Remediation tracking

Remediation tracking allows you to track the remediation progress of individual entities (process groups or Kubernetes nodes) that are affected by a vulnerability. You can control which of these entities you want to track and which you want to discard. For instance, if you think an entity isn't relevant or is a false positive, you can mute it. By muting an entity, you hide vulnerabilities for certain process groups or Kubernetes nodes.

Muted entities aren't taken into consideration in any context, such as Davis Security Score or Application Security metrics.

Remediation tracking for process groups

To access remediation tracking for process groups that are affected by a vulnerability

  1. In the Dynatrace menu, go to Vulnerabilities.
  2. Select the vulnerability for which you want to access remediation tracking.
  3. Go to Affected processes and select View all process groups.

On the Process group overview page, you can track the remediation progress for the process groups affected by the vulnerability and change the vulnerability state of the process groups.

Note: You can filter for process groups by Entity name (full or partial name) or by Vulnerability state (Vulnerable, Resolved, or Muted).

Remediation tracking for process groups provides the following information:

  • Process group:

    • The name of the affected process group with a link to the process group details page.
    • The number of currently vulnerable processes out of the total number of processes in that process group, indicating the remediation progress.
  • State:

    • Current state of the affected process group (Vulnerable, Resolved, or Muted).
    • If the vulnerability affects a process group that, based on the Dynatrace entity model (Smartscape), is exposed to the internet, the public exposure symbol is displayed.
    • If the vulnerability affects a process group that, based on the Dynatrace entity model, has database access, the sensitive data symbol is displayed.
  • Detected: A timestamp showing when the affected process group was detected.

  • Last update: A timestamp showing when the state of the affected process group was last updated.

  • Details:

    • The vulnerable component
    • How long ago the vulnerability was detected
    • Details about the state of the affected process group:
      • If the state hasn't changed, No state changes yet is displayed.
      • If the state has changed, Dynatrace displays when the change occurred and who performed the change (if applicable).

To change the vulnerability state of an affected process group

  1. On the Process group overview page, go to the process group for which you want to change the status and select Details.
  2. Select Change state.
  3. Select one of the available options:
    • Mute the process group, in which case you need to specify the reason for muting (Configuration not affected, False positive, Ignore, Other, Vulnerability code not in use).
    • Unmute the process group.
  4. Select Save.

Remediation tracking for Kubernetes nodes

To access remediation tracking for Kubernetes nodes that are affected by a vulnerability

  1. In the Dynatrace menu, go to Vulnerabilities.
  2. Select the vulnerability for which you want to access remediation tracking.
  3. Go to Affected nodes and select View all Kubernetes nodes.

On the Node overview page, you can track the remediation progress for the Kubernetes nodes affected by the vulnerability and change the vulnerability state of the nodes.

Note: You can filter for nodes by Entity name (full or partial name) or by Vulnerability state (Vulnerable, Resolved, or Muted).

Remediation tracking for Kubernetes nodes provides the following information:

  • Node: The name of the affected node with a link to the host details page.
  • State: Current state of the affected node (Vulnerable, Resolved or Muted).
  • Detected: A timestamp showing when the affected node was detected.
  • Last update: A timestamp showing when the state of the affected node was last updated.
  • Details:
    • The vulnerable component
    • How long ago the vulnerability was detected
    • Details about the state of the affected process group:
      • If the state hasn't changed, No state changes yet is displayed.
      • If the state has changed, Dynatrace displays when the change occurred and who performed the change (if applicable).

To change the vulnerability state of an affected node

  1. On the Node overview page, go to the node for which you want to change the status and select Details.
  2. Select Change state.
  3. Select one of the available options:
    • Mute the node, in which case you need to specify the reason for muting (Configuration not affected, False positive, Ignore, Other, Vulnerability code not in use).
    • Unmute the node.
  4. Select Save.