Get started with Application Security
Due to the widespread increase in usage of open-source libraries, modern applications usually contain a large number of vulnerabilities. Evaluating hundreds or thousands of open security problems quickly becomes a daunting task.
Dynatrace Application Security pinpoints vulnerabilities that need immediate investigation. It automatically analyzes data access paths and production execution to provide an automatic and precise risk and impact assessment.
To monitor the security issues of third-party libraries in your environment, follow the instructions below.
Prerequisites
- Dynatrace SaaS or Managed version 1.206+
- OneAgent version 1.185+
Supported technologies
Dynatrace detects vulnerabilities in the following technologies.
| Technology | Minimum Dynatrace version | Minimum OneAgent version |
|---|---|---|
| Java | 1.206 | 1.185 |
| .NET | 1.224 | 1.223 |
| Node.js | 1.214 | 1.214 |
| PHP | 1.225 | 1.205 |
| Kubernetes | 1.218 |
1. Assign permissions
You need to assign Security admin permission to users who will be allowed to view and manage security problems.
To assign Security admin permission
- In Dynatrace, open the user menu in the upper-right corner of the page and go to Account settings > Identity management > User management.
To add an existing user to the group
- Select Edit for the user you want to add.
- Scroll down to Assign groups to user and select the Security admin group.
- Select Save.
To add a new user to the group
- Select Invite user.
- Enter the required details.
- Scroll down to Assign groups to user and select the Security admin group.
- Select Invite.
For more information on user permissions, see Manage user groups and permissions.
2. Enable runtime vulnerability detection
To enable Application Security, you need to enable its runtime vulnerability detection functionality.
- In the Dynatrace menu, go to Application Security > Vulnerabilities and select Activate settings.
- In the Runtime vulnerability detection page that opens, select Enable runtime vulnerability detection.
3. Enable OneAgent reporting of software components
After enabling runtime vulnerability detection, you need to enable OneAgent reporting software components from your running applications to Dynatrace. You have two options to enable the OneAgent features, globally or at the process group level. See below for instructions.
- In the Dynatrace menu, go to Settings and select Server-side service monitoring > Deep monitoring.
- Scroll down to New OneAgent features and expand that section.
- On the Global tab, filter for Reporting.
- Enable each software component reporting feature that you want to include in vulnerability detection globally.
- Select Save changes to save your configuration.
- In the Dynatrace menu, go to Settings and select Server-side service monitoring > Deep monitoring.
- Scroll down to New OneAgent features and expand that section.
- On the Process group override tab, select Add process group override.
- Under Select the process group to be affected by settings, filter for the process group for which you want to enable OneAgent reporting.
- In the table of features for that process group, filter for Reporting and enable each software component reporting feature that you want to include in vulnerability detection on the process group level.
- Select Add and then select Save changes.
Note: If you enable .NET Software Component Reporting and PHP Software Component Reporting, you need to restart all affected processes before these settings will take effect.
If you want to stop OneAgent reporting on any application, you can disable the respective software component reporting feature. OneAgent will then stop sending data for the respective application. If you disable all OneAgent features, the Security page will still be available but it will always show zero vulnerabilities because OneAgent won't send anything for analysis.
4. Control runtime vulnerability detection by technology optional
After you enable OneAgent reporting, Dynatrace starts generating security problems for all supported technologies by default. To control which of these technologies you want to receive security problems
- In the Dynatrace menu, go to Settings and select Application Security > Runtime vulnerability detection.
- Enable or disable runtime vulnerability detection per technology as needed.
- Select Save changes to save your configuration.
After enabling and configuring the Application Security and OneAgent features, you can start monitoring vulnerabilities of your third-party libraries in Dynatrace.