Security problems API - GET a problem

Gets the details of a security problem.

The request produces an application/json payload.

GET	ManagedDynatrace for Government	`https://{your-domain}/e/{your-environment-id}/api/v2/securityProblems/{id}`
	SaaS	`https://{your-environment-id}.live.dynatrace.com/api/v2/securityProblems/{id}`
	Environment ActiveGate	`https://{your-activegate-domain}/e/{your-environment-id}/api/v2/securityProblems/{id}`

Authentication

To execute this request, you need an access token with securityProblems.read scope.

To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter Type Description In Required

string

Parameter	Type	Description	In	Required
id	string	The ID of the required security problem.	path	required
fields	string	A list of additional security problem properties you can add to the response. The following properties are available (all other properties are always included and you can't remove them from the response): `riskAssessment`: A risk assessment of the security problem. `managementZones`: The management zone where the security problem occurred. `codeLevelVulnerabilityDetails`: Details of the code-level vulnerability. `globalCounts`: Globally calculated statistics about the security problem. No management zone information is taken into account. `filteredCounts`: Statistics about the security problem, filtered by the management zone and timeframe start ('from') query parameters. `description`: The description of the vulnerability. `events`: The security problem's last 10 events within the last 365 days, sorted from newest to oldest. `vulnerableComponents`: A list of vulnerable components of the security problem within the provided filter range. `affectedEntities`: A list of affected entities of the security problem within the provided filter range. `exposedEntities`: A list of exposed entities of the security problem within the provided filter range. `reachableDataAssets`: A list of data assets reachable by affected entities of the security problem within the provided filter range. `relatedEntities`: A list of related entities of the security problem within the provided filter range. `relatedContainerImages`: A list of related container images of the security problem within the provided filter range. `relatedAttacks`: A list of attacks detected on the exposed security problem. To add properties, specify them in a comma-separated list and prefix each property with a plus (for example, `+riskAssessment,+managementZones`).	query	optional
from	string	Based on the timeframe start the affected-, related- and vulnerable entities are being calculated. You can use one of the following formats: Timestamp in UTC milliseconds. Human-readable format of `2021-01-25T05:57:01.123+01:00`. If no time zone is specified, UTC is used. You can use a space character instead of the `T`. Seconds and fractions of a second are optional. Relative timeframe, back from now. The format is `now-NU/A`, where `N` is the amount of time, `U` is the unit of time, and `A` is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, `now-1y/w` is one year back, aligned by a week. You can also specify relative timeframe without an alignment: `now-NU`. Supported time units for the relative timeframe are: `m`: minutes `h`: hours `d`: days `w`: weeks `M`: months `y`: years If not set, the default timeframe start of 24 hours in the past is used (`now-24h`). The timeframe start must not be older than 365 days.	query	optional

The ID of the required security problem.

path

required

fields

string

A list of additional security problem properties you can add to the response.

The following properties are available (all other properties are always included and you can't remove them from the response):

riskAssessment: A risk assessment of the security problem.
managementZones: The management zone where the security problem occurred.
codeLevelVulnerabilityDetails: Details of the code-level vulnerability.
globalCounts: Globally calculated statistics about the security problem. No management zone information is taken into account.
filteredCounts: Statistics about the security problem, filtered by the management zone and timeframe start ('from') query parameters.
description: The description of the vulnerability.
events: The security problem's last 10 events within the last 365 days, sorted from newest to oldest.
vulnerableComponents: A list of vulnerable components of the security problem within the provided filter range.
affectedEntities: A list of affected entities of the security problem within the provided filter range.
exposedEntities: A list of exposed entities of the security problem within the provided filter range.
reachableDataAssets: A list of data assets reachable by affected entities of the security problem within the provided filter range.
relatedEntities: A list of related entities of the security problem within the provided filter range.
relatedContainerImages: A list of related container images of the security problem within the provided filter range.
relatedAttacks: A list of attacks detected on the exposed security problem.

To add properties, specify them in a comma-separated list and prefix each property with a plus (for example, +riskAssessment,+managementZones).

query

optional

from

string

Based on the timeframe start the affected-, related- and vulnerable entities are being calculated. You can use one of the following formats:

Timestamp in UTC milliseconds.
Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
- m: minutes
- h: hours
- d: days
- w: weeks
- M: months
- y: years

If not set, the default timeframe start of 24 hours in the past is used (now-24h).

