After enabling and configuring the Application Security and OneAgent features, you can start monitoring vulnerabilities of your third-party libraries in Dynatrace.
Application Security overview
For an overview of current security issues in your global environment, in the Dynatrace menu, go to Security overview. The Application Security overview page displays the following information:
- Vulnerabilities: The number of currently open security problems in your global environment (the total number of open problems, the number of open but muted problems, and, in the foreground, a count of the most severe open problems).
- Host coverage: The percentage of hosts covered by runtime vulnerability detection during the last hour. For instructions on how you can increase host coverage, see Increase host coverage.
- A chart of the risk level: The maximum number of security problems in your global environment that were open each day over the last 30 days, split by risk level. To refine the chart by risk level, select chart legend entries.
- A chart of the vulnerabilities: The vulnerabilities in your global environment over the last 30 days. You can see when a vulnerability was opened, reopened, resolved, or muted. To refine the chart by risk level, select chart legend entries.
- Affected process groups: Top five affected process groups, their technology, and the number of security problems affecting those process groups.
From here, you can easily explore environment vulnerabilities:
- To display a table of all vulnerabilities, regardless of risk level or status, select View all vulnerabilities.
- To display a table of open vulnerabilities of a specific risk level, select the corresponding severity symbol.
For security reasons, access to this page is restricted to users who are part of the Security admin group for the whole environment, not just for a selected set of management zones.
To see a list of all detected vulnerabilities in your environment, select Vulnerabilities from the Dynatrace menu. The Vulnerabilities page displays the following information about the listed vulnerabilities:
- The name of the vulnerability.
- The Dynatrace security problem number (
S-<number>) followed by the name of the vulnerable component. Note: To see vulnerability details, select the link in the Vulnerability column.
Davis Security Score: Information related to
- The Davis Security Score:
- The risk level (
None) of the vulnerability, based on the Common Vulnerability Scoring System (CVSS) score of the security problem and AI-enhanced to take public internet exposure and sensitive data assets into consideration
- The symbol associated with the risk level Note: If a vulnerability has been resolved, the symbol color is green.
- The overall risk assessment (the final score)
- The risk level (
- Public exposure: If the vulnerability affects a process that is exposed to the internet, based on the Dynatrace entity model (Smartscape), the public exposure symbol shows in the Davis Security Score column.
- Sensitive data: If the vulnerability affects a process that has database access, based on the Dynatrace entity model, the sensitive data symbol shows in the Davis Security Score column.
- Vulnerable function: If there are any vulnerable functions in use by a process group instance, the vulnerable function symbol shows in the Davis Security Score column.
- Public exploit: If there's any known malicious code that exploits this vulnerability, the public exploit symbol shows in the Davis Security Score column.
- The Davis Security Score:
Openmeans the vulnerability is active.
Resolvedmeans the vulnerability has been closed automatically because the root cause (for example, loading a vulnerable library) is no longer present. A vulnerability is marked as resolved when no process group has been reporting any vulnerable software component for more than two hours.
Muted - Openmeans the vulnerability is active but has been silenced by request.
Muted - Resolvedmeans the silenced active vulnerability has been closed automatically because the root cause (for example, loading a vulnerable library) is no longer present.
Note: A muted security problem that has been closed automatically doesn't change its status to
Resolved, but to
Muted - Resolved.
Technology - the technology of the process affected by the security problem.
Affected entities - entities (applications, services, hosts, databases, Kubernetes workloads, or Kubernetes clusters) that are affected by the identified vulnerability.
Note: The affected entities are globally calculated. Management zone filtering doesn't apply.
First seen - when the vulnerability appeared.
Last change - when the most recent change (for example, a new risk assessment or a new software component with the same vulnerability) was detected.
Display vulnerability details
To see details about a vulnerability, select a link in the Vulnerability column of the Vulnerabilities page.
Review a summary of the key features
The vulnerability details page starts with a summary of the key features of the selected vulnerability:
- The Davis Security Score risk level
- Whether there's any public internet exposure
- If there's no exposure, this information is grayed out.
- Whether there are any sensitive data assets affected
- If there aren't any sensitive data assets affected, this information is grayed out.
- Whether there are any vulnerable functions in use
- If there's no vulnerable function in use or available, this information is grayed out.
- Whether there's any public exploit available
- If there's no public exploit available, this information is grayed out.
- How many process groups are affected
- The vulnerable component
Note: If you want to mute the vulnerability, select the Mute button on top-right of the page.
View detailed information
Next, you get detailed information about the selected vulnerability:
Exposed processes: Specific processes that are exposed to the public internet.
- Specific processes containing the vulnerability and their technology.
- A description of the vulnerability with links to further information.
- Vulnerable functions identified. A vulnerable function can be
- In use, if any of the related process group instances uses at least one vulnerable function.
- Not in use, if no related process group instance uses any vulnerable function. In this case, no information about the vulnerable function is provided.
- Not available, if there isn't any information available in the vulnerability database about vulnerable functions for a given vulnerability. In this case, no information about the vulnerable function is provided.
Sensitive data assets: Data storages (database services) accessed by affected processes containing the identified vulnerability.
Related entities: Entities (applications, services, hosts, databases, Kubernetes workloads, or Kubernetes clusters) that are related to the identified vulnerability, with direct links to those entities. Note: The Kubernetes workloads and Kubernetes clusters sections are displayed only if Kubernetes workloads or clusters are detected.
Related container images: The top five related container images sorted by the number of affected processes. Note: This information is displayed only if containers are detected.
Problem evolution: Vulnerability status changes (for example, when the vulnerability is first resolved and then reopened) over the last 30 days.
Vulnerable components: Libraries that are affected by the identified vulnerability.
Davis Security Score: Detailed view of how the Davis Security Score for the opened security problem is calculated: starting from the CVSS from SNYK, Davis checks whether there is public internet exposure or sensitive data affected and, if so, to what extent. The score is then adjusted as applicable based on the Davis AI calculations.
Access shortcut to main topics
The information on the vulnerability details page is grouped under a list of topics:
- Problem context
- Related entities
- Vulnerable components
You can jump to any of these topics by expanding the button next to Settings on top-left side of the vulnerability details page and selecting one of them.