Application Security
Dynatrace Application Security enables you to detect, visualize, analyze, monitor, and remediate open-source and third-party vulnerabilities in production and pre-production environments at runtime.
1. Activate
Dynatrace Application Security is licensed based on the consumption of Application Security units. If you’re already a Dynatrace customer and you want to activate Application Security, contact a Dynatrace product specialist via in-product chat or speak to your account executive. Our DevOps team will evaluate your environment and then activate Application Security.
2. Enable
To start monitoring security issues in your environment, you need to enable the Application Security and OneAgent features. See Get started with Application Security for instructions.
3. Configure
You can create, reorder, modify, and delete custom monitoring rules for Dynatrace-monitored processes.
4. Explore
With Application Security, you can:
- Get an overview of each vulnerability supported by detailed information that provides additional context, enabling you to dig deeper and examine exposed or affected processes, data storages, libraries, and entities.
- Automatically and continuously identify changes, prioritize problems, and get precise answers about the source, nature, and severity of vulnerabilities.
- Get insights based on Davis Security Score calculations and Davis Security Advisor recommendations for vulnerabilities.
- Get metrics related to security problems and process groups.
5. Evaluate
To understand how Application Security identifies vulnerabilities and how it determines their priorities, see Security problem management.
6. Integrate
To pass security issues to your teams for alerting and remediation purposes, you need to integrate security problem notifications with Dynatrace.
Limitations
- Application Security isn't supported for Dynatrace Managed in offline mode.
- We recommend running Application Security in Full-Stack Monitoring mode because Infrastructure Monitoring mode:
- Prevents Davis AI from adapting Davis Security Scores.
- Lacks environmental information, such as sensitive data or network exposure.
- Limits information on related entities, such as databases and services.