• Home
  • How to use Dynatrace
  • Application Security
  • Attack Protection

Attack Protection

Dynatrace Attack Protection leverages code-level insights and transaction analysis to detect and block attacks on your applications automatically and in real-time.

Capabilities
  • Code-level visibility provided by OneAgent
  • Detection of SQL, JNDI, and command injection attacks
  • Highest detection precision with no false positives
  • Production-ready performance footprint
  • Configurable automatic blocking of detected attacks
  • Protection of web applications and APIs

Prerequisites

  • OneAgent version 1.243
  • Dynatrace version 1.242
  • For Dynatrace Managed, environments need to be connected to Mission Control.
  • To enable Attack Protection, you first need to enable Application Security. Follow the instructions in Get started with Application Security to set up permissions and enable runtime vulnerability detection.

1. Activate

Dynatrace Attack Protection is licensed based on the consumption of Application Security units. Contact a Dynatrace product specialist via in-product chat or speak to your account executive to activate Attack Protection. After they activate Attack Protection for you, proceed with enabling Attack Protection.

2. Enable

To enable Attack Protection globally on your environment

  1. In the Dynatrace menu, go to Settings.

  2. Select Application security > Attack Protection settings.

  3. Turn on Runtime Application Protection.

    Note: This functionality consumes Application Security units. For details, see Application Security Monitoring.

  4. Select Save changes.

After you enable Attack Protection, a spinning radar in the upper-right corner of the Code-level vulnerabilities and Attacks pages is displayed, indicating that your environment is being monitored. If Attack Protection is disabled, information on these pages is unavailable and the radar screen in the upper-right corner stops, with the warning that Monitoring stopped. Please check settings. Follow the associated link to enable Attack Protection.

3. Configure

To define the global attack control

  1. In the Dynatrace menu, go to Settings.
  2. Select Application security > Attack Protection settings.
  3. Select one of the Global attack control modes:
    • Off: Incoming attacks aren't detected or blocked. – Monitoring is disabled; no attacks are reported.
    • Monitor: Incoming attacks are detected, but not blocked. – Monitoring is enabled; no attacks are blocked.
    • Block: Incoming attacks are detected and blocked. – Monitoring is enabled; attacks are blocked at runtime.

Note: If you define custom monitoring rules based on certain process groups or vulnerability types, the custom rules override the default monitoring mode, and Attack Protection continues to monitor the attacks based on your rules.

4. Enable the OneAgent feature for Attack Protection

  1. In the Dynatrace menu, go to Settings and select Preferences > OneAgent features.
  2. Find Java code-level security evaluation and enable it.
  3. Select Details and turn on Instrumentation enabled (change needs a process restart).
  4. Select Save changes.
  5. Restart your processes.

Manage attacks and vulnerabilities

After you enable Attack Protection, you can start monitoring attacks and attack-generated code-level vulnerabilities, and you can set up attack-protection rules.