cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
stefanie_pachne
Dynatrace Organizer
Dynatrace Organizer
This article is about using Dynatrace AppSec and dealing with reported false-positives in your applications.
Looking for known CVEs in Dynatrace components? Go to https://cve-status.dynatrace.com

This is a Self Service Diagnostics article of type Full-Self-Service.

For unexpected product issues on the Dynatrace side please submit a Support Ticket.

Self Service Summary

Issue Solution Tasks Alternative
Reported third-party vulnerabilities for certain process groups or Kubernetes nodes are not relevant for your environment Mute entities: They will be hidden and not taken into account for Application Security metrics or Davis Security Score Mute* entities via UI (security problem or its individual items) or API (security problem or individual items) Set up fine-grained Security-monitoring rules for affected processes, e.g. based on process or host tags

* Available mute state changes include CONFIGURATION_NOT_AFFECTED, FALSE_POSITIVE, IGNORE, OTHER, VULNERABLE_CODE_NOT_IN_USE

The following query examples may be helpful to identify relevant processes before muting them:

Filter by Java version

This example shows how to filter out processes of a security problem with a Java version < 9.

Steps to reproduce:

  1. Get all security problems
  2. For each: Get a list of "affectedEntities" (processes)
  3. For each: Get entity (process) property "softwareTechnologies" and filter by version ("type"="JAVA")
...
"softwareTechnologies": [
{
"type": "JAVA"
},
{
"type": "JAVA",
"edition": "OpenJDK",
"version": "1.8.0_312"
},
...

Related Python script: https://github.com/robinwyss/spring4shell-dynatrace-export

Filter by third-party library data

This example shows how to identify processes with a certain third-party library package name or version.

Step to reproduce: Get entities using

  1. "entitySelector" type(SOFTWARE_COMPONENT), softwareComponentType(JAVA) and your specific criteria e.g. packageName(org.springframework.boot:spring-boot), softwareComponentFileName(spring-boot-1.5.12.RELEASE.jar), or softwareComponentShortName(spring-boot),
    and response "fields" fromRelationships.isSoftwareComponentOfPgi to retrieve affected processes.
  2. previously identified Process Group Instances and response "fields" fromRelationships.isInstanceOf to retrieve affected Process Groups required for remediation.

Notes:

  • The libraries in use by PROCESS_GROUP_INSTANCES are reported as SOFTWARE_COMPONENT entities by the OneAgent.
  • Possible properties of an entity of a specified type can be listed via the entityTypes API.


Request 1:

GET /api/v2/entities?entitySelector=type(SOFTWARE_COMPONENT),softwareComponentType(JAVA),packageName(org.springframework.boot:spring-boot)&fields=properties.packageName,properties.softwareComponentFileName,properties.softwareComponentShortName,properties.softwareComponentType,fromRelationships.isSoftwareComponentOfPgi

Response:

...
"entities": [
{
"entityId": "SOFTWARE_COMPONENT-x",
"displayName": "org.springframework.boot:spring-boot:1.5.12.RELEASE",
"properties": {
"softwareComponentFileName": "spring-boot-1.5.12.RELEASE.jar",
"softwareComponentType": "JAVA",
"softwareComponentShortName": "spring-boot",
"packageName": "org.springframework.boot:spring-boot"
},
"fromRelationships": {
"isSoftwareComponentOfPgi": [
{
"id": "PROCESS_GROUP_INSTANCE-x",
"type": "PROCESS_GROUP_INSTANCE"
},
{
"id": "PROCESS_GROUP_INSTANCE-x",
"type": "PROCESS_GROUP_INSTANCE"
}
]
}
}
]
...


Request 2:

GET /api/v2/entities/PROCESS_GROUP_INSTANCE-x?fields=fromRelationships.isInstanceOf

Response:

{ 
"entityId": "PROCESS_GROUP_INSTANCE-x",
"type": "PROCESS_GROUP_INSTANCE",
"displayName": "NAME",
"fromRelationships": {
"isInstanceOf": [
{
"id": "PROCESS_GROUP-x",
"type": "PROCESS_GROUP"
}
]
}
}
Version history
Last update:
‎27 Jun 2023 01:01 PM
Updated by:
Comments
ChadTurner
DynaMight Legend
DynaMight Legend

Thank you @stefanie_pachne for sharing this 🙂