Filter vulnerabilities

Once you enable Application Security and you see the list of vulnerabilities appear on the Security page, there are several ways you can organize them for easy management and to prioritize problems:

  • You can filter vulnerabilities by vulnerability details, global timeframe, and management zone. You can combine any of these filters.
  • You can mute (silence) vulnerabilities that you don't consider important.

See below for details.

Filter by vulnerability details

On the Security page, you can filter the vulnerabilities table by the following:

  • Risk level (Critical, High, Medium, Low, None)
  • Status (Open, Resolved, Muted)
  • Vulnerability (CVE ID or SNYK ID)

Note: If you filter by CVE ID, it must be a perfect match.

  • Risk assessment (Public internet exposure, Sensitive data affected, Public exploit available)
  • Technology (Java, Node.js, Kubernetes)
  • Vulnerable component (part of the vulnerable component name)
  • Affected or related entity (select and enter any combination of the following: Process group name, Host name, Kubernetes workload name, Kubernetes cluster name, Tag; you can't add an entity more than once)

For Tag, you can use tags on host, process group, and process group instance, with the syntax key:value or key.

Note: If a security problem affects more than 1,000 processes, the Affected or related entity filter may not be able to find all security problems impacted by the entered entity.

Filter by global timeframe

You can use the global timeframe selector to filter vulnerabilities on the Security page and on the vulnerability details page.

  • The Security page displays vulnerabilities that were open within the selected global timeframe. However, the data displayed about an entry reflects the current state of the entry, not the historical state.
  • The vulnerability details page displays entities that were affected and libraries that were vulnerable during the selected global timeframe. An affected entity or a vulnerable component is shown:
    • If it was already affected or vulnerable during the selected timeframe
    • If it's still affected or vulnerable

Filter by management zone

You can use the management zones filter on the Security page and on the vulnerabilities details page. Note that for each case, the filter applies to different components:

  • On the Security page, filtering by management zone applies to vulnerabilities. The management zone filter doesn't affect the other vulnerability fields, such as Public internet exposure or Sensitive data affected; other than Vulnerability, all values on this page are based on the whole environment.
  • On the vulnerability details page, filtering by management zone applies to vulnerable components and affected entities (processes, process groups, hosts, services, etc.). The management zone filter doesn't affect the majority of data on the infographic; other than Affected entities, all values on this page are based on the whole environment.

Note:

  • When a vulnerability stops affecting a management zone, it won't show up when you filter for that management zone.
  • When a vulnerability is resolved (when it has stopped affecting the whole environment), it shows up regardless of the selected management zone.

For more information on how to set up and apply management zones, and about the rules that define and limit the entities that can be accessed within a management zone, see Management zones.

Management zone calculation is based on processes (process group instances). Management zones are calculated when a security problem is opened and every 15 minutes after that until the security problem is resolved. A management zone is affected by a security problem if a process (process group instance) of the management zone uses a software component that has the reported vulnerability.

Mute problems

If you determine that a problem isn't serious and you want to filter it out from the list of security problems, you can mute (silence) it. Dynatrace analyzes muted problems periodically, but you can filter them out by Open or Resolved status.

To mute a problem

  1. Go to the details page of the vulnerability and select Mute problem in the upper-right corner.
  2. Select a reason for muting the problem and, optionally, provide additional information.
  3. Select Save.

Note: You need to wait up to a minute for the change to take effect. Refresh the page to see your change.

Muted problems don't appear on the list of security problems unless you filter for them.

The status change of the problem is logged under the Recent events section of the vulnerability details page. Select Details to see who muted the problem, the reason for muting, and any additional comments. Note that Recent events shows only the last five events that occurred within the last 30 days.

events

You can unmute a problem by selecting Unmute problem on the details page of the respective vulnerability. Unmuting a problem makes it active again—its status changes back to Open.

Note: You won't be able to mute/unmute a problem if

  • Muting/unmuting is already in progress
  • Required permissions are missing
  • The problem status is Resolved
  • The problem status is Muted - Resolved

Hover over Mute problem/Unmute problem to see why muting/unmuting isn't possible.