Attacks API - GET attack details
Lists the details of a specific attack.
The request produces an application/json payload.
| GET | ManagedDynatrace for Government | https://{your-domain}/e/{your-environment-id}/api/v2/attacks/{id} |
| SaaS | https://{your-environment-id}.live.dynatrace.com/api/v2/attacks/{id} | |
| Environment and Cluster ActiveGate (default port 9999) | https://{your-activegate-domain}:9999/e/{your-environment-id}/api/v2/attacks/{id} |
Authentication
To execute this request, you need an access token with attacks.read scope.
To learn how to obtain and use it, see Tokens and authentication.
Parameters
| Parameter | Type | Description | In | Required |
|---|---|---|---|---|
| id | string | The ID of the attack. | path | required |
| fields | string | A list of additional attack properties you can add to the response. The following properties are available (all other properties are always included and you can't remove them from the response):
To add properties, specify them in a comma-separated list and prefix each property with a plus (for example, | query | optional |
Response
Response codes
| Code | Type | Description |
|---|---|---|
| 200 | Attack | Success |
Response body objects
The Attack object
Describes an attack.
| Element | Type | Description |
|---|---|---|
| affectedEntities | AffectedEntities | Information about affected entities of an attack. |
| attackId | string | The ID of the attack. |
| attackTarget | AttackTarget | Information about the targeted host/database of an attack. |
| attackType | string | The type of the attack.
|
| attacker | Attacker | Attacker of an attack. |
| displayId | string | The display ID of the attack. |
| displayName | string | The display name of the attack. |
| entrypoint | AttackEntrypoint | Describes the entrypoint used by an attacker to start a specific attack. |
| managementZones | ManagementZone[] | A list of management zones which the affected entities belong to. |
| request | RequestInformation | Describes the complete request information of an attack. |
| securityProblem | AttackSecurityProblem | Assessment information and the ID of a security problem related to an attack. |
| state | string | The state of the attack.
|
| technology | string | The technology of the attack.
|
| timestamp | integer | The timestamp when the attack occurred. |
| vulnerability | Vulnerability | Describes the exploited vulnerability. |
The AffectedEntities object
Information about affected entities of an attack.
| Element | Type | Description |
|---|---|---|
| processGroup | AffectedEntity | Information about an affected entity. |
| processGroupInstance | AffectedEntity | Information about an affected entity. |
The AffectedEntity object
Information about an affected entity.
| Element | Type | Description |
|---|---|---|
| id | string | The monitored entity ID of the affected entity. |
| name | string | The name of the affected entity. |
The AttackTarget object
Information about the targeted host/database of an attack.
| Element | Type | Description |
|---|---|---|
| entityId | string | The monitored entity ID of the targeted host/database. |
| name | string | The name of the targeted host/database. |
The Attacker object
Attacker of an attack.
| Element | Type | Description |
|---|---|---|
| location | AttackerLocation | Location of an attacker. |
| sourceIp | string | The source IP of the attacker. |
The AttackerLocation object
Location of an attacker.
| Element | Type | Description |
|---|---|---|
| city | string | City of the attacker. |
| country | string | The country of the attacker. |
| countryCode | string | The country code of the country of the attacker, according to the ISO 3166-1 Alpha-2 standard. |
The AttackEntrypoint object
Describes the entrypoint used by an attacker to start a specific attack.
| Element | Type | Description |
|---|---|---|
| codeLocation | CodeLocation | Information about a code location. |
| entrypointFunction | FunctionDefinition | Information about a function definition. |
| payload | object[] | A list of values that has possibly been truncated. |
The CodeLocation object
Information about a code location.
| Element | Type | Description |
|---|---|---|
| className | string | The fully qualified class name of the code location. |
| displayName | string | A human readable string representation of the code location. |
| functionName | string | The function/method name of the code location. |
| lineNumber | integer | The line number of the code location. |
| parameterTypes | TruncatableListString | A list of values that has possibly been truncated. |
| returnType | string | The return type of the function. |
The TruncatableListString object
A list of values that has possibly been truncated.
| Element | Type | Description |
|---|---|---|
| truncationInfo | TruncationInfo | Information on a possible truncation. |
| values | string[] | Values of the list. |
The TruncationInfo object
Information on a possible truncation.
| Element | Type | Description |
|---|---|---|
| truncated | boolean | If the list/value has been truncated. |
The FunctionDefinition object
Information about a function definition.
| Element | Type | Description |
|---|---|---|
| className | string | The fully qualified class name of the class that includes the function. |
| displayName | string | A human readable string representation of the function definition. |
| functionName | string | The function/method name. |
| parameterTypes | TruncatableListString | A list of values that has possibly been truncated. |
| returnType | string | The return type of the function. |
The EntrypointPayload object
Describes a payload sent to an entrypoint during an attack.
| Element | Type | Description |
|---|---|---|
| name | string | Name of the payload, if applicable. |
| type | string | Type of the payload.
|
| value | string | Value of the payload. |
The ManagementZone object
A short representation of a management zone.
| Element | Type | Description |
|---|---|---|
| id | string | The ID of the management zone. |
| name | string | The name of the management zone. |
The RequestInformation object
Describes the complete request information of an attack.
| Element | Type | Description |
|---|---|---|
| host | string | The target host of the request. |
| path | string | The request path. |
| protocolDetails | ProtocolDetails | Details that are specific to the used protocol. |
| url | string | The requested URL. |
The ProtocolDetails object
Details that are specific to the used protocol.