The timeframe start must not be older than 365 days.

query

optional

Response

Response codes

Code	Type	Description
200	SecurityProblemDetails	Success. The response contains parameters of the security problem.

Response body objects

The `SecurityProblemDetails` object

Parameters of a security problem

Element	Type	Description
securityProblemId	string	The ID of the security problem.
displayId	string	The display ID of the security problem.
status	string	The status of the security problem. The element can hold these values `OPEN` `RESOLVED`
muted	boolean	The security problem is (`true`) or is not (`false`) muted.
externalVulnerabilityId	string	The external vulnerability ID of the security problem.
vulnerabilityType	string	The type of the vulnerability. The element can hold these values `CODE_LEVEL` `RUNTIME` `THIRD_PARTY`
title	string	The title of the security problem.
packageName	string	The package name of the security problem.
url	string	The URL to the security problem details page.
description	string	The description of the security problem.
technology	string	The technology of the security problem. The element can hold these values `DOTNET` `GO` `JAVA` `KUBERNETES` `NODE_JS` `PHP`
firstSeenTimestamp	integer	The timestamp of the first occurrence of the security problem.
lastUpdatedTimestamp	integer	The timestamp of the most recent security problem change.
riskAssessment	RiskAssessment	Risk assessment of a security problem.
managementZones	ManagementZone[]	A list of management zones which the affected entities belong to.
cveIds	string[]	A list of CVE IDs of the security problem.
globalCounts	GlobalCountsDto	Globally calculated statistics about the security problem. No management zone information is taken into account.
filteredCounts	FilteredCountsDto	Statistics about the security problem, filtered by the management zone and timeframe start ('from') query parameters.
codeLevelVulnerabilityDetails	CodeLevelVulnerabilityDetails	The details of a code-level vulnerability.
events	SecurityProblemEvent[]	An ordered (newest first) list of events of the security problem.
vulnerableComponents	VulnerableComponent[]	A list of vulnerable components of the security problem. A vulnerable component is what causes the security problem.
affectedEntities	string[]	A list of affected entities of the security problem. An affected entity is an entity where a vulnerable component runs.
exposedEntities	string[]	A list of exposed entities of the security problem. An exposed entity is an affected entity that is exposed to the internet.
reachableDataAssets	string[]	A list of data assets reachable by affected entities of the security problem. A data asset is a service that has database access.
relatedEntities	RelatedEntitiesList	A list of related entities of the security problem. A related entity is a monitored entity that is directly or indirectly related to an affected entity (for example, it could be a host where an affected process runs). Each related entity contains a list of corresponding affected entities (for example, an affected process running on this host).
relatedContainerImages	object[]	A list of related container images.
relatedAttacks	RelatedAttacksList	A list of related attacks of the security problem. Related attacks are attacks on the exposed security problem.
muteStateChangeInProgress	boolean	If `true` a change of the mute state is in progress.

The `RiskAssessment` object

Risk assessment of a security problem.

Element	Type	Description
riskLevel	string	The Davis risk level. It is calculated by Dynatrace on the basis of CVSS score. The element can hold these values `CRITICAL` `HIGH` `LOW` `MEDIUM` `NONE`
riskScore	number	The Davis risk score (1-10). It is calculated by Dynatrace on the basis of CVSS score.
riskVector	string	The attack vector calculated by Dynatrace based on the CVSS attack vector.
baseRiskLevel	string	The risk level from the CVSS score. The element can hold these values `CRITICAL` `HIGH` `LOW` `MEDIUM` `NONE`
baseRiskScore	number	The risk score (1-10) from the CVSS score.
baseRiskVector	string	The original attack vector of the CVSS assessment.
exposure	string	The level of exposure of affected entities. The element can hold these values `NOT_AVAILABLE` `NOT_DETECTED` `PUBLIC_NETWORK`
dataAssets	string	The reachability of related data assets by affected entities. The element can hold these values `NOT_AVAILABLE` `NOT_DETECTED` `REACHABLE`
publicExploit	string	The availability status of public exploits. The element can hold these values `AVAILABLE` `NOT_AVAILABLE`
vulnerableFunctionUsage	string	The state of vulnerable code execution. The element can hold these values `IN_USE` `NOT_AVAILABLE` `NOT_IN_USE`
assessmentAccuracy	string	The level of available information on which this assessment has been done. The element can hold these values `FULL` `NOT_AVAILABLE` `REDUCED`

The `ManagementZone` object

A short representation of a management zone.

