For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/ddsql_reference/data_directory/dd/dd.security_findings.dataset.md. A documentation index is available at /llms.txt.

Security Findings

This dataset provides access to Datadog Security Findings, which represent the results of evaluating cloud resources, code repositories, container images, and host configurations against compliance and vulnerability rules. Each finding produces a Pass or Fail status and includes the resource configuration, applied compliance rules mapped to industry frameworks, severity scores, and remediation guidance. Resources are scanned at regular intervals and findings are retained for up to 15 months.

dd.security_findings

Cloud Security Misconfigurations Findings Public Documentation

Security Findings API Public Documentation

Query Parameters

This dataset uses a polymorphic table function. You must specify parameters when querying.

ParameterTypeRequiredDescription
columnsarray<string>YesList of fields to return for each finding (e.g., ’timestamp’, ‘@status’, ‘@severity’, ‘@rule.name’, ‘@resource_id’). Must follow with AS (…) to name and type outputs.
filterstringNoOptional search string. For example: filter => ‘@status:open AND @severity:high’.

Example Queries

-- Fetch open high-severity findings
SELECT * FROM dd.security_findings(
  columns => ARRAY[
    'timestamp',
    '@status',
    '@severity',
    '@rule.name',
    '@rule.type',
    '@resource_id',
    '@resource_name',
    '@cloud_resource.cloud_provider',
    '@compliance.evaluation'
  ],
  filter => '@status:open AND @severity:high'
) AS (
  ts               TIMESTAMP,
  status           VARCHAR,
  severity         VARCHAR,
  rule_name        VARCHAR,
  rule_type        VARCHAR,
  resource_id      VARCHAR,
  resource_name    VARCHAR,
  cloud_provider   VARCHAR,
  evaluation       VARCHAR
);

