Security problems API - GET a problem

Gets the details of the specified security problem.

The request produces an application/json payload.

Early Adopter

This request is an Early Adopter release and may be changed in non-compatible way.

GET
  • Managed https://{your-domain}/e/{your-environment-id}/api/v2/securityProblems/{id}
  • SaaS https://{your-environment-id}.live.dynatrace.com/api/v2/securityProblems/{id}
  • Environment ActiveGate https://{your-activegate-domain}/e/{your-environment-id}/api/v2/securityProblems/{id}

Authentication

To execute this request, you need the Read security problems (securityProblems.read) permission assigned to your API token. To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter Type Description In Required
id string

The ID of the required security problem.

path required
fields string

A list of additional security problem properties you can add to the response.

The following properties are available (all other properties are always included and you can't remove them from the response):

  • riskAssessment: A risk assessment of the security problem.
  • managementZones: The management zone where the security problem occurred.
  • description: The description of the vulnerability.
  • events: A list of events of the security problem.
  • vulnerableComponents: A list of vulnerable components of the security problem.
  • affectedEntities: A list of affected entities of the security problem.
  • exposedEntities: A list of exposed entities of the security problem.
  • reachableDataAssets: A list of data assets reachable by affected entities of the security problem.
  • relatedEntities: A list of related entities of the security problem.
  • relatedContainerImages: A list of related container images of the security problem.

To add properties, specify them in a comma-separated list and prefix each property with a plus (for example, +riskAssessment,+managementZones).

query optional

Response

Response codes

Code Description
200

Success

Response body

The SecurityProblemDetails object

Parameters of a security problem

Element Type Description
securityProblemId string

The ID of the security problem.

displayId string

The displayId of the security problem.

status string

The status of the security problem.

muted boolean

Indicates if a security problem is muted.

externalVulnerabilityId string

The external vulnerability ID of the security problem.

vulnerabilityType string

The type of the vulnerability.

title string

The title of the security problem.

packageName string

The package name of the security problem.

url string

The URL to the security problem details page.

description string

The description of the security problem.

technology string

The technology of the security problem.

firstSeenTimestamp integer

The timestamp of the first occurrence of the security problem.

lastUpdatedTimestamp integer

The timestamp of the most recent security problem change.

riskAssessment RiskAssessment
managementZones ManagementZone[]

Management zones to which the affected entities belong.

cveIds string[]

CVE IDs of the security problem.

events SecurityProblemEvent[]

An ordered (newest first) list of events of the security problem.

vulnerableComponents VulnerableComponent[]

A list of vulnerable components of the security problem.

A vulnerable component is what causes the security problem.

affectedEntities string[]

A list of affected entities of the security problem.

An affected entity is an entity where a vulnerable component runs.

exposedEntities string[]

A list of exposed entities of the security problem.

An exposed entity is an affected entity that is exposed to the internet.

reachableDataAssets string[]

A list of data assets reachable by affected entities of the security problem.

A data asset is a service that has database access.

relatedEntities RelatedEntitiesList
relatedContainerImages object[]

A list of related container images of the security problem.

A related container image is a container image that contains at least one affected entity.

muteStateChangeInProgress boolean

If true a change of the mute state is in progress.

The RelatedContainerImage object

Related container image of a security problem.

Element Type Description
imageId string

The image ID of the related container image.

imageName string

The image name of the related container image.

numberOfAffectedEntities integer

The number of affected entities.

affectedEntities string[]

A list of affected entities.

The RelatedEntitiesList object

A list of related entities of the security problem.

A related entity is a monitored entity that is directly or indirectly related to an affected entity (for example, it could be a host where an affected process runs).

Each related entity contains a list of corresponding affected entities (for example, an affected process running on this host).

Element Type Description
applications RelatedEntity[]

A list of related applications.

services RelatedService[]

A list of related services.

hosts RelatedEntity[]

A list of related hosts.

databases string[]

A list of related databases.

kubernetesWorkloads RelatedEntity[]

A list of related Kubernetes workloads.

kubernetesClusters RelatedEntity[]

A list of related Kubernetes clusters.

The RelatedService object

A service related to a security problem.

Element Type Description
id string

The Dynatrace entity ID of the entity.

numberOfAffectedEntities integer

The number of affected entities related to the entity.

affectedEntities string[]

A list of affected entities related to the entity.

exposure string

The level of exposure of the service.

The RelatedEntity object

An entity related to a security problem.

Element Type Description
id string

The Dynatrace entity ID of the entity.

numberOfAffectedEntities integer

The number of affected entities related to the entity.

affectedEntities string[]

A list of affected entities related to the entity.

The VulnerableComponent object

Vulnerable component of a security problem.

Element Type Description
id string

The Dynatrace entity ID of the vulnerable component.

displayName string

The display name of the vulnerable component.

fileName string

The file name of the vulnerable component.

numberOfAffectedEntities integer

The number of affected entities.

affectedEntities string[]

The list of affected entities.

The SecurityProblemEvent object

The event of a security problem.

Element Type Description
timestamp integer

The timestamp when the event occurred.

reason string

The reason of the event creation.

riskAssessmentSnapshot RiskAssessmentSnapshot
muteState MuteState

The MuteState object

information on the muted state of a security problem in relation to an event.

Element Type Description
user string

The user who has muted or unmuted the problem.

reason string

The reason for the mute state change.

comment string

A comment by the user.

The RiskAssessmentSnapshot object

A snapshot of the risk assessment of a security problem.

Element Type Description
numberOfAffectedEntities integer

The number of currently affected entities.

numberOfReachableDataAssets integer

The number of currently reachable data assets by affected entities.

publicExploit string

The availability status of public exploits.

exposure string

The level of exposure of affected entities.

The ManagementZone object

A short representation of a management zone.

Element Type Description
name string

The name of the management zone.

id string

The ID of the management zone.

The RiskAssessment object

Risk assessment of a security problem.

Element Type Description
riskLevel string

The Davis risk level.

It is calculated by Dynatrace on the basis of CVSS score.

riskScore number

The Davis risk score (1-10).

It is calculated by Dynatrace on the basis of CVSS score.

riskVector string

The attack vector calculated by DT based on the CVSS attack vector.

baseRiskLevel string

The risk level from the CVSS score.

baseRiskScore number

The risk score (1-10) from the CVSS score.

baseRiskVector string

The original attack vector of the CVSS assessment.

exposure string

The level of exposure of affected entities.

dataAssets string

The reachability of related data assets by affected entities.

publicExploit string

The availability status of public exploits.