Vulnerabilities API - GET vulnerability events

Lists the events of a specific vulnerability.

The request produces an application/json payload.

GETSaaShttps://{your-environment-id}.live.dynatrace.com/api/v2/securityProblems/{id}/events
Environment ActiveGateCluster ActiveGatehttps://{your-activegate-domain}:9999/e/{your-environment-id}/api/v2/securityProblems/{id}/events

Authentication

To execute this request, you need an access token with securityProblems.read scope.

To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter
Type
Description
In
Required
id
string

The ID of the requested security problem.

path
required
from
string

The start of the requested timeframe.

You can use one of the following formats:

  • Timestamp in UTC milliseconds.
  • Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
  • Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
    • m: minutes
    • h: hours
    • d: days
    • w: weeks
    • M: months
    • y: years

If not set, the relative timeframe of thirty days is used (now-30d).

query
optional
to
string

The end of the requested timeframe.

You can use one of the following formats:

  • Timestamp in UTC milliseconds.
  • Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
  • Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
    • m: minutes
    • h: hours
    • d: days
    • w: weeks
    • M: months
    • y: years

If not set, the current timestamp is used.

query
optional

Response

Response codes

Code
Type
Description
200

Success. The response contains the list of security problem events.

4XX

Client side error.

5XX

Server side error.

Response body objects

The SecurityProblemEventsList object

A list of events for a security problem.

Element
Type
Description
events

A list of events for a security problem.

nextPageKey
string

The cursor for the next page of results. Has the value of null on the last page.

Use it in the nextPageKey query parameter to obtain subsequent pages of the result.

pageSize
integer

The number of entries per page.

totalCount
integer

The total number of entries in the result.

The SecurityProblemEvent object

The event of a security problem.

Element
Type
Description
muteState

Metadata of the muted state of a security problem in relation to an event.

reason
string

The reason of the event creation.

  • ASSESSMENT_CHANGED
  • SECURITY_PROBLEM_CREATED
  • SECURITY_PROBLEM_MUTED
  • SECURITY_PROBLEM_REOPENED
  • SECURITY_PROBLEM_RESOLVED
  • SECURITY_PROBLEM_UNMUTED
riskAssessmentSnapshot

A snapshot of the risk assessment of a security problem.

timestamp
integer

The timestamp when the event occurred.

The MuteState object

Metadata of the muted state of a security problem in relation to an event.

Element
Type
Description
comment
string

A user's comment.

reason
string

The reason for the mute state change.

  • AFFECTED
  • CONFIGURATION_NOT_AFFECTED
  • FALSE_POSITIVE
  • IGNORE
  • INITIAL_STATE
  • OTHER
  • VULNERABLE_CODE_NOT_IN_USE
user
string

The user who has muted or unmuted the problem.

The RiskAssessmentSnapshot object

A snapshot of the risk assessment of a security problem.

Element
Type
Description
baseRiskScore
number

The risk score (1-10) from the CVSS score.

changes

All changes of the risk assessment.

exposure
string

The level of exposure of affected entities.

  • NOT_AVAILABLE
  • NOT_DETECTED
  • PUBLIC_NETWORK
numberOfAffectedEntities
integer

The number of currently affected entities.

numberOfAffectedNodes
integer

The number of currently affected nodes.

numberOfAffectedProcessGroups
integer

The number of currently affected process groups.

numberOfReachableDataAssets
integer

The number of data assets that are currently reachable by affected entities.

numberOfRelatedAttacks
integer

The number of related attacks.

publicExploit
string

The availability status of public exploits.

  • AVAILABLE
  • NOT_AVAILABLE
riskLevel
string

The Davis risk level.

It is calculated by Dynatrace on the basis of CVSS score.

  • CRITICAL
  • HIGH
  • LOW
  • MEDIUM
  • NONE
riskScore
number

The Davis risk score (1-10).

It is calculated by Dynatrace on the basis of CVSS score.

vulnerableFunctionUsage
string

The state of vulnerable code execution.

  • IN_USE
  • NOT_AVAILABLE
  • NOT_IN_USE

The RiskAssessmentChanges object

All changes of the risk assessment.

Element
Type
Description
deltaBaseRiskScore
number

The delta of the risk score.

deltaNumberOfAffectedNodes
integer

The delta of the number of currently affected nodes.

deltaNumberOfAffectedProcessGroups
integer

The delta of the number of currently affected process groups.

deltaNumberOfReachableDataAssets
integer

The delta of the number of data assets that are currently reachable by affected entities.

deltaNumberOfRelatedAttacks
integer

The delta of the number of related attacks.

deltaRiskScore
number

The delta of the Davis risk score.

previousExposure
string

The previous level of exposure of affected entities.

  • NOT_AVAILABLE
  • NOT_DETECTED
  • PUBLIC_NETWORK
previousPublicExploit
string

The previous availability status of public exploits.

  • AVAILABLE
  • NOT_AVAILABLE
previousVulnerableFunctionUsage
string

The previous state of vulnerable code execution.

