title | description | author | ms.topic | ms.date | ms.service | ms.author | ms.collection |
---|---|---|---|---|---|---|---|
Dynatrace Attacks connector for Microsoft Sentinel |
Learn how to install the connector Dynatrace Attacks to connect your data source to Microsoft Sentinel. |
cwatson-cat |
how-to |
04/26/2024 |
microsoft-sentinel |
cwatson |
sentinel-data-connector |
This connector uses the Dynatrace Attacks REST API to ingest detected attacks into Microsoft Sentinel Log Analytics
This is autogenerated content. For changes, contact the solution provider.
Connector attribute | Description |
---|---|
Log Analytics table(s) | {{graphQueriesTableName}} |
Data collection rules support | Not currently supported |
Supported by | Dynatrace |
All Attack Events
DynatraceAttacks
| summarize arg_max(TimeStamp, *) by AttackId
| take 10
All Exploited Attack Events
DynatraceAttacks
| where State == "EXPLOITED"
| summarize arg_max(TimeStamp, *) by AttackId
| take 10
Count Attacks by Type
DynatraceAttacks
| summarize arg_max(TimeStamp, *) by AttackId
| summarize count() by AttackType
| take 10
To integrate with Dynatrace Attacks make sure you have:
- Dynatrace tenant (ex. xyz.dynatrace.com): You need a valid Dynatrace tenant with Application Security enabled, learn more about the Dynatrace platform.
- Dynatrace Access Token: You need a Dynatrace Access Token, the token should have Read attacks (attacks.read) scope.
Dynatrace Attack Events to Microsoft Sentinel
Configure and Enable Dynatrace Application Security. Follow these instructions to generate an access token.
For more information, go to the related solution in the Azure Marketplace.