Understand essential concepts and key terms used in the Threats & Exploits app.
Any request (call) from a certain client IP to your application code with malicious intent (for example, to access or delete protected information with SQL injection) targeting a code-level vulnerability.
The action taken by the monitoring authority as a response of a detection. In the case of Dynatrace-monitored environments, the action taken by Runtime Application Protection (RAP action).
The client IP address from which the request originated.
10.9.3.4The attacked host, service, or database.
HOST-IG-1-5001The object that is affected by an exploit (for Dynatrace-monitored findings, the process).
BloatedDotNetSoftwareGroup-IG-1A point in the code where an attacker could enter the application, for example, by passing user input fields to the application (such as a login form or search bar).
The function where the malicious payload was accessed in the attacked process.
System.Data.SqlClient.SqlCommand.ExecuteReader()The path used in the HTTP request to reach and potentially exploit the vulnerability.
/user/1218/bioThe input used to exploit the vulnerability. If there's a key for the input (for example, an HTTP parameter name or an HTTP header name), it's displayed after the colon.
HTTP parameter value: bioTextThe HTTP headers and parameters of the request. Only the HTTP parameters used in the vulnerable functions are listed. Some headers identify the originating (client) IP address when a client connects to a web server through an HTTP proxy, a CDN, or a load balancer. The headers for identifying the client IP address aren't configurable.
Shows where the actual vulnerability is in the code (the location where the vulnerable function is called from).
SQL injection at DatabaseManager.updateBio():82The function that used a part of the attacker's payload, which resulted in the exploitation of the vulnerability.
System.Data.SqlClient.SqlCommand.ExecuteReader()For other related concepts, see Dynatrace Semantic Dictionary.