| Element | Type | Description |
|---|---|---|
| http | HttpProtocolDetails | HTTP specific request details. |
The HttpProtocolDetails object
HTTP specific request details.
| Element | Type | Description |
|---|---|---|
| headers | TruncatableListAttackRequestHeader | A list of values that has possibly been truncated. |
| parameters | TruncatableListHttpRequestParameter | A list of values that has possibly been truncated. |
| requestMethod | string | The HTTP request method. |
The TruncatableListAttackRequestHeader object
A list of values that has possibly been truncated.
| Element | Type | Description |
|---|---|---|
| truncationInfo | TruncationInfo | Information on a possible truncation. |
| values | AttackRequestHeader[] | Values of the list. |
The AttackRequestHeader object
A header element of the attack's request.
| Element | Type | Description |
|---|---|---|
| name | string | The name of the header element. |
| value | string | The value of the header element. |
The TruncatableListHttpRequestParameter object
A list of values that has possibly been truncated.
| Element | Type | Description |
|---|---|---|
| truncationInfo | TruncationInfo | Information on a possible truncation. |
| values | HttpRequestParameter[] | Values of the list. |
The HttpRequestParameter object
An HTTP request parameter.
| Element | Type | Description |
|---|---|---|
| name | string | The name of the parameter. |
| value | string | The value of the parameter. |
The AttackSecurityProblem object
Assessment information and the ID of a security problem related to an attack.
| Element | Type | Description |
|---|---|---|
| assessment | AttackSecurityProblemAssessmentDto | The assessment of a security problem related to an attack. |
| securityProblemId | string | The security problem ID. |
The AttackSecurityProblemAssessmentDto object
The assessment of a security problem related to an attack.
| Element | Type | Description |
|---|---|---|
| dataAssets | string | The reachability of data assets by the attacked target.
|
| exposure | string | The level of exposure of the attacked target
|
| numberOfReachableDataAssets | integer | The number of data assets reachable by the attacked target. |
The Vulnerability object
Describes the exploited vulnerability.
| Element | Type | Description |
|---|---|---|
| codeLocation | CodeLocation | Information about a code location. |
| displayName | string | The display name of the vulnerability. |
| vulnerabilityId | string | The id of the vulnerability. |
| vulnerableFunction | FunctionDefinition | Information about a function definition. |
| vulnerableFunctionInput | VulnerableFunctionInput | Describes what got passed into the code level vulnerability. |
The VulnerableFunctionInput object
Describes what got passed into the code level vulnerability.
| Element | Type | Description |
|---|---|---|
| inputSegments | VulnerableFunctionInputSegment[] | A list of input segments. |
| type | string | The type of the input.
|
The VulnerableFunctionInputSegment object
Describes one segment that was passed into a vulnerable function.
| Element | Type | Description |
|---|---|---|
| type | string | The type of the input segment.
|
| value | string | The value of the input segment. |
Response body JSON model
1{2 "affectedEntities": {3 "processGroup": {4 "id": "string",5 "name": "string"6 },7 "processGroupInstance": {}8 },9 "attackId": "string",10 "attackTarget": {11 "entityId": "string",12 "name": "string"13 },14 "attackType": "COMMAND_INJECTION",15 "attacker": {16 "location": {17 "city": "string",18 "country": "string",19 "countryCode": "string"20 },21 "sourceIp": "string"22 },23 "displayId": "string",24 "displayName": "string",25 "entrypoint": {26 "codeLocation": {27 "className": "string",28 "displayName": "string",29 "functionName": "string",30 "lineNumber": 1,31 "parameterTypes": {32 "truncationInfo": {33 "truncated": true34 },35 "values": [36 "string"37 ]38 },39 "returnType": "string"40 },41 "entrypointFunction": {42 "className": "string",43 "displayName": "string",44 "functionName": "string",45 "parameterTypes": {},46 "returnType": "string"47 },48 "payload": [49 {50 "truncationInfo": {},51 "values": [52 {53 "name": "string",54 "type": "HTTP_BODY",55 "value": "string"56 }57 ]58 }59 ]60 },61 "managementZones": [62 {63 "id": "string",64 "name": "string"65 }66 ],67 "request": {68 "host": "string",69 "path": "string",70 "protocolDetails": {71 "http": {72 "headers": {73 "truncationInfo": {},74 "values": [75 {76 "name": "string",77 "value": "string"78 }79 ]80 },81 "parameters": {82 "truncationInfo": {},83 "values": [84 {85 "name": "string",86 "value": "string"87 }88 ]89 },90 "requestMethod": "string"91 }92 },93 "url": "string"94 },95 "securityProblem": {96 "assessment": {97 "dataAssets": "NOT_AVAILABLE",98 "exposure": "NOT_AVAILABLE",99 "numberOfReachableDataAssets": 1100 },101 "securityProblemId": "string"102 },103 "state": "ALLOWLISTED",104 "technology": "DOTNET",105 "timestamp": 1,106 "vulnerability": {107 "codeLocation": {},108 "displayName": "string",109 "vulnerabilityId": "string",110 "vulnerableFunction": {},111 "vulnerableFunctionInput": {112 "inputSegments": [113 {114 "type": "MALICIOUS_INPUT",115 "value": "string"116 }117 ],118 "type": "COMMAND"119 }120 }121}