--- title: Get a finding description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Security Monitoring --- # Get a finding{% #get-a-finding %} Copy pageCopied {% tab title="v2" %} **Note**: This endpoint uses the legacy security findings data model and is planned for deprecation. Use the [search security findings endpoint](https://docs.datadoghq.com/api/latest/security-monitoring.md#search-security-findings), which is based on the [new security findings schema](https://docs.datadoghq.com/security/guide/findings-schema.md), to search security findings. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). | Datadog site | API endpoint | | ----------------- | --------------------------------------------------------------------------------- | | ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/posture_management/findings/{finding_id} | | ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/posture_management/findings/{finding_id} | | app.datadoghq.eu | GET https://api.datadoghq.eu/api/v2/posture_management/findings/{finding_id} | | app.ddog-gov.com | GET https://api.ddog-gov.com/api/v2/posture_management/findings/{finding_id} | | us2.ddog-gov.com | GET https://api.us2.ddog-gov.com/api/v2/posture_management/findings/{finding_id} | | app.datadoghq.com | GET https://api.datadoghq.com/api/v2/posture_management/findings/{finding_id} | | us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/posture_management/findings/{finding_id} | | us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/posture_management/findings/{finding_id} | ### Overview Returns a single finding with message and resource configuration. OAuth apps require the `security_monitoring_findings_read` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#security-monitoring) to access this endpoint. ### Arguments #### Path Parameters | Name | Type | Description | | ---------------------------- | ------ | ---------------------- | | finding_id [*required*] | string | The ID of the finding. | #### Query Strings | Name | Type | Description | | ------------------ | ------- | ---------------------------------------------------------- | | snapshot_timestamp | integer | Return the finding for a given snapshot of time (Unix ms). | ### Response {% tab title="200" %} OK {% tab title="Model" %} The expected response schema when getting a finding. | Parent field | Field | Type | Description | | ------------ | ----------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | data [*required*] | object | A single finding with with message and resource configuration. | | data | attributes | object | The JSON:API attributes of the detailed finding. | | attributes | evaluation | enum | The evaluation of the finding. Allowed enum values: `pass,fail` | | attributes | evaluation_changed_at | int64 | The date on which the evaluation for this finding changed (Unix ms). | | attributes | message | string | The remediation message for this finding. | | attributes | mute | object | Information about the mute status of this finding. | | mute | description | string | Additional information about the reason why this finding is muted or unmuted. | | mute | expiration_date | int64 | The expiration date of the mute or unmute action (Unix ms). | | mute | muted | boolean | Whether this finding is muted or unmuted. | | mute | reason | enum | The reason why this finding is muted or unmuted. Allowed enum values: `PENDING_FIX,FALSE_POSITIVE,ACCEPTED_RISK,NO_PENDING_FIX,HUMAN_ERROR,NO_LONGER_ACCEPTED_RISK,OTHER` | | mute | start_date | int64 | The start of the mute period. | | mute | uuid | string | The ID of the user who muted or unmuted this finding. | | attributes | resource | string | The resource name of this finding. | | attributes | resource_configuration | object | The resource configuration for this finding. | | attributes | resource_discovery_date | int64 | The date on which the resource was discovered (Unix ms). | | attributes | resource_type | string | The resource type of this finding. | | attributes | rule | object | The rule that triggered this finding. | | rule | id | string | The ID of the rule that triggered this finding. | | rule | name | string | The name of the rule that triggered this finding. | | attributes | status | enum | The status of the finding. Allowed enum values: `critical,high,medium,low,info` | | attributes | tags | [string] | The tags associated with this finding. | | data | id | string | The unique ID for this finding. | | data | type | enum | The JSON:API type for findings that have the message and resource configuration. Allowed enum values: `detailed_finding` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "evaluation": "pass", "evaluation_changed_at": 1678721573794, "message": "## Remediation\n\n### From the console\n\n1. Go to Storage Account\n2. For each Storage Account, navigate to Data Protection\n3. Select Set soft delete enabled and enter the number of days to retain soft deleted data.", "mute": { "description": "To be resolved later", "expiration_date": 1778721573794, "muted": true, "reason": "ACCEPTED_RISK", "start_date": 1678721573794, "uuid": "e51c9744-d158-11ec-ad23-da7ad0900002" }, "resource": "my_resource_name", "resource_configuration": {}, "resource_discovery_date": 1678721573794, "resource_type": "azure_storage_account", "rule": { "id": "dv2-jzf-41i", "name": "Soft delete is enabled for Azure Storage" }, "status": "critical", "tags": [ "cloud_provider:aws", "myTag:myValue" ] }, "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==", "type": "detailed_finding" } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request: The server cannot process the request due to invalid syntax in the request. {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Forbidden: Access denied {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} {% tab title="404" %} Not Found: The requested finding cannot be found. {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests: The rate limit set by the API has been exceeded. {% tab title="Model" %} API error response. | Parent field | Field | Type | Description | | ------------ | ------------------------ | -------- | ------------------------------------------------------------------------------- | | | errors [*required*] | [object] | A list of errors. | | errors | detail | string | A human-readable explanation specific to this occurrence of the error. | | errors | meta | object | Non-standard meta-information about the error | | errors | source | object | References to the source of the error. | | source | header | string | A string indicating the name of a single request header which caused the error. | | source | parameter | string | A string indicating which URI query parameter caused the error. | | source | pointer | string | A JSON pointer to the value in the request document that caused the error. | | errors | status | string | Status code of the response. | | errors | title | string | Short human-readable summary of the error. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ { "detail": "Missing required attribute in body", "meta": {}, "source": { "header": "Authorization", "parameter": "limit", "pointer": "/data/attributes/title" }, "status": "400", "title": "Bad Request" } ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \# Path parameters export finding_id="CHANGE_ME" \# Curl command curl -X GET "https://api.datadoghq.com/api/v2/posture_management/findings/${finding_id}" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" ##### ```python """ Get a finding returns "OK" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi configuration = Configuration() configuration.unstable_operations["get_finding"] = True with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) response = api_instance.get_finding( finding_id="AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz", ) print(response) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Get a finding returns "OK" response require "datadog_api_client" DatadogAPIClient.configure do |config| config.unstable_operations["v2.get_finding".to_sym] = true end api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new p api_instance.get_finding("AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz") ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```go // Get a finding returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() configuration.SetUnstableOperationEnabled("v2.GetFinding", true) apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewSecurityMonitoringApi(apiClient) resp, r, err := api.GetFinding(ctx, "AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz", *datadogV2.NewGetFindingOptionalParameters()) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetFinding`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetFinding`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Get a finding returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.SecurityMonitoringApi; import com.datadog.api.client.v2.model.GetFindingResponse; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); defaultClient.setUnstableOperationEnabled("v2.getFinding", true); SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); try { GetFindingResponse result = apiInstance.getFinding( "AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz"); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling SecurityMonitoringApi#getFinding"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```rust // Get a finding returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_security_monitoring::GetFindingOptionalParams; use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI; #[tokio::main] async fn main() { let mut configuration = datadog::Configuration::new(); configuration.set_unstable_operation_enabled("v2.GetFinding", true); let api = SecurityMonitoringAPI::with_config(configuration); let resp = api .get_finding( "AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz".to_string(), GetFindingOptionalParams::default(), ) .await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Get a finding returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); configuration.unstableOperations["v2.getFinding"] = true; const apiInstance = new v2.SecurityMonitoringApi(configuration); const params: v2.SecurityMonitoringApiGetFindingRequest = { findingId: "AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz", }; apiInstance .getFinding(params) .then((data: v2.GetFindingResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}