Ingest Runecast Analyzer compliance findings

Latest Dynatrace

Dynatrace integration with Runecast Analyzer allows you to access data relevant to Cloud Security Posture Management (CSPM) and VMware Security Posture Management (VSPM) on the Dynatrace platform. It provides options to uniformly visualize, analyze, and automate work related to compliance findings.

Runecast Analyzer ensures continuous compliance through its configuration analysis, generating security-related results for cloud (AWS, Azure, GCP) and VMware (vSphere, NSX-T) environments.

How it works

how it works C/VSPM

After you deploy and configure Runecast Analyzer, it continuously runs configuration analysis on monitored environments relevant to Cloud Security Posture Management (CSPM) and VMware Security Posture Management (VSPM).

When Dynatrace integration is configured for a monitored environment, all compliance results are ingested into Dynatrace via a dedicated OpenPipeline security events ingest endpoint with every analysis.

The OpenPipeline endpoint processes and maps the results to the security compliance findings according to the Semantic Dictionary conventions. These are stored in a bucket called default_security_custom_events (for details, see: Built-in Grail buckets).

Once data is ingested into Grail, you can

  • Analyze your environments’ security posture and evaluate your compliance with industry standard
  • Visualize the posture with the ready-made dashboard, which is part of the Security Posture Management app

Prerequisites

See below for the Runecast and Dynatrace requirements.

Runecast requirements

  • Deploy Runecast Analyzer Runecast version 6.9.12.0+ with active licenses for each system type.

  • Permissions: To configure the integration, you need access with the Global Admin role.

  • Enable security profiles for the supported systems (AWS, Azure, GCP, vCenter, and NSX-T).

Dynatrace requirements

Get started

To set up the Runecast Analyzer ingestion, follow the steps below.

  1. Log in to your Runecast Analyzer instance.
  2. Go to Menu in the upper-right corner and select System settings > Connected systems.
  3. Connect Runecast Analyzer to the systems you want to monitor for compliance.

  1. Go to Menu in the upper-right corner and select System settings > Integrations.

  2. For Dynatrace, turn on Use Dynatrace Integration.

  3. Select Edit and configure the integration as follows:

    • Enter your OpenPipeline endpoint and the Dynatrace API token obtained in Prerequisites
    • Select the systems for which you want to send the results to Dynatrace.

  4. Select Save.

    configure integration

  1. Go to Dashboard and select Run Analysis in the top menu bar. After each analysis, the results for selected systems are sent to Dynatrace.

    There are several ways to trigger analysis: on demand, by periodic schedule, or via the Runecast API.

  2. When analysis is complete, you can see the status in Notifications.

analysis complete

What's next

Once you set up the Runecast Analyzer integration, you can

  • Visualize data with our Security Posture Overview dashboard

    • security posture overview

    • There are two ways to access the dashboard:

      • Via Dashboards Dashboards (in the Dashboards panel, select Ready-made)
      • Via Dynatrace Hub Hub (select Security Posture Management, then look for the dashboard in the Contents tab table)

  • Query compliance events with Security Investigator Security Investigator or Notebooks Notebooks.

    • For a list of DQL examples based on compliance events that you can use for further investigation or reporting, see Query compliance events.