Remediation tracking

Remediation tracking allows you to track the remediation progress of individual entities (process groups or Kubernetes nodes) that are affected by a third-party vulnerability. You can control which of these entities you want to track and which you want to discard. For instance, if you think an entity isn't relevant or is a false positive, you can mute it. By muting an entity, you hide third-party vulnerabilities for certain process groups or Kubernetes nodes.

Muted entities aren't taken into consideration in any context, such as Davis Security Score or Application Security metrics.
To ensure proper handling of newly affected entities, muting all entities doesn't mute the vulnerability itself. Other affected entities may exist that aren't visible to a particular user due to permission restrictions or the selected management zone.

Remediation tracking for process groups

To access remediation tracking for process groups that are related to a vulnerability

In the Dynatrace menu, go to Third-party vulnerabilities.
Select the vulnerability for which you want to access remediation tracking.
Go to Affected processes and select View all process groups.

On the Process group overview page, you can track the remediation progress for the process groups related to the vulnerability and change the vulnerability status of the process groups.

You can filter for process groups by Entity name (full or partial name), Status (Affected, Resolved, or Muted), Public internet exposure (Public network or Not detected), Reachable data assets (Reachable or Not detected), Name of vulnerable function in use, Vulnerable functions usage (In use or Not in use), or Assessment accuracy (Full or Reduced (infra-only)).

Assessment accuracy: Full filters for related process groups that run in Full-Stack Monitoring mode.
Assessment accuracy: Reduced (infra-only) filters for related process groups that run in Infrastructure Monitoring mode.

For details, see Monitoring modes.

Remediation tracking for process groups provides the following information:

Process group:
- The name of the related process group with a link to the process group details page.
- The number of currently affected processes out of the total number of processes in that process group, indicating the remediation progress.
Risk assessment:
- If the vulnerability affects a process group that, based on the Dynatrace entity model (Smartscape), is exposed to the internet, the public exposure symbol is displayed.
- If the vulnerability affects a process group that, based on the Dynatrace entity model, has database access, the reachable data symbol is displayed.
Status:
- Current status of the related process group (Affected, Resolved, or Muted).
First detected: A timestamp showing when the related process group was first detected.
Last update: A timestamp showing when the status of the related process group was last updated.
Details:
- Vulnerability:
  - The vulnerable component
  - How long ago the vulnerability was detected
- Status:
  - If the status hasn't changed, No status changes yet is displayed.
  - If the status has changed, Dynatrace displays when the change occurred and who performed the change (if applicable).
- Risk assessment:
  - If there's any public internet exposure.
    
    Note: If the symbol is grayed out and crossed out, there's no public exposure. If the symbol isn't present, there's no data available.
  - If there are any reachable data assets affected.
    
    Note: If the symbol is grayed out and crossed out, there aren't any reachable data assets. If the symbol isn't present, there's no data available.
  - If there are any vulnerable functions in use by a process.
    
    Note: If the symbol is grayed out and crossed out, there's no vulnerable function in use. If the symbol isn't present, there's no data available.

To change the vulnerability status of an affected process group

On the Process group overview page, go to the process group for which you want to change the status and select Details.
Select Change status.
Select one of the available options:
- Mute the process group, in which case you need to specify the reason for muting (Configuration not affected, False positive, Ignore, Other, Vulnerability code not in use).
- Unmute the process group.
Select Save.

Remediation tracking for Kubernetes nodes

To access remediation tracking for Kubernetes nodes that are related to a vulnerability

In the Dynatrace menu, go to Third-party vulnerabilities.
Select the vulnerability for which you want to access remediation tracking.
On the vulnerability details page, go to Kubernetes nodes overview and select View all Kubernetes nodes.

On the Kubernetes node overview page, you can track the remediation progress for the Kubernetes nodes related to the vulnerability and change the vulnerability status of the nodes.

Note: You can filter for nodes by Entity name (full or partial name) or by Status (Affected, Resolved, or Muted).

Remediation tracking for Kubernetes nodes provides the following information:

Node: The name of the affected node with a link to the host details page.
Status: Current status of the affected node (Affected, Resolved or Muted).
First detected: A timestamp showing when the affected node was first detected.
Last update: A timestamp showing when the status of the affected node was last updated.
Details:
- Vulnerability:
  - The vulnerable component
  - How long ago the vulnerability was detected
- Status:
  - If the status hasn't changed, No status changes yet is displayed.
  - If the status has changed, Dynatrace displays when the change occurred and who performed the change (if applicable).

To change the vulnerability status of an affected node

On the Node overview page, go to the node for which you want to change the status and select Details.
Select Change status.
Select one of the available options:
- Mute the node, in which case you need to specify the reason for muting (Configuration not affected, False positive, Ignore, Other, Vulnerability code not in use).
- Unmute the node.
Select Save.