Security-monitoring rules

Security-monitoring rules allow you to set up fine-grained monitoring rules for processes, based on properties such as process tag, host tag, and management zone.

Define custom security-monitoring rules

You can define custom security-monitoring rules through the Dynatrace web UI or the Settings API.

  • To add a new rule

    1. In the Dynatrace menu, go to Settings > Application Security > Monitoring rules.
    2. Select Add new rule to add a new rule.
    3. Enter the requested information (mode, property, condition operator, and condition value).
    4. Select Save changes to save your configuration.
  • To modify an existing rule

    1. In the Dynatrace menu, go to Settings > Application Security > Monitoring rules.
    2. Select the rule you want to modify.
    3. Enter your changes.
    4. Select Save changes to save your configuration.
  • To delete an existing rule

    1. In the Dynatrace menu, go to Settings > Application Security > Monitoring rules.
    2. Select the rule you want to delete.
    3. Select Delete.
    4. Select Save changes to save your configuration.

Notes:

  • Each rule must be unique.
  • The rules are processed in order until the first match.
  • You can delete, modify, or reorder the rules.
  • It can take up to 15 minutes for changes to take effect throughout the system.

FAQ

  • What happens if I change the order of the rules?
    • The first matching rule will apply.
  • What happens if a Do not monitor rule that applies gets added?
    • New security problems for the processes that match the rule won't be created.
    • Existing security problems that only relate to matching processes are resolved.
  • What happens if a Do not monitor rule is deleted or doesn't apply anymore?
    • New security problems for the processes that match the rule will be created.
    • Related resolved security problems are reopened.

Limitations

It's currently not possible to define custom monitoring rules for Kubernetes environments.