Vulnerabilities API - GET vulnerability events

Lists the events of a specific vulnerability.

The request produces an application/json payload.

GET	SaaS	`https://{your-environment-id}.live.dynatrace.com/api/v2/securityProblems/{id}/events`
GET	Environment ActiveGateCluster ActiveGate	`https://{your-activegate-domain}:9999/e/{your-environment-id}/api/v2/securityProblems/{id}/events`

Authentication

To execute this request, you need an access token with securityProblems.read scope.

To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter Type Description In Required

string

Parameter	Type	Description	In	Required
id	string	The ID of the requested security problem.	path	required
from	string	The start of the requested timeframe. You can use one of the following formats: Timestamp in UTC milliseconds. Human-readable format of `2021-01-25T05:57:01.123+01:00`. If no time zone is specified, UTC is used. You can use a space character instead of the `T`. Seconds and fractions of a second are optional. Relative timeframe, back from now. The format is `now-NU/A`, where `N` is the amount of time, `U` is the unit of time, and `A` is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, `now-1y/w` is one year back, aligned by a week. You can also specify relative timeframe without an alignment: `now-NU`. Supported time units for the relative timeframe are: `m`: minutes `h`: hours `d`: days `w`: weeks `M`: months `y`: years If not set, the relative timeframe of thirty days is used (`now-30d`).	query	optional
to	string	The end of the requested timeframe. You can use one of the following formats: Timestamp in UTC milliseconds. Human-readable format of `2021-01-25T05:57:01.123+01:00`. If no time zone is specified, UTC is used. You can use a space character instead of the `T`. Seconds and fractions of a second are optional. Relative timeframe, back from now. The format is `now-NU/A`, where `N` is the amount of time, `U` is the unit of time, and `A` is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, `now-1y/w` is one year back, aligned by a week. You can also specify relative timeframe without an alignment: `now-NU`. Supported time units for the relative timeframe are: `m`: minutes `h`: hours `d`: days `w`: weeks `M`: months `y`: years If not set, the current timestamp is used.	query	optional

The ID of the requested security problem.

path

required

from

string

The start of the requested timeframe.

You can use one of the following formats:

Timestamp in UTC milliseconds.
Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
- m: minutes
- h: hours
- d: days
- w: weeks
- M: months
- y: years

If not set, the relative timeframe of thirty days is used (now-30d).

query

optional

string

The end of the requested timeframe.

You can use one of the following formats:

Timestamp in UTC milliseconds.
Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
- m: minutes
- h: hours
- d: days
- w: weeks
- M: months
- y: years

If not set, the current timestamp is used.

query

optional

Response

Response codes

Code	Type	Description
200	SecurityProblemEventsList	Success. The response contains the list of security problem events.
4XX	ErrorEnvelope	Client side error.
5XX	ErrorEnvelope	Server side error.

Response body objects

The `SecurityProblemEventsList` object

A list of events for a security problem.

Element	Type	Description
events	SecurityProblemEvent[]	A list of events for a security problem.
nextPageKey	string	The cursor for the next page of results. Has the value of `null` on the last page. Use it in the nextPageKey query parameter to obtain subsequent pages of the result.
pageSize	integer	The number of entries per page.
totalCount	integer	The total number of entries in the result.

The `SecurityProblemEvent` object

The event of a security problem.

Element	Type	Description
muteState	MuteState	Metadata of the muted state of a security problem in relation to an event.
reason	string	The reason of the event creation. `ASSESSMENT_CHANGED` `SECURITY_PROBLEM_CREATED` `SECURITY_PROBLEM_MUTED` `SECURITY_PROBLEM_REOPENED` `SECURITY_PROBLEM_RESOLVED` `SECURITY_PROBLEM_UNMUTED`
riskAssessmentSnapshot	RiskAssessmentSnapshot	A snapshot of the risk assessment of a security problem.
timestamp	integer	The timestamp when the event occurred.

The `MuteState` object

Metadata of the muted state of a security problem in relation to an event.

Element	Type	Description
comment	string	A user's comment.
reason	string	The reason for the mute state change. `AFFECTED` `CONFIGURATION_NOT_AFFECTED` `FALSE_POSITIVE` `IGNORE` `INITIAL_STATE` `OTHER` `VULNERABLE_CODE_NOT_IN_USE`
user	string	The user who has muted or unmuted the problem.

The `RiskAssessmentSnapshot` object

A snapshot of the risk assessment of a security problem.

