Manage templates

Latest Dynatrace

With Security Investigator, you can use templates as a framework for investigations, helping you kick off new ones faster and saving you from manual repetitive work.

Templates to which you have access are listed on the main page of Security Investigator, in the Templates section.

You can see your five most recently used templates in the quick access menu next to Case which is available on all Security Investigator pages.

See below for the main use cases.

Save cases as templates

You can create a template from an existing case. You have two options.

  1. On the main page of Security Investigator, select Cases.
  2. Select the menu for the respective case.
  3. Select Save as template.

Create cases from templates

You can use an existing template to create the initial content for a new case.

To create a case

  1. On the main page of Security Investigator, select Templates.
  2. Select the menu for the respective template.
  3. Select New case.

There are also other options to create a case, such as

  • From the quick access menu next to Case
  • From the Template editor panel that opens when you want to edit a template

Edit templates

You can edit templates that are owned by you.

  1. On the main page of Security Investigator, select Templates.
  2. Select the template you want to edit.

This opens the Template editor panel, allowing you to modify template elements such as queries, nodes, timeframe, or evidence. Changes are saved automatically.

template editor

Share templates

You can share any templates owned by you in read-only mode. You have the following options:

  • Share access: Give access to specific users or groups or to everyone in your environment to view your template.

  • Share link: Create a link allowing anyone you share it with to view your template.

To share a template

  1. On the main page of Security Investigator, select Templates.
  2. Select the menu for the respective template.
  3. Select Share.
  4. In the Share template panel, select one of the available options.

Download and upload templates

You can download any template you have access to and add it to your incident playbooks, save it elsewhere for backup, or upload it to another environment to use it as a boilerplate.

To download a template

  1. On the main page of Security Investigator, select Templates.
  2. Select the menu for the respective template.
  3. Select Download.

To upload the template

  1. On the main page of Security Investigator, select the menu next to Case.
  2. Select Upload template.

Duplicate templates

You can duplicate any template you have access to. This creates a copy of the original within the same environment and can be helpful in various scenarios, such as editing a copy of a template shared with you in read-only mode.

  1. On the main page of Security Investigator, select Templates.
  2. Select the menu for the respective template.
  3. Select Duplicate.