Security problems API - GET list remediation items

Lists all remediation items of a security problem.

The request produces an application/json payload.

GET	ManagedDynatrace for Government	`https://{your-domain}/e/{your-environment-id}/api/v2/securityProblems/{id}/remediationItems`
	SaaS	`https://{your-environment-id}.live.dynatrace.com/api/v2/securityProblems/{id}/remediationItems`
	Environment ActiveGate	`https://{your-activegate-domain}/e/{your-environment-id}/api/v2/securityProblems/{id}/remediationItems`

Authentication

To execute this request, you need an access token with securityProblems.read scope.

To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter Type Description In Required

string

Parameter	Type	Description	In	Required
id	string	The ID of the required third-party security problem.	path	required
remediationItemSelector	string	Defines the scope of the query. Only remediable entities matching the specified criteria are included in the response. You can add one or more of the following criteria. Values are not case-sensitive and the `EQUALS` operator is used unless otherwise specified. Vulnerability state: `vulnerabilityState("value")`. Find the possible values in the description of the vulnerabilityState field of the response. If not set, all entities are returned. Muted: `muted("value")`. Possible values are `TRUE` or `FALSE`. Reachable data asset assessment: `assessment.dataAssets("value")` Possible values are `REACHABLE`, and `NOT_DETECTED`. Network exposure assessment: `assessment.exposure("value")` Possible values are `PUBLIC_NETWORK`, and `NOT_DETECTED`. Vulnerable function usage assessment: `assessment.vulnerableFunctionUsage("value")` Possible values are `IN_USE`, and `NOT_IN_USE`. Vulnerable function in use contains: `assessment.vulnerableFunctionInUseContains("value")`. Possible values are `class::function`, `class::` and `function`. The `CONTAINS` operator is used. Only vulnerable functions in use are considered. Assessment accuracy: `assessment.accuracy("value")` Possible values are `FULL` and `REDUCED`. Entity name contains: `entityNameContains("value-1")`. The `CONTAINS` operator is used. To set several criteria, separate them with a comma (`,`). Only results matching all criteria are included in the response. Specify the value of a criterion as a quoted string. The following special characters must be escaped with a tilde (`~`) inside quotes: Tilde `~` Quote `"`	query	optional

The ID of the required third-party security problem.

path

required

remediationItemSelector

string

Defines the scope of the query. Only remediable entities matching the specified criteria are included in the response.

You can add one or more of the following criteria. Values are not case-sensitive and the EQUALS operator is used unless otherwise specified.

Vulnerability state: vulnerabilityState("value"). Find the possible values in the description of the vulnerabilityState field of the response. If not set, all entities are returned.
Muted: muted("value"). Possible values are TRUE or FALSE.
Reachable data asset assessment: assessment.dataAssets("value") Possible values are REACHABLE, and NOT_DETECTED.
Network exposure assessment: assessment.exposure("value") Possible values are PUBLIC_NETWORK, and NOT_DETECTED.
Vulnerable function usage assessment: assessment.vulnerableFunctionUsage("value") Possible values are IN_USE, and NOT_IN_USE.
Vulnerable function in use contains: assessment.vulnerableFunctionInUseContains("value"). Possible values are class::function, class:: and function. The CONTAINS operator is used. Only vulnerable functions in use are considered.
Assessment accuracy: assessment.accuracy("value") Possible values are FULL and REDUCED.
Entity name contains: entityNameContains("value-1"). The CONTAINS operator is used.

To set several criteria, separate them with a comma (,). Only results matching all criteria are included in the response.

Specify the value of a criterion as a quoted string. The following special characters must be escaped with a tilde (~) inside quotes:

Tilde ~
Quote "

query

optional

Response

Response codes

Code	Type	Description
200	RemediationItemList	Success. The response contains the list of remediation items of a problem.

Response body objects

The `RemediationItemList` object

A list of remediation items.

Element	Type	Description
remediationItems	RemediationItem[]	A list of remediation items.

The `RemediationItem` object

A possible remediation for a security problem.

Element	Type	Description
id	string	The ID of the remediation item.
entityIds	string[]	A list of related entities, represented by entity IDs.
name	string	The name of the entity.
firstAffectedTimestamp	integer	The timestamp when the entity has first been related to the vulnerability.
assessment	RemediationAssessment	Assessment of the remediation item.
resolvedTimestamp	integer	The timestamp (UTC milliseconds) when the vulnerability has been resolved for related entities.
vulnerabilityState	string	The current state of related entities for the vulnerability. The element can hold these values `RESOLVED` `VULNERABLE`
muteState	RemediationItemMuteState	The mute state of a remediation item of a security problem.
vulnerableComponents	VulnerableComponent[]	A list of vulnerable components of the remediation item. A vulnerable component is what causes the security problem.
remediationProgress	RemediationProgress	The progress of this remediation item. It contains affected and unaffected entities.

