This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Transition from Classic to New Application Security monitoring rules

dburgstaller
Dynatrace Advocate
Dynatrace Advocate

‎27 May 2025 03:08 PM - last edited on ‎30 May 2025 07:54 AM by Community Team

Glossary

Resource attribute = a key-value-pair that is sent by the Dynatrace OneAgent that is easily customisable by the customer. (Resource attributes - Dynatrace Docs )

K8s labels = Labels that are set on various Kubernetes resources when managing the Kubernetes environment (Labels and Selectors )

 

Tips for engaging with the New rules

We suggest creating the new rules first and verifying with the per-rule preview to make sure the desired entities are matched.

After you’re satisfied with the rules, you can flip the toggle called Enable new monitoring rules in Settings app > Application security > General settings.

Every rule can consist of multiple conditions that are linked by a logical AND operator.

 

ℹ️Please be mindful when switching the monitoring rules, as switching from Classic to New monitoring rules has an impact on the entities that you monitor.

The problem

In classic Dynatrace, you could define rules for Third-party vulnerabilities based on management zones, host tags, and process tags.

This approach had some inconveniences:

  • Time delay when adding new entities to a management zone.

  • The necessity to understand various Dynatrace concepts (like “management zones” and “tags”) to create rules based on them.

  • A lot of complexity and a lack of transparency on what will be monitored.

  • One ruleset targeting different entity types, Application Security is monitoring (processes, K8s resources)

  • No ease-of-use when modifying rules (e.g., no auto-complete - making the rule prone to typos)

  • A different setup from code-level vulnerabilities and attack protection.

 

The solution

We introduced a new way of setting up what you want to monitor with Application Security.

Existing customers are eligible to see both Classic and New rules, while new customers will only be able to see the New ones.

Existing customers can see a toggle in the classic settings (Application security > General settings) called Enable new monitoring rules to switch between the rule sets.

RVA_Settings.png

 

The New rules are based on more transparent and straightforward concepts:

  • Library and runtime vulnerability monitoring can be configured using resource attributes, for example, host.name contains prod

  • Kubernetes vulnerability monitoring can be configured using Kubernetes labels, for example, kubernetes.io/hostname contains prod

We introduced more ease-of-use and transparency when setting up rules:

  • You get suggestions for keys & values

    • Based on the information available in your environment

    • You’re still able to enter any text in these fields

  • You have more comparison options (e.g. contains, exists, startsWith, …)

  • Each rule allows you to preview the entities that are matched with the conditions given

 
Rule_suggestions.png
Suggestions

Rule_preview.png

Per-rule preview of matched entities of the rule

 

You can read more about the new monitoring rules in the public documentation: Monitoring rules - Third-party Vulnerability Analytics - Dynatrace Docs.

We came up with a set of common use cases you could consider when setting up the “new” monitoring rules. They can also be found in the public documentation: use cases for monitoring rules - Dynatrace Docs .

Reply
0 REPLIES 0
Ask a question

Featured Posts