Ingest Amazon ECR container vulnerability findings and scan events
Latest Dynatrace Preview
In the following, you'll learn how to ingest container vulnerability findings and scan events from AWS Elastic Container Registry (ECR) into Grail and analyze them on the Dynatrace platform.
Goal
- Get insights from Dynatrace for Amazon ECR container vulnerability findings.
- Easily work with your data on the Dynatrace platform.
How it works
Container image vulnerabilities reported in Amazon ECR are ingested into Dynatrace via a dedicated OpenPipeline security events ingest endpoint, using an Amazon EventBridge event forwarding set up with an AWS CloudFormation template.
The OpenPipeline ingest endpoint processes and maps the security findings according to the Semantic Dictionary conventions.
These are stored in a bucket called default_security_custom_events (for details, see: Built-in Grail buckets).
Prerequisites
-
Set up the desired Amazon ECR scan type. You have two options:
To determine which type of scan to choose, see Scan images for software vulnerabilities in Amazon ECR.
-
Install and configure the latest AWS CLI.
-
Select the AWS region where you want to create the Amazon ECR event forwarder.
- In a terminal, run:
aws configure- Set your default region (for example,
us-east-1).
Permissions
You need an Admin user to define a custom policy with the app-engine:apps:install permission to install the app. For details, see Dynatrace access.
Get started
- In Dynatrace, open Dynatrace Hub.
- Look for Amazon ECR and select Install.
- Select Open, then select Configure new ingest.
- Follow the on-screen instructions to set up the ingestion.
Monitor data
Once you ingest your Amazon ECR data into Grail, you can monitor your data in the app (in Dynatrace, open Amazon ECR).
In Connection overview, you can view
- A chart of ingested data from all existing connections over time
- Available actions: Query ingested data
- A table with information about your connections
- Available actions: Remove connection
Visualize and analyze findings
You can create your own dashboards or use our templates to visualize and analyze container vulnerability findings.
To use a dashboard template
- In Dynatrace, open Amazon ECR.
- In the Try our templates section, select the desired dashboard template.
Automate and orchestrate findings
You can create your own workflows or use our templates to automate and orchestrate container vulnerability findings.
To use a workflow template
- In Dynatrace, open Amazon ECR.
- In the Try our templates section, select the desired workflow template.
Query ingested data
You can query ingested data in Notebooks 
or Security Investigator 
, using the data format in Semantic Dictionary.
To query ingested data
- In Dynatrace, open Amazon ECR.
- Select Open with .
- Select Notebooks or Security Investigator.
Remove connections
To stop sending events to Dynatrace
- In Dynatrace, open Amazon ECR.
- For the connection you want to delete, select Remove.
- Follow the on-screen instructions to delete the resources. If you used values different from those specified in the setup dialog, adjust them accordingly.
This removes the Dynatrace resources created for this integration.
- In Dynatrace, open Settings (new).
- Select Connections > Amazon ECR.
- For the connection you want to delete, select Remove.
- Follow the on-screen instructions to delete the resources. If you used values different from those specified in the setup dialog, adjust them accordingly.
This removes the Dynatrace resources created for this integration.
Consumption
For billing information, see Events powered by Grail.