The `RemediationAssessment` object

Assessment of the remediation item.

Element	Type	Description
exposure	string	The level of exposure of affected entities. The element can hold these values `NOT_AVAILABLE` `NOT_DETECTED` `PUBLIC_NETWORK`
dataAssets	string	The reachability of related data assets by affected entities. The element can hold these values `NOT_AVAILABLE` `NOT_DETECTED` `REACHABLE`
numberOfDataAssets	integer	The number of related data assets.
vulnerableFunctionUsage	string	The usage of vulnerable functions The element can hold these values `IN_USE` `NOT_AVAILABLE` `NOT_IN_USE`
vulnerableFunctionsInUse	VulnerableFunction[]	A list of vulnerable functions that are in use.
vulnerableFunctionsNotInUse	VulnerableFunction[]	A list of vulnerable functions that are not in use.
vulnerableFunctionsNotAvailable	VulnerableFunction[]	A list of vulnerable functions that are not available.

The `VulnerableFunction` object

Defines an vulnerable function.

Element	Type	Description
className	string	The class name of the vulnerable function.
filePath	string	The file path of the vulnerable function.
functionName	string	The function name of the vulnerable function.

The `RemediationItemMuteState` object

The mute state of a remediation item of a security problem.

Element	Type	Description
muted	boolean	The remediation is (`true`) or is not (`false`) muted.
user	string	The user who last changed the mute state.
lastUpdatedTimestamp	integer	The timestamp (UTC milliseconds) of the last update of the mute state.
reason	string	The reason for the most recent mute state change. The element can hold these values `AFFECTED` `CONFIGURATION_NOT_AFFECTED` `FALSE_POSITIVE` `IGNORE` `INITIAL_STATE` `OTHER` `VULNERABLE_CODE_NOT_IN_USE`
comment	string	A short comment about the most recent mute state change.

The `VulnerableComponent` object

Vulnerable component of a security problem.

Element	Type	Description
id	string	The Dynatrace entity ID of the vulnerable component.
displayName	string	The display name of the vulnerable component.
shortName	string	The short, component-only name of the vulnerable component.
fileName	string	The file name of the vulnerable component.
numberOfAffectedEntities	integer	The number of affected entities.
affectedEntities	string[]	A list of affected entities.

The `RemediationProgress` object

The progress of this remediation item. It contains affected and unaffected entities.

Element	Type	Description
affectedEntities	string[]	A list of related entities that are affected by the security problem.
unaffectedEntities	string[]	A list of related entities that are affected by the security problem.

Response body JSON model

json
{
  "remediationItems": [
    {
      "id": "string",
      "entityIds": [
        "string"
      ],
      "name": "string",
      "firstAffectedTimestamp": 1,
      "assessment": {
        "exposure": "NOT_AVAILABLE",
        "dataAssets": "NOT_AVAILABLE",
        "numberOfDataAssets": 1,
        "vulnerableFunctionUsage": "IN_USE",
        "vulnerableFunctionsInUse": [
          {
            "className": "string",
            "filePath": "string",
            "functionName": "string"
          }
        ],
        "vulnerableFunctionsNotInUse": [
          {}
        ],
        "vulnerableFunctionsNotAvailable": [
          {}
        ]
      },
      "resolvedTimestamp": 1,
      "vulnerabilityState": "RESOLVED",
      "muteState": {
        "muted": true,
        "user": "string",
        "lastUpdatedTimestamp": 1,
        "reason": "AFFECTED",
        "comment": "string"
      },
      "vulnerableComponents": [
        {
          "id": "string",
          "displayName": "string",
          "shortName": "string",
          "fileName": "string",
          "numberOfAffectedEntities": 1,
          "affectedEntities": [
            "string"
          ]
        }
      ],
      "remediationProgress": {
        "affectedEntities": [
          "string"
        ],
        "unaffectedEntities": [
          "string"
        ]
      }
    }
  ]
}

Example

In this example, the request lists remediation items of the security problem with the ID of 3_SNYK-JAVA-IONETTY-1042268. The response is truncated to two entries.

The API token is passed in the Authorization header.

