Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This playbook will enriche Dynatrace Application Security Attack Incidents with additional information when new incident is opened.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Dynatrace |
| Source | View on GitHub |
📄 Source: Enrich_DynatraceApplicationSecurityAttackIncident/readme.md
author: Dynatrace
This playbook uses the Dynatrace REST APIs to automatically enrich incidents created by Microsoft Sentinel. You need a valid Dynatrace tenant with Application Security enabled. To learn more about the Dynatrace platform Start your free trial
** Prerequisites ** - Follow these instructions to generate a Dynatrace access token, the token should have Read attacks (attacks.read) scope. - [Important step]Store the Dynatrace Access Token as a secret in Azure Key vault and provide the key vault name during playbook deployment, by convention the secret name should be 'DynatraceAccessToken'.
** Post Install Notes:**
The Logic App uses a Managed System Identity (MSI) to update the Microsoft Sentinel Incident.
Assign RBAC 'Microsoft Sentinel Responder' role to the Logic App at the Resource Group level of the Log Analytics Workspace.
Assign access policy on key vault for Playbook to fetch the secret key
A Microsoft Sentinel playbook is utilized by automation rules, therefore to automatically trigger this playbook you must setup a new automation rule. If you have not set permissions yet, review here
Basic steps for setup of the playbook and automation rule are as follows :
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