Security Posture Management

Latest Dynatrace Early Adopter

What you'll learn

Review the Security Posture Management coverage of your systems at a glance.
Search for relevant information to resolve security and compliance findings efficiently.
Drill into results for insights on how to fix misconfigurations and noncompliance.
Convert results into a DQL query or download them as CSV and share them with others.

Target audience

The Security Posture Management xSPM app is dedicated to Security Ops Engineers, DevOps, DevSecOps, and Site Reliability Engineers (SREs).

Key use cases include:

Gaining immediate insight into the overall security posture of your monitored environment
Detecting and addressing security issues and misconfigurations easily
Receiving actionable guidance for findings
Ensuring your environment is configured securely and efficiently
Enhancing the overall system reliability
Maintaining continuous compliance with security standards

Review the supported compliance standards and technologies.
To take full advantage of the Security Posture Management functionality, you need to deploy Kubernetes Security Posture Management.
Permissions: For a list of permissions required, go to Dynatrace Hub , select Security Posture Management , and display Technical information.
Prior knowledge: Understand Kubernetes.

The Security Posture Management xSPM app is designed to empower organizations with visibility, control, and compliance over their environment. It provides a high-level report on the compliance posture across the selected compliance standards.

The Overview page shows a high-level information about the security compliance state in your environment.

The Assessment results page provides a compliance view of all evaluated rules from the supported security standards. The available filters allow for a quick selection based on environment, result state, severity, and others.

Assessed resources from your environment are marked as 'Passed' when no misconfigurations are discovered in the context of a given rule.

Assessed resources from your environment are marked as 'Failed' when misconfigurations are discovered in the context of a given rule. The Rule assessment section contains details about the relevant configuration properties.

1 of 4

To get started

Request a token for the Security Posture Management app and enable the Hub subscription. For details, see Add Hub subscriptions.
In Dynatrace, open Dynatrace Hub.
Look for Security Posture Management and select Install.

When you open Security Posture Management xSPM , you can see your monitored systems listed in Overview.

A monitored system is a system (in the case of Kubernetes Security Posture Management, a cluster) on which Dynatrace monitoring is enabled.

Dynatrace assesses data received from your systems and searches for misconfigurations against the supported compliance standards. Results are reported in the app.

Try the Security Posture Management xSPM app and share your feedback to help us improve.

Learning modules

01Assess coverage

Tutorial
Review the Security Posture Management coverage of your systems at a glance.

02Review findings

Tutorial
Search for relevant information to analyze security and compliance findings efficiently.

03Gain insights

Tutorial
Drill into results that can help you fix misconfigurations and noncompliance.

04Collaborate with apps and share findings

Tutorial
Interact with other apps for further insights and share results with stakeholders.

Security Posture Management app concepts

Understand essential concepts and key terms for the Security Posture Management xSPM app.

Results are findings from Dynatrace in relation to your security and compliance posture, based on the rules of the supported compliance standards.

Rules are specific configuration and other process requirements defined in the compliance standards.

Results consist of

Rules that were assessed automatically (labeled Failed, Passed, and Not relevant)
Rules that couldn't be assessed automatically (labeled Manual)

Learn below about each result type.

Result type

Definition

Failed

The assessed resource doesn't follow the recommendations specified in the rule. In this case, a reason for failure is provided, based on which you can fix the issue. For details, see Gain insights.

Passed

The assessed resource follows the recommendations specified in the rule (there are no misconfigurations violating the specified recommendations).

Manual¹

The resource cannot be automatically assessed, as Dynatrace can't determine whether the resource is compliant (for example, when, due to physical security, Dynatrace can't get the configuration data from the clusters and nodes).

Not relevant

The assessed resource doesn't meet a specific criteria for assessment, such as a specific version. These results can be skipped.

Manual results aren't currently actionable.

To increase the number of results based on automatic assessment, we recommend that you deploy Kubernetes Security Posture Management.

View

Results are displayed for all your monitored systems on which Security Posture Management is enabled.

The Overview page shows the total number of failed, manual, and passed rules per monitored system.
The Assessment results page shows a table with all results, sorted automatically in descending order, starting from the ones deserving the most attention (failed rules with critical severity) to those less important (not relevant rules with low severity).

See below the result calculation based on the aggregation of finding events into rules.

Rule result

Aggregation of resource states

Failed

At least one assessed resource has a Failed result.

Passed

At least one assessed resource has a Passed result, but none Failed nor Manual.

Manual

At least one assessed resource has a Manual result, but none Failed.

Not relevant

All assessed resources have a Not relevant result.

Categorize assessment results

You can filter and sort results based on different criteria of interest. For details, see Review findings.

Explore

To view result details

Go to the Assessment results page.
Select a rule.

This opens a side window with more information that can help you understand the context and fix potential issues. For details, see Gain insights.

Information regarding severity is provided by the compliance standards and mapped to Dynatrace as Critical, High, Medium, and Low, following the compliance standard recommendations.

View

The Overview page shows
- The total number of rules per compliance standard and how many of them are passed, manual, and failed (see the compliance standard cards)
- The total number of failed rules per system based on severity (see My systems table)
The Assessment results page shows a table with all results and the associated severity, sorted automatically in descending order, starting from the ones deserving the most attention (failed rules with critical severity) to those less important (not relevant rules with low severity).

Categorize assessment results

You can filter and sort results based on severity. For details, see Review findings.

Stay on top of your security measures, policies, and practices with the Security Posture Management xSPM app.

Stay compliant with Security Posture Management

For a list of frequently asked questions regarding Security Posture Management, see FAQ.

Security Posture Management

What you'll learn

Target audience

Learning modules

Security Posture Management app concepts

Results

View

Categorize assessment results

Explore

Severity

View

Categorize assessment results

Related topics