Element	Type	Description
baseRiskScore	number	The risk score (1-10) from the CVSS score.
changes	RiskAssessmentChanges	All changes of the risk assessment.
exposure	string	The level of exposure of affected entities. `NOT_AVAILABLE` `NOT_DETECTED` `PUBLIC_NETWORK`
numberOfAffectedEntities	integer	The number of currently affected entities.
numberOfAffectedNodes	integer	The number of currently affected nodes.
numberOfAffectedProcessGroups	integer	The number of currently affected process groups.
numberOfReachableDataAssets	integer	The number of data assets that are currently reachable by affected entities.
numberOfRelatedAttacks	integer	The number of related attacks.
publicExploit	string	The availability status of public exploits. `AVAILABLE` `NOT_AVAILABLE`
riskLevel	string	The Davis risk level. It is calculated by Dynatrace on the basis of CVSS score. `CRITICAL` `HIGH` `LOW` `MEDIUM` `NONE`
riskScore	number	The Davis risk score (1-10). It is calculated by Dynatrace on the basis of CVSS score.
vulnerableFunctionUsage	string	The state of vulnerable code execution. `IN_USE` `NOT_AVAILABLE` `NOT_IN_USE`

The `RiskAssessmentChanges` object

All changes of the risk assessment.

Element	Type	Description
deltaBaseRiskScore	number	The delta of the risk score.
deltaNumberOfAffectedNodes	integer	The delta of the number of currently affected nodes.
deltaNumberOfAffectedProcessGroups	integer	The delta of the number of currently affected process groups.
deltaNumberOfReachableDataAssets	integer	The delta of the number of data assets that are currently reachable by affected entities.
deltaNumberOfRelatedAttacks	integer	The delta of the number of related attacks.
deltaRiskScore	number	The delta of the Davis risk score.
previousExposure	string	The previous level of exposure of affected entities. `NOT_AVAILABLE` `NOT_DETECTED` `PUBLIC_NETWORK`
previousPublicExploit	string	The previous availability status of public exploits. `AVAILABLE` `NOT_AVAILABLE`
previousVulnerableFunctionUsage	string	The previous state of vulnerable code execution. `IN_USE` `NOT_AVAILABLE` `NOT_IN_USE`

Response body JSON model

{
  "events": [
    {
      "muteState": {
        "comment": "string",
        "reason": "AFFECTED",
        "user": "string"
      },
      "reason": "ASSESSMENT_CHANGED",
      "riskAssessmentSnapshot": {
        "baseRiskScore": 1,
        "changes": {
          "deltaBaseRiskScore": 1,
          "deltaNumberOfAffectedNodes": 1,
          "deltaNumberOfAffectedProcessGroups": 1,
          "deltaNumberOfReachableDataAssets": 1,
          "deltaNumberOfRelatedAttacks": 1,
          "deltaRiskScore": 1,
          "previousExposure": "NOT_AVAILABLE",
          "previousPublicExploit": "AVAILABLE",
          "previousVulnerableFunctionUsage": "IN_USE"
        },
        "exposure": "NOT_AVAILABLE",
        "numberOfAffectedEntities": 1,
        "numberOfAffectedNodes": 1,
        "numberOfAffectedProcessGroups": 1,
        "numberOfReachableDataAssets": 1,
        "numberOfRelatedAttacks": 1,
        "publicExploit": "AVAILABLE",
        "riskLevel": "CRITICAL",
        "riskScore": 1,
        "vulnerableFunctionUsage": "IN_USE"
      },
      "timestamp": 1
    }
  ],
  "nextPageKey": "AQAAABQBAAAABQ==",
  "pageSize": 1,
  "totalCount": 1
}

Example

Query global vulnerability events.

Required filter: securityProblemId.

Curl

curl -X 'GET' 'https://mySampleEnv.live.dynatrace.com/api/v2/securityProblems/7412525767433554374/events' \
-H 'accept: application/json; charset=utf-8' \
-H 'Authorization: Api-Token [your_token]'

Request URL

https://mySampleEnv.live.dynatracelabs.com/api/v2/securityProblems/7412525767433554374/events

