1.5"}]},"recommended":{"name":"github.com/docker/docker","version":"26.1.5"}},"resource_id":"7f2d9a6dd1185f3802a9edac17390312","resource_name":"i-0e04298f4842968e8","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/PauloParoPP/CVE-2024-41110-SCAN","https://github.com/vvpoglazov/cve-2024-41110-checker"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.03074,"epss_severity":"low"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false}},"severity":"high","severity_details":{"adjusted":{"score":8.8,"value":"high","value_id":3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:L/IR:L/AR:L"},"base":{"score":9.4,"value":"critical","value_id":4,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}},"status":"auto_closed","title":"Authz + zero length regression","vulnerability":{"cwes":["CWE-187"],"hash":"a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838617779,"mute":{"is_muted":false}}}},"tags":["kernel:none","k8s.io/cluster-autoscaler/node-template/label/topology.ebs.csi.aws.com/zone:us-east-1b","k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage:18747532246","kube_node_role:nodeless","ecosystem:go","event_type:close","availability-zone:us-east-1b","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage:true","aws:ec2:fleet-id:fleet-d13f3304-a906-e61e-2c12-a78868beb555","k8s.io/cluster-autoscaler/node-template/resources/kubernetes.io/network-bandwidth:186mi","autoscaling_group:us1-staging-dog-oddish-b-k8s-ng-asg-25eaecca332303a0","source:datadog","k8s.io/cluster-autoscaler/node-template/taint/node:nodeless:noschedule","site:datad0g.com","fix_available:available","epss_raw_score:0.03074","package_name:github.com/docker/docker","asset_type:host","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/name:nodeless-localstorage-amd64-m6id-xlarge","nodegroups.datadoghq.com/nodegroup-set:kube-system_nodeless-localstorage-amd64","dd_compute_k8s_platform_version:v6-271-0","nodegroup:kube-system_nodeless-localstorage-amd64-m6id-xlarge","assignee:none","vuln_id:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f","assignee_id:none","in_production:false","aws_account:727006795293","is_kube_cluster_experimental:false","adp_enabled:false","kube_cluster_name:oddish-b","base_score:9.4","iam_profile:k8s/us1-staging-dog-oddish-b-kube-node_v2","public_exploit_available:true","kubernetes.io/cluster/oddish-b:owned","region:us-east-1","fix_version:v299999999.0.0-20200612211812-aaf470eca7b5_incompatible","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless","close_count:0","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/local-storage-capacity:236991611392","ng_cluster_autoscaler:true","k8s.io/cluster-autoscaler/node-template/label/nodeless-localstorage.datadoghq.com/instance-type:m6id.xlarge","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/namespace:kube-system","name:kube-system_nodeless-localstorage-amd64-m6id-xlarge","cloud_provider:aws","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/nodeless-localstorage-amd64-m6id-xlarge","k8s.io/cluster-autoscaler/node-template/resources/memory:13567106253","k8s.io/cluster-autoscaler/node-template/label/nodegroups.datadoghq.com/cluster-autoscaler:true","aws:ec2launchtemplate:version:1","nodegroups.datadoghq.com/name:nodeless-localstorage-amd64-m6id-xlarge","k8s.io/cluster-autoscaler/node-template/label/class:nodeless","account:staging","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownunneededtime:10m0s","eenv:staging","agent_release_candidate_cluster:false","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/flavor:nodeless-localstorage","k8s.io/cluster-autoscaler/node-template/taint/flavor:nodeless-localstorage:noschedule","package_version:v26.0.1_incompatible","exposure_time_days:0","cluster_name:oddish-b","security-group:sg-0b9e1c6b4773288df","orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54","role:kube-node","env:staging","instance_type:m6id.xlarge","image:ami-0a8a2ad2689e7c22d","base_severity:critical","k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/compute","asset_id:i-0e04298f4842968e8","security-group:sg-faa8cdb1","k8s.io/cluster-autoscaler/node-template/autoscaling-options/scaledownutilizationthreshold:0.95","scored:false","k8s.io/cluster-autoscaler/node-template/label/node.datadoghq.com/cpu_arch:amd64","k8s.io/cluster-autoscaler/node-template/resources/cpu:3900m","severity:high","kube_node_role:compute","k8s.io/cluster-autoscaler/node-template/resources/pods:40","os_name:ubuntu","node.datadoghq.com/flavor:nodeless-localstorage","ng_local_storage:true","alias:go-2024-3005","nodegroups.datadoghq.com/owner:k8s-dynamic-nodegroup-controller","instance-type:m6id.xlarge","node.datadoghq.com/cgroup:v2","score:8.8","kube_node:ip-10-128-71-26.ec2.internal","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","k8s.io/cluster-autoscaler/enabled:yes","aws:ec2launchtemplate:id:lt-0ae5c167d7a085e7b","k8s.io/cluster-autoscaler/node-template/label/scalingset:cpu_arch-amd64_flavor-nodeless-localstorage","dd_rule_type:not-empty","os_version:22.04","vulnerability_status:auto-closed","cpu_arch:amd64","last_detected_minutes:0","kube_node_role:nodeless-localstorage-amd64-m6id-xlarge","node.datadoghq.com/base-image:ubuntu_22_04","hash:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f","node.datadoghq.com/version:v6-271-0","alias:cve-2024-41110","datacenter:us1.staging.dog","previous_status:open","kubernetes_cluster:oddish-b","type:component_with_known_vulnerability","origin:agent","auto-discovery.cluster-autoscaler.k8s.io/oddish-b","cve:cve-2024-41110","env:staging"],"timestamp":1765838617779}},{"id":"OWZkNjcxMTNmY2M3ZGJkMTNiNWIxMjcyZDdjZGJjYTJ-ZDM3YTBhMTAxZjFjZjc4OGNlYmE5ODNkNzQwMWI2M2E=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CGA-rqqc-qwmr-qw72","CGA-vmcg-54pm-cp7r","CVE-2024-27304","GHSA-mrww-27vc-gghv","GO-2024-2606"],"cve":"CVE-2024-27304","id":"GHSA-7jwh-3vrq-q3m8","modified_at":1729574941941,"published_at":1709585125000,"summary":"pgproto3 + SQL Injection via Protocol Message Size