Settings API - Security notifications schema table

Security notifications (`builtin:appsec.notification-integration)`

Integrate security notifications with your existing incident-management system or team-collaboration channel. Within security integrations, use vulnerability and attack alerting profiles to filter the total number of alerts down to those relevant for your team.

To learn more, visit Security notifications.

Schema ID	Schema groups	Scope
`builtin:appsec.notification-integration`	`group:integration`	`environment`

GET	Managed	`https://{your-domain}/e/{your-environment-id}/api/v2/settings/schemas/builtin:appsec.notification-integration`
	SaaS	`https://{your-environment-id}.live.dynatrace.com/api/v2/settings/schemas/builtin:appsec.notification-integration`
	Environment ActiveGate	`https://{your-activegate-domain}/e/{your-environment-id}/api/v2/settings/schemas/builtin:appsec.notification-integration`

Authentication

To execute this request, you need an access token with Read settings (settings.read) scope. To learn how to obtain and use it, see Tokens and authentication.

Parameters

Property	Type	Description	Required
Enabled `enabled`	boolean	-	required
Security alert type `trigger`	enum	`SECURITY_PROBLEM` `ATTACK_CANDIDATE`	required
Notification type `type`	enum	`WEBHOOK` `JIRA` `EMAIL`	required
Display name `displayName`	text	-	required
`webhookConfiguration`	WebhookConfiguration	-	required
`securityProblemBasedWebhookPayload`	SecurityProblemBasedWebhookPayload	-	required
`attackCandidateBasedWebhookPayload`	AttackCandidateBasedWebhookPayload	-	required
`jiraConfiguration`	JiraConfiguration	-	required
`securityProblemBasedJiraPayload`	SecurityProblemBasedJiraPayload	-	required
`attackCandidateBasedJiraPayload`	AttackCandidateBasedJiraPayload	-	required
`emailConfiguration`	EmailConfiguration	-	required
`securityProblemBasedEmailPayload`	SecurityProblemBasedEmailPayload	-	required
`attackCandidateBasedEmailPayload`	AttackCandidateBasedEmailPayload	-	required
Alerting profile `securityProblemBasedAlertingProfile`	setting	Select an alerting profile (`<your-dynatrace-url>//ui/settings/builtin:appsec.notification-alerting-profile`) to control the delivery of security notifications related to this integration.	required
Alerting profile `attackCandidateBasedAlertingProfile`	setting	Select an alerting profile (`<your-dynatrace-url>//ui/settings/builtin:appsec.notification-attack-alerting-profile`) to control the delivery of security notifications related to this integration.	required

The `WebhookConfiguration` object

Property Type Description Required

Webhook endpoint URL
url text - required

Accept any SSL certificate (including self-signed and invalid certificates)
acceptAnyCertificate boolean - required

Property	Type	Description	Required
Webhook endpoint URL `url`	text	-	required
Accept any SSL certificate (including self-signed and invalid certificates) `acceptAnyCertificate`	boolean	-	required
Additional HTTP headers `headers`	Set<WebhookConfigurationHeader>	Use additional HTTP headers to attach any additional information, for example, configuration, authorization, or metadata. Note that JSON-based webhook endpoints require the addition of the Content-Type: application/json header to enable escaping of special characters and to avoid malformed JSON content.	required

Additional HTTP headers
headers

Set<WebhookConfigurationHeader>

Use additional HTTP headers to attach any additional information, for example, configuration, authorization, or metadata.

