Application Security
Security events are a special type of data representing various generated events.
In the events data store, security events are stored in a dedicated bucket (default_security_events) and come as an additional event kind (event.kind=="SECURITY_EVENT") for better access control, data separation, and data retention period control.
Entity change events
Entity change events are change events at the entity level. An event is generated whenever a vulnerability's affected entity undergoes a status or assessment change.
fetch events| filter event.kind == "SECURITY_EVENT"| filter event.category == "VULNERABILITY_MANAGEMENT"| filter event.type == "VULNERABILITY_STATUS_CHANGE_EVENT"| filter event.level == "ENTITY"fetch events| filter event.kind == "SECURITY_EVENT"| filter event.category == "VULNERABILITY_MANAGEMENT"| filter event.type == "VULNERABILITY_ASSESSMENT_CHANGE_EVENT"| filter event.level == "ENTITY"fetch events| filter event.kind == "SECURITY_EVENT"| filter event.category == "VULNERABILITY_MANAGEMENT"| filter event.type == "VULNERABILITY_IMPACT_CHANGE_EVENT"| filter event.level == "ENTITY"
Entity change events: Event data
This section contains general event information.
Attribute | Type | Description | Examples |
---|---|---|---|
event.category | string | stable Categorization based on the product and data generating this event. | VULNERABILITY_MANAGEMENT |
event.change_list | array | stable List of attributes updated as part of the change event. Values in the list match a previous field. | vulnerability.risk.score ; affected_entities.count ; related_entities.databases.count |
event.description | string | stable The human readable description text of an event. | Status of S-49 Remote Code Execution for prod_process_group_1 has changed to OPEN. ; Assessment of S-49 Remote Code Execution for prod_process_group_1 has changed. ; Environment impact of S-49 Remote Code Execution for prod_process_group_1 has changed. |
event.group_label | string | experimental Group label of an event. | CHANGE_EVENT |
event.kind | string | stable Gives high-level information about what kind of information the event contains, without being specific to the contents of the event. Helps to determine the record type of a raw event. Tags: permission | SECURITY_EVENT |
event.level | string | stable Main reference point to which the event or data is related. Possible values are Vulnerability (shows the global aggregation across the entire environment and comprises all entities and management zones) and Entity (shows the assessment based on the entity itself). | ENTITY |
event.name | string | stable The human readable display name of an event type. | Vulnerable entity status change event ; Vulnerable entity assessment change event ; Vulnerable entity impact change event |
event.provider | string | stable Source of the event, for example the name of the component or system that generated the event. Tags: permission | Dynatrace |
event.provider_product | string | stable Name of the product providing this event. | Runtime Vulnerability Analytics ; Snyk Container |
event.status | string | stable Status of an event as being either Active or Closed. | OPEN ; RESOLVED ; MUTED |
event.status_transition | string | experimental An enum that shows the transition of the above event state. | NEW_OPEN ; REOPEN ; CLOSE ; MUTE ; UNMUTE |
event.trigger.type | string | stable Type of event trigger (for example, whether it was generated by the system, ingested via API, or triggered by the user). | DT_PLATFORM ; USER_ACTION |
event.trigger.user | string | stable ID of the user who triggered the event. If generated by Dynatrace, the value is SYSTEM . | SYSTEM ; <user_id> |
event.type | string | stable The unique type identifier of a given event. Tags: permission | VULNERABILITY_STATUS_CHANGE_EVENT ; VULNERABILITY_ASSESSMENT_CHANGE_EVENT ; VULNERABILITY_IMPACT_CHANGE_EVENT |
timestamp | timestamp | stable The time (UNIX Epoch time in nanoseconds) when the event originated, typically when it was created by the source. | 1649822520123123123 |
Entity change events: Vulnerability data
This section contains information about the vulnerability at the entity level and its global parent, as well as its previous values.
Attribute | Type | Description | Examples |
---|---|---|---|
vulnerability.code_location.name | string | stable Name of the code location where the code-level vulnerability was detected. | org.dynatrace.profileservice.BioController.markdownToHtml(String):80 |
vulnerability.cvss.base_score | double | stable Vulnerability's CVSS base score provided by NVD. | 8.1 |
vulnerability.cvss.version | string | stable Vulnerability's CVSS score version. | 3.1 |
vulnerability.davis_assessment.assessment_mode | string | stable Availability of the information based on which the assessment of the vulnerability at the entity level has been done. | FULL ; NOT_AVAILABLE ; REDUCED |
vulnerability.davis_assessment.data_assets_status | string | stable Affected entity's reachability by a database. | NOT_AVAILABLE ; NOT_DETECTED ; REACHABLE |
vulnerability.davis_assessment.exploit_status | string | stable Public exploits status of the vulnerability at the entity level. | AVAILABLE ; NOT_AVAILABLE |
vulnerability.davis_assessment.exposure_status | string | stable Internet exposure status of the vulnerability at the entity level. | NOT_AVAILABLE ; NOT_DETECTED ; PUBLIC_NETWORK |
vulnerability.davis_assessment.level | string | stable Risk level, based on Davis Security Score, of the vulnerability at the entity level. | LOW ; MEDIUM ; HIGH ; CRITICAL |
vulnerability.davis_assessment.score | double | stable Davis Security Score (1-10) calculated by Dynatrace for the vulnerability at the entity level. | 8.1 |
vulnerability.davis_assessment.vulnerable_function_status | string | stable Usage status of the vulnerable functions causing the vulnerability at the entity level. | IN_USE ; NOT_AVAILABLE ; NOT_IN_USE |
vulnerability.description | string | stable Description of the vulnerability. | More detailed description about improper input validation vulnerability. |
vulnerability.display_id | string | stable Dynatrace user-readable identifier for the vulnerability. | S-1234 |
vulnerability.external_id | string | stable External provider's unique identifier for the vulnerability. | SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30646 |
vulnerability.external_url | string | stable External provider's URL to the details page of the vulnerability. | https://example.com |
vulnerability.first_seen | timestamp | stable Timestamp of when the vulnerability at the entity level was first detected. | 2023-03-22T13:19:36.945Z |
vulnerability.id | string | stable Dynatrace unique identifier for the vulnerability. | 2039861408676243188 |
vulnerability.mute.change_date | timestamp | stable Timestamp of the last muted or unmuted action of the vulnerability at the entity level. | 2023-03-22T13:19:36.945Z |
vulnerability.mute.reason | string | stable Reason for muting or unmuting the vulnerability at the entity level. | FALSE_POSITIVE ; IGNORE ; AFFECTED ; CONFIGURATION_NOT_AFFECTED ; FALSE_POSITIVE ; OTHER |
