Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This playbook will ingest Microsoft Sentinel Security Alerts into Dynatrace.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Dynatrace |
| Source | View on GitHub |
📄 Source: Ingest-DynatraceMSSentinelSecurityAlerts/readme.md
author: Dynatrace
This playbook will Report all Microsoft Sentinel Security Alerts to Dynatrace. You need a valid Dynatrace tenant with Application Security enabled, you will also need to install the relevant Microsoft Sentinel Connectors which would generated security alerts consumed by this playbook. To learn more about the Dynatrace platform Start your free trial
** Prerequisites ** - Follow these instructions to generate a Dynatrace access token, the token should have Ingest logs (logs.ingest) scope. - [Important step]Store the Dynatrace Access Token as a secret in Azure Key vault and provide the key vault name during playbook deployment, by convention the secret name should be 'DynatraceAccessToken'.
** Post Install Notes:**
The Logic App uses a Managed System Identity (MSI).
Assign RBAC 'Microsoft Sentinel Reader' role to the Logic App at the Resource Group level of the Log Analytics Workspace.
Assign access policy on key vault for Playbook to fetch the secret key
A Microsoft Sentinel playbook is utilized by automation rules, therefore to automatically trigger this playbook you must setup a new automation rule. If you have not set permissions yet, review here
Basic steps for setup of the playbook and automation rule are as follows :
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