Note that JSON-based webhook endpoints require the addition of the Content-Type: application/json header to enable escaping of special characters and to avoid malformed JSON content.

required

The `SecurityProblemBasedWebhookPayload` object

Property Type Description Required

Property	Type	Description	Required
Custom payload `payload`	text	This is the content your notification message will include when users view it. In case a value of a security problem is not set, the placeholder will be replaced by an empty string. Note: Security notifications contain sensitive information. Excessive usage of placeholders in the custom payload might leak information to untrusted parties. Available placeholders: {SecurityProblemId}: The unique identifier assigned by Dynatrace, for example, "S-1234". {Title}: A short summary of the type of vulnerability that was found, for example, "Remote Code Execution". {Description}: A more detailed description of the vulnerability. {CvssScore}: CVSS score of the identified vulnerability, for example, "10.0". Can be empty. {DavisSecurityScore}: Davis Security Score is an enhanced risk-calculation score based on the CVSS, for example, "10.0". {Severity}: The security problem severity, for example, "Critical" or "Medium". {SecurityProblemUrl}: URL of the security problem in Dynatrace. {AffectedEntities}: Details about the entities affected by the security problem in a json array. {ManagementZones}: Comma-separated list of all management zones affected by the vulnerability at the time of detection. {Tags}: Comma-separated list of tags that are defined for a vulnerability's affected entities. For example: "PROD, owner:John". Assign the tag's key in square brackets: {Tags[key]} to get all associated values. For example: "{Tags[owner]}" will be resolved as "John". Tags without an assigned value will be resolved as empty string. {Exposed}: Describes whether one or more affected process is exposed to the public Internet. Can be "true" or "false". {DataAssetsReachable}: Describes whether one or more affected process can reach data assets. Can be "true" or "false". {ExploitAvailable}: Describes whether there's an exploit available for the vulnerability. Can be "true" or "false".	required

Custom payload
payload

text

This is the content your notification message will include when users view it.
In case a value of a security problem is not set, the placeholder will be replaced by an empty string.

Note: Security notifications contain sensitive information. Excessive usage of placeholders in the custom payload might leak information to untrusted parties.

Available placeholders:
{SecurityProblemId}: The unique identifier assigned by Dynatrace, for example, "S-1234".
{Title}: A short summary of the type of vulnerability that was found, for example, "Remote Code Execution".
{Description}: A more detailed description of the vulnerability.
{CvssScore}: CVSS score of the identified vulnerability, for example, "10.0". Can be empty. {DavisSecurityScore}: Davis Security Score is an enhanced risk-calculation score based on the CVSS, for example, "10.0".
{Severity}: The security problem severity, for example, "Critical" or "Medium".
{SecurityProblemUrl}: URL of the security problem in Dynatrace.
{AffectedEntities}: Details about the entities affected by the security problem in a json array.
{ManagementZones}: Comma-separated list of all management zones affected by the vulnerability at the time of detection.
{Tags}: Comma-separated list of tags that are defined for a vulnerability's affected entities. For example: "PROD, owner:John". Assign the tag's key in square brackets: {Tags[key]} to get all associated values. For example: "{Tags[owner]}" will be resolved as "John". Tags without an assigned value will be resolved as empty string.
{Exposed}: Describes whether one or more affected process is exposed to the public Internet. Can be "true" or "false".
{DataAssetsReachable}: Describes whether one or more affected process can reach data assets. Can be "true" or "false".
{ExploitAvailable}: Describes whether there's an exploit available for the vulnerability. Can be "true" or "false".

required

The `AttackCandidateBasedWebhookPayload` object

Property Type Description Required

Property	Type	Description	Required
Custom payload `payload`	text	This is the content your notification message will include when users view it. In case a value of an attack is not set, the placeholder will be replaced by an empty string. Note: Security notifications contain sensitive information. Excessive usage of placeholders in the custom payload might leak information to untrusted parties. Available placeholders: {AttackDisplayId}: The unique identifier assigned by Dynatrace, for example: "A-1234". {Title}: Location of the attack, for example: "com.dynatrace.Class.method():120" {Type}: The type of attack, for example: "SQL Injection". {AttackUrl}: URL of the attack in Dynatrace. {ProcessGroupId}: Details about the process group attacked. {EntryPoint}: The entry point of the attack into the process, for example: "/login". Can be empty. {Status}: The status of the attack, for example: "Exploited" {Timestamp}: When the attack happened. {VulnerabilityName}: Name of the associated code-level vulnerability, for example: "InMemoryDatabaseCaller.getAccountInfo():51". Can be empty.	required

Custom payload
payload

text

This is the content your notification message will include when users view it.
In case a value of an attack is not set, the placeholder will be replaced by an empty string.

