Dynatrace Audit Logs connector for Microsoft Sentinel

This connector uses the Dynatrace Audit Logs REST API to ingest tenant audit logs into Microsoft Sentinel Log Analytics

Connector attributes

Connector attribute Description
Log Analytics table(s) {{graphQueriesTableName}}
Data collection rules support Not currently supported
Supported by Dynatrace

Query samples

All Audit Log Events


| take 10

User Login Events


| where EventType == "LOGIN"
and Category == "WEB_UI"

| take 10

Access Token Creation Events


| where EventType == "CREATE"
and Category == "TOKEN"

| take 10


To integrate with Dynatrace Audit Logs make sure you have:

  • Dynatrace tenant (ex. xyz.dynatrace.com): You need a valid Dynatrace Tenant, to learn more about the Dynatrace platform Start your free trial.
  • Dynatrace Access Token: You need a Dynatrace Access Token, the token should have Read audit logs (auditLogs.read) scope.

Vendor installation instructions

Dynatrace Audit Log Events to Microsoft Sentinel

Enable Dynatrace Audit Logging. Follow these instructions to generate an access token.

Next steps

For more information, go to the related solution in the Azure Marketplace.