Attacks API - GET attack details

Lists the details of a specific attack.

The request produces an application/json payload.

GET	SaaS	`https://{your-environment-id}.live.dynatrace.com/api/v2/attacks/{id}`
GET	Environment ActiveGateCluster ActiveGate	`https://{your-activegate-domain}:9999/e/{your-environment-id}/api/v2/attacks/{id}`

Authentication

To execute this request, you need an access token with attacks.read scope.

To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter Type Description In Required

string

Parameter	Type	Description	In	Required
id	string	The ID of the attack.	path	required
fields	string	A list of additional attack properties you can add to the response. The following properties are available (all other properties are always included and you can't remove them from the response): `attackTarget`: The targeted host/database of an attack. `request`: The request that was sent from the attacker. `entrypoint`: The entry point used by an attacker to start a specific attack. `vulnerability`: The vulnerability utilized by the attack. `securityProblem`: The related security problem. `attacker`: The attacker of an attack. `managementZones`: The related management zones. To add properties, specify them in a comma-separated list and prefix each property with a plus (for example, `+attackTarget,+securityProblem`).	query	optional

The ID of the attack.

path

required

fields

string

A list of additional attack properties you can add to the response.

The following properties are available (all other properties are always included and you can't remove them from the response):

attackTarget: The targeted host/database of an attack.
request: The request that was sent from the attacker.
entrypoint: The entry point used by an attacker to start a specific attack.
vulnerability: The vulnerability utilized by the attack.
securityProblem: The related security problem.
attacker: The attacker of an attack.
managementZones: The related management zones.

To add properties, specify them in a comma-separated list and prefix each property with a plus (for example, +attackTarget,+securityProblem).

query

optional

Response

Response codes

Code	Type	Description
200	Attack	Success
4XX	ErrorEnvelope	Client side error.
5XX	ErrorEnvelope	Server side error.

Response body objects

The `Attack` object

Describes an attack.

Element	Type	Description
affectedEntities	AffectedEntities	Information about affected entities of an attack.
attackId	string	The ID of the attack.
attackTarget	AttackTarget	Information about the targeted host/database of an attack.
attackType	string	The type of the attack. `COMMAND_INJECTION` `JNDI_INJECTION` `SQL_INJECTION` `SSRF`
attacker	Attacker	Attacker of an attack.
displayId	string	The display ID of the attack.
displayName	string	The display name of the attack.
entrypoint	AttackEntrypoint	Describes the entrypoint used by an attacker to start a specific attack.
managementZones	ManagementZone[]	A list of management zones which the affected entities belong to.
request	RequestInformation	Describes the complete request information of an attack.
securityProblem	AttackSecurityProblem	Assessment information and the ID of a security problem related to an attack.
state	string	The state of the attack. `ALLOWLISTED` `BLOCKED` `EXPLOITED`
technology	string	The technology of the attack. `DOTNET` `GO` `JAVA` `NODE_JS`
timestamp	integer	The timestamp when the attack occurred.
vulnerability	Vulnerability	Describes the exploited vulnerability.

The `AffectedEntities` object

Information about affected entities of an attack.

Element	Type	Description
processGroup	AffectedEntity	Information about an affected entity.
processGroupInstance	AffectedEntity	Information about an affected entity.

The `AffectedEntity` object

Information about an affected entity.

Element	Type	Description
id	string	The monitored entity ID of the affected entity.
name	string	The name of the affected entity.

The `AttackTarget` object

Information about the targeted host/database of an attack.

Element	Type	Description
entityId	string	The monitored entity ID of the targeted host/database.
name	string	The name of the targeted host/database.

The `Attacker` object

Attacker of an attack.

Element	Type	Description
location	AttackerLocation	Location of an attacker.
sourceIp	string	The source IP of the attacker.

The `AttackerLocation` object

Location of an attacker.

Element	Type	Description
city	string	City of the attacker.
country	string	The country of the attacker.
countryCode	string	The country code of the country of the attacker, according to the ISO 3166-1 Alpha-2 standard.

The `AttackEntrypoint` object

Describes the entrypoint used by an attacker to start a specific attack.

Element	Type	Description
codeLocation	CodeLocation	Information about a code location.
entrypointFunction	FunctionDefinition	Information about a function definition.
payload	object[]	A list of values that has possibly been truncated.

The `CodeLocation` object

Information about a code location.

