Security problems API - GET problem events

Lists events of a security problem

The request produces an application/json payload.

GET	ManagedDynatrace for Government	`https://{your-domain}/e/{your-environment-id}/securityProblems/{id}/events`
	SaaS	`https://{your-environment-id}.live.dynatrace.com/securityProblems/{id}/events`
	Environment ActiveGate	`https://{your-activegate-domain}/e/{your-environment-id}/securityProblems/{id}/events`

Authentication

To execute this request, you need an access token with securityProblems.read scope.

To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter Type Description In Required

string

Parameter	Type	Description	In	Required
id	string	The ID of the required security problem.	path	required
from	string	The start of the requested timeframe. You can use one of the following formats: Timestamp in UTC milliseconds. Human-readable format of `2021-01-25T05:57:01.123+01:00`. If no time zone is specified, UTC is used. You can use a space character instead of the `T`. Seconds and fractions of a second are optional. Relative timeframe, back from now. The format is `now-NU/A`, where `N` is the amount of time, `U` is the unit of time, and `A` is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, `now-1y/w` is one year back, aligned by a week. You can also specify relative timeframe without an alignment: `now-NU`. Supported time units for the relative timeframe are: `m`: minutes `h`: hours `d`: days `w`: weeks `M`: months `y`: years If not set, the relative timeframe of thirty days is used (`now-30d`).	query	optional
to	string	The end of the requested timeframe. You can use one of the following formats: Timestamp in UTC milliseconds. Human-readable format of `2021-01-25T05:57:01.123+01:00`. If no time zone is specified, UTC is used. You can use a space character instead of the `T`. Seconds and fractions of a second are optional. Relative timeframe, back from now. The format is `now-NU/A`, where `N` is the amount of time, `U` is the unit of time, and `A` is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, `now-1y/w` is one year back, aligned by a week. You can also specify relative timeframe without an alignment: `now-NU`. Supported time units for the relative timeframe are: `m`: minutes `h`: hours `d`: days `w`: weeks `M`: months `y`: years If not set, the current timestamp is used.	query	optional

The ID of the required security problem.

path

required

from

string

The start of the requested timeframe.

You can use one of the following formats:

Timestamp in UTC milliseconds.
Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
- m: minutes
- h: hours
- d: days
- w: weeks
- M: months
- y: years

If not set, the relative timeframe of thirty days is used (now-30d).

query

optional

string

The end of the requested timeframe.

You can use one of the following formats:

Timestamp in UTC milliseconds.
Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
- m: minutes
- h: hours
- d: days
- w: weeks
- M: months
- y: years

If not set, the current timestamp is used.

query

optional

Response

Response codes

Code	Type	Description
200	SecurityProblemEventsList	Success. The response contains the list of security problem events.

Response body objects

The `SecurityProblemEventsList` object

A list of events for a security problem.

Element	Type	Description
events	SecurityProblemEvent[]	A list of events for a security problem.
pageSize	integer	The number of entries per page.
nextPageKey	string	The cursor for the next page of results. Has the value of `null` on the last page. Use it in the nextPageKey query parameter to obtain subsequent pages of the result.
totalCount	integer	The total number of entries in the result.

The `SecurityProblemEvent` object

The event of a security problem.

Element	Type	Description
timestamp	integer	The timestamp when the event occurred.
reason	string	The reason of the event creation. The element can hold these values `SECURITY_PROBLEM_CREATED` `SECURITY_PROBLEM_MUTED` `SECURITY_PROBLEM_REOPENED` `SECURITY_PROBLEM_RESOLVED` `SECURITY_PROBLEM_UNMUTED`
riskAssessmentSnapshot	RiskAssessmentSnapshot	A snapshot of the risk assessment of a security problem.
muteState	MuteState	Metadata of the muted state of a security problem in relation to an event.

The `RiskAssessmentSnapshot` object

A snapshot of the risk assessment of a security problem.

Element	Type	Description
riskLevel	string	The Davis risk level. It is calculated by Dynatrace on the basis of CVSS score. The element can hold these values `CRITICAL` `HIGH` `LOW` `MEDIUM` `NONE`
riskScore	number	The Davis risk score (1-10). It is calculated by Dynatrace on the basis of CVSS score.
numberOfAffectedEntities	integer	The number of currently affected entities.
numberOfReachableDataAssets	integer	The number of data assets that are currently reachable by affected entities.
publicExploit	string	The availability status of public exploits. The element can hold these values `AVAILABLE` `NOT_AVAILABLE`
exposure	string	The level of exposure of affected entities. The element can hold these values `NOT_AVAILABLE` `NOT_DETECTED` `PUBLIC_NETWORK`
vulnerableFunctionUsage	string	The state of vulnerable code execution. The element can hold these values `IN_USE` `NOT_AVAILABLE` `NOT_IN_USE`

The `MuteState` object

Metadata of the muted state of a security problem in relation to an event.

Element	Type	Description
user	string	The user who has muted or unmuted the problem.
reason	string	The reason for the mute state change. The element can hold these values `AFFECTED` `CONFIGURATION_NOT_AFFECTED` `FALSE_POSITIVE` `IGNORE` `INITIAL_STATE` `OTHER` `VULNERABLE_CODE_NOT_IN_USE`
comment	string	A user's comment.

Response body JSON model

json
{
  "events": [
    {
      "timestamp": 1,
      "reason": "SECURITY_PROBLEM_CREATED",
      "riskAssessmentSnapshot": {
        "riskLevel": "CRITICAL",
        "riskScore": 1,
        "numberOfAffectedEntities": 1,
        "numberOfReachableDataAssets": 1,
        "publicExploit": "AVAILABLE",
        "exposure": "NOT_AVAILABLE",
        "vulnerableFunctionUsage": "IN_USE"
      },
      "muteState": {
        "user": "string",
        "reason": "AFFECTED",
        "comment": "string"
      }
    }
  ],
  "pageSize": 1,
  "nextPageKey": "AQAAABQBAAAABQ==",
  "totalCount": 1
}

Security problems API - GET problem events

Authentication

Parameters

Response

Response codes

Response body objects

The SecurityProblemEventsList object

The SecurityProblemEvent object

The RiskAssessmentSnapshot object

The MuteState object

Response body JSON model

The `SecurityProblemEventsList` object

The `SecurityProblemEvent` object

The `RiskAssessmentSnapshot` object

The `MuteState` object