Vulnerabilities API - GET vulnerability details
Lists the details of a specific vulnerability.
The request produces an application/json
payload.
GET | ManagedDynatrace for Government | https://{your-domain}/e/{your-environment-id}/api/v2/securityProblems/{id} |
SaaS | https://{your-environment-id}.live.dynatrace.com/api/v2/securityProblems/{id} | |
Environment ActiveGate | https://{your-activegate-domain}/e/{your-environment-id}/api/v2/securityProblems/{id} |
Authentication
To execute this request, you need an access token with securityProblems.read
scope.
To learn how to obtain and use it, see Tokens and authentication.
Parameters
Parameter | Type | Description | In | Required |
---|---|---|---|---|
id | string | The ID of the required security problem. | path | required |
fields | string | A list of additional security problem properties you can add to the response. The following properties are available (all other properties are always included and you can't remove them from the response):
To add properties, specify them in a comma-separated list and prefix each property with a plus (for example, | query | optional |
from | string | Based on the timeframe start the affected-, related- and vulnerable entities are being calculated. You can use one of the following formats:
If not set, the default timeframe start of 24 hours in the past is used ( The timeframe start must not be older than 365 days. | query | optional |
Response
Response codes
Code | Type | Description |
---|---|---|
200 | Security | Success. The response contains parameters of the security problem. |
Response body objects
The SecurityProblemDetails
object
Parameters of a security problem
Element | Type | Description |
---|---|---|
affectedEntities | string[] | A list of affected entities of the security problem. An affected entity is an entity where a vulnerable component runs. |
codeLevelVulnerabilityDetails | Code | The details of a code-level vulnerability. |
cveIds | string[] | A list of CVE IDs of the security problem. |
description | string | The description of the security problem. |
displayId | string | The display ID of the security problem. |
entryPoints | Entry | A list of entry points and a flag which indicates whether this list was truncated or not. |
events | Security | An ordered (newest first) list of events of the security problem. |
exposedEntities | string[] | A list of exposed entities of the security problem. An exposed entity is an affected entity that is exposed to the internet. |
externalVulnerabilityId | string | The external vulnerability ID of the security problem. |
filteredCounts | Filtered | Statistics about the security problem, filtered by the management zone and timeframe start ('from') query parameters. |
firstSeenTimestamp | integer | The timestamp of the first occurrence of the security problem. |
globalCounts | Global | Globally calculated statistics about the security problem. No management zone information is taken into account. |
lastOpenedTimestamp | integer | The timestamp when the security problem was last opened. |
lastResolvedTimestamp | integer | The timestamp when the security problem was last resolved. |
lastUpdatedTimestamp | integer | The timestamp of the most recent security problem change. |
managementZones | Management | A list of management zones which the affected entities belong to. |
muteStateChangeInProgress | boolean | If |
muted | boolean | The security problem is ( |
packageName | string | The package name of the security problem. |
reachableDataAssets | string[] | A list of data assets reachable by affected entities of the security problem. A data asset is a service that has database access. |
relatedAttacks | Related | A list of related attacks of the security problem. Related attacks are attacks on the exposed security problem. |
relatedContainerImages | object[] | A list of related container images. |
relatedEntities | Related | A list of related entities of the security problem. A related entity is a monitored entity that is directly or indirectly related to an affected entity (for example, it could be a host where an affected process runs). Each related entity contains a list of corresponding affected entities (for example, an affected process running on this host). |
riskAssessment | Risk | Risk assessment of a security problem. |
securityProblemId | string | The ID of the security problem. |
status | string | The status of the security problem. |
technology | string | The technology of the security problem. |
title | string | The title of the security problem. |
url | string | The URL to the security problem details page. |
vulnerabilityType | string | The type of the vulnerability. |
vulnerableComponents | Vulnerable | A list of vulnerable components of the security problem. A vulnerable component is what causes the security problem. |
The CodeLevelVulnerabilityDetails
object
The details of a code-level vulnerability.
Element | Type | Description |
---|---|---|
processGroupIds | string[] | The list of encoded MEIdentifier of the process groups. |
processGroups | string[] | The list of affected process groups. |
shortVulnerabilityLocation | string | The code location of the vulnerability without package and parameter. |
type | string | The type of code level vulnerability. |
vulnerabilityLocation | string | The code location of the vulnerability. |
vulnerableFunction | string | The vulnerable function of the vulnerability. |
vulnerableFunctionInput | Vulnerable | Describes what got passed into the code level vulnerability. |
The VulnerableFunctionInput
object
Describes what got passed into the code level vulnerability.
