• Home
  • Dynatrace API
  • Environment
  • Application Security
  • Security problems
  • GET a problem

Security problems API - GET a problem

Gets the details of a security problem.

The request produces an application/json payload.

GETManagedDynatrace for Governmenthttps://{your-domain}/e/{your-environment-id}/api/v2/securityProblems/{id}
SaaShttps://{your-environment-id}.live.dynatrace.com/api/v2/securityProblems/{id}
Environment ActiveGatehttps://{your-activegate-domain}/e/{your-environment-id}/api/v2/securityProblems/{id}

Authentication

To execute this request, you need an access token with securityProblems.read scope.

To learn how to obtain and use it, see Tokens and authentication.

Parameters

ParameterTypeDescriptionInRequired
idstring

The ID of the required security problem.

pathrequired
fieldsstring

A list of additional security problem properties you can add to the response.

The following properties are available (all other properties are always included and you can't remove them from the response):

  • riskAssessment: A risk assessment of the security problem.
  • managementZones: The management zone where the security problem occurred.
  • codeLevelVulnerabilityDetails: Details of the code-level vulnerability.
  • globalCounts: Globally calculated statistics about the security problem. No management zone information is taken into account.
  • filteredCounts: Statistics about the security problem, filtered by the management zone and timeframe start ('from') query parameters.
  • description: The description of the vulnerability.
  • events: The security problem's last 10 events within the last 365 days, sorted from newest to oldest.
  • vulnerableComponents: A list of vulnerable components of the security problem within the provided filter range.
  • affectedEntities: A list of affected entities of the security problem within the provided filter range.
  • exposedEntities: A list of exposed entities of the security problem within the provided filter range.
  • reachableDataAssets: A list of data assets reachable by affected entities of the security problem within the provided filter range.
  • relatedEntities: A list of related entities of the security problem within the provided filter range.
  • relatedContainerImages: A list of related container images of the security problem within the provided filter range.
  • relatedAttacks: A list of attacks detected on the exposed security problem.

To add properties, specify them in a comma-separated list and prefix each property with a plus (for example, +riskAssessment,+managementZones).

queryoptional
fromstring

Based on the timeframe start the affected-, related- and vulnerable entities are being calculated. You can use one of the following formats:

  • Timestamp in UTC milliseconds.
  • Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
  • Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
    • m: minutes
    • h: hours
    • d: days
    • w: weeks
    • M: months
    • y: years

If not set, the default timeframe start of 24 hours in the past is used (now-24h).

The timeframe start must not be older than 365 days.

queryoptional

Response

Response codes

CodeTypeDescription
200SecurityProblemDetails

Success. The response contains parameters of the security problem.

Response body objects

The SecurityProblemDetails object

Parameters of a security problem

ElementTypeDescription
securityProblemIdstring

The ID of the security problem.

displayIdstring

The display ID of the security problem.

statusstring

The status of the security problem.

The element can hold these values
  • OPEN
  • RESOLVED
mutedboolean

The security problem is (true) or is not (false) muted.

externalVulnerabilityIdstring

The external vulnerability ID of the security problem.

vulnerabilityTypestring

The type of the vulnerability.

The element can hold these values
  • CODE_LEVEL
  • RUNTIME
  • THIRD_PARTY
titlestring

The title of the security problem.

packageNamestring

The package name of the security problem.

urlstring

The URL to the security problem details page.

descriptionstring

The description of the security problem.

technologystring

The technology of the security problem.

The element can hold these values
  • DOTNET
  • GO
  • JAVA
  • KUBERNETES
  • NODE_JS
  • PHP
firstSeenTimestampinteger

The timestamp of the first occurrence of the security problem.

lastUpdatedTimestampinteger

The timestamp of the most recent security problem change.

riskAssessmentRiskAssessment

Risk assessment of a security problem.

managementZonesManagementZone[]

A list of management zones which the affected entities belong to.

cveIdsstring[]

A list of CVE IDs of the security problem.

globalCountsGlobalCountsDto

Globally calculated statistics about the security problem. No management zone information is taken into account.

filteredCountsFilteredCountsDto

Statistics about the security problem, filtered by the management zone and timeframe start ('from') query parameters.

codeLevelVulnerabilityDetailsCodeLevelVulnerabilityDetails

The details of a code-level vulnerability.

eventsSecurityProblemEvent[]

An ordered (newest first) list of events of the security problem.

vulnerableComponentsVulnerableComponent[]

A list of vulnerable components of the security problem.

A vulnerable component is what causes the security problem.

affectedEntitiesstring[]

A list of affected entities of the security problem.

An affected entity is an entity where a vulnerable component runs.

exposedEntitiesstring[]

A list of exposed entities of the security problem.

