Get started with Runtime Vulnerability Analytics

After setting up Application Security, you can get started with Dynatrace Runtime Vulnerability Analytics. You have the following options:

Runtime Vulnerability Analytics is licensed based on the consumption of GiB-hours if you're using the Dynatrace Platform Subscription (DPS) licensing model, or Application Security units (ASUs) if you're using the Dynatrace classic licensing.

Enable third-party vulnerability detection

OneAgent version 1.239+

Third-party vulnerability detection helps you identify open-source and third-party vulnerabilities in production and pre-production environments at runtime.

Step 1

Enable Third-party Vulnerability Analytics

Step 2

Configure the global third-party vulnerability detection control

Step 3 optional

Control by technology

Step 4 optional

Enable OneAgent monitoring for Java vulnerable functions

Step 1 Enable Third-party Vulnerability Analytics

  1. Go to Settings and select Application Security > Vulnerability Analytics > General settings.
  2. Under Third-party Vulnerability Analytics, select Enable Third-party Vulnerability Analytics.

Step 2 Configure the global third-party vulnerability detection control

To define the default third-party vulnerability detection control for all processes

  1. Go to Settings and select Application Security > Vulnerability Analytics > General settings.
  2. Under Third-party vulnerability Analytics, select one of the Global third-party vulnerability detection control modes:
    • Monitor—Third-party vulnerabilities are reported.
    • Do not monitor—Third-party vulnerabilities are ignored.

You can also define custom monitoring rules based on certain process group tags, host tags, and management zones. In this case, the default monitoring mode applies to all processes that are not matched by a rule.

Step 3 optional Control by technology optional

After you enable Third-party Vulnerability Analytics, Dynatrace starts generating vulnerabilities for all supported technologies by default. To control which of these technologies should receive vulnerabilities

  1. Go to Settings and select Application Security > Vulnerability Analytics > General settings.

  2. Under Third-party Vulnerability Analytics, enable or disable technologies as needed.

    Runtime technologies (for example, Java, Node.js, and .NET runtimes) are tied to the corresponding main technology (for example, Java and Node.js). If the main technology is disabled, the corresponding runtime technology is automatically disabled. If you enable the main technology, enabling the corresponding runtime technology is optional.

  3. Select Save changes.

Step 4 optional Enable OneAgent monitoring for Java vulnerable functions optional

For Dynatrace to evaluate the usage of the vulnerable function for Java, you need to enable OneAgent reporting for Java vulnerable functions.

  1. Go to Preferences > OneAgent features.
  2. Find and enable Java vulnerable function reporting.
  3. Select Save changes.
  4. Restart your processes.

For more information about function usage, see Vulnerable functions.

Manage third-party vulnerabilities

After you enable third-party vulnerability detection, you can start monitoring third-party vulnerabilities, set up monitoring rules, and create security notifications.

Vulnerabilities

Latest Dynatrace

Try out Vulnerabilities to improve your environment's security by quickly addressing vulnerabilities and remediation actions.

Enable code-level vulnerability detection

OneAgent version 1.259+

Code-level vulnerability detection leverages code inspection at runtime to identify security vulnerabilities in libraries and first-party code.

Step 1

Enable Code-level Vulnerability Analytics

Step 2

Configure the global code-level vulnerability detection control

Step 3

Enable OneAgent monitoring

Step 1 Enable Code-level Vulnerability Analytics

  1. Go to Settings and select Application Security > Vulnerability Analytics > General settings.
  2. Under Code-level Vulnerability Analytics, select Enable Code-level Vulnerability Analytics.

Code-level Vulnerability Analytics is designed to carry a production-ready performance footprint. The overhead depends on your application but should be negligible in most cases.

Step 2 Configure the global code-level vulnerability detection control

To define the default code-level vulnerability detection control for all process groups

  1. Go to Settings and select Application Security > Vulnerability Analytics > General settings.
  2. Under Code-level Vulnerability Analytics, select the global code-level vulnerability detection control per technology:
    • Monitor – Code-level vulnerabilities in the selected technology are reported.
    • Do not monitor – Code-level vulnerabilities in the selected technology are ignored .

You can also define custom monitoring rules based on certain process groups. In this case, custom rules override the global detection control for the selected technology, and Runtime Vulnerability Analytics continues to monitor the code-level vulnerabilities based on your rules.

  1. Select Save changes.

Step 3 Enable OneAgent monitoring

  1. Go to Preferences > OneAgent features.
  2. Filter by code-level vulnerability evaluation and enable the feature for the technologies you want to monitor.
  3. Select Save changes.
  4. Restart your processes.

Manage code-level vulnerabilities

After you enable code-level vulnerability detection, you can start monitoring code-level vulnerabilities, set up monitoring rules, and create security notifications.

Vulnerabilities

Latest Dynatrace

Try out Vulnerabilities to improve your environment's security by quickly addressing vulnerabilities and remediation actions.

Related topics