Gain insights

Latest Dynatrace Early Adopter

On the Assessment results page, selecting a rule opens a side window with details about

This context can help you fix issues on your system.

Insights about the rule

On the Rule details tab, you can

  • View relevant details about the rule such as

    • Rule version used for assessment
    • Rule severity
    • Compliance standard issuing the rule

  • Navigate to the original documentation resource for the full description of the rule

    Insights about the rule

Insights about resources

On the Assessed resources tab, you can examine the resources that must comply to the rule. This can help you identify the resources affected by a compliance violation or by security relevant misconfiguration.

Assessed resources with Not relevant status are filtered out by default.

You can

  • View the system on which the rule applies together with all the system resources

  • Use the filter bar to filter for resources that

    • Require your attention (Failed)
    • Are compliant (Passed)
    • Can't be automatically assessed (Manual)
    • Don't meet a specific criteria for the rule assessment (Not relevant)

  • Use the search bar to search for a specific resource (full or partial match)

  • Hover over the system chart bar to see the compliance status of the system resources

    compliance node status

  • Identify the resource type and last assessment date in Rule assessment > Resource

    resource type

Insights about configuration

On the Assessed resources tab, go to Rule assessment > Relevant configuration properties for information about resource configuration.

This can help you identify the current misconfiguration for a selected resource that is contributing to a rule violation.

  • Example: A Failed rule 1.2.19 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate reports that a node on the control plane doesn't have --audit-log-maxsize configured. This means that, in case security investigation would be needed, it's not guaranteed that there will be enough logs to carry out investigation due to this misconfiguration.

    rule example 1

For Manual rules, where automatic assessment isn't possible, hints are provided about what information is needed to complete the assessment.

For details about manual rules, see Results.

  • Example: A Manual rule The Kubernetes kubelet staticPodPath must not enable static pods reports that Dynatrace can't check configuration because Kubernetes Node Configuration Collector is missing.

    ncc missing example

Related topics