Upgrade Third‑party and Code‑level vulnerabilities to the 3rd generation experience
- How-to guide
- Published Dec 02, 2025
If you're currently using the third party or code level vulnerabilities pages, you can upgrade to the 
Vulnerabilities app, which provides a unified, improved view in the latest Dynatrace experience.
Why upgrade?
The new Vulnerabilities app offers:
-
Advanced filtering: Use the new filtering mechanism to search and prioritize vulnerabilities across your stack.
-
Additional prioritization option: Leverage CISA KEV insights.
-
Full data access: Query vulnerability data in Grail with Dynatrace Query Language (DQL), build dashboards, and automate workflows.
-
State report queries: Drill down with DQL and create dashboards (see example query).
-
Guidance from Davis CoPilot: Get explanations and remediation suggestions.
-
Coming soon OS vulnerabilities, raw events from integrated scanners, host coverage for hosts monitored by Runtime Vulnerability Analytics, and cross‑app vulnerability views (for example, going to
Kubernetes for deeper insights).
What’s changing and what you need to do
Below are the key changes when moving from the classic apps to the latest Dynatrace experience, along with the actions you should take.
Permissions
| Latest Dynatrace | Previous Dynatrace |
|---|---|
| Permissions are aligned with Dynatrace IAM. | Permissions are tied to management zones and app access. |
Improvement for you:
- Compliance support: IAM permissions align with industry standards like OIDC, OAuth 2.0, SAML, and SCIM, helping organizations meet regulatory and compliance requirements.
- Efficient user management: IAM simplifies user and group management, allowing integration with identity providers (IdPs) and centralized control over authentication and authorization.
Your action: Set up IAM permissions before using the Vulnerabilities app.
Management zones
| Latest Dynatrace | Previous Dynatrace |
|---|---|
| You can slice and dice data with segments. | You can scope vulnerability data with management zones. |
Improvement for you: Data segmentation acts as logical filtering, recalculating DSS only for selected entities, helping you focus on relevant risks.
- On the Prioritization page, segments are applied using fields from state reports.
- Coming soon On the Findings page, segments are applied using fields from vulnerability findings.
Your action: Use the segment selector to filter vulnerabilities and affected entities.
Monitoring rules
| Latest Dynatrace | Previous Dynatrace |
|---|---|
| You define monitoring rules based on resource attributes and Kubernetes labels. | You define monitoring rules based on management zones or tags. |
Improvement for you: You gain more precise data segmentation, support for Kubernetes labels, and alignment with the Dynatrace unified access and resource model. Rules are easier to maintain, transparent, and future‑proof.
Your action:
-
Third‑party vulnerabilities:
- Although classic rules based on management zones and tags still work after upgrading to the latest Dynatrace experience, they are scheduled for deprecation. We strongly recommend migrating to the new rules based on resource attributes or Kubernetes labels. Automatic migration isn't possible; for details, see FAQ.
- New rules based on resource attributes are already compatible, no migration needed.
-
Code‑level vulnerabilities: Rules are already based on resource attributes; no changes are required.
Security notifications
| Latest Dynatrace | Previous Dynatrace |
|---|---|
You create and orchestrate alerts via  Workflows. | You configure security notifications globally in Settings (Classic). |
Improvement for you: You can define granular conditions, integrate with external tools (Slack, Teams, Jira, ServiceNow, email), and orchestrate multiple actions in one workflow. This enables flexible, automated responses tailored to your environment.
Your action: Recreate notifications using workflows.
Muting logic
| Latest Dynatrace | Previous Dynatrace |
|---|---|
| A vulnerability is muted only when all affected entities are muted. | You can mute vulnerabilities globally. |
Improvement for you: You gain finer control, transparency, and assurance that teams focus only on vulnerabilities that remain relevant.
Your action: Adjust your muting practices to entity‑level logic.
How to upgrade
- Set up the IAM permissions.
- Recommended Recreate or migrate existing classic monitoring rules for third-party vulnerabilities to resource‑attribute‑–based rules. For examples of how to define new monitoring rules based on resource attributes and Kubernetes labels, see Use cases for monitoring rules.
- Optional Configure notifications via Workflows. For examples of how to set up a workflow, see Workflows use cases.
- Optional Adjust muting practices to entity-level logic.
Still have questions?
Connect with the Dynatrace Community to share feedback and ask questions—your input helps us improve.