Curl

bash
curl --request GET \
  --url https://mySampleEnv.live.dynatrace.com/api/v2/securityProblems/3_SNYK-JAVA-IONETTY-1042268/remediationItems \
  --header 'Authorization: Api-Token dt0c01.abc123.abcdefjhij1234567890'

Request URL

plaintext
https://mySampleEnv.live.dynatrace.com/api/v2/securityProblems/3_SNYK-JAVA-IONETTY-1042268/remediationItems

Response body

json
{
  "remediationItems": [
    {
      "id": "PROCESS_GROUP-70DF2C1374244F5A",
      "entityIds": [
        "PROCESS_GROUP-70DF2C1374244F5A"
      ],
      "name": "KpiTomcatBackEnd-CWS-1-IG-144-HG",
      "firstAffectedTimestamp": 1633531037359,
      "assessment": {
        "exposure": "NOT_DETECTED",
        "dataAssets": "REACHABLE"
      },
      "vulnerabilityState": "VULNERABLE",
      "muteState": {
        "muted": false,
        "user": "unknown",
        "reason": "INITIAL_STATE"
      },
      "vulnerableComponents": [
        {
          "id": "SOFTWARE_COMPONENT-2559CD116033C217",
          "displayName": "io.software.component.1.1",
          "fileName": "io.software.component.1.1.jar",
          "numberOfAffectedEntities": 2,
          "affectedEntities": [
            "PROCESS_GROUP_INSTANCE-3684888745E180D5",
            "PROCESS_GROUP_INSTANCE-8F100796B9296962"
          ]
        },
        {
          "id": "SOFTWARE_COMPONENT-0A679AA673B2B525",
          "displayName": "io.software.component.loader.2.0.Final",
          "fileName": "io.software.component.loader.2.0.jar",
          "numberOfAffectedEntities": 4,
          "affectedEntities": [
            "PROCESS_GROUP_INSTANCE-0D133F13A28B477A",
            "PROCESS_GROUP_INSTANCE-258962DC804FEDBC",
            "PROCESS_GROUP_INSTANCE-3684888745E180D5",
            "PROCESS_GROUP_INSTANCE-B79C2594071FBF6C"
          ]
        }
      ],
      "remediationProgress": {
        "affectedEntities": [
          "PROCESS_GROUP_INSTANCE-0D133F13A28B477A",
          "PROCESS_GROUP_INSTANCE-258962DC804FEDBC",
          "PROCESS_GROUP_INSTANCE-3684888745E180D5",
          "PROCESS_GROUP_INSTANCE-8F100796B9296962",
          "PROCESS_GROUP_INSTANCE-B79C2594071FBF6C"
        ],
        "unaffectedEntities": [
          "PROCESS_GROUP_INSTANCE-63AD33941D667CAC",
          "PROCESS_GROUP_INSTANCE-E20A5DDF167AF3B8",
          "PROCESS_GROUP_INSTANCE-F1166B3AB1F4312D",
          "PROCESS_GROUP_INSTANCE-F9D0250A7432521D",
          "PROCESS_GROUP_INSTANCE-FF1B355E4E252FA1"
        ]
      }
    },
    {
      "id": "PROCESS_GROUP-18407614632D87A6",
      "entityIds": [
        "PROCESS_GROUP-18407614632D87A6"
      ],
      "name": "KpiTomcatFrontEnd-CWS-1-IG-67-HG",
      "firstAffectedTimestamp": 1633531037359,
      "assessment": {
        "exposure": "PUBLIC_NETWORK",
        "dataAssets": "NOT_DETECTED"
      },
      "resolvedTimestamp": 1636096094323,
      "vulnerabilityState": "RESOLVED",
      "muteState": {
        "muted": false,
        "user": "unknown",
        "reason": "INITIAL_STATE"
      },
      "vulnerableComponents": [
        {
          "id": "SOFTWARE_COMPONENT-2559CD116033C217",
          "displayName": "io.software.component.1.1.Final",
          "fileName": "io.software.component.1.1.jar",
          "numberOfAffectedEntities": 1,
          "affectedEntities": [
            "PROCESS_GROUP_INSTANCE-41115D4B6F8BFEEC"
          ]
        }
      ],
      "remediationProgress": {
        "affectedEntities": [
          "PROCESS_GROUP_INSTANCE-41115D4B6F8BFEEC"
        ],
        "unaffectedEntities": [
          "PROCESS_GROUP_INSTANCE-0189CF4780B4B872",
          "PROCESS_GROUP_INSTANCE-2D54D85C45C0BA57",
          "PROCESS_GROUP_INSTANCE-3E6373ACEA9DE722",
          "PROCESS_GROUP_INSTANCE-47BCF72F93FF9528",
          "PROCESS_GROUP_INSTANCE-6B5EF5C1A5ED42D0",
          "PROCESS_GROUP_INSTANCE-BA18DB16A7A28A04",
          "PROCESS_GROUP_INSTANCE-BCAECCB29AB12462",
          "PROCESS_GROUP_INSTANCE-DD3CD2024A06BB5B",
          "PROCESS_GROUP_INSTANCE-DE5B280889AC6569"
        ]
      }
    }
  ]
}

Response code

200