Activate Application Security To get started with Dynatrace Application Security, follow the instructions below.
Prerequisites Supported technologies Third-party vulnerability detection Dynatrace detects third-party vulnerabilities in the following technologies.
1 Java on z/OS is currently not supported.
2 Using Webpack or other bundlers might have an impact on automatic vulnerability detection. This is because the software components cannot be detected, as they are hidden behind the bundler configuration and not available at runtime. Only packages that are deployed as external packages can be detected and reported. For details, see Node.js: Limitations .
Code-level vulnerability detection Dynatrace detects code-level vulnerabilities in the following technologies.
1 Only supported on Windows x86 and Linux x86 systems.
2 Only .NET Framework 4.5, .NET Core 3.0 or higher, and 64-bit processes are supported.
Code-level vulnerability detection for backends that use database ORMs is also supported.
Dynatrace detects attacks in the following technologies.
1 Only supported on Windows x86 and Linux x86 systems.
2 Only .NET Framework 4.5, .NET Core 3.0 or higher, and 64-bit processes are supported.
Activate Application Security Dynatrace Application Security is licensed based on the consumption of GiB-hours if you're using the Dynatrace Platform Subscription (DPS) licensing model , or Application Security units (ASUs) if you're using the Dynatrace classic licensing . If you’re already a Dynatrace customer and you want to activate Application Security, contact a Dynatrace product expert via live chat. Our DevOps team will evaluate your environment and then activate Application Security.
Assign permissions You need to assign the Security admin group to users who will be allowed to view and manage
To assign Security admin permission
To add an existing user to the group
Under Actions , select Edit user for the user you want to add. Select Security admin , then select Save . To add a new user to the group
Select Invite user . Enter the required details, then select Next . Select Security admin , then select Next > Invite . For more information on user permissions, see Manage user groups and permissions .
Once you have completed these steps, you can enable Runtime Vulnerability Analytics and/or Runtime Application Protection .
Fine-tune permissions optional Dynatrace version 1.268+
By default, once you enable the Security admin group, users can both view and manage vulnerabilities. To restrict the access level to view-only for specific users, so they can view vulnerabilities but not manage them (cannot change their status), you have two options:
Restrict access to an existing group To restrict the access of an existing group at the environment or management zone level
Go to Account Management Identity & access management > Groups . Filter for Security admin and then, under Actions , select View group . For the Permissions section, select Edit . Configure per environment
Configure per management zone
Select Environment permissions . Select your environment, then clear Manage security problems and select View security problems . Select Save . Select Management zone permissions . Filter for and select the management zone you want. Clear Manage security problems and select View security problems . Select Save . Create a new group with restricted access To create a new group with restricted access at the environment or management zone level
Go to Account Management Identity & access management > Groups . Select Create group . Enter a name and a description for the group, and then select Next . Configure per environment
Configure per management zone
Select Environment permissions . Select your environment, then select View security problems . Select Next > Next and then select Create group . Select Management zone permissions . Filter for and select the management zone you want, and then select View security problems . Select Next > Next and then select Create group .