An exposed entity is an affected entity that is exposed to the internet.

reachableDataAssetsstring[]

A list of data assets reachable by affected entities of the security problem.

A data asset is a service that has database access.

relatedEntitiesRelatedEntitiesList

A list of related entities of the security problem.

A related entity is a monitored entity that is directly or indirectly related to an affected entity (for example, it could be a host where an affected process runs).

Each related entity contains a list of corresponding affected entities (for example, an affected process running on this host).

relatedContainerImagesobject[]

A list of related container images.

relatedAttacksRelatedAttacksList

A list of related attacks of the security problem.

Related attacks are attacks on the exposed security problem.

muteStateChangeInProgressboolean

If true a change of the mute state is in progress.

The RiskAssessment object

Risk assessment of a security problem.

ElementTypeDescription
riskLevelstring

The Davis risk level.

It is calculated by Dynatrace on the basis of CVSS score.

The element can hold these values
  • CRITICAL
  • HIGH
  • LOW
  • MEDIUM
  • NONE
riskScorenumber

The Davis risk score (1-10).

It is calculated by Dynatrace on the basis of CVSS score.

riskVectorstring

The attack vector calculated by Dynatrace based on the CVSS attack vector.

baseRiskLevelstring

The risk level from the CVSS score.

The element can hold these values
  • CRITICAL
  • HIGH
  • LOW
  • MEDIUM
  • NONE
baseRiskScorenumber

The risk score (1-10) from the CVSS score.

baseRiskVectorstring

The original attack vector of the CVSS assessment.

exposurestring

The level of exposure of affected entities.

The element can hold these values
  • NOT_AVAILABLE
  • NOT_DETECTED
  • PUBLIC_NETWORK
dataAssetsstring

The reachability of related data assets by affected entities.

The element can hold these values
  • NOT_AVAILABLE
  • NOT_DETECTED
  • REACHABLE
publicExploitstring

The availability status of public exploits.

The element can hold these values
  • AVAILABLE
  • NOT_AVAILABLE
vulnerableFunctionUsagestring

The state of vulnerable code execution.

The element can hold these values
  • IN_USE
  • NOT_AVAILABLE
  • NOT_IN_USE
assessmentAccuracystring

The level of available information on which this assessment has been done.

The element can hold these values
  • FULL
  • NOT_AVAILABLE
  • REDUCED

The ManagementZone object

A short representation of a management zone.

ElementTypeDescription
namestring

The name of the management zone.

idstring

The ID of the management zone.

The GlobalCountsDto object

Globally calculated statistics about the security problem. No management zone information is taken into account.

ElementTypeDescription
affectedNodesinteger

Number of affected nodes

affectedProcessGroupInstancesinteger

Number of affected process group instances

affectedProcessGroupsinteger

Number of affected process groups

exposedProcessGroupsinteger

Number of exposed process groups

reachableDataAssetsinteger

Number of reachable data assets exposed

relatedApplicationsinteger

Number of related applications

relatedAttacksinteger

Number of attacks on the exposed security problem

relatedHostsinteger

Number of related hosts

relatedKubernetesClustersinteger

Number of related kubernetes cluster

relatedKubernetesWorkloadsinteger

Number of related kubernetes workloads

relatedServicesinteger

Number of related services

vulnerableComponentsinteger

Number of vulnerable components

The FilteredCountsDto object

Statistics about the security problem, filtered by the management zone and timeframe start ('from') query parameters.

ElementTypeDescription
affectedNodesinteger

Number of affected nodes

affectedProcessGroupInstancesinteger

Number of affected processes

affectedProcessGroupsinteger

Number of affected process groups

exposedProcessGroupsinteger

Number of exposed process groups

reachableDataAssetsinteger

Number of reachable data assets

relatedApplicationsinteger

Number of related applications

relatedAttacksinteger

Number of related attacks

relatedDatabasesinteger

Number of related databases

relatedHostsinteger

Number of related hosts

relatedKubernetesClustersinteger

Number of related Kubernetes clusters

relatedKubernetesWorkloadsinteger

Number of related Kubernetes workloads

relatedServicesinteger

Number of related services

vulnerableComponentsinteger

Number of vulnerable components

The CodeLevelVulnerabilityDetails object

The details of a code-level vulnerability.

ElementTypeDescription
processGroupIdsstring[]

The list of encoded MEIdentifier of the process groups.

processGroupsstring[]

The list of affected process groups.

shortVulnerabilityLocationstring

The code location of the vulnerability without package and parameter.

typestring

The type of code level vulnerability.