Overflow","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"i-0ef9daf3d9bd9c136"},"detection_changed_at":1765838617692,"finding_id":"OWZkNjcxMTNmY2M3ZGJkMTNiNWIxMjcyZDdjZGJjYTJ-ZDM3YTBhMTAxZjFjZjc4OGNlYmE5ODNkNzQwMWI2M2E=","finding_type":"host_and_container_vulnerability","first_seen_at":1765836977473,"host":{"name":"i-0ef9daf3d9bd9c136","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"oddish-b"},"last_seen_at":1765838617692,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["github.com/jackc/pgproto3/v2"],"name":"github.com/jackc/pgproto3/v2","normalized_name":"github.com/jackc/pgproto3/v2","version":"v2.3.2"},"remediation":{"is_available":true,"package":{"base":[{"name":"github.com/jackc/pgproto3/v2","version":"2.3.3"}]},"recommended":{"name":"github.com/jackc/pgproto3/v2","version":"2.3.3"}},"resource_id":"d37a0a101f1cf788ceba983d7401b63a","resource_name":"i-0ef9daf3d9bd9c136","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/roaris/CVE-2024-27304-PoC"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.01391,"epss_severity":"low"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false}},"severity":"high","severity_details":{"adjusted":{"score":8.9,"value":"high","value_id":3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:L/IR:L/AR:L"},"base":{"score":9.3,"value":"critical","value_id":4,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"}},"status":"auto_closed","title":"pgproto3 + SQL Injection via Protocol Message Size Overflow","vulnerability":{"cwes":["CWE-89","CWE-190"],"hash":"f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838617692,"mute":{"is_muted":false}}}},"tags":["fix_version:v2.3.4-0.20250125160525-bc041643406d","exposure_time_days:0","kube_node_role:nodeless","cluster_name:oddish-b","ecosystem:go","event_type:close","orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54","env:staging","base_severity:critical","kube_node:ip-10-128-69-249.ec2.internal","source:datadog","site:datad0g.com","fix_available:available","scored:false","alias:go-2024-2606","kube_node_role:compute","severity:high","asset_type:host","os_name:ubuntu","assignee:none","asset_id:i-0ef9daf3d9bd9c136","assignee_id:none","in_production:false","node.datadoghq.com/flavor:nodeless-fastephemeral","hash:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e","is_kube_cluster_experimental:false","adp_enabled:false","node.datadoghq.com/cgroup:v2","nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge","score:8.9","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","base_score:9.3","kube_cluster_name:oddish-b","instance_type:m6gd.8xlarge","package_version:v2.3.2","alias:ghsa-mrww-27vc-gghv","alias:cga-vmcg-54pm-cp7r","kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge","public_exploit_available:true","dd_rule_type:not-empty","vuln_id:f5b9790b261031aeba5da3e06abc2f1320266b51b957f91df446edc4b8279a7e","os_version:22.04","ng_local_storage:false","close_count:0","vulnerability_status:auto-closed","ng_cluster_autoscaler:true","last_detected_minutes:0","epss_raw_score:0.01391","node.datadoghq.com/base-image:ubuntu_22_04","node.datadoghq.com/version:v6-271-0","datacenter:us1.staging.dog","alias:cve-2024-27304","previous_status:open","package_name:github.com/jackc/pgproto3/v2","cve:cve-2024-27304","alias:cga-rqqc-qwmr-qw72","cpu_arch:arm64","type:component_with_known_vulnerability","eenv:staging","origin:agent","agent_release_candidate_cluster:false","env:staging"],"timestamp":1765838617692}},{"id":"MjU5YjI1MWNiNzU4YzgxMmFkODFjZTIwMWUxNjc4ZWN-ZjA5ZTUwMDgzNWU3ZGVhYzBjOTJjYzU2NmU2NzMyNDQ=","type":"finding","attributes":{"attributes":{"custom":{"advisory":{"aliases":["CVE-2024-41110","GO-2024-3005"],"cve":"CVE-2024-41110","id":"GHSA-v23v-6jw2-98fq","modified_at":1723230467000,"published_at":1722334737000,"summary":"Authz + zero length regression","type":"component_with_known_vulnerability"},"cloud_resource":{"display_name":"i-0e88c4cb2030f0900"},"detection_changed_at":1765838617584,"finding_id":"MjU5YjI1MWNiNzU4YzgxMmFkODFjZTIwMWUxNjc4ZWN-ZjA5ZTUwMDgzNWU3ZGVhYzBjOTJjYzU2NmU2NzMyNDQ=","finding_type":"host_and_container_vulnerability","first_seen_at":1765836323780,"host":{"name":"i-0e88c4cb2030f0900","os":{"name":"ubuntu","version":"22.04"}},"k8s":{"cluster_id":"oddish-b"},"last_seen_at":1765838617584,"metadata":{"schema_version":"2"},"origin":["agent"],"package":{"additional_names":["github.com/docker/docker"],"name":"github.com/docker/docker","normalized_name":"github.com/docker/docker","version":"v26.0.1+incompatible"},"remediation":{"is_available":true,"package":{"base":[{"name":"github.com/docker/docker","version":"26.1.5"}]},"recommended":{"name":"github.com/docker/docker","version":"26.1.5"}},"resource_id":"f09e500835e7deac0c92cc566e673244","resource_name":"i-0e88c4cb2030f0900","resource_type":"host","risk":{"has_exploit_available":true,"has_high_exploitability_chance":true,"is_production":false},"risk_details":{"has_exploit_available":{"evidence":{"exploit_sources":["GitHub"],"exploit_urls":["https://github.com/PauloParoPP/CVE-2024-41110-SCAN","https://github.com/vvpoglazov/cve-2024-41110-checker"],"type":"production_ready"},"impact_cvss":"neutral","value":true},"has_high_exploitability_chance":{"evidence":{"epss_score":0.03074,"epss_severity":"low"},"impact_cvss":"neutral","value":true},"is_production":{"impact_cvss":"safer","value":false}},"severity":"high","severity_details":{"adjusted":{"score":8.8,"value":"high","value_id":3,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:L/IR:L/AR:L"},"base":{"score":9.4,"value":"critical","value_id":4,"vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}},"status":"auto_closed","title":"Authz + zero length