Security problems API - GET all problems

The cursor for the next page of results. You can find it in the nextPageKey field of the previous response.

The first page is always returned if you don't specify the nextPageKey query parameter.

When the nextPageKey is set to obtain subsequent pages, you must omit all other query parameters.

The amount of security problems in a single response payload.

The maximal allowed page size is 500.

If not set, 100 is used.

Defines the scope of the query. Only security problems matching the specified criteria are included in the response.

You can add one or more of the following criteria. Values are not case-sensitive and the EQUALS operator is used unless otherwise specified.

• Status: status("value"). Find the possible values in the description of the status field of the response. If not set, all security problems are returned.
• Muted: muted("value"). Possible values are TRUE or FALSE.
• Risk level: riskLevel("value"). The Davis risk level. Find the possible values in the description of the riskLevel field of the response.
• Minimum risk score: minRiskScore("5.5"). The Davis minimum risk score. The GREATER THAN OR EQUAL TO operator is used. Specify a number between 1.0 and 10.0.
• Maximum risk score: maxRiskScore("5.5"). The Davis maximum risk score. The LESS THAN operator is used. Specify a number between 1.0 and 10.0.
• Base risk level: baseRiskLevel("value"). The Base risk level from the CVSS. Find the possible values in the description of the riskLevel field of the response.
• Minimum base risk score: minBaseRiskScore("5.5"). The minimum base risk score from the CVSS. The GREATER THAN OR EQUAL TO operator is used. Specify a number between 1.0 and 10.0.
• Maximum base risk score: maxBaseRiskScore("5.5"). The maximum base risk score from the CVSS. The LESS THAN operator is used. Specify a number between 1.0 and 10.0.
• External vulnerability ID contains: externalVulnerabilityIdContains("id-1"). The CONTAINS operator is used. Maximum value length is 48 characters.
• External vulnerability ID: externalVulnerabilityId("id-1", "id-2").
• CVE ID: cveId("id").
• Risk assessment riskAssessment("value-1", "value-2") Possible values are EXPOSED, SENSITIVE, EXPLOIT, VULNERABLE_FUNCTION_IN_USE and ACCURACY_REDUCED.
• Related host ID: relatedHostIds("value-1", "value-2"). Specify Dynatrace entity IDs here.
• Related host name: relatedHostNames("value-1", "value-2"). Values are case-sensitive.
• Related host name contains: relatedHostNameContains("value-1"). The CONTAINS operator is used.
• Related Kubernetes cluster ID: relatedKubernetesClusterIds("value-1", "value-2"). Specify Dynatrace entity IDs here.
• Related Kubernetes cluster name: relatedKubernetesClusterNames("value-1", "value-2"). Values are case-sensitive.
• Related Kubernetes cluster name contains: relatedKubernetesClusterNameContains("value-1"). The CONTAINS operator is used.
• Related Kubernetes workload ID: relatedKubernetesWorkloadIds("value-1", "value-2"). Specify Dynatrace entity IDs here.
• Related Kubernetes workload name: relatedKubernetesWorkloadNames("value-1", "value-2"). Values are case-sensitive.
• Related Kubernetes workload name contains: relatedKubernetesWorkloadNameContains("value-1"). The CONTAINS operator is used.
• Management zone ID: managementZoneIds("mzId-1", "mzId-2").
• Management zone name: managementZones("name-1", "name-2"). Values are case-sensitive.
• Affected process group instance ID: affectedPgiIds("pgiId-1", "pgiId-2"). Specify Dynatrace entity IDs here.
• Affected process group ID: affectedPgIds("pgId-1", "pgId-2"). Specify Dynatrace entity IDs here.
• Affected process group name: affectedPgNames("name-1", "name-2"). Values are case-sensitive.
• Affected process group name contains: affectedPgNameContains("name-1"). The CONTAINS operator is used.
• Vulnerable component ID: vulnerableComponentIds("componentId-1", "componentId-2"). Specify component IDs here.
• Vulnerable component name: vulnerableComponentNames("name-1", "name-2"). Values are case-sensitive.
• Vulnerable component name contains: vulnerableComponentNameContains("name-1"). The CONTAINS operator is used.
• Host tags: hostTags("hostTag-1"). The CONTAINS operator is used. Maximum value length is 48 characters.
• Process group tags: pgTags("pgTag-1"). The CONTAINS operator is used. Maximum value length is 48 characters.
• Process group instance tags: pgiTags("pgiTag-1"). The CONTAINS operator is used. Maximum value length is 48 characters.
• Tags: tags("tag-1"). The CONTAINS operator is used. This selector picks hosts, process groups, and process group instances at the same time. Maximum value length is 48 characters.
• Display ID: displayIds("S-1234", "S-5678"). The EQUALS operator is used.
• Security problem ID: securityProblemIds("12544152654387159360", "5904857564184044850"). The EQUALS operator is used.
• Technology: technology("technology-1", "technology-2"). Find the possible values in the description of the technology field of the response. The EQUALS operator is used.
• Vulnerability type: vulnerabilityType("type-1", "type-2"). Possible values are THIRD_PARTY, CODE_LEVEL, RUNTIME.

