Security problems API - GET all problems

Lists all security problems detected in your applications.

The request produces an application/json payload.

Early Adopter

This request is an Early Adopter release and may be changed in non-compatible way.

GET
  • Managed https://{your-domain}/e/{your-environment-id}/api/v2/securityProblems
  • SaaS https://{your-environment-id}.live.dynatrace.com/api/v2/securityProblems
  • Environment ActiveGate https://{your-activegate-domain}/e/{your-environment-id}/api/v2/securityProblems

Authentication

To execute this request, you need the Read security problems (securityProblems.read) permission assigned to your API token. To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter Type Description In Required
nextPageKey string

The cursor for the next page of results. You can find it in the nextPageKey field of the previous response.

The first page is always returned if you don't specify the nextPageKey query parameter.

When the nextPageKey is set to obtain subsequent pages, you must omit all other query parameters.

query optional
pageSize integer

The amount of security problems in a single response payload.

The maximal allowed page size is 500.

If not set, 100 is used.

query optional
securityProblemSelector string

Defines the scope of the query. Only security problems matching the specified criteria are included in the response.

You can add one or more of the following criteria. Values are not case-sensitive and the EQUALS operator is used unless otherwise specified.

  • Status: status("value"). Find the possible values in the description of the status field of the response. If not set, all security problems are returned.
  • Muted: muted("value"). Possible values are TRUE or FALSE.
  • Risk level: riskLevel("value"). The Davis Risk Level. Find the possible values in the description of the riskLevel field of the response.
  • Minimum risk score: minRiskScore("5.5"). The Davis minimum Risk Score. The GREATER THAN OR EQUAL TO operator is used. Specify a number between 1.0 and 10.0.
  • Maximum risk score: maxRiskScore("5.5"). The Davis maximum Risk Score. The LESS THAN operator is used. Specify a number between 1.0 and 10.0.
  • Base risk level: baseRiskLevel("value"). The Base Risk Level from the CVSS. Find the possible values in the description of the riskLevel field of the response.
  • Minimum base risk score: minBaseRiskScore("5.5"). The Base minimum Risk Score from the CVSS. The GREATER THAN OR EQUAL TO operator is used. Specify a number between 1.0 and 10.0.
  • Maximum base risk score: maxBaseRiskScore("5.5"). The Base maximum Risk Score from the CVSS. The LESS THAN operator is used. Specify a number between 1.0 and 10.0.
  • Vulnerability ID contains: vulnerabilityIdContains("id-1"). The CONTAINS operator is used.
  • Vulnerability ID: vulnerabilityId("id-1","id-2"). Case insensitive EQUALS operator is used.
  • CVE ID: cveId("id").
  • Risk assessment riskAssessment("value-1","value-2") Possible values are EXPOSED, SENSITIVE, and EXPLOIT.
  • Related host ID: relatedHostIds("value-1", "value-2"). Specify Dynatrace entity IDs here.
  • Related host name: relatedHostNames("value-1", "value-2"). Values are case-sensitive.
  • Related host name contains: relatedHostNameContains("value-1"). The CONTAINS operator is used.
  • Related Kubernetes cluster ID: relatedKubernetesClusterIds("value-1", "value-2"). Specify Dynatrace entity IDs here.
  • Related Kubernetes cluster name: relatedKubernetesClusterNames("value-1", "value-2"). Values are case-sensitive.
  • Related Kubernetes cluster name contains: relatedKubernetesClusterNameContains("value-1"). The CONTAINS operator is used.
  • Related Kubernetes workload ID: relatedKubernetesWorkloadIds("value-1", "value-2"). Specify Dynatrace entity IDs here.
  • Related Kubernetes workload name: relatedKubernetesWorkloadNames("value-1", "value-2"). Values are case-sensitive.
  • Related Kubernetes workload name contains: relatedKubernetesWorkloadNameContains("value-1"). The CONTAINS operator is used.
  • Management zone ID: managementZoneIds("mzId-1","mzId-2").
  • Management zone name: managementZones("name-1","name-2"). Values are case-sensitive.
  • Affected process group ID: affectedPgIds("pgId-1", "pgId-2"). Specify Dynatrace entity IDs here.
  • Affected process group name: affectedPgNames("name-1", "name-2"). Values are case-sensitive.
  • Affected process group name contains: affectedPgNameContains("name-1"). The CONTAINS operator is used.
  • Vulnerable component ID: vulnerableComponentIds("componentId-1", "componentId-2"). Specify component IDs here.
  • Vulnerable component name: vulnerableComponentNames("name-1", "name-2"). Values are case-sensitive.
  • Vulnerable component name contains: vulnerableComponentNameContains("name-1"). The CONTAINS operator is used.
  • Host tags: hostTags("hostTag-1"). The CONTAINS operator is used.
  • Process group tags: pgTags("pgTag-1"). The CONTAINS operator is used.
  • Process group instance tags: pgiTags("pgiTag-1"). The CONTAINS operator is used.
  • Tags: tags("tag-1"). The CONTAINS operator is used. This selector picks hosts, process groups, and process group instances at the same time.
  • Display ID: displayIds("S-1234","S-5678"). The EQUALS operator is used.
  • Technology: technology("technology-1","technology-2"). Find the possible values in the description of the technology field of the response. The EQUALS operator is used.

