Skip to content

Migrated Dynatrace Solution to use DCR #14003

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
keyoke wants to merge 83 commits into
base: master
Choose a base branch
from
Open

Migrated Dynatrace Solution to use DCR #14003

Show file tree
Hide file tree
Changes from 77 commits
Commits
Show all changes
83 commits
Select commit Hold shift + click to select a range
14e2931
initial migration of dynatrace attacks connector to CCP
keyoke May 29, 2025
9737cdd
ensure timegenerated column set to attack timestamp
keyoke May 30, 2025
e4d9e1f
migrated Dynatrace Audit Logs connector
keyoke Jun 2, 2025
49bbf34
upda6ed dynatrace attacks connector
keyoke Jun 2, 2025
4a1c0a6
fixed dynatrace transform epoch time conversion
keyoke Jun 3, 2025
0d901a8
updates
keyoke Jun 3, 2025
99c4bd9
updates
keyoke Jun 3, 2025
72824d3
migrate DT run Vul connector to CCP
keyoke Jun 4, 2025
276465f
updated title and preview status for previous versions of the dynatra…
keyoke Jun 4, 2025
baefd3d
marked new connectors as preview
keyoke Jun 4, 2025
0f5a7dc
Merge branch 'Azure:master' into users/gaemslie/migrate-dynatrace-ccp
keyoke Jun 11, 2025
826386e
updated dt audit log connector name
keyoke Jul 1, 2025
2d938a4
Merge branch 'users/gaemslie/migrate-dynatrace-ccp' of https://github…
keyoke Jul 1, 2025
dfc7d76
Merge branch 'Azure:master' into users/gaemslie/migrate-dynatrace-ccp
keyoke Jul 1, 2025
d7c4add
shortened name and id on dynatrace connectors
keyoke Jul 1, 2025
9d0725a
removed pagesize from the dynatrace connector config
keyoke Jul 4, 2025
1d3bab1
removed pagesize from dynatrace runtime vuln connector
keyoke Jul 4, 2025
a30e86f
repackaged DT
keyoke Jul 4, 2025
b1dee6b
initial migration of dynatrace attacks connector to CCP
keyoke May 29, 2025
a17f8d8
ensure timegenerated column set to attack timestamp
keyoke May 30, 2025
d52c628
migrated Dynatrace Audit Logs connector
keyoke Jun 2, 2025
aa67a9c
upda6ed dynatrace attacks connector
keyoke Jun 2, 2025
a391e03
fixed dynatrace transform epoch time conversion
keyoke Jun 3, 2025
0da9038
updates
keyoke Jun 3, 2025
6de8dc7
updates
keyoke Jun 3, 2025
bb4706c
migrate DT run Vul connector to CCP
keyoke Jun 4, 2025
cb17269
updated title and preview status for previous versions of the dynatra…
keyoke Jun 4, 2025
e1b7ed3
marked new connectors as preview
keyoke Jun 4, 2025
ecbeac8
updated dt audit log connector name
keyoke Jul 1, 2025
461850f
shortened name and id on dynatrace connectors
keyoke Jul 1, 2025
dedd762
removed pagesize from the dynatrace connector config
keyoke Jul 4, 2025
febf85a
removed pagesize from dynatrace runtime vuln connector
keyoke Jul 4, 2025
cc24a45
repackaged DT
keyoke Jul 4, 2025
477e5d6
Merge branch 'users/gaemslie/migrate-dynatrace-ccp' of https://github…
keyoke Sep 1, 2025
1818d18
repackaged dynatrace solution
keyoke Sep 1, 2025
712d8d7
updated package
keyoke Apr 2, 2026
42c4db3
initial migration of dynatrace attacks connector to CCP
keyoke May 29, 2025
6ccbc34
ensure timegenerated column set to attack timestamp
keyoke May 30, 2025
5f78332
migrated Dynatrace Audit Logs connector
keyoke Jun 2, 2025
83f79e2
upda6ed dynatrace attacks connector
keyoke Jun 2, 2025
f37e000
fixed dynatrace transform epoch time conversion
keyoke Jun 3, 2025
e46a78a
updates
keyoke Jun 3, 2025
4e709b9
updates
keyoke Jun 3, 2025
1df3b87
migrate DT run Vul connector to CCP
keyoke Jun 4, 2025
413c319
updated title and preview status for previous versions of the dynatra…
keyoke Jun 4, 2025
897fe67
marked new connectors as preview
keyoke Jun 4, 2025
d14b51e
updated dt audit log connector name
keyoke Jul 1, 2025
2707edc