Note: Security notifications contain sensitive information. Excessive usage of placeholders in the custom payload might leak information to untrusted parties.

Available placeholders:
{AttackDisplayId}: The unique identifier assigned by Dynatrace, for example: "A-1234".
{Title}: Location of the attack, for example: "com.dynatrace.Class.method():120"
{Type}: The type of attack, for example: "SQL Injection".
{AttackUrl}: URL of the attack in Dynatrace.
{ProcessGroupId}: Details about the process group attacked.
{EntryPoint}: The entry point of the attack into the process, for example: "/login". Can be empty.
{Status}: The status of the attack, for example: "Exploited"
{Timestamp}: When the attack happened.
{VulnerabilityName}: Name of the associated code-level vulnerability, for example: "InMemoryDatabaseCaller.getAccountInfo():51". Can be empty.

required

The `JiraConfiguration` object

Property	Type	Description	Required
Jira endpoint URL `url`	text	The URL of the Jira API endpoint.	required
Username `username`	text	The username of the Jira profile.	required
API token `apiToken`	secret	The API token for the Jira profile. Using password authentication was deprecated by Jira	required
Project key `projectKey`	text	The project key of the Jira issue to be created by this notification.	required
Issue type `issueType`	text	The type of the Jira issue to be created by this notification. To find all available issue types or create your own, in Jira, go to Project settings > Issue types.	required

The `SecurityProblemBasedJiraPayload` object

Property Type Description Required

Property	Type	Description	Required
Summary `summary`	text	The summary of the Jira issue to be created by this notification. Note: The Jira summary field must contain less than 255 characters. Any content exceeding this limit after evaluating the placeholders will be discarded. Available placeholders: {SecurityProblemId}: The unique identifier assigned by Dynatrace, for example, "S-1234". {Title}: A short summary of the type of vulnerability that was found, for example, "Remote Code Execution". {CvssScore}: CVSS score of the identified vulnerability, for example, "10.0". Can be empty. {DavisSecurityScore}: Davis Security Score is an enhanced risk-calculation score based on the CVSS, for example, "10.0". {Severity}: The security problem severity, for example, "Critical" or "Medium". {SecurityProblemUrl}: URL of the security problem in Dynatrace. {Exposed}: Describes whether one or more affected process is exposed to the public Internet. Can be "true" or "false". {DataAssetsReachable}: Describes whether one or more affected process can reach data assets. Can be "true" or "false". {ExploitAvailable}: Describes whether there's an exploit available for the vulnerability. Can be "true" or "false".	required
Issue description `description`	text	The description of the Jira issue to be created by this notification. In case a value of a security problem is not set, the placeholder will be replaced by an empty string. Note: Security notifications contain sensitive information. Excessive usage of placeholders in the description might leak information to untrusted parties. Available placeholders: {SecurityProblemId}: The unique identifier assigned by Dynatrace, for example, "S-1234". {Title}: A short summary of the type of vulnerability that was found, for example, "Remote Code Execution". {Description}: A more detailed description of the vulnerability. {CvssScore}: CVSS score of the identified vulnerability, for example, "10.0". Can be empty. {DavisSecurityScore}: Davis Security Score is an enhanced risk-calculation score based on the CVSS, for example, "10.0". {Severity}: The security problem severity, for example, "Critical" or "Medium". {SecurityProblemUrl}: URL of the security problem in Dynatrace. {AffectedEntities}: Details about the entities affected by the security problem in a json array. {ManagementZones}: Comma-separated list of all management zones affected by the vulnerability at the time of detection. {Tags}: Comma-separated list of tags that are defined for a vulnerability's affected entities. For example: "PROD, owner:John". Assign the tag's key in square brackets: {Tags[key]} to get all associated values. For example: "{Tags[owner]}" will be resolved as "John". Tags without an assigned value will be resolved as empty string. {Exposed}: Describes whether one or more affected process is exposed to the public Internet. Can be "true" or "false". {DataAssetsReachable}: Describes whether one or more affected process can reach data assets. Can be "true" or "false". {ExploitAvailable}: Describes whether there's an exploit available for the vulnerability. Can be "true" or "false".	required

Summary
summary

text

The summary of the Jira issue to be created by this notification.

