• Home
  • Platform modules
  • Application Security
  • Vulnerability Analytics
  • Third-party vulnerabilities
  • Remediation tracking

Remediation tracking

Remediation tracking allows you to track the remediation progress of individual entities (process groups, processes, or Kubernetes nodes) that are affected by a third-party vulnerability.

For process groups and Kubernetes nodes, you can control which of these entities you want to track and which you want to discard. For instance, if you think an entity isn't relevant or is a false positive, you can mute it. By muting an entity, you hide third-party vulnerabilities for certain process groups or Kubernetes nodes.

  • Muted entities aren't taken into consideration in any context, such as Davis Security Score or Application Security metrics.
  • To ensure proper handling of newly affected entities, muting all entities doesn't mute the vulnerability itself. Other affected entities may exist that aren't visible to a particular user due to permission restrictions or the selected management zone.

Remediation tracking for process groups

remediation-tracking-pg-overview

To access remediation tracking for process groups that are related to a vulnerability

  1. In the Dynatrace menu, go to Third-party vulnerabilities.
  2. Select Details for the vulnerability you want.
  3. Select View all process groups.

On the Process group overview page, you can

  • Filter for process groups
  • Track remediation progress for process groups
  • Change vulnerability status of process groups

Filter for process groups

You can filter for process groups by Entity name (full or partial name), Status (Affected, Resolved, or Muted), Public internet exposure (Public network or Not detected), Reachable data assets (Reachable or Not detected), Name of vulnerable function in use, Vulnerable functions usage (In use or Not in use), or Assessment accuracy (Full or Reduced (infra-only)).

  • For Name of vulnerable functions in use, you can use two colons in your search term (class::function) to specify the function and/or class name you're looking for:

    • class:: to filter by a specific class name.
    • class::function to filter for a specific function in a specific class.
    • function to filter for a specific function name in any class.

  • Assessment accuracy: Full filters for related process groups that run in Full-Stack Monitoring mode.

  • Assessment accuracy: Reduced (infra-only) filters for related process groups that run in Infrastructure Monitoring mode.

For details, see Monitoring modes.

Track remediation progress for process groups

The process group list provides the following information:

  • Process group:

    • The name of the related process group with a link to the process group details page.
    • The number of currently affected processes out of the total number of processes in that process group, indicating the remediation progress.

  • Risk assessment:

    • If the vulnerability affects a process group that, based on the Dynatrace entity model (Smartscape), is exposed to the internet, the public exposure symbol is displayed.
    • If the vulnerability affects a process group that, based on the Dynatrace entity model, has database access, the reachable data symbol is displayed.

  • Status:

    • Current status of the related process group (Affected, Resolved, or Muted).

  • First detected: A timestamp showing when the related process group was first detected.

  • Last update: A timestamp showing when the status of the related process group was last updated.

  • Details: Detailed information about the selected process group.

The process group details section provides the following information:

  • Details:

    • Process group name: The name of the affected process group (for example, IIS app pool dotNetBackend_easyTravel_x64) with a link to the process group details page.
    • Processes: The number of currently affected processes out of the total number of processes in that process group, indicating the remediation progress. (for example, 2/10 processes affected).
    • Status: The current status of the affected process group (Affected, Resolved, or Muted).
    • First detected: A timestamp showing when the related process group was first detected.
    • Last update: A timestamp showing when the status of the affected process group was last updated.
    • Vulnerable component: The name of the vulnerable component (for example, .NET 3.5.1.0 .NET Framework).

  • Status: The latest status change.

    • If the status has changed, Dynatrace displays when the change occurred and who performed the change (if applicable).
    • If the status hasn't changed, No status changes yet is displayed.

  • Risk assessment:

    • If there's any public internet exposure.

      Note: If the symbol is grayed out and crossed out, there's no public exposure. If the symbol isn't present, there's no data available.

    • If there are any reachable data assets affected.

      Note: If the symbol is grayed out and crossed out, there aren't any reachable data assets. If the symbol isn't present, there's no data available.

    • If there are any vulnerable functions in use by a process.

      Note: If the symbol is grayed out and crossed out, there's no vulnerable function in use. If the symbol isn't present, there's no data available. For details, see FAQ: Why is there no data available for vulnerable functions?.

Change vulnerability status of process groups

To change the vulnerability status of

  • One affected process group:

    1. On Process group overview, go to Details of the process group and select Change status.
    2. Select the new status and enter any additional information, and then select Save.

  • Multiple affected process groups:

    1. On Process group overview, select the process groups you want from those displayed on the page and then select Yes, change status.
    2. Select the new status, enter any additional information, and then select Save.

