Security-monitoring rules
Security-monitoring rules allow you to set up fine-grained monitoring rules for processes, based on properties such as process tag, host tag, and management zone.
Define custom security-monitoring rules
You can define custom security-monitoring rules through the Dynatrace web UI or the Settings API.
-
To add a new rule
- In the Dynatrace menu, go to Settings > Application Security > Security-monitoring rules.
- Select Add new rule to add a new rule.
- Enter the requested information (mode, property, condition operator, and condition value).
- Select Save changes to save your configuration.
-
To modify an existing rule
- In the Dynatrace menu, go to Settings > Application Security > Security-monitoring rules.
- Select the rule you want to modify.
- Enter your changes.
- Select Save changes to save your configuration.
-
To delete an existing rule
- In the Dynatrace menu, go to Settings > Application Security > Security-monitoring rules.
- Select the rule you want to delete.
- Select Delete.
- Select Save changes to save your configuration.
You can read or modify the rules using the Settings API.
-
To view a monitoring rule, use the GET an object request. Set the following parameters:
schemaIds=builtin:appsec.rule-settings
scopes=tenant
-
To modify a monitoring rule, use the POST an object request.
Notes:
- Each rule must be unique.
- The rules are processed in order until the first match.
- You can delete, modify, or reorder the rules.
- It can take up to 15 minutes for changes to take effect throughout the system.
- For Kubernetes environments, tags must be added both on the host and on the Kubernetes node.
FAQ
- What happens if I change the order of the rules?
- The first matching rule will apply.
- What happens if a Do not monitor rule that applies gets added?
- New security problems for the processes that match the rule won't be created.
- Existing security problems that only relate to matching processes are resolved.
- What happens if a Do not monitor rule is deleted or doesn't apply anymore?
- New security problems for the processes that match the rule will be created.
- Related resolved security problems are reopened.
Limitations
It's currently not possible to define custom monitoring rules based on process tag property for Kubernetes environments.