vulnerability.mute.status | string | stable Mute status of the vulnerability at the entity level. | MUTED ; NOT_MUTED |
vulnerability.mute.user | string | stable User who last changed the mute status of the vulnerability at the entity level. | user@example.com |
vulnerability.parent.davis_assessment.assessment_mode | string | stable Availability of the information based on which the vulnerability assessment has been done. | FULL ; NOT_AVAILABLE ; REDUCED |
vulnerability.parent.davis_assessment.data_assets_status | string | stable Vulnerability's reachability of related data assets by affected entities. | NOT_AVAILABLE ; NOT_DETECTED ; REACHABLE |
vulnerability.parent.davis_assessment.exposure_status | string | stable Vulnerability's internet exposure status. | NOT_AVAILABLE ; NOT_DETECTED ; PUBLIC_NETWORK |
vulnerability.parent.davis_assessment.level | string | stable Vulnerability's Davis Security Score level. | LOW ; MEDIUM ; HIGH ; CRITICAL |
vulnerability.parent.davis_assessment.score | double | stable Vulnerability's Davis Security Score (1-10) calculated by Dynatrace. | 8.1 |
vulnerability.parent.davis_assessment.vulnerable_function_status | string | stable Usage status of vulnerable functions causing the vulnerability. Status is IN_USE when there's at least one vulnerable function in use by an application. | IN_USE ; NOT_AVAILABLE ; NOT_IN_USE |
vulnerability.parent.first_seen | string | stable Timestamp of when the vulnerability was first detected. | 2023-03-22T13:19:36.945Z |
vulnerability.parent.mute.change_date | timestamp | stable Timestamp of the last mute or unmute action of the vulnerability. | 2023-03-22T13:19:36.945Z |
vulnerability.parent.mute.reason | string | stable Reason for muting or unmuting the vulnerability. | FALSE_POSITIVE ; IGNORE ; AFFECTED ; CONFIGURATION_NOT_AFFECTED ; FALSE_POSITIVE ; OTHER |
vulnerability.parent.mute.status | string | stable Vulnerability's mute status. | MUTED ; NOT_MUTED |
vulnerability.parent.mute.user | string | stable User who last changed the vulnerability's mute status. | user@example.com |
vulnerability.parent.resolution.change_date | string | stable Timestamp of the vulnerability's last status change. | 2023-03-22T13:19:37.466Z |
vulnerability.parent.resolution.status | string | stable Current status of the vulnerability. | OPEN ; RESOLVED |
vulnerability.parent.risk.level | string | stable Vulnerability's risk score level defined by the provider. For Dynatrace, the Davis Security Score level. | LOW ; MEDIUM ; HIGH ; CRITICAL |
vulnerability.parent.risk.score | double | stable Vulnerability's risk score defined by the provider. For Dynatrace, Davis Security Score. | 8.1 |
vulnerability.previous.cvss.base_score | double | stable Vulnerability's previous CVSS base score (in case the CVSS base score has changed). | 8.1 |
vulnerability.previous.davis_assessment.data_assets_status | string | stable Vulnerability's previous reachability of related data assets by affected entities (in case the reachability has changed). | NOT_AVAILABLE ; NOT_DETECTED ; REACHABLE |
vulnerability.previous.davis_assessment.exploit_status | string | stable Vulnerability's previous public exploit status (in case the public exploit status has changed). | AVAILABLE ; NOT_AVAILABLE |
vulnerability.previous.davis_assessment.exposure_status | string | stable Vulnerability's previous internet exposure status (in case the internet exposure status has changed). | NOT_AVAILABLE ; NOT_DETECTED ; PUBLIC_NETWORK |
vulnerability.previous.davis_assessment.level | string | stable Vulnerability's previous risk level (in case the risk level has changed). | LOW ; MEDIUM ; HIGH ; CRITICAL |
vulnerability.previous.davis_assessment.score | double | stable Vulnerability's previous Davis Security Score (in case Davis Security Score has changed). | 8.1 |
vulnerability.previous.davis_assessment.vulnerable_function_status | string | stable Vulnerability's previous vulnerable function status (in case the vulnerable function status has changed). | IN_USE ; NOT_AVAILABLE ; NOT_IN_USE |
vulnerability.previous.mute.change_date | string | stable Timestamp of the vulnerability's previous mute status (in case the mute status has changed). | 2023-03-22T13:19:36.945Z |
vulnerability.previous.mute.reason | string | stable Reason for last muting or unmuting the vulnerability (in case the reason for muting or unmuting the vulnerability has changed). | Muted: False positive |
vulnerability.previous.mute.status | string | stable Vulnerability's previous mute status (in case the mute status has changed). | MUTED ; NOT_MUTED |
vulnerability.previous.mute.user | string | stable User who last changed the vulnerability's mute status (in case the mute status was last changed by a different user). | user@example.com |
vulnerability.previous.resolution.status | string | stable Vulnerability's previous resolution status (in case the resolution status has changed). | OPEN ; RESOLVED |
vulnerability.previous.risk.level | string | stable Vulnerability's previous risk score level (in case the risk score level has changed). | LOW ; MEDIUM ; HIGH ; CRITICAL |
vulnerability.previous.risk.score | double | stable Vulnerability's previous risk score (in case the risk score has changed). | 8.1 |
vulnerability.references.cve | string[] | stable List of the vulnerability's CVE IDs. | [CVE-2021-41079] |
vulnerability.references.cwe | string[] | stable List of the vulnerability's CWE IDs. | [CWE-20] |
vulnerability.references.owasp | string[] | stable List of vulnerability's OWASP IDs. | [2021:A3] |
vulnerability.resolution.change_date | timestamp | stable Timestamp of the vulnerability's last status change. | 2023-03-22T13:19:37.466Z |
vulnerability.resolution.status | string | stable Resolution status of the vulnerability at the entity level. | OPEN ; RESOLVED |
vulnerability.risk.level | string | stable Vulnerability's risk score level defined by the provider at the entity level. For Dynatrace, the Davis Security Score level. | LOW ; MEDIUM ; HIGH ; CRITICAL |
vulnerability.risk.scale | string | stable Scale by which the risk score and risk score level defined by the provider for the vulnerability at the entity level are measured. | Davis Security Score |
vulnerability.risk.score | double | stable Risk score defined by the provider for the vulnerability at the entity level. For Dynatrace, Davis Security Score. | 8.1 |
vulnerability.stack | string | experimental Level of the vulnerable component in the technological stack. | CODE ; CODE_LIBRARY ; SOFTWARE ; CONTAINER_ORCHESTRATION |
vulnerability.technology | string | stable Technology of the vulnerable component. | JAVA ; DOT_NET ; GO ; PHP ; NODE_JS ; KUBERNETES |
vulnerability.title | string | stable Title of the vulnerability. | Improper Input Validation |
vulnerability.type | string | stable Classification of the vulnerability based on commonly accepted enums, such as CWE. | Improper Input Validation |
vulnerability.url | string | stable Dynatrace URL to the details page of the vulnerability. | | https://example.com |
Entity change events: Environmental data
This section contains information about the vulnerability's affected entity and related entities.
