Settings API - Security notifications schema table
Security notifications (builtin:appsec.notification-integration)
Integrate security notifications with your existing incident-management system or team-collaboration channel. Within security integrations, use vulnerability and attack alerting profiles to filter the total number of alerts down to those relevant for your team.
To learn more, visit Security notifications.
builtin:appsec.notification-integrationgroup:integration
environment| GET | Managed | https://{your-domain}/e/{your-environment-id}/api/v2/settings/schemas/builtin:appsec.notification-integration |
| SaaS | https://{your-environment-id}.live.dynatrace.com/api/v2/settings/schemas/builtin:appsec.notification-integration | |
| Environment ActiveGate | https://{your-activegate-domain}/e/{your-environment-id}/api/v2/settings/schemas/builtin:appsec.notification-integration |
Authentication
To execute this request, you need an access token with Read settings (settings.read) scope. To learn how to obtain and use it, see Tokens and authentication.
Parameters
enabledtriggerSECURITY_PROBLEMATTACK_CANDIDATE
typeWEBHOOKJIRAEMAIL
displayNamesecurityProblemBasedAlertingProfileSelect an alerting profile (<your-dynatrace-url>//ui/settings/builtin:appsec.notification-alerting-profile) to control the delivery of security notifications related to this integration.
attackCandidateBasedAlertingProfileSelect an alerting profile (<your-dynatrace-url>//ui/settings/builtin:appsec.notification-attack-alerting-profile) to control the delivery of security notifications related to this integration.
The WebhookConfiguration object
urlacceptAnyCertificateheadersUse additional HTTP headers to attach any additional information, for example, configuration, authorization, or metadata.
Note that JSON-based webhook endpoints require the addition of the Content-Type: application/json header to enable escaping of special characters and to avoid malformed JSON content.
The SecurityProblemBasedWebhookPayload object
payloadThis is the content your notification message will include when users view it.
In case a value of a security problem is not set, the placeholder will be replaced by an empty string.
Note: Security notifications contain sensitive information. Excessive usage of placeholders in the custom payload might leak information to untrusted parties.
Available placeholders:
{SecurityProblemId}: The unique identifier assigned by Dynatrace, for example, "S-1234".
{Title}: A short summary of the type of vulnerability that was found, for example, "Remote Code Execution".
{Description}: A more detailed description of the vulnerability.
{CvssScore}: CVSS score of the identified vulnerability, for example, "10.0". Can be empty.
{DavisSecurityScore}: Davis Security Score is an enhanced risk-calculation score based on the CVSS, for example, "10.0".
{Severity}: The security problem severity, for example, "Critical" or "Medium".
{SecurityProblemUrl}: URL of the security problem in Dynatrace.
{AffectedEntities}: Details about the entities affected by the security problem in a json array.
{ManagementZones}: Comma-separated list of all management zones affected by the vulnerability at the time of detection.
{Tags}: Comma-separated list of tags that are defined for a vulnerability's affected entities. For example: "PROD, owner:John". Assign the tag's key in square brackets: {Tags[key]} to get all associated values. For example: "{Tags[owner]}" will be resolved as "John". Tags without an assigned value will be resolved as empty string.
{Exposed}: Describes whether one or more affected process is exposed to the public Internet. Can be "true" or "false".
{DataAssetsReachable}: Describes whether one or more affected process can reach data assets. Can be "true" or "false".
{ExploitAvailable}: Describes whether there's an exploit available for the vulnerability. Can be "true" or "false".
The AttackCandidateBasedWebhookPayload object
payloadThis is the content your notification message will include when users view it.
In case a value of an attack is not set, the placeholder will be replaced by an empty string.
Note: Security notifications contain sensitive information. Excessive usage of placeholders in the custom payload might leak information to untrusted parties.
Available placeholders:
{AttackDisplayId}: The unique identifier assigned by Dynatrace, for example: "A-1234".
{Title}: Location of the attack, for example: "com.dynatrace.Class.method():120"
{Type}: The type of attack, for example: "SQL Injection".
{AttackUrl}: URL of the attack in Dynatrace.
{ProcessGroupId}: Details about the process group attacked.
{EntryPoint}: The entry point of the attack into the process, for example: "/login". Can be empty.
{Status}: The status of the attack, for example: "Exploited"
{Timestamp}: When the attack happened.
{VulnerabilityName}: Name of the associated code-level vulnerability, for example: "InMemoryDatabaseCaller.getAccountInfo():51". Can be empty.
The JiraConfiguration object
urlThe URL of the Jira API endpoint.
usernameThe username of the Jira profile.
apiTokenThe API token for the Jira profile. Using password authentication was deprecated by Jira
projectKeyThe project key of the Jira issue to be created by this notification.
issueTypeThe type of the Jira issue to be created by this notification.
