Once you enable third-party vulnerability detection and see the list of third-party vulnerabilities appear in Third-Party Vulnerabilities, there are several ways you can organize them for easy management and to prioritize issues:
You can filter vulnerabilities by
To filter by recommended fixes, on the Third-party vulnerabilities page, select an upgrade and then select Add as filter.
You won't receive recommendations for
For more information about Davis Security Advisor, see Davis Security Advisor calculations.
In the filter bar, the following filters are available.
You can combine any of the filters, but you cannot use the same filter more than once per search.
Risk assessment:
Public internet exposure: Displays vulnerabilities that affect at least one process that is exposed to the internet.
This filter isn't available for vulnerabilities in the Kubernetes technology.
Reachable data assets: Displays vulnerabilities that affect at least one process that has database access.
This filter isn't available for vulnerabilities in the Kubernetes technology.
Public exploit published: Displays vulnerabilities that are exploited by known malicious code.
Vulnerable functions in use: Displays vulnerabilities that have any vulnerable functions in use by a process (this might indicate a higher exploitation risk).
Reduced accuracy: Displays vulnerabilities that have related hosts running in Infrastructure Monitoring mode or OneAgent Discovery mode. For details, see Monitoring modes.
Risk level: Displays vulnerabilities based on their severity (Critical, High, Medium, Low, None).
For details about risk levels, see Davis Security Score calculations.
Snyk/CVE ID: Displays a particular vulnerability based on
SNYK-JAVA-ORGAPACHEXMLBEANS-1060048), for Snyk-based vulnerabilities.CVE-2017-5645), for NVD-based vulnerabilities.Status:
Open: Displays active vulnerabilities.Resolved: Displays vulnerabilities that have been closed automatically because the root cause (for example, loading a vulnerable library) is no longer present. For more information, see Vulnerability evaluation: Resolution.Muted: Displays the active and resolved vulnerabilities that have been silenced by request.Technology: Displays vulnerabilities in one of the supported technologies (Kubernetes, Node.js,Java, .NET, PHP, Go).
Technology runtimes: Displays only library-based (only vulnerable libraries) or runtime-based (only vulnerable runtimes) vulnerabilities.
Vulnerable component: Displays vulnerabilities based on part of a vulnerable component name.
Vulnerability ID: Displays a particular vulnerability by selecting its Dynatrace-provided ID (for example, S-4423).
Affected or related entity: Displays vulnerabilities that affect or relate to specific entities. Select and enter any combination of the following: Process group name, Host name, Kubernetes workload name, Kubernetes cluster name, Tag. For Tag, you can use tags on a host, process, and process group, with the syntax key:value or key. For more information about tagging, see Define and apply tags.
If a vulnerability affects more than 5,000 processes, the Affected or related entity filter may not be able to find all vulnerabilities impacted by the entered entity.
You can use the global timeframe selector to filter third-party vulnerabilities on the following pages:
On the Third-party vulnerabilities page, it displays vulnerabilities that were open within the selected global timeframe. However, the data displayed about an entry reflects the current status of the entry, not the historical status.
On the vulnerability details page, it displays entities that were affected and libraries that were vulnerable during the selected global timeframe. An affected entity or a vulnerable component is shown:
You can use the management zones filter on the Third-party vulnerabilities list and details pages.
For each case, the filter applies to different components:
On the Third-party vulnerabilities page
On the third-party vulnerability details page
Management zone calculation is based on processes (or Kubernetes node, in the case of Kubernetes vulnerabilities). Management zones are calculated when a vulnerability is opened and every 15 minutes after that until the vulnerability is resolved. A management zone is affected by a vulnerability if a process (or Kubernetes node, in the case of Kubernetes vulnerabilities) of the management zone uses a vulnerable component that has the reported vulnerability.
A maximum of 1,000 management zones are stored for a vulnerability. If a vulnerability affects more than 1,000 management zones, you are only able to filter for the 1,000 management zones that are stored with the vulnerability.
You can:
Mute (silence) vulnerabilities that are
Unmute vulnerabilities that are muted, if you consider them important.
Change the vulnerability status by selecting a new reason for the current status or adding more information to the current status.
Status: muted.Open, and the vulnerability shows up again in the list of vulnerabilities.Resolved, and the vulnerability shows up again in the list of vulnerabilities when you filter for Resolved vulnerabilities.You can change the vulnerability status individually or in bulk:
Individually (one vulnerability at a time). You have two options:
In bulk (for multiple vulnerabilities at once, for example based on specific filters). On the Third-party vulnerabilities page, you have two options:
The option to perform bulk changes isn't available to users with view-only access. The Manage security problems permission is required. For details on permission management, see Fine-tune permissions.
You need to wait up to a minute for the changes to take effect. Refresh the page to see your changes.
The last five status changes of the vulnerability within the last 30 days are logged in the Vulnerability evolution section of a vulnerability details page.