Monitored entities API - security context
Create or delete security context for monitored entities.
Matching entities will have a management zone assigned if the given security context matches the name of an already existing management zone. This endpoint does not create a new management zone if there is no management zone with the provided name.
Management zone rules will not apply to entities with a set security context. To be able to apply them again, you need to delete the security context.
For more information on security context, see Grant access to entities with security context.
Create the security context
The request consumes and produces an application/json
payload.
POST | SaaS | https://{your-environment-id}.live.dynatrace.com/api/v2/entities/securityContext |
Environment ActiveGateCluster ActiveGate | https://{your-activegate-domain}:9999/e/{your-environment-id}/api/v2/entities/securityContext |
Authentication
To execute this request, you need an access token with settings.write
scope.
To learn how to obtain and use it, see Tokens and authentication.
Parameters
Defines the scope of the entities to set the security context for. Only entities that can have management zones are considered for this operation
You must set one of these criteria:
- Entity type:
type("TYPE")
- Dynatrace entity ID:
entityId("id")
. You can specify several IDs, separated by a comma (entityId("id-1","id-2")
). All requested entities must be of the same type.
You can add one or more of the following criteria. Values are case-sensitive and the EQUALS
operator is used unless otherwise specified.
- Tag:
tag("value")
. Tags in[context]key:value
,key:value
, andvalue
formats are detected and parsed automatically. Any colons (:
) that are part of the key or value must be escaped with a backslash(\
). Otherwise, it will be interpreted as the separator between the key and the value. All tag values are case-sensitive. - Management zone ID:
mzId(123)
- Management zone name:
mzName("value")
- Entity name:
entityName.equals
: performs a non-casesensitiveEQUALS
query.entityName.startsWith
: changes the operator toBEGINS WITH
.entityName.in
: enables you to provide multiple values. TheEQUALS
operator applies.caseSensitive(entityName.equals("value"))
: takes any entity name criterion as an argument and makes the value case-sensitive.
- Health state (HEALTHY,UNHEALTHY):
healthState("HEALTHY")
- First seen timestamp:
firstSeenTms.<operator>(now-3h)
. Use any timestamp format from the from/to parameters. The following operators are available:lte
: earlier than or at the specified timelt
: earlier than the specified timegte
: later than or at the specified timegt
: later than the specified time
- Entity attribute:
<attribute>("value1","value2")
and<attribute>.exists()
. To fetch the list of available attributes, execute the GET entity type request and check the properties field of the response. - Relationships:
fromRelationships.<relationshipName>()
andtoRelationships.<relationshipName>()
. This criterion takes an entity selector as an attribute. To fetch the list of available relationships, execute the GET entity type request and check the fromRelationships and toRelationships fields. - Negation:
not(<criterion>)
. Inverts any criterion except for type.
For more information, see Entity selector in Dynatrace Documentation.
To set several criteria, separate them with a comma (,
). For example, type("HOST"),healthState("HEALTHY")
. Only results matching all criteria are included in the response.
The maximum string length is 2,000 characters.
The start of the requested timeframe.
You can use one of the following formats:
- Timestamp in UTC milliseconds.
- Human-readable format of
2021-01-25T05:57:01.123+01:00
. If no time zone is specified, UTC is used. You can use a space character instead of theT
. Seconds and fractions of a second are optional. - Relative timeframe, back from now. The format is
now-NU/A
, whereN
is the amount of time,U
is the unit of time, andA
is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example,now-1y/w
is one year back, aligned by a week. You can also specify relative timeframe without an alignment:now-NU
. Supported time units for the relative timeframe are:m
: minutesh
: hoursd
: daysw
: weeksM
: monthsy
: years
If not set, the relative timeframe of three days is used (now-3d
).
The end of the requested timeframe.
You can use one of the following formats:
- Timestamp in UTC milliseconds.
- Human-readable format of
2021-01-25T05:57:01.123+01:00
. If no time zone is specified, UTC is used. You can use a space character instead of theT
. Seconds and fractions of a second are optional. - Relative timeframe, back from now. The format is
now-NU/A
, whereN
is the amount of time,U
is the unit of time, andA
is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example,now-1y/w
is one year back, aligned by a week. You can also specify relative timeframe without an alignment:now-NU
. Supported time units for the relative timeframe are:m
: minutesh
: hoursd
: daysw
: weeksM
: monthsy
: years
If not set, the current timestamp is used.
The JSON body of the request. Contains security context to be set for the matching entities.
Request body objects
The SecurityContextDtoImpl
object
The security context, that will be set for matching entities. If there exists a management zone with this name, it will be set for all matching entities, overriding all automatic management zone rules.
Request body JSON model
This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.
