Dynatrace Application Security - Non-critical runtime vulnerability detection
| Id | ff0af873-a2f2-4233-8412-0ef4e00b0156 |
| Rulename | Dynatrace Application Security - Non-critical runtime vulnerability detection |
| Description | Detect runtime vulnerabilities in your environment insights by snyk |
| Severity | Informational |
| Tactics | DefenseEvasion Execution Impact InitialAccess LateralMovement Persistence PrivilegeEscalation |
| Required data connectors | DynatraceRuntimeVulnerabilities |
| Kind | Scheduled |
| Query frequency | 1d |
| Query period | 1d |
| Trigger threshold | 0 |
| Trigger operator | gt |
| Source Uri | https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_NonCriticalVulnerabilityDetection.yaml |
| Version | 1.0.2 |
| Arm template | ff0af873-a2f2-4233-8412-0ef4e00b0156.json |
DynatraceSecurityProblems
| where DAVISRiskLevel != "CRITICAL" and Muted == false
| summarize arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId
queryPeriod: 1d
query: |
DynatraceSecurityProblems
| where DAVISRiskLevel != "CRITICAL" and Muted == false
| summarize arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId
incidentConfiguration:
groupingConfiguration:
lookbackDuration: PT5H
reopenClosedIncident: false
matchingMethod: AllEntities
enabled: false
createIncident: false
name: Dynatrace Application Security - Non-critical runtime vulnerability detection
eventGroupingSettings:
aggregationKind: AlertPerResult
queryFrequency: 1d
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_NonCriticalVulnerabilityDetection.yaml
alertDetailsOverride:
alertDisplayNameFormat: 'Dynatrace Non-critical runtime vulnerability detected - {{DisplayId}} : {{Title}}'
alertDescriptionFormat: |
Non-critical runtime vulnerability ({{ExternalVulnerabilityId}}) detected in package ({{PackageName}}), more details available from Dynatrace at {{Url}}.
alertSeverityColumnName: Severity
description: Detect runtime vulnerabilities in your environment insights by snyk
kind: Scheduled
triggerOperator: gt
version: 1.0.2
status: Available
severity: Informational
requiredDataConnectors:
- connectorId: DynatraceRuntimeVulnerabilities
dataTypes:
- DynatraceSecurityProblems
requiredTechniques:
- T1140
- T1059
- T1565
- T1659
- T1210
- T1554
- T1548
triggerThreshold: 0
customDetails:
VulnerabilityType: VulnerabilityType
SecurityProblemUrl: Url
DAVISRiskLevel: DAVISRiskLevel
DAVISDataAssets: DAVISDataAssets
DisplayIdentifier: DisplayId
ExternVulnIdentifier: ExternalVulnerabilityId
DAVISExposure: DAVISExposure
DAVISPublicExploit: DAVISPublicExploit
PackageName: PackageName
Technology: Technology
SecProbIdentifier: SecurityProblemId
DAVISRiskVector: DAVISRiskVector
DAVISVulnFuncUsage: DAVISVulnerableFunctionUsage
DAVISRiskScore: DAVISRiskScore
CVEIds: CVEIds
tactics:
- DefenseEvasion
- Execution
- Impact
- InitialAccess
- LateralMovement
- Persistence
- PrivilegeEscalation
id: ff0af873-a2f2-4233-8412-0ef4e00b0156