Note: The Jira summary field must contain less than 255 characters. Any content exceeding this limit after evaluating the placeholders will be discarded.

Available placeholders:
{SecurityProblemId}: The unique identifier assigned by Dynatrace, for example, "S-1234".
{Title}: A short summary of the type of vulnerability that was found, for example, "Remote Code Execution".
{CvssScore}: CVSS score of the identified vulnerability, for example, "10.0". Can be empty. {DavisSecurityScore}: Davis Security Score is an enhanced risk-calculation score based on the CVSS, for example, "10.0".
{Severity}: The security problem severity, for example, "Critical" or "Medium".
{SecurityProblemUrl}: URL of the security problem in Dynatrace.
{Exposed}: Describes whether one or more affected process is exposed to the public Internet. Can be "true" or "false".
{DataAssetsReachable}: Describes whether one or more affected process can reach data assets. Can be "true" or "false".
{ExploitAvailable}: Describes whether there's an exploit available for the vulnerability. Can be "true" or "false".

required

Issue description
description

text

The description of the Jira issue to be created by this notification.
In case a value of a security problem is not set, the placeholder will be replaced by an empty string.

Note: Security notifications contain sensitive information. Excessive usage of placeholders in the description might leak information to untrusted parties.

required

The `AttackCandidateBasedJiraPayload` object

Property Type Description Required

Property	Type	Description	Required
Summary `summary`	text	The summary of the Jira issue to be created by this notification. Note: The Jira summary field must contain less than 255 characters. Any content exceeding this limit after evaluating the placeholders will be discarded. Available placeholders: {AttackDisplayId}: The unique identifier assigned by Dynatrace, for example, "A-1234". {Title}: Location of the attack, for example: "com.dynatrace.Class.method():120" {Type}: The type of attack, for example: "SQL Injection". {AttackUrl}: URL of the attack in Dynatrace. {ProcessGroupId}: Details about the process group attacked. {EntryPoint}: The entry point of the attack into the process, for example: "/login". Can be empty. {Status}: The status of the attack, for example: "Exploited" {Timestamp}: When the attack happened. {VulnerabilityName}: Name of the associated code-level vulnerability, for example: "InMemoryDatabaseCaller.getAccountInfo():51". Can be empty.	required
Issue description `description`	text	The description of the Jira issue to be created by this notification. In case a value of an attack is not set, the placeholder will be replaced by an empty string. Note: Security notifications contain sensitive information. Excessive usage of placeholders in the description might leak information to untrusted parties. Available placeholders: {AttackDisplayId}: The unique identifier assigned by Dynatrace, for example: "A-1234". {Title}: Location of the attack, for example: "com.dynatrace.Class.method():120" {Type}: The type of attack, for example: "SQL Injection". {AttackUrl}: URL of the attack in Dynatrace. {ProcessGroupId}: Details about the process group attacked. {EntryPoint}: The entry point of the attack into the process, for example: "/login". Can be empty. {Status}: The status of the attack, for example: "Exploited" {Timestamp}: When the attack happened. {VulnerabilityName}: Name of the associated code-level vulnerability, for example: "InMemoryDatabaseCaller.getAccountInfo():51". Can be empty.	required

Summary
summary

text

The summary of the Jira issue to be created by this notification.

Note: The Jira summary field must contain less than 255 characters. Any content exceeding this limit after evaluating the placeholders will be discarded.

