Lists the events of a specific vulnerability.
The request produces an application/json
payload.
GET | SaaS | https://{your-environment-id}.live.dynatrace.com/api/v2/securityProblems/{id}/events |
Environment ActiveGateCluster ActiveGate | https://{your-activegate-domain}:9999/e/{your-environment-id}/api/v2/securityProblems/{id}/events |
To execute this request, you need an access token with securityProblems.read
scope.
To learn how to obtain and use it, see Tokens and authentication.
The ID of the requested security problem.
The start of the requested timeframe.
You can use one of the following formats:
2021-01-25T05:57:01.123+01:00
. If no time zone is specified, UTC is used. You can use a space character instead of the T
. Seconds and fractions of a second are optional.now-NU/A
, where N
is the amount of time, U
is the unit of time, and A
is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w
is one year back, aligned by a week.
You can also specify relative timeframe without an alignment: now-NU
.
Supported time units for the relative timeframe are:
m
: minutesh
: hoursd
: daysw
: weeksM
: monthsy
: yearsIf not set, the relative timeframe of thirty days is used (now-30d
).
The end of the requested timeframe.
You can use one of the following formats:
2021-01-25T05:57:01.123+01:00
. If no time zone is specified, UTC is used. You can use a space character instead of the T
. Seconds and fractions of a second are optional.now-NU/A
, where N
is the amount of time, U
is the unit of time, and A
is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w
is one year back, aligned by a week.
You can also specify relative timeframe without an alignment: now-NU
.
Supported time units for the relative timeframe are:
m
: minutesh
: hoursd
: daysw
: weeksM
: monthsy
: yearsIf not set, the current timestamp is used.
SecurityProblemEventsList
objectA list of events for a security problem.
The cursor for the next page of results. Has the value of null
on the last page.
Use it in the nextPageKey query parameter to obtain subsequent pages of the result.
The number of entries per page.
The total number of entries in the result.
SecurityProblemEvent
objectThe event of a security problem.
The reason of the event creation.
ASSESSMENT_CHANGED
SECURITY_PROBLEM_CREATED
SECURITY_PROBLEM_MUTED
SECURITY_PROBLEM_REOPENED
SECURITY_PROBLEM_RESOLVED
SECURITY_PROBLEM_UNMUTED
A snapshot of the risk assessment of a security problem.
The timestamp when the event occurred.
MuteState
objectMetadata of the muted state of a security problem in relation to an event.
A user's comment.
The reason for the mute state change.
AFFECTED
CONFIGURATION_NOT_AFFECTED
FALSE_POSITIVE
IGNORE
INITIAL_STATE
OTHER
VULNERABLE_CODE_NOT_IN_USE
The user who has muted or unmuted the problem.
RiskAssessmentSnapshot
objectA snapshot of the risk assessment of a security problem.
The risk score (1-10) from the CVSS score.
The level of exposure of affected entities.
NOT_AVAILABLE
NOT_DETECTED
PUBLIC_NETWORK
The number of currently affected entities.
The number of currently affected nodes.
The number of currently affected process groups.
The number of data assets that are currently reachable by affected entities.
The number of related attacks.
The availability status of public exploits.
AVAILABLE
NOT_AVAILABLE
The Davis risk level.
It is calculated by Dynatrace on the basis of CVSS score.
CRITICAL
HIGH
LOW
MEDIUM
NONE
The Davis risk score (1-10).
It is calculated by Dynatrace on the basis of CVSS score.
The state of vulnerable code execution.
IN_USE
NOT_AVAILABLE
NOT_IN_USE
RiskAssessmentChanges
objectAll changes of the risk assessment.
The delta of the risk score.
The delta of the number of currently affected nodes.
The delta of the number of currently affected process groups.
The delta of the number of data assets that are currently reachable by affected entities.
The delta of the number of related attacks.
The delta of the Davis risk score.
The previous level of exposure of affected entities.
NOT_AVAILABLE
NOT_DETECTED
PUBLIC_NETWORK
The previous availability status of public exploits.
AVAILABLE
NOT_AVAILABLE
The previous state of vulnerable code execution.
IN_USE
NOT_AVAILABLE
NOT_IN_USE
{"events": [{"muteState": {"comment": "string","reason": "AFFECTED","user": "string"},"reason": "ASSESSMENT_CHANGED","riskAssessmentSnapshot": {"baseRiskScore": 1,"changes": {"deltaBaseRiskScore": 1,"deltaNumberOfAffectedNodes": 1,"deltaNumberOfAffectedProcessGroups": 1,"deltaNumberOfReachableDataAssets": 1,"deltaNumberOfRelatedAttacks": 1,"deltaRiskScore": 1,"previousExposure": "NOT_AVAILABLE","previousPublicExploit": "AVAILABLE","previousVulnerableFunctionUsage": "IN_USE"},"exposure": "NOT_AVAILABLE","numberOfAffectedEntities": 1,"numberOfAffectedNodes": 1,"numberOfAffectedProcessGroups": 1,"numberOfReachableDataAssets": 1,"numberOfRelatedAttacks": 1,"publicExploit": "AVAILABLE","riskLevel": "CRITICAL","riskScore": 1,"vulnerableFunctionUsage": "IN_USE"},"timestamp": 1}],"nextPageKey": "AQAAABQBAAAABQ==","pageSize": 1,"totalCount": 1}
Query global vulnerability events.
