Security problems API - GET a problem

Gets the details of the specified security problem.

The request produces an application/json payload.

Early Adopter

This request is an Early Adopter release and may be changed in non-compatible way.

GET
  • Managed https://{your-domain}/e/{your-environment-id}/api/v2/securityProblems/{id}
  • SaaS https://{your-environment-id}.live.dynatrace.com/api/v2/securityProblems/{id}

Authentication

To execute this request, you need the Read security problems (securityProblems.read) permission assigned to your API token. To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter Type Description In Required
id string

The ID of the required security problem.

path required
fields string

Defines the list of problem properties to be removed from the response.

securityProblemId is always included in the result. The fields that are added by default and can be removed are listed below. To remove several fields, join them with a comma (for example -status,-firstSeenTimestamp).

  • status: The current status of the security problem.
  • muted: The current mute state of the security problem.
  • vulnerabilityId: The ID of the vulnerability.
  • vulnerabilityType: The type of the vulnerability.
  • technology: The technology of the security problem.
  • firstSeenTimestamp: The timestamp of the first occurrence of the security problem.
  • lastUpdatedTimestamp: The timestamp of the most recent security problem change.
  • riskAssessment: A risk assessment of the security problem.
  • riskAssessment.riskLevel: The Davis risk level of the security problem.
  • riskAssessment.riskScore: The Davis risk score of the security problem.
  • riskAssessment.riskVector: The Davis vector string of the security problem.
  • riskAssessment.baseRiskLevel: The risk level based on the CVSS of the security problem.
  • riskAssessment.baseRiskScore: The risk score based on the CVSS of the security problem.
  • riskAssessment.baseRiskVector: The vector string based on the CVSS of the security problem.
  • managementZones: The management zone where the security problem occurred.
  • vulnerableComponents: A list of vulnerable components of the security problem.
  • vulnerableEntities: A list of vulnerable entities of the security problem.
  • exposedEntities: A list of exposed entities of the security problem.
  • sensitiveDataAssets: A list of sensitive data assets of the security problem.
  • affectedEntities: A list of affected entities of the security problem.
  • affectedContainerImages: A list of affected container images of the security problem.
  • events: A list of events of the security problem.
query optional

Response

Response codes

Code Description
200

Success

Response body

The SecurityProblemDetails object

Parameters of a security problem

Element Type Description
securityProblemId string

The ID of the security problem.

displayId string

The displayId of the security problem.

status string

The status of the security problem.

muted boolean

Indicates if a security problem is muted.

vulnerabilityId string

The vulnerability ID of the security problem.

vulnerabilityType string

The type of the vulnerability.

technology string

The technology of the security problem.

firstSeenTimestamp integer

The timestamp of the first occurrence of the security problem.

lastUpdatedTimestamp integer

The timestamp of the most recent security problem change.

riskAssessment RiskAssessment
managementZones ManagementZone[]

Management zones to which the affected entities belong.

cveIds string[]

CVE IDs of the security problem.

events Event[]

An ordered (newest first) list of events of the security problem.

vulnerableComponents VulnerableComponent[]

A list of vulnerable components of the security problem.

A vulnerable component is what causes the security problem.

vulnerableEntities string[]

A list of vulnerable entities of the security problem.

A vulnerable entity is a process where a vulnerable component runs.

exposedEntities string[]

A list of exposed entities of the security problem.

An exposed entity is a process that is vulnerable and is exposed to the internet.

sensitiveDataAssets string[]

A list of sensitive data assets of the security problem.

A sensitive data asset is a service that has database access.

affectedEntities AffectedEntitiesList
affectedContainerImages object[]

A list of affected container images of the security problem.

An affected container image is a container image that contains at least one vulnerable process.

The AffectedContainerImage object

Affected container image of a security problem.

Element Type Description
imageId string

The image ID of the affected container image.

imageName string

The image name of the affected container image.

numberOfVulnerableProcesses integer

The number of vulnerable processes.

vulnerableProcesses string[]

A list of vulnerable processes.

The AffectedEntitiesList object

A list of affected entities of the security problem.

An affected entity is a monitored entity that is directly or indirectly affected by a vulnerable entity (for example, it could be a host where the vulnerable process runs).

Element Type Description
applications AffectedEntity[]

A list of affected applications.

services AffectedService[]

A list of affected services.

hosts AffectedEntity[]

A list of affected hosts.

databases string[]

A list of affected databases.

kubernetesWorkloads AffectedEntity[]

A list of affected Kubernetes workloads.

kubernetesClusters AffectedEntity[]

A list of affected Kubernetes clusters.

The AffectedService object

A service affected by a security problem.

Element Type Description
id string

The Dynatrace entity ID of the entity.

numberOfVulnerableProcesses integer

The number of vulnerable processes related to the entity.

vulnerableProcesses string[]

A list of vulnerable processes related to the entity.

exposed boolean

The service is (true) or isn't (false) exposed to the internet.

The AffectedEntity object

An entity affected by a security problem.

Element Type Description
id string

The Dynatrace entity ID of the entity.

numberOfVulnerableProcesses integer

The number of vulnerable processes related to the entity.

vulnerableProcesses string[]

A list of vulnerable processes related to the entity.

The VulnerableComponent object

Vulnerable component of a security problem.

Element Type Description
id string

The Dynatrace entity ID of the vulnerable component.

displayName string

The display name of the vulnerable component.

fileName string

The file name of the vulnerable component.

numberOfVulnerableProcesses integer

The number of vulnerable processes.

vulnerableProcesses string[]

A list of vulnerable processes.

The Event object

The event of a security problem.

Element Type Description
timestamp integer

The timestamp when the event occurred.

reason string

The reason of the event creation.

riskAssessmentSnapshot RiskAssessmentSnapshot
muteState MuteState

The MuteState object

information on the muted state of a security problem in relation to an event.

Element Type Description
user string

The user who has muted or unmuted the problem.

reason string

The reason for the mute state change.

comment string

A comment by the user.

The RiskAssessmentSnapshot object

A snapshot of the risk assessment of a security problem.

Element Type Description
numberOfAffectedProcesses integer

The number of currently affected process group instances.

numberOfSensitiveDataAffected integer
publicExploitAvailable boolean

At least one public exploit is (true) or is not (false) available.

exposed boolean

The problem is (true) or is not (false) exposed to the internet.

numberOfSensitiveDataAssetsAffected integer

The number of currently affected sensitive data assets.

The ManagementZone object

A short representation of a management zone.

Element Type Description
name string

The name of the management zone.

id string

The ID of the management zone.

The RiskAssessment object

Risk assessment of a security problem.

Element Type Description
riskLevel string

The Davis risk level.

It is calculated by Dynatrace on the basis of CVSS score

riskScore number

The Davis risk score (1-10).

It is calculated by Dynatrace on the basis of CVSS score.

riskVector string

The attack vector calculated by DT based on the CVSS attack vector.

baseRiskLevel string

The risk level from the CVSS score.

baseRiskScore number

The risk score (1-10) from the CVSS score.

baseRiskVector string

The original attack vector of the CVSS assessment.

exposed boolean

The entity is (true) or isn't (false) exposed to the internet.

sensitiveDataAffected boolean

The sensitive data is (true) or isn't (false) affected.

publicExploitAvailable boolean

A public exploit is (true) or isn't (false) available.