• Home
  • How to use Dynatrace
  • Application Security
  • Application Protection
  • Get started with Application Protection

Get started with Application Protection

To start monitoring attacks and attack-generated code-level vulnerabilities, follow the instructions below.

Prerequisites

  • OneAgent version 1.243
  • Dynatrace version 1.242
  • For Dynatrace Managed, environments need to be connected to Mission Control.
  • To enable Application Protection, you first need to enable Application Security. Follow the instructions in Get started with Application Security to set up permissions and enable Vulnerability Analytics.

Set up Application Protection

Activate

Enable

Configure

Enable the OneAgent feature for Application Protection

Activate

Dynatrace Application Protection is licensed based on the consumption of Application Security units. Contact a Dynatrace product specialist via in-product chat or speak to your account executive to activate Application Protection. After they activate Application Protection for you, proceed with enabling Application Protection.

Enable

To enable Application Protection globally on your environment

  1. In the Dynatrace menu, go to Settings.

  2. Select Application security > Application Protection > General settings.

  3. Select Enable Runtime Application Protection.

  4. Select Save changes.

Configure

To define the global attack control

  1. In the Dynatrace menu, go to Settings.
  2. Select Application security > Application Protection > General settings.
  3. Select one of the Global attack control modes:
    • Off; incoming attacks NOT detected or blocked. – Monitoring is disabled; no attacks are reported.
    • Monitor; incoming attacks detected only. – Monitoring is enabled; no attacks are blocked.
    • Block; incoming attacks detected and blocked. – Monitoring is enabled; attacks are blocked at runtime.

Note: If you define custom monitoring rules based on certain process groups or vulnerability types, the custom rules override the default monitoring mode, and Application Protection continues to monitor the attacks based on your rules.

Enable the Application Protection OneAgent feature

  1. In the Dynatrace menu, go to Settings and select Preferences > OneAgent features.
  2. Find Java code-level attack evaluation and enable it.
  3. Select Details and turn on Instrumentation enabled (change needs a process restart).
  4. Select Save changes.
  5. Restart your processes.

Manage attacks and vulnerabilities

After you enable Application Protection, you can start monitoring attacks and attack-generated code-level vulnerabilities, and you can set up attack-protection rules.