Fields

TitleIDTypeData TypeDescription
Severity@severityevent_attributestringSeverity level of the finding (e.g., info, low, medium, high, critical).
Status@statusevent_attributestringEvaluation status of the finding (e.g., passed, failed).
Resource ID@resource_idevent_attributestringUnique identifier of the evaluated resource.
Resource Name@resource_nameevent_attributestringHuman-readable name of the evaluated resource.
Resource Category@resource_categoryevent_attributestringCategory of the evaluated resource.
Title@titleevent_attributestringDisplay title of the finding.
Origin@originevent_attributearray<string>Sources that detected this finding (e.g., cspm, sca, infra).
Description@descriptionevent_attributestringDetailed description of the finding and the rule that generated it.
Exposure Time@exposure_time_secondsevent_attributeint64Duration in seconds the resource has been in the current finding state.
Finding Type@finding_typeevent_attributestringType of finding (e.g., misconfiguration, vulnerability, identity_risk).
Finding ID@finding_idevent_attributestringUnique identifier for the finding.
First Seen At@first_seen_atevent_attributeint64Timestamp (epoch milliseconds) when the finding was first detected.
Last Seen At@last_seen_atevent_attributeint64Timestamp (epoch milliseconds) when the finding was most recently seen.
Detection Changed At@detection_changed_atevent_attributeint64Timestamp (epoch milliseconds) when the detection status last changed.
Schema Version@metadata.schema_versionevent_attributestringVersion of the finding metadata schema.
Source Finding Raw Data@source_finding_raw_dataevent_attributejsonRaw finding data from the source detection engine.
Base Severity Value@severity_details.base.valueevent_attributejsonBase severity value object.
Base Severity Value ID@severity_details.base.value_idevent_attributeint64Numeric identifier for the base severity value.
Base Severity Score@severity_details.base.scoreevent_attributefloat64Base severity score (e.g., CVSS score for vulnerabilities).
Base Severity Vector@severity_details.base.vectorevent_attributestringCVSS vector string describing the base severity.
Adjusted Severity@severity_details.adjustedevent_attributejsonAdjusted severity details after applying contextual risk factors.
Assignee Name@workflow.triage.assignee.nameevent_attributestringName of the user assigned to triage this finding.
Assignee ID@workflow.triage.assignee.idevent_attributestringUnique identifier of the assigned user.
Assignee Updated At@workflow.triage.assignee.updated_atevent_attributeint64Timestamp (epoch milliseconds) when the assignee was last updated.
Assignee Updated By ID@workflow.triage.assignee.updated_by.idevent_attributestringID of the user who last updated the assignee.
Assignee Updated By Name@workflow.triage.assignee.updated_by.nameevent_attributestringName of the user who last updated the assignee.
Time to Acknowledge@workflow.triage.time_to_acknowledge_secondsevent_attributeint64Time in seconds from finding creation to first acknowledgement.
Time to Resolution@workflow.triage.time_to_resolution_secondsevent_attributeint64Time in seconds from finding creation to resolution.
Auto Closed At@workflow.auto_closed_atevent_attributeint64Timestamp (epoch milliseconds) when the finding was automatically closed.
Due At@workflow.due_date.due_atevent_attributeint64Timestamp (epoch milliseconds) when the finding is due for remediation.
Is Overdue@workflow.due_date.is_overdueevent_attributeboolWhether the finding has passed its remediation due date.
Due Date Rule ID@workflow.due_date.rule_idevent_attributestringID of the rule that set the due date.
Is Muted@workflow.mute.is_mutedevent_attributeboolWhether the finding is currently muted.
Mute Reason@workflow.mute.reasonevent_attributestringReason why the finding was muted.
Mute Description@workflow.mute.descriptionevent_attributestringDetailed description of why the finding was muted.
Mute Expire At@workflow.mute.expire_atevent_attributeint64Timestamp (epoch milliseconds) when the mute expires.
Is Muted By Rule@workflow.mute.is_muted_by_ruleevent_attributeboolWhether the finding was muted by an automated rule.
Mute Rule ID@workflow.mute.rule_idevent_attributestringID of the rule that muted this finding.
Mute Rule Name@workflow.mute.rule_nameevent_attributestringName of the rule that muted this finding.
Muted At@workflow.mute.muted_atevent_attributeint64Timestamp (epoch milliseconds) when the finding was muted.
Muted By ID@workflow.mute.muted_by.idevent_attributestringID of the user who muted this finding.
Muted By Name@workflow.mute.muted_by.nameevent_attributestringName of the user who muted this finding.
Automations@workflow.automationsevent_attributejsonJSON structure with automation configurations applied to this finding.
Integration Cases@workflow.integrations.casesevent_attributejsonJSON structure with linked case management entries.
Integration Jira@workflow.integrations.jiraevent_attributearray<string>Array of linked Jira ticket identifiers.
Integration Pull Requests@workflow.integrations.pull_requestsevent_attributejsonJSON structure with linked pull request information.
