Manage results

Latest Dynatrace

In the following, you'll learn how to manage results on the detection findings page of the Threats & Exploits Threats & Exploits app. You can

  • Filter: Select which information to display in the table
  • Format: Select which columns to display in the table
  • Sort: Select the order in which to display table results
  • Visualize: Chart information based on selected criteria

Filter findings

You have several options to filter findings:

filter options

See below for details.

Filter by timeframe

With the timeframe filter, you can define the period from which your data is being queried. If you don't specify the timeframe, the default Last 2 hours is applied, meaning that the data being fetched is from the last two hours.

To apply a timeframe filter

  1. In the timeframe section, select one of the preset options or select the calendar for customization.
  2. Select Apply.

Filter by segments

Segments provide quick access to predefined logical filters. The segment selector allows you to filter results based on these predefined logical filters.

See below for instructions.

If you already have segments defined, you can skip this step.

Open the Segments Segments app and create segments for your environment. For more information, see Include data in Dynatrace segments.

  1. Open the segment selector .
  2. In Filter by segments, select a segment.
  3. optional To add more segments, select Segments; if available, you can select a value for the selected segment.
  4. When you're happy with the selection, select Apply.

Selecting one or multiple segments results in fewer findings.

For more information on segments and how they work, see Segments.

Filter by expressions

In the filter field, you can use complex filter expressions to select which information is to be displayed, such as:

  • Add multiple filters on the same filter key

  • Use AND and OR operators

  • Use the wildcard (*) to search for patterns

  • Filter numbers with > and <

To filter by expressions, you have two options:

  • Option 1: Manually type the expression in the filter field

  • Option 2: Filter by field values in the results table (hover over a cell and select a filter from the context menu )

    filter by field value

To reset the filters to the default mode, select Close tab on the right of the filter field.

If the selected filter doesn't show in the table, go to the column settings Column and make sure to add the corresponding column to the table.

Format table

You can choose between two preset views of the results:

  • The Overview tab displays basic information about the findings
  • The Detailed tab includes more detailed information

You can easily switch between the two views and customize them (add or remove columns) according to your needs. Customization persists until modified.

To select which columns are to be displayed

  1. Select the view you want to modify (Overview or Detailed).
  2. On the upper-right of the table, select the column settings Column.
  3. Select the desired columns and order them as you see fit using the up and down arrows.
  4. When you're done, select Confirm.

A pencil icon attached to a tab means the default view has been modified. Select the tab to see your changes.

modified overview

To reset the views, select Reset to default in column settings Column.

Sort columns

You can sort the order of columns and of results.

To select the order of columns, you have two options:

  • Option 1: From the column settings (select the column settings Column, then use the up and down arrows and select Confirm)
  • Option 2: From the results table (Select a column title, then select Move left or Move right)

To select the order in which results in a column should be displayed:

  1. Select a column title.
  2. Select Sort ascending or Sort descending.

Visualize results

The chart allows you to visualize results based on your selected criteria.

findings-chart

The X-axis displays the time when the findings were detected.

The Y-axis displays the count of the detected findings.

Select different dimensions using the Split by options in the drop-down list:

  • Split by action: Displays findings categorized by the actions taken by the monitoring authority, showing findings that were blocked, allowed, or on which no action has been taken. This helps you evaluate the effectiveness of your security measures.

  • Split by actor IP: Identifies the number of findings originating from specific IP addresses, enabling you to track and analyze patterns of malicious activity from particular sources.

  • Split by provider: Shows findings based on the source generating the event, such as Dynatrace, AWS, or other service providers. This allows you to assess the reliability and security of different providers.

  • Split by affected object: Indicates the number of findings targeting specific objects within your environment, helping you identify which assets are most frequently attacked and require additional protection.

  • Split by severity: Displays the distribution of findings based on their severity levels (low, medium, high, critical), allowing you to prioritize responses based on the potential impact of each threat.

  • Split by type: Groups findings by their types, such as SQL injection, command injection, JNDI injection, SSRF, or any other identified exploit type. This helps you understand the nature of the threats and develop targeted mitigation strategies.

These options provide insights into various aspects of the threats and exploits affecting your applications, enabling informed decisions and enhanced security measures.