Dynatrace Attacks connector for Microsoft Sentinel
This connector uses the Dynatrace Attacks REST API to ingest detected attacks into Microsoft Sentinel Log Analytics
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | {{graphQueriesTableName}} |
| Data collection rules support | Not currently supported |
| Supported by | Dynatrace |
Query samples
All Attack Events
DynatraceAttacks
| summarize arg_max(TimeStamp, *) by AttackId
| take 10
All Exploited Attack Events
DynatraceAttacks
| where State == "EXPLOITED"
| summarize arg_max(TimeStamp, *) by AttackId
| take 10
Count Attacks by Type
DynatraceAttacks
| summarize arg_max(TimeStamp, *) by AttackId
| summarize count() by AttackType
| take 10
Prerequisites
To integrate with Dynatrace Attacks make sure you have:
- Dynatrace tenant (ex. xyz.dynatrace.com): You need a valid Dynatrace tenant with Application Security enabled, learn more about the Dynatrace platform.
- Dynatrace Access Token: You need a Dynatrace Access Token, the token should have Read attacks (attacks.read) scope.
Vendor installation instructions
Dynatrace Attack Events to Microsoft Sentinel
Configure and Enable Dynatrace Application Security. Follow these instructions to generate an access token.
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for