topic Re: API - get alerts for a process group third-party vul in Dynatrace API

API - get alerts for a process group third-party vul

Sami — Tue, 20 Dec 2022 21:24:26 GMT

Hi,

In an effort to pull the alerts for a process including the environmental specific factors (exposed, first seen for this process, data ) we have to do the following:

Pull all the alerts with the query parameter affectedPgNameContains using "GET all problems"
iterate over all the results to get the specifics for a process - using multiple other calls to "GET problem events"

A process that is not practical to scale !!

Is there a single API call that returns the alerts for a specific process ?

Ex. Get security alerts for affectedPgNameContains='something '

Thanks,

Sami

Re: API - get alerts for a process group third-party vul

AurelienGravier — Wed, 21 Dec 2022 08:29:41 GMT

Hello @Sami,

I recommend checking the Dynatrace Api explorer "Environment API V2" in the endpoint "/securityProblems".

You could use the parameter "securityProblemSelector" to filter on the entity of your choice, for example :

Curl command generated :

curl -X GET "https://{environmentid}.live.dynatrace.com/api/v2/securityProblems?securityProblemSelector=affectedPgNameContains%28%22something%22%29&from=-3d" -H "accept: application/json; charset=utf-8"

Regards Aurélien.

Re: API - get alerts for a process group third-party vul

AurelienGravier — Wed, 21 Dec 2022 08:31:16 GMT

Dynatrace API Explorer is accessible here for SaaS Environment :

https://{environmentid}.live.dynatrace.com/rest-api-doc/index.jsp

Re: API - get alerts for a process group third-party vul

Sami — Wed, 21 Dec 2022 17:41:47 GMT

Hi Aurélien,

Unfortunately this is not what I am hoping for.

For this endpoint

input: process group name

output: all security alerts where this process is affected (no specifics if the process is exposed or the first detected timestamp for this process)

what I am looking for

input: process group name

output: list of security problems and the specifics for this process (exposure, when each security alert was first detected for this process, )

error: if the process searched for is not running or never ran return an error accordingly

Re: API - get alerts for a process group third-party vul

AurelienGravier — Fri, 23 Dec 2022 08:35:03 GMT

Hi @Sami

Have you try to add addditionnal fields like +riskAssessment,+codeLevelVulnerabilityDetails :

curl -X GET "https://{environmentid}.live.dynatrace.com/api/v2/securityProblems?securityProblemSelector=affectedPgNameContains%28%22something%22%29&fields=%2BriskAssessment%2C%2BcodeLevelVulnerabilityDetails" -H "accept: application/json; charset=utf-8"

If you don't have information expected with these additional fields, you will need to iterate GET problem events with each Problem ID.

Regards

Re: API - get alerts for a process group third-party vul

Sami — Fri, 23 Dec 2022 15:51:29 GMT

Hi @AurelienGravier ,

Unfortunately this does not help, codeanalysis is not of concern. and riskAssessment: A risk assessment of the security problem not specific to the process.

The only workaround is the iteration, but it is very api calls intensive to be used for automation, we need a new endpoint that directly provide the result.

+ @susanst00

Regards,

Re: API - get alerts for a process group third-party vul

AurelienGravier — Fri, 23 Dec 2022 16:07:11 GMT

OK I understand.
Personnaly, I often iterate easily a lot of entities on more than 1500 Hosts with ansible jobs for a client environment to automatically switch hosts from full stack monitoring to infra-only based on process group technologies detected on hosts. And it works like a charm.

Regards.

Re: API - get alerts for a process group third-party vul

Sami — Fri, 23 Dec 2022 16:12:59 GMT

Could you please help suggest this as a product idea ?

Re: API - get alerts for a process group third-party vul

AurelienGravier — Mon, 26 Dec 2022 09:12:55 GMT

Sure, you can submit it yourself here : https://community.dynatrace.com/t5/forums/postpage/board-id/DynatraceProductIdeas

Re: API - get alerts for a process group third-party vul

susanst00 — Wed, 28 Dec 2022 15:52:01 GMT

@Sami - As mentioned below, I don't think this is possible today, but I've created a product idea on your behalf.

-susan

Re: API - get alerts for a process group third-party vul

Sami — Mon, 09 Jan 2023 15:52:14 GMT

Much appreciated @susanst00 you rock 🚀