Lists the details of a specific attack.
The request produces an application/json payload.
| GET | SaaS | https://{your-environment-id}.live.dynatrace.com/api/v2/attacks/{id} |
| Environment ActiveGateCluster ActiveGate | https://{your-activegate-domain}:9999/e/{your-environment-id}/api/v2/attacks/{id} |
To execute this request, you need an access token with attacks.read scope.
To learn how to obtain and use it, see Tokens and authentication.
The ID of the attack.
A list of additional attack properties you can add to the response.
The following properties are available (all other properties are always included and you can't remove them from the response):
attackTarget: The targeted host/database of an attack.request: The request that was sent from the attacker.entrypoint: The entry point used by an attacker to start a specific attack.vulnerability: The vulnerability utilized by the attack.securityProblem: The related security problem.attacker: The attacker of an attack.managementZones: The related management zones.To add properties, specify them in a comma-separated list and prefix each property with a plus (for example, +attackTarget,+securityProblem).
Attack objectDescribes an attack.
The ID of the attack.
The type of the attack.
COMMAND_INJECTIONJNDI_INJECTIONSQL_INJECTIONSSRFThe display ID of the attack.
The display name of the attack.
Assessment information and the ID of a security problem related to an attack.
The state of the attack.
ALLOWLISTEDBLOCKEDEXPLOITEDThe technology of the attack.
DOTNETGOJAVANODE_JSThe timestamp when the attack occurred.
AffectedEntities objectInformation about affected entities of an attack.
AffectedEntity objectInformation about an affected entity.
The monitored entity ID of the affected entity.
The name of the affected entity.
AttackTarget objectInformation about the targeted host/database of an attack.
The monitored entity ID of the targeted host/database.
The name of the targeted host/database.
Attacker objectAttacker of an attack.
The source IP of the attacker.
AttackerLocation objectLocation of an attacker.
City of the attacker.
The country of the attacker.
The country code of the country of the attacker, according to the ISO 3166-1 Alpha-2 standard.
AttackEntrypoint objectDescribes the entrypoint used by an attacker to start a specific attack.
A list of values that has possibly been truncated.
CodeLocation objectInformation about a code location.
The fully qualified class name of the code location.
The column number of the code location.
A human readable string representation of the code location.
The file name of the code location.
The function/method name of the code location.
The line number of the code location.
The return type of the function.
TruncatableListString objectA list of values that has possibly been truncated.
Values of the list.
TruncationInfo objectInformation on a possible truncation.
If the list/value has been truncated.
FunctionDefinition objectInformation about a function definition.
The fully qualified class name of the class that includes the function.
A human readable string representation of the function definition.
The file name of the function definition.
The function/method name of the function definition.
The return type of the function.
EntrypointPayload objectDescribes a payload sent to an entrypoint during an attack.
Name of the payload, if applicable.
Type of the payload.
HTTP_BODYHTTP_COOKIEHTTP_HEADER_NAMEHTTP_HEADER_VALUEHTTP_OTHERHTTP_PARAMETER_NAMEHTTP_PARAMETER_VALUEHTTP_URLUNKNOWNValue of the payload.
ManagementZone objectA short representation of a management zone.
The ID of the management zone.
The name of the management zone.
RequestInformation objectDescribes the complete request information of an attack.
The target host of the request.
The request path.
The requested URL.
ProtocolDetails objectDetails that are specific to the used protocol.
HttpProtocolDetails objectHTTP specific request details.
The HTTP request method.
TruncatableListAttackRequestHeader objectA list of values that has possibly been truncated.
AttackRequestHeader objectA header element of the attack's request.
The name of the header element.
The value of the header element.
TruncatableListHttpRequestParameter objectA list of values that has possibly been truncated.
HttpRequestParameter objectAn HTTP request parameter.
The name of the parameter.
The value of the parameter.
AttackSecurityProblem objectAssessment information and the ID of a security problem related to an attack.
The assessment of a security problem related to an attack.
The security problem ID.
AttackSecurityProblemAssessmentDto objectThe assessment of a security problem related to an attack.
The reachability of data assets by the attacked target.
NOT_AVAILABLENOT_DETECTEDREACHABLEThe level of exposure of the attacked target
NOT_AVAILABLENOT_DETECTEDPUBLIC_NETWORKThe number of data assets reachable by the attacked target.
Vulnerability objectDescribes the exploited vulnerability.
The display name of the vulnerability.
The id of the vulnerability.
Describes what got passed into the code level vulnerability.
VulnerableFunctionInput objectDescribes what got passed into the code level vulnerability.
The type of the input.
COMMANDHTTP_CLIENTJNDISQL_STATEMENTVulnerableFunctionInputSegment objectDescribes one segment that was passed into a vulnerable function.
The type of the input segment.
MALICIOUS_INPUTREGULAR_INPUTTAINTED_INPUTThe value of the input segment.
{"affectedEntities": {"processGroup": {"id": "string","name": "string"},"processGroupInstance": {}},"attackId": "string","attackTarget": {"entityId": "string","name": "string"},"attackType": "COMMAND_INJECTION","attacker": {"location": {"city": "string","country": "string","countryCode": "string"},"sourceIp": "string"},"displayId": "string","displayName": "string","entrypoint": {"codeLocation": {"className": "string","columnNumber": 1,"displayName": "string","fileName": "string","functionName": "string","lineNumber": 1,"parameterTypes": {"truncationInfo": {"truncated": true},"values": ["string"]},"returnType": "string"},"entrypointFunction": {"className": "string","displayName": "string","fileName": "string","functionName": "string","parameterTypes": {},"returnType": "string"},"payload": [{"truncationInfo": {},"values": [{"name": "string","type": "HTTP_BODY","value": "string"}]}]},"managementZones": [{"id": "string","name": "string"}],"request": {"host": "string","path": "string","protocolDetails": {"http": {"headers": {"truncationInfo": {},"values": [{"name": "string","value": "string"}]},"parameters": {"truncationInfo": {},"values": [{"name": "string","value": "string"}]},"requestMethod": "string"}},"url": "string"},"securityProblem": {"assessment": {"dataAssets": "NOT_AVAILABLE","exposure": "NOT_AVAILABLE","numberOfReachableDataAssets": 1},"securityProblemId": "string"},"state": "ALLOWLISTED","technology": "DOTNET","timestamp": 1,"vulnerability": {"codeLocation": {},"displayName": "string","vulnerabilityId": "string","vulnerableFunction": {},"vulnerableFunctionInput": {"inputSegments": [{"type": "MALICIOUS_INPUT","value": "string"}],"type": "COMMAND"}}}