Risk score and risk category are mutually exclusive (cannot be used at the same time).

To set several criteria, separate them with a comma (,). Only results matching (all criteria are included in the response.

Specify the value of a criterion as a quoted string. The following special characters must be escaped with a tilde (~) inside quotes:

  • Tilde ~
  • Quote "
query optional
sort string

Specifies a field for sorting the security problem list.

You can sort by the following properties with a sign prefix for the sorting order.

  • status: The security problem status (+ open first or - resolved first)
  • muted: The security problem mute state (+ muted first or - unmuted first)
  • technology: The security problem technology (+ ascending or - descending)
  • firstSeenTimestamp: The timestamp of the first occurrence of the security problem (+ new problems first or - old problems first)
  • securityProblemId: The auto-generated ID of the security problem (+ lower number first or - higher number first)
  • vulnerabilityId: The ID of the vulnerability (+ lower number first or - higher number first)
  • displayId: The display ID (+ lower number first or - higher number first)
  • riskAssessment.riskScore: The Davis security score (+ lower score first or - higher score first)
  • riskAssessment.riskLevel: The Davis security level (+ lower level first or - higher level first)
  • riskAssessment.exposure: Whether the problem is exposed to the internet (+ unexposed first or - exposed first)
  • riskAssessment.dataAssets: Whether data assets are affected (+ not affected first or - affected first)

If no prefix is set, + is used.

query optional
fields string

Defines the list of problem properties to be added to the response.

securityProblemId, displayId, status, muted, vulnerabilityId, vulnerabilityType, title, packageName url, technology, firstSeenTimestamp, lastUpdateTimestamp, cveIds are always included in the result. To add more properties, list them with a leading plus +. Available fields are listed below. You can specify several properties, separated by a comma (for example +riskAssessment,+managementZones).

  • riskAssessment: A risk assessment of the security problem.
  • managementZones: The management zone where the security problem occurred.
query optional
from string

The start of the requested timeframe.

You can use one of the following formats:

  • Timestamp in UTC milliseconds.
  • Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
  • Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
    • m: minutes
    • h: hours
    • d: days
    • w: weeks
    • M: months
    • y: years

If not set, the relative timeframe of thirty days is used (now-30d).

query optional
to string

The end of the requested timeframe.

You can use one of the following formats:

  • Timestamp in UTC milliseconds.
  • Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
  • Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
    • m: minutes
    • h: hours
    • d: days
    • w: weeks
    • M: months
    • y: years

If not set, the current timestamp is used.

query optional

Response

Response codes

Code Description
200

Success

Response body

The SecurityProblemList object

A list of security problems.

Element Type Description
totalCount integer

The total number of entries in the result.

pageSize integer

The number of entries per page.

nextPageKey string

The cursor for the next page of results. Has the value of null on the last page.

Use it in the nextPageKey query parameter to obtain subsequent pages of the result.

securityProblems SecurityProblem[]

A list of security problems.

The SecurityProblem object

Parameters of a security problem

Element Type Description
securityProblemId string

The ID of the security problem.

displayId string

The displayId of the security problem.

status string

The status of the security problem.

muted boolean

Indicates if a security problem is muted.

vulnerabilityId string

The vulnerability ID of the security problem.

vulnerabilityType string

The type of the vulnerability.

title string

The title of the security problem.

packageName string

The package name of the security problem.

url string

The URL to the security problem details page.

technology string

The technology of the security problem.

firstSeenTimestamp integer

The timestamp of the first occurrence of the security problem.

lastUpdatedTimestamp integer

The timestamp of the most recent security problem change.

riskAssessment RiskAssessment
managementZones ManagementZone[]

Management zones to which the affected entities belong.

cveIds string[]

CVE IDs of the security problem.

The ManagementZone object

A short representation of a management zone.

Element Type Description
name string

The name of the management zone.

id string

The ID of the management zone.

The RiskAssessment object

Risk assessment of a security problem.

Element Type Description
riskLevel string

The Davis risk level.

It is calculated by Dynatrace on the basis of CVSS score.

riskScore number

The Davis risk score (1-10).

It is calculated by Dynatrace on the basis of CVSS score.

riskVector string

The attack vector calculated by DT based on the CVSS attack vector.

baseRiskLevel string

The risk level from the CVSS score.

baseRiskScore number

The risk score (1-10) from the CVSS score.

baseRiskVector string

The original attack vector of the CVSS assessment.

exposure string

The level of exposure of affected entities.

dataAssets string

The reachability of related data assets by affected entities.

publicExploit string

The availability status of public exploits.