Monitored entities API - security context

Create or delete security context for monitored entities.

Matching entities will have a management zone assigned if the given security context matches the name of an already existing management zone. This endpoint does not create a new management zone if there is no management zone with the provided name.

Management zone rules will not apply to entities with a set security context. To be able to apply them again, you need to delete the security context.

For more information on security context, see Grant access to entities with security context.

Create the security context

The request consumes and produces an application/json payload.

POSTSaaShttps://{your-environment-id}.live.dynatrace.com/api/v2/entities/securityContext
Environment ActiveGateCluster ActiveGatehttps://{your-activegate-domain}:9999/e/{your-environment-id}/api/v2/entities/securityContext

Authentication

To execute this request, you need an access token with settings.write scope.

To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter
Type
Description
In
Required
entitySelector
string

Defines the scope of the entities to set the security context for. Only entities that can have management zones are considered for this operation

You must set one of these criteria:

  • Entity type: type("TYPE")
  • Dynatrace entity ID: entityId("id"). You can specify several IDs, separated by a comma (entityId("id-1","id-2")). All requested entities must be of the same type.

You can add one or more of the following criteria. Values are case-sensitive and the EQUALS operator is used unless otherwise specified.

  • Tag: tag("value"). Tags in [context]key:value, key:value, and value formats are detected and parsed automatically. Any colons (:) that are part of the key or value must be escaped with a backslash(\). Otherwise, it will be interpreted as the separator between the key and the value. All tag values are case-sensitive.
  • Management zone ID: mzId(123)
  • Management zone name: mzName("value")
  • Entity name:
    • entityName.equals: performs a non-casesensitive EQUALS query.
    • entityName.startsWith: changes the operator to BEGINS WITH.
    • entityName.in: enables you to provide multiple values. The EQUALS operator applies.
    • caseSensitive(entityName.equals("value")): takes any entity name criterion as an argument and makes the value case-sensitive.
  • Health state (HEALTHY,UNHEALTHY): healthState("HEALTHY")
  • First seen timestamp: firstSeenTms.<operator>(now-3h). Use any timestamp format from the from/to parameters. The following operators are available:
    • lte: earlier than or at the specified time
    • lt: earlier than the specified time
    • gte: later than or at the specified time
    • gt: later than the specified time
  • Entity attribute: <attribute>("value1","value2") and <attribute>.exists(). To fetch the list of available attributes, execute the GET entity type request and check the properties field of the response.
  • Relationships: fromRelationships.<relationshipName>() and toRelationships.<relationshipName>(). This criterion takes an entity selector as an attribute. To fetch the list of available relationships, execute the GET entity type request and check the fromRelationships and toRelationships fields.
  • Negation: not(<criterion>). Inverts any criterion except for type.

For more information, see Entity selector in Dynatrace Documentation.

To set several criteria, separate them with a comma (,). For example, type("HOST"),healthState("HEALTHY"). Only results matching all criteria are included in the response.

The maximum string length is 2,000 characters.

query
required
from
string

The start of the requested timeframe.

You can use one of the following formats:

  • Timestamp in UTC milliseconds.
  • Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
  • Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
    • m: minutes
    • h: hours
    • d: days
    • w: weeks
    • M: months
    • y: years

If not set, the relative timeframe of three days is used (now-3d).

query
optional
to
string

The end of the requested timeframe.

You can use one of the following formats:

  • Timestamp in UTC milliseconds.
  • Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
  • Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
    • m: minutes
    • h: hours
    • d: days
    • w: weeks
    • M: months
    • y: years

If not set, the current timestamp is used.

query
optional
body

The JSON body of the request. Contains security context to be set for the matching entities.

body
optional

Request body objects

The SecurityContextDtoImpl object

Element
Type
Description
Required
securityContext
string[]

The security context, that will be set for matching entities. If there exists a management zone with this name, it will be set for all matching entities, overriding all automatic management zone rules.

optional

Request body JSON model

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.

{
  "securityContext": [
    "string"
  ]
}

Response

Response codes

Code
Type
Description
200

Success

4XX

Client side error.

5XX

Server side error.

Response body objects

The SecurityContextResultDto object

The response payload holding the result of the security context application.

Element
Type
Description
entityIds
string[]

The entity ids that matched the entity selector and now have the supplied security context set.

managementZoneIds
integer[]

The management zone ids that is applied to the entity ids, if the security context matched an existing management zone's name, otherwise null.