Has Sensitive Data@risk.has_sensitive_dataevent_attributeboolWhether the resource is known to contain sensitive data.
Is Function Reachable@risk.is_function_reachableevent_attributeboolWhether a vulnerable function is reachable in the call graph.
Is Exposed to Attacks@risk.is_exposed_to_attacksevent_attributeboolWhether the resource is exposed to active attacks.
Has Privileged Access@risk.has_privileged_accessevent_attributeboolWhether the resource has privileged access.
Is Production@risk.is_productionevent_attributeboolWhether the resource is in a production environment.
Is Publicly Accessible@risk.is_publicly_accessibleevent_attributeboolWhether the resource is publicly accessible.
Has Exploit Available@risk.has_exploit_availableevent_attributeboolWhether a known exploit exists for the vulnerability.
Has High Exploitability Chance@risk.has_high_exploitability_chanceevent_attributeboolWhether the vulnerability has a high chance of being exploited (based on EPSS).
Sensitive Data Impact CVSS@risk_detail.has_sensitive_data.impact_cvssevent_attributestringCVSS impact adjustment for sensitive data presence.
Sensitive Data Value@risk_detail.has_sensitive_data.valueevent_attributeboolWhether sensitive data was detected.
Sensitive Data SDS ID@risk_detail.has_sensitive_data.evidence.sds_idevent_attributestringSensitive Data Scanner rule ID that detected the data.
Function Reachable Impact CVSS@risk_detail.is_function_reachable.impact_cvssevent_attributestringCVSS impact adjustment for function reachability.
Function Reachable Value@risk_detail.is_function_reachable.valueevent_attributeboolWhether a vulnerable function is reachable.
Reachable Location Filename@risk_detail.is_function_reachable.evidence.locations.filenameevent_attributestringFilename where the reachable function is located.
Reachable Location Start Line@risk_detail.is_function_reachable.evidence.locations.start.lineevent_attributeint64Start line of the reachable function.
Reachable Location Start Column@risk_detail.is_function_reachable.evidence.locations.start.colevent_attributeint64Start column of the reachable function.
Reachable Location End Line@risk_detail.is_function_reachable.evidence.locations.end.lineevent_attributeint64End line of the reachable function.
Reachable Location End Column@risk_detail.is_function_reachable.evidence.locations.end.colevent_attributeint64End column of the reachable function.
Reachable Location Is Test File@risk_detail.is_function_reachable.evidence.locations.is_test_fileevent_attributeboolWhether the reachable function is in a test file.
Reachable Location URL@risk_detail.is_function_reachable.evidence.locations.urlevent_attributestringURL to the reachable function location in source control.
Reachable Location Symbol@risk_detail.is_function_reachable.evidence.locations.symbolevent_attributestringSymbol name of the reachable function.
Exposed to Attacks Impact CVSS@risk_detail.is_exposed_to_attacks.impact_cvssevent_attributestringCVSS impact adjustment for attack exposure.
Exposed to Attacks Value@risk_detail.is_exposed_to_attacks.valueevent_attributeboolWhether the resource is exposed to attacks.
Attack Trace Example@risk_detail.is_exposed_to_attacks.evidence.trace_exampleevent_attributejsonExample trace showing attack exposure.
Attack Trace Query@risk_detail.is_exposed_to_attacks.evidence.trace_queryevent_attributestringQuery to find traces showing attack exposure.
Attack Details@risk_detail.is_exposed_to_attacks.evidence.attacks_detailsevent_attributejsonDetails about detected attacks.
Privileged Access Impact CVSS@risk_detail.has_privileged_access.impact_cvssevent_attributestringCVSS impact adjustment for privileged access.
Privileged Access Value@risk_detail.has_privileged_access.valueevent_attributeboolWhether the resource has privileged access.
Privileged Access CCRID@risk_detail.has_privileged_access.evidence.ccridevent_attributestringCloud Configuration Resource ID with privileged access.
Production Impact CVSS@risk_detail.is_production.impact_cvssevent_attributestringCVSS impact adjustment for production environment.
Production Value@risk_detail.is_production.valueevent_attributeboolWhether the resource is in production.
Production Evidence@risk_detail.is_production.evidenceevent_attributejsonEvidence supporting the production classification.
Publicly Accessible Impact CVSS@risk_detail.is_publicly_accessible.impact_cvssevent_attributestringCVSS impact adjustment for public accessibility.
Publicly Accessible Value@risk_detail.is_publicly_accessible.valueevent_attributeboolWhether the resource is publicly accessible.
Publicly Accessible CCRID@risk_detail.is_publicly_accessible.evidence.ccridevent_attributestringCloud Configuration Resource ID that is publicly accessible.
Exploit Available Impact CVSS@risk_detail.has_exploit_available.impact_cvssevent_attributestringCVSS impact adjustment for exploit availability.
Exploit Available Value@risk_detail.has_exploit_available.valueevent_attributeboolWhether an exploit is available.
Exploit Type@risk_detail.has_exploit_available.evidence.typeevent_attributestringType of exploit available.
