provider Security Monitoring GET /api/v2/posture_management/findings
@utdk/datadog /api/v2/posture_management/findings
List findings
Get a list of findings. These include both misconfigurations and identity risks. **Note**: To filter and return only identity risks, add the following query parameter: `?filter[tags]=dd_rule_type:ciem` ### Filtering Filters can be applied by appending query parameters to the URL. - Using a single filter: `?filter[attribute_key]=attribute_value` - Chaining filters: `?filter[attribute_key]=attribute_value&filter[attribute_key]=attribute_value...` - Filtering on tags: `?filter[tags]=tag_key:tag_value&filter[tags]=tag_key_2:tag_value_2` Here, `attribute_key` can be any of the filter keys described further below. Query parameters of type `integer` support comparison operators (`>`, `>=`, `<`, `<=`). This is particularly useful when filtering by `evaluation_changed_at` or `resource_discovery_timestamp`. For example: `?filter[evaluation_changed_at]=>20123123121`. You can also use the negation operator on strings. For example, use `filter[resource_type]=-aws*` to filter for any non-AWS resources. The operator must come after the equal sign. For example, to filter with the `>=` operator, add the operator after the equal sign: `filter[evaluation_changed_at]=>=1678809373257`. Query parameters must be only among the documented ones and with values of correct types. Duplicated query parameters (e.g. `filter[status]=low&filter[status]=info`) are not allowed. ### Additional extension fields Additional extension fields are available for some findings. The data is available when you include the query parameter `?detailed_findings=true` in the request. The following fields are available for findings: - `external_id`: The resource external ID related to the finding. - `description`: The description and remediation steps for the finding. - `datadog_link`: The Datadog relative link for the finding. - `ip_addresses`: The list of private IP addresses for the resource related to the finding. ### Response The response includes an array of finding objects, pagination metadata, and a count of items that match the query. Each finding object contains the following: - The finding ID that can be used in a `GetFinding` request to retrieve the full finding details. - Core attributes, including status, evaluation, high-level resource details, muted state, and rule details. - `evaluation_changed_at` and `resource_discovery_date` time stamps. - An array of associated tags.
page[limit] query
Limit the number of findings returned. Must be <= 1000.
integer
snapshot_timestamp query
Return findings for a given snapshot of time (Unix ms).
integer
page[cursor] query
Return the next page of findings pointed to by the cursor.
string
filter[tags] query
Return findings that have these associated tags (repeatable).
string
filter[evaluation_changed_at] query
Return findings that have changed from pass to fail or vice versa on a specified date (Unix ms) or date range (using comparison operators).
string
filter[muted] query
Set to `true` to return findings that are muted. Set to `false` to return unmuted findings.
boolean
filter[rule_id] query
Return findings for the specified rule ID.
string
filter[rule_name] query
Return findings for the specified rule.
string
filter[resource_type] query
Return only findings for the specified resource type.
string
filter[@resource_id] query
Return only findings for the specified resource id.
string
filter[discovery_timestamp] query
Return findings that were found on a specified date (Unix ms) or date range (using comparison operators).
string
filter[evaluation] query
Return only `pass` or `fail` findings.
enum: pass, fail
filter[status] query
Return only findings with the specified status.
enum: critical, high, medium, low…
filter[vulnerability_type] query
Return findings that match the selected vulnerability types (repeatable).
array
detailed_findings query
Return additional fields for some findings.
boolean

Try it

Authentication
Configure credentials for Datadog API V2 Collection
Gateway
The gateway proxies requests and injects credentials server-side. Configure credentials above, then enter your gateway URL.

Saved automatically to browser storage.

listfindings
GET/api/v2/posture_management/findings
Get a list of findings. These include both misconfigurations and identity risks. **Note**: To filter and return only identity risks, add the following query parameter: `?filter[tags]=dd_rule_type:ciem` ### Filtering Filters can be applied by appending query parameters to the URL. - Using a single filter: `?filter[attribute_key]=attribute_value` - Chaining filters: `?filter[attribute_key]=attribute_value&filter[attribute_key]=attribute_value...` - Filtering on tags: `?filter[tags]=tag_key:tag_value&filter[tags]=tag_key_2:tag_value_2` Here, `attribute_key` can be any of the filter keys described further below. Query parameters of type `integer` support comparison operators (`>`, `>=`, `<`, `<=`). This is particularly useful when filtering by `evaluation_changed_at` or `resource_discovery_timestamp`. For example: `?filter[evaluation_changed_at]=>20123123121`. You can also use the negation operator on strings. For example, use `filter[resource_type]=-aws*` to filter for any non-AWS resources. The operator must come after the equal sign. For example, to filter with the `>=` operator, add the operator after the equal sign: `filter[evaluation_changed_at]=>=1678809373257`. Query parameters must be only among the documented ones and with values of correct types. Duplicated query parameters (e.g. `filter[status]=low&filter[status]=info`) are not allowed. ### Additional extension fields Additional extension fields are available for some findings. The data is available when you include the query parameter `?detailed_findings=true` in the request. The following fields are available for findings: - `external_id`: The resource external ID related to the finding. - `description`: The description and remediation steps for the finding. - `datadog_link`: The Datadog relative link for the finding. - `ip_addresses`: The list of private IP addresses for the resource related to the finding. ### Response The response includes an array of finding objects, pagination metadata, and a count of items that match the query. Each finding object contains the following: - The finding ID that can be used in a `GetFinding` request to retrieve the full finding details. - Core attributes, including status, evaluation, high-level resource details, muted state, and rule details. - `evaluation_changed_at` and `resource_discovery_date` time stamps. - An array of associated tags.

Limit the number of findings returned. Must be <= 1000.

Return findings for a given snapshot of time (Unix ms).

Return the next page of findings pointed to by the cursor.

Return findings that have these associated tags (repeatable).

Return findings that have changed from pass to fail or vice versa on a specified date (Unix ms) or date range (using comparison operators).

Set to `true` to return findings that are muted. Set to `false` to return unmuted findings.

Return findings for the specified rule ID.

Return findings for the specified rule.

Return only findings for the specified resource type.

Return only findings for the specified resource id.

Return findings that were found on a specified date (Unix ms) or date range (using comparison operators).

Return only `pass` or `fail` findings.

Return only findings with the specified status.

Return findings that match the selected vulnerability types (repeatable).

Return additional fields for some findings.

Enter a gateway URL above to enable sending.

Code snippet
Updates live as you fill in the form above.

TypeScript

import datadog from '@utdk/datadog';

await datadog.listfindings({
  "page[limit]": 100
})