Risk score and risk category are mutually exclusive (cannot be used at the same time).

To set several criteria, separate them with a comma (,). Only results matching all criteria are included in the response.

Specify the value of a criterion as a quoted string. The following special characters must be escaped with a tilde (~) inside quotes:

• Tilde ~
• Quote "

Specifies one or more fields for sorting the security problem list. Multiple fields can be concatenated using a comma (,) as a separator (e.g. +status,-timestamp).

You can sort by the following properties with a sign prefix for the sorting order.

• status: The security problem status (+ open first or - resolved first)
• muted: The security problem mute state (+ unmuted first or - muted first)
• technology: The security problem technology
• firstSeenTimestamp: The timestamp of the first occurrence of the security problem (+ new problems first or - old problems first)
• lastUpdatedTimestamp: The timestamp of the last update of the security problem (+ recently updated problems first or - earlier updated problems first)
• securityProblemId: The auto-generated ID of the security problem (+ lower number first or - higher number first)
• externalVulnerabilityId: The ID of the external vulnerability (+ lower number first or - higher number first)
• displayId: The display ID (+ lower number first or - higher number first)
• riskAssessment.riskScore: The Davis security score (+ lower score first or - higher score first)
• riskAssessment.riskLevel: The Davis security level (+ lower level first or - higher level first)
• riskAssessment.exposure: Whether the problem is exposed to the internet
• riskAssessment.dataAssets: Whether data assets are affected
• riskAssessment.vulnerableFunctionUsage: Whether vulnerable functions are used
• riskAssessment.assessmentAccuracy: The assessments accuracy (+ less accuracy first or - more accuracy first)
• globalCounts.affectedNodes: Number of affected nodes (+ lower number first or - higher number first)
• globalCounts.affectedProcessGroupInstances: Number of affected process group instances (+ lower number first or - higher number first)
• globalCounts.affectedProcessGroups: Number of affected process groups (+ lower number first or - higher number first)
• globalCounts.exposedProcessGroups: Number of exposed process groups (+ lower number first or - higher number first)
• globalCounts.reachableDataAssets: Number of reachable data assets (+ lower number first or - higher number first)
• globalCounts.relatedApplications: Number of related applications (+ lower number first or - higher number first)
• globalCounts.relatedAttacks: Number of attacks on the security problem (+ lower number first or - higher number first)
• globalCounts.relatedHosts: Number of related hosts (+ lower number first or - higher number first)
• globalCounts.relatedKubernetesClusters: Number of related Kubernetes cluster (+ lower number first or - higher number first)
• globalCounts.relatedKubernetesWorkloads: Number of related Kubernetes workloads (+ lower number first or - higher number first)
• globalCounts.relatedServices: Number of related services (+ lower number first or - higher number first)
• globalCounts.vulnerableComponents: Number of vulnerable components (+ lower number first or - higher number first)

If no prefix is set, + is used.

A list of additional security problem properties you can add to the response.

The following properties are available (all other properties are always included and you can't remove them from the response):

• riskAssessment: A risk assessment of the security problem.
• managementZones: The management zone where the security problem occurred.
• codeLevelVulnerabilityDetails: Details of the code-level vulnerability.
• globalCounts: Globally calculated statistics about the security problem. No management zone information is taken into account.

To add properties, specify them in a comma-separated list and prefix each property with a plus (for example, +riskAssessment,+managementZones).

The start of the requested timeframe.

You can use one of the following formats:

• Timestamp in UTC milliseconds.
• Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
• Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
  • m: minutes
  • h: hours
  • d: days
  • w: weeks
  • M: months
  • y: years

If not set, the relative timeframe of thirty days is used (now-30d).

The end of the requested timeframe.

You can use one of the following formats:

• Timestamp in UTC milliseconds.
• Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
• Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
  • m: minutes
  • h: hours
  • d: days
  • w: weeks
  • M: months
  • y: years

If not set, the current timestamp is used.

The end of the timeframe must not be older than 365 days.

Success. The response contains the list of security problems.