Dynatrace Runtime Vulnerabilities connector for Microsoft Sentinel
This connector uses the Dynatrace Security Problem REST API to ingest detected runtime vulnerabilities into Microsoft Sentinel Log Analytics.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | {{graphQueriesTableName}} |
| Data collection rules support | Not currently supported |
| Supported by | Dynatrace |
Query samples
All Vulnerability Events
DynatraceSecurityProblems
| summarize arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId
| take 10
All Third-Party Vulnerability Events
DynatraceSecurityProblems
| where VulnerabilityType == "THIRD_PARTY"
| summarize arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId
| take 10
All Code-level Vulnerability Events
DynatraceSecurityProblems
| where VulnerabilityType == "CODE_LEVEL"
| summarize arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId
| take 10
All Runtime Vulnerability Events
DynatraceSecurityProblems
| where VulnerabilityType == "RUNTIME"
| summarize arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId
| take 10
Critical Vulnerability Events
DynatraceSecurityProblems
| where DAVISRiskLevel == "CRITICAL"
| summarize arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId
| take 10
High Vulnerability Events
DynatraceSecurityProblems
| where DAVISRiskLevel == "HIGH"
| summarize arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId
| take 10
Count Vulnerability Events by Technology and Vulnerability
DynatraceSecurityProblems
| summarize arg_max(LastUpdatedTimeStamp, *) by SecurityProblemId
| summarize count() by Technology, ExternalVulnerabilityId
| take 10
Prerequisites
To integrate with Dynatrace Runtime Vulnerabilities make sure you have:
- Dynatrace tenant (ex. xyz.dynatrace.com): You need a valid Dynatrace tenant with Application Security enabled, learn more about the Dynatrace platform.
- Dynatrace Access Token: You need a Dynatrace Access Token, the token should have Read security problems (securityProblems.read) scope.
Vendor installation instructions
Dynatrace Vulnerabilities Events to Microsoft Sentinel
Configure and Enable Dynatrace Application Security. Follow these instructions to generate an access token.
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for