Element | Type | Description |
---|---|---|
inputSegments | Vulnerable | A list of input segments. |
type | string | The type of the input. |
The VulnerableFunctionInputSegment
object
Describes one segment that was passed into a vulnerable function.
Element | Type | Description |
---|---|---|
type | string | The type of the input segment. |
value | string | The value of the input segment. |
The EntryPoints
object
A list of entry points and a flag which indicates whether this list was truncated or not.
Element | Type | Description |
---|---|---|
items | Entry | A list of entry points. |
truncated | boolean | Indicates whether the list of entry points was truncated or not. |
The EntryPoint
object
Information about an entry point of a code-level vulnerability.
Element | Type | Description |
---|---|---|
sourceHttpPath | string | Source HTTP path of entry points. |
usageSegments | Entry | List of entry point usage segments. |
The EntryPointUsageSegment
object
Describes one segment that was passed into a usage and the associated source name and type.
Element | Type | Description |
---|---|---|
segmentType | string | The type of this input segment. |
segmentValue | string | The value of this input segment. |
sourceArgumentName | string | The name used in the source for this segment. |
sourceType | string | The type of the HTTP request part that contains the value that was used in this segment. |
The SecurityProblemEvent
object
The event of a security problem.
Element | Type | Description |
---|---|---|
muteState | Mute | Metadata of the muted state of a security problem in relation to an event. |
reason | string | The reason of the event creation. |
riskAssessmentSnapshot | Risk | A snapshot of the risk assessment of a security problem. |
timestamp | integer | The timestamp when the event occurred. |
The MuteState
object
Metadata of the muted state of a security problem in relation to an event.
Element | Type | Description |
---|---|---|
comment | string | A user's comment. |
reason | string | The reason for the mute state change. |
user | string | The user who has muted or unmuted the problem. |
The RiskAssessmentSnapshot
object
A snapshot of the risk assessment of a security problem.
Element | Type | Description |
---|---|---|
baseRiskScore | number | The risk score (1-10) from the CVSS score. |
changes | Risk | All changes of the risk assessment. |
exposure | string | The level of exposure of affected entities. |
numberOfAffectedEntities | integer | The number of currently affected entities. |
numberOfAffectedNodes | integer | The number of currently affected nodes. |
numberOfAffectedProcessGroups | integer | The number of currently affected process groups. |
numberOfReachableDataAssets | integer | The number of data assets that are currently reachable by affected entities. |
numberOfRelatedAttacks | integer | The number of related attacks. |
publicExploit | string | The availability status of public exploits. |
riskLevel | string | The Davis risk level. It is calculated by Dynatrace on the basis of CVSS score. |
riskScore | number | The Davis risk score (1-10). It is calculated by Dynatrace on the basis of CVSS score. |
vulnerableFunctionUsage | string | The state of vulnerable code execution. |
The RiskAssessmentChanges
object
All changes of the risk assessment.
Element | Type | Description |
---|---|---|
deltaBaseRiskScore | number | The delta of the risk score. |
deltaNumberOfAffectedNodes | integer | The delta of the number of currently affected nodes. |
deltaNumberOfAffectedProcessGroups | integer | The delta of the number of currently affected process groups. |
deltaNumberOfReachableDataAssets | integer | The delta of the number of data assets that are currently reachable by affected entities. |
deltaNumberOfRelatedAttacks | integer | The delta of the number of related attacks. |
deltaRiskScore | number | The delta of the Davis risk score. |
previousExposure | string | The previous level of exposure of affected entities. |
previousPublicExploit | string | The previous availability status of public exploits. |
previousVulnerableFunctionUsage | string | The previous state of vulnerable code execution. |
The FilteredCountsDto
object
Statistics about the security problem, filtered by the management zone and timeframe start ('from') query parameters.
Element | Type | Description |
---|---|---|
affectedNodes | integer | Number of affected nodes |
affectedProcessGroupInstances | integer | Number of affected processes |
affectedProcessGroups | integer | Number of affected process groups |
exposedProcessGroups | integer | Number of exposed process groups |
reachableDataAssets | integer | Number of reachable data assets |
relatedApplications | integer | Number of related applications |
relatedAttacks | integer | Number of related attacks |
relatedDatabases | integer | Number of related databases |
relatedHosts | integer | Number of related hosts |
relatedKubernetesClusters | integer | Number of related Kubernetes clusters |
relatedKubernetesWorkloads | integer | Number of related Kubernetes workloads |
relatedServices | integer | Number of related services |
vulnerableComponents | integer | Number of vulnerable components |
The GlobalCountsDto
object
Globally calculated statistics about the security problem. No management zone information is taken into account.
