https://community.dynatrace.com/t5/Open-Q-A/How-to-write-DQL-to-get-Vulnerability-details-for-application-or/m-p/291262#M38200 <P>Hello&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/46340">@heramb_sawant</a>&nbsp;</P><P>Vulnerability state reports are stored as security events in Grail. The recommended way is to query the security.events table for VULNERABILITY_STATE_REPORT_EVENT, deduplicate to the latest snapshot per affected entity, and (optionally) join to monitored entities (e.g., process or process group) to enrich with names, tags, ownership, etc.</P><DIV>As usggested by&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/58682">@AntonPineiro</a><DIV>that’s the perfect documentation for this topic—it provides ready-made DQL queries for vulnerability state reports, Management Zone scoping, and severity filters.<BR />You can also refer to this doc that explains where vulnerability events live in Grail (security.events), including bucket details and retention:</DIV></DIV><DIV><A href="https://docs.dynatrace.com/docs/secure/threat-observability/concepts" target="_blank">Threat Observability concepts — Dynatrace Docs</A></DIV> Wed, 10 Dec 2025 21:32:37 GMT sujit_k_singh 2025-12-10T21:32:37Z https://community.dynatrace.com/t5/Open-Q-A/How-to-write-DQL-to-get-Vulnerability-details-for-application-or/m-p/291211#M38191 <P>Hi Team,<BR />I w am building SRG for Security check/Vulnerabilities. Can someone help to to know how can I write DQL to fetch vulnerability details from grail.<BR /><BR /><BR />Regards,<BR />Heramb sawant</P> Wed, 10 Dec 2025 09:20:01 GMT https://community.dynatrace.com/t5/Open-Q-A/How-to-write-DQL-to-get-Vulnerability-details-for-application-or/m-p/291211#M38191 heramb_sawant 2025-12-10T09:20:01Z https://community.dynatrace.com/t5/Open-Q-A/How-to-write-DQL-to-get-Vulnerability-details-for-application-or/m-p/291231#M38197 <P>Hi,</P><P>You can check <A title="DQL examples for security data" href="https://docs.dynatrace.com/docs/shortlink/security-events-examples" target="_blank" rel="noopener">DQL examples for security data</A>.</P><P>Best regards</P> Wed, 10 Dec 2025 13:28:43 GMT https://community.dynatrace.com/t5/Open-Q-A/How-to-write-DQL-to-get-Vulnerability-details-for-application-or/m-p/291231#M38197 AntonPineiro 2025-12-10T13:28:43Z https://community.dynatrace.com/t5/Open-Q-A/How-to-write-DQL-to-get-Vulnerability-details-for-application-or/m-p/291262#M38200 <P>Hello&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/46340">@heramb_sawant</a>&nbsp;</P><P>Vulnerability state reports are stored as security events in Grail. The recommended way is to query the security.events table for VULNERABILITY_STATE_REPORT_EVENT, deduplicate to the latest snapshot per affected entity, and (optionally) join to monitored entities (e.g., process or process group) to enrich with names, tags, ownership, etc.</P><DIV>As usggested by&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/58682">@AntonPineiro</a><DIV>that’s the perfect documentation for this topic—it provides ready-made DQL queries for vulnerability state reports, Management Zone scoping, and severity filters.<BR />You can also refer to this doc that explains where vulnerability events live in Grail (security.events), including bucket details and retention:</DIV></DIV><DIV><A href="https://docs.dynatrace.com/docs/secure/threat-observability/concepts" target="_blank">Threat Observability concepts — Dynatrace Docs</A></DIV> Wed, 10 Dec 2025 21:32:37 GMT https://community.dynatrace.com/t5/Open-Q-A/How-to-write-DQL-to-get-Vulnerability-details-for-application-or/m-p/291262#M38200 sujit_k_singh 2025-12-10T21:32:37Z