The element can hold these values
  • CMD_INJECTION
  • IMPROPER_INPUT_VALIDATION
  • SQL_INJECTION
vulnerabilityLocationstring

The code location of the vulnerability.

vulnerableFunctionstring

The vulnerable function of the vulnerability.

vulnerableFunctionInputVulnerableFunctionInput

Describes what got passed into the code level vulnerability.

The VulnerableFunctionInput object

Describes what got passed into the code level vulnerability.

ElementTypeDescription
typestring

The type of the input.

The element can hold these values
  • COMMAND
  • JNDI
  • SQL_STATEMENT
inputSegmentsVulnerableFunctionInputSegment[]

A list of input segments.

The VulnerableFunctionInputSegment object

Describes one segment that was passed into a vulnerable function.

ElementTypeDescription
valuestring

The value of the input segment.

typestring

The type of the input segment.

The element can hold these values
  • MALICIOUS_INPUT
  • REGULAR_INPUT
  • TAINTED_INPUT

The SecurityProblemEvent object

The event of a security problem.

ElementTypeDescription
timestampinteger

The timestamp when the event occurred.

reasonstring

The reason of the event creation.

The element can hold these values
  • SECURITY_PROBLEM_CREATED
  • SECURITY_PROBLEM_MUTED
  • SECURITY_PROBLEM_REOPENED
  • SECURITY_PROBLEM_RESOLVED
  • SECURITY_PROBLEM_UNMUTED
riskAssessmentSnapshotRiskAssessmentSnapshot

A snapshot of the risk assessment of a security problem.

muteStateMuteState

Metadata of the muted state of a security problem in relation to an event.

The RiskAssessmentSnapshot object

A snapshot of the risk assessment of a security problem.

ElementTypeDescription
riskLevelstring

The Davis risk level.

It is calculated by Dynatrace on the basis of CVSS score.

The element can hold these values
  • CRITICAL
  • HIGH
  • LOW
  • MEDIUM
  • NONE
riskScorenumber

The Davis risk score (1-10).

It is calculated by Dynatrace on the basis of CVSS score.

numberOfAffectedEntitiesinteger

The number of currently affected entities.

numberOfReachableDataAssetsinteger

The number of data assets that are currently reachable by affected entities.

publicExploitstring

The availability status of public exploits.

The element can hold these values
  • AVAILABLE
  • NOT_AVAILABLE
exposurestring

The level of exposure of affected entities.

The element can hold these values
  • NOT_AVAILABLE
  • NOT_DETECTED
  • PUBLIC_NETWORK
vulnerableFunctionUsagestring

The state of vulnerable code execution.

The element can hold these values
  • IN_USE
  • NOT_AVAILABLE
  • NOT_IN_USE

The MuteState object

Metadata of the muted state of a security problem in relation to an event.

ElementTypeDescription
userstring

The user who has muted or unmuted the problem.

reasonstring

The reason for the mute state change.

The element can hold these values
  • AFFECTED
  • CONFIGURATION_NOT_AFFECTED
  • FALSE_POSITIVE
  • IGNORE
  • INITIAL_STATE
  • OTHER
  • VULNERABLE_CODE_NOT_IN_USE
commentstring

A user's comment.

The VulnerableComponent object

Vulnerable component of a security problem.

ElementTypeDescription
idstring

The Dynatrace entity ID of the vulnerable component.

displayNamestring

The display name of the vulnerable component.

shortNamestring

The short, component-only name of the vulnerable component.

fileNamestring

The file name of the vulnerable component.

numberOfAffectedEntitiesinteger

The number of affected entities.

affectedEntitiesstring[]

A list of affected entities.

The RelatedEntitiesList object

A list of related entities of the security problem.

A related entity is a monitored entity that is directly or indirectly related to an affected entity (for example, it could be a host where an affected process runs).

Each related entity contains a list of corresponding affected entities (for example, an affected process running on this host).

ElementTypeDescription
applicationsRelatedEntity[]

A list of related applications.

servicesRelatedService[]

A list of related services.

hostsRelatedEntity[]

A list of related hosts.

databasesstring[]

A list of related databases.

kubernetesWorkloadsRelatedEntity[]

A list of related Kubernetes workloads.

kubernetesClustersRelatedEntity[]

A list of related Kubernetes clusters.

The RelatedEntity object

An entity related to a security problem.

ElementTypeDescription
idstring

The Dynatrace entity ID of the entity.

numberOfAffectedEntitiesinteger

The number of affected entities related to the entity.

affectedEntitiesstring[]

A list of affected entities related to the entity.

The RelatedService object

A service related to a security problem.

ElementTypeDescription
idstring

The Dynatrace entity ID of the entity.

numberOfAffectedEntitiesinteger

The number of affected entities related to the entity.

affectedEntitiesstring[]

A list of affected entities related to the entity.

exposurestring

The level of exposure of the service.

