Latest Dynatrace
With Security Investigator, you can use templates as a framework for investigations, helping you kick off new ones faster and saving you from manual repetitive work.
Templates to which you have access are listed on the main page of Security Investigator, in the Templates section.
You can see your five most recently used templates in the quick access menu next to Case which is available on all Security Investigator pages.
See below for the main use cases.
You can create a template from an existing case. You have two options.
You can use an existing template to create the initial content for a new case.
To create a case
There are also other options to create a case, such as
You can edit templates that are owned by you.
This opens the Template editor panel, allowing you to modify template elements such as queries, nodes, timeframe, or evidence. Changes are saved automatically.
You can share any templates owned by you in read-only mode. You have the following options:
Share access: Give access to specific users or groups or to everyone in your environment to view your template.
Share link: Create a link allowing anyone you share it with to view your template.
To share a template
You can download any template you have access to and add it to your incident playbooks, save it elsewhere for backup, or upload it to another environment to use it as a boilerplate.
To download a template
To upload the template
You can duplicate any template you have access to. This creates a copy of the original within the same environment and can be helpful in various scenarios, such as editing a copy of a template shared with you in read-only mode.