Threats & Exploits concepts

  • Latest Dynatrace
  • Explanation
  • Published May 21, 2025

Understand essential concepts and key terms used in the Threats & Exploits app.

Action

The action taken by the monitoring authority as a response of a detection. In the case of Dynatrace-monitored environments, the action taken by Runtime Application Protection (RAP action).

Actor IP

The client IP address from which the request originated.

  • Example: 10.9.3.4
Affected object

The object that is affected by an exploit (for Dynatrace-monitored findings, the process).

  • Example: BloatedDotNetSoftwareGroup-IG-1
Code location

Shows where the actual vulnerability is in the code (the location where the vulnerable function is called from).

  • Example: SQL injection at DatabaseManager.updateBio():82
Detection finding events

A detection finding event is generated when suspicious activity is observed around an object. For details, see Detection finding events.

Entry point

A point in the code where an attacker could enter the application, for example, by passing user input fields to the application (such as a login form or search bar).

Entry point function

The function where the malicious payload was accessed in the attacked process.

  • Example: System.Data.SqlClient.SqlCommand.ExecuteReader()
Exploits

Any request (call) from a certain client IP to your application code with malicious intent (for example, to access or delete protected information with SQL injection) targeting a code-level vulnerability.

HTTP headers and parameters

The HTTP headers and parameters of the request. Only the HTTP parameters used in the vulnerable functions are listed. Some headers identify the originating (client) IP address when a client connects to a web server through an HTTP proxy, a CDN, or a load balancer. The headers for identifying the client IP address aren't configurable.

Target

The attacked host, service, or database.

  • Example: HOST-IG-1-5001
URL path

The path used in the HTTP request to reach and potentially exploit the vulnerability.

  • Example: /user/1218/bio
User-controlled input

The input used to exploit the vulnerability. If there's a key for the input (for example, an HTTP parameter name or an HTTP header name), it's displayed after the colon.

  • Example: HTTP parameter value: bioText
Vulnerable function

The function that used a part of the attacker's payload, which resulted in the exploitation of the vulnerability.

  • Example: System.Data.SqlClient.SqlCommand.ExecuteReader()

For other related concepts, see Dynatrace Semantic Dictionary.

Related tags
Application Security