Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage
  1. Microsoft Sentinel Analytics Rules
  2. /
  3. Analytic Rules
  4. /
  5. Dynatrace Application Security - Third-Party runtime vulnerability detection

Dynatrace Application Security - Third-Party runtime vulnerability detection

Back
Idaf99b078-124b-543a-9a50-66ef87c09f6a
RulenameDynatrace Application Security - Third-Party runtime vulnerability detection
DescriptionDetect Third-Party runtime vulnerabilities in your environment insights by snyk
SeverityMedium
TacticsDefenseEvasion
Execution
Impact
InitialAccess
LateralMovement
Persistence
PrivilegeEscalation
TechniquesT1140
T1059
T1565
T1659
T1210
T1554
T1548
Required data connectorsDynatraceRuntimeVulnerabilities
KindScheduled
Query frequency1d
Query period1d
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_ThirdPartyVulnerabilityDetection.yaml
Version1.0.3
Arm templateaf99b078-124b-543a-9a50-66ef87c09f6a.json
Deploy To Azure
DynatraceSecurityProblems
| where VulnerabilityType != "CODE_LEVEL" and DAVISRiskLevel == "CRITICAL"  and Muted == false
| summarize  arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId

id: af99b078-124b-543a-9a50-66ef87c09f6a
requiredDataConnectors:
- connectorId: DynatraceRuntimeVulnerabilities
  dataTypes:
  - DynatraceSecurityProblems
entityMappings:
- fieldMappings:
  - identifier: Url
    columnName: Url
  entityType: URL
query: |
  DynatraceSecurityProblems
  | where VulnerabilityType != "CODE_LEVEL" and DAVISRiskLevel == "CRITICAL"  and Muted == false
  | summarize  arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId  
incidentConfiguration:
  createIncident: false
  groupingConfiguration:
    lookbackDuration: PT5H
    enabled: false
    matchingMethod: AllEntities
    reopenClosedIncident: false
triggerThreshold: 0
kind: Scheduled
severity: Medium
queryPeriod: 1d
customDetails:
  DAVISRiskVector: DAVISRiskVector
  DAVISPublicExploit: DAVISPublicExploit
  VulnerabilityType: VulnerabilityType
  DAVISVulnFuncUsage: DAVISVulnerableFunctionUsage
  DAVISDataAssets: DAVISDataAssets
  DisplayIdentifier: DisplayId
  DAVISExposure: DAVISExposure
  DAVISRiskScore: DAVISRiskScore
  Technology: Technology
  CVEIds: CVEIds
  SecurityProblemUrl: Url
  ExternVulnIdentifier: ExternalVulnerabilityId
  DAVISRiskLevel: DAVISRiskLevel
  SecProbIdentifier: SecurityProblemId
  PackageName: PackageName
tactics:
- DefenseEvasion
- Execution
- Impact
- InitialAccess
- LateralMovement
- Persistence
- PrivilegeEscalation
queryFrequency: 1d
status: Available
relevantTechniques:
- T1140
- T1059
- T1565
- T1659
- T1210
- T1554
- T1548
triggerOperator: gt
alertDetailsOverride:
  alertDisplayNameFormat: 'Dynatrace Third-party runtime vulnerability detected - {{DisplayId}} : {{Title}}'
  alertSeverityColumnName: Severity
  alertDescriptionFormat: |
        Third-party runtime vulnerability ({{ExternalVulnerabilityId}}) detected in package ({{PackageName}}), more details available from Dynatrace at {{Url}}.
eventGroupingSettings:
  aggregationKind: AlertPerResult
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_ThirdPartyVulnerabilityDetection.yaml
description: |
    'Detect Third-Party runtime vulnerabilities in your environment insights by snyk'
name: Dynatrace Application Security - Third-Party runtime vulnerability detection
version: 1.0.3