Available placeholders:
{AttackDisplayId}: The unique identifier assigned by Dynatrace, for example, "A-1234".
{Title}: Location of the attack, for example: "com.dynatrace.Class.method():120"
{Type}: The type of attack, for example: "SQL Injection".
{AttackUrl}: URL of the attack in Dynatrace.
{ProcessGroupId}: Details about the process group attacked.
{EntryPoint}: The entry point of the attack into the process, for example: "/login". Can be empty.
{Status}: The status of the attack, for example: "Exploited"
{Timestamp}: When the attack happened.
{VulnerabilityName}: Name of the associated code-level vulnerability, for example: "InMemoryDatabaseCaller.getAccountInfo():51". Can be empty.

required

Issue description
description

text

The description of the Jira issue to be created by this notification.
In case a value of an attack is not set, the placeholder will be replaced by an empty string.

Note: Security notifications contain sensitive information. Excessive usage of placeholders in the description might leak information to untrusted parties.

required

The `EmailConfiguration` object

Property	Type	Description	Required
To `recipients`	set	-	required
CC `ccRecipients`	set	-	required
BCC `bccRecipients`	set	-	required

The `SecurityProblemBasedEmailPayload` object

Property Type Description Required

Property	Type	Description	Required
Subject `subject`	text	The subject of the email notifications. Available placeholders: {SecurityProblemId}: The unique identifier assigned by Dynatrace, for example, "S-1234". {Title}: A short summary of the type of vulnerability that was found, for example, "Remote Code Execution". {CvssScore}: CVSS score of the identified vulnerability, for example, "10.0". Can be empty. {DavisSecurityScore}: Davis Security Score is an enhanced risk-calculation score based on the CVSS, for example, "10.0". {Severity}: The security problem severity, for example, "Critical" or "Medium". {SecurityProblemUrl}: URL of the security problem in Dynatrace. {Exposed}: Describes whether one or more affected process is exposed to the public Internet. Can be "true" or "false". {DataAssetsReachable}: Describes whether one or more affected process can reach data assets. Can be "true" or "false". {ExploitAvailable}: Describes whether there's an exploit available for the vulnerability. Can be "true" or "false".	required
Body `body`	text	The template of the email notifications. In case a value of a security problem is not set, the placeholder will be replaced by an empty string. Note: Security notifications contain sensitive information. Excessive usage of placeholders in the description might leak information to untrusted parties. Available placeholders: {SecurityProblemId}: The unique identifier assigned by Dynatrace, for example, "S-1234". {Title}: A short summary of the type of vulnerability that was found, for example, "Remote Code Execution". {Description}: A more detailed description of the vulnerability. {CvssScore}: CVSS score of the identified vulnerability, for example, "10.0". Can be empty. {DavisSecurityScore}: Davis Security Score is an enhanced risk-calculation score based on the CVSS, for example, "10.0". {Severity}: The security problem severity, for example, "Critical" or "Medium". {SecurityProblemUrl}: URL of the security problem in Dynatrace. {AffectedEntities}: Details about the entities affected by the security problem in a json array. {ManagementZones}: Comma-separated list of all management zones affected by the vulnerability at the time of detection. {Tags}: Comma-separated list of tags that are defined for a vulnerability's affected entities. For example: "PROD, owner:John". Assign the tag's key in square brackets: {Tags[key]} to get all associated values. For example: "{Tags[owner]}" will be resolved as "John". Tags without an assigned value will be resolved as empty string. {Exposed}: Describes whether one or more affected process is exposed to the public Internet. Can be "true" or "false". {DataAssetsReachable}: Describes whether one or more affected process can reach data assets. Can be "true" or "false". {ExploitAvailable}: Describes whether there's an exploit available for the vulnerability. Can be "true" or "false".	required

Subject
subject

text

The subject of the email notifications.

Available placeholders:
{SecurityProblemId}: The unique identifier assigned by Dynatrace, for example, "S-1234".
{Title}: A short summary of the type of vulnerability that was found, for example, "Remote Code Execution".
{CvssScore}: CVSS score of the identified vulnerability, for example, "10.0". Can be empty. {DavisSecurityScore}: Davis Security Score is an enhanced risk-calculation score based on the CVSS, for example, "10.0".
{Severity}: The security problem severity, for example, "Critical" or "Medium".
{SecurityProblemUrl}: URL of the security problem in Dynatrace.
{Exposed}: Describes whether one or more affected process is exposed to the public Internet. Can be "true" or "false".
{DataAssetsReachable}: Describes whether one or more affected process can reach data assets. Can be "true" or "false".
{ExploitAvailable}: Describes whether there's an exploit available for the vulnerability. Can be "true" or "false".

required

Body
body

text

The template of the email notifications.
In case a value of a security problem is not set, the placeholder will be replaced by an empty string.

