Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage
  1. Microsoft Sentinel Analytics Rules
  2. /
  3. Analytic Rules
  4. /
  5. Dynatrace Application Security - Non-critical runtime vulnerability detection

Dynatrace Application Security - Non-critical runtime vulnerability detection

Back
Idff0af873-a2f2-4233-8412-0ef4e00b0156
RulenameDynatrace Application Security - Non-critical runtime vulnerability detection
DescriptionDetect runtime vulnerabilities in your environment insights by snyk
SeverityInformational
TacticsDefenseEvasion
Execution
Impact
InitialAccess
LateralMovement
Persistence
PrivilegeEscalation
TechniquesT1140
T1059
T1565
T1659
T1210
T1554
T1548
Required data connectorsDynatraceRuntimeVulnerabilities
KindScheduled
Query frequency1d
Query period1d
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_NonCriticalVulnerabilityDetection.yaml
Version1.0.3
Arm templateff0af873-a2f2-4233-8412-0ef4e00b0156.json
Deploy To Azure
DynatraceSecurityProblems
| where DAVISRiskLevel != "CRITICAL"  and Muted == false
| summarize  arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId

tactics:
- DefenseEvasion
- Execution
- Impact
- InitialAccess
- LateralMovement
- Persistence
- PrivilegeEscalation
requiredDataConnectors:
- dataTypes:
  - DynatraceSecurityProblems
  connectorId: DynatraceRuntimeVulnerabilities
alertDetailsOverride:
  alertDisplayNameFormat: 'Dynatrace Non-critical runtime vulnerability detected - {{DisplayId}} : {{Title}}'
  alertDescriptionFormat: |
        Non-critical runtime vulnerability ({{ExternalVulnerabilityId}}) detected in package ({{PackageName}}), more details available from Dynatrace at {{Url}}.
  alertSeverityColumnName: Severity
incidentConfiguration:
  groupingConfiguration:
    enabled: false
    lookbackDuration: PT5H
    reopenClosedIncident: false
    matchingMethod: AllEntities
  createIncident: false
id: ff0af873-a2f2-4233-8412-0ef4e00b0156
severity: Informational
eventGroupingSettings:
  aggregationKind: AlertPerResult
status: Available
customDetails:
  DAVISPublicExploit: DAVISPublicExploit
  DAVISRiskScore: DAVISRiskScore
  DAVISRiskVector: DAVISRiskVector
  DAVISRiskLevel: DAVISRiskLevel
  DAVISDataAssets: DAVISDataAssets
  Technology: Technology
  DisplayIdentifier: DisplayId
  DAVISExposure: DAVISExposure
  ExternVulnIdentifier: ExternalVulnerabilityId
  CVEIds: CVEIds
  SecProbIdentifier: SecurityProblemId
  DAVISVulnFuncUsage: DAVISVulnerableFunctionUsage
  SecurityProblemUrl: Url
  PackageName: PackageName
  VulnerabilityType: VulnerabilityType
query: |
  DynatraceSecurityProblems
  | where DAVISRiskLevel != "CRITICAL"  and Muted == false
  | summarize  arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId  
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/Analytic Rules/DynatraceApplicationSecurity_NonCriticalVulnerabilityDetection.yaml
kind: Scheduled
queryPeriod: 1d
version: 1.0.3
name: Dynatrace Application Security - Non-critical runtime vulnerability detection
queryFrequency: 1d
triggerThreshold: 0
relevantTechniques:
- T1140
- T1059
- T1565
- T1659
- T1210
- T1554
- T1548
description: Detect runtime vulnerabilities in your environment insights by snyk
triggerOperator: gt