• Home
  • How to use Dynatrace
  • Application Security
  • Vulnerability Analytics
  • Filter or mute third-party vulnerabilities

Filter or mute third-party vulnerabilities

Once you enable Application Security and see the list of third-party vulnerabilities appear on Third-party vulnerabilities, there are several ways you can organize them for easy management and to prioritize issues:

Filter vulnerabilities

You can filter vulnerabilities by

  • Recommended fixes
  • Vulnerability details, global timeframe, and management zone (you can combine any of these filters)

Filter by recommended fixes with Davis Security Advisor

To filter by recommended fixes, on the Third-party vulnerabilities page, select an upgrade and then select Add as filter.

  • After adding a recommended fix as a filter, you can extend filtering by vulnerability details.
  • You can add multiple filters for recommended fixes all at once. In this case, you get a cumulated list of vulnerabilities based on the selected fixes.
  • If you use the management zones filter, you'll get a list of third-party vulnerabilities that affect the selected management zone.

Note: You won't receive recommendations for

  • Muted vulnerabilities
  • Vulnerabilities filtered by the global filter in a past timeframe
  • Resolved vulnerabilities

For more information about Davis Security Advisor, see Davis Security Advisor calculations.

Filter by vulnerability details

The following filters are available:

  • Risk assessment: Public internet exposure, Reachable data assets, Public exploit available, Vulnerable functions in use , Reduced accuracy (infra-only).

    Note: Reduced accuracy (infra-only) filters for vulnerabilities which have related hosts running in Infrastructure Monitoring mode. For details, see Monitoring modes.

  • Risk level: Critical, High, Medium, Low, None

  • SNYK/CVE ID: If you filter by the SNYK ID (for example, SNYK-JAVA-ORGAPACHEXMLBEANS-1060048) or CVE ID (for example, CVE-2017-5645), it must be a perfect match

  • Status: Open, Resolved, Muted

  • Technology: Kubernetes, Node.js,Java, .NET, PHP, Go

  • Technology runtimes: Displays only library-based (only vulnerable libraries) or runtime-based (only vulnerable runtimes) vulnerabilities.

  • Vulnerable component: Part of the vulnerable component name

  • Vulnerability ID: Select a vulnerability based on the 'S' string that represents its ID

  • Affected or related entity: Select and enter any combination of the following: Process group name, Host name, Kubernetes workload name, Kubernetes cluster name, Tag

    Notes:

    • You can't add an entity more than once.
    • For Tag, you can use tags on a host, process, and process group, with the syntax key:value or key. For more information about tagging, see Define and apply tags.
    • If a vulnerability affects more than 5,000 processes, the Affected or related entity filter may not be able to find all vulnerabilities impacted by the entered entity.

Filter by global timeframe

You can use the global timeframe selector to filter third-party vulnerabilities on the following pages:

  • On the Third-party vulnerabilities page, it displays vulnerabilities that were open within the selected global timeframe. However, the data displayed about an entry reflects the current status of the entry, not the historical status.

  • On the vulnerability details page, it displays entities that were affected and libraries that were vulnerable during the selected global timeframe. An affected entity or a vulnerable component is shown:

    • If it was already affected or vulnerable during the selected timeframe
    • If it's still affected or vulnerable

Filter by management zone

You can use the management zones filter on the following pages. Note that for each case, the filter applies to different components:

  • On the Third-party vulnerabilities page, filtering by management zone applies to third-party vulnerabilities. The management zone filter doesn't affect the other vulnerability fields, such as Public internet exposure or Reachable data assets; other than Vulnerability, all values on this page are based on the whole environment.
  • On the vulnerability details page, filtering by management zone applies to vulnerable components and affected entities (processes, process groups, hosts, services, etc.). The management zone filter doesn't affect the majority of data on the infographic; other than Affected entities, all values on this page are based on the whole environment.

Note:

  • When a vulnerability stops affecting a management zone, it won't show up when you filter for that management zone.
  • When a vulnerability is resolved (when it has stopped affecting the whole environment), it shows up regardless of the selected management zone.

For more information on how to set up and apply management zones, and about the rules that define and limit the entities that can be accessed within a management zone, see Management zones.

Management zone calculation is based on processes. Management zones are calculated when a vulnerability is opened and every 15 minutes after that until the vulnerability is resolved. A management zone is affected by a vulnerability if a process of the management zone uses a software component that has the reported vulnerability.

Change vulnerability status

You can

  • Mute (silence) vulnerabilities that are

    • Open, if you don't consider them important
    • Resolved, if you don't want to deal with them if they are reopened

    Note: Muted vulnerabilities don't appear on the list of vulnerabilities unless you filter for them.

  • Unmute vulnerabilities that are muted, if you consider them important

    Notes:

    • Unmuting an open vulnerability makes it active again—its status changes back to Open, and the vulnerability shows up again in the list of vulnerabilities when you filter for Open vulnerabilities.
    • Unmuting a resolved vulnerability changes its status back to Resolved, and the vulnerability shows up again in the list of vulnerabilities when you filter for Resolved vulnerabilities.

Additionally, you can change the vulnerability status by selecting a new reason for the current status or adding more information to the current status.

There are two ways to change the status of a vulnerability:

Option 1: On the Third-party vulnerabilities page

  1. Expand Details for the selected vulnerability and then select Change status.
  2. Under New status, select the status and reason for the status change.
  3. Optionally, provide Additional information.
  4. Select Save.

Filter by recommended fixes with Davis Security Advisor

  1. Select Change status in the upper-right corner of the page.
  2. Under New status, select the status and reason for the status change.
  3. Optionally, provide Additional information.
  4. Select Save.

You need to wait up to a minute for the change to take effect. Refresh the page to see your change.

The last five status changes of the vulnerability within the last 30 days are logged in the Vulnerability evolution section of the vulnerability details page.

  • Select Show more for the next five status changes.
  • Select Details to see who changed the status of the vulnerability, the reason for changing the status, and any additional comments.

Note: You can't change the status of a vulnerability if

For more information about Davis Security Advisor, see Davis Security Advisor calculations.

Related topics
  • Security problems API

    Find out what the Dynatrace Security problems API offers.

  • Davis security advisor API

    Find out what the Dynatrace Davis security advisor API offers.