Visualize and analyze security findings

Latest Dynatrace

Organizations use multiple security products and tools that generate security findings in various data formats. Accessing the data in a siloed approach makes the life of security analysts hard, as they must spend a lot of manual effort generating a combined security posture picture.

In this context

Dynatrace allows you to ingest security findings from your security tools and map them to the Dynatrace semantic conventions, which makes events from different tools uniformly accessible with DQL.
Our dashboard sample lets you quickly view and analyze security findings across products and tools. It can also be a good foundation for tailoring further visual customization to meet your organization's posture analysis and reporting requirements.

Target audience

Security analysts and managers responsible for analyzing and reporting the organization's security posture.

Scenario

Your organization uses multiple container image registries, such as

AWS Elastic Container Registry (ECR)
A custom third-party product with custom findings mapping

A custom third-party product is any product for which Dynatrace doesn't provide an out-of-the-box integration. For details on the integration options, see Security events ingest.

Request

You want

A prioritized list of findings across the registries
A summary of the critical findings across the registries
To effortlessly analyze security findings

Result

With our solution, you can

Visualize your ingested container findings and get an answer to questions like:
- How many vulnerabilities do we have? How many of those critical or high vulnerabilities?
- What are the top vulnerabilities in terms of severity and impact?
- Which registries and repositories have the most vulnerabilities?
- Which have critical or high vulnerabilities?
Prioritize your ingested container findings based on
- Risk level
- Affected entity identification (for example, container image digest)
- Vulnerability information
Perform more granular queries and analysis of security findings.

Prerequisites

Get started

Visualize

Analyze

Visualize

Download our sample dashboard from GitHub.

For other security findings beyond container vulnerabilities, download this sample dashboard instead.
Open Dashboards, select Upload, then select the downloaded file.

Example result:

dashboard sample for container vulnerabilities

Analyze

Open Notebooks or Security Investigator SI Logo to query ingested data, using the data format in Semantic Dictionary.

For a better understanding of how to build your queries, see DQL query examples for ingested events.

Example analysis in Notebooks:

analyze with notebooks

Example analysis in Security Investigator:

analyze with Security Investigator