Affected entity
Attribute | Type | Description | Examples |
---|---|---|---|
affected_entity.affected_processes.ids | array | stable IDs of the processes that are currently affected by the vulnerability. | PROCESS_GROUP_INSTANCE-1 |
affected_entity.affected_processes.names | array | stable Names of the processes that are currently affected by the vulnerability. | prod_process_group_instance_1 |
affected_entity.id | string | stable ID of the affected entity. | PROCESS_GROUP-1 ; HOST-1 |
affected_entity.management_zones.ids | array | stable IDs of the management zones to which the affected entity belongs. | mzid1 |
affected_entity.management_zones.names | array | stable Names of the management zones to which the affected entity belongs. | mz1 |
affected_entity.name | string | stable Name of the affected entity. | prod_process_group_1 ; prod_host |
affected_entity.type | string | stable Type of affected entity. | PROCESS_GROUP ; HOST |
affected_entity.vulnerable_component.id | string | stable ID of the vulnerable component causing the vulnerability. | SOFTWARE_COMPONENT-D8FCFFB4FDF7A3FF |
affected_entity.vulnerable_component.name | string | stable Name of the vulnerable component causing the vulnerability. | log4j-core-2.6.2.jar |
affected_entity.vulnerable_component.short_name | string | stable Short name of the vulnerable component causing the vulnerability. | log4j |
affected_entity.vulnerable_functions | array | stable Vulnerable functions detected, containing or causing the vulnerability. | org.springframework.beans.CachedIntrospectionResults:init ; java.lang.ProcessBuilder.<init>(String[]) ; (*DB).queryDC() (/usr/local/go/src/database/sql/sql.go) |
Related entities
Attribute | Type | Description | Examples |
---|---|---|---|
related_entities.applications.count | long | stable Number of related applications. | 1 |
related_entities.applications.ids | array | stable IDs of the applications related to the vulnerability's affected entities. | APPLICATION-1 |
related_entities.applications.names | array | stable Names of the applications related to the vulnerability's affected entities. | prod_application_1 |
related_entities.databases.count | long | stable Number of related databases. | 1 |
related_entities.databases.ids | array | stable IDs of the databases related to the vulnerability's affected entities. | DATABASE-1 |
related_entities.databases.names | array | stable Names of the databases related to the vulnerability's affected entities. | prod_database_1 |
related_entities.hosts.count | long | stable Number of related hosts. | 1 |
related_entities.hosts.ids | array | stable IDs of the hosts related to the vulnerability's affected entities. | HOST-1 |
related_entities.hosts.names | array | stable Names of the hosts related to the vulnerability's affected entities. | prod_host_1 |
related_entities.kubernetes_clusters.count | long | stable Number of related Kubernetes clusters. | 1 |
related_entities.kubernetes_clusters.ids | array | stable IDs of the Kubernetes clusters related to the vulnerability's affected entities. | KUBERNETES_CLUSTER-1 |
related_entities.kubernetes_clusters.names | array | stable Names of the Kubernetes clusters related to the vulnerability's affected entities. | prod_kubernetes_cluster_1 |
related_entities.kubernetes_workloads.count | long | stable Number of related Kubernetes workloads. | 1 |
related_entities.kubernetes_workloads.ids | array | stable IDs of the Kubernetes workloads related to the vulnerability's affected entities. | KUBERNETES_WORKLOAD-1 |
related_entities.kubernetes_workloads.names | array | stable Names of the Kubernetes workloads related to the vulnerability's affected entities. | prod_kubernetes_workload_1 |
related_entities.services.count | long | stable Number of related services. | 1 |
related_entities.services.ids | array | stable IDs of the services related to the vulnerability's affected entities. | SERVICE-1 |
related_entities.services.names | array | stable Names of the services related to the vulnerability's affected entities. | prod_service_1 |
Entity state events
Entity state events are historical vulnerability states reported at the entity level. The current vulnerability state per entity is exported to Grail regularly.
fetch events| filter event.kind == "SECURITY_EVENT"| filter event.category == "VULNERABILITY_MANAGEMENT"| filter event.type == "VULNERABILITY_STATE_REPORT_EVENT"| filter event.level == "ENTITY"
Entity state: Event data
This section contains general event information.
Attribute | Type | Description | Examples |
---|---|---|---|
event.category | string | stable Categorization based on the product and data generating this event. | VULNERABILITY_MANAGEMENT |
event.description | string | stable The human readable description text of an event. | S-49 Remote Code Execution state event reported |
event.group_label | string | experimental Group label of an event. | STATE_REPORT |
event.kind | string | stable Gives high-level information about what kind of information the event contains, without being specific to the contents of the event. Helps to determine the record type of a raw event. Tags: permission | SECURITY_EVENT |
event.level | string | stable Main reference point to which the event or data is related. Possible values are Vulnerability (shows the global aggregation across the entire environment and comprises all entities and management zones) and Entity (shows the assessment based on the entity itself). | ENTITY |
event.name | string | stable The human readable display name of an event type. | Vulnerability historical state report event |
event.provider | string | stable Source of the event, for example the name of the component or system that generated the event. Tags: permission | OneAgent ; K8S ; Davis ; VMWare ; GCP ; AWS ; LIMA_USAGE_STREAM |
event.provider_product | string | stable Name of the product providing this event. | Runtime Vulnerability Analytics ; Snyk Container |
event.status | string | stable Status of an event as being either Active or Closed. | OPEN ; RESOLVED ; MUTED |
event.type | string | stable The unique type identifier of a given event. Tags: permission | VULNERABILITY_STATE_REPORT_EVENT |
timestamp | timestamp | stable The time (UNIX Epoch time in nanoseconds) when the event originated, typically when it was created by the source. | 1649822520123123123 |
Entity state: Vulnerability data
This section contains information about the vulnerability at the entity level and its global vulnerability, with a focus on the affected entities.
