Dynatrace Software Intelligence Platform with Microsoft Sentinel

Solution: Dynatrace

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Solutions Index

Attribute	Value
Publisher	Dynatrace
Support Tier	Partner
Support Link	https://www.dynatrace.com/services-support/
Categories	Security - Others,IT Operations,DevOps,Migration,Security - Threat Protection,Security - Vulnerability Management
Version	3.0.3
Author	Dynatrace - microsoftalliances@dynatrace.com
First Published	2022-10-18
Last Updated	2026-05-08
Solution Folder	Dynatrace
Marketplace	Azure Marketplace · Popularity: ⚪ Very Low (0%)

Dynatrace is a leading observability platform that provides automatic and intelligent observability at scale for cloud-native and enterprise workloads; with Dynatrace Application Security, your DevSecOps teams can resolve security issues faster, accelerating software delivery. Integrating Dynatrace with Microsoft Sentinel enables DevSecOps teams to detect, prioritize, triage, and remediate attacks rapidly. DevSecOps teams benefit from the high-accuracy threat signals Dynatrace surfaces. It helps them avoid time-consuming investigation activities, freeing them up for more critical tasks. Microsoft Sentinel data connectors poll Dynatrace for new attacks, vulnerabilities, audit logs, and problem events.

Included data connectors:

Attacks, Common attacks on application layer vulnerabilities which can be detected and blocked using Dynatrace, like SQL injection, command injection, and JNDI attacks.
Runtime vulnerabilities, Software vulnerabilities detected throughout all layers of the application stack.
Audit logs, Security-relevant events for a Dynatrace tenant.
Problems, AI-powered observability problems raised across cloud and hybrid environments.

Learn More about Dynatrace | Dynatrace Docs

Underlying Microsoft Technologies used:

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

a. Microsoft Sentinel

b. Azure Logic Apps

Data Connectors
Tables Used
Content Items

Data Connectors

This solution provides 8 data connector(s):

Tables Used

This solution uses 8 table(s):

Table	Used By Connectors	Used By Content
`DynatraceAttacksV2_CL`	Dynatrace Attacks V1, Dynatrace Attacks V2	Analytics, Workbooks
`DynatraceAttacks_CL`	Dynatrace Attacks V1	Analytics, Workbooks
`DynatraceAuditLogsV2_CL`	Dynatrace Audit Logs V1, Dynatrace Audit Logs V2	Workbooks
`DynatraceAuditLogs_CL`	Dynatrace Audit Logs V1	Workbooks
`DynatraceProblemsV2_CL`	Dynatrace Problems V1, Dynatrace Problems V2	Analytics, Workbooks
`DynatraceProblems_CL`	Dynatrace Problems V1	Analytics, Workbooks
`DynatraceSecurityProblemsV2_CL`	Dynatrace Runtime Vulnerabilities V1, Dynatrace Runtime Vulnerabilities V2	Analytics, Workbooks
`DynatraceSecurityProblems_CL`	Dynatrace Runtime Vulnerabilities V1	Analytics, Workbooks

Internal Tables

The following 1 table(s) are used internally by this solution's content items:

Table	Used By Connectors	Used By Content
`SecurityAlert`	-	Playbooks

Content Items

This solution includes 16 content item(s):

Content Type	Count
Playbooks	6
Analytic Rules	5
Parsers	4
Workbooks	1

Analytic Rules

Name	Severity	Tactics	Tables Used
Dynatrace - Problem detection	Informational	DefenseEvasion, Execution, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation	`DynatraceProblemsV2_CL` `DynatraceProblems_CL`
Dynatrace Application Security - Attack detection	High	Execution, Impact, InitialAccess, PrivilegeEscalation	`DynatraceAttacksV2_CL` `DynatraceAttacks_CL`
Dynatrace Application Security - Code-Level runtime vulnerability detection	Medium	DefenseEvasion, Execution, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation	`DynatraceSecurityProblemsV2_CL` `DynatraceSecurityProblems_CL`
Dynatrace Application Security - Non-critical runtime vulnerability detection	Informational	DefenseEvasion, Execution, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation	`DynatraceSecurityProblemsV2_CL` `DynatraceSecurityProblems_CL`
Dynatrace Application Security - Third-Party runtime vulnerability detection	Medium	DefenseEvasion, Execution, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation	`DynatraceSecurityProblemsV2_CL` `DynatraceSecurityProblems_CL`

Workbooks

Name	Tables Used
Dynatrace	`DynatraceAttacksV2_CL` `DynatraceAttacks_CL` `DynatraceAuditLogsV2_CL` `DynatraceAuditLogs_CL` `DynatraceProblemsV2_CL` `DynatraceProblems_CL` `DynatraceSecurityProblemsV2_CL` `DynatraceSecurityProblems_CL`

Playbooks

Name	Description	Tables Used
Enrich Dynatrace Application Security Attack Incident	This playbook will enriche Dynatrace Application Security Attack Incidents with additional informati...	-
Enrich Dynatrace Application Security Attack with related Microsoft Defender XDR insights	This playbook will enrich Dynatrace Application Security Attack with related Microsoft Defender XDR ...	Internal use: `SecurityAlert` (read)
Enrich Dynatrace Application Security Attack with related Microsoft Sentinel Security Alerts	This playbook will enrich Dynatrace Application Security Attack with related Microsoft Sentinel Secu...	Internal use: `SecurityAlert` (read)
Ingest Microsoft Defender XDR insights into Dynatrace	This playbook will ingest Microsoft Defender XDR insights into Dynatrace.	-
Ingest Microsoft Sentinel Security Alerts into Dynatrace	This playbook will ingest Microsoft Sentinel Security Alerts into Dynatrace.	-
[[Deprecated]] Add Dynatrace Application Security Attack Source IP Address to Threat Intelligence	This playbook will add an attackers source ip to Threat Intelligence when a new incident is opened i...	-

Parsers

Name	Description	Tables Used
DynatraceAttacks	-	`DynatraceAttacksV2_CL` (read) `DynatraceAttacks_CL` (read)
DynatraceAuditLogs	-	`DynatraceAuditLogsV2_CL` (read) `DynatraceAuditLogs_CL` (read)
DynatraceProblems	-	`DynatraceProblemsV2_CL` (read) `DynatraceProblems_CL` (read)
DynatraceSecurityProblems	-	`DynatraceSecurityProblemsV2_CL` (read) `DynatraceSecurityProblems_CL` (read)

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.3	28-04-2026	Fixed timestamp type mismatch in Parsers (DynatraceAttacks, DynatraceAuditLogs, DynatraceProblems, DynatraceSecurityProblems): V1 Unix epoch millisecond fields now converted to datetime, resolving duplicate typed columns in query results. Marked Add_DynatraceApplicationSecurityAttackSourceIpThreatIntelligence playbook as deprecated due to the deprecation of the Microsoft Graph Security tiIndicators API and its connector in Logic Apps.
3.0.2	02-04-2026	Added DCR based connectors.
3.0.1	18-01-2024	Changes for rebranding from Microsoft 365 Defender to Microsoft Defender XDR, Updated user-agent strings used when calling Dynatrace REST API's, Added new Entity Mappings to Analytic Rules Aligned Playbook, Data Connector & Workbook version numbers with rest of solution.
3.0.0	16-10-2023	Enabled new api paging mode on Data Connector to fix issues related to polling Dynatrace REST API's with a large number of results.