This page has been updated to align with the new Grail security events table. For the complete list of updates and actions needed to accomplish the migration, follow the steps in the Grail security table migration guide.
In the following, you'll learn how to ingest container vulnerability findings and scan events from AWS Elastic Container Registry (ECR) into Grail and analyze them on the Dynatrace platform.
Container image vulnerabilities reported in Amazon ECR are ingested into Dynatrace via a dedicated OpenPipeline security events ingest endpoint, using an Amazon EventBridge event forwarding set up with an AWS CloudFormation template.
The OpenPipeline ingest endpoint processes and maps the security findings according to the Semantic Dictionary conventions.
These are stored in a bucket called default_securityevents
(for details, see: Built-in Grail buckets).
Set up the desired Amazon ECR scan type. You have two options:
To determine which type of scan to choose, see Scan images for software vulnerabilities in Amazon ECR.
Install and configure the latest AWS CLI.
Select the AWS region where you want to create the Amazon ECR event forwarder.
aws configure
us-east-1
).Permissions:
app-engine:apps:install
permission to install the app. For details, see Dynatrace access.storage:security.events:read
.Tokens:
openpipeline.events_security
scope and save it for later. For details, see Dynatrace API - Tokens and authentication.Once you ingest your Amazon ECR data into Grail, you can monitor your data in the app (in Dynatrace, go to Settings > Amazon ECR).
You can view
A chart of ingested data from all existing connections over time
A table with information about your connections
You can create your own dashboards or use our templates to visualize and analyze container vulnerability findings.
To use a dashboard template
You can create your own workflows or use our templates to automate and orchestrate container vulnerability findings.
To use a workflow template
You can query ingested data in Notebooks or Security Investigator
, using the data format in Semantic Dictionary.
To query ingested data
To stop sending events to Dynatrace
This removes the Dynatrace resources created for this integration.
For billing information, see Events powered by Grail.
With the ingested data, you can accomplish various use cases, such as