The element can hold these values
  • NOT_AVAILABLE
  • NOT_DETECTED
  • PUBLIC_NETWORK

The RelatedContainerImage object

Related container image of a security problem.

ElementTypeDescription
imageIdstring

The image ID of the related container image.

imageNamestring

The image name of the related container image.

numberOfAffectedEntitiesinteger

The number of affected entities.

affectedEntitiesstring[]

A list of affected entities.

The RelatedAttacksList object

A list of related attacks of the security problem.

Related attacks are attacks on the exposed security problem.

ElementTypeDescription
attacksstring[]

A list of related attack ids.

Response body JSON model

json
{ "securityProblemId": "string", "displayId": "string", "status": "OPEN", "muted": true, "externalVulnerabilityId": "string", "vulnerabilityType": "CODE_LEVEL", "title": "string", "packageName": "string", "url": "string", "description": "string", "technology": "DOTNET", "firstSeenTimestamp": 1, "lastUpdatedTimestamp": 1, "riskAssessment": { "riskLevel": "CRITICAL", "riskScore": 1, "riskVector": "string", "baseRiskLevel": "CRITICAL", "baseRiskScore": 1, "baseRiskVector": "string", "exposure": "NOT_AVAILABLE", "dataAssets": "NOT_AVAILABLE", "publicExploit": "AVAILABLE", "vulnerableFunctionUsage": "IN_USE", "assessmentAccuracy": "FULL" }, "managementZones": [ { "name": "string", "id": "string" } ], "cveIds": [ "string" ], "globalCounts": { "affectedNodes": 1, "affectedProcessGroupInstances": 1, "affectedProcessGroups": 1, "exposedProcessGroups": 1, "reachableDataAssets": 1, "relatedApplications": 1, "relatedAttacks": 1, "relatedHosts": 1, "relatedKubernetesClusters": 1, "relatedKubernetesWorkloads": 1, "relatedServices": 1, "vulnerableComponents": 1 }, "filteredCounts": { "affectedNodes": 1, "affectedProcessGroupInstances": 1, "affectedProcessGroups": 1, "exposedProcessGroups": 1, "reachableDataAssets": 1, "relatedApplications": 1, "relatedAttacks": 1, "relatedDatabases": 1, "relatedHosts": 1, "relatedKubernetesClusters": 1, "relatedKubernetesWorkloads": 1, "relatedServices": 1, "vulnerableComponents": 1 }, "codeLevelVulnerabilityDetails": { "processGroupIds": [ "string" ], "processGroups": [ "string" ], "shortVulnerabilityLocation": "string", "type": "CMD_INJECTION", "vulnerabilityLocation": "string", "vulnerableFunction": "string", "vulnerableFunctionInput": { "type": "COMMAND", "inputSegments": [ { "value": "string", "type": "MALICIOUS_INPUT" } ] } }, "events": [ { "timestamp": 1, "reason": "SECURITY_PROBLEM_CREATED", "riskAssessmentSnapshot": { "riskLevel": "CRITICAL", "riskScore": 1, "numberOfAffectedEntities": 1, "numberOfReachableDataAssets": 1, "publicExploit": "AVAILABLE", "exposure": "NOT_AVAILABLE", "vulnerableFunctionUsage": "IN_USE" }, "muteState": { "user": "string", "reason": "AFFECTED", "comment": "string" } } ], "vulnerableComponents": [ { "id": "string", "displayName": "string", "shortName": "string", "fileName": "string", "numberOfAffectedEntities": 1, "affectedEntities": [ "string" ] } ], "affectedEntities": [ "string" ], "exposedEntities": [ "string" ], "reachableDataAssets": [ "string" ], "relatedEntities": { "applications": [ { "id": "string", "numberOfAffectedEntities": 1, "affectedEntities": [ "string" ] } ], "services": [ { "id": "string", "numberOfAffectedEntities": 1, "affectedEntities": [ "string" ], "exposure": "NOT_AVAILABLE" } ], "hosts": [ {} ], "databases": [ "string" ], "kubernetesWorkloads": [ {} ], "kubernetesClusters": [ {} ] }, "relatedContainerImages": [ { "containerImages": [ { "imageId": "string", "imageName": "string", "numberOfAffectedEntities": 1, "affectedEntities": [ "string" ] } ] } ], "relatedAttacks": { "attacks": [ "string" ] }, "muteStateChangeInProgress": true }
Related topics
  • Application Security

    Detect, monitor, remediate vulnerabilities at runtime, and block attacks on your applications.

  • Davis security advisor API

    Find out what the Dynatrace Davis security advisor API offers.