Davis Assistant data security

Davis Assistant uses an HTTP API using TLS with a 2048-bit RSA certificate issued by Amazon. SSL termination is done at the Amazon Elastic Load Balancer and communication within AWS is secured using Security Groups. Communication with Dynatrace environments is also secured with TLS. By default, Davis Assistant requires a certificate signed by a trusted authority. However an administrator of a Dynatrace Managed environment may configure Davis Assistant to accept a self-signed certificate. Authorization between Davis Assistant and your Dynatrace environment is handled by a shared API token.

What Dynatrace data can Davis Assistant access?

Davis Assistant communicates over the public Dynatrace REST API and may access any data from the API that the configured API token has permission to access. This may include details of problems, time series data such as response times, environment Smartscape topology information, events collected by Dynatrace, and some configurations, including custom event thresholds and maintenance windows. See the REST API documentation for details about what is available over the REST API.

What data captured by Dynatrace is stored in Davis Assistant?

Davis Assistant caches a minimal amount of data from the REST API for a short period of time (about 10 minutes or less) to reduce the number of API calls made to your Dynatrace environment and thereby improve response times.

Closed problems are cached for 30 days. Open problems aren't cached. Application, service, host, and process-group data is cached for 10 minutes. Other data accessed through the Dynatrace API is cached for less than a minute.

How are charts secured?

In order to support as many devices as possible, charts do not require authentication to access. However, they're secured using a randomly generated GUID in the file name. The images are created on demand and stored for up to six months in Amazon S3.

What data is shared with the Voice Navigator browser extension?

The Davis Assistant Voice Navigator browser extension is used to enable voice navigation in Dynatrace that parallels your conversational interaction with Davis Assistant via Alexa or Google Assistant.

Only the bare minimum of data needed to accomplish this is shared with the browser extension. The extension makes a TLS-encrypted WebSocket connection back to Davis Assistant and authenticates itself using a shared token. The token is generated in our service, stored in our database, and can be rotated by the user at any time. This token is stored in local storage, isolated by the browser from other webpages, tabs, and extensions. The extension communicates with Davis Assistant using a set of messages. On connection, the extension authenticates with Davis Assistant using the shared token. After the extension is authenticated, Davis Assistant sends the URL of the page associated with the response to the user's voice queries to the browser extension. No Dynatrace data is shared with the browser extension beyond the URLs of pages associated with Davis Assistant's responses to user queries in the course of voice interaction.

The browser extension can also communicate with your Davis Assistant webpage using content scripts injected into webpages loaded from our specific domain, https://assistant.dynatrace.com/. This allows the Davis Assistant webpage to securely rotate your token and automatically update your installed extension.

Where is Davis Assistant hosted?

Davis Assistant is hosted in Amazon Web Services in the US East (N. Virginia) region.