Exploit URLs@risk_detail.has_exploit_available.evidence.exploit_urlsevent_attributearray<string>URLs to exploit references.
Exploit Sources@risk_detail.has_exploit_available.evidence.exploit_sourcesevent_attributearray<string>Sources where exploits were found.
High Exploitability Impact CVSS@risk_detail.has_high_exploitability_chance.impact_cvssevent_attributestringCVSS impact adjustment for high exploitability.
High Exploitability Value@risk_detail.has_high_exploitability_chance.valueevent_attributeboolWhether the vulnerability has a high exploitability chance.
EPSS Score@risk_detail.has_high_exploitability_chance.evidence.epss_scoreevent_attributefloat64Exploit Prediction Scoring System score (0.0 to 1.0).
EPSS Severity@risk_detail.has_high_exploitability_chance.evidence.epss_severityevent_attributestringSeverity classification based on EPSS score.
EPSS Threshold@risk_detail.has_high_exploitability_chance.evidence.thresholdevent_attributefloat64EPSS threshold used for classification.
Rule Type@rule.typeevent_attributestringType of the rule that generated the finding (e.g., cloud_configuration, vulnerability).
Rule Name@rule.nameevent_attributestringName of the rule that generated the finding.
Rule ID@rule.idevent_attributestringUnique identifier of the rule.
Rule Version@rule.versionevent_attributeint64Version number of the rule.
Rule Compatible Version@rule.compatible_versionevent_attributeint64Compatible version number of the rule.
Default Rule ID@rule.default_rule_idevent_attributestringID of the default rule this custom rule is based on.
Advisory ID@advisory.idevent_attributestringUnique identifier of the advisory.
CVE@advisory.cveevent_attributestringCVE identifier for the vulnerability (e.g., CVE-2024-1234).
Advisory Aliases@advisory.aliasesevent_attributearray<string>Alternative identifiers for the advisory.
Advisory Published At@advisory.published_atevent_attributeint64Timestamp (epoch milliseconds) when the advisory was published.
Advisory Modified At@advisory.modified_atevent_attributeint64Timestamp (epoch milliseconds) when the advisory was last modified.
Advisory Summary@advisory.summaryevent_attributestringSummary description of the vulnerability advisory.
Advisory Type@advisory.typeevent_attributestringType of the advisory (e.g., vulnerability, malware).
Vulnerability Language@vulnerability.languageevent_attributestringProgramming language of the vulnerable component.
CWEs@vulnerability.cwesevent_attributearray<string>Common Weakness Enumeration identifiers.
Vulnerability Hash@vulnerability.hashevent_attributestringHash identifying the vulnerability instance.
Vulnerability First Commit@vulnerability.first_commitevent_attributestringFirst commit SHA where the vulnerability was detected.
Vulnerability Last Commit@vulnerability.last_commitevent_attributestringLast commit SHA where the vulnerability was detected.
Vulnerability Key@vulnerability.keyevent_attributestringUnique key identifying the vulnerability.
Remediation Available@remediation.is_availableevent_attributeboolWhether a remediation recommendation is available.
Fixed Advisories@remediation.recommended.fixed_advisoriesevent_attributejsonAdvisories fixed by the recommended remediation.
New Advisories@remediation.recommended.new_advisoriesevent_attributejsonNew advisories introduced by the recommended remediation.
Remaining Advisories@remediation.recommended.remaining_advisoriesevent_attributejsonAdvisories remaining after the recommended remediation.
Recommended Package Name@remediation.recommended.nameevent_attributestringName of the recommended package for remediation.
Recommended Package Version@remediation.recommended.versionevent_attributestringVersion of the recommended package for remediation.
Recommended Remediation Type@remediation.recommended_typeevent_attributestringType of the recommended remediation.
Remediation Description@remediation.descriptionevent_attributestringDescription of the recommended remediation steps.
Latest No Critical Package@remediation.package.latest_no_criticalevent_attributejsonLatest package version with no critical vulnerabilities.
Closest No Critical Package@remediation.package.closest_no_criticalevent_attributejsonClosest package version with no critical vulnerabilities.
Latest No Vulnerabilities Package@remediation.package.latest_no_vulnerabilitiesevent_attributejsonLatest package version with no known vulnerabilities.
Closest No Vulnerabilities Package@remediation.package.closest_no_vulnerabilitiesevent_attributejsonClosest package version with no known vulnerabilities.
Latest No Vulnerabilities Host Image@remediation.host_image.latest_no_vulnerabilitiesevent_attributejsonLatest host image version with no known vulnerabilities.
Closest No Vulnerabilities Container Image@remediation.container_image.closest_no_vulnerabilitiesevent_attributejsonClosest container image version with no known vulnerabilities.
Code Update Type@remediation.code_update.update_typeevent_attributestringType of code update for remediation.
Code Update Edits@remediation.code_update.editsevent_attributejsonSuggested code edits for remediation.
Compliance Evaluation@compliance.evaluationevent_attributestringCompliance evaluation result (e.g., pass, fail).
