Try it free

Create custom enrichment connections

  • Latest Dynatrace
  • How-to guide
  • Published Jun 25, 2025

Connect any HTTP-based threat-intelligence API as a custom enrichment source and enrich observables in Dynatrace.

Overview

A custom enrichment source is any HTTP-based threat-intelligence API for which Dynatrace doesn't provide a preset vendor connection, such as an internal reputation service or a proprietary intelligence feed.

How enrichment of threat observables works
How enrichment of threat observables works

In addition to the built-in vendor connections (such as AbuseIPDB and VirusTotal), Security Enrichment Security Enrichment lets you integrate any HTTP-based threat-intelligence API as a custom connection. This allows you to enrich observables like IP addresses with reputation, geolocation, or vendor-specific metadata from sources that are specific to your organization.

To get started, see Enrich threat observables with Security Enrichment.

Use cases

With the enriched data, you can accomplish various use cases, such as

  • Automated threat-alert triaging
Related tags
Threat Observability