Element	Type	Description
name	string	The name of the management zone.
id	string	The ID of the management zone.

The `GlobalCountsDto` object

Globally calculated statistics about the security problem. No management zone information is taken into account.

Element	Type	Description
affectedNodes	integer	Number of affected nodes
affectedProcessGroupInstances	integer	Number of affected process group instances
affectedProcessGroups	integer	Number of affected process groups
exposedProcessGroups	integer	Number of exposed process groups
reachableDataAssets	integer	Number of reachable data assets exposed
relatedApplications	integer	Number of related applications
relatedAttacks	integer	Number of attacks on the exposed security problem
relatedHosts	integer	Number of related hosts
relatedKubernetesClusters	integer	Number of related kubernetes cluster
relatedKubernetesWorkloads	integer	Number of related kubernetes workloads
relatedServices	integer	Number of related services
vulnerableComponents	integer	Number of vulnerable components

The `FilteredCountsDto` object

Statistics about the security problem, filtered by the management zone and timeframe start ('from') query parameters.

Element	Type	Description
affectedNodes	integer	Number of affected nodes
affectedProcessGroupInstances	integer	Number of affected processes
affectedProcessGroups	integer	Number of affected process groups
exposedProcessGroups	integer	Number of exposed process groups
reachableDataAssets	integer	Number of reachable data assets
relatedApplications	integer	Number of related applications
relatedAttacks	integer	Number of related attacks
relatedDatabases	integer	Number of related databases
relatedHosts	integer	Number of related hosts
relatedKubernetesClusters	integer	Number of related Kubernetes clusters
relatedKubernetesWorkloads	integer	Number of related Kubernetes workloads
relatedServices	integer	Number of related services
vulnerableComponents	integer	Number of vulnerable components

The `CodeLevelVulnerabilityDetails` object

The details of a code-level vulnerability.

Element	Type	Description
processGroupIds	string[]	The list of encoded MEIdentifier of the process groups.
processGroups	string[]	The list of affected process groups.
shortVulnerabilityLocation	string	The code location of the vulnerability without package and parameter.
type	string	The type of code level vulnerability. The element can hold these values `CMD_INJECTION` `IMPROPER_INPUT_VALIDATION` `SQL_INJECTION`
vulnerabilityLocation	string	The code location of the vulnerability.
vulnerableFunction	string	The vulnerable function of the vulnerability.
vulnerableFunctionInput	VulnerableFunctionInput	Describes what got passed into the code level vulnerability.

The `VulnerableFunctionInput` object

Describes what got passed into the code level vulnerability.

Element	Type	Description
type	string	The type of the input. The element can hold these values `COMMAND` `JNDI` `SQL_STATEMENT`
inputSegments	VulnerableFunctionInputSegment[]	A list of input segments.

The `VulnerableFunctionInputSegment` object

Describes one segment that was passed into a vulnerable function.

Element	Type	Description
value	string	The value of the input segment.
type	string	The type of the input segment. The element can hold these values `MALICIOUS_INPUT` `REGULAR_INPUT` `TAINTED_INPUT`

The `SecurityProblemEvent` object

The event of a security problem.

Element	Type	Description
timestamp	integer	The timestamp when the event occurred.
reason	string	The reason of the event creation. The element can hold these values `SECURITY_PROBLEM_CREATED` `SECURITY_PROBLEM_MUTED` `SECURITY_PROBLEM_REOPENED` `SECURITY_PROBLEM_RESOLVED` `SECURITY_PROBLEM_UNMUTED`
riskAssessmentSnapshot	RiskAssessmentSnapshot	A snapshot of the risk assessment of a security problem.
muteState	MuteState	Metadata of the muted state of a security problem in relation to an event.

The `RiskAssessmentSnapshot` object

A snapshot of the risk assessment of a security problem.

Element	Type	Description
riskLevel	string	The Davis risk level. It is calculated by Dynatrace on the basis of CVSS score. The element can hold these values `CRITICAL` `HIGH` `LOW` `MEDIUM` `NONE`
riskScore	number	The Davis risk score (1-10). It is calculated by Dynatrace on the basis of CVSS score.
numberOfAffectedEntities	integer	The number of currently affected entities.
numberOfReachableDataAssets	integer	The number of data assets that are currently reachable by affected entities.
publicExploit	string	The availability status of public exploits. The element can hold these values `AVAILABLE` `NOT_AVAILABLE`
exposure	string	The level of exposure of affected entities. The element can hold these values `NOT_AVAILABLE` `NOT_DETECTED` `PUBLIC_NETWORK`
vulnerableFunctionUsage	string	The state of vulnerable code execution. The element can hold these values `IN_USE` `NOT_AVAILABLE` `NOT_IN_USE`

The `MuteState` object

Metadata of the muted state of a security problem in relation to an event.