  • IN_USE
  • NOT_AVAILABLE
  • NOT_IN_USE

Response body JSON model

{
  "events": [
    {
      "muteState": {
        "comment": "string",
        "reason": "AFFECTED",
        "user": "string"
      },
      "reason": "ASSESSMENT_CHANGED",
      "riskAssessmentSnapshot": {
        "baseRiskScore": 1,
        "changes": {
          "deltaBaseRiskScore": 1,
          "deltaNumberOfAffectedNodes": 1,
          "deltaNumberOfAffectedProcessGroups": 1,
          "deltaNumberOfReachableDataAssets": 1,
          "deltaNumberOfRelatedAttacks": 1,
          "deltaRiskScore": 1,
          "previousExposure": "NOT_AVAILABLE",
          "previousPublicExploit": "AVAILABLE",
          "previousVulnerableFunctionUsage": "IN_USE"
        },
        "exposure": "NOT_AVAILABLE",
        "numberOfAffectedEntities": 1,
        "numberOfAffectedNodes": 1,
        "numberOfAffectedProcessGroups": 1,
        "numberOfReachableDataAssets": 1,
        "numberOfRelatedAttacks": 1,
        "publicExploit": "AVAILABLE",
        "riskLevel": "CRITICAL",
        "riskScore": 1,
        "vulnerableFunctionUsage": "IN_USE"
      },
      "timestamp": 1
    }
  ],
  "nextPageKey": "AQAAABQBAAAABQ==",
  "pageSize": 1,
  "totalCount": 1
}

Example

Query global vulnerability events.

Required filter: securityProblemId.

Curl

curl -X 'GET' 'https://mySampleEnv.live.dynatrace.com/api/v2/securityProblems/7412525767433554374/events' \
-H 'accept: application/json; charset=utf-8' \
-H 'Authorization: Api-Token [your_token]'

Request URL

https://mySampleEnv.live.dynatracelabs.com/api/v2/securityProblems/7412525767433554374/events

Response body

{
  "events": [
    {
      "timestamp": 1726497793191,
      "reason": "SECURITY_PROBLEM_REOPENED",
      "riskAssessmentSnapshot": {
        "baseRiskScore": 5.3,
        "exposure": "PUBLIC_NETWORK",
        "numberOfAffectedEntities": 2,
        "numberOfAffectedNodes": 0,
        "numberOfAffectedProcessGroups": 2,
        "numberOfReachableDataAssets": 1,
        "numberOfRelatedAttacks": 0,
        "publicExploit": "NOT_AVAILABLE",
        "riskLevel": "MEDIUM",
        "riskScore": 5.3,
        "vulnerableFunctionUsage": "NOT_AVAILABLE"
      }
    },
    {
      "timestamp": 1726496886335,
      "reason": "SECURITY_PROBLEM_RESOLVED",
      "riskAssessmentSnapshot": {
        "baseRiskScore": 5.3,
        "exposure": "NOT_DETECTED",
        "numberOfAffectedEntities": 0,
        "numberOfAffectedNodes": 0,
        "numberOfAffectedProcessGroups": 0,
        "numberOfReachableDataAssets": 0,
        "numberOfRelatedAttacks": 0,
        "publicExploit": "NOT_AVAILABLE",
        "riskLevel": "MEDIUM",
        "riskScore": 5.3,
        "vulnerableFunctionUsage": "NOT_AVAILABLE"
      }
    },
    {
      "timestamp": 1726495992217,
      "reason": "SECURITY_PROBLEM_REOPENED",
      "riskAssessmentSnapshot": {
        "baseRiskScore": 5.3,
        "exposure": "PUBLIC_NETWORK",
        "numberOfAffectedEntities": 2,
        "numberOfAffectedNodes": 0,
        "numberOfAffectedProcessGroups": 2,
        "numberOfReachableDataAssets": 1,
        "numberOfRelatedAttacks": 0,
        "publicExploit": "NOT_AVAILABLE",
        "riskLevel": "MEDIUM",
        "riskScore": 5.3,
        "vulnerableFunctionUsage": "NOT_AVAILABLE"
      }
    },
    {
      "timestamp": 1726495086473,
      "reason": "SECURITY_PROBLEM_RESOLVED",
      "riskAssessmentSnapshot": {
        "baseRiskScore": 5.3,
        "exposure": "NOT_DETECTED",
        "numberOfAffectedEntities": 0,
        "numberOfAffectedNodes": 0,
        "numberOfAffectedProcessGroups": 0,
        "numberOfReachableDataAssets": 0,
        "numberOfRelatedAttacks": 0,
        "publicExploit": "NOT_AVAILABLE",
        "riskLevel": "MEDIUM",
        "riskScore": 5.3,
        "vulnerableFunctionUsage": "NOT_AVAILABLE"
      }
    },
    {
      "timestamp": 1726121661376,
      "reason": "ASSESSMENT_CHANGED",
      "riskAssessmentSnapshot": {
        "baseRiskScore": 5.3,
        "changes": {
          "deltaRiskScore": 1,
          "previousExposure": "NOT_DETECTED"
        },
        "exposure": "PUBLIC_NETWORK",
        "numberOfAffectedEntities": 2,
        "numberOfAffectedNodes": 0,
        "numberOfAffectedProcessGroups": 2,
        "numberOfReachableDataAssets": 1,
        "numberOfRelatedAttacks": 0,
        "publicExploit": "NOT_AVAILABLE",
        "riskLevel": "MEDIUM",
        "riskScore": 5.3,
        "vulnerableFunctionUsage": "NOT_AVAILABLE"
      }
    },
    {
      "timestamp": 1725894871382,
      "reason": "ASSESSMENT_CHANGED",
      "riskAssessmentSnapshot": {
        "baseRiskScore": 5.3,
        "changes": {
          "deltaNumberOfAffectedProcessGroups": 1
        },
        "exposure": "NOT_DETECTED",
        "numberOfAffectedEntities": 2,
        "numberOfAffectedNodes": 0,
        "numberOfAffectedProcessGroups": 2,
        "numberOfReachableDataAssets": 1,
        "numberOfRelatedAttacks": 0,
        "publicExploit": "NOT_AVAILABLE",
        "riskLevel": "MEDIUM",
        "riskScore": 4.3,
        "vulnerableFunctionUsage": "NOT_AVAILABLE"
      }
    }
  ],
  "pageSize": 1,
  "totalCount": 6
}

Related topics