Get started with Runtime Vulnerability Analytics
After setting up Application Security, you can get started with Dynatrace Runtime Vulnerability Analytics. You have the following options:
- To monitor third-party vulnerabilities, enable third-party vulnerability detection.
- To monitor code-level vulnerabilities, enable code-level vulnerability detection.
Runtime Vulnerability Analytics consumes Application Security units.
Enable third-party vulnerability detection
OneAgent version 1.239+
Third-party vulnerability detection helps you identify open-source and third-party vulnerabilities in production and pre-production environments at runtime.
Enable Third-party Vulnerability Analytics
Control by technology
Enable OneAgent monitoring for Java vulnerable functions
Enable Third-party Vulnerability Analytics
- In the Dynatrace menu, go to Settings and select Application Security > Vulnerability Analytics > General settings.
- Under Third-party Vulnerability Analytics, select Enable Third-party Vulnerability Analytics.
Control by technology optional
After you enable Third-party Vulnerability Analytics, Dynatrace starts generating vulnerabilities for all supported technologies by default. To control which of these technologies should receive vulnerabilities
-
In the Dynatrace menu, go to Settings and select Application Security > Vulnerability Analytics > General settings.
-
Under Third-party Vulnerability Analytics, enable or disable technologies as needed.
Runtime technologies (for example, Java, Node.js, and .NET runtimes) are tied to the corresponding main technology (for example, Java and Node.js). If the main technology is disabled, the corresponding runtime technology is automatically disabled. If you enable the main technology, enabling the corresponding runtime technology is optional.
-
Select Save changes.
Enable OneAgent monitoring for Java vulnerable functions optional
For Dynatrace to evaluate the usage of the vulnerable function for Java, you need to enable OneAgent reporting for Java vulnerable functions.
- In the Dynatrace menu, go to Preferences > OneAgent features.
- Find and enable Java vulnerable function reporting.
- Select Save changes.
Restart your processes.
For more information about function usage, see Vulnerable functions.
Manage third-party vulnerabilities
After you enable third-party vulnerability detection, you can start monitoring third-party vulnerabilities, set up monitoring rules, and create security notifications.
Enable code-level vulnerability detection
OneAgent version 1.259+
Code-level vulnerability detection leverages code inspection at runtime to identify security vulnerabilities in libraries and first-party code.
Enable Code-level Vulnerability Analytics
- In the Dynatrace menu, go to Settings and select Application Security > Vulnerability Analytics > General settings.
- Under Code-level vulnerability Analytics, select Enable Code-level Vulnerability Analytics.
Code-level Vulnerability Analytics is designed to carry a production-ready performance footprint. The overhead depends on your application but should be negligible in most cases.
Configure monitoring
To define the default code-level vulnerability detection control for all process groups
- In the Dynatrace menu, go to Settings and select Application Security > Vulnerability Analytics > General settings.
- Under Code-level vulnerability Analytics, select one of the Global Java code-level vulnerability detection control modes:
- Monitor – Code-level vulnerabilities are reported.
- Do not monitor – Code-level vulnerabilities are ignored.
You can also define custom monitoring rules based on certain process groups. In this case, custom rules override the default monitoring mode, and Runtime Vulnerability Analytics continues to monitor the code-level vulnerabilities based on your rules.
- Select Save changes.
Enable OneAgent monitoring
- In the Dynatrace menu, go to Preferences > OneAgent features.
- Find and enable Java code-level vulnerability evaluation.
- Select Save changes.
Restart your processes.
Manage code-level vulnerabilities
After you enable code-level vulnerability detection, you can start monitoring code-level vulnerabilities, set up monitoring rules, and create security notifications.