findings
Overview
| Name | findings |
| Type | Resource |
| Id | datadog.security_monitoring.findings |
Fields
| Name | Datatype | Description |
|---|---|---|
id | string | The unique ID for this finding. |
attributes | object | The JSON:API attributes of the detailed finding. |
type | string | The JSON:API type for findings that have the message and resource configuration. |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
get_finding | SELECT | finding_id, dd_site | Returns a single finding with message and resource configuration. |
list_findings | SELECT | dd_site | Get a list of CSPM findings. ### Filtering Filters can be applied by appending query parameters to the URL. - Using a single filter: ?filter[attribute_key]=attribute_value- Chaining filters: ?filter[attribute_key]=attribute_value&filter[attribute_key]=attribute_value...- Filtering on tags: ?filter[tags]=tag_key:tag_value&filter[tags]=tag_key_2:tag_value_2Here, attribute_key can be any of the filter keys described further below.Query parameters of type integer support comparison operators (>, >=, <, <=). This is particularly useful when filtering by evaluation_changed_at or resource_discovery_timestamp. For example: ?filter[evaluation_changed_at]=>20123123121.You can also use the negation operator on strings. For example, use filter[resource_type]=-aws* to filter for any non-AWS resources.The operator must come after the equal sign. For example, to filter with the >= operator, add the operator after the equal sign: filter[evaluation_changed_at]=>=1678809373257.Query parameters must be only among the documented ones and with values of correct types. Duplicated query parameters (e.g. filter[status]=low&filter[status]=info) are not allowed.### Response The response includes an array of finding objects, pagination metadata, and a count of items that match the query. Each finding object contains the following: - The finding ID that can be used in a GetFinding request to retrieve the full finding details.- Core attributes, including status, evaluation, high-level resource details, muted state, and rule details. - evaluation_changed_at and resource_discovery_date time stamps.- An array of associated tags. |
_get_finding | EXEC | finding_id, dd_site | Returns a single finding with message and resource configuration. |
_list_findings | EXEC | dd_site | Get a list of CSPM findings. ### Filtering Filters can be applied by appending query parameters to the URL. - Using a single filter: ?filter[attribute_key]=attribute_value- Chaining filters: ?filter[attribute_key]=attribute_value&filter[attribute_key]=attribute_value...- Filtering on tags: ?filter[tags]=tag_key:tag_value&filter[tags]=tag_key_2:tag_value_2Here, attribute_key can be any of the filter keys described further below.Query parameters of type integer support comparison operators (>, >=, <, <=). This is particularly useful when filtering by evaluation_changed_at or resource_discovery_timestamp. For example: ?filter[evaluation_changed_at]=>20123123121.You can also use the negation operator on strings. For example, use filter[resource_type]=-aws* to filter for any non-AWS resources.The operator must come after the equal sign. For example, to filter with the >= operator, add the operator after the equal sign: filter[evaluation_changed_at]=>=1678809373257.Query parameters must be only among the documented ones and with values of correct types. Duplicated query parameters (e.g. filter[status]=low&filter[status]=info) are not allowed.### Response The response includes an array of finding objects, pagination metadata, and a count of items that match the query. Each finding object contains the following: - The finding ID that can be used in a GetFinding request to retrieve the full finding details.- Core attributes, including status, evaluation, high-level resource details, muted state, and rule details. - evaluation_changed_at and resource_discovery_date time stamps.- An array of associated tags. |
mute_findings | EXEC | data__data, dd_site | Mute or unmute findings. |