cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Need assistance with questions about security

feri_pratama
Newcomer

We are currently conducting a document review with the customer, and their Security team has several concerns that require statements or documents from the principal of Dynatrace. We would like to ask your assistance regarding the points below. If the following questions cannot be answered, please include the reasons as they will be attached to our document.

  1. Is the Cassandra database used by Dynatrace accessible?
  2. Are there any tools that can be used to access it? (e.g. SQL Studio Management)
  3. Does the authentication process require a connection string?
  4. Which version of Cassandra is currently in use?
  5. Scheme Name, Role Membership, Role Privileges, Object Name used by Cassandra?
  6. Is the email address used to receive alerts stored encrypted? If so, is it encrypted using the AES256 or 3DES algorithm?
  7. Does Dynatrace have a single session login option?
  8. Does Dynatrace have the option to lock account if login fails? If so, can we configure the maximum failed login?

We've been asking support for these questions since last week, but we still haven't got the answers until now. Hope you can help us answer it.

Thanks.

Feri

2 REPLIES 2

Radoslaw_Szulgo
Dynatrace Guru
Dynatrace Guru

1. Only from cluster nodes hosts

2. Yes, but as in (1). And you should rather not install any additional software at the host.

3. Depends what client you use. Typically it’s an IP address.

4. Cassandra 3.0.20

5. Scheme is ruxit. Role is admin. Dynatrace uses dozens of objects

6. Email address is not encrypted

7.yes - https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-managed/configuration/confi...

8. Yes, but it’s not configurable. After 5 failed attempts, log in is blocked for 1 minute.

Senior Technical Product Manager,
Dynatrace Managed expert

Hi Radoslaw,

Thank you for your fast answers!