Element | Type | Description |
---|---|---|
affectedNodes | integer | Number of affected nodes |
affectedProcessGroupInstances | integer | Number of affected process group instances |
affectedProcessGroups | integer | Number of affected process groups |
exposedProcessGroups | integer | Number of exposed process groups |
reachableDataAssets | integer | Number of reachable data assets exposed |
relatedApplications | integer | Number of related applications |
relatedAttacks | integer | Number of attacks on the exposed security problem |
relatedHosts | integer | Number of related hosts |
relatedKubernetesClusters | integer | Number of related kubernetes cluster |
relatedKubernetesWorkloads | integer | Number of related kubernetes workloads |
relatedServices | integer | Number of related services |
vulnerableComponents | integer | Number of vulnerable components |
The ManagementZone
object
A short representation of a management zone.
Element | Type | Description |
---|---|---|
id | string | The ID of the management zone. |
name | string | The name of the management zone. |
The RelatedAttacksList
object
A list of related attacks of the security problem.
Related attacks are attacks on the exposed security problem.
Element | Type | Description |
---|---|---|
attacks | string[] | A list of related attack ids. |
The RelatedContainerImage
object
Related container image of a security problem.
Element | Type | Description |
---|---|---|
affectedEntities | string[] | A list of affected entities. |
imageId | string | The image ID of the related container image. |
imageName | string | The image name of the related container image. |
numberOfAffectedEntities | integer | The number of affected entities. |
The RelatedEntitiesList
object
A list of related entities of the security problem.
A related entity is a monitored entity that is directly or indirectly related to an affected entity (for example, it could be a host where an affected process runs).
Each related entity contains a list of corresponding affected entities (for example, an affected process running on this host).
Element | Type | Description |
---|---|---|
applications | Related | A list of related applications. |
databases | string[] | A list of related databases. |
hosts | Related | A list of related hosts. |
kubernetesClusters | Related | A list of related Kubernetes clusters. |
kubernetesWorkloads | Related | A list of related Kubernetes workloads. |
services | Related | A list of related services. |
The RelatedEntity
object
An entity related to a security problem.
Element | Type | Description |
---|---|---|
affectedEntities | string[] | A list of affected entities related to the entity. |
id | string | The Dynatrace entity ID of the entity. |
numberOfAffectedEntities | integer | The number of affected entities related to the entity. |
The RelatedService
object
A service related to a security problem.
Element | Type | Description |
---|---|---|
affectedEntities | string[] | A list of affected entities related to the entity. |
exposure | string | The level of exposure of the service. |
id | string | The Dynatrace entity ID of the entity. |
numberOfAffectedEntities | integer | The number of affected entities related to the entity. |
The RiskAssessment
object
Risk assessment of a security problem.
Element | Type | Description |
---|---|---|
assessmentAccuracy | string | The level of available information on which this assessment has been done. |
baseRiskLevel | string | The risk level from the CVSS score. |
baseRiskScore | number | The risk score (1-10) from the CVSS score. |
baseRiskVector | string | The original attack vector of the CVSS assessment. |
dataAssets | string | The reachability of related data assets by affected entities. |
exposure | string | The level of exposure of affected entities. |
publicExploit | string | The availability status of public exploits. |
riskLevel | string | The Davis risk level. It is calculated by Dynatrace on the basis of CVSS score. |
riskScore | number | The Davis risk score (1-10). It is calculated by Dynatrace on the basis of CVSS score. |
riskVector | string | The attack vector calculated by Dynatrace based on the CVSS attack vector. |
vulnerableFunctionUsage | string | The state of vulnerable code execution. |
The VulnerableComponent
object
Vulnerable component of a security problem.