Compliance Frameworks@compliance.frameworksevent_attributejsonJSON structure listing compliance frameworks and controls this finding maps to.
Framework Requirements@compliance.framework_requirementsevent_attributearray<string>Array of compliance framework requirement identifiers.
Framework Requirement Controls@compliance.framework_requirement_controlsevent_attributearray<string>Array of compliance framework requirement control identifiers.
Cloud Resource Tags@cloud_resource.tagsevent_attributehstoreTags associated with the cloud resource.
Cloud Resource Type@cloud_resource.typeevent_attributestringType of the cloud resource (e.g., aws_s3_bucket, gcp_compute_instance).
Cloud Resource Category@cloud_resource.categoryevent_attributestringCategory of the cloud resource.
Cloud Resource Key@cloud_resource.keyevent_attributestringUnique key for the cloud resource.
Cloud Provider URL@cloud_resource.cloud_provider_urlevent_attributestringURL to the resource in the cloud provider's console.
Cloud Provider@cloud_resource.cloud_providerevent_attributestringCloud provider of the resource (e.g., aws, gcp, azure).
Cloud Resource Configuration@cloud_resource.configurationevent_attributejsonFull JSON configuration of the cloud resource.
Cloud Account@cloud_resource.accountevent_attributestringCloud account or project identifier.
Cloud Resource Display Name@cloud_resource.display_nameevent_attributestringHuman-readable display name of the cloud resource.
Cloud Region@cloud_resource.regionevent_attributestringCloud region where the resource is deployed.
Cloud Availability Zone@cloud_resource.availability_zoneevent_attributestringAvailability zone within the cloud region.
Public Accessibility Paths@cloud_resource.public_accessibility_pathsevent_attributearray<string>Paths through which the resource is publicly accessible.
Public Port Ranges@cloud_resource.public_port_rangesevent_attributejsonPort ranges that are publicly accessible.
IaC Provider@iac_resource.providerevent_attributestringInfrastructure-as-Code provider (e.g., terraform, cloudformation).
IaC Platform@iac_resource.platformevent_attributestringIaC platform (e.g., terraform, ansible).
IaC Resource Type@iac_resource.typeevent_attributestringType of the IaC resource.
IaC Resource Name@iac_resource.nameevent_attributestringName of the IaC resource.
Kubernetes Cluster ID@k8s.cluster_idevent_attributestringKubernetes cluster identifier.
Host Name@host.nameevent_attributestringName of the host associated with the finding.
Host Key@host.keyevent_attributestringUnique key for the host.
Host Cloud Provider@host.cloud_providerevent_attributestringCloud provider of the host.
Host Image@host.imageevent_attributestringImage used to create the host.
Host OS Name@host.os.nameevent_attributestringOperating system name of the host.
Host OS Version@host.os.versionevent_attributestringOperating system version of the host.
Service Name@service.nameevent_attributestringName of the service associated with the finding.
Service Git Commit SHA@service.git_commit_shaevent_attributestringGit commit SHA of the service deployment.
Service Git Repository URL@service.git_repository_urlevent_attributestringGit repository URL of the service.
Container Image Registries@container_image.registriesevent_attributearray<string>Container registries where the image is hosted.
Container Image Repository@container_image.repositoryevent_attributestringRepository of the container image.
Container Image Repo Digests@container_image.repo_digestsevent_attributearray<string>Repository digests of the container image.
Container Image Git Commit SHA@container_image.git_commit_shaevent_attributestringGit commit SHA associated with the container image.
Container Image Git Repository URL@container_image.git_repository_urlevent_attributestringGit repository URL associated with the container image.
Container Image OSes@container_image.osesevent_attributejsonOperating systems in the container image.
Container Image Architectures@container_image.architecturesevent_attributearray<string>CPU architectures supported by the container image.
Container Image Layer Digests@container_image.image_layer_digestsevent_attributearray<string>Digests of individual layers in the container image.
Container Image Layer Diff IDs@container_image.image_layer_diff_idsevent_attributearray<string>Diff IDs of layers in the container image.
Container Image Name@container_image.nameevent_attributestringName of the container image.
Container Image Tags@container_image.tagsevent_attributehstoreTags associated with the container image.
Git Repository ID@git.repository_idevent_attributestringUnique identifier of the git repository.
Git Repository URL@git.repository_urlevent_attributestringURL of the git repository.
Git Repository Visibility@git.repository_visibilityevent_attributestringVisibility of the git repository (e.g., public, private).
Git Branch@git.branchevent_attributestringGit branch where the finding was detected.
Git Default Branch@git.default_branchevent_attributestringDefault branch of the git repository.
Is Default Branch@git.is_default_branchevent_attributeboolWhether the finding is on the default branch.
