Dynatrace Runtime Vulnerabilities connector for Microsoft Sentinel

Статия
28.04.2024 г.

This connector uses the Dynatrace Security Problem REST API to ingest detected runtime vulnerabilities into Microsoft Sentinel Log Analytics.

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Connector attribute	Description
Log Analytics table(s)	{{graphQueriesTableName}}
Data collection rules support	Not currently supported
Supported by	Dynatrace

Query samples

All Vulnerability Events

Kusto

DynatraceSecurityProblems

| summarize  arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId

|  take 10

All Third-Party Vulnerability Events

Kusto

DynatraceSecurityProblems

| where VulnerabilityType == "THIRD_PARTY"

| summarize  arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId

|  take 10

All Code-level Vulnerability Events

Kusto

DynatraceSecurityProblems

| where VulnerabilityType == "CODE_LEVEL"

| summarize  arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId

|  take 10

All Runtime Vulnerability Events

Kusto

DynatraceSecurityProblems

| where VulnerabilityType == "RUNTIME"

| summarize  arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId

|  take 10

Critical Vulnerability Events

Kusto

DynatraceSecurityProblems

| where DAVISRiskLevel == "CRITICAL"

| summarize  arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId

| take 10

High Vulnerability Events

Kusto

DynatraceSecurityProblems

| where DAVISRiskLevel == "HIGH"

| summarize  arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId

| take 10

Count Vulnerability Events by Technology and Vulnerability

Kusto

DynatraceSecurityProblems

| summarize  arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId

| summarize count() by Technology, ExternalVulnerabilityId

| take 10

Prerequisites

To integrate with Dynatrace Runtime Vulnerabilities make sure you have:

Dynatrace tenant (ex. xyz.dynatrace.com): You need a valid Dynatrace tenant with Application Security enabled, learn more about the Dynatrace platform.
Dynatrace Access Token: You need a Dynatrace Access Token, the token should have Read security problems (securityProblems.read) scope.

Vendor installation instructions

Dynatrace Vulnerabilities Events to Microsoft Sentinel

Configure and Enable Dynatrace Application Security. Follow these instructions to generate an access token.

Next steps

For more information, go to the related solution in the Azure Marketplace.

Допълнителни ресурси

Документация

Dynatrace Attacks connector for Microsoft Sentinel

Learn how to install the connector Dynatrace Attacks to connect your data source to Microsoft Sentinel.
Dynatrace Audit Logs connector for Microsoft Sentinel

Learn how to install the connector Dynatrace Audit Logs to connect your data source to Microsoft Sentinel.
Dynatrace Problems connector for Microsoft Sentinel

Learn how to install the connector Dynatrace Problems to connect your data source to Microsoft Sentinel.

Обучение

Пътека за обучение

SC-200: Connect logs to Microsoft Sentinel - Training

SC-200: Connect logs to Microsoft Sentinel

Сертифициране

Microsoft Certified: Security Operations Analyst Associate - Certifications

Investigate, search for, and mitigate threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender.

Споделяне чрез

Dynatrace Runtime Vulnerabilities connector for Microsoft Sentinel

Connector attributes

Query samples

Prerequisites

Vendor installation instructions

Next steps

Обратна връзка

Допълнителни ресурси