Address remediation

  • Latest Dynatrace
  • How-to guide

In the following, you'll learn how to manage remediation of entities affected by or related to a vulnerability. You can

Apply fix recommendations from Snyk

Third-party vulnerabilities

For vulnerabilities based on the Snyk feed, a fix recommendation is displayed if one is available. It consists of a library upgrade suggestion to solve the vulnerability.

  1. On the Prioritization page, select a vulnerability.

  2. In the side panel, go to Details and look for Fix recommendation.

Make sure to restart processes after upgrading a library.

Apply fixes from Security Advisor

Third-party vulnerabilities

With Security Advisor, you can determine

  • Which patches and upgrades in the monitored technologies to apply for maximum remediation impact
  • How many vulnerabilities you can solve by updating a specific library
  • How many of the total solvable vulnerabilities are the most severe

To filter by Security Advisor fixes

  1. On the Prioritization page, on the upper-left of the vulnerabilities table, select Security Advisor. This opens a side window with a list of fixes.

  2. Select Filter for for the desired library. This filters the vulnerabilities table by the total number of vulnerabilities for a selected library that would be fixed by upgrading the library.

Make sure to restart processes after upgrading a library.

  • You can add as many Security Advisor filters as you want.
  • To remove a filter, select next to the desired library.
  • To remove all filters, select Clear all.

Further reading

To learn more about Security Advisor, see Concepts: Security Advisor.

Track remediation progress

You can add links to tickets created in your issue tracking system for affected entities.

Adding a tracking link allows you to

  • Navigate to the associated URL
  • Track the remediation progress of the selected entities

You can easily check, for example, if someone is already working on fixing the vulnerability.

You can add, edit, or delete tracking links individually or in bulk.

  1. On the Prioritization page, select a vulnerability.

  2. In the side panel, go to Affected entities.

  3. Select View all process groups (View all Kubernetes nodes) to navigate to the process group (or Kubernetes node) overview page related to the vulnerability.

  4. You have the following options:

    • To add a tracking link, in the Tracking link column, select Set link for the desired entity.

    • To edit or delete a link, in the Tracking link column, select More actions next to the tracking link for the desired entity, and then select Edit tracking link or Delete tracking link.

Drill down into the source of vulnerabilities

To fix vulnerabilities you need to find the root cause. You can examine

Examine vulnerable components

Third-party vulnerabilities

Identify which libraries contain the vulnerability and how many affected process groups (or Kubernetes nodes) are impacted.

  1. On the Prioritization page, select a vulnerability.
  2. In the side panel, go to Affected entities and look for Vulnerable components.

You can also view vulnerable components on the overview page of process groups or Kubernetes nodes:

  1. On the Prioritization page, select a vulnerability.
  2. In the side panel, go to Affected entities.
  3. Under Process group overview (or Kubernetes node overview), either select a specific process group (or Kubernetes node), or select View all process groups (View all Kubernetes nodes) to open the related overview page.
  4. From there, select an affected entity to view details, including the name of the vulnerable component.

Further reading

Examine entry points

Code-level vulnerabilities

Analyze entry points to determine how the vulnerability could be exploited and identify potential attack paths.

  1. On the Prioritization page, select a vulnerability.
  2. In the side panel, go to Details and look for Entry points.

If the same vulnerability is reachable by multiple HTTP paths, multiple entry point entries are listed. To save memory and network traffic, a limited number of entries is displayed.

If a code-level vulnerability is resolved or is about to be resolved in the next 30 minutes, the entry points are no longer open (vulnerable).

Further reading

Examine code location

Code-level vulnerabilities

View the source of the vulnerable function call to quickly assess its impact and origin.

  1. On the Prioritization page, select a vulnerability.
  2. In the side panel, go to Details and look for Code location.

Change the mute status of affected entities

You can change the mute status of affected entities according to your findings and needs. For example, you can set the status of an affected entity to Muted (...) if you wish to ignore the vulnerability for this particular entity:

  • It could be a false flag, meeting some additional conditions that make the vulnerability irrelevant.
  • Or maybe there's no remediation available and a workaround has been applied.

Muting all affected entities of a vulnerability sets the vulnerability status to Muted. For details, see Vulnerability status.

You can change the status of affected entities individually or in bulk.

  1. On the Prioritization page, select a vulnerability.
  2. In the side panel, go to Affected entities.
  3. Select View all process groups (View all Kubernetes nodes) to navigate to the process group (or Kubernetes node) overview page related to the vulnerability.
  4. In the Mute status column, select the current value for the desired entity.
  5. Enter the new status and select Save.

Initiate deeper analysis with Davis CoPilot

To use this Davis CoPilot functionality, ensure the following:

Davis CoPilot can provide contextual, plain-language explanations of vulnerabilities to accelerate understanding and remediation.

To access the functionality

  1. In Vulnerabilities Vulnerabilities, select a vulnerability.
  2. Select Explain vulnerability in the upper-right corner of the vulnerability details pane.

When selected, Davis CoPilot analyzes the technical details of a vulnerability and generates a structured summary that may include:

  • What the vulnerability means: Explains the nature of the issue (for example, SQL injection in application code, CCS Injection in OpenSSL, insecure configuration) and how it arises in third‑party libraries, dependencies, or code.
  • Why it matters: Highlights severity levels and risk scores, and describes potential implications including unauthorized data access, session hijacking, man‑in‑the‑middle attacks, or system compromise.
  • What to investigate: Points to affected functions, entry points, components, or libraries. Suggests reviewing exposure (for example, whether entities are accessible via public networks), reachable data assets, exploit availability (public or private), and whether vulnerable third‑party libraries (such as outdated OpenSSL or Node.js builds) are in use.
  • How to respond: Recommends remediation steps such as patching code, upgrading dependencies or runtimes, restricting access, monitoring suspicious activity, and reviewing other applications that may rely on vulnerable components.

The structure and depth of CoPilot's explanation may vary depending on the vulnerability type and available context. While CoPilot aims to provide detailed insights, not all vulnerabilities will include every element listed above.

CoPilot explanations are tailored to the nature of each vulnerability—whether it's cross-site scripting, denial-of-service, remote code execution, or similar security weaknesses—providing relevant, actionable insights that accelerate triage and support informed decision-making, even for users without deep security expertise.

Related tags
Application Security