Element	Type	Description
className	string	The fully qualified class name of the code location.
columnNumber	integer	The column number of the code location.
displayName	string	A human readable string representation of the code location.
fileName	string	The file name of the code location.
functionName	string	The function/method name of the code location.
lineNumber	integer	The line number of the code location.
parameterTypes	TruncatableListString	A list of values that has possibly been truncated.
returnType	string	The return type of the function.

The `TruncatableListString` object

A list of values that has possibly been truncated.

Element	Type	Description
truncationInfo	TruncationInfo	Information on a possible truncation.
values	string[]	Values of the list.

The `TruncationInfo` object

Information on a possible truncation.

Element	Type	Description
truncated	boolean	If the list/value has been truncated.

The `FunctionDefinition` object

Information about a function definition.

Element	Type	Description
className	string	The fully qualified class name of the class that includes the function.
displayName	string	A human readable string representation of the function definition.
fileName	string	The file name of the function definition.
functionName	string	The function/method name of the function definition.
parameterTypes	TruncatableListString	A list of values that has possibly been truncated.
returnType	string	The return type of the function.

The `EntrypointPayload` object

Describes a payload sent to an entrypoint during an attack.

Element	Type	Description
name	string	Name of the payload, if applicable.
type	string	Type of the payload. `HTTP_BODY` `HTTP_COOKIE` `HTTP_HEADER_NAME` `HTTP_HEADER_VALUE` `HTTP_OTHER` `HTTP_PARAMETER_NAME` `HTTP_PARAMETER_VALUE` `HTTP_URL` `UNKNOWN`
value	string	Value of the payload.

The `ManagementZone` object

A short representation of a management zone.

Element	Type	Description
id	string	The ID of the management zone.
name	string	The name of the management zone.

The `RequestInformation` object

Describes the complete request information of an attack.

Element	Type	Description
host	string	The target host of the request.
path	string	The request path.
protocolDetails	ProtocolDetails	Details that are specific to the used protocol.
url	string	The requested URL.

The `ProtocolDetails` object

Details that are specific to the used protocol.

Element	Type	Description
http	HttpProtocolDetails	HTTP specific request details.

The `HttpProtocolDetails` object

HTTP specific request details.

Element	Type	Description
headers	TruncatableListAttackRequestHeader	A list of values that has possibly been truncated.
parameters	TruncatableListHttpRequestParameter	A list of values that has possibly been truncated.
requestMethod	string	The HTTP request method.

The `TruncatableListAttackRequestHeader` object

A list of values that has possibly been truncated.

Element	Type	Description
truncationInfo	TruncationInfo	Information on a possible truncation.
values	AttackRequestHeader[]	Values of the list.

The `AttackRequestHeader` object

A header element of the attack's request.

Element	Type	Description
name	string	The name of the header element.
value	string	The value of the header element.

The `TruncatableListHttpRequestParameter` object

A list of values that has possibly been truncated.

Element	Type	Description
truncationInfo	TruncationInfo	Information on a possible truncation.
values	HttpRequestParameter[]	Values of the list.

The `HttpRequestParameter` object

An HTTP request parameter.

Element	Type	Description
name	string	The name of the parameter.
value	string	The value of the parameter.

The `AttackSecurityProblem` object

Assessment information and the ID of a security problem related to an attack.

Element	Type	Description
assessment	AttackSecurityProblemAssessmentDto	The assessment of a security problem related to an attack.
securityProblemId	string	The security problem ID.

The `AttackSecurityProblemAssessmentDto` object

The assessment of a security problem related to an attack.

Element	Type	Description
dataAssets	string	The reachability of data assets by the attacked target. `NOT_AVAILABLE` `NOT_DETECTED` `REACHABLE`
exposure	string	The level of exposure of the attacked target `NOT_AVAILABLE` `NOT_DETECTED` `PUBLIC_NETWORK`
numberOfReachableDataAssets	integer	The number of data assets reachable by the attacked target.

The `Vulnerability` object

Describes the exploited vulnerability.

Element	Type	Description
codeLocation	CodeLocation	Information about a code location.
displayName	string	The display name of the vulnerability.
vulnerabilityId	string	The id of the vulnerability.
vulnerableFunction	FunctionDefinition	Information about a function definition.
vulnerableFunctionInput	VulnerableFunctionInput	Describes what got passed into the code level vulnerability.

The `VulnerableFunctionInput` object

Describes what got passed into the code level vulnerability.

Element	Type	Description
inputSegments	VulnerableFunctionInputSegment[]	A list of input segments.
type	string	The type of the input. `COMMAND` `HTTP_CLIENT` `JNDI` `SQL_STATEMENT`

The `VulnerableFunctionInputSegment` object

Describes one segment that was passed into a vulnerable function.

