Filter or change status of third-party vulnerabilities

Once you enable third-party vulnerability detection and see the list of third-party vulnerabilities appear in Third-Party Vulnerabilities, there are several ways you can organize them for easy management and to prioritize issues:

Filter vulnerabilities

You can filter vulnerabilities by

Filter by recommended fixes with Davis Security Advisor

To filter by recommended fixes, on the Third-party vulnerabilities page, select an upgrade and then select Add as filter.

  • After adding a recommended fix as a filter, you can extend filtering by vulnerability details.
  • You can add multiple filters for recommended fixes all at once. In this case, you get a cumulated list of vulnerabilities based on the selected fixes.
  • If you use the management zones filter, you'll get a list of third-party vulnerabilities that affect the selected management zone.

You won't receive recommendations for

  • Muted vulnerabilities
  • Vulnerabilities filtered by the global filter in a past timeframe
  • Resolved vulnerabilities

For more information about Davis Security Advisor, see Davis Security Advisor calculations.

Filter by vulnerability details

In the filter bar, the following filters are available.

You can combine any of the filters, but you cannot use the same filter more than once per search.

  • Risk assessment:

    • Public internet exposure: Displays vulnerabilities that affect at least one process that is exposed to the internet.

      This filter isn't available for vulnerabilities in the Kubernetes technology.

    • Reachable data assets: Displays vulnerabilities that affect at least one process that has database access.

      This filter isn't available for vulnerabilities in the Kubernetes technology.

    • Public exploit published: Displays vulnerabilities that are exploited by known malicious code.

    • Vulnerable functions in use: Displays vulnerabilities that have any vulnerable functions in use by a process (this might indicate a higher exploitation risk).

    • Reduced accuracy: Displays vulnerabilities that have related hosts running in Infrastructure Monitoring mode or OneAgent Discovery mode. For details, see Monitoring modes.

  • Risk level: Displays vulnerabilities based on their severity (Critical, High, Medium, Low, None).

For details about risk levels, see Davis Security Score calculations.

  • Snyk/CVE ID: Displays a particular vulnerability based on

    • The Snyk ID (for example, SNYK-JAVA-ORGAPACHEXMLBEANS-1060048), for Snyk-based vulnerabilities.
    • The CVE ID (for example, CVE-2017-5645), for NVD-based vulnerabilities.

  • Status:

    • Open: Displays active vulnerabilities.
    • Resolved: Displays vulnerabilities that have been closed automatically because the root cause (for example, loading a vulnerable library) is no longer present. For more information, see Vulnerability evaluation: Resolution.
    • Muted: Displays the active and resolved vulnerabilities that have been silenced by request.

  • Technology: Displays vulnerabilities in one of the supported technologies (Kubernetes, Node.js,Java, .NET, PHP, Go).

  • Technology runtimes: Displays only library-based (only vulnerable libraries) or runtime-based (only vulnerable runtimes) vulnerabilities.

  • Vulnerable component: Displays vulnerabilities based on part of a vulnerable component name.

  • Vulnerability ID: Displays a particular vulnerability by selecting its Dynatrace-provided ID (for example, S-4423).

  • Affected or related entity: Displays vulnerabilities that affect or relate to specific entities. Select and enter any combination of the following: Process group name, Host name, Kubernetes workload name, Kubernetes cluster name, Tag. For Tag, you can use tags on a host, process, and process group, with the syntax key:value or key. For more information about tagging, see Define and apply tags.

    If a vulnerability affects more than 5,000 processes, the Affected or related entity filter may not be able to find all vulnerabilities impacted by the entered entity.

Filter by global timeframe

You can use the global timeframe selector to filter third-party vulnerabilities on the following pages:

  • On the Third-party vulnerabilities page, it displays vulnerabilities that were open within the selected global timeframe. However, the data displayed about an entry reflects the current status of the entry, not the historical status.

  • On the vulnerability details page, it displays entities that were affected and libraries that were vulnerable during the selected global timeframe. An affected entity or a vulnerable component is shown:

    • If it was already affected or vulnerable during the selected timeframe.
    • If it's still affected or vulnerable.

Filter by management zone

You can use the management zones filter on the Third-party vulnerabilities list and details pages.

How the filter applies

For each case, the filter applies to different components:

  • On the Third-party vulnerabilities page

    • Filtering by management zone applies only to the Vulnerability field.
    • Data in all the other vulnerability fields is based on the whole environment.

  • On the third-party vulnerability details page

    • Filtering by management zone applies only to the Vulnerable components and Related entities sections.
    • Data in all the other sections is based on the whole environment.

How management zones are calculated

Management zone calculation is based on processes (or Kubernetes node, in the case of Kubernetes vulnerabilities). Management zones are calculated when a vulnerability is opened and every 15 minutes after that until the vulnerability is resolved. A management zone is affected by a vulnerability if a process (or Kubernetes node, in the case of Kubernetes vulnerabilities) of the management zone uses a vulnerable component that has the reported vulnerability.

How resolved vulnerabilities behave

  • When a vulnerability stops affecting a management zone, it won't show up when you filter for that management zone.
  • When a vulnerability is resolved (when it has stopped affecting the whole environment), it shows up regardless of the selected management zone.

Management zone limitations

A maximum of 1,000 management zones are stored for a vulnerability. If a vulnerability affects more than 1,000 management zones, you are only able to filter for the 1,000 management zones that are stored with the vulnerability.

Change vulnerability status

Options to change status

You can:

  • Mute (silence) vulnerabilities that are

    • Open, if you don't consider them important
    • Resolved, if you don't want to deal with them if they are reopened

  • Unmute vulnerabilities that are muted, if you consider them important.

  • Change the vulnerability status by selecting a new reason for the current status or adding more information to the current status.

  • Muted vulnerabilities don't appear on the list of vulnerabilities unless you filter for Status: muted.
  • Unmuting an open vulnerability makes it active again—its status changes back to Open, and the vulnerability shows up again in the list of vulnerabilities.
  • Unmuting a resolved vulnerability changes its status back to Resolved, and the vulnerability shows up again in the list of vulnerabilities when you filter for Resolved vulnerabilities.

Ways to change status

You can change the vulnerability status individually or in bulk:

  • Individually (one vulnerability at a time). You have two options:

    • On the Third-party vulnerabilities page, under the Details for the selected vulnerability, select Change status, select the new status, enter any additional information, and then select Save.
    • On the third-party vulnerability details page, in the upper-right corner of the page, select Change status, select the new status, enter any additional information, and then select Save.

  • In bulk (for multiple vulnerabilities at once, for example based on specific filters). On the Third-party vulnerabilities page, you have two options:

    • Select multiple vulnerabilities that are displayed on one page (select the vulnerabilities you want, then select Yes, change status, select the new status, enter any additional information, and then select Save).
    • Select all vulnerabilities that are displayed on one page (select the Vulnerability column in the vulnerabilities list, then select Yes, change status, select the new status, enter any additional information, and then select Save).

    The option to perform bulk changes isn't available to users with view-only access. The Manage security problems permission is required. For details on permission management, see Fine-tune permissions.

You need to wait up to a minute for the changes to take effect. Refresh the page to see your changes.

Show status changes

The last five status changes of the vulnerability within the last 30 days are logged in the Vulnerability evolution section of a vulnerability details page.

  • Select Show more for the next five status changes.
  • Select Details to see who changed the status of the vulnerability, the reason for changing the status, and any additional comments.

Related topics