Security problems API - GET a problem
Gets the details of the specified security problem.
The request produces an application/json payload.
This request is an Early Adopter release and may be changed in non-compatible way.
| GET | Managed | https://{your-domain}/e/{your-environment-id}/api/v2/securityProblems/{id} |
| SaaS | https://{your-environment-id}.live.dynatrace.com/api/v2/securityProblems/{id} | |
| Environment ActiveGate | https://{your-activegate-domain}/e/{your-environment-id}/api/v2/securityProblems/{id} |
Authentication
To execute this request, you need an access token with Read security problems (securityProblems.read) scope. To learn how to obtain and use it, see Tokens and authentication.
Parameters
| Parameter | Type | Description | In | Required |
|---|---|---|---|---|
| id | string | The ID of the required security problem. | path | required |
| fields | string | A list of additional security problem properties you can add to the response. The following properties are available (all other properties are always included and you can't remove them from the response):
To add properties, specify them in a comma-separated list and prefix each property with a plus (for example, | query | optional |
Response
Response codes
| Code | Type | Description |
|---|---|---|
| 200 | Security | Success. The response contains parameters of the security problem. |
Response body objects
The SecurityProblemDetails object
Parameters of a security problem
| Element | Type | Description |
|---|---|---|
| securityProblemId | string | The ID of the security problem. Can be |
| displayId | string | The display ID of the security problem. Can be |
| status | string | The status of the security problem. Can be |
| muted | boolean | The security problem is ( Can be |
| externalVulnerabilityId | string | The external vulnerability ID of the security problem. Can be |
| vulnerabilityType | string | The type of the vulnerability. Can be |
| title | string | The title of the security problem. Can be |
| packageName | string | The package name of the security problem. Can be |
| url | string | The URL to the security problem details page. Can be |
| description | string | The description of the security problem. Can be |
| technology | string | The technology of the security problem. Can be |
| firstSeenTimestamp | integer | The timestamp of the first occurrence of the security problem. Can be |
| lastUpdatedTimestamp | integer | The timestamp of the most recent security problem change. Can be |
| riskAssessment | Risk | Risk assessment of a security problem. Can be |
| managementZones | Management | A list of management zones which the affected entities belong to. Can be |
| cveIds | string[] | A list of CVE IDs of the security problem. Can be |
| events | Security | An ordered (newest first) list of events of the security problem. Can be |
| vulnerableComponents | Vulnerable | A list of vulnerable components of the security problem. A vulnerable component is what causes the security problem. Can be |
| affectedEntities | string[] | A list of affected entities of the security problem. An affected entity is an entity where a vulnerable component runs. Can be |
| exposedEntities | string[] | A list of exposed entities of the security problem. An exposed entity is an affected entity that is exposed to the internet. Can be |
| reachableDataAssets | string[] | A list of data assets reachable by affected entities of the security problem. A data asset is a service that has database access. Can be |
| relatedEntities | Related | A list of related entities of the security problem. A related entity is a monitored entity that is directly or indirectly related to an affected entity (for example, it could be a host where an affected process runs). Each related entity contains a list of corresponding affected entities (for example, an affected process running on this host). Can be |
| relatedContainerImages | object[] | A list of related container images. Can be |
| muteStateChangeInProgress | boolean | If Can be |
The RiskAssessment object
Risk assessment of a security problem.
| Element | Type | Description |
|---|---|---|
| riskLevel | string | The Davis risk level. It is calculated by Dynatrace on the basis of CVSS score. Can be |
| riskScore | number | The Davis risk score (1-10). It is calculated by Dynatrace on the basis of CVSS score. Can be |
| riskVector | string | The attack vector calculated by Dynatrace based on the CVSS attack vector. Can be |
| baseRiskLevel | string | The risk level from the CVSS score. Can be |
| baseRiskScore | number | The risk score (1-10) from the CVSS score. Can be |
| baseRiskVector | string | The original attack vector of the CVSS assessment. Can be |
| exposure | string | The level of exposure of affected entities. Can be |
| dataAssets | string | The reachability of related data assets by affected entities. Can be |
| publicExploit | string | The availability status of public exploits. Can be |
| vulnerableFunctionUsage | string | The state of vulnerable code execution. Can be |
The ManagementZone object
A short representation of a management zone.
| Element | Type | Description |
|---|---|---|
| name | string | The name of the management zone. Can be |
| id | string | The ID of the management zone. Can be |
The SecurityProblemEvent object
The event of a security problem.
| Element | Type | Description |
|---|---|---|
| timestamp | integer | The timestamp when the event occurred. Can be |
| reason | string | The reason of the event creation. Can be |
| riskAssessmentSnapshot | Risk | A snapshot of the risk assessment of a security problem. Can be |
| muteState | Mute | Metadata of the muted state of a security problem in relation to an event. Can be |
The RiskAssessmentSnapshot object
A snapshot of the risk assessment of a security problem.
