Attacks API - GET attack details
Lists the details of a specific attack.
The request produces an application/json payload.
| GET | SaaS | https://{your-environment-id}.live.dynatrace.com/api/v2/attacks/{id} |
| Environment ActiveGateCluster ActiveGate | https://{your-activegate-domain}:9999/e/{your-environment-id}/api/v2/attacks/{id} |
Authentication
To execute this request, you need an access token with attacks.read scope.
To learn how to obtain and use it, see Tokens and authentication.
Parameters
| Parameter | Type | Description | In | Required |
|---|---|---|---|---|
| id | string | The ID of the attack. | path | required |
| fields | string | A list of additional attack properties you can add to the response. The following properties are available (all other properties are always included and you can't remove them from the response):
To add properties, specify them in a comma-separated list and prefix each property with a plus (for example, | query | optional |
Response
Response codes
| Code | Type | Description |
|---|---|---|
| 200 | Attack | Success |
| 4XX | ErrorEnvelope | Client side error. |
| 5XX | ErrorEnvelope | Server side error. |
Response body objects
The Attack object
Describes an attack.
| Element | Type | Description |
|---|---|---|
| affectedEntities | AffectedEntities | Information about affected entities of an attack. |
| attackId | string | The ID of the attack. |
| attackTarget | AttackTarget | Information about the targeted host/database of an attack. |
| attackType | string | The type of the attack.
|
| attacker | Attacker | Attacker of an attack. |
| displayId | string | The display ID of the attack. |
| displayName | string | The display name of the attack. |
| entrypoint | AttackEntrypoint | Describes the entrypoint used by an attacker to start a specific attack. |
| managementZones | ManagementZone[] | A list of management zones which the affected entities belong to. |
| request | RequestInformation | Describes the complete request information of an attack. |
| securityProblem | AttackSecurityProblem | Assessment information and the ID of a security problem related to an attack. |
| state | string | The state of the attack.
|
| technology | string | The technology of the attack.
|
| timestamp | integer | The timestamp when the attack occurred. |
| vulnerability | Vulnerability | Describes the exploited vulnerability. |
The AffectedEntities object
Information about affected entities of an attack.
| Element | Type | Description |
|---|---|---|
| processGroup | AffectedEntity | Information about an affected entity. |
| processGroupInstance | AffectedEntity | Information about an affected entity. |
The AffectedEntity object
Information about an affected entity.
| Element | Type | Description |
|---|---|---|
| id | string | The monitored entity ID of the affected entity. |
| name | string | The name of the affected entity. |
The AttackTarget object
Information about the targeted host/database of an attack.
| Element | Type | Description |
|---|---|---|
| entityId | string | The monitored entity ID of the targeted host/database. |
| name | string | The name of the targeted host/database. |
The Attacker object
Attacker of an attack.
| Element | Type | Description |
|---|---|---|
| location | AttackerLocation | Location of an attacker. |
| sourceIp | string | The source IP of the attacker. |
The AttackerLocation object
Location of an attacker.
| Element | Type | Description |
|---|---|---|
| city | string | City of the attacker. |
| country | string | The country of the attacker. |
| countryCode | string | The country code of the country of the attacker, according to the ISO 3166-1 Alpha-2 standard. |
The AttackEntrypoint object
Describes the entrypoint used by an attacker to start a specific attack.
| Element | Type | Description |
|---|---|---|
| codeLocation | CodeLocation | Information about a code location. |
| entrypointFunction | FunctionDefinition | Information about a function definition. |
| payload | object[] | A list of values that has possibly been truncated. |
The CodeLocation object
Information about a code location.
| Element | Type | Description |
|---|---|---|
| className | string | The fully qualified class name of the code location. |
| columnNumber | integer | The column number of the code location. |
| displayName | string | A human readable string representation of the code location. |
| fileName | string | The file name of the code location. |
| functionName | string | The function/method name of the code location. |
| lineNumber | integer | The line number of the code location. |
| parameterTypes | TruncatableListString | A list of values that has possibly been truncated. |
| returnType | string | The return type of the function. |
The TruncatableListString object
A list of values that has possibly been truncated.
| Element | Type | Description |
|---|---|---|
| truncationInfo | TruncationInfo | Information on a possible truncation. |
| values | string[] | Values of the list. |
The TruncationInfo object
Information on a possible truncation.
| Element | Type | Description |
|---|---|---|
| truncated | boolean | If the list/value has been truncated. |
The FunctionDefinition object
Information about a function definition.
| Element | Type | Description |
|---|---|---|
| className | string | The fully qualified class name of the class that includes the function. |
| displayName | string | A human readable string representation of the function definition. |
| fileName | string | The file name of the function definition. |
| functionName | string | The function/method name of the function definition. |
| parameterTypes | TruncatableListString | A list of values that has possibly been truncated. |
| returnType | string | The return type of the function. |
The EntrypointPayload object
Describes a payload sent to an entrypoint during an attack.
| Element | Type | Description |
|---|---|---|
| name | string | Name of the payload, if applicable. |
| type | string | Type of the payload.
|
| value | string | Value of the payload. |
The ManagementZone object
A short representation of a management zone.