Attribute | Type | Description | Examples |
---|---|---|---|
vulnerability.code_location.name | string | stable Name of the code location where the code-level vulnerability was detected. | org.dynatrace.profileservice.BioController.markdownToHtml(String):80 |
vulnerability.cvss.base_score | double | stable Vulnerability's CVSS base score provided by NVD. | 8.1 |
vulnerability.cvss.version | string | stable Vulnerability's CVSS score version. | 3.1 |
vulnerability.davis_assessment.assessment_mode | string | stable Availability of the information based on which the assessment of the vulnerability at the entity level has been done. | FULL ; NOT_AVAILABLE ; REDUCED |
vulnerability.davis_assessment.data_assets_status | string | stable Affected entity's reachability by a database. | NOT_AVAILABLE ; NOT_DETECTED ; REACHABLE |
vulnerability.davis_assessment.exploit_status | string | stable Public exploits status of the vulnerability at the entity level. | AVAILABLE ; NOT_AVAILABLE |
vulnerability.davis_assessment.exposure_status | string | stable Internet exposure status of the vulnerability at the entity level. | NOT_AVAILABLE ; NOT_DETECTED ; PUBLIC_NETWORK |
vulnerability.davis_assessment.level | string | stable Risk level, based on Davis Security Score, of the vulnerability at the entity level. | LOW ; MEDIUM ; HIGH ; CRITICAL |
vulnerability.davis_assessment.score | double | stable Davis Security Score (1-10) calculated by Dynatrace for the vulnerability at the entity level. | 8.1 |
vulnerability.davis_assessment.vulnerable_function_status | string | stable Usage status of the vulnerable functions causing the vulnerability at the entity level. | IN_USE ; NOT_AVAILABLE ; NOT_IN_USE |
vulnerability.description | string | stable Description of the vulnerability. | More detailed description about improper input validation vulnerability. |
vulnerability.display_id | string | stable Dynatrace user-readable identifier for the vulnerability. | S-1234 |
vulnerability.external_id | string | stable External provider's unique identifier for the vulnerability. | SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30646 |
vulnerability.external_url | string | stable External provider's URL to the details page of the vulnerability. | https://example.com |
vulnerability.id | string | stable Dynatrace unique identifier for the vulnerability. | 2039861408676243188 |
vulnerability.mute.change_date | timestamp | stable Timestamp of the last muted or unmuted action of the vulnerability at the entity level. | 2023-03-22T13:19:36.945Z |
vulnerability.mute.reason | string | stable Reason for muting or unmuting the vulnerability at the entity level. | FALSE_POSITIVE ; IGNORE ; AFFECTED ; CONFIGURATION_NOT_AFFECTED ; FALSE_POSITIVE ; OTHER |
vulnerability.mute.status | string | stable Mute status of the vulnerability at the entity level. | MUTED ; NOT_MUTED |
vulnerability.mute.user | string | stable User who last changed the mute status of the vulnerability at the entity level. | user@example.com |
vulnerability.parent.davis_assessment.assessment_mode | string | stable Availability of the information based on which the vulnerability assessment has been done. | FULL ; NOT_AVAILABLE ; REDUCED |
vulnerability.parent.davis_assessment.data_assets_status | string | stable Vulnerability's reachability of related data assets by affected entities. | NOT_AVAILABLE ; NOT_DETECTED ; REACHABLE |
vulnerability.parent.davis_assessment.exposure_status | string | stable Vulnerability's internet exposure status. | NOT_AVAILABLE ; NOT_DETECTED ; PUBLIC_NETWORK |
vulnerability.parent.davis_assessment.level | string | stable Vulnerability's Davis Security Score level. | LOW ; MEDIUM ; HIGH ; CRITICAL |
vulnerability.parent.davis_assessment.score | double | stable Vulnerability's Davis Security Score (1-10) calculated by Dynatrace. | 8.1 |
vulnerability.parent.davis_assessment.vulnerable_function_status | string | stable Usage status of vulnerable functions causing the vulnerability. Status is IN_USE when there's at least one vulnerable function in use by an application. | IN_USE ; NOT_AVAILABLE ; NOT_IN_USE |
vulnerability.parent.first_seen | string | stable Timestamp of when the vulnerability was first detected. | 2023-03-22T13:19:36.945Z |
vulnerability.parent.mute.change_date | timestamp | stable Timestamp of the last mute or unmute action of the vulnerability. | 2023-03-22T13:19:36.945Z |
vulnerability.parent.mute.reason | string | stable Reason for muting or unmuting the vulnerability. | FALSE_POSITIVE ; IGNORE ; AFFECTED ; CONFIGURATION_NOT_AFFECTED ; FALSE_POSITIVE ; OTHER |
vulnerability.parent.mute.status | string | stable Vulnerability's mute status. | MUTED ; NOT_MUTED |
vulnerability.parent.mute.user | string | stable User who last changed the vulnerability's mute status. | user@example.com |
vulnerability.parent.resolution.change_date | string | stable Timestamp of the vulnerability's last status change. | 2023-03-22T13:19:37.466Z |
vulnerability.parent.resolution.status | string | stable Current status of the vulnerability. | OPEN ; RESOLVED |
vulnerability.parent.risk.level | string | stable Vulnerability's risk score level defined by the provider. For Dynatrace, the Davis Security Score level. | LOW ; MEDIUM ; HIGH ; CRITICAL |
vulnerability.parent.risk.score | double | stable Vulnerability's risk score defined by the provider. For Dynatrace, Davis Security Score. | 8.1 |
vulnerability.references.cve | string[] | stable List of the vulnerability's CVE IDs. | [CVE-2021-41079] |
vulnerability.references.cwe | string[] | stable List of the vulnerability's CWE IDs. | [CWE-20] |
vulnerability.references.owasp | string[] | stable List of vulnerability's OWASP IDs. | [2021:A3] |
vulnerability.resolution.status | string | stable Resolution status of the vulnerability at the entity level. | OPEN ; RESOLVED |
vulnerability.risk.level | string | stable Vulnerability's risk score level defined by the provider at the entity level. For Dynatrace, the Davis Security Score level. | LOW ; MEDIUM ; HIGH ; CRITICAL |
vulnerability.risk.scale | string | stable Scale by which the risk score and risk score level defined by the provider for the vulnerability at the entity level are measured. | Davis Security Score |
vulnerability.risk.score | double | stable Risk score defined by the provider for the vulnerability at the entity level. For Dynatrace, Davis Security Score. | 8.1 |
vulnerability.stack | string | experimental Level of the vulnerable component in the technological stack. | CODE ; CODE_LIBRARY ; SOFTWARE ; CONTAINER_ORCHESTRATION |
vulnerability.technology | string | stable Technology of the vulnerable component. | JAVA ; DOT_NET ; GO ; PHP ; NODE_JS ; KUBERNETES |
vulnerability.title | string | stable Title of the vulnerability. | Improper Input Validation |
vulnerability.type | string | stable Classification of the vulnerability based on commonly accepted enums, such as CWE. | Improper Input Validation |
vulnerability.url | string | stable Dynatrace URL to the details page of the vulnerability. | | https://example.com |
Entity state: Environmental data
This section contains information about the vulnerability's affected and related entities.
