Get started with Security Investigator

Latest Dynatrace

With Dynatrace, you can swiftly respond to incidents and pinpoint root causes for alerts in your production environments. By performing evidence-driven analysis on your logs, events, and traces in Grail, and enriching this data with observability insights from your systems, you save valuable time by adding crucial context to your investigations.

Dynatrace Security Investigator SI Logo is designed to expedite evidence-driven investigations on data in Grail, addressing time constraints and enhancing efficiency by

Eliminating manual, repetitive tasks from investigations
Providing enrichment and additional context without switching between tools
Offering fast and detailed access to your data in Grail
Enhancing user experience for quicker identification of critical issues

Target audience

While Security Investigator is primarily designed for security investigations, it's highly effective in conducting any detailed, evidence-driven investigation, no matter the field or nature of the inquiry.

Possible use cases suitable for Security Investigator:

Incident response
Root cause analysis
Threat hunting
Fraud analysis and investigations
Data forensics

That's why our audience includes everyone involved in evidence-driven investigations, from security analysts and SREs to DevOps engineers and internal auditors handling major fraud investigations on large-scale events.

To get started with Security Investigator, follow the instructions below.

Prerequisites

Dynatrace version 1.288+
Basic knowledge of
- Dynatrace Query Language (DQL)
- Dynatrace Pattern Language (DPL)
Permissions: For a list of permissions required, go to Dynatrace Hub , select Security Investigator , and display Technical information.
To investigate ingested logs, you need to set up log ingestion.

Get started

To create an investigation scenario, select Case.

Each scenario corresponds to a case. Once you create a case, you can build, rename, or delete it; switch between cases (all your changes are automatically saved); or share it with others.

You can create an unlimited number of investigation scenarios.
- Example scenario: Threat hunting and forensics
You can create a maximum of 100 nodes per case.
The maximum size of a case is 1 GB.

Go to the Security Investigator SI Logo home page. Each case card contains information about the case size and number of queries.

Next steps

To learn how to use Security Investigator SI Logo , see

Further resources

Speed up evidence-driven security investigations and threat hunting with Dynatrace Security Investigator
Generate security events from Dynatrace Security Investigator via OpenPipeline
Dynatrace University tutorial:

Dynatrace Security Investigator