| Element | Type | Description |
|---|---|---|
| id | string | The ID of the management zone. |
| name | string | The name of the management zone. |
The RequestInformation object
Describes the complete request information of an attack.
| Element | Type | Description |
|---|---|---|
| host | string | The target host of the request. |
| path | string | The request path. |
| protocolDetails | ProtocolDetails | Details that are specific to the used protocol. |
| url | string | The requested URL. |
The ProtocolDetails object
Details that are specific to the used protocol.
| Element | Type | Description |
|---|---|---|
| http | HttpProtocolDetails | HTTP specific request details. |
The HttpProtocolDetails object
HTTP specific request details.
| Element | Type | Description |
|---|---|---|
| headers | TruncatableListAttackRequestHeader | A list of values that has possibly been truncated. |
| parameters | TruncatableListHttpRequestParameter | A list of values that has possibly been truncated. |
| requestMethod | string | The HTTP request method. |
The TruncatableListAttackRequestHeader object
A list of values that has possibly been truncated.
| Element | Type | Description |
|---|---|---|
| truncationInfo | TruncationInfo | Information on a possible truncation. |
| values | AttackRequestHeader[] | Values of the list. |
The AttackRequestHeader object
A header element of the attack's request.
| Element | Type | Description |
|---|---|---|
| name | string | The name of the header element. |
| value | string | The value of the header element. |
The TruncatableListHttpRequestParameter object
A list of values that has possibly been truncated.
| Element | Type | Description |
|---|---|---|
| truncationInfo | TruncationInfo | Information on a possible truncation. |
| values | HttpRequestParameter[] | Values of the list. |
The HttpRequestParameter object
An HTTP request parameter.
| Element | Type | Description |
|---|---|---|
| name | string | The name of the parameter. |
| value | string | The value of the parameter. |
The AttackSecurityProblem object
Assessment information and the ID of a security problem related to an attack.
| Element | Type | Description |
|---|---|---|
| assessment | AttackSecurityProblemAssessmentDto | The assessment of a security problem related to an attack. |
| securityProblemId | string | The security problem ID. |
The AttackSecurityProblemAssessmentDto object
The assessment of a security problem related to an attack.
| Element | Type | Description |
|---|---|---|
| dataAssets | string | The reachability of data assets by the attacked target.
|
| exposure | string | The level of exposure of the attacked target
|
| numberOfReachableDataAssets | integer | The number of data assets reachable by the attacked target. |
The Vulnerability object
Describes the exploited vulnerability.
| Element | Type | Description |
|---|---|---|
| codeLocation | CodeLocation | Information about a code location. |
| displayName | string | The display name of the vulnerability. |
| vulnerabilityId | string | The id of the vulnerability. |
| vulnerableFunction | FunctionDefinition | Information about a function definition. |
| vulnerableFunctionInput | VulnerableFunctionInput | Describes what got passed into the code level vulnerability. |
The VulnerableFunctionInput object
Describes what got passed into the code level vulnerability.
| Element | Type | Description |
|---|---|---|
| inputSegments | VulnerableFunctionInputSegment[] | A list of input segments. |
| type | string | The type of the input.
|
The VulnerableFunctionInputSegment object
Describes one segment that was passed into a vulnerable function.
| Element | Type | Description |
|---|---|---|
| type | string | The type of the input segment.
|
| value | string | The value of the input segment. |
Response body JSON model
{"affectedEntities": {"processGroup": {"id": "string","name": "string"},"processGroupInstance": {}},"attackId": "string","attackTarget": {"entityId": "string","name": "string"},"attackType": "COMMAND_INJECTION","attacker": {"location": {"city": "string","country": "string","countryCode": "string"},"sourceIp": "string"},"displayId": "string","displayName": "string","entrypoint": {"codeLocation": {"className": "string","columnNumber": 1,"displayName": "string","fileName": "string","functionName": "string","lineNumber": 1,"parameterTypes": {"truncationInfo": {"truncated": true},"values": ["string"]},"returnType": "string"},"entrypointFunction": {"className": "string","displayName": "string","fileName": "string","functionName": "string","parameterTypes": {},"returnType": "string"},"payload": [{"truncationInfo": {},"values": [{"name": "string","type": "HTTP_BODY","value": "string"}]}]},"managementZones": [{"id": "string","name": "string"}],"request": {"host": "string","path": "string","protocolDetails": {"http": {"headers": {"truncationInfo": {},"values": [{"name": "string","value": "string"}]},"parameters": {"truncationInfo": {},"values": [{"name": "string","value": "string"}]},"requestMethod": "string"}},"url": "string"},"securityProblem": {"assessment": {"dataAssets": "NOT_AVAILABLE","exposure": "NOT_AVAILABLE","numberOfReachableDataAssets": 1},"securityProblemId": "string"},"state": "ALLOWLISTED","technology": "DOTNET","timestamp": 1,"vulnerability": {"codeLocation": {},"displayName": "string","vulnerabilityId": "string","vulnerableFunction": {},"vulnerableFunctionInput": {"inputSegments": [{"type": "MALICIOUS_INPUT","value": "string"}],"type": "COMMAND"}}}