To find all available issue types or create your own, in Jira, go to Project settings > Issue types.
The SecurityProblemBasedJiraPayload object
summaryThe summary of the Jira issue to be created by this notification.
Note: The Jira summary field must contain less than 255 characters. Any content exceeding this limit after evaluating the placeholders will be discarded.
Available placeholders:
{SecurityProblemId}: The unique identifier assigned by Dynatrace, for example, "S-1234".
{Title}: A short summary of the type of vulnerability that was found, for example, "Remote Code Execution".
{CvssScore}: CVSS score of the identified vulnerability, for example, "10.0". Can be empty.
{DavisSecurityScore}: Davis Security Score is an enhanced risk-calculation score based on the CVSS, for example, "10.0".
{Severity}: The security problem severity, for example, "Critical" or "Medium".
{SecurityProblemUrl}: URL of the security problem in Dynatrace.
{Exposed}: Describes whether one or more affected process is exposed to the public Internet. Can be "true" or "false".
{DataAssetsReachable}: Describes whether one or more affected process can reach data assets. Can be "true" or "false".
{ExploitAvailable}: Describes whether there's an exploit available for the vulnerability. Can be "true" or "false".
descriptionThe description of the Jira issue to be created by this notification.
In case a value of a security problem is not set, the placeholder will be replaced by an empty string.
Note: Security notifications contain sensitive information. Excessive usage of placeholders in the description might leak information to untrusted parties.
Available placeholders:
{SecurityProblemId}: The unique identifier assigned by Dynatrace, for example, "S-1234".
{Title}: A short summary of the type of vulnerability that was found, for example, "Remote Code Execution".
{Description}: A more detailed description of the vulnerability.
{CvssScore}: CVSS score of the identified vulnerability, for example, "10.0". Can be empty.
{DavisSecurityScore}: Davis Security Score is an enhanced risk-calculation score based on the CVSS, for example, "10.0".
{Severity}: The security problem severity, for example, "Critical" or "Medium".
{SecurityProblemUrl}: URL of the security problem in Dynatrace.
{AffectedEntities}: Details about the entities affected by the security problem in a json array.
{ManagementZones}: Comma-separated list of all management zones affected by the vulnerability at the time of detection.
{Tags}: Comma-separated list of tags that are defined for a vulnerability's affected entities. For example: "PROD, owner:John". Assign the tag's key in square brackets: {Tags[key]} to get all associated values. For example: "{Tags[owner]}" will be resolved as "John". Tags without an assigned value will be resolved as empty string.
{Exposed}: Describes whether one or more affected process is exposed to the public Internet. Can be "true" or "false".
{DataAssetsReachable}: Describes whether one or more affected process can reach data assets. Can be "true" or "false".
{ExploitAvailable}: Describes whether there's an exploit available for the vulnerability. Can be "true" or "false".
The AttackCandidateBasedJiraPayload object
summaryThe summary of the Jira issue to be created by this notification.
Note: The Jira summary field must contain less than 255 characters. Any content exceeding this limit after evaluating the placeholders will be discarded.
Available placeholders:
{AttackDisplayId}: The unique identifier assigned by Dynatrace, for example, "A-1234".
{Title}: Location of the attack, for example: "com.dynatrace.Class.method():120"
{Type}: The type of attack, for example: "SQL Injection".
{AttackUrl}: URL of the attack in Dynatrace.
{ProcessGroupId}: Details about the process group attacked.
{EntryPoint}: The entry point of the attack into the process, for example: "/login". Can be empty.
{Status}: The status of the attack, for example: "Exploited"
{Timestamp}: When the attack happened.
{VulnerabilityName}: Name of the associated code-level vulnerability, for example: "InMemoryDatabaseCaller.getAccountInfo():51". Can be empty.
descriptionThe description of the Jira issue to be created by this notification.
In case a value of an attack is not set, the placeholder will be replaced by an empty string.
Note: Security notifications contain sensitive information. Excessive usage of placeholders in the description might leak information to untrusted parties.
Available placeholders:
{AttackDisplayId}: The unique identifier assigned by Dynatrace, for example: "A-1234".
{Title}: Location of the attack, for example: "com.dynatrace.Class.method():120"
{Type}: The type of attack, for example: "SQL Injection".
{AttackUrl}: URL of the attack in Dynatrace.
{ProcessGroupId}: Details about the process group attacked.
{EntryPoint}: The entry point of the attack into the process, for example: "/login". Can be empty.
{Status}: The status of the attack, for example: "Exploited"
{Timestamp}: When the attack happened.