Element	Type	Description
type	string	The type of the input segment. `MALICIOUS_INPUT` `REGULAR_INPUT` `TAINTED_INPUT`
value	string	The value of the input segment.

Response body JSON model

{
  "affectedEntities": {
    "processGroup": {
      "id": "string",
      "name": "string"
    },
    "processGroupInstance": {}
  },
  "attackId": "string",
  "attackTarget": {
    "entityId": "string",
    "name": "string"
  },
  "attackType": "COMMAND_INJECTION",
  "attacker": {
    "location": {
      "city": "string",
      "country": "string",
      "countryCode": "string"
    },
    "sourceIp": "string"
  },
  "displayId": "string",
  "displayName": "string",
  "entrypoint": {
    "codeLocation": {
      "className": "string",
      "columnNumber": 1,
      "displayName": "string",
      "fileName": "string",
      "functionName": "string",
      "lineNumber": 1,
      "parameterTypes": {
        "truncationInfo": {
          "truncated": true
        },
        "values": [
          "string"
        ]
      },
      "returnType": "string"
    },
    "entrypointFunction": {
      "className": "string",
      "displayName": "string",
      "fileName": "string",
      "functionName": "string",
      "parameterTypes": {},
      "returnType": "string"
    },
    "payload": [
      {
        "truncationInfo": {},
        "values": [
          {
            "name": "string",
            "type": "HTTP_BODY",
            "value": "string"
          }
        ]
      }
    ]
  },
  "managementZones": [
    {
      "id": "string",
      "name": "string"
    }
  ],
  "request": {
    "host": "string",
    "path": "string",
    "protocolDetails": {
      "http": {
        "headers": {
          "truncationInfo": {},
          "values": [
            {
              "name": "string",
              "value": "string"
            }
          ]
        },
        "parameters": {
          "truncationInfo": {},
          "values": [
            {
              "name": "string",
              "value": "string"
            }
          ]
        },
        "requestMethod": "string"
      }
    },
    "url": "string"
  },
  "securityProblem": {
    "assessment": {
      "dataAssets": "NOT_AVAILABLE",
      "exposure": "NOT_AVAILABLE",
      "numberOfReachableDataAssets": 1
    },
    "securityProblemId": "string"
  },
  "state": "ALLOWLISTED",
  "technology": "DOTNET",
  "timestamp": 1,
  "vulnerability": {
    "codeLocation": {},
    "displayName": "string",
    "vulnerabilityId": "string",
    "vulnerableFunction": {},
    "vulnerableFunctionInput": {
      "inputSegments": [
        {
          "type": "MALICIOUS_INPUT",
          "value": "string"
        }
      ],
      "type": "COMMAND"
    }
  }
}

Attacks API - GET attack details

Authentication

Parameters

Response

Response codes

Response body objects

The Attack object

The AffectedEntities object

The AffectedEntity object

The AttackTarget object

The Attacker object

The AttackerLocation object

The AttackEntrypoint object

The CodeLocation object

The TruncatableListString object

The TruncationInfo object

The FunctionDefinition object

The EntrypointPayload object

The ManagementZone object

The RequestInformation object

The ProtocolDetails object

The HttpProtocolDetails object

The TruncatableListAttackRequestHeader object

The AttackRequestHeader object

The TruncatableListHttpRequestParameter object

The HttpRequestParameter object

The AttackSecurityProblem object

The AttackSecurityProblemAssessmentDto object

The Vulnerability object

The VulnerableFunctionInput object

The VulnerableFunctionInputSegment object

Response body JSON model

Related topics

The `Attack` object

The `AffectedEntities` object

The `AffectedEntity` object

The `AttackTarget` object

The `Attacker` object

The `AttackerLocation` object

The `AttackEntrypoint` object

The `CodeLocation` object

The `TruncatableListString` object

The `TruncationInfo` object

The `FunctionDefinition` object

The `EntrypointPayload` object

The `ManagementZone` object

The `RequestInformation` object

The `ProtocolDetails` object

The `HttpProtocolDetails` object

The `TruncatableListAttackRequestHeader` object

The `AttackRequestHeader` object

The `TruncatableListHttpRequestParameter` object

The `HttpRequestParameter` object

The `AttackSecurityProblem` object

The `AttackSecurityProblemAssessmentDto` object

The `Vulnerability` object

The `VulnerableFunctionInput` object

The `VulnerableFunctionInputSegment` object