Try it free

Security integrations

  • Latest Dynatrace
  • Overview

Dynatrace provides different ways to integrate external security data from multiple third-party products into Grail and operationalize your data on the Dynatrace platform.

Ingest data

For a better understanding of the integration types, see OpenPipeline integration types for security events.

See below for the supported integrations (with instructions).

  • Ingest custom security events via API

  • Ingest Akamai security logs and events

  • Ingest Amazon ECR container vulnerability findings and scan events

  • Ingest Amazon GuardDuty security findings

  • Ingest AWS Security Hub security findings

  • Ingest CrowdStrike detection findings

  • Ingest Docker Scout vulnerability findings and scan events

  • Ingest GitHub Advanced Security security events and audit logs

  • Ingest GitLab security findings and audit logs

  • Ingest Google Artifact Registry vulnerability findings

  • Ingest Kyverno compliance findings

  • Ingest Harbor vulnerability findings, scans, and audit logs

  • Ingest Mend Renovate vulnerability findings and scans

  • Ingest Microsoft Defender for Cloud security events

  • Ingest Microsoft Entra ID sign-in logs

  • Ingest Microsoft Sentinel security events

  • Ingest vulnerability findings in OCSF format

  • Ingest Qualys vulnerability findings, scan events, and audit logs

  • Ingest Runecast Analyzer compliance findings

  • Ingest Snyk vulnerability findings, scans, and audit logs

  • Ingest SonarQube security and quality events, metrics, and audit logs

  • Ingest Sonatype Lifecycle security events and audit logs

  • Ingest Tenable vulnerability findings, scan events, and audit logs

Enrich data

Add external threat‑intelligence context to observables using Security Enrichment Security Enrichment.

You can connect HTTP‑based threat‑intelligence sources—such as AbuseIPDB, VirusTotal, or any custom API—and enrich observables like IP addresses with reputation, geolocation, or vendor‑specific metadata.

After configuring enrichment connections in Security Enrichment Security Enrichment, you can apply enrichment to:

  • Validate observables in Investigations Investigations
  • Enhance detection findings in Threats & Exploits Threats & Exploits
  • Use enrichment actions in Workflows Workflows
Related tags
Threat Observability