Element | Type | Description |
---|---|---|
affectedEntities | string[] | A list of affected entities. |
displayName | string | The display name of the vulnerable component. |
fileName | string | The file name of the vulnerable component. |
id | string | The Dynatrace entity ID of the vulnerable component. |
numberOfAffectedEntities | integer | The number of affected entities. |
shortName | string | The short, component-only name of the vulnerable component. |
Response body JSON model
{
"affectedEntities": [
"string"
],
"codeLevelVulnerabilityDetails": {
"processGroupIds": [
"string"
],
"processGroups": [
"string"
],
"shortVulnerabilityLocation": "string",
"type": "CMD_INJECTION",
"vulnerabilityLocation": "string",
"vulnerableFunction": "string",
"vulnerableFunctionInput": {
"inputSegments": [
{
"type": "MALICIOUS_INPUT",
"value": "string"
}
],
"type": "COMMAND"
}
},
"cveIds": [
"string"
],
"description": "string",
"displayId": "string",
"entryPoints": {
"items": [
{
"sourceHttpPath": "string",
"usageSegments": [
{
"segmentType": "MALICIOUS_INPUT",
"segmentValue": "string",
"sourceArgumentName": "string",
"sourceType": "HTTP_BODY"
}
]
}
],
"truncated": true
},
"events": [
{
"muteState": {
"comment": "string",
"reason": "AFFECTED",
"user": "string"
},
"reason": "ASSESSMENT_CHANGED",
"riskAssessmentSnapshot": {
"baseRiskScore": 1,
"changes": {
"deltaBaseRiskScore": 1,
"deltaNumberOfAffectedNodes": 1,
"deltaNumberOfAffectedProcessGroups": 1,
"deltaNumberOfReachableDataAssets": 1,
"deltaNumberOfRelatedAttacks": 1,
"deltaRiskScore": 1,
"previousExposure": "NOT_AVAILABLE",
"previousPublicExploit": "AVAILABLE",
"previousVulnerableFunctionUsage": "IN_USE"
},
"exposure": "NOT_AVAILABLE",
"numberOfAffectedEntities": 1,
"numberOfAffectedNodes": 1,
"numberOfAffectedProcessGroups": 1,
"numberOfReachableDataAssets": 1,
"numberOfRelatedAttacks": 1,
"publicExploit": "AVAILABLE",
"riskLevel": "CRITICAL",
"riskScore": 1,
"vulnerableFunctionUsage": "IN_USE"
},
"timestamp": 1
}
],
"exposedEntities": [
"string"
],
"externalVulnerabilityId": "string",
"filteredCounts": {
"affectedNodes": 1,
"affectedProcessGroupInstances": 1,
"affectedProcessGroups": 1,
"exposedProcessGroups": 1,
"reachableDataAssets": 1,
"relatedApplications": 1,
"relatedAttacks": 1,
"relatedDatabases": 1,
"relatedHosts": 1,
"relatedKubernetesClusters": 1,
"relatedKubernetesWorkloads": 1,
"relatedServices": 1,
"vulnerableComponents": 1
},
"firstSeenTimestamp": 1,
"globalCounts": {
"affectedNodes": 1,
"affectedProcessGroupInstances": 1,
"affectedProcessGroups": 1,
"exposedProcessGroups": 1,
"reachableDataAssets": 1,
"relatedApplications": 1,
"relatedAttacks": 1,
"relatedHosts": 1,
"relatedKubernetesClusters": 1,
"relatedKubernetesWorkloads": 1,
"relatedServices": 1,
"vulnerableComponents": 1
},
"lastOpenedTimestamp": 1,
"lastResolvedTimestamp": 1,
"lastUpdatedTimestamp": 1,
"managementZones": [
{
"id": "string",
"name": "string"
}
],
"muteStateChangeInProgress": true,
"muted": true,
"packageName": "string",
"reachableDataAssets": [
"string"
],
"relatedAttacks": {
"attacks": [
"string"
]
},
"relatedContainerImages": [
{
"containerImages": [
{
"affectedEntities": [
"string"
],
"imageId": "string",
"imageName": "string",
"numberOfAffectedEntities": 1
}
]
}
],
"relatedEntities": {
"applications": [
{
"affectedEntities": [
"string"
],
"id": "string",
"numberOfAffectedEntities": 1
}
],
"databases": [
"string"
],
"hosts": [
{}
],
"kubernetesClusters": [
{}
],
"kubernetesWorkloads": [
{}
],
"services": [
{
"affectedEntities": [
"string"
],
"exposure": "NOT_AVAILABLE",
"id": "string",
"numberOfAffectedEntities": 1
}
]
},
"riskAssessment": {
"assessmentAccuracy": "FULL",
"baseRiskLevel": "CRITICAL",
"baseRiskScore": 1,
"baseRiskVector": "string",
"dataAssets": "NOT_AVAILABLE",
"exposure": "NOT_AVAILABLE",
"publicExploit": "AVAILABLE",
"riskLevel": "CRITICAL",
"riskScore": 1,
"riskVector": "string",
"vulnerableFunctionUsage": "IN_USE"
},
"securityProblemId": "string",
"status": "OPEN",
"technology": "DOTNET",
"title": "string",
"url": "string",
"vulnerabilityType": "CODE_LEVEL",
"vulnerableComponents": [
{
"affectedEntities": [
"string"
],
"displayName": "string",
"fileName": "string",
"id": "string",
"numberOfAffectedEntities": 1,
"shortName": "string"
}
]
}