Runtime Application Protection monitoring rules

Set up fine-grained monitoring rules for attacks, based on process groups or vulnerability types, that override the global attack control settings.
Add attacks that you don't consider harmful to the allowlist, by source IPs or attack patterns.

In the Dynatrace menu, go to Settings.
Select Application security > Application Protection > Monitoring rules.
Select Add new rule.
Specify the criteria for this rule:
- Process group—Select or enter a process group to which you want to apply this configuration. Leave it empty if the process group doesn't matter.
- Attack type—Select an attack type (SQL injection, Command injection, JNDI injection, or Any) to which this configuration applies.
Specify how to control an attack that matches the rule criteria:
- Off; incoming attacks NOT detected or blocked.
- Monitor; incoming attacks detected only.
- Block; incoming attacks detected and blocked.
Select Save changes.

In the Dynatrace menu, go to Settings.
Select Application security > Application Protection > Allowlist.
Select Add new exception rule.
Enter the Source IP (IPv4 or IPv6 address) of the attack for which you want to create an exception. IP ranges can be defined via CIDR notation.
optional Enter an Attack pattern. An attack pattern can be any string an attacker uses in the malicious payload of the attack.

Example patterns:
- OR 1=1 -- 0
- admin'--
- ; DROP members--
- ; cat /etc/passwd
Specify how to control an attack matching the criteria:
- Off; incoming attacks NOT detected or blocked. – Don't monitor (ignore) the IP address.
- Monitor; incoming attacks detected only. – Monitor the IP address, but don't block it.
Select Save changes.

Define specific attack control rules