{VulnerabilityName}: Name of the associated code-level vulnerability, for example: "InMemoryDatabaseCaller.getAccountInfo():51". Can be empty.
The EmailConfiguration object
recipientsccRecipientsbccRecipientsThe SecurityProblemBasedEmailPayload object
subjectThe subject of the email notifications.
Available placeholders:
{SecurityProblemId}: The unique identifier assigned by Dynatrace, for example, "S-1234".
{Title}: A short summary of the type of vulnerability that was found, for example, "Remote Code Execution".
{CvssScore}: CVSS score of the identified vulnerability, for example, "10.0". Can be empty.
{DavisSecurityScore}: Davis Security Score is an enhanced risk-calculation score based on the CVSS, for example, "10.0".
{Severity}: The security problem severity, for example, "Critical" or "Medium".
{SecurityProblemUrl}: URL of the security problem in Dynatrace.
{Exposed}: Describes whether one or more affected process is exposed to the public Internet. Can be "true" or "false".
{DataAssetsReachable}: Describes whether one or more affected process can reach data assets. Can be "true" or "false".
{ExploitAvailable}: Describes whether there's an exploit available for the vulnerability. Can be "true" or "false".
bodyThe template of the email notifications.
In case a value of a security problem is not set, the placeholder will be replaced by an empty string.
Note: Security notifications contain sensitive information. Excessive usage of placeholders in the description might leak information to untrusted parties.
Available placeholders:
{SecurityProblemId}: The unique identifier assigned by Dynatrace, for example, "S-1234".
{Title}: A short summary of the type of vulnerability that was found, for example, "Remote Code Execution".
{Description}: A more detailed description of the vulnerability.
{CvssScore}: CVSS score of the identified vulnerability, for example, "10.0". Can be empty.
{DavisSecurityScore}: Davis Security Score is an enhanced risk-calculation score based on the CVSS, for example, "10.0".
{Severity}: The security problem severity, for example, "Critical" or "Medium".
{SecurityProblemUrl}: URL of the security problem in Dynatrace.
{AffectedEntities}: Details about the entities affected by the security problem in a json array.
{ManagementZones}: Comma-separated list of all management zones affected by the vulnerability at the time of detection.
{Tags}: Comma-separated list of tags that are defined for a vulnerability's affected entities. For example: "PROD, owner:John". Assign the tag's key in square brackets: {Tags[key]} to get all associated values. For example: "{Tags[owner]}" will be resolved as "John". Tags without an assigned value will be resolved as empty string.
{Exposed}: Describes whether one or more affected process is exposed to the public Internet. Can be "true" or "false".
{DataAssetsReachable}: Describes whether one or more affected process can reach data assets. Can be "true" or "false".
{ExploitAvailable}: Describes whether there's an exploit available for the vulnerability. Can be "true" or "false".
The AttackCandidateBasedEmailPayload object
subjectThe subject of the email notifications.
Available placeholders:
{AttackDisplayId}: The unique identifier assigned by Dynatrace, for example, "A-1234".
{Title}: Location of the attack, for example: "com.dynatrace.Class.method():120"
{Type}: The type of attack, for example: "SQL Injection".
{AttackUrl}: URL of the attack in Dynatrace.
{ProcessGroupId}: Details about the process group attacked.
{EntryPoint}: The entry point of the attack into the process, for example: "/login". Can be empty.
{Status}: The status of the attack, for example: "Exploited"
{Timestamp}: When the attack happened.
{VulnerabilityName}: Name of the associated code-level vulnerability, for example: "InMemoryDatabaseCaller.getAccountInfo():51". Can be empty.
bodyThe template of the email notifications.
In case a value of a security problem is not set, the placeholder will be replaced by an empty string.
Note: Security notifications contain sensitive information. Excessive usage of placeholders in the body might leak information to untrusted parties.
Available placeholders:
{AttackDisplayId}: The unique identifier assigned by Dynatrace, for example: "A-1234".
{Title}: Location of the attack, for example: "com.dynatrace.Class.method():120"
{Type}: The type of attack, for example: "SQL Injection".
{AttackUrl}: URL of the attack in Dynatrace.
{ProcessGroupId}: Details about the process group attacked.
{EntryPoint}: The entry point of the attack into the process, for example: "/login". Can be empty.
{Status}: The status of the attack, for example: "Exploited"
{Timestamp}: When the attack happened.
{VulnerabilityName}: Name of the associated code-level vulnerability, for example: "InMemoryDatabaseCaller.getAccountInfo():51". Can be empty.
The WebhookConfigurationHeader object
namesecretvalueThe value of the HTTP header. May contain an empty value.
secretValueThe secret value of the HTTP header. May contain an empty value.