Ingest and enrich Microsoft Sentinel security alerts with Dynatrace

Dynatrace integrates with Microsoft Sentinel to unify, visualize, and automate security findings across tools and environments. By adding Dynatrace runtime context to security findings, teams can take advantage of smarter prioritization, reduce alert noise, and focus DevSecOps efforts on efficiently remediating critical issues that affect production environments and applications.

Tackling the challenges of a siloed approach

Each organization has many stakeholders responsible for developing, building, delivering, monitoring, and securing its critical assets. Depending on the organizational structure, these stakeholders can be part of a myriad of siloed teams-for example, development, operations, and security. In many cases, each team uses different tools to observe, monitor, and detect issues in the development artifacts and runtime resources for which they are responsible.

Without proper communication, maintaining healthy applications and services becomes increasingly difficult.

• Security teams need operations and developers to address the security threats they observe.
• Operations teams want to ensure that deployed artifacts go through proper testing and validation in the development phase.
• Developers need help prioritizing issues they need to fix based on security and runtime insights.

Even if teams must operate in silos, the information they need must be shared across the organization, as all relevant stakeholders need the full context to be efficient in their tasks.

There is no single platform that can provide all those insights in a single place. Nevertheless, various products and tools can share data and interoperate with each other to ensure the necessary information is available to the stakeholders who need it.

Unifying security and observability with Microsoft Sentinel and Dynatrace

That's where the power of Microsoft Sentinel and Dynatrace can help. Microsoft Sentinel is a modern, cloud native security information and event management (SIEM) platform, helping SecOps teams to store, analyze, process, detect, and react to security threats. It can unify data from various sources, creating alerts and managing incidents. Additionally, Sentinel is natively integrated with Microsoft security solutions, such as Microsoft Defender for Cloud, and extendible with plenty of third-party data connections to ingest alerts and logs.

Dynatrace is an AI-powered unified observability and security platform that helps teams maintain the health of applications and services delivered by their organizations by detecting performance and security problems in applications. Powered by Davis® AI, the platform automatically analyzes and identifies the root causes of issues, guiding you through the remediation process and providing full contextualized observability and security data.

Dynatrace integrates bi-directionally with Microsoft Sentinel to support different stakeholders with the context they need in the products and tools they use.

Dynatrace data connectors in Microsoft Sentinel bring the required observability and security data to SecOps teams. For more details on the integration, check out this blog post.

The new Microsoft Sentinel ingestion integration with Dynatrace brings security alerts reported in Sentinel to SRE and operations teams. The ingested findings are contextualized and connected to monitored Dynatrace entities to provide an enriched experience while investigating potential problems in applications.

How the integration works

The Dynatrace integration with Microsoft Sentinel leverages Azure Event Hubs to continuously export security alerts from Sentinel. Azure Functions pick up and process the exported alerts, which are then sent to a dedicated Dynatrace OpenPipeline^® security events ingest endpoint.

In Dynatrace, alerts are mapped to Dynatrace semantic conventions and stored in the Dynatrace Grail^® data lakehouse, allowing teams to uniformly access and analyze ingested data.

Dynatrace Dashboards, Notebooks, Threats and Exploits, and Security Investigator apps help visualize, analyze, and investigate the ingested security findings.

With Workflows, teams can then automate the triaging of similar security findings in the future, create working tickets for DevSecOps teams, and send notifications to the relevant stakeholders.

This integration provides a couple of ready-made dashboards to help you get started with the data analysis, as well as a sample workflow template to make it easier to automate remediation actions.

Data ingest setup and monitoring is simplified with guided onboarding instructions provided by the integration and a dedicated monitoring view.

Take the next step with Dynatrace and Microsoft Sentinel

Dynatrace continues to enhance the contextualization of ingested data, driving deeper insights and more intuitive exploration. As integration capabilities evolve, security alerts will become even more deeply embedded in the monitored entity experience-empowering teams to act faster and with greater confidence.

Discover how to ingest Microsoft Sentinel security events, and explore security use cases for insight into how Dynatrace helps teams operationalize security findings. And stay tuned for more announcements in the Application Security domain.