Ingest Amazon ECR container vulnerability findings and scan events

  • Latest Dynatrace
  • How-to guide

This page has been updated to align with the new Grail security events table. For the complete list of updates and actions needed to accomplish the migration, follow the steps in the Grail security table migration guide.

Ingest Amazon ECR container image vulnerability findings and scan events and analyze them in Dynatrace.

Get started

Overview

In the following, you'll learn how to ingest container vulnerability findings and scan events from AWS Elastic Container Registry (ECR) into Grail and analyze them on the Dynatrace platform, so you can gain insights into Amazon ECR container vulnerability findings and easily work with your data.

Use cases

With the ingested data, you can accomplish various use cases, such as

Requirements

Activation and setup

  1. In Dynatrace, open Hub.
  2. Look for Amazon ECR and select Install.
  3. Select Set up, then select Configure new connection.
  4. Follow the on-screen instructions to set up the ingestion.

Details

How it works

how it works

1. Container image vulnerabilities are ingested into Dynatrace

Container image vulnerabilities reported in Amazon ECR are ingested into Dynatrace via a dedicated OpenPipeline security events ingest endpoint, using an Amazon EventBridge event forwarding set up with an AWS CloudFormation template.

2. Vulnerability findings are processed and stored in Grail

The OpenPipeline ingest endpoint processes and maps the security findings according to the Semantic Dictionary conventions.

These are stored in a bucket called default_securityevents (for details, see: Built-in Grail buckets).

Monitor data

Once you ingest your Amazon ECR data into Grail, you can monitor your data in the app (in Dynatrace, go to Settings > Amazon ECR).

amazon ecr

You can view

  • A chart of ingested data from all existing connections over time

  • A table with information about your connections

Visualize and analyze findings

You can create your own dashboards or use our templates to visualize and analyze container vulnerability findings.

To use a dashboard template

  1. In Dynatrace, go to Settings > Amazon ECR.
  2. In the Try our templates section, select the desired dashboard template.

Automate and orchestrate findings

You can create your own workflows or use our templates to automate and orchestrate container vulnerability findings.

To use a workflow template

  1. In Dynatrace, go to Settings > Amazon ECR.
  2. In the Try our templates section, select the desired workflow template.

Query ingested data

You can query ingested data in Notebooks Notebooks or Security Investigator Security Investigator, using the data format in Semantic Dictionary.

To query ingested data

  1. In Dynatrace, go to Settings > Amazon ECR.
  2. Select Open with .
  3. Select Notebooks or Security Investigator.

Delete connections

To stop sending events to Dynatrace

  1. In Dynatrace, go to Settings > Amazon ECR.
  2. For the connection you want to delete, select Delete.
  3. Follow the on-screen instructions to delete the resources. If you used values different from those specified in the setup dialog, adjust them accordingly.

This removes the Dynatrace resources created for this integration.

Licensing and cost

For billing information, see Events powered by Grail.

Hub

Explore in Dynatrace Hub

Ingest Amazon Elastic Container Registry vulnerability findings and scan events.

Related tags
Threat Observability