shortened name and id on dynatrace connectors
keyoke Jul 1, 2025
3103b34
removed pagesize from the dynatrace connector config
keyoke Jul 4, 2025
4b6611f
removed pagesize from dynatrace runtime vuln connector
keyoke Jul 4, 2025
61d03bb
repackaged DT
keyoke Jul 4, 2025
1ed3678
initial migration of dynatrace attacks connector to CCP
keyoke May 29, 2025
88e1cb2
ensure timegenerated column set to attack timestamp
keyoke May 30, 2025
bce52fd
migrated Dynatrace Audit Logs connector
keyoke Jun 2, 2025
cbfb739
upda6ed dynatrace attacks connector
keyoke Jun 2, 2025
7b38c0f
fixed dynatrace transform epoch time conversion
keyoke Jun 3, 2025
49e7456
updates
keyoke Jun 3, 2025
e7e3acd
updates
keyoke Jun 3, 2025
5807909
migrate DT run Vul connector to CCP
keyoke Jun 4, 2025
b4c0d06
marked new connectors as preview
keyoke Jun 4, 2025
fa8183a
shortened name and id on dynatrace connectors
keyoke Jul 1, 2025
582f288
removed pagesize from the dynatrace connector config
keyoke Jul 4, 2025
e5ef306
repackaged DT
keyoke Jul 4, 2025
f581dd6
repackaged dynatrace solution
keyoke Sep 1, 2025
69f283f
updated package
keyoke Apr 2, 2026
348a3bd
Merge branch 'users/gaemslie/migrate-dynatrace-ccp' of https://github…
keyoke Apr 2, 2026
8a50fcd
updated package
keyoke Apr 2, 2026
ef06988
updates for migrating to new CCP
keyoke Apr 2, 2026
c124a8a
updated release notes
keyoke Apr 2, 2026
cf3fb8f
added missing startTime column for problems connector
keyoke Apr 2, 2026
c77f9af
fixed for vuln connector
keyoke Apr 2, 2026
a448d93
updates
keyoke Apr 2, 2026
573b67b
updates
keyoke Apr 2, 2026
47b1b5b
fixed issue with datatype
keyoke Apr 2, 2026
ec4c1cb
fixes
keyoke Apr 2, 2026
895006d
removed duplicate release notes in description
keyoke Apr 7, 2026
3caff90
Removed a modified file from pull request
keyoke Apr 7, 2026
3d3a3d0
-Solution descriptions are expected to include the standard Underlyin…
keyoke Apr 7, 2026
dc4f60f
bumped version
keyoke Apr 7, 2026
e335c8a
removed invalid package version
keyoke Apr 7, 2026
b0af7b8
removed invalid release entry
keyoke Apr 7, 2026
c2fc89c
version changes
keyoke Apr 7, 2026
34a9a3b
organized dynatrace connectors into folders
keyoke Apr 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions Solutions/Dynatrace/Data Connectors/Connector_Dynatrace_Attacks.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
"properties": {
"connectorUiConfig": {
"id": "DynatraceAttacks",
"title": "Dynatrace Attacks",
"title": "Dynatrace Attacks V1",
"publisher": "Dynatrace",
"descriptionMarkdown": "This connector uses the Dynatrace Attacks REST API to ingest detected attacks into Microsoft Sentinel Log Analytics",
"additionalRequirementBanner": "This data connector depends on a parser based on Kusto Function to work as expected which is deployed with the Microsoft Sentinel Solution.",
Expand Down Expand Up @@ -71,7 +71,7 @@
],
"availability": {
"status": 1,
"isPreview": true
"isPreview": false
},
"permissions": {
"resourceProvider": [
Expand Down Expand Up @@ -142,7 +142,7 @@
"endTimeAttributeName": "to",
"headers": {
"Accept": "application/json",
"User-Agent" : "dynatrace-microsoft-sentinel/3.x/connectors/attacks"
"User-Agent" : "dynatrace-microsoft-sentinel/3.0.2/connectors/attacks"
},
"queryParameters": {
"fields": "+attacker,+request,+entrypoint,+vulnerability,+managementZones"
Expand Down
87 changes: 87 additions & 0 deletions Solutions/Dynatrace/Data Connectors/Connector_Dynatrace_Attacks_DCR.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
{
"name": "DTAttacksV2DCR",
"apiVersion": "2021-09-01-preview",
"type": "Microsoft.Insights/dataCollectionRules",