Required filter: securityProblemId
.
curl -X 'GET' 'https://mySampleEnv.live.dynatrace.com/api/v2/securityProblems/7412525767433554374/events' \-H 'accept: application/json; charset=utf-8' \-H 'Authorization: Api-Token [your_token]'
https://mySampleEnv.live.dynatracelabs.com/api/v2/securityProblems/7412525767433554374/events
{"events": [{"timestamp": 1726497793191,"reason": "SECURITY_PROBLEM_REOPENED","riskAssessmentSnapshot": {"baseRiskScore": 5.3,"exposure": "PUBLIC_NETWORK","numberOfAffectedEntities": 2,"numberOfAffectedNodes": 0,"numberOfAffectedProcessGroups": 2,"numberOfReachableDataAssets": 1,"numberOfRelatedAttacks": 0,"publicExploit": "NOT_AVAILABLE","riskLevel": "MEDIUM","riskScore": 5.3,"vulnerableFunctionUsage": "NOT_AVAILABLE"}},{"timestamp": 1726496886335,"reason": "SECURITY_PROBLEM_RESOLVED","riskAssessmentSnapshot": {"baseRiskScore": 5.3,"exposure": "NOT_DETECTED","numberOfAffectedEntities": 0,"numberOfAffectedNodes": 0,"numberOfAffectedProcessGroups": 0,"numberOfReachableDataAssets": 0,"numberOfRelatedAttacks": 0,"publicExploit": "NOT_AVAILABLE","riskLevel": "MEDIUM","riskScore": 5.3,"vulnerableFunctionUsage": "NOT_AVAILABLE"}},{"timestamp": 1726495992217,"reason": "SECURITY_PROBLEM_REOPENED","riskAssessmentSnapshot": {"baseRiskScore": 5.3,"exposure": "PUBLIC_NETWORK","numberOfAffectedEntities": 2,"numberOfAffectedNodes": 0,"numberOfAffectedProcessGroups": 2,"numberOfReachableDataAssets": 1,"numberOfRelatedAttacks": 0,"publicExploit": "NOT_AVAILABLE","riskLevel": "MEDIUM","riskScore": 5.3,"vulnerableFunctionUsage": "NOT_AVAILABLE"}},{"timestamp": 1726495086473,"reason": "SECURITY_PROBLEM_RESOLVED","riskAssessmentSnapshot": {"baseRiskScore": 5.3,"exposure": "NOT_DETECTED","numberOfAffectedEntities": 0,"numberOfAffectedNodes": 0,"numberOfAffectedProcessGroups": 0,"numberOfReachableDataAssets": 0,"numberOfRelatedAttacks": 0,"publicExploit": "NOT_AVAILABLE","riskLevel": "MEDIUM","riskScore": 5.3,"vulnerableFunctionUsage": "NOT_AVAILABLE"}},{"timestamp": 1726121661376,"reason": "ASSESSMENT_CHANGED","riskAssessmentSnapshot": {"baseRiskScore": 5.3,"changes": {"deltaRiskScore": 1,"previousExposure": "NOT_DETECTED"},"exposure": "PUBLIC_NETWORK","numberOfAffectedEntities": 2,"numberOfAffectedNodes": 0,"numberOfAffectedProcessGroups": 2,"numberOfReachableDataAssets": 1,"numberOfRelatedAttacks": 0,"publicExploit": "NOT_AVAILABLE","riskLevel": "MEDIUM","riskScore": 5.3,"vulnerableFunctionUsage": "NOT_AVAILABLE"}},{"timestamp": 1725894871382,"reason": "ASSESSMENT_CHANGED","riskAssessmentSnapshot": {"baseRiskScore": 5.3,"changes": {"deltaNumberOfAffectedProcessGroups": 1},"exposure": "NOT_DETECTED","numberOfAffectedEntities": 2,"numberOfAffectedNodes": 0,"numberOfAffectedProcessGroups": 2,"numberOfReachableDataAssets": 1,"numberOfRelatedAttacks": 0,"publicExploit": "NOT_AVAILABLE","riskLevel": "MEDIUM","riskScore": 4.3,"vulnerableFunctionUsage": "NOT_AVAILABLE"}}],"pageSize": 1,"totalCount": 6}