regression","vulnerability":{"cwes":["CWE-187"],"hash":"a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f","stack":{"ecosystem":"go","language":"go"}},"workflow":{"auto_closed_at":1765838617584,"mute":{"is_muted":false}}}},"tags":["exposure_time_days:0","package_version:v26.0.1_incompatible","kube_node_role:nodeless","cluster_name:oddish-b","ecosystem:go","event_type:close","orch_cluster_id:b7d5bafd-28f9-42b1-84a9-fa705f4d0d54","env:staging","base_severity:critical","source:datadog","site:datad0g.com","fix_available:available","epss_raw_score:0.03074","scored:false","kube_node_role:compute","severity:high","package_name:github.com/docker/docker","asset_type:host","os_name:ubuntu","assignee:none","vuln_id:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f","assignee_id:none","in_production:false","alias:go-2024-3005","node.datadoghq.com/flavor:nodeless-fastephemeral","is_kube_cluster_experimental:false","adp_enabled:false","node.datadoghq.com/cgroup:v2","score:8.8","nodegroups.datadoghq.com/name:nodeless-fastephemeral-arm64-m6gd-8xlarge","nodegroups.datadoghq.com/namespace:kube-system","tool:infra","asset_id:i-0e88c4cb2030f0900","kube_cluster_name:oddish-b","base_score:9.4","instance_type:m6gd.8xlarge","kube_node_role:nodeless-fastephemeral-arm64-m6gd-8xlarge","public_exploit_available:true","dd_rule_type:not-empty","fix_version:v299999999.0.0-20200612211812-aaf470eca7b5_incompatible","os_version:22.04","ng_local_storage:false","close_count:0","vulnerability_status:auto-closed","ng_cluster_autoscaler:true","last_detected_minutes:0","node.datadoghq.com/base-image:ubuntu_22_04","hash:a0c1f243698c4d84159733c640eaf8598ef772e9b5dc57c61e7943744319bf6f","kube_node:ip-10-128-69-26.ec2.internal","node.datadoghq.com/version:v6-271-0","alias:cve-2024-41110","datacenter:us1.staging.dog","previous_status:open","cpu_arch:arm64","type:component_with_known_vulnerability","eenv:staging","origin:agent","agent_release_candidate_cluster:false","cve:cve-2024-41110","env:staging"],"timestamp":1765838617584}}],"meta":{"elapsed":1369,"page":{"after":"eyJhZnRlciI6IkF3QUFBWnNrTHZ2d2NDUnlSQUFBQUJoQlduTnJUSFoyZDBGQlFsSkxaV05HYVMxcGNVbDNSV2tBQUFBa1pERTVZakkwTW1ZdE1ESXpOQzAwT0RaaUxUZ3hNbVl0T1RGaFlUZ3lOemcyTkRRMkFBQURjQSIsInZhbHVlcyI6WzE3NjU4Mzg2MTc1ODQsIjIwMjUtMTItMTVUMjI6NDM6MzcuNTg0WiIsMTg4MTQzNjc0MF19"},"request_id":"pddv1ChZNOVExUVJTblR5Q3JvSmtydGt3ck9BIi0KHZfc9G79MgJZpw5AiBM4qDleF_HVmgTTjgrQEVbBEgxR6Pf9JbnOhfIiPxQ","status":"done"},"links":{"next":"/api/v2/security/findings?filter%5Bquery%5D=%40severity%3Acritical+OR+%40severity%3Ahigh\u0026page%5Bcursor%5D=eyJhZnRlciI6IkF3QUFBWnNrTHZ2d2NDUnlSQUFBQUJoQlduTnJUSFoyZDBGQlFsSkxaV05HYVMxcGNVbDNSV2tBQUFBa1pERTVZakkwTW1ZdE1ESXpOQzAwT0RaaUxUZ3hNbVl0T1RGaFlUZ3lOemcyTkRRMkFBQURjQSIsInZhbHVlcyI6WzE3NjU4Mzg2MTc1ODQsIjIwMjUtMTItMTVUMjI6NDM6MzcuNTg0WiIsMTg4MTQzNjc0MF19\u0026page%5Blimit%5D=10\u0026sort=-%40detection_changed_at"}}' + headers: + Content-Type: + - application/vnd.api+json + status: + code: 200 + message: OK +recorded_with: VCR 6.0.0 diff --git a/examples/v2/security-monitoring/ListSecurityFindings.rb b/examples/v2/security-monitoring/ListSecurityFindings.rb new file mode 100644 index 00000000000..24f2ad8ce24 --- /dev/null +++ b/examples/v2/security-monitoring/ListSecurityFindings.rb @@ -0,0 +1,8 @@ +# List security findings returns "OK" response + +require "datadog_api_client" +DatadogAPIClient.configure do |config| + config.unstable_operations["v2.list_security_findings".to_sym] = true +end +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new +p api_instance.list_security_findings() diff --git a/examples/v2/security-monitoring/ListSecurityFindings_2925663885.rb b/examples/v2/security-monitoring/ListSecurityFindings_2925663885.rb new file mode 100644 index 00000000000..ec1f6b4489c --- /dev/null +++ b/examples/v2/security-monitoring/ListSecurityFindings_2925663885.rb @@ -0,0 +1,11 @@ +# List security findings returns "OK" response with pagination + +require "datadog_api_client" +DatadogAPIClient.configure do |config| + config.unstable_operations["v2.list_security_findings".to_sym] = true +end +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new +opts = { + page_limit: 5, +} +p api_instance.list_security_findings(opts) diff --git a/examples/v2/security-monitoring/SearchSecurityFindings.rb b/examples/v2/security-monitoring/SearchSecurityFindings.rb new file mode 100644 index 00000000000..63aaaa89175 --- /dev/null +++ b/examples/v2/security-monitoring/SearchSecurityFindings.rb @@ -0,0 +1,16 @@ +# Search security findings returns "OK" response + +require "datadog_api_client" +DatadogAPIClient.configure do |config| + config.unstable_operations["v2.search_security_findings".to_sym] = true +end +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new + +body = DatadogAPIClient::V2::SecurityFindingsSearchRequest.new({ + data: DatadogAPIClient::V2::SecurityFindingsSearchRequestData.new({ + attributes: DatadogAPIClient::V2::SecurityFindingsSearchRequestDataAttributes.new({ + filter: "@severity:(critical OR high)", + }), + }), +}) +p api_instance.search_security_findings(body) diff --git a/examples/v2/security-monitoring/SearchSecurityFindings_3678541639.rb b/examples/v2/security-monitoring/SearchSecurityFindings_3678541639.rb new file mode 100644 index 00000000000..658579f4700 --- /dev/null +++ b/examples/v2/security-monitoring/SearchSecurityFindings_3678541639.rb @@ -0,0 +1,19 @@ +# Search security findings returns "OK" response with pagination + +require "datadog_api_client" +DatadogAPIClient.configure do |config| + config.unstable_operations["v2.search_security_findings".to_sym] = true +end +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new + +body = DatadogAPIClient::V2::SecurityFindingsSearchRequest.new({ + data: DatadogAPIClient::V2::SecurityFindingsSearchRequestData.new({ + attributes: DatadogAPIClient::V2::SecurityFindingsSearchRequestDataAttributes.new({ + filter: "@severity:(critical OR high)", + page: DatadogAPIClient::V2::SecurityFindingsSearchRequestPage.new({ + limit: 1, + }), + }), + }), +}) +p api_instance.search_security_findings(body) diff --git a/features/scenarios_model_mapping.rb b/features/scenarios_model_mapping.rb index 3a27e10133c..485af3454fc 100644 --- a/features/scenarios_model_mapping.rb +++ b/features/scenarios_model_mapping.rb @@ -1386,6 +1386,12 @@ "finding_id" => "String", "snapshot_timestamp" => "Integer", }, + "v2.ListSecurityFindings" => { + "filter_query" => "String", + "page_cursor" => "String", + "page_limit" => "Integer", + "sort" => "SecurityFindingsSort", + }, "v2.DetachCase" => { "body" => "DetachCaseRequest", }, @@ -1402,6 +1408,9 @@ "v2.CreateJiraIssues" => { "body" => "CreateJiraIssueRequestArray", }, + "v2.SearchSecurityFindings" => { + "body" => "SecurityFindingsSearchRequest", + }, "v2.ListAssetsSBOMs" => { "page_token" => "String", "page_number" => "Integer", diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index b3955e02b34..7434addb83f 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -1321,6 +1321,32 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: List security findings returns "Bad Request" response + Given operation "ListSecurityFindings" enabled + And new "ListSecurityFindings" request + And request contains "page[cursor]" parameter with value "invalid_cursor" + When the request is sent + Then the response status is 400 Bad Request + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: List security findings returns "OK" response + Given operation "ListSecurityFindings" enabled + And new "ListSecurityFindings" request + When the request is sent + Then the response status is 200 OK + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: List security findings returns "OK" response with pagination + Given operation "ListSecurityFindings" enabled + And new "ListSecurityFindings" request + And request contains "page[limit]" parameter with value 5 + When the request is sent + Then the response status is 200 OK + And the response "data" has length 5 + And the response "meta.page" has field "after" + And the response "links" has field "next" + @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: List threat hunting jobs returns "Bad Request" response Given operation "ListThreatHuntingJobs" enabled @@ -1574,6 +1600,33 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: Search security findings returns "Bad Request" response + Given operation "SearchSecurityFindings" enabled + And new "SearchSecurityFindings" request + And body with value {"page": {"cursor": "invalid_cursor"}} + When the request is sent + Then the response status is 400 Bad Request + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform + Scenario: Search security findings returns "OK" response + Given operation "SearchSecurityFindings" enabled + And new "SearchSecurityFindings" request + And body with value {"data": {"attributes": {"filter": "@severity:(critical OR high)"}}} + When the request is sent + Then the response status is 200 OK + + @team:DataDog/cloud-security-posture-management @team:DataDog/k9-findings-platform @with-pagination + Scenario: Search security findings returns "OK" response with pagination + Given operation "SearchSecurityFindings" enabled + And new "SearchSecurityFindings" request + And body with value {"data": {"attributes": {"filter": "@severity:(critical OR high)", "page": {"limit": 1}}}} + When the request is sent + Then the response status is 200 OK + And the response "data" has length 1 + And the response "meta.page" has field "after" + And the response "links" has field "next" + @skip @team:DataDog/k9-cloud-security-platform Scenario: Test a rule returns "Bad Request" response Given new "TestSecurityMonitoringRule" request diff --git a/features/v2/undo.json b/features/v2/undo.json index e0f0b98d0c9..6aaa0f3d976 100644 --- a/features/v2/undo.json +++ b/features/v2/undo.json @@ -3732,6 +3732,12 @@ "type": "safe" } }, + "ListSecurityFindings": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "DetachCase": { "tag": "Security Monitoring", "undo": { @@ -3776,6 +3782,12 @@ "type": "unsafe" } }, + "SearchSecurityFindings": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "ListAssetsSBOMs": { "tag": "Security Monitoring", "undo": { diff --git a/lib/datadog_api_client/configuration.rb b/lib/datadog_api_client/configuration.rb index 5afe995637c..f886452f6cf 100644 --- a/lib/datadog_api_client/configuration.rb +++ b/lib/datadog_api_client/configuration.rb @@ -224,12 +224,14 @@ def initialize "v2.list_findings": false, "v2.list_multiple_rulesets": false, "v2.list_scanned_assets_metadata": false, + "v2.list_security_findings": false, "v2.list_security_monitoring_histsignals": false, "v2.list_threat_hunting_jobs": false, "v2.list_vulnerabilities": false, "v2.list_vulnerable_assets": false, "v2.mute_findings": false, "v2.run_threat_hunting_job": false, + "v2.search_security_findings": false, "v2.search_security_monitoring_histsignals": false, "v2.create_dataset": false, "v2.delete_dataset": false, diff --git a/lib/datadog_api_client/inflector.rb b/lib/datadog_api_client/inflector.rb index 3e6e421122a..0ba31345e4f 100644 --- a/lib/datadog_api_client/inflector.rb +++ b/lib/datadog_api_client/inflector.rb @@ -2828,6 +2828,7 @@ def overrides "v2.list_rules_response" => "ListRulesResponse", "v2.list_rules_response_data_item" => "ListRulesResponseDataItem", "v2.list_rules_response_links" => "ListRulesResponseLinks", + "v2.list_security_findings_response" => "ListSecurityFindingsResponse", "v2.list_tags_response" => "ListTagsResponse", "v2.list_tags_response_data" => "ListTagsResponseData", "v2.list_tags_response_data_attributes" => "ListTagsResponseDataAttributes", @@ -3942,6 +3943,18 @@ def overrides "v2.security_filter_update_attributes" => "SecurityFilterUpdateAttributes", "v2.security_filter_update_data" => "SecurityFilterUpdateData", "v2.security_filter_update_request" => "SecurityFilterUpdateRequest", + "v2.security_findings_attributes" => "SecurityFindingsAttributes", + "v2.security_findings_data" => "SecurityFindingsData", + "v2.security_findings_data_type" => "SecurityFindingsDataType", + "v2.security_findings_links" => "SecurityFindingsLinks", + "v2.security_findings_meta" => "SecurityFindingsMeta", + "v2.security_findings_page" => "SecurityFindingsPage", + "v2.security_findings_search_request" => "SecurityFindingsSearchRequest", + "v2.security_findings_search_request_data" => "SecurityFindingsSearchRequestData", + "v2.security_findings_search_request_data_attributes" => "SecurityFindingsSearchRequestDataAttributes", + "v2.security_findings_search_request_page" => "SecurityFindingsSearchRequestPage", + "v2.security_findings_sort" => "SecurityFindingsSort", + "v2.security_findings_status" => "SecurityFindingsStatus", "v2.security_monitoring_filter" => "SecurityMonitoringFilter", "v2.security_monitoring_filter_action" => "SecurityMonitoringFilterAction", "v2.security_monitoring_list_rules_response" => "SecurityMonitoringListRulesResponse", diff --git a/lib/datadog_api_client/v2/api/security_monitoring_api.rb b/lib/datadog_api_client/v2/api/security_monitoring_api.rb index 72c954d50b2..618bb30cf79 100644 --- a/lib/datadog_api_client/v2/api/security_monitoring_api.rb +++ b/lib/datadog_api_client/v2/api/security_monitoring_api.rb @@ -3688,6 +3688,121 @@ def list_security_filters_with_http_info(opts = {}) return data, status_code, headers end + # List security findings. + # + # @see #list_security_findings_with_http_info + def list_security_findings(opts = {}) + data, _status_code, _headers = list_security_findings_with_http_info(opts) + data + end + + # List security findings. + # + # Get a list of security findings that match a search query. + # + # This endpoint requires one of the following permissions: + # - `security_monitoring_findings_read` + # - `appsec_vm_read` + # + # ### Query Syntax + # + # This endpoint uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix. + # + # Example: `@severity:(critical OR high) @status:open team:platform` + # + # @param opts [Hash] the optional parameters + # @option opts [String] :filter_query The search query following log search syntax. + # @option opts [String] :page_cursor Get the next page of results with a cursor provided in the previous query. + # @option opts [Integer] :page_limit The maximum number of findings in the response. + # @option opts [SecurityFindingsSort] :sort Sorts by @detection_changed_at. + # @return [Array<(ListSecurityFindingsResponse, Integer, Hash)>] ListSecurityFindingsResponse data, response status code and response headers + def list_security_findings_with_http_info(opts = {}) + unstable_enabled = @api_client.config.unstable_operations["v2.list_security_findings".to_sym] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.list_security_findings") + else + raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.list_security_findings")) + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.list_security_findings ...' + end + if @api_client.config.client_side_validation && !opts[:'page_limit'].nil? && opts[:'page_limit'] > 150 + fail ArgumentError, 'invalid value for "opts[:"page_limit"]" when calling SecurityMonitoringAPI.list_security_findings, must be smaller than or equal to 150.' + end + if @api_client.config.client_side_validation && !opts[:'page_limit'].nil? && opts[:'page_limit'] < 1 + fail ArgumentError, 'invalid value for "opts[:"page_limit"]" when calling SecurityMonitoringAPI.list_security_findings, must be greater than or equal to 1.' + end + allowable_values = ['@detection_changed_at', '-@detection_changed_at'] + if @api_client.config.client_side_validation && opts[:'sort'] && !allowable_values.include?(opts[:'sort']) + fail ArgumentError, "invalid value for \"sort\", must be one of #{allowable_values}" + end + # resource path + local_var_path = '/api/v2/security/findings' + + # query parameters + query_params = opts[:query_params] || {} + query_params[:'filter[query]'] = opts[:'filter_query'] if !opts[:'filter_query'].nil? + query_params[:'page[cursor]'] = opts[:'page_cursor'] if !opts[:'page_cursor'].nil? + query_params[:'page[limit]'] = opts[:'page_limit'] if !opts[:'page_limit'].nil? + query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil? + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] || 'ListSecurityFindingsResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] + + new_options = opts.merge( + :operation => :list_security_findings, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type, + :api_version => "V2" + ) + + data, status_code, headers = @api_client.call_api(Net::HTTP::Get, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: SecurityMonitoringAPI#list_security_findings\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + + # List security findings. + # + # Provide a paginated version of {#list_security_findings}, returning all items. + # + # To use it you need to use a block: list_security_findings_with_pagination { |item| p item } + # + # @yield [SecurityFindingsData] Paginated items + def list_security_findings_with_pagination(opts = {}) + api_version = "V2" + page_size = @api_client.get_attribute_from_path(opts, "page_limit", 10) + @api_client.set_attribute_from_path(api_version, opts, "page_limit", Integer, page_size) + while true do + response = list_security_findings(opts) + @api_client.get_attribute_from_path(response, "data").each { |item| yield(item) } + if @api_client.get_attribute_from_path(response, "data").length < page_size + break + end + @api_client.set_attribute_from_path(api_version, opts, "page_cursor", String, @api_client.get_attribute_from_path(response, "meta.page.after")) + end + end + # List hist signals. # # @see #list_security_monitoring_histsignals_with_http_info @@ -4777,6 +4892,110 @@ def run_threat_hunting_job_with_http_info(body, opts = {}) return data, status_code, headers end + # Search security findings. + # + # @see #search_security_findings_with_http_info + def search_security_findings(body, opts = {}) + data, _status_code, _headers = search_security_findings_with_http_info(body, opts) + data + end + + # Search security findings. + # + # Get a list of security findings that match a search query. + # + # This endpoint requires one of the following permissions: + # - `security_monitoring_findings_read` + # - `appsec_vm_read` + # + # ### Query Syntax + # + # The API uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix. + # + # Example: `@severity:(critical OR high) @status:open team:platform` + # + # @param body [SecurityFindingsSearchRequest] + # @param opts [Hash] the