Git SHA@git.shaevent_attributestringGit commit SHA where the finding was detected.
Git Author Name@git.author.nameevent_attributestringName of the commit author.
Git Author Email@git.author.emailevent_attributestringEmail of the commit author.
Git Author Authored At@git.author.authored_atevent_attributeint64Timestamp (epoch milliseconds) when the commit was authored.
Git Committer Name@git.committer.nameevent_attributestringName of the committer.
Git Committer Email@git.committer.emailevent_attributestringEmail of the committer.
Git Committer Committed At@git.committer.committed_atevent_attributeint64Timestamp (epoch milliseconds) when the commit was committed.
Git Codeowners@git.codeownersevent_attributearray<string>Codeowners for the file where the finding was detected.
Code Location Filename@code_location.filenameevent_attributestringFilename where the finding was detected.
Code Location Start Line@code_location.start.lineevent_attributeint64Start line of the code finding.
Code Location Start Column@code_location.start.colevent_attributeint64Start column of the code finding.
Code Location End Line@code_location.end.lineevent_attributeint64End line of the code finding.
Code Location End Column@code_location.end.colevent_attributeint64End column of the code finding.
Code Location Is Test File@code_location.is_test_fileevent_attributeboolWhether the finding is in a test file.
Code Location URL@code_location.urlevent_attributestringURL to the code location in source control.
Code Location Symbol@code_location.symbolevent_attributestringSymbol name at the code location.
API Endpoint Operation Name@api_endpoint.operation_nameevent_attributestringOperation name of the API endpoint.
API Endpoint Path@api_endpoint.pathevent_attributestringPath of the API endpoint.
API Endpoint Method@api_endpoint.methodevent_attributestringHTTP method of the API endpoint.
API Endpoint Resource Name@api_endpoint.resource_nameevent_attributestringResource name of the API endpoint.
Package Ecosystem@package.ecosystemevent_attributestringPackage manager ecosystem (e.g., Maven, npm, PyPI).
Package Name@package.nameevent_attributestringName of the vulnerable package.
Package Version@package.versionevent_attributestringVersion of the vulnerable package.
Package Additional Names@package.additional_namesevent_attributearray<string>Additional names for the package.
Package Normalized Name@package.normalized_nameevent_attributestringNormalized name of the package for deduplication.
Package Manager@package.managerevent_attributestringPackage manager (e.g., npm, pip, maven).
Package Relation@package.relationevent_attributestringDependency relation type (e.g., direct, transitive).
Package Component Loading Type@package.component_loading_typeevent_attributestringHow the package component is loaded.
Package Dependency Location Text@package.dependency_location_textevent_attributestringText representation of the dependency location.
Package Declaration File Name@package.declaration.block.file_nameevent_attributestringFile name where the package is declared.
Package Declaration Line Start@package.declaration.block.line_startevent_attributeint64Start line of the package declaration.
Package Declaration Line End@package.declaration.block.line_endevent_attributeint64End line of the package declaration.
Package Declaration Column Start@package.declaration.block.column_startevent_attributeint64Start column of the package declaration.
Package Declaration Column End@package.declaration.block.column_endevent_attributeint64End column of the package declaration.
Package Declaration Symbol@package.declaration.block.symbolevent_attributestringSymbol of the package declaration.
Package Declaration Name@package.declaration.nameevent_attributejsonDeclared name of the package.
Package Declaration Version@package.declaration.versionevent_attributejsonDeclared version of the package.
Package Scope@package.scopeevent_attributestringDependency scope (e.g., production, test, development).
Package Root Parent Name@package.root_parent.nameevent_attributestringName of the root parent dependency.
Package Root Parent Version@package.root_parent.versionevent_attributestringVersion of the root parent dependency.
Package Root Parents@package.root_parentsevent_attributejsonAll root parent dependencies.
Secret Resource Type@secret.resource_typeevent_attributestringType of resource where the secret was found.
Secret Validation Status@secret.validation_statusevent_attributestringValidation status of the detected secret.
Additional Resources@additional_resourcesevent_attributejsonAdditional resource information related to the finding.
Runtime Context Span ID@runtime_context.span_idevent_attributestringAPM span ID associated with the finding.
Runtime Context Trace ID@runtime_context.trace_idevent_attributestringAPM trace ID associated with the finding.
Runtime Context Stacktrace ID@runtime_context.stacktrace_idevent_attributestringStacktrace ID associated with the finding.
Related Services@related_servicesevent_attributearray<string>Services related to the finding.
TagstagscorehstoreTags associated with the finding, represented as key-value pairs.