Monitoring rules - Third-party Vulnerability Analytics
To include or exclude specific processes from being monitored by Application Security, you can set up fine-grained monitoring rules for Third-party Vulnerability Analytics, based on properties such as process tag, host tag, and management zone.
Define custom monitoring rules
You can define custom monitoring rules through the Dynatrace web UI or the Settings API.
For Kubernetes environments, you need to add tags both on the host and on the Kubernetes node.
Monitoring rules evaluation
After you add, edit, or remove a rule, it can take up to 15 minutes for changes to take effect throughout the system. The configured monitoring rules are evaluated periodically (on internal worker runs) and on-demand (through calls to the REST API).
Regardless of the calling context, the rule evaluation stays the same: given a set of entities, the algorithm decides whether a specific entity should be monitored. The rules are processed in order until the first match. Note that each rule must be unique.
When you have a rule in place for a management zone or tag, and you add an entity to the same management zone or add the same tag to an entity, it can take up to 15 minutes until the change is reflected in your monitoring rule.
For example, if you have a
Do not monitor if host tag equals 'testsystem'rule, and you add the tag
testsystemto a host, it can take up to 15 minutes until the newly tagged host stops being monitored.
If a rule matches a specific entity, the configured mode (
Do not monitor) is used and subsequent rules are not evaluated for this particular entity.
If no rule matches a specific entity, the default mode (
Monitor) is used.
Frequently asked questions
- What happens if I change the order of the rules?
The first matching rule will apply.
- What happens if a Do not monitor rule that applies gets added?
New vulnerabilities for the processes that match the rule won't be created.
Existing vulnerabilities that only relate to matching processes are resolved.
- What happens if a Do not monitor rule is deleted or doesn't apply anymore?
New vulnerabilities for the processes that match the rule will be created.
Related resolved vulnerabilities are reopened.
It's currently not possible to define custom monitoring rules based on process tag property for Kubernetes environments.