Dynatrace Application Security

Dynatrace provides advanced monitoring and performance management solutions for cloud environments, infrastructure, applications, and user experiences. Dynatrace Application Security strengthen your application’s security by providing following modules:

• Dynatrace Runtime Vulnerability Analytics (RVA): identify critical vulnerabilities instantly with automated risk and impact assessments, thanks to in-depth analysis of data access paths and production execution.

• Dynatrace Runtime Application Protection (RAP): defend your applications in real time by detecting and blocking attacks through advanced code-level insights and transaction analysis.

More information can be found at the Dynatrace Application Security website.

Integration Method: API

Tables: Vulnerability Finding (2002), Detection Finding (2004), HTTP Activity (4002)

This integration supports the following events.

This integration is tested with the following versions.

Prerequisites

• The user should have access to the Dynatrace portal with an account that has Administrator privileges. 

• The user should have access to the DataBee console.

Configuration Overview

1. Generate an API token with the required scopes

2. Add the Dynatrace Application Security data feed in the DataBee console with the below parameters.

   DataBee Parameter	Dynatrace Parameter
   Token	Personal Access Token

Dynatrace Configuration

1. Navigate to Dynatrace portal. Enter your email ID and click Next.
    

2. Enter your password and click Sign in.
    

3. Once logged in, note the <tenant_id> from the URL which is required later while configuring the data feed. Refer to the screenshot below. 

   

Process group monitoring

For Application Security to work properly, we need to enable deep monitoring. Please follow the steps to enable automatic deep monitoring.

1. In Dynatrace UI > Go to Apps > Under Manage section > Settings.
    

2. Navigate to Processes and contextualize > Process groups.
    

3. Under Process groups, click Process group monitoring.
    

4. It will open Dynatrace classic UI in new browser tab. Click the toggle Enable automatic deep monitoring.
   
   

Enable Runtime Vulnerabilities Analytics (RVA)

1. In Dynatrace UI > Go to Apps > Under Manage section > Settings. 
    

2. Navigate to Analyze and alert and select Application Security.
    

3.  Go to Application protection > General settings.
    
   

4. Under Application Security > Vulnerability Analytics, click General settings.
    
   

5. Toggle the Enable Third-party Vulnerability Analytics button and enable the technologies you want to monitor under Technologies.
    
   

6. Navigate to Code-level Vulnerability Analytics and enable it. Also select Monitor from the drop down for ‘Global Java code-level vulnerability detection control’ and ‘Global .NET code-level vulnerability detection control’.

   

7. Once both Third-party Vulnerability Analytics and Code-level Vulnerability Analytics are enabled, click Save changes.

   
   

Enable Runtime Application Protection (RPA)

1. In Dynatrace UI > Go to Apps > Under Manage section > Settings.
    

2. Select Analyze and alert > Application security.
    
   

3. Navigate to Application protection > General settings.
    
   

4. Toggle the Enable Runtime Application Protection button and ensure either Monitor; incoming attacks detected only or Block; incoming attacks detected and blocked based on your preferences for both ‘Attack control Java’ and ‘Attack control .NET.’
   
   
   

5. Once Runtime Application Protection is enabled, click Save changes.

    

Enable OneAgent monitoring

1. In Dynatrace UI > Go to Apps > Under Manage section > Settings.
    
   

2. Navigate to Collect and capture > General monitoring settings.
   
   

   
   

3. Click OneAgent features.

   
   

   
   

4. Ensure you have enabled both code-level attack evaluation [Opt-In] and code-level vulnerability evaluation [Opt-In] for the technology that you want to monitor. You can also use the Filter by option as well.
    
   

5. For code-level attack evaluation [Opt-In], additionally we must enable Instrumentation enabled (change needs a process restart). Once enabled, click Save changes.
    
   

Generate personal access tokens

1. In Dynatrace UI > Go to Apps > Under Manage section > Settings.
    
   

2. Navigate to Environment segmentation > Access tokens.

    

   
   

3. Enable Personal access tokens and then click Save changes.

    

   
   

4. Go to Apps > Under Manage section > Personal Access Tokens to generate a personal access token.
    
   

5. Click Generate new token button.
    
   

6. Give an appropriate ‘Token name’ and select Read attacks and Read security problems from the scopes. Once selected click Generate token.
   
   

   
   

7. Ensure to copy and save the generated access token as it will be required to configure in DataBee.
    

DataBee Configuration

1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
    
   

2. Search for the Dynatrace and click it as shown below.
    
   

3. Click on the API Ingest option for collection method.
    
   

4. Enter feed contact information and click Next.

    

5. In the configuration page, confirm the following:

   • API Base URL: this is the base URL that DataBee will interact with. Ensure to update <tenant_id> placeholder with your Dynatrace tenant id.

   • Authorization Method: Bearer Token

   • Token: paste the Personal Access Token generated earlier in the GitLab console.

   • Event Types: preselected for all the event types that integration pulls.  

   

6. Click Submit.

Troubleshooting Tips

• Ensure the token is pasted correctly. Since you cannot view the token after the 1^st time, re-create the token, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

• Ensure the Dynatrace scopes/permissions are correct.