• Home
  • Dynatrace API
  • Environment
  • Application Security
  • Security problems
  • GET problem events

Security problems API - GET problem events

Lists events of a security problem

The request produces an application/json payload.

GETManagedDynatrace for Governmenthttps://{your-domain}/e/{your-environment-id}/securityProblems/{id}/events
SaaShttps://{your-environment-id}.live.dynatrace.com/securityProblems/{id}/events
Environment ActiveGatehttps://{your-activegate-domain}/e/{your-environment-id}/securityProblems/{id}/events

Authentication

To execute this request, you need an access token with securityProblems.read scope.

To learn how to obtain and use it, see Tokens and authentication.

Parameters

ParameterTypeDescriptionInRequired
idstring

The ID of the required security problem.

pathrequired
fromstring

The start of the requested timeframe.

You can use one of the following formats:

  • Timestamp in UTC milliseconds.
  • Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
  • Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
    • m: minutes
    • h: hours
    • d: days
    • w: weeks
    • M: months
    • y: years

If not set, the relative timeframe of thirty days is used (now-30d).

queryoptional
tostring

The end of the requested timeframe.

You can use one of the following formats:

  • Timestamp in UTC milliseconds.
  • Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
  • Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
    • m: minutes
    • h: hours
    • d: days
    • w: weeks
    • M: months
    • y: years

If not set, the current timestamp is used.

queryoptional

Response

Response codes

CodeTypeDescription
200SecurityProblemEventsList

Success. The response contains the list of security problem events.

Response body objects

The SecurityProblemEventsList object

A list of events for a security problem.

ElementTypeDescription
eventsSecurityProblemEvent[]

A list of events for a security problem.

pageSizeinteger

The number of entries per page.

nextPageKeystring

The cursor for the next page of results. Has the value of null on the last page.

Use it in the nextPageKey query parameter to obtain subsequent pages of the result.

totalCountinteger

The total number of entries in the result.

The SecurityProblemEvent object

The event of a security problem.

ElementTypeDescription
timestampinteger

The timestamp when the event occurred.

reasonstring

The reason of the event creation.

The element can hold these values
  • SECURITY_PROBLEM_CREATED
  • SECURITY_PROBLEM_MUTED
  • SECURITY_PROBLEM_REOPENED
  • SECURITY_PROBLEM_RESOLVED
  • SECURITY_PROBLEM_UNMUTED
riskAssessmentSnapshotRiskAssessmentSnapshot

A snapshot of the risk assessment of a security problem.

muteStateMuteState

Metadata of the muted state of a security problem in relation to an event.

The RiskAssessmentSnapshot object

A snapshot of the risk assessment of a security problem.

ElementTypeDescription
riskLevelstring

The Davis risk level.

It is calculated by Dynatrace on the basis of CVSS score.

The element can hold these values
  • CRITICAL
  • HIGH
  • LOW
  • MEDIUM
  • NONE
riskScorenumber

The Davis risk score (1-10).

It is calculated by Dynatrace on the basis of CVSS score.

numberOfAffectedEntitiesinteger

The number of currently affected entities.

numberOfReachableDataAssetsinteger

The number of data assets that are currently reachable by affected entities.

publicExploitstring

The availability status of public exploits.

The element can hold these values
  • AVAILABLE
  • NOT_AVAILABLE
exposurestring

The level of exposure of affected entities.

The element can hold these values
  • NOT_AVAILABLE
  • NOT_DETECTED
  • PUBLIC_NETWORK
vulnerableFunctionUsagestring

The state of vulnerable code execution.

The element can hold these values
  • IN_USE
  • NOT_AVAILABLE
  • NOT_IN_USE

The MuteState object

Metadata of the muted state of a security problem in relation to an event.

ElementTypeDescription
userstring

The user who has muted or unmuted the problem.

reasonstring

The reason for the mute state change.

The element can hold these values
  • AFFECTED
  • CONFIGURATION_NOT_AFFECTED
  • FALSE_POSITIVE
  • IGNORE
  • INITIAL_STATE
  • OTHER
  • VULNERABLE_CODE_NOT_IN_USE
commentstring

A user's comment.

Response body JSON model

json
{ "events": [ { "timestamp": 1, "reason": "SECURITY_PROBLEM_CREATED", "riskAssessmentSnapshot": { "riskLevel": "CRITICAL", "riskScore": 1, "numberOfAffectedEntities": 1, "numberOfReachableDataAssets": 1, "publicExploit": "AVAILABLE", "exposure": "NOT_AVAILABLE", "vulnerableFunctionUsage": "IN_USE" }, "muteState": { "user": "string", "reason": "AFFECTED", "comment": "string" } } ], "pageSize": 1, "nextPageKey": "AQAAABQBAAAABQ==", "totalCount": 1 }
Related topics
  • Application Security

    Detect, monitor, and remediate open-source and third-party vulnerabilities at runtime.

  • Davis security advisor API

    Find out what the Dynatrace Davis security advisor API offers.