Element	Type	Description
user	string	The user who has muted or unmuted the problem.
reason	string	The reason for the mute state change. The element can hold these values `AFFECTED` `CONFIGURATION_NOT_AFFECTED` `FALSE_POSITIVE` `IGNORE` `INITIAL_STATE` `OTHER` `VULNERABLE_CODE_NOT_IN_USE`
comment	string	A user's comment.

The `VulnerableComponent` object

Vulnerable component of a security problem.

Element	Type	Description
id	string	The Dynatrace entity ID of the vulnerable component.
displayName	string	The display name of the vulnerable component.
shortName	string	The short, component-only name of the vulnerable component.
fileName	string	The file name of the vulnerable component.
numberOfAffectedEntities	integer	The number of affected entities.
affectedEntities	string[]	A list of affected entities.

The `RelatedEntitiesList` object

A list of related entities of the security problem.

A related entity is a monitored entity that is directly or indirectly related to an affected entity (for example, it could be a host where an affected process runs).

Each related entity contains a list of corresponding affected entities (for example, an affected process running on this host).

Element	Type	Description
applications	RelatedEntity[]	A list of related applications.
services	RelatedService[]	A list of related services.
hosts	RelatedEntity[]	A list of related hosts.
databases	string[]	A list of related databases.
kubernetesWorkloads	RelatedEntity[]	A list of related Kubernetes workloads.
kubernetesClusters	RelatedEntity[]	A list of related Kubernetes clusters.

The `RelatedEntity` object

An entity related to a security problem.

Element	Type	Description
id	string	The Dynatrace entity ID of the entity.
numberOfAffectedEntities	integer	The number of affected entities related to the entity.
affectedEntities	string[]	A list of affected entities related to the entity.

The `RelatedService` object

A service related to a security problem.

Element	Type	Description
id	string	The Dynatrace entity ID of the entity.
numberOfAffectedEntities	integer	The number of affected entities related to the entity.
affectedEntities	string[]	A list of affected entities related to the entity.
exposure	string	The level of exposure of the service. The element can hold these values `NOT_AVAILABLE` `NOT_DETECTED` `PUBLIC_NETWORK`

The `RelatedContainerImage` object

Related container image of a security problem.

Element	Type	Description
imageId	string	The image ID of the related container image.
imageName	string	The image name of the related container image.
numberOfAffectedEntities	integer	The number of affected entities.
affectedEntities	string[]	A list of affected entities.

The `RelatedAttacksList` object

A list of related attacks of the security problem.

Related attacks are attacks on the exposed security problem.

Element	Type	Description
attacks	string[]	A list of related attack ids.