| Element | Type | Description |
|---|---|---|
| numberOfAffectedEntities | integer | The number of currently affected entities. Can be |
| numberOfReachableDataAssets | integer | The number of data assets that are currently reachable by affected entities. Can be |
| publicExploit | string | The availability status of public exploits. Can be |
| exposure | string | The level of exposure of affected entities. Can be |
| vulnerableFunctionUsage | string | The state of vulnerable code execution. Can be |
The MuteState object
Metadata of the muted state of a security problem in relation to an event.
| Element | Type | Description |
|---|---|---|
| user | string | The user who has muted or unmuted the problem. Can be |
| reason | string | The reason for the mute state change. Can be |
| comment | string | A user's comment. Can be |
The VulnerableComponent object
Vulnerable component of a security problem.
| Element | Type | Description |
|---|---|---|
| id | string | The Dynatrace entity ID of the vulnerable component. Can be |
| displayName | string | The display name of the vulnerable component. Can be |
| fileName | string | The file name of the vulnerable component. Can be |
| numberOfAffectedEntities | integer | The number of affected entities. Can be |
| affectedEntities | string[] | A list of affected entities. Can be |
The RelatedEntitiesList object
A list of related entities of the security problem.
A related entity is a monitored entity that is directly or indirectly related to an affected entity (for example, it could be a host where an affected process runs).
Each related entity contains a list of corresponding affected entities (for example, an affected process running on this host).
| Element | Type | Description |
|---|---|---|
| applications | Related | A list of related applications. Can be |
| services | Related | A list of related services. Can be |
| hosts | Related | A list of related hosts. Can be |
| databases | string[] | A list of related databases. Can be |
| kubernetesWorkloads | Related | A list of related Kubernetes workloads. Can be |
| kubernetesClusters | Related | A list of related Kubernetes clusters. Can be |
The RelatedEntity object
An entity related to a security problem.
| Element | Type | Description |
|---|---|---|
| id | string | The Dynatrace entity ID of the entity. Can be |
| numberOfAffectedEntities | integer | The number of affected entities related to the entity. Can be |
| affectedEntities | string[] | A list of affected entities related to the entity. Can be |
The RelatedService object
A service related to a security problem.
| Element | Type | Description |
|---|---|---|
| id | string | The Dynatrace entity ID of the entity. Can be |
| numberOfAffectedEntities | integer | The number of affected entities related to the entity. Can be |
| affectedEntities | string[] | A list of affected entities related to the entity. Can be |
| exposure | string | The level of exposure of the service. Can be |
The RelatedContainerImage object
Related container image of a security problem.
| Element | Type | Description |
|---|---|---|
| imageId | string | The image ID of the related container image. Can be |
| imageName | string | The image name of the related container image. Can be |
| numberOfAffectedEntities | integer | The number of affected entities. Can be |
| affectedEntities | string[] | A list of affected entities. Can be |
Response body JSON model
{
"securityProblemId": "string",
"displayId": "string",
"status": "OPEN",
"muted": true,
"externalVulnerabilityId": "string",
"vulnerabilityType": "RUNTIME",
"title": "string",
"packageName": "string",
"url": "string",
"description": "string",
"technology": "DOTNET",
"firstSeenTimestamp": 1,
"lastUpdatedTimestamp": 1,
"riskAssessment": {
"riskLevel": "CRITICAL",
"riskScore": 1,
"riskVector": "string",
"baseRiskLevel": "CRITICAL",
"baseRiskScore": 1,
"baseRiskVector": "string",
"exposure": "NOT_AVAILABLE",
"dataAssets": "NOT_AVAILABLE",
"publicExploit": "AVAILABLE",
"vulnerableFunctionUsage": "IN_USE"
},
"managementZones": [
{
"name": "string",
"id": "string"
}
],
"cveIds": [
"string"
],
"events": [
{
"timestamp": 1,
"reason": "SECURITY_PROBLEM_CREATED",
"riskAssessmentSnapshot": {
"numberOfAffectedEntities": 1,
"numberOfReachableDataAssets": 1,
"publicExploit": "AVAILABLE",
"exposure": "NOT_AVAILABLE",
"vulnerableFunctionUsage": "IN_USE"
},
"muteState": {
"user": "string",
"reason": "AFFECTED",
"comment": "string"
}
}
],
"vulnerableComponents": [
{
"id": "string",
"displayName": "string",
"fileName": "string",
"numberOfAffectedEntities": 1,
"affectedEntities": [
"string"
]
}
],
"affectedEntities": [
"string"
],
"exposedEntities": [
"string"
],
"reachableDataAssets": [
"string"
],
"relatedEntities": {
"applications": [
{
"id": "string",
"numberOfAffectedEntities": 1,
"affectedEntities": [
"string"
]
}
],
"services": [
{
"id": "string",
"numberOfAffectedEntities": 1,
"affectedEntities": [
"string"
],
"exposure": "NOT_AVAILABLE"
}
],
"hosts": [
{}
],
"databases": [
"string"
],
"kubernetesWorkloads": [
{}
],
"kubernetesClusters": [
{}
]
},
"relatedContainerImages": [
{
"containerImages": [
{
"imageId": "string",
"imageName": "string",
"numberOfAffectedEntities": 1,
"affectedEntities": [
"string"
]
}
]
}
],
"muteStateChangeInProgress": true
}