PayShield HSM Device extension

Latest Dynatrace
Extension
Published Oct 27, 2025

Monitor PayShield Payment Hardware Security Module (HSM) Devices through SNMP.

1 of 3

Get started

Overview

Monitor PayShield HSM devices via SNMP to ensure secure and reliable payment operations.

This extension collects metrics to monitor the health and performance of your PayShield Payment HSM devices. Metrics are collected via SNMP protocol.

The extension package contains:

SNMP Data Source configuration
Overview dashboard (Classic & Gen3)
Custom topology types extracted from metric dimensions:
- Payshield HSM Device
- Payshield HSM Device Fan
- Payshield HSM Device PSU
SNMP MIB files used for monitoring:
- THALES-ESECURITY-PAYSHIELD-MIB

Use cases

Monitor important device information and metrics related to fraud PIN limits, licensing data, health diagnostic checks, host and log commands.
Track status markers for devices, fans and power supply units (PSUs).

Requirements

Simply activate the extension in your environment using the in-product Hub, provide the necessary device configuration and you’re all set up.

To learn more, see SNMP extension data source documentation.

Compatibility information

SNMP v2c or SNMP v3
Dynatrace version 1.310+
ActiveGate version 1.301+

Details

Licensing and cost

DDUs: 20 + (1* Device Fans) + (1 * Device PSUs) * 525.6 DDUs/year, per device

DPS (Metric data points): 20 + (1* Device Fans) + (1 * Device PSUs) * 525,600 metric data points/year, per device

For more information about licensing costs, see Extending Dynatrace (Davis data units) or Metrics powered by Grail overview (DPS) depending on your license model.

Feature sets

When activating your extension using monitoring configuration, you can limit monitoring to one of the feature sets. To work properly the extension has to collect at least one metric after the activation.

In highly segmented networks, feature sets can reflect the segments of your environment. Then, when you create a monitoring configuration, you can select a feature set and a corresponding ActiveGate group that can connect to this particular segment.

All metrics that aren't categorized into any feature set are considered to be the default and are always reported.

A metric inherits the feature set of a subgroup, which in turn inherits the feature set of a group. Also, the feature set defined on the metric level overrides the feature set defined on the subgroup level, which in turn overrides the feature set defined on the group level.

Metric name	Metric key	Description
Tamper state	hsm.payshield.state.tamper	The tamper state of the payShield device (1- stateUnknown, 2- stateOK, 3- stateTampered)
Battery state	hsm.payshield.state.battery	The current state of the battery (1- stateOK, 2- stateWarning, 3- stateFailure)
Payshield HSM software	hsm.payshield.version_software.entity	Placeholder metric for software version info dimensions (only dimension data is relevant)

Metric name	Metric key	Description
payShield device state	hsm.payshield.state.device	The current state of the payShield (1- stateUnavailable, 2- stateOnline, 3- stateOffline, 4- stateSecure)

Metric name	Metric key	Description
PSU state	hsm.payshield.state.psu	Indicates the current state of this power supply unit (1- stateOK, 2- stateFailure, 3- stateNotDetected)

Metric name	Metric key	Description
Fan state	hsm.payshield.state.fan	The current state of this fan (1- stateOK, 2- stateFailure, 3- stateNotDetected)

Metric name	Metric key	Description
payShield host commands enabled	hsm.payshield.enabled_host_commands	The number of host commands enabled on this payShield
payShield total entries in error log	hsm.payshield.logs.error_log.total_count.gauge	Total number of entries in the error log
payShield max length in error log	hsm.payshield.logs.error_log.max_length	Maximum number of entries in the error log
payShield total entries in audit log	hsm.payshield.logs.audit_log.total_count.gauge	Total number of entries in the audit log
payShield max length in in audit log	hsm.payshield.logs.audit_log.max_length	Maximum number of entries in the audit log

Metric name	Metric key	Description
Fraud PIN verify limits exceeded	hsm.payshield.fraud_pin.limits_exceeded.verify	1 if fraud detection is turned on, and either the allowable PIN verifications/minute, or PIN verifications/hour, have been exceeded
Fraud PIN attack limits exceeded	hsm.payshield.fraud_pin.limits_exceeded.attack	1 if fraud detection is turned on, AND the total number of PIN attacks have exceeded the allowed count

Metric name	Metric key	Description
Licensing performance model	hsm.payshield.licensing.performance_model	The maximum calls per second this payShield unit is licensed for
Optional licensing count	hsm.payshield.licensing.optional.license_count.gauge	The number of optional licenses this payShield unit has installed
Cryptographic algorithm count	hsm.payshield.licensing.crypto_algorithm_count.gauge	The number of Cryptographic Algorithms enabled by the payShield's licensing

Metric name	Metric key	Description
Diagnostic self-test status	hsm.payshield.health.diag_selftest.ok	True (1) unless one or more of the tests in the last self test failed
Diagnostic self-test count	hsm.payshield.health.diag_selftest.count.gauge	The number of self tests run last test cycle on this payShield
Health check enabled	hsm.payshield.health.healthcheck.enabled	Whether the payShield is presently collecting health check data (1- True, 2- False)
payShield reboot count	hsm.payshield.health.healthcheck.counts.reboot	Number of times the payShield rebooted since the last reset of health counters
payShield tamper count	hsm.payshield.health.healthcheck.counts.tamper	The number of tampers detected since the last reset of health counters
payShield pin attack limit exceeded count	hsm.payshield.health.healthcheck.counts.pin_attack_limit_exceeded	The number of times the pin attack limit was exceeded since the last reset of health counters

Explore in Dynatrace Hub

Monitor PayShield Payment Hardware Security Module (HSM) Devices through SNMP.