Email integration for security notifications
Integrate security notifications with Dynatrace to pass security issues and/or attacks to your email account for alerting and remediation purposes.
To integrate security notifications via email, follow the instructions below.
Set up notifications for vulnerabilities
To set up notifications for vulnerabilities
Create an alerting profile
Create an alerting profile that allows you to set up alert-filtering rules that are based on the risk level of detected vulnerabilities.
-
Go to Settings and select Alerting > Vulnerability alerting profiles.
-
Select Add alerting profile.
-
Enter a Name for the profile on which you want to receive security notifications.
-
Under Alert for the following events, select at least one event type for which you want to receive notifications.
- If Vulnerability (re)opened is turned on and New management zone affected is turned off, you are notified when a vulnerability is opened or reopened.
- If New management zone affected is turned on and Vulnerability (re)opened is turned off, you are notified when an already open vulnerability starts affecting a management zone in your environment that wasn't previously affected.
- If both Vulnerability (re)opened and New management zone affected are turned on, you are notified when a vulnerability is opened or reopened, or when an open vulnerability starts affecting a new management zone.
-
optional To restrict alerts to one management zone, under Alert only if the following management zone is affected (optional), select the desired management zone from the dropdown list. This way, you are alerted only when the selected management zone is affected by the selected event types. For example, for the New management zone affected event type, you are notified when an open vulnerability that hasn't previously affected your selected management zone starts affecting it.
Only one management zone can be selected per alerting profile.
-
Turn on each risk level for which you want to receive notifications. You can select more than one.
-
Select Save changes to save your configuration.
Link the alerting profile to an email security notifications integration
Link the alerting profile to a security notifications integration via email. You can define the email integration and configure the payload (in the form of a message template) that you want to receive with your security notifications.
-
Go to Settings and select Integration > Security notifications.
-
Select Add integration and enter the following information.
- Security alert type: Select Vulnerability alert.
- Notification type: Select Email.
- Display name: Enter a name for the email integration. This name will be displayed on Settings > Integration > Security notifications after you save this configuration.
- Select Add recipient to add the email address of the recipient (required), carbon copy recipient (optional), and blind carbon copy recipient (optional). The total number of email addresses mustn't exceed 50.
- Subject: Enter the title of the vulnerability.
- Body: Enter the vulnerability description. HTML formatting is supported.
Besides plain text, your vulnerability description can include placeholders. Select the Info icon for a list of Available placeholders that you can use for this integration. Placeholders are automatically replaced with information related to the vulnerability when the notification is generated.
Example body:
<h3>Vulnerability {SecurityProblemId}: {Title}</h3>
Severity: {Severity}
Davis Security Score: {DavisSecurityScore}
{Description}
{Tags}
{Tags[Host Name]}
{ManagementZones}
```
-
Alerting profile: Select the alerting profile on which you want to receive security notifications.
-
optional To verify your configuration, select Send test notification. If your configuration is correct:
- You should receive a test email on your desired email account
- The following info message should be displayed on the Dynatrace settings page:
Test notification sent successfully
.
-
Save changes.
Example email reporting
Verify your configuration
To verify that your integration is set up correctly
- Go to Settings and select Integration > Security notifications.
- Select Details for the integration you want to check.
- Select Send test notification. If your configuration is incorrect and the test notification hasn't been sent via email, you'll receive an error message that will help you identify the problem.