Security integrations

Latest Dynatrace
Overview

Dynatrace provides different ways to integrate external security data from multiple third-party products into Grail and operationalize your data on the Dynatrace platform.

Ingest data

For a better understanding of the integration types, see OpenPipeline integration types for security events.

See below for the supported integrations (with instructions).

Ingest custom security events via API
Ingest Akamai security logs and events
Ingest Amazon ECR container vulnerability findings and scan events
Ingest Amazon GuardDuty security findings
Ingest AWS Security Hub security findings
Ingest Docker Scout vulnerability findings and scan events
Ingest GitHub Advanced Security security events and audit logs
Ingest GitLab security findings and audit logs
Ingest Harbor vulnerability findings, scans, and audit logs
Ingest Mend Renovate vulnerability findings and scans
Ingest Microsoft Defender for Cloud security events
Ingest Microsoft Entra ID sign-in logs
Ingest Microsoft Sentinel security events
Ingest vulnerability findings in OCSF format
Ingest Qualys vulnerability findings, scan events, and audit logs
Ingest Runecast Analyzer compliance findings
Ingest Snyk vulnerability findings, scans, and audit logs
Ingest SonarQube security and quality events, metrics, and audit logs
Ingest Sonatype Lifecycle security events and audit logs
Ingest Tenable vulnerability findings, scan events, and audit logs

Enrich data

Add external threat‑intelligence context to observables using Security Enrichment.

You can connect HTTP‑based threat‑intelligence sources—such as AbuseIPDB, VirusTotal, or any custom API—and enrich observables like IP addresses with reputation, geolocation, or vendor‑specific metadata.

After configuring enrichment connections in Security Enrichment, you can apply enrichment to:

Validate observables in Investigations
Enhance detection findings in Threats & Exploits
Use enrichment actions in Workflows