Activate Application Security
To get started with Dynatrace Application Security, follow the instructions below.
Prerequisites
-
OneAgent version 1.239+
-
Any supported version of Dynatrace. Review the Release notes for currently supported versions.
Supported technologies
Activate Application Security
Dynatrace Application Security is licensed based on the consumption of GiB-hours if you're using the Dynatrace Platform Subscription (DPS) licensing model, or Application Security units (ASUs) if you're using the Dynatrace classic licensing. If you’re already a Dynatrace customer and you want to activate Application Security, contact a Dynatrace product expert via live chat. Our DevOps team will evaluate your environment and then activate Application Security.
Assign permissions
You need to assign the Security admin group to users who will be allowed to view and manage
- Vulnerabilities, if you enable Dynatrace Runtime Vulnerability Analytics
- Attacks, if you enable Dynatrace Runtime Application Protection
To assign Security admin permission
- Go to Account Management > Identity & access management > People.
For more information on user permissions, see Manage user groups and permissions.
Once you have completed these steps, you can enable Runtime Vulnerability Analytics and/or Runtime Application Protection.
Fine-tune permissions optional
Dynatrace version 1.268+
By default, once you enable the Security admin group, users can both view and manage vulnerabilities. To restrict the access level to view-only for specific users, so they can view vulnerabilities but not manage them (cannot change their status), you have two options:
Restrict access to an existing group
To restrict the access of an existing group at the environment or management zone level
- Go to Account Management > Identity & access management > Groups.
- Filter for Security admin and then, under Actions, select > View group.
- For the Permissions section, select Edit.
Create a new group with restricted access
To create a new group with restricted access at the environment or management zone level
- Go to Account Management > Identity & access management > Groups.
- Select Create group.
- Enter a name and a description for the group, and then select Next.