Settings API - Vulnerability Analytics- Kubernetes monitoring rules for third-party vulnerabilities schema table

Vulnerability Analytics: Kubernetes monitoring rules for third-party vulnerabilities (builtin:appsec.third-party-vulnerability-kubernetes-label-rule-settings)

The global third-party vulnerability detection control defines the default for all Kubernetes hosts. To override the default, define custom monitoring rules here. Note that monitoring rules are ordered; the first matching rule applies.

Schema IDSchema groupsScope
builtin:appsec.third-party-vulnerability-kubernetes-label-rule-settings
  • group:appsec
  • group:appsec.third-party-monitoring-rules
environment
GETManagedhttps://{your-domain}/e/{your-environment-id}/api/v2/settings/schemas/builtin:appsec.third-party-vulnerability-kubernetes-label-rule-settings
SaaShttps://{your-environment-id}.live.dynatrace.com/api/v2/settings/schemas/builtin:appsec.third-party-vulnerability-kubernetes-label-rule-settings
Environment ActiveGatehttps://{your-activegate-domain}/e/{your-environment-id}/api/v2/settings/schemas/builtin:appsec.third-party-vulnerability-kubernetes-label-rule-settings

Authentication

To execute this request, you need an access token with Read settings (settings.read) scope. To learn how to obtain and use it, see Tokens and authentication.

Parameters

PropertyTypeDescriptionRequired
Enabled
enabled		boolean-required
Rule name
ruleName		text-optional
Step 1: Select third-party vulnerability detection behavior
vulnerabilityDetectionControl		VulnerabilityDetectionControl-required
Step 2: Specify where the rule is applied (optional)
kubernetesLabelConditions		KubernetesLabelCondition[]

When you add multiple conditions, the rule applies if all conditions apply.

If you want the rule to apply only to a subset of your environment, provide the Kubernetes label that should be used to identify that part of the environment.

required
Step 3: Leave comment (optional)
metadata		Metadata-required
The VulnerabilityDetectionControl object
PropertyTypeDescriptionRequired
Third-party vulnerability control
monitoringMode		enum
  • MONITORING_OFF
  • MONITORING_ON
required
The KubernetesLabelCondition object
PropertyTypeDescriptionRequired
Kubernetes label key
kubernetesLabelKey		text-required
Matcher
matcher		enum
  • EQUALS
  • NOT_EQUALS
  • CONTAINS
  • DOES_NOT_CONTAIN
  • STARTS_WITH
  • DOES_NOT_START_WITH
  • ENDS_WITH
  • DOES_NOT_END_WITH
  • EXISTS
  • DOES_NOT_EXIST
required
Kubernetes label value
kubernetesLabelValue		text-optional
The Metadata object
PropertyTypeDescriptionRequired
Comment
comment		text-required