20 Dec 2022 09:24 PM
Hi,
In an effort to pull the alerts for a process including the environmental specific factors (exposed, first seen for this process, data ) we have to do the following:
A process that is not practical to scale !!
Is there a single API call that returns the alerts for a specific process ?
Ex. Get security alerts for affectedPgNameContains='something '
Thanks,
Sami
Solved! Go to Solution.
21 Dec 2022 08:29 AM
Hello @Sami,
I recommend checking the Dynatrace Api explorer "Environment API V2" in the endpoint "/securityProblems".
You could use the parameter "securityProblemSelector" to filter on the entity of your choice, for example :
Curl command generated :
curl -X GET "https://{environmentid}.live.dynatrace.com/api/v2/securityProblems?securityProblemSelector=affectedPgNameContains%28%22something%22%29&from=-3d" -H "accept: application/json; charset=utf-8"
Regards Aurélien.
21 Dec 2022 08:31 AM
Dynatrace API Explorer is accessible here for SaaS Environment :
https://{environmentid}.live.dynatrace.com/rest-api-doc/index.jsp
21 Dec 2022 05:41 PM
Hi Aurélien,
Unfortunately this is not what I am hoping for.
For this endpoint
input: process group name
output: all security alerts where this process is affected (no specifics if the process is exposed or the first detected timestamp for this process)
what I am looking for
input: process group name
output: list of security problems and the specifics for this process (exposure, when each security alert was first detected for this process, )
error: if the process searched for is not running or never ran return an error accordingly
22 Dec 2022 09:09 AM - edited 23 Dec 2022 08:35 AM
Hi @Sami
Have you try to add addditionnal fields like +riskAssessment,+codeLevelVulnerabilityDetails :
curl -X GET "https://{environmentid}.live.dynatrace.com/api/v2/securityProblems?securityProblemSelector=affectedP..." -H "accept: application/json; charset=utf-8"
If you don't have information expected with these additional fields, you will need to iterate GET problem events with each Problem ID.
Regards
23 Dec 2022 03:51 PM
Hi @AurelienGravier ,
Unfortunately this does not help, codeanalysis is not of concern. and riskAssessment: A risk assessment of the security problem not specific to the process.
The only workaround is the iteration, but it is very api calls intensive to be used for automation, we need a new endpoint that directly provide the result.
Regards,
28 Dec 2022 03:52 PM
@Sami - As mentioned below, I don't think this is possible today, but I've created a product idea on your behalf.
-susan
09 Jan 2023 03:52 PM
Much appreciated @susanst00 you rock 🚀
23 Dec 2022 04:07 PM
OK I understand.
Personnaly, I often iterate easily a lot of entities on more than 1500 Hosts with ansible jobs for a client environment to automatically switch hosts from full stack monitoring to infra-only based on process group technologies detected on hosts. And it works like a charm.
Regards.
23 Dec 2022 04:12 PM
Could you please help suggest this as a product idea ?
26 Dec 2022 09:12 AM
Sure, you can submit it yourself here : https://community.dynatrace.com/t5/forums/postpage/board-id/DynatraceProductIdeas