Get started with Security Investigator

To get started with Security Investigator, follow the instructions below.

Prerequisites

Dynatrace version 1.288+
Basic knowledge of
- Dynatrace Query Language (DQL)
- Dynatrace Pattern Language (DPL)
Permissions: For a list of permissions required, go to Dynatrace Hub , select Security Investigator , and display Technical information.
To investigate ingested logs, you need to set up log ingestion.

Get started

To create an investigation scenario, select Case.

Each scenario corresponds to a case. Once you create a case, you can build, rename, or delete it; switch between cases (all your changes are automatically saved); or share it with others.

You can create an unlimited number of investigation scenarios.
- Example scenario: Threat hunting and forensics
You can create a maximum of 100 nodes per case.
The maximum size of a case is 1 GB.

Go to the Security Investigator SI Logo home page. Each case card contains information about the case size and number of queries.

Next steps

To learn how to use Security Investigator SI Logo , see

Use cases

Further resources

For additional insights into Dynatrace Security Investigator SI Logo , see

Blog: Speed up evidence-driven security investigations and threat hunting with Dynatrace Security Investigator
Dynatrace University tutorial:

Dynatrace Security Investigator