03 Oct 2022 12:06 PM - edited 27 Jun 2023 01:01 PM
This article is about using Dynatrace AppSec and dealing with reported false-positives in your applications.
Looking for known CVEs in Dynatrace components? Go to https://cve-status.dynatrace.com
This is a Self Service Diagnostics article of type Full-Self-Service.
For unexpected product issues on the Dynatrace side please submit a Support Ticket.
Issue | Solution | Tasks | Alternative |
Reported third-party vulnerabilities for certain process groups or Kubernetes nodes are not relevant for your environment | Mute entities: They will be hidden and not taken into account for Application Security metrics or Davis Security Score | Mute* entities via UI (security problem or its individual items) or API (security problem or individual items) | Set up fine-grained Security-monitoring rules for affected processes, e.g. based on process or host tags |
* Available mute state changes include CONFIGURATION_NOT_AFFECTED, FALSE_POSITIVE, IGNORE, OTHER, VULNERABLE_CODE_NOT_IN_USE
The following query examples may be helpful to identify relevant processes before muting them:
This example shows how to filter out processes of a security problem with a Java version < 9.
Steps to reproduce:
...
"softwareTechnologies": [
{
"type": "JAVA"
},
{
"type": "JAVA",
"edition": "OpenJDK",
"version": "1.8.0_312"
},
...
Related Python script: https://github.com/robinwyss/spring4shell-dynatrace-export
This example shows how to identify processes with a certain third-party library package name or version.
Step to reproduce: Get entities using
Notes:
Possible properties of an entity of a specified type can be listed via the entityTypes API.
Request 1:
GET /api/v2/entities?entitySelector=type(SOFTWARE_COMPONENT),softwareComponentType(JAVA),packageName(org.springframework.boot:spring-boot)&fields=properties.packageName,properties.softwareComponentFileName,properties.softwareComponentShortName,properties.softwareComponentType,fromRelationships.isSoftwareComponentOfPgi
Response:
...
"entities": [
{
"entityId": "SOFTWARE_COMPONENT-x",
"displayName": "org.springframework.boot:spring-boot:1.5.12.RELEASE",
"properties": {
"softwareComponentFileName": "spring-boot-1.5.12.RELEASE.jar",
"softwareComponentType": "JAVA",
"softwareComponentShortName": "spring-boot",
"packageName": "org.springframework.boot:spring-boot"
},
"fromRelationships": {
"isSoftwareComponentOfPgi": [
{
"id": "PROCESS_GROUP_INSTANCE-x",
"type": "PROCESS_GROUP_INSTANCE"
},
{
"id": "PROCESS_GROUP_INSTANCE-x",
"type": "PROCESS_GROUP_INSTANCE"
}
]
}
}
]
...
Request 2:
GET /api/v2/entities/PROCESS_GROUP_INSTANCE-x?fields=fromRelationships.isInstanceOf
Response:
{
"entityId": "PROCESS_GROUP_INSTANCE-x",
"type": "PROCESS_GROUP_INSTANCE",
"displayName": "NAME",
"fromRelationships": {
"isInstanceOf": [
{
"id": "PROCESS_GROUP-x",
"type": "PROCESS_GROUP"
}
]
}
}