"location": "{{location}}",
"properties": {
"streamDeclarations": {
"Custom-DynatraceAttacksV2": {
"columns": [
{
"name": "timestamp",
"type": "long"
},
{
"name": "attackId",
"type": "string"
},
{
"name": "displayId",
"type": "string"
},
{
"name": "displayName",
"type": "string"
},
{
"name": "attackType",
"type": "string"
},
{
"name": "technology",
"type": "string"
},
{
"name": "state",
"type": "string"
},
{
"name": "affectedEntities",
"type": "dynamic"
},
{
"name": "request",
"type": "dynamic"
},
{
"name": "entrypoint",
"type": "dynamic"
},
{
"name": "vulnerability",
"type": "dynamic"
},
{
"name": "attacker",
"type": "dynamic"
},
{
"name": "managementZones",
"type": "dynamic"
}
]
}
},
"destinations": {
"logAnalytics": [
{
"workspaceResourceId": "{{workspaceResourceId}}",
"name": "clv2ws1"
}
]
},
"dataFlows": [
{
"streams": [
"Custom-DynatraceAttacksV2"
],
"destinations": [
"clv2ws1"
],
"transformKql": "let fromUnixTime = (t: long) {\ndatetime(1970-01-01) + t * 1ms\n};\nsource | extend TimeGenerated = fromUnixTime(timestamp) | project-away timestamp",
"outputStream": "Custom-DynatraceAttacksV2_CL"
}
],
"dataCollectionEndpointId": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]"
}
}
118 changes: 118 additions & 0 deletions Solutions/Dynatrace/Data Connectors/Connector_Dynatrace_Attacks_Definition.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
{
"name": "DynatraceAttacksCCPDefinition",
"apiVersion": "2022-09-01-preview",
"type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
"location": "{{location}}",
"kind": "Customizable",
"properties": {
"connectorUiConfig": {
"id": "DynatraceAttacksCCPDefinition",
"title": "Dynatrace Attacks V2",
"publisher": "Dynatrace",
"descriptionMarkdown": "This connector uses the Dynatrace Attacks REST API to ingest detected attacks into Microsoft Sentinel Log Analytics",
"additionalRequirementBanner": "This data connector depends on a parser based on Kusto Function to work as expected which is deployed with the Microsoft Sentinel Solution.",
"graphQueriesTableName": "DynatraceAttacksV2_CL",
"graphQueries": [
{
"metricName": "Total data received",
"legend": "Dynatrace Attack Events",
"baseQuery": "{{graphQueriesTableName}}"
}
],
"sampleQueries": [
{
"description": "All Attack Events",
"query": "DynatraceAttacks\n| summarize arg_max(TimeStamp, *) by AttackId\n| take 10"
},
{
"description": "All Exploited Attack Events",
"query": "DynatraceAttacks\n| where State == \"EXPLOITED\"\n| summarize arg_max(TimeStamp, *) by AttackId\n| take 10"
},
{
"description": "Count Attacks by Type",
"query": "DynatraceAttacks\n| summarize arg_max(TimeStamp, *) by AttackId\n| summarize count() by AttackType\n| take 10"
}
],
"dataTypes": [
{
"name": "{{graphQueriesTableName}}",
"lastDataReceivedQuery": "{{graphQueriesTableName}}\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)"
}
],
"connectivityCriteria": [
{
"type": "HasDataConnectors",
"value": null
}
],
"availability": {
"status": 1,
"isPreview": true
},
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "read and write permissions are required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"write": true,
"read": true,
"delete": true
}
}
],
"customs": [
{
"name": "Dynatrace tenant (ex. xyz.dynatrace.com)",
"description": "You need a valid Dynatrace tenant with [Application Security](https://www.dynatrace.com/platform/application-security/) enabled, learn more about the [Dynatrace platform](https://www.dynatrace.com/)."
},
{
"name": "Dynatrace Access Token",
"description": "You need a Dynatrace Access Token, the token should have ***Read attacks*** (attacks.read) scope."