Note: Security notifications contain sensitive information. Excessive usage of placeholders in the description might leak information to untrusted parties.

required

The `AttackCandidateBasedEmailPayload` object

Property Type Description Required

Property	Type	Description	Required
Subject `subject`	text	The subject of the email notifications. Available placeholders: {AttackDisplayId}: The unique identifier assigned by Dynatrace, for example, "A-1234". {Title}: Location of the attack, for example: "com.dynatrace.Class.method():120" {Type}: The type of attack, for example: "SQL Injection". {AttackUrl}: URL of the attack in Dynatrace. {ProcessGroupId}: Details about the process group attacked. {EntryPoint}: The entry point of the attack into the process, for example: "/login". Can be empty. {Status}: The status of the attack, for example: "Exploited" {Timestamp}: When the attack happened. {VulnerabilityName}: Name of the associated code-level vulnerability, for example: "InMemoryDatabaseCaller.getAccountInfo():51". Can be empty.	required
Body `body`	text	The template of the email notifications. In case a value of a security problem is not set, the placeholder will be replaced by an empty string. Note: Security notifications contain sensitive information. Excessive usage of placeholders in the body might leak information to untrusted parties. Available placeholders: {AttackDisplayId}: The unique identifier assigned by Dynatrace, for example: "A-1234". {Title}: Location of the attack, for example: "com.dynatrace.Class.method():120" {Type}: The type of attack, for example: "SQL Injection". {AttackUrl}: URL of the attack in Dynatrace. {ProcessGroupId}: Details about the process group attacked. {EntryPoint}: The entry point of the attack into the process, for example: "/login". Can be empty. {Status}: The status of the attack, for example: "Exploited" {Timestamp}: When the attack happened. {VulnerabilityName}: Name of the associated code-level vulnerability, for example: "InMemoryDatabaseCaller.getAccountInfo():51". Can be empty.	required

Subject
subject

text

The subject of the email notifications.

required

Body
body

text

The template of the email notifications.
In case a value of a security problem is not set, the placeholder will be replaced by an empty string.

Note: Security notifications contain sensitive information. Excessive usage of placeholders in the body might leak information to untrusted parties.

required

The `WebhookConfigurationHeader` object

Property	Type	Description	Required
Name `name`	text	-	required
Secret HTTP header value `secret`	boolean	-	required
Value `value`	text	The value of the HTTP header. May contain an empty value.	required
Value `secretValue`	secret	The secret value of the HTTP header. May contain an empty value.	required

Settings API - Security notifications schema table

Security notifications (builtin:appsec.notification-integration)

Authentication

Parameters

The WebhookConfiguration object

The SecurityProblemBasedWebhookPayload object

The AttackCandidateBasedWebhookPayload object

The JiraConfiguration object

The SecurityProblemBasedJiraPayload object

The AttackCandidateBasedJiraPayload object

The EmailConfiguration object

The SecurityProblemBasedEmailPayload object

The AttackCandidateBasedEmailPayload object

The WebhookConfigurationHeader object

Security notifications (`builtin:appsec.notification-integration)`

The `WebhookConfiguration` object

The `SecurityProblemBasedWebhookPayload` object

The `AttackCandidateBasedWebhookPayload` object

The `JiraConfiguration` object

The `SecurityProblemBasedJiraPayload` object

The `AttackCandidateBasedJiraPayload` object

The `EmailConfiguration` object

The `SecurityProblemBasedEmailPayload` object

The `AttackCandidateBasedEmailPayload` object

The `WebhookConfigurationHeader` object