Dynatrace Attacks connector for Microsoft Sentinel

This connector uses the Dynatrace Attacks REST API to ingest detected attacks into Microsoft Sentinel Log Analytics

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Connector attribute Description
Log Analytics table(s) {{graphQueriesTableName}}
Data collection rules support Not currently supported
Supported by Dynatrace

Query samples

All Attack Events

DynatraceAttacks

| summarize  arg_max(TimeStamp, *) by AttackId

|  take 10

All Exploited Attack Events

DynatraceAttacks

| where State == "EXPLOITED"

| summarize  arg_max(TimeStamp, *) by AttackId

|  take 10

Count Attacks by Type

DynatraceAttacks

| summarize  arg_max(TimeStamp, *) by AttackId

| summarize count() by AttackType

| take 10

Prerequisites

To integrate with Dynatrace Attacks make sure you have:

  • Dynatrace tenant (ex. xyz.dynatrace.com): You need a valid Dynatrace tenant with Application Security enabled, learn more about the Dynatrace platform.
  • Dynatrace Access Token: You need a Dynatrace Access Token, the token should have Read attacks (attacks.read) scope.

Vendor installation instructions

Dynatrace Attack Events to Microsoft Sentinel

Configure and Enable Dynatrace Application Security. Follow these instructions to generate an access token.

Next steps

For more information, go to the related solution in the Azure Marketplace.