Response body JSON model

{
  "entityIds": [
    "string"
  ],
  "managementZoneIds": [
    1
  ]
}

Delete the security context

DELETESaaShttps://{your-environment-id}.live.dynatrace.com/api/v2/entities/securityContext
Environment ActiveGateCluster ActiveGatehttps://{your-activegate-domain}:9999/e/{your-environment-id}/api/v2/entities/securityContext

Authentication

To execute this request, you need an access token with settings.write scope.

To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter
Type
Description
In
Required
entitySelector
string

Defines the scope of the entities to set the security context for. Only entities that can have management zones are considered for this operation

You must set one of these criteria:

  • Entity type: type("TYPE")
  • Dynatrace entity ID: entityId("id"). You can specify several IDs, separated by a comma (entityId("id-1","id-2")). All requested entities must be of the same type.

You can add one or more of the following criteria. Values are case-sensitive and the EQUALS operator is used unless otherwise specified.

  • Tag: tag("value"). Tags in [context]key:value, key:value, and value formats are detected and parsed automatically. Any colons (:) that are part of the key or value must be escaped with a backslash(\). Otherwise, it will be interpreted as the separator between the key and the value. All tag values are case-sensitive.
  • Management zone ID: mzId(123)
  • Management zone name: mzName("value")
  • Entity name:
    • entityName.equals: performs a non-casesensitive EQUALS query.
    • entityName.startsWith: changes the operator to BEGINS WITH.
    • entityName.in: enables you to provide multiple values. The EQUALS operator applies.
    • caseSensitive(entityName.equals("value")): takes any entity name criterion as an argument and makes the value case-sensitive.
  • Health state (HEALTHY,UNHEALTHY): healthState("HEALTHY")
  • First seen timestamp: firstSeenTms.<operator>(now-3h). Use any timestamp format from the from/to parameters. The following operators are available:
    • lte: earlier than or at the specified time
    • lt: earlier than the specified time
    • gte: later than or at the specified time
    • gt: later than the specified time
  • Entity attribute: <attribute>("value1","value2") and <attribute>.exists(). To fetch the list of available attributes, execute the GET entity type request and check the properties field of the response.
  • Relationships: fromRelationships.<relationshipName>() and toRelationships.<relationshipName>(). This criterion takes an entity selector as an attribute. To fetch the list of available relationships, execute the GET entity type request and check the fromRelationships and toRelationships fields.
  • Negation: not(<criterion>). Inverts any criterion except for type.

For more information, see Entity selector in Dynatrace Documentation.

To set several criteria, separate them with a comma (,). For example, type("HOST"),healthState("HEALTHY"). Only results matching all criteria are included in the response.

The maximum string length is 2,000 characters.

query
required
from
string

The start of the requested timeframe.

You can use one of the following formats:

  • Timestamp in UTC milliseconds.
  • Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
  • Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
    • m: minutes
    • h: hours
    • d: days
    • w: weeks
    • M: months
    • y: years

If not set, the relative timeframe of three days is used (now-3d).

query
optional
to
string

The end of the requested timeframe.

You can use one of the following formats:

  • Timestamp in UTC milliseconds.
  • Human-readable format of 2021-01-25T05:57:01.123+01:00. If no time zone is specified, UTC is used. You can use a space character instead of the T. Seconds and fractions of a second are optional.
  • Relative timeframe, back from now. The format is now-NU/A, where N is the amount of time, U is the unit of time, and A is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, now-1y/w is one year back, aligned by a week. You can also specify relative timeframe without an alignment: now-NU. Supported time units for the relative timeframe are:
    • m: minutes
    • h: hours
    • d: days
    • w: weeks
    • M: months
    • y: years

If not set, the current timestamp is used.

query
optional

Response

Response codes

Code
Type
Description
200

Success

4XX

Client side error.

5XX

Server side error.

Response body objects

The SecurityContextResultDto object

The response payload holding the result of the security context application.

Element
Type
Description
entityIds
string[]

The entity ids that matched the entity selector and now have the supplied security context set.

managementZoneIds
integer[]

The management zone ids that is applied to the entity ids, if the security context matched an existing management zone's name, otherwise null.

Response body JSON model

{
  "entityIds": [
    "string"
  ],
  "managementZoneIds": [
    1
  ]
}