Results are findings from Dynatrace in relation to your security and compliance posture, based on the rules of the supported compliance standards.
Rules are specific configuration and other process requirements defined in the compliance standards.
Results consist of
Failed, Passed, and Not relevant)Manual)Learn below about each result type.
| Result type | Definition |
|---|---|
| Failed | The assessed resource doesn't follow the recommendations specified in the rule. In this case, a reason for failure is provided, based on which you can fix the issue. For details, see Gain insights. |
| Passed | The assessed resource follows the recommendations specified in the rule (there are no misconfigurations violating the specified recommendations). |
| Manual1 | The resource cannot be automatically assessed, as Dynatrace can't determine whether the resource is compliant (for example, when, due to physical security, Dynatrace can't get the configuration data from the clusters and nodes). |
| Not relevant | The assessed resource doesn't meet a specific criteria for assessment, such as a specific version. These results can be skipped. |
Manual results aren't currently actionable.
To increase the number of results based on automatic assessment, we recommend that you deploy Kubernetes Security Posture Management.
Results are displayed for all your monitored systems on which Security Posture Management is enabled.
See below the result calculation based on the aggregation of finding events into rules.
| Rule result | Aggregation of resource states |
|---|---|
| Failed | At least one assessed resource has a Failed result. |
| Passed | At least one assessed resource has a Passed result, but none Failed nor Manual. |
| Manual | At least one assessed resource has a Manual result, but none Failed. |
| Not relevant | All assessed resources have a Not relevant result. |
You can filter and sort results based on different criteria of interest. For details, see Review findings.
To view result details
Go to the Assessment results page.
Select a rule.
This opens a side window with more information that can help you understand the context and fix potential issues. For details, see Gain insights.
Severity indicates how important a rule is from a security and compliance perspective. Dynatrace determines severity using the Common Configuration Scoring System (CCSS), a standardized and vendor‑agnostic framework for evaluating configuration weaknesses. This unified approach ensures that severity levels (Critical, High, Medium, and Low) are consistent, transparent, and comparable across all supported standards.
Dynatrace uses CCSS to evaluate the risk level of each misconfiguration, considering how easily it can be exploited and the potential impact on your environment. CCSS provides a security‑focused classification model that helps you understand configuration risk and prioritize remediation consistently across your environments.
Severity derives from a numerical CCSS score based on three metric groups:
Likelihood (L)—How easily the misconfiguration can be exploited, considering required access, system knowledge, authentication, and whether exploitation can be automated.
Technical Impact (TI)—The potential effect on confidentiality, integrity, and availability if the misconfiguration is exploited.
Configuration Impact (CI)—How significantly the misconfiguration weakens expected security controls or baselines.
This standardized, expert‑driven evaluation provides a reliable foundation for managing configuration risk at scale. For details and examples, see Introducing the Common Configuration Scoring System (CCSS) for misconfiguration findings in Dynatrace SPM.
You can filter and sort results based on severity. For details, see Review findings.