Response body

{
  "events": [
    {
      "timestamp": 1726497793191,
      "reason": "SECURITY_PROBLEM_REOPENED",
      "riskAssessmentSnapshot": {
        "baseRiskScore": 5.3,
        "exposure": "PUBLIC_NETWORK",
        "numberOfAffectedEntities": 2,
        "numberOfAffectedNodes": 0,
        "numberOfAffectedProcessGroups": 2,
        "numberOfReachableDataAssets": 1,
        "numberOfRelatedAttacks": 0,
        "publicExploit": "NOT_AVAILABLE",
        "riskLevel": "MEDIUM",
        "riskScore": 5.3,
        "vulnerableFunctionUsage": "NOT_AVAILABLE"
      }
    },
    {
      "timestamp": 1726496886335,
      "reason": "SECURITY_PROBLEM_RESOLVED",
      "riskAssessmentSnapshot": {
        "baseRiskScore": 5.3,
        "exposure": "NOT_DETECTED",
        "numberOfAffectedEntities": 0,
        "numberOfAffectedNodes": 0,
        "numberOfAffectedProcessGroups": 0,
        "numberOfReachableDataAssets": 0,
        "numberOfRelatedAttacks": 0,
        "publicExploit": "NOT_AVAILABLE",
        "riskLevel": "MEDIUM",
        "riskScore": 5.3,
        "vulnerableFunctionUsage": "NOT_AVAILABLE"
      }
    },
    {
      "timestamp": 1726495992217,
      "reason": "SECURITY_PROBLEM_REOPENED",
      "riskAssessmentSnapshot": {
        "baseRiskScore": 5.3,
        "exposure": "PUBLIC_NETWORK",
        "numberOfAffectedEntities": 2,
        "numberOfAffectedNodes": 0,
        "numberOfAffectedProcessGroups": 2,
        "numberOfReachableDataAssets": 1,
        "numberOfRelatedAttacks": 0,
        "publicExploit": "NOT_AVAILABLE",
        "riskLevel": "MEDIUM",
        "riskScore": 5.3,
        "vulnerableFunctionUsage": "NOT_AVAILABLE"
      }
    },
    {
      "timestamp": 1726495086473,
      "reason": "SECURITY_PROBLEM_RESOLVED",
      "riskAssessmentSnapshot": {
        "baseRiskScore": 5.3,
        "exposure": "NOT_DETECTED",
        "numberOfAffectedEntities": 0,
        "numberOfAffectedNodes": 0,
        "numberOfAffectedProcessGroups": 0,
        "numberOfReachableDataAssets": 0,
        "numberOfRelatedAttacks": 0,
        "publicExploit": "NOT_AVAILABLE",
        "riskLevel": "MEDIUM",
        "riskScore": 5.3,
        "vulnerableFunctionUsage": "NOT_AVAILABLE"
      }
    },
    {
      "timestamp": 1726121661376,
      "reason": "ASSESSMENT_CHANGED",
      "riskAssessmentSnapshot": {
        "baseRiskScore": 5.3,
        "changes": {
          "deltaRiskScore": 1,
          "previousExposure": "NOT_DETECTED"
        },
        "exposure": "PUBLIC_NETWORK",
        "numberOfAffectedEntities": 2,
        "numberOfAffectedNodes": 0,
        "numberOfAffectedProcessGroups": 2,
        "numberOfReachableDataAssets": 1,
        "numberOfRelatedAttacks": 0,
        "publicExploit": "NOT_AVAILABLE",
        "riskLevel": "MEDIUM",
        "riskScore": 5.3,
        "vulnerableFunctionUsage": "NOT_AVAILABLE"
      }
    },
    {
      "timestamp": 1725894871382,
      "reason": "ASSESSMENT_CHANGED",
      "riskAssessmentSnapshot": {
        "baseRiskScore": 5.3,
        "changes": {
          "deltaNumberOfAffectedProcessGroups": 1
        },
        "exposure": "NOT_DETECTED",
        "numberOfAffectedEntities": 2,
        "numberOfAffectedNodes": 0,
        "numberOfAffectedProcessGroups": 2,
        "numberOfReachableDataAssets": 1,
        "numberOfRelatedAttacks": 0,
        "publicExploit": "NOT_AVAILABLE",
        "riskLevel": "MEDIUM",
        "riskScore": 4.3,
        "vulnerableFunctionUsage": "NOT_AVAILABLE"
      }
    }
  ],
  "pageSize": 1,
  "totalCount": 6
}

Vulnerabilities API - GET vulnerability events

Authentication

Parameters

Response

Response codes

Response body objects

The SecurityProblemEventsList object

The SecurityProblemEvent object

The MuteState object

The RiskAssessmentSnapshot object

The RiskAssessmentChanges object

Response body JSON model

Example

Curl

Request URL

Response body

Related topics

The `SecurityProblemEventsList` object

The `SecurityProblemEvent` object

The `MuteState` object

The `RiskAssessmentSnapshot` object

The `RiskAssessmentChanges` object