Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage

Dynatrace Application Security - Code-Level runtime vulnerability detection

Back
Id305093b4-0fa2-57bc-bced-caea782a6e9c
RulenameDynatrace Application Security - Code-Level runtime vulnerability detection
DescriptionDetect Code-level runtime vulnerabilities in your environment insights by snyk
SeverityMedium
TacticsDefenseEvasion
Execution
Impact
InitialAccess
LateralMovement
Persistence
PrivilegeEscalation
Required data connectorsDynatraceRuntimeVulnerabilities
KindScheduled
Query frequency1d
Query period1d
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_CodeLevelVulnerabilityDetection.yaml
Version1.0.0
Arm template305093b4-0fa2-57bc-bced-caea782a6e9c.json
Deploy To Azure
DynatraceSecurityProblems
| where VulnerabilityType == "CODE_LEVEL" and DAVISRiskLevel == "CRITICAL" and Muted == false
| summarize  arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId
kind: Scheduled
eventGroupingSettings:
  aggregationKind: AlertPerResult
triggerOperator: gt
suppressionDuration: 5h
name: Dynatrace Application Security - Code-Level runtime vulnerability detection
alertDetailsOverride:
  alertDescriptionFormat: |
        Code-Level runtime vulnerability ({{ExternalVulnerabilityId}}) detected in package ({{PackageName}}), more details available from Dynatrace at {{Url}}.
  alertDisplayNameFormat: 'Dynatrace Code-Level runtime vulnerability detected - {{DisplayId}} : {{Title}}'
  alertSeverityColumnName: Severity
status: Available
queryPeriod: 1d
id: 305093b4-0fa2-57bc-bced-caea782a6e9c
suppressionEnabled: false
description: Detect Code-level runtime vulnerabilities in your environment insights by snyk
version: 1.0.0
severity: Medium
customDetails:
  PackageName: PackageName
  SecurityProblemUrl: Url
  DAVISExposure: DAVISExposure
  SecProbIdentifier: SecurityProblemId
  DAVISVulnFuncUsage: DAVISVulnerableFunctionUsage
  DAVISRiskScore: DAVISRiskScore
  DAVISPublicExploit: DAVISPublicExploit
  DAVISRiskLevel: DAVISRiskLevel
  Technology: Technology
  VulnerabilityType: VulnerabilityType
  DisplayIdentifier: DisplayId
  ExternVulnIdentifier: ExternalVulnerabilityId
  DAVISDataAssets: DAVISDataAssets
  CVEIds: CVEIds
  DAVISRiskVector: DAVISRiskVector
query: |
  DynatraceSecurityProblems
  | where VulnerabilityType == "CODE_LEVEL" and DAVISRiskLevel == "CRITICAL" and Muted == false
  | summarize  arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId  
incidentConfiguration:
  groupingConfiguration:
    reopenClosedIncident: false
    enabled: false
    lookbackDuration: PT5H
    matchingMethod: AllEntities
  createIncident: false
queryFrequency: 1d
requiredDataConnectors:
- connectorId: DynatraceRuntimeVulnerabilities
  dataTypes:
  - DynatraceSecurityProblems
tactics:
- DefenseEvasion
- Execution
- Impact
- InitialAccess
- LateralMovement
- Persistence
- PrivilegeEscalation
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_CodeLevelVulnerabilityDetection.yaml
triggerThreshold: 0
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workspace": {
      "type": "String"
    }
  },
  "resources": [
    {
      "id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/305093b4-0fa2-57bc-bced-caea782a6e9c')]",
      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/305093b4-0fa2-57bc-bced-caea782a6e9c')]",
      "type": "Microsoft.OperationalInsights/workspaces/providers/alertRules",
      "kind": "Scheduled",
      "apiVersion": "2022-11-01-preview",
      "properties": {
        "displayName": "Dynatrace Application Security - Code-Level runtime vulnerability detection",
        "description": "Detect Code-level runtime vulnerabilities in your environment insights by snyk",
        "severity": "Medium",
        "enabled": true,
        "query": "DynatraceSecurityProblems\n| where VulnerabilityType == \"CODE_LEVEL\" and DAVISRiskLevel == \"CRITICAL\" and Muted == false\n| summarize  arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId\n",
        "queryFrequency": "P1D",
        "queryPeriod": "P1D",
        "triggerOperator": "GreaterThan",
        "triggerThreshold": 0,
        "suppressionDuration": "PT5H",
        "suppressionEnabled": false,
        "tactics": [
          "DefenseEvasion",
          "Execution",
          "Impact",
          "InitialAccess",
          "LateralMovement",
          "Persistence",
          "PrivilegeEscalation"
        ],
        "alertRuleTemplateName": "305093b4-0fa2-57bc-bced-caea782a6e9c",
        "incidentConfiguration": {
          "createIncident": false,
          "groupingConfiguration": {
            "reopenClosedIncident": false,
            "enabled": false,
            "lookbackDuration": "PT5H",
            "matchingMethod": "AllEntities"
          }
        },
        "eventGroupingSettings": {
          "aggregationKind": "AlertPerResult"
        },
        "alertDetailsOverride": {
          "alertDescriptionFormat": "Code-Level runtime vulnerability ({{ExternalVulnerabilityId}}) detected in package ({{PackageName}}), more details available from Dynatrace at {{Url}}.\n",
          "alertDisplayNameFormat": "Dynatrace Code-Level runtime vulnerability detected - {{DisplayId}} : {{Title}}",
          "alertSeverityColumnName": "Severity"
        },
        "customDetails": {
          "PackageName": "PackageName",
          "SecurityProblemUrl": "Url",
          "DAVISExposure": "DAVISExposure",
          "SecProbIdentifier": "SecurityProblemId",
          "DAVISVulnFuncUsage": "DAVISVulnerableFunctionUsage",
          "DAVISRiskScore": "DAVISRiskScore",
          "DAVISPublicExploit": "DAVISPublicExploit",
          "DAVISRiskLevel": "DAVISRiskLevel",
          "Technology": "Technology",
          "VulnerabilityType": "VulnerabilityType",
          "DisplayIdentifier": "DisplayId",
          "ExternVulnIdentifier": "ExternalVulnerabilityId",
          "DAVISDataAssets": "DAVISDataAssets",
          "CVEIds": "CVEIds",
          "DAVISRiskVector": "DAVISRiskVector"
        },
        "entityMappings": null,
        "OriginalUri": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_CodeLevelVulnerabilityDetection.yaml",
        "templateVersion": "1.0.0",
        "status": "Available"
      }
    }
  ]
}