Affected entities
Attribute | Type | Description | Examples |
---|---|---|---|
affected_entity.affected_processes.ids | array | stable IDs of the processes that are currently affected by the vulnerability. | PROCESS_GROUP_INSTANCE-1 |
affected_entity.affected_processes.names | array | stable Names of the processes that are currently affected by the vulnerability. | prod_process_group_instance_1 |
affected_entity.id | string | stable ID of the affected entity. | PROCESS_GROUP-1 ; HOST-1 |
affected_entity.management_zones.ids | array | stable IDs of the management zones to which the affected entity belongs. | mzid1 |
affected_entity.management_zones.names | array | stable Names of the management zones to which the affected entity belongs. | mz1 |
affected_entity.name | string | stable Name of the affected entity. | prod_process_group_1 ; prod_host |
affected_entity.type | string | stable Type of affected entity. | PROCESS_GROUP ; HOST |
affected_entity.vulnerable_component.id | string | stable ID of the vulnerable component causing the vulnerability. | SOFTWARE_COMPONENT-D8FCFFB4FDF7A3FF |
affected_entity.vulnerable_component.name | string | stable Name of the vulnerable component causing the vulnerability. | log4j-core-2.6.2.jar |
affected_entity.vulnerable_component.short_name | string | stable Short name of the vulnerable component causing the vulnerability. | log4j |
affected_entity.vulnerable_functions | array | stable Vulnerable functions detected, containing or causing the vulnerability. | org.springframework.beans.CachedIntrospectionResults:init ; java.lang.ProcessBuilder.<init>(String[]) ; (*DB).queryDC() (/usr/local/go/src/database/sql/sql.go) |
Related entities
Attribute | Type | Description | Examples |
---|---|---|---|
related_entities.applications.count | long | stable Number of related applications. | 1 |
related_entities.applications.ids | array | stable IDs of the applications related to the vulnerability's affected entities. | APPLICATION-1 |
related_entities.applications.names | array | stable Names of the applications related to the vulnerability's affected entities. | prod_application_1 |
related_entities.databases.count | long | stable Number of related databases. | 1 |
related_entities.databases.ids | array | stable IDs of the databases related to the vulnerability's affected entities. | DATABASE-1 |
related_entities.databases.names | array | stable Names of the databases related to the vulnerability's affected entities. | prod_database_1 |
related_entities.hosts.count | long | stable Number of related hosts. | 1 |
related_entities.hosts.ids | array | stable IDs of the hosts related to the vulnerability's affected entities. | HOST-1 |
related_entities.hosts.names | array | stable Names of the hosts related to the vulnerability's affected entities. | prod_host_1 |
related_entities.kubernetes_clusters.count | long | stable Number of related Kubernetes clusters. | 1 |
related_entities.kubernetes_clusters.ids | array | stable IDs of the Kubernetes clusters related to the vulnerability's affected entities. | KUBERNETES_CLUSTER-1 |
related_entities.kubernetes_clusters.names | array | stable Names of the Kubernetes clusters related to the vulnerability's affected entities. | prod_kubernetes_cluster_1 |
related_entities.kubernetes_workloads.count | long | stable Number of related Kubernetes workloads. | 1 |
related_entities.kubernetes_workloads.ids | array | stable IDs of the Kubernetes workloads related to the vulnerability's affected entities. | KUBERNETES_WORKLOAD-1 |
related_entities.kubernetes_workloads.names | array | stable Names of the Kubernetes workloads related to the vulnerability's affected entities. | prod_kubernetes_workload_1 |
related_entities.services.count | long | stable Number of related services. | 1 |
related_entities.services.ids | array | stable IDs of the services related to the vulnerability's affected entities. | SERVICE-1 |
related_entities.services.names | array | stable Names of the services related to the vulnerability's affected entities. | prod_service_1 |
Vulnerability change events
Vulnerability change events are change events at the vulnerability level. An event is generated whenever a vulnerability undergoes a status or assessment change.
fetch events| filter event.kind == "SECURITY_EVENT"| filter event.category == "VULNERABILITY_MANAGEMENT"| filter event.type == "VULNERABILITY_STATUS_CHANGE_EVENT"fetch events| filter event.kind == "SECURITY_EVENT"| filter event.category == "VULNERABILITY_MANAGEMENT"| filter event.type == "VULNERABILITY_ASSESSMENT_CHANGE_EVENT"fetch events| filter event.kind == "SECURITY_EVENT"| filter event.category == "VULNERABILITY_MANAGEMENT"| filter event.type == "VULNERABILITY_IMPACT_CHANGE_EVENT"
Vulnerability state: Event data
This section contains general event information.
