9.运行时应用程序保护

9.运行时应用程序保护

一：英文字幕
Runtime Application Protection
Dynatrace Runtime Application Protection automatically detects attacks on applications in your environment.
Third-party vulnerabilities and code-level vulnerabilities tell you a vulnerability is present and should be fixed, but Runtime Application protection is alerting you that an attack is happening.
Runtime Application Protection detects the following attack types: SQL, JNDI, and command injection.
Via OneAgent, Runtime Application Protection identifies when there is an exploit against a code-level vulnerability that has bypassed your edge protection. Blocking it provides immediate protection and buys you time to remediate the issue by shoring up your edge protection policies and investigating the attack.
This Attacks overview page provides the list of detected attacks in your environment. The overall status displays how many attacks have happened. “Exploited” means the attack went through, “Blocked” means that the attack was blocked by Dynatrace, and “Allowlisted” means you want to allow it to go through.
Attack source locations displays where the attacks originated. Click the map to learn more or filter the list.
To figure out which attacks to address first, view the list. It is optimized to show up to 500 attacks. Use filters and customize the columns to narrow down the list to the important items you need to address first.
At a glance, you can tell the name, entry point, source, and location of the attack, if it is resulting in public exposure, or if reachable data assets are affected. Expand an attack to see additional, vital information for remediation.
Next, deep dive into Dynatrace Runtime Application Protection attack details to manage attacks in your environment.

二：中文字幕
Dynatrace运行时应用程序保护会自动检测对环境中应用程序的攻击。
第三方漏洞和代码级漏洞告诉你漏洞存在并且应该修复，
但是运行时应用程序保护会提醒您攻击正在发生。
运行时应用程序保护可检测以下攻击类型：SQL、JNDI和命令注入。
通过OneAgent，运行时应用程序保护可以识别何时存在针对绕过边缘保护的代码级漏洞的漏洞。
屏蔽它可以提供即时保护，并让您有时间通过加强边缘保护策略和调查攻击来修复问题。
此攻击概述页面提供了在您的环境中检测到的攻击的列表。
总体状态显示发生了多少次攻击。
“被利用”表示攻击已经通过，
“已阻止”表示攻击已被Dynatrace阻止，
而“白名单”表示你想允许它通过。
攻击源位置显示攻击的起源。
点击地图了解更多信息或筛选列表。
要弄清楚首先要解决哪些攻击，请查看列表。它经过优化，最多可显示500次攻击。
使用筛选器并自定义列，将列表范围缩小到需要首先解决的重要项目。
您可以一目了然地知道攻击的名称、入口点、来源和位置，以及攻击是否导致公众曝光，或者可访问的数据资产是否受到影响。
扩大攻击范围以查看其他重要补救信息。
接下来，深入研究Dynatrace运行时应用程序保护攻击详情，以管理环境中的攻击。