Attacks API - GET attack details
Lists the details of a specific attack.
The request produces an application/json
payload.
GET | SaaS | https://{your-environment-id}.live.dynatrace.com/api/v2/attacks/{id} |
Environment ActiveGateCluster ActiveGate | https://{your-activegate-domain}:9999/e/{your-environment-id}/api/v2/attacks/{id} |
Authentication
To execute this request, you need an access token with attacks.read
scope.
To learn how to obtain and use it, see Tokens and authentication.
Parameters
Parameter | Type | Description | In | Required |
---|---|---|---|---|
id | string | The ID of the attack. | path | required |
fields | string | A list of additional attack properties you can add to the response. The following properties are available (all other properties are always included and you can't remove them from the response):
To add properties, specify them in a comma-separated list and prefix each property with a plus (for example, | query | optional |
Response
Response codes
Code | Type | Description |
---|---|---|
200 | Attack | Success |
4XX | ErrorEnvelope | Client side error. |
5XX | ErrorEnvelope | Server side error. |
Response body objects
The Attack
object
Describes an attack.
Element | Type | Description |
---|---|---|
affectedEntities | AffectedEntities | Information about affected entities of an attack. |
attackId | string | The ID of the attack. |
attackTarget | AttackTarget | Information about the targeted host/database of an attack. |
attackType | string | The type of the attack.
|
attacker | Attacker | Attacker of an attack. |
displayId | string | The display ID of the attack. |
displayName | string | The display name of the attack. |
entrypoint | AttackEntrypoint | Describes the entrypoint used by an attacker to start a specific attack. |
managementZones | ManagementZone[] | A list of management zones which the affected entities belong to. |
request | RequestInformation | Describes the complete request information of an attack. |
securityProblem | AttackSecurityProblem | Assessment information and the ID of a security problem related to an attack. |
state | string | The state of the attack.
|
technology | string | The technology of the attack.
|
timestamp | integer | The timestamp when the attack occurred. |
vulnerability | Vulnerability | Describes the exploited vulnerability. |
The AffectedEntities
object
Information about affected entities of an attack.
Element | Type | Description |
---|---|---|
processGroup | AffectedEntity | Information about an affected entity. |
processGroupInstance | AffectedEntity | Information about an affected entity. |
The AffectedEntity
object
Information about an affected entity.
Element | Type | Description |
---|---|---|
id | string | The monitored entity ID of the affected entity. |
name | string | The name of the affected entity. |
The AttackTarget
object
Information about the targeted host/database of an attack.
Element | Type | Description |
---|---|---|
entityId | string | The monitored entity ID of the targeted host/database. |
name | string | The name of the targeted host/database. |
The Attacker
object
Attacker of an attack.
Element | Type | Description |
---|---|---|
location | AttackerLocation | Location of an attacker. |
sourceIp | string | The source IP of the attacker. |
The AttackerLocation
object
Location of an attacker.
Element | Type | Description |
---|---|---|
city | string | City of the attacker. |
country | string | The country of the attacker. |
countryCode | string | The country code of the country of the attacker, according to the ISO 3166-1 Alpha-2 standard. |
The AttackEntrypoint
object
Describes the entrypoint used by an attacker to start a specific attack.
Element | Type | Description |
---|---|---|
codeLocation | CodeLocation | Information about a code location. |
entrypointFunction | FunctionDefinition | Information about a function definition. |
payload | object[] | A list of values that has possibly been truncated. |
The CodeLocation
object
Information about a code location.
Element | Type | Description |
---|---|---|
className | string | The fully qualified class name of the code location. |
columnNumber | integer | The column number of the code location. |
displayName | string | A human readable string representation of the code location. |
fileName | string | The file name of the code location. |
functionName | string | The function/method name of the code location. |
lineNumber | integer | The line number of the code location. |
parameterTypes | TruncatableListString | A list of values that has possibly been truncated. |
returnType | string | The return type of the function. |
The TruncatableListString
object
A list of values that has possibly been truncated.
Element | Type | Description |
---|---|---|
truncationInfo | TruncationInfo | Information on a possible truncation. |
values | string[] | Values of the list. |
The TruncationInfo
object
Information on a possible truncation.
Element | Type | Description |
---|---|---|
truncated | boolean | If the list/value has been truncated. |
The FunctionDefinition
object
Information about a function definition.
Element | Type | Description |
---|---|---|
className | string | The fully qualified class name of the class that includes the function. |
displayName | string | A human readable string representation of the function definition. |
fileName | string | The file name of the function definition. |
functionName | string | The function/method name of the function definition. |
parameterTypes | TruncatableListString | A list of values that has possibly been truncated. |
returnType | string | The return type of the function. |
The EntrypointPayload
object
Describes a payload sent to an entrypoint during an attack.
Element | Type | Description |
---|---|---|
name | string | Name of the payload, if applicable. |
type | string | Type of the payload.
|
value | string | Value of the payload. |
The ManagementZone
object
A short representation of a management zone.