Attribute | Type | Description | Examples |
---|---|---|---|
event.category | string | stable Standard categorization based on the significance of an event according to the ITIL event management standard (previously known as severity level ). | VULNERABILITY_MANAGEMENT |
event.change_list | array | stable List of attributes updated as part of the change event. Values in the list match a previous field. | vulnerability.risk.score ; affected_entities.count ; related_entities.databases.count |
event.description | string | stable The human readable description text of an event. | S-49 Remote Code Execution status has changed to OPEN. ; S-49 Remote Code Execution assessment has changed. ; S-49 Remote Code Execution environment impact has changed. |
event.group_label | string | experimental Group label of an event. | CHANGE_EVENT |
event.kind | string | stable Gives high-level information about what kind of information the event contains, without being specific to the contents of the event. Helps to determine the record type of a raw event. Tags: permission | SECURITY_EVENT |
event.level | string | stable Main reference point to which the event or data is related. Possible values are Vulnerability (shows the global aggregation across the entire environment and comprises all entities and management zones) and Entity (shows the assessment based on the entity itself). | VULNERABILITY |
event.name | string | stable The human readable display name of an event type. | Vulnerability status change event ; Vulnerability assessment change event ; Vulnerability impact change event |
event.provider | string | stable Source of the event, for example the name of the component or system that generated the event. Tags: permission | Dynatrace |
event.provider_product | string | stable Name of the product providing this event. | Runtime Vulnerability Analytics ; Snyk Container |
event.status | string | stable Status of an event as being either Active or Closed. | OPEN ; RESOLVED ; MUTED |
event.status_transition | string | experimental An enum that shows the transition of the above event state. | NEW_OPEN ; REOPEN ; CLOSE ; MUTE ; UNMUTE |
event.trigger.type | string | stable Type of event trigger (for example, whether it was generated by the system, ingested via API, or triggered by the user). | DT_PLATFORM ; USER_ACTION |
event.trigger.user | string | stable ID of the user who triggered the event. If generated by Dynatrace, the value is SYSTEM . | SYSTEM ; <user_id> |
event.type | string | stable The unique type identifier of a given event. Tags: permission | VULNERABILITY_STATUS_CHANGE_EVENT ; VULNERABILITY_ASSESSMENT_CHANGE_EVENT ; VULNERABILITY_IMPACT_CHANGE_EVENT |
timestamp | timestamp | stable The time (UNIX Epoch time in nanoseconds) when the event originated, typically when it was created by the source. | 1649822520123123123 |
Vulnerability state: Vulnerability data
This section contains information about the vulnerability and its status and assessment changes.
Attribute | Type | Description | Examples |
---|---|---|---|
vulnerability.cvss.base_score | double | stable Vulnerability's CVSS base score provided by NVD. | 8.1 |
vulnerability.cvss.version | string | stable Vulnerability's CVSS score version. | 3.1 |
vulnerability.davis_assessment.assessment_mode | string | stable Availability of the information based on which the vulnerability assessment has been done. | FULL ; NOT_AVAILABLE ; REDUCED |
vulnerability.davis_assessment.data_assets_status | string | stable Vulnerability's reachability of related data assets by affected entities. | NOT_AVAILABLE ; NOT_DETECTED ; REACHABLE |
vulnerability.davis_assessment.exploit_status | string | stable Vulnerability's public exploits status. | AVAILABLE ; NOT_AVAILABLE |
vulnerability.davis_assessment.exposure_status | string | stable Vulnerability's internet exposure status. | NOT_AVAILABLE ; NOT_DETECTED ; PUBLIC_NETWORK |
vulnerability.davis_assessment.level | string | stable Vulnerability's risk level based on Davis Security Score. | LOW ; MEDIUM ; HIGH ; CRITICAL |
vulnerability.davis_assessment.score | double | stable Vulnerability's Davis Security Score (1-10) calculated by Dynatrace. | 8.1 |
vulnerability.davis_assessment.vulnerable_function_status | string | stable Usage status of the vulnerable functions causing the vulnerability. | IN_USE ; NOT_AVAILABLE ; NOT_IN_USE |
vulnerability.description | string | stable Description of the vulnerability. | More detailed description about improper input validation vulnerability. |
vulnerability.display_id | string | stable Dynatrace user-readable identifier for the vulnerability. | S-1234 |
vulnerability.external_id | string | stable External provider's unique identifier for the vulnerability. | SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30646 |
vulnerability.external_url | string | stable External provider's URL to the details page of the vulnerability. | https://example.com |
vulnerability.first_seen | timestamp | stable Timestamp of when the vulnerability was first detected. | 2023-03-22T13:19:36.945Z |
vulnerability.id | string | stable Dynatrace unique identifier for the vulnerability. | 2039861408676243188 |
vulnerability.mute.change_date | timestamp | stable Timestamp of the vulnerability's last muted or unmuted action. | 2023-03-22T13:19:36.945Z |
vulnerability.mute.reason | string | stable Reason for muting or unmuting the vulnerability. | FALSE_POSITIVE ; IGNORE ; AFFECTED ; CONFIGURATION_NOT_AFFECTED ; FALSE_POSITIVE ; OTHER |
vulnerability.mute.status | string | stable Vulnerability's mute status. | MUTED ; NOT_MUTED |
vulnerability.mute.user | string | stable User who last changed the vulnerability's mute status. | user@example.com |
vulnerability.previous.cvss.base_score | double | stable Vulnerability's previous CVSS base score (in case the CVSS base score has changed). | 8.1 |
vulnerability.previous.davis_assessment.data_assets_status | string | stable Vulnerability's previous reachability of related data assets by affected entities (in case the reachability has changed). | NOT_AVAILABLE ; NOT_DETECTED ; REACHABLE |
vulnerability.previous.davis_assessment.exploit_status | string | stable Vulnerability's previous public exploit status (in case the public exploit status has changed). | AVAILABLE ; NOT_AVAILABLE |
vulnerability.previous.davis_assessment.exposure_status | string | stable Vulnerability's previous internet exposure status (in case the internet exposure status has changed). | NOT_AVAILABLE ; NOT_DETECTED ; PUBLIC_NETWORK |
vulnerability.previous.davis_assessment.level | string | stable Vulnerability's previous risk level (in case the risk level has changed). | LOW ; MEDIUM ; HIGH ; CRITICAL |
vulnerability.previous.davis_assessment.score | double | stable Vulnerability's previous Davis Security Score (in case Davis Security Score has changed). | 8.1 |
vulnerability.previous.davis_assessment.vulnerable_function_status | string | stable Vulnerability's previous vulnerable function status (in case the vulnerable function status has changed). | IN_USE ; NOT_AVAILABLE ; NOT_IN_USE |