optional parameters + # @return [Array<(ListSecurityFindingsResponse, Integer, Hash)>] ListSecurityFindingsResponse data, response status code and response headers + def search_security_findings_with_http_info(body, opts = {}) + unstable_enabled = @api_client.config.unstable_operations["v2.search_security_findings".to_sym] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.search_security_findings") + else + raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.search_security_findings")) + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.search_security_findings ...' + end + # verify the required parameter 'body' is set + if @api_client.config.client_side_validation && body.nil? + fail ArgumentError, "Missing the required parameter 'body' when calling SecurityMonitoringAPI.search_security_findings" + end + # resource path + local_var_path = '/api/v2/security/findings/search' + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + # HTTP header 'Content-Type' + header_params['Content-Type'] = @api_client.select_header_content_type(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] || @api_client.object_to_http_body(body) + + # return_type + return_type = opts[:debug_return_type] || 'ListSecurityFindingsResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] + + new_options = opts.merge( + :operation => :search_security_findings, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type, + :api_version => "V2" + ) + + data, status_code, headers = @api_client.call_api(Net::HTTP::Post, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: SecurityMonitoringAPI#search_security_findings\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + + # Search security findings. + # + # Provide a paginated version of {#search_security_findings}, returning all items. + # + # To use it you need to use a block: search_security_findings_with_pagination { |item| p item } + # + # @yield [SecurityFindingsData] Paginated items + def search_security_findings_with_pagination(body, opts = {}) + api_version = "V2" + page_size = @api_client.get_attribute_from_path(body, "data.attributes.page.limit", 10) + @api_client.set_attribute_from_path(api_version, body, "data.attributes.page.limit", SecurityFindingsSearchRequestData, page_size) + while true do + response = search_security_findings(body, opts) + @api_client.get_attribute_from_path(response, "data").each { |item| yield(item) } + if @api_client.get_attribute_from_path(response, "data").length < page_size + break + end + @api_client.set_attribute_from_path(api_version, body, "data.attributes.page.cursor", SecurityFindingsSearchRequestData, @api_client.get_attribute_from_path(response, "meta.page.after")) + end + end + # Search hist signals. # # @see #search_security_monitoring_histsignals_with_http_info diff --git a/lib/datadog_api_client/v2/models/list_security_findings_response.rb b/lib/datadog_api_client/v2/models/list_security_findings_response.rb new file mode 100644 index 00000000000..7eb48c0900b --- /dev/null +++ b/lib/datadog_api_client/v2/models/list_security_findings_response.rb @@ -0,0 +1,127 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # The expected response schema when listing security findings. + class ListSecurityFindingsResponse + include BaseGenericModel + + # Array of security findings matching the search query. + attr_accessor :data + + # Links for pagination. + attr_accessor :links + + # Metadata about the response. + attr_accessor :meta + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'data' => :'data', + :'links' => :'links', + :'meta' => :'meta' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'data' => :'Array', + :'links' => :'SecurityFindingsLinks', + :'meta' => :'SecurityFindingsMeta' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::ListSecurityFindingsResponse` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'data') + if (value = attributes[:'data']).is_a?(Array) + self.data = value + end + end + + if attributes.key?(:'links') + self.links = attributes[:'links'] + end + + if attributes.key?(:'meta') + self.meta = attributes[:'meta'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + data == o.data && + links == o.links && + meta == o.meta && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [data, links, meta, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/security_findings_attributes.rb b/lib/datadog_api_client/v2/models/security_findings_attributes.rb new file mode 100644 index 00000000000..8640d4afb57 --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_findings_attributes.rb @@ -0,0 +1,127 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # The JSON object containing all attributes of the security finding. + class SecurityFindingsAttributes + include BaseGenericModel + + # The custom attributes of the security finding. + attr_accessor :attributes + + # List of tags associated with the security finding. + attr_accessor :tags + + # The Unix timestamp at which the detection changed for the resource. Same value as @detection_changed_at. + attr_accessor :timestamp + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'attributes' => :'attributes', + :'tags' => :'tags', + :'timestamp' => :'timestamp' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'attributes' => :'Hash', + :'tags' => :'Array', + :'timestamp' => :'Integer' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityFindingsAttributes` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'attributes') + self.attributes = attributes[:'attributes'] + end + + if attributes.key?(:'tags') + if (value = attributes[:'tags']).is_a?(Array) + self.tags = value + end + end + + if attributes.key?