}
]
},
"instructionSteps": [
{
"title": "Dynatrace Attack Events to Microsoft Sentinel",
"description": "Configure and Enable Dynatrace [Application Security](https://www.dynatrace.com/platform/application-security/). \n Follow [these instructions](https://docs.dynatrace.com/docs/shortlink/token#create-api-token) to generate an access token.",
"instructions": [
{
"parameters": {
"enable": "true",
"type": "text",
"label": "Dynatrace tenant (ex. xyz.dynatrace.com)",
"placeholder": "{{dynatraceEnvironmentUrl}}",
"name": "dynatraceEnvironmentUrl"
},
"type": "Textbox"
},
{
"parameters": {
"enable": "true",
"type": "password",
"label": "Dynatrace Access Token",
"placeholder": "{{dynatraceAccessToken}}",
"name": "dynatraceAccessToken"
},
"type": "Textbox"
},
{
"type": "ConnectionToggleButton",
"parameters": {
"connectLabel": "connect",
"name": "toggle"
}
}
]
}
],
"metadata": {
"version": "1.0.2",
"kind": "dataConnector"
}
}
}
}
52 changes: 52 additions & 0 deletions Solutions/Dynatrace/Data Connectors/Connector_Dynatrace_Attacks_Polling_Config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
{
"type": "Microsoft.SecurityInsights/dataConnectors",
"apiVersion": "2021-10-01-preview",
"name": "DynatraceAttacksV2",
"location": "{{location}}",
"kind": "RestApiPoller",
"properties": {
"connectorDefinitionName": "DynatraceAttacksCCPDefinition",
"dataType": "DynatraceAttacksV2_CL",
"auth": {
"type": "APIKey",
"ApiKey": "[[parameters('dynatraceAccessToken')]",
"APIKeyIdentifier": "Api-Token",
"APIKeyName": "Authorization"
},
"request": {
"apiEndpoint": "[[concat('https://',parameters('dynatraceEnvironmentUrl'),'/api/v2/attacks')]",
"httpMethod": "Get",
"rateLimitQPS": 2,
"retryCount": 3,
"timeoutInSeconds": 120,
"queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
"queryWindowInMin": 5,
"startTimeAttributeName": "from",
"endTimeAttributeName": "to",
"headers": {
"Accept": "application/json",
"User-Agent": "dynatrace-microsoft-sentinel/3.0.2/connectors/attacks"
},
"queryParameters": {
"fields": "+attacker,+request,+entrypoint,+vulnerability,+managementZones"
}
},
"response": {
"eventsJsonPaths": [
"$.attacks"
],
"convertChildPropertiesToArray": true
},
"dcrConfig": {
"streamName": "Custom-DynatraceAttacksV2",
"dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
"dataCollectionRuleImmutableId": "{{dataCollectionRuleImmutableId}}"
},
"paging": {
"pagingType": "NextPageToken",
"pagingQueryParamOnly": true,
"nextPageTokenJsonPath": "$.nextPageKey",
"nextPageParaName": "nextPageKey"
}
}
}
65 changes: 65 additions & 0 deletions Solutions/Dynatrace/Data Connectors/Connector_Dynatrace_Attacks_table.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
{
"name": "DynatraceAttacksV2_CL",
"apiVersion": "2021-03-01-privatepreview",
"type": "Microsoft.OperationalInsights/workspaces/tables",
"location": "{{location}}",
"properties": {
"schema": {
"name": "DynatraceAttacksV2_CL",
"columns": [
{
"name": "TimeGenerated",
"type": "datetime"
},
{
"name": "attackId",
"type": "string"
},
{
"name": "displayId",
"type": "string"
},
{
"name": "displayName",
"type": "string"
},
{
"name": "attackType",
"type": "string"
},
{
"name": "technology",
"type": "string"
},
{
"name": "state",
"type": "string"
},
{
"name": "affectedEntities",
"type": "dynamic"
},
{
"name": "request",
"type": "dynamic"
},
{
"name": "entrypoint",
"type": "dynamic"
},
{
"name": "vulnerability",
"type": "dynamic"
},
{
"name": "attacker",
"type": "dynamic"
},
{
"name": "managementZones",
"type": "dynamic"
}
]
}
}
}
6 changes: 3 additions & 3 deletions Solutions/Dynatrace/Data Connectors/Connector_Dynatrace_AuditLogs.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
"properties": {
"connectorUiConfig": {
"id" : "DynatraceAuditLogs",
"title": "Dynatrace Audit Logs",
"title": "Dynatrace Audit Logs V1",
"publisher": "Dynatrace",
"descriptionMarkdown": "This connector uses the [Dynatrace Audit Logs REST API](https://docs.dynatrace.com/docs/dynatrace-api/environment-api/audit-logs) to ingest tenant audit logs into Microsoft Sentinel Log Analytics",
"additionalRequirementBanner": "This data connector depends on a parser based on Kusto Function to work as expected which is deployed with the Microsoft Sentinel Solution.",
Expand Down Expand Up @@ -71,7 +71,7 @@
],
"availability": {
"status": 1,
"isPreview": true
"isPreview": false
},
"permissions": {
"resourceProvider": [
Expand Down Expand Up @@ -142,7 +142,7 @@
"endTimeAttributeName": "to",
"headers": {
"Accept": "application/json",
"User-Agent" : "dynatrace-microsoft-sentinel/3.x/connectors/auditlogs"
"User-Agent" : "dynatrace-microsoft-sentinel/3.0.2/connectors/auditlogs"
}
},
"paging": {
Expand Down
Loading
Loading