vulnerability.previous.mute.change_date | string | stable Timestamp of the vulnerability's previous mute status (in case the mute status has changed). | 2023-03-22T13:19:36.945Z |
vulnerability.previous.mute.reason | string | stable Reason for last muting or unmuting the vulnerability (in case the reason for muting or unmuting the vulnerability has changed). | Muted: False positive |
vulnerability.previous.mute.status | string | stable Vulnerability's previous mute status (in case the mute status has changed). | MUTED ; NOT_MUTED |
vulnerability.previous.mute.user | string | stable User who last changed the vulnerability's mute status (in case the mute status was last changed by a different user). | user@example.com |
vulnerability.previous.resolution.status | string | stable Vulnerability's previous resolution status (in case the resolution status has changed). | OPEN ; RESOLVED |
vulnerability.previous.risk.level | string | stable Vulnerability's previous risk score level (in case the risk score level has changed). | LOW ; MEDIUM ; HIGH ; CRITICAL |
vulnerability.previous.risk.score | double | stable Vulnerability's previous risk score (in case the risk score has changed). | 8.1 |
vulnerability.references.cve | string[] | stable List of the vulnerability's CVE IDs. | [CVE-2021-41079] |
vulnerability.references.cwe | string[] | stable List of the vulnerability's CWE IDs. | [CWE-20] |
vulnerability.references.owasp | string[] | stable List of vulnerability's OWASP IDs. | [2021:A3] |
vulnerability.resolution.change_date | timestamp | stable Timestamp of the vulnerability's last status change. | 2023-03-22T13:19:37.466Z |
vulnerability.resolution.status | string | stable Vulnerability's resolution status. | OPEN ; RESOLVED |
vulnerability.risk.level | string | stable Vulnerability's risk score level defined by the provider. For Dynatrace, the Davis Security Score level. | LOW ; MEDIUM ; HIGH ; CRITICAL |
vulnerability.risk.scale | string | stable Scale by which the vulnerability's risk score and risk score level defined by the provider are measured. | Davis Security Score |
vulnerability.risk.score | double | stable Vulnerability's risk score defined by the provider. For Dynatrace, Davis Security Score. | 8.1 |
vulnerability.stack | string | experimental Level of the vulnerable component in the technological stack. | CODE ; CODE_LIBRARY ; SOFTWARE ; CONTAINER_ORCHESTRATION |
vulnerability.technology | string | stable Technology of the vulnerable component. | JAVA ; DOT_NET ; GO ; PHP ; NODE_JS ; KUBERNETES |
vulnerability.title | string | stable Title of the vulnerability. | Improper Input Validation |
vulnerability.type | string | stable Classification of the vulnerability based on commonly accepted enums, such as CWE. | Improper Input Validation |
vulnerability.url | string | stable Dynatrace URL to the details page of the vulnerability. | | https://example.com |
Vulnerability change: Environmental data
Affected entities
This section contains information on changes regarding vulnerability's affected entities.
Attribute | Type | Description | Examples |
---|---|---|---|
affected_entities.count | long | stable Number of affected entities. | 1 |
affected_entities.hosts.count | long | stable Number of affected hosts. | 2 |
affected_entities.kubernetes_nodes.count | long | stable Number of affected nodes. | 2 |
affected_entities.previous.count | long | stable Number of affected entities before the last change event. | 1 |
affected_entities.previous.hosts.count | long | stable Number of affected hosts before the last change event. | 5 |
affected_entities.previous.kubernetes_nodes.count | long | stable Number of affected Kubernetes nodes before the last change event. | 5 |
affected_entities.previous.process_groups.count | long | stable Number of affected process groups before the last change event. | 2 |
affected_entities.process_groups.count | long | stable Number of affected process groups. | 2 |
affected_entities.types | array | stable Types of affected entities. | PROCESS_GROUP ; HOST |
Related entities
This section contains information on changes regarding vulnerability's related entities.
Attribute | Type | Description | Examples |
---|---|---|---|
related_entities.applications.count | long | stable Number of related applications. | 1 |
related_entities.databases.count | long | stable Number of related databases. | 1 |
related_entities.hosts.count | long | stable Number of related hosts. | 1 |
related_entities.kubernetes_clusters.count | long | stable Number of related Kubernetes clusters. | 1 |
related_entities.kubernetes_workloads.count | long | stable Number of related Kubernetes workloads. | 1 |
related_entities.previous.databases.count | long | stable Number of related databases before the last change event. | 1 |
related_entities.services.count | long | stable Number of related services. | 1 |
Vulnerability state events
Vulnerability state events are historical states at the vulnerability level. The current vulnerability state is exported to Grail regularly.
fetch events| filter event.kind == "SECURITY_EVENT"| filter event.category == "VULNERABILITY_MANAGEMENT"| filter event.type == "VULNERABILITY_STATE_REPORT_EVENT"| filter event.level == "VULNERABILITY"
Vulnerability state: Event data
This section contains general event information.
Attribute | Type | Description | Examples |
---|---|---|---|
event.category | string | stable Categorization based on the product and data generating this event. | VULNERABILITY_MANAGEMENT |
event.description | string | stable The human readable description text of an event. | S-49 Remote Code Execution state event reported |
event.group_label | string | experimental Group label of an event. | STATE_REPORT |
event.kind | string | stable Gives high-level information about what kind of information the event contains, without being specific to the contents of the event. Helps to determine the record type of a raw event. Tags: permission | SECURITY_EVENT |
event.level | string | stable Main reference point to which the event or data is related. Possible values are Vulnerability (shows the global aggregation across the entire environment and comprises all entities and management zones) and Entity (shows the assessment based on the entity itself). | VULNERABILITY |
event.name | string | stable The human readable display name of an event type. | Vulnerability historical state report event |
event.provider | string | stable Source of the event, for example the name of the component or system that generated the event. Tags: permission | Dynatrace ; Snyk |
event.provider_product | string | stable Name of the product providing this event. | Runtime Vulnerability Analytics ; Snyk Container |
event.status | string | stable Status of an event as being either Active or Closed. | OPEN ; RESOLVED ; MUTED |
event.type | string | stable The unique type identifier of a given event. Tags: permission | VULNERABILITY_STATE_REPORT_EVENT |
timestamp | timestamp | stable The time (UNIX Epoch time in nanoseconds) when the event originated, typically when it was created by the source. | 1649822520123123123 |
Vulnerability state: Vulnerability data
This section contains information about the vulnerability.