(:'timestamp') + self.timestamp = attributes[:'timestamp'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + attributes == o.attributes && + tags == o.tags && + timestamp == o.timestamp && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [attributes, tags, timestamp, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/security_findings_data.rb b/lib/datadog_api_client/v2/models/security_findings_data.rb new file mode 100644 index 00000000000..2bf76240f53 --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_findings_data.rb @@ -0,0 +1,125 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # A single security finding. + class SecurityFindingsData + include BaseGenericModel + + # The JSON object containing all attributes of the security finding. + attr_accessor :attributes + + # The unique ID of the security finding. + attr_accessor :id + + # The type of the security finding resource. + attr_accessor :type + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'attributes' => :'attributes', + :'id' => :'id', + :'type' => :'type' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'attributes' => :'SecurityFindingsAttributes', + :'id' => :'String', + :'type' => :'SecurityFindingsDataType' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityFindingsData` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'attributes') + self.attributes = attributes[:'attributes'] + end + + if attributes.key?(:'id') + self.id = attributes[:'id'] + end + + if attributes.key?(:'type') + self.type = attributes[:'type'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + attributes == o.attributes && + id == o.id && + type == o.type && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [attributes, id, type, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/security_findings_data_type.rb b/lib/datadog_api_client/v2/models/security_findings_data_type.rb new file mode 100644 index 00000000000..eaffb223d7c --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_findings_data_type.rb @@ -0,0 +1,26 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # The type of the security finding resource. + class SecurityFindingsDataType + include BaseEnumModel + + FINDING = "finding".freeze + end +end diff --git a/lib/datadog_api_client/v2/models/security_findings_links.rb b/lib/datadog_api_client/v2/models/security_findings_links.rb new file mode 100644 index 00000000000..4d63dcc1a7a --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_findings_links.rb @@ -0,0 +1,105 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Links for pagination. + class SecurityFindingsLinks + include BaseGenericModel + + # Link for the next page of results. Note that paginated requests can also be made using the POST endpoint. + attr_accessor :_next + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'_next' => :'next' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'_next' => :'String' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityFindingsLinks` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'_next') + self._next = attributes[:'_next'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + _next == o._next && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [_next, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/security_findings_meta.rb b/lib/datadog_api_client/v2/models/security_findings_meta.rb new file mode 100644 index 00000000000..aa22b1950e6 --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_findings_meta.rb @@ -0,0 +1,135 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Metadata about the response. + class SecurityFindingsMeta + include BaseGenericModel + + # The time elapsed in milliseconds. + attr_accessor :elapsed + + # Pagination information. + attr_accessor :page + + # The identifier of the request. + attr_accessor :request_id + + # The status of the response. + attr_accessor :status + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'elapsed' => :'elapsed', + :'page' => :'page', + :'request_id' => :'request_id', + :'status' => :'status' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'elapsed' => :'Integer', + :'page' => :'SecurityFindingsPage', + :'request_id' => :'String', + :'status' => :'SecurityFindingsStatus' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityFindingsMeta` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'elapsed') + self.elapsed = attributes[:'elapsed'] + end + + if attributes.key?(:'page') + self.page = attributes[:'page'] + end + + if attributes.key?(:'request_id') + self.request_id = attributes[:'request_id'] + end + + if attributes.key?(:'status') + self.status = attributes[:'status'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + elapsed == o.elapsed && + page == o.page && + request_id == o.request_id && + status == o.status && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [elapsed, page, request_id, status, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/security_findings_page.rb b/lib/datadog_api_client/v2/models/security_findings_page.rb new file mode 100644 index 00000000000..5c17546d60b --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_findings_page.rb @@ -0,0 +1,105 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Pagination information. + class SecurityFindingsPage + include BaseGenericModel + + # The cursor used to get the next page of results. + attr_accessor :after + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'after' => :'after' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'after' => :'String' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityFindingsPage` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'after') + self.after = attributes[:'after'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + after == o.after && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [after, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/security_findings_search_request.rb b/lib/datadog_api_client/v2/models/security_findings_search_request.rb new file mode 100644 index 00000000000..07166f2ccd2 --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_findings_search_request.rb @@ -0,0 +1,105 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # The request body for searching security findings. + class SecurityFindingsSearchRequest + include BaseGenericModel + + # Request data for searching security findings. + attr_accessor :data + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'data' => :'data' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'data' => :'SecurityFindingsSearchRequestData' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityFindingsSearchRequest` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'data') + self.data = attributes[:'data'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + data == o.data && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [data, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/security_findings_search_request_data.rb b/lib/datadog_api_client/v2/models/security_findings_search_request_data.rb new file mode 100644 index 00000000000..4dc28eacc4e --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_findings_search_request_data.rb @@ -0,0 +1,105 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Request data for searching security findings. + class SecurityFindingsSearchRequestData + include BaseGenericModel + + # Request attributes for searching security findings. + attr_accessor :attributes + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'attributes' => :'attributes' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'attributes' => :'SecurityFindingsSearchRequestDataAttributes' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityFindingsSearchRequestData` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'attributes') + self.attributes = attributes[:'attributes'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + attributes == o.attributes && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [attributes, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/security_findings_search_request_data_attributes.rb b/lib/datadog_api_client/v2/models/security_findings_search_request_data_attributes.rb new file mode 100644 index 00000000000..1429cf8788f --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_findings_search_request_data_attributes.rb @@ -0,0 +1,125 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Request attributes for searching security findings. + class SecurityFindingsSearchRequestDataAttributes + include BaseGenericModel + + # The search query following log search syntax. + attr_accessor :filter + + # Pagination attributes for the search request. + attr_accessor :page + + # The sort parameters when querying security findings. + attr_accessor :sort + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'filter' => :'filter', + :'page' => :'page', + :'sort' => :'sort' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'filter' => :'String', + :'page' => :'SecurityFindingsSearchRequestPage', + :'sort' => :'SecurityFindingsSort' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityFindingsSearchRequestDataAttributes` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'filter') + self.filter = attributes[:'filter'] + end + + if attributes.key?(:'page') + self.page = attributes[:'page'] + end + + if attributes.key?(:'sort') + self.sort = attributes[:'sort'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + filter == o.filter && + page == o.page && + sort == o.sort && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [filter, page, sort, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/security_findings_search_request_page.rb b/lib/datadog_api_client/v2/models/security_findings_search_request_page.rb new file mode 100644 index 00000000000..a0ce7a1df3f --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_findings_search_request_page.rb @@ -0,0 +1,137 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Pagination attributes for the search request. + class SecurityFindingsSearchRequestPage + include BaseGenericModel + + # Get the next page of results with a cursor provided in the previous query. + attr_accessor :cursor + + # The maximum number of security findings in the response. + attr_reader :limit + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'cursor' => :'cursor', + :'limit' => :'limit' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'cursor' => :'String', + :'limit' => :'Integer' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityFindingsSearchRequestPage` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'cursor') + self.cursor = attributes[:'cursor'] + end + + if attributes.key?(:'limit') + self.limit = attributes[:'limit'] + end + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + # @!visibility private + def valid? + return false if !@limit.nil? && @limit > 150 + return false if !@limit.nil? && @limit < 1 + true + end + + # Custom attribute writer method with validation + # @param limit [Object] Object to be assigned + # @!visibility private + def limit=(limit) + if !limit.nil? && limit > 150 + fail ArgumentError, 'invalid value for "limit", must be smaller than or equal to 150.' + end + if !limit.nil? && limit < 1 + fail ArgumentError, 'invalid value for "limit", must be greater than or equal to 1.' + end + @limit = limit + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + cursor == o.cursor && + limit == o.limit && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [cursor, limit, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/security_findings_sort.rb b/lib/datadog_api_client/v2/models/security_findings_sort.rb new file mode 100644 index 00000000000..e65cc5b7666 --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_findings_sort.rb @@ -0,0 +1,27 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # The sort parameters when querying security findings. + class SecurityFindingsSort + include BaseEnumModel + + DETECTION_CHANGED_AT_ASC = "@detection_changed_at".freeze + DETECTION_CHANGED_AT_DESC = "-@detection_changed_at".freeze + end +end diff --git a/lib/datadog_api_client/v2/models/security_findings_status.rb b/lib/datadog_api_client/v2/models/security_findings_status.rb new file mode 100644 index 00000000000..da683d6449d --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_findings_status.rb @@ -0,0 +1,27 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # The status of the response. + class SecurityFindingsStatus + include BaseEnumModel + + DONE = "done".freeze + TIMEOUT = "timeout".freeze + end +end