{"securityContext": ["string"]}
Response
Response codes
Response body objects
The SecurityContextResultDto
object
The response payload holding the result of the security context application.
The entity ids that matched the entity selector and now have the supplied security context set.
The management zone ids that is applied to the entity ids, if the security context matched an existing management zone's name, otherwise null.
Response body JSON model
{"entityIds": ["string"],"managementZoneIds": [1]}
Delete the security context
DELETE | SaaS | https://{your-environment-id}.live.dynatrace.com/api/v2/entities/securityContext |
Environment ActiveGateCluster ActiveGate | https://{your-activegate-domain}:9999/e/{your-environment-id}/api/v2/entities/securityContext |
Authentication
To execute this request, you need an access token with settings.write
scope.
To learn how to obtain and use it, see Tokens and authentication.
Parameters
Defines the scope of the entities to set the security context for. Only entities that can have management zones are considered for this operation
You must set one of these criteria:
- Entity type:
type("TYPE")
- Dynatrace entity ID:
entityId("id")
. You can specify several IDs, separated by a comma (entityId("id-1","id-2")
). All requested entities must be of the same type.
You can add one or more of the following criteria. Values are case-sensitive and the EQUALS
operator is used unless otherwise specified.
- Tag:
tag("value")
. Tags in[context]key:value
,key:value
, andvalue
formats are detected and parsed automatically. Any colons (:
) that are part of the key or value must be escaped with a backslash(\
). Otherwise, it will be interpreted as the separator between the key and the value. All tag values are case-sensitive. - Management zone ID:
mzId(123)
- Management zone name:
mzName("value")
- Entity name:
entityName.equals
: performs a non-casesensitiveEQUALS
query.entityName.startsWith
: changes the operator toBEGINS WITH
.entityName.in
: enables you to provide multiple values. TheEQUALS
operator applies.caseSensitive(entityName.equals("value"))
: takes any entity name criterion as an argument and makes the value case-sensitive.
- Health state (HEALTHY,UNHEALTHY):
healthState("HEALTHY")
- First seen timestamp:
firstSeenTms.<operator>(now-3h)
. Use any timestamp format from the from/to parameters. The following operators are available:lte
: earlier than or at the specified timelt
: earlier than the specified timegte
: later than or at the specified timegt
: later than the specified time
- Entity attribute:
<attribute>("value1","value2")
and<attribute>.exists()
. To fetch the list of available attributes, execute the GET entity type request and check the properties field of the response. - Relationships:
fromRelationships.<relationshipName>()
andtoRelationships.<relationshipName>()
. This criterion takes an entity selector as an attribute. To fetch the list of available relationships, execute the GET entity type request and check the fromRelationships and toRelationships fields. - Negation:
not(<criterion>)
. Inverts any criterion except for type.
For more information, see Entity selector in Dynatrace Documentation.
To set several criteria, separate them with a comma (,
). For example, type("HOST"),healthState("HEALTHY")
. Only results matching all criteria are included in the response.
The maximum string length is 2,000 characters.
The start of the requested timeframe.
You can use one of the following formats:
- Timestamp in UTC milliseconds.
- Human-readable format of
2021-01-25T05:57:01.123+01:00
. If no time zone is specified, UTC is used. You can use a space character instead of theT
. Seconds and fractions of a second are optional. - Relative timeframe, back from now. The format is
now-NU/A
, whereN
is the amount of time,U
is the unit of time, andA
is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example,now-1y/w
is one year back, aligned by a week. You can also specify relative timeframe without an alignment:now-NU
. Supported time units for the relative timeframe are:m
: minutesh
: hoursd
: daysw
: weeksM
: monthsy
: years
If not set, the relative timeframe of three days is used (now-3d
).
The end of the requested timeframe.
You can use one of the following formats:
- Timestamp in UTC milliseconds.
- Human-readable format of
2021-01-25T05:57:01.123+01:00
. If no time zone is specified, UTC is used. You can use a space character instead of theT
. Seconds and fractions of a second are optional. - Relative timeframe, back from now. The format is
now-NU/A
, whereN
is the amount of time,U
is the unit of time, andA
is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example,now-1y/w
is one year back, aligned by a week. You can also specify relative timeframe without an alignment:now-NU
. Supported time units for the relative timeframe are:m
: minutesh
: hoursd
: daysw
: weeksM
: monthsy
: years
If not set, the current timestamp is used.
Response
Response codes
Response body objects
The SecurityContextResultDto
object
The response payload holding the result of the security context application.
The entity ids that matched the entity selector and now have the supplied security context set.
The management zone ids that is applied to the entity ids, if the security context matched an existing management zone's name, otherwise null.
Response body JSON model
{"entityIds": ["string"],"managementZoneIds": [1]}