• Home
  • Platform modules
  • Application Security
  • Vulnerability Analytics
  • Application Security overview

Application Security overview

After you enable and configure Dynatrace Runtime Vulnerability Analytics, Dynatrace starts monitoring your applications to detect vulnerabilities in third-party libraries.

  • A spinning radar screen in the upper-right corner of the Security overview page indicates that your environment is being monitored. If the radar stops, you are warned that Monitoring stopped. Please check settings. Follow the associated link to enable Vulnerability Analytics.

    spinning-radar

For an overview of current security issues in your global environment, in the Dynatrace menu, go to Security overview. The Application Security overview page displays the following information.

Note: For security reasons, access to this page is restricted to users who are part of the Security admin group for the whole environment, not just for a selected set of management zones.

Infographic of the key features

infographic-new

Vulnerabilities

  • In the foreground, the total count of the most severe open third-party vulnerabilities and open code-level vulnerabilities in your environment (29 critical in the example above).

  • Third-party vulnerabilities: The number of the most severe open critical third-party vulnerabilities (23 critical in the example above). Select it to go to the Third-party vulnerabilities page, filtered by the highest risk level and the open status.

  • Code-level vulnerabilities: The number of open code-level vulnerabilities (6 critical in the example above). Select it to go to the Code-level vulnerabilities page, filtered by the open status.

    Note: This feature isn't displayed if code-level vulnerability detection is disabled.

  • The total number of attacks – exploited, blocked, and allowlisted (2,048 attacks in the example above), that happened over the last 30 days. Select it to go to the unfiltered Attacks page.

    Note: This feature isn't displayed if Application Protection isn't activated and enabled.

Host coverage

The percentage of hosts covered by Vulnerability Analytics during the last hour (86% of total in the example above). Host coverage is calculated using all hosts in your environment that run a supported technology. If, on a specific monitored host, no process of any supported technology is running, 100% coverage isn't possible.

How host coverage is calculated:

  1. Collect: Dynatrace first collects all monitored hosts on which supported technologies are enabled.
  2. Filter: All collected hosts are then filtered based on your monitoring rules. If there are hosts that are excluded by monitoring rules, host coverage decreases.

View changes:

  • If there's a decrease in coverage, it can take up to 70 minutes until changes are displayed.
  • If there's an increase in coverage, it can take up to 10 minutes until changes are displayed.

For instructions on how you can increase host coverage and how to solve related issues, see Increase host coverage.

Third-party vulnerabilities

Select the Third-party vulnerabilities tab to display

  • A chart of vulnerabilities by risk level (critical, high, medium, low)
  • A chart of vulnerabilities by status (resolved, open, muted(open))
  • Affected process groups

Risk level

risk-level-card-security-overview

Two perspectives are displayed:

  • Current overview: The number of third-party vulnerabilities currently open, grouped by risk level (45 Critical, 165 High, 217 Medium, 52 Low in the example above). Select any group to go to the Third-party vulnerabilities page, filtered by the respective risk level and open state.

  • Historic data chart: The maximum value of the day for vulnerabilities in your global environment, over the last 30 days, split by risk level. To refine the chart by risk level, select chart legend entries.

    Note: Vulnerabilities are constantly reassessed and may change their risk level over time. For details, see FAQ.

Vulnerabilities

vulnerabilities-security-overview

A chart of the third-party vulnerabilities in your global environment over the last 30 days. You can see when a vulnerability was opened, reopened, resolved, or muted. To refine the chart by risk level, select chart legend entries.

Affected process groups

affected-pg-security-overview

The top five affected process groups sorted by severity:

  • The name of the process group with a link to the associated process group details page.
  • The corresponding technology.
  • The number of vulnerabilities affecting that process group out of the total number of vulnerabilities related to it.

For deeper insights, see Manage third-party vulnerabilities.

Code-level vulnerabilities

Select the Code-level vulnerabilities tab to display

  • A chart of vulnerabilities by risk level (critical)
  • A chart of vulnerabilities by status (resolved, open, muted(open))

Risk level

clvs-risk-level

Two perspectives are displayed:

  • Current overview: The number of critical code-level vulnerabilities currently open, grouped by risk level.

  • Historic data chart: The maximum value of the day for vulnerabilities in your global environment, over the last 30 days.

Vulnerabilities

clv-status-chart

A chart of the code-level vulnerabilities in your global environment over the last 30 days. You can see when a vulnerability was opened, reopened, resolved, or muted. To refine the chart by risk level, select chart legend entries.

FAQ

  • On the risk-level chart, how many vulnerabilities are counted in one day if their risk level changes several times that day (for example, from Medium to High, and back to Medium again)?

    • The vulnerability is counted twice, once for Medium and once for High.

  • On the risk-level chart, how many vulnerabilities are counted in one day if the affected process is restarted several times that day, but the vulnerability risk level stays the same (for example, Medium)?

    • The vulnerability is counted one time, as Medium.