Element | Type | Description |
---|---|---|
id | string | The ID of the management zone. |
name | string | The name of the management zone. |
The RequestInformation
object
Describes the complete request information of an attack.
Element | Type | Description |
---|---|---|
host | string | The target host of the request. |
path | string | The request path. |
protocolDetails | ProtocolDetails | Details that are specific to the used protocol. |
url | string | The requested URL. |
The ProtocolDetails
object
Details that are specific to the used protocol.
Element | Type | Description |
---|---|---|
http | HttpProtocolDetails | HTTP specific request details. |
The HttpProtocolDetails
object
HTTP specific request details.
Element | Type | Description |
---|---|---|
headers | TruncatableListAttackRequestHeader | A list of values that has possibly been truncated. |
parameters | TruncatableListHttpRequestParameter | A list of values that has possibly been truncated. |
requestMethod | string | The HTTP request method. |
The TruncatableListAttackRequestHeader
object
A list of values that has possibly been truncated.
Element | Type | Description |
---|---|---|
truncationInfo | TruncationInfo | Information on a possible truncation. |
values | AttackRequestHeader[] | Values of the list. |
The AttackRequestHeader
object
A header element of the attack's request.
Element | Type | Description |
---|---|---|
name | string | The name of the header element. |
value | string | The value of the header element. |
The TruncatableListHttpRequestParameter
object
A list of values that has possibly been truncated.
Element | Type | Description |
---|---|---|
truncationInfo | TruncationInfo | Information on a possible truncation. |
values | HttpRequestParameter[] | Values of the list. |
The HttpRequestParameter
object
An HTTP request parameter.
Element | Type | Description |
---|---|---|
name | string | The name of the parameter. |
value | string | The value of the parameter. |
The AttackSecurityProblem
object
Assessment information and the ID of a security problem related to an attack.
Element | Type | Description |
---|---|---|
assessment | AttackSecurityProblemAssessmentDto | The assessment of a security problem related to an attack. |
securityProblemId | string | The security problem ID. |
The AttackSecurityProblemAssessmentDto
object
The assessment of a security problem related to an attack.
Element | Type | Description |
---|---|---|
dataAssets | string | The reachability of data assets by the attacked target.
|
exposure | string | The level of exposure of the attacked target
|
numberOfReachableDataAssets | integer | The number of data assets reachable by the attacked target. |
The Vulnerability
object
Describes the exploited vulnerability.
Element | Type | Description |
---|---|---|
codeLocation | CodeLocation | Information about a code location. |
displayName | string | The display name of the vulnerability. |
vulnerabilityId | string | The id of the vulnerability. |
vulnerableFunction | FunctionDefinition | Information about a function definition. |
vulnerableFunctionInput | VulnerableFunctionInput | Describes what got passed into the code level vulnerability. |
The VulnerableFunctionInput
object
Describes what got passed into the code level vulnerability.
Element | Type | Description |
---|---|---|
inputSegments | VulnerableFunctionInputSegment[] | A list of input segments. |
type | string | The type of the input.
|
The VulnerableFunctionInputSegment
object
Describes one segment that was passed into a vulnerable function.
Element | Type | Description |
---|---|---|
type | string | The type of the input segment.
|
value | string | The value of the input segment. |
Response body JSON model
{"affectedEntities": {"processGroup": {"id": "string","name": "string"},"processGroupInstance": {}},"attackId": "string","attackTarget": {"entityId": "string","name": "string"},"attackType": "COMMAND_INJECTION","attacker": {"location": {"city": "string","country": "string","countryCode": "string"},"sourceIp": "string"},"displayId": "string","displayName": "string","entrypoint": {"codeLocation": {"className": "string","columnNumber": 1,"displayName": "string","fileName": "string","functionName": "string","lineNumber": 1,"parameterTypes": {"truncationInfo": {"truncated": true},"values": ["string"]},"returnType": "string"},"entrypointFunction": {"className": "string","displayName": "string","fileName": "string","functionName": "string","parameterTypes": {},"returnType": "string"},"payload": [{"truncationInfo": {},"values": [{"name": "string","type": "HTTP_BODY","value": "string"}]}]},"managementZones": [{"id": "string","name": "string"}],"request": {"host": "string","path": "string","protocolDetails": {"http": {"headers": {"truncationInfo": {},"values": [{"name": "string","value": "string"}]},"parameters": {"truncationInfo": {},"values": [{"name": "string","value": "string"}]},"requestMethod": "string"}},"url": "string"},"securityProblem": {"assessment": {"dataAssets": "NOT_AVAILABLE","exposure": "NOT_AVAILABLE","numberOfReachableDataAssets": 1},"securityProblemId": "string"},"state": "ALLOWLISTED","technology": "DOTNET","timestamp": 1,"vulnerability": {"codeLocation": {},"displayName": "string","vulnerabilityId": "string","vulnerableFunction": {},"vulnerableFunctionInput": {"inputSegments": [{"type": "MALICIOUS_INPUT","value": "string"}],"type": "COMMAND"}}}