Response body JSON model

json
{
  "securityProblemId": "string",
  "displayId": "string",
  "status": "OPEN",
  "muted": true,
  "externalVulnerabilityId": "string",
  "vulnerabilityType": "CODE_LEVEL",
  "title": "string",
  "packageName": "string",
  "url": "string",
  "description": "string",
  "technology": "DOTNET",
  "firstSeenTimestamp": 1,
  "lastUpdatedTimestamp": 1,
  "riskAssessment": {
    "riskLevel": "CRITICAL",
    "riskScore": 1,
    "riskVector": "string",
    "baseRiskLevel": "CRITICAL",
    "baseRiskScore": 1,
    "baseRiskVector": "string",
    "exposure": "NOT_AVAILABLE",
    "dataAssets": "NOT_AVAILABLE",
    "publicExploit": "AVAILABLE",
    "vulnerableFunctionUsage": "IN_USE",
    "assessmentAccuracy": "FULL"
  },
  "managementZones": [
    {
      "name": "string",
      "id": "string"
    }
  ],
  "cveIds": [
    "string"
  ],
  "globalCounts": {
    "affectedNodes": 1,
    "affectedProcessGroupInstances": 1,
    "affectedProcessGroups": 1,
    "exposedProcessGroups": 1,
    "reachableDataAssets": 1,
    "relatedApplications": 1,
    "relatedAttacks": 1,
    "relatedHosts": 1,
    "relatedKubernetesClusters": 1,
    "relatedKubernetesWorkloads": 1,
    "relatedServices": 1,
    "vulnerableComponents": 1
  },
  "filteredCounts": {
    "affectedNodes": 1,
    "affectedProcessGroupInstances": 1,
    "affectedProcessGroups": 1,
    "exposedProcessGroups": 1,
    "reachableDataAssets": 1,
    "relatedApplications": 1,
    "relatedAttacks": 1,
    "relatedDatabases": 1,
    "relatedHosts": 1,
    "relatedKubernetesClusters": 1,
    "relatedKubernetesWorkloads": 1,
    "relatedServices": 1,
    "vulnerableComponents": 1
  },
  "codeLevelVulnerabilityDetails": {
    "processGroupIds": [
      "string"
    ],
    "processGroups": [
      "string"
    ],
    "shortVulnerabilityLocation": "string",
    "type": "CMD_INJECTION",
    "vulnerabilityLocation": "string",
    "vulnerableFunction": "string",
    "vulnerableFunctionInput": {
      "type": "COMMAND",
      "inputSegments": [
        {
          "value": "string",
          "type": "MALICIOUS_INPUT"
        }
      ]
    }
  },
  "events": [
    {
      "timestamp": 1,
      "reason": "SECURITY_PROBLEM_CREATED",
      "riskAssessmentSnapshot": {
        "riskLevel": "CRITICAL",
        "riskScore": 1,
        "numberOfAffectedEntities": 1,
        "numberOfReachableDataAssets": 1,
        "publicExploit": "AVAILABLE",
        "exposure": "NOT_AVAILABLE",
        "vulnerableFunctionUsage": "IN_USE"
      },
      "muteState": {
        "user": "string",
        "reason": "AFFECTED",
        "comment": "string"
      }
    }
  ],
  "vulnerableComponents": [
    {
      "id": "string",
      "displayName": "string",
      "shortName": "string",
      "fileName": "string",
      "numberOfAffectedEntities": 1,
      "affectedEntities": [
        "string"
      ]
    }
  ],
  "affectedEntities": [
    "string"
  ],
  "exposedEntities": [
    "string"
  ],
  "reachableDataAssets": [
    "string"
  ],
  "relatedEntities": {
    "applications": [
      {
        "id": "string",
        "numberOfAffectedEntities": 1,
        "affectedEntities": [
          "string"
        ]
      }
    ],
    "services": [
      {
        "id": "string",
        "numberOfAffectedEntities": 1,
        "affectedEntities": [
          "string"
        ],
        "exposure": "NOT_AVAILABLE"
      }
    ],
    "hosts": [
      {}
    ],
    "databases": [
      "string"
    ],
    "kubernetesWorkloads": [
      {}
    ],
    "kubernetesClusters": [
      {}
    ]
  },
  "relatedContainerImages": [
    {
      "containerImages": [
        {
          "imageId": "string",
          "imageName": "string",
          "numberOfAffectedEntities": 1,
          "affectedEntities": [
            "string"
          ]
        }
      ]
    }
  ],
  "relatedAttacks": {
    "attacks": [
      "string"
    ]
  },
  "muteStateChangeInProgress": true
}

Security problems API - GET a problem

Authentication

Parameters

Response

Response codes

Response body objects

The SecurityProblemDetails object

The RiskAssessment object

The ManagementZone object

The GlobalCountsDto object

The FilteredCountsDto object

The CodeLevelVulnerabilityDetails object

The VulnerableFunctionInput object

The VulnerableFunctionInputSegment object

The SecurityProblemEvent object

The RiskAssessmentSnapshot object

The MuteState object

The VulnerableComponent object

The RelatedEntitiesList object

The RelatedEntity object

The RelatedService object

The RelatedContainerImage object

The RelatedAttacksList object

Response body JSON model

The `SecurityProblemDetails` object

The `RiskAssessment` object

The `ManagementZone` object

The `GlobalCountsDto` object

The `FilteredCountsDto` object

The `CodeLevelVulnerabilityDetails` object

The `VulnerableFunctionInput` object

The `VulnerableFunctionInputSegment` object

The `SecurityProblemEvent` object

The `RiskAssessmentSnapshot` object

The `MuteState` object

The `VulnerableComponent` object

The `RelatedEntitiesList` object

The `RelatedEntity` object

The `RelatedService` object

The `RelatedContainerImage` object

The `RelatedAttacksList` object