  • The vulnerability related to the process groups:

    1. Select Change status in the upper-right corner and then select Change status.
    2. Select the new status, enter any additional information, and then select Save.

Remediation tracking for processes

remediation-tracking-process-overview

To access remediation tracking for processes

  1. In the Dynatrace menu, go to Third-party vulnerabilities.
  2. Select Details for the vulnerability you want.
  3. Select View all process groups.
  4. In the Process group column, under the name of the process group you want, select one of the two numbers to view:

    • The affected processes

      example-affected-process-click

    • The related processes (Affected and Resolved)

      example-related-process-click

On the Process overview page, you can

  • Filter for processes
  • Track remediation progress for processes

Filter for processes

You can filter for processes by Entity name (full or partial name), Status (Affected or Resolved), Name of vulnerable function in use, or Vulnerable functions usage (In use or Not in use).

  • For Name of vulnerable functions in use, you can use two colons in your search term (class::function) to specify the function and/or class name you are looking for:

    • class:: to filter by a specific class name.
    • class::function to filter for a specific function in a specific class.
    • function to filter for a specific function name in any class.

Track remediation progress for processes

The process list provides the following information:

  • Process:

    • The name of the related process (for example, KpiTomcatFrontEnd-CWS-2-IG-51-HG) with a link to the process details page.
    • The Dynatrace ID of the related process (for example, PROCESS_GROUP_INSTANCE-B63193A779301A0E), to distinguish it from other processes with the same name.

  • Vulnerable functions: If there are any vulnerable functions in use by the process, the vulnerable function symbol is displayed.

    Note: If the symbol is grayed out and crossed out, there's no vulnerable function in use. If the symbol isn't present, there's no data available. For details, see FAQ: Why is there no data available for vulnerable functions?.

  • Status: The current status of the related process (Afefcted or Resolved).

  • First detected: A timestamp showing when the related process was first detected.

  • Details: Detailed information about the selected process.

The process details section provides the following information:

  • Details:
    • Process group name: The name of the related process group (for example, IIS app pool dotNetBackend_easyTravel_x64) with a link to the process group details page.
    • Status: The current status of the related process (Affected or Resolved).
    • First detected: A timestamp showing when the related process was first detected.
    • Vulnerable component: The name of the vulnerable component (for example, .com.fasterxml.jackson.core:jackson-databind:2.9.9).

Remediation tracking for Kubernetes nodes

remediation-tracking-k8s-node-overview

To access remediation tracking for Kubernetes nodes that are related to a vulnerability

  1. In the Dynatrace menu, go to Third-party vulnerabilities.
  2. Select Details for the vulnerability you want.
  3. Select View all Kubernetes nodes.

On the Kubernetes node overview page you can

  • Filter for nodes
  • Track remediation progress for nodes
  • Change vulnerability status of nodes

Filter for nodes

You can filter for nodes by Entity name (full or partial name) or by Status (Affected, Resolved, or Muted).

Track remediation progress for nodes

The Kubernetes node list provides the following information:

  • Node: The name of the affected node with a link to the host details page.
  • Status: The current status of the affected node (Affected, Resolved, or Muted).
  • First detected: A timestamp showing when the affected node was first detected.
  • Last update: A timestamp showing when the status of the affected node was last updated.
  • Details: Detailed information about the selected node.

The Kubernetes node details section provides the following information:

  • Details:
    • Node name: The name of the Kubernetes node (for example, deb-10-k3s-oi-01).
    • Status: The current status of the affected node (Affected, Resolved, or Muted).
    • First detected: A timestamp showing when the affected node was first detected.
    • Last update: A timestamp showing when the status of the affected node was last updated.
    • Vulnerable component: The name of the vulnerable component (for example, Kubernetes v1.21.9+k3s1 master).
  • Status:
    • If the status hasn't changed, No status changes yet is displayed.
    • If the status has changed, Dynatrace displays when the change occurred and who performed the change (if applicable).

Change vulnerability status of nodes

To change the vulnerability status of

  • One affected node:

    1. Go to Details of the Kubernetes node you want, and then select Change status.
    2. Select the new status and enter any additional information, and then select Save.

  • Multiple affected nodes:

    1. Select the nodes you want from those displayed on the page and then select Yes, change status.
    2. Select the new status, enter any additional information, and then select Save.

  • The vulnerability related to the nodes:

    1. Select Change status in the upper-right corner and then select Change status.
    2. Select the new status, enter any additional information, and then select Save.