Get started with Application Security
To get started with Dynatrace Application Security, follow the instructions below.
Prerequisites
- OneAgent version 1.239+
- Any supported version of Dynatrace SaaS or Dynatrace Managed. Review the Release notes for currently supported versions.
- For Dynatrace Managed, environments need to be connected to Mission Control.
Application Security isn't supported for Dynatrace Managed in offline mode.
Supported technologies
Third-party vulnerability detection
Dynatrace detects third-party vulnerabilities in the following technologies.
| Technology | Minimum OneAgent version |
|---|---|
| Go | 1.245 |
| Java 1 | 1.221 |
| Java runtimes | 1.253 |
| Kubernetes | 1.219 |
| .NET | 1.233 |
| .NET runtimes2 | 1.255 |
| Node.js | 1.231 |
| Node.js runtimes | 1.253 |
| PHP | 1.231 |
1 Java on z/OS is currently not supported. 2 Support for .NET framework runtime has been halted due to an elevated false positive rate. |
Code-level vulnerability detection
Dynatrace detects code-level vulnerabilities in the following technologies.
| Technology | Minimum OneAgent version |
|---|---|
| Java 8 or higher1 | 1.259 |
1 Only supported on Windows x86 and Linux x86 systems. |
Dynatrace detects attacks in the following technologies.
| Technology | Minimum OneAgent version |
|---|---|
| Java 8 or higher1 | 1.241 |
1 Only supported on Windows x86 and Linux x86 systems. |
Activate Application Security
Dynatrace Application Security is licensed based on the consumption of Application Security units. If you’re already a Dynatrace customer and you want to activate Application Security, contact a Dynatrace product expert via live chat. Our DevOps team will evaluate your environment and then activate Application Security.
Assign permissions
You need to assign the Security admin group to users who will be allowed to view and manage vulnerabilities.
For Managed environments, you need to assign the Manage security problems group instead.
To assign Security admin permission
- In Dynatrace, open the user menu in the upper-right corner of the page and go to Account settings > Identity & access management > People.
To add an existing user to the group
- Under Actions, select > Edit user for the user you want to add.
- Select Security admin, then select Save.
To add a new user to the group
- Select Invite user.
- Enter the required details, then select Next.
- Select Security admin, then select Next > Invite.
For more information on user permissions, see Manage user groups and permissions.
Once you have completed these steps, you can enable Dynatrace Runtime Vulnerability Analytics and/or Dynatrace Runtime Application Protection.
Fine-tune permissions optional
Dynatrace version 1.268+
By default, once you enable the Security admin group, users can both view and manage vulnerabilities. To restrict the access level to view-only for specific users, so they can view vulnerabilities but not manage them (cannot change their status), you have two options:
- Restrict the access of an existing group at the environment or management zone level
- Create a new group with restricted access at the environment or management zone level
Restrict access to an existing group
To restrict the access of an existing group at the environment or management zone level
- In Dynatrace, open the user menu in the upper-right corner of the page and go to Account settings > Identity & access management > Groups.
- Filter for Security admin and then, under Actions, select > View group.
- For the Permissions section, select Edit.
- Select Environment permissions.
- Select your environment, then clear Manage security problems and select View security problems.
- Select Save.
- Select Management zone permissions.
- Filter for and select the management zone you want.
- Clear Manage security problems and select View security problems.
- Select Save.
Create a new group with restricted access
To create a new group with restricted access at the environment or management zone level
- In Dynatrace, open the user menu in the upper-right corner of the page and go to Account settings > Identity & access management > Groups.
- Select Create group.
- Enter a name and a description for the group, and then select Next.
- Select Environment permissions.
- Select your environment, then select View security problems.
- Select Next > Next and then select Create group.
- Select Management zone permissions.
- Filter for and select the management zone you want, and then select View security problems.
- Select Next > Next and then select Create group.