Attribute | Type | Description | Examples |
---|---|---|---|
vulnerability.code_location.name | string | stable Name of the code location where the code-level vulnerability was detected. | org.dynatrace.profileservice.BioController.markdownToHtml(String):80 |
vulnerability.cvss.base_score | double | stable Vulnerability's CVSS base score provided by NVD. | 8.1 |
vulnerability.cvss.version | string | stable Vulnerability's CVSS score version. | 3.1 |
vulnerability.davis_assessment.assessment_mode | string | stable Availability of the information based on which the vulnerability assessment has been done. | FULL ; NOT_AVAILABLE ; REDUCED |
vulnerability.davis_assessment.data_assets_status | string | stable Vulnerability's reachability of related data assets by affected entities. | NOT_AVAILABLE ; NOT_DETECTED ; REACHABLE |
vulnerability.davis_assessment.exploit_status | string | stable Vulnerability's public exploits status. | AVAILABLE ; NOT_AVAILABLE |
vulnerability.davis_assessment.exposure_status | string | stable Vulnerability's internet exposure status. | NOT_AVAILABLE ; NOT_DETECTED ; PUBLIC_NETWORK |
vulnerability.davis_assessment.level | string | stable Vulnerability's risk level based on Davis Security Score. | LOW ; MEDIUM ; HIGH ; CRITICAL |
vulnerability.davis_assessment.score | double | stable Vulnerability's Davis Security Score (1-10) calculated by Dynatrace. | 8.1 |
vulnerability.davis_assessment.vulnerable_function_status | string | stable Usage status of the vulnerable functions causing the vulnerability. | IN_USE ; NOT_AVAILABLE ; NOT_IN_USE |
vulnerability.description | string | stable Description of the vulnerability. | More detailed description about improper input validation vulnerability. |
vulnerability.display_id | string | stable Dynatrace user-readable identifier for the vulnerability. | S-1234 |
vulnerability.external_id | string | stable External provider's unique identifier for the vulnerability. | SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30646 |
vulnerability.external_url | string | stable External provider's URL to the details page of the vulnerability. | https://example.com |
vulnerability.first_seen | timestamp | stable Timestamp of when the vulnerability was first detected. | 2023-03-22T13:19:36.945Z |
vulnerability.id | string | stable Dynatrace unique identifier for the vulnerability. | 2039861408676243188 |
vulnerability.mute.change_date | timestamp | stable Timestamp of the vulnerability's last muted or unmuted action. | 2023-03-22T13:19:36.945Z |
vulnerability.mute.reason | string | stable Reason for muting or unmuting the vulnerability. | FALSE_POSITIVE ; IGNORE ; AFFECTED ; CONFIGURATION_NOT_AFFECTED ; FALSE_POSITIVE ; OTHER |
vulnerability.mute.status | string | stable Vulnerability's mute status. | MUTED ; NOT_MUTED |
vulnerability.mute.user | string | stable User who last changed the vulnerability's mute status. | user@example.com |
vulnerability.references.cve | string[] | stable List of the vulnerability's CVE IDs. | [CVE-2021-41079] |
vulnerability.references.cwe | string[] | stable List of the vulnerability's CWE IDs. | [CWE-20] |
vulnerability.references.owasp | string[] | stable List of vulnerability's OWASP IDs. | [2021:A3] |
vulnerability.resolution.change_date | timestamp | stable Timestamp of the vulnerability's last status change. | 2023-03-22T13:19:37.466Z |
vulnerability.resolution.status | string | stable Vulnerability's resolution status. | OPEN ; RESOLVED |
vulnerability.risk.level | string | stable Vulnerability's risk score level defined by the provider. For Dynatrace, the Davis Security Score level. | LOW ; MEDIUM ; HIGH ; CRITICAL |
vulnerability.risk.scale | string | stable Scale by which the vulnerability's risk score and risk score level defined by the provider are measured. | Davis Security Score |
vulnerability.risk.score | double | stable Vulnerability's risk score defined by the provider. For Dynatrace, Davis Security Score. | 8.1 |
vulnerability.stack | string | experimental Level of the vulnerable component in the technological stack. | CODE ; CODE_LIBRARY ; SOFTWARE ; CONTAINER_ORCHESTRATION |
vulnerability.technology | string | stable Technology of the vulnerable component. | JAVA ; DOT_NET ; GO ; PHP ; NODE_JS ; KUBERNETES |
vulnerability.title | string | stable Title of the vulnerability. | Improper Input Validation |
vulnerability.type | string | stable Classification of the vulnerability based on commonly accepted enums, such as CWE. | Improper Input Validation |
vulnerability.url | string | stable Dynatrace URL to the details page of the vulnerability. | | https://example.com |
Vulnerability state: Environmental data
This section contains information on the vulnerability's affected and related entities.
Affected entities
Attribute | Type | Description | Examples |
---|---|---|---|
affected_entities.affected_processes.count | long | stable Number of affected processes. | 50 |
affected_entities.count | long | stable Number of affected entities. | 1 |
affected_entities.hosts.count | long | stable Number of affected hosts. | 2 |
affected_entities.kubernetes_nodes.count | long | stable Number of affected nodes. | 2 |
affected_entities.management_zones.ids | array | stable IDs of the management zones to which the affected entities belong. | mzid1 |
affected_entities.management_zones.names | array | stable Names of the management zones to which the affected entities belong. | mz1 |
affected_entities.monitored_processes.count | long | stable Number of processes of the process group. | 100 |
affected_entities.process_groups.count | long | stable Number of affected process groups. | 2 |
affected_entities.types | array | stable Types of affected entities. | PROCESS_GROUP ; HOST |
affected_entities.vulnerable_components.ids | array | stable Dynatrace IDs of the vulnerable components causing the vulnerability. | SOFTWARE_COMPONENT-0000000000000001 ; SOFTWARE_COMPONENT-0000000000000002 ; SOFTWARE_COMPONENT-0000000000000003 |
affected_entities.vulnerable_components.names | array | stable Names of the vulnerable components causing the vulnerability. | | com.fasterxml.jackson.core:jackson-databind:2.10.0 ; node-sass:4.14.1 |
affected_entities.vulnerable_functions | array | stable Vulnerable functions detected, containing or causing the vulnerability. | org.springframework.beans.CachedIntrospectionResults:init ; java.lang.ProcessBuilder.<init>(String[]) ; (*DB).queryDC() (/usr/local/go/src/database/sql/sql.go) |
Related entities
Attribute | Type | Description | Examples |
---|---|---|---|
related_entities.applications.count | long | stable Number of related applications. | 1 |
related_entities.databases.count | long | stable Number of related databases. | 1 |
related_entities.hosts.count | long | stable Number of related hosts. | 1 |
related_entities.kubernetes_clusters.count | long | stable Number of related Kubernetes clusters. | 1 |
related_entities.kubernetes_workloads.count | long | stable Number of related Kubernetes workloads. | 1 |
related_entities.services.count | long | stable Number of related services. | 1 |