Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage
  1. Microsoft Sentinel Analytics Rules
  2. /
  3. Analytic Rules
  4. /
  5. Dynatrace - Problem detection

Dynatrace - Problem detection

Back
Id415978ff-074e-4203-824a-b06153d77bf7
RulenameDynatrace - Problem detection
DescriptionDetect application & infrastructure problems in your environment
SeverityInformational
TacticsDefenseEvasion
Execution
Impact
InitialAccess
LateralMovement
Persistence
PrivilegeEscalation
Required data connectorsDynatraceProblems
KindScheduled
Query frequency1d
Query period1d
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/Analytic Rules/Dynatrace_ProblemDetection.yaml
Version1.0.2
Arm template415978ff-074e-4203-824a-b06153d77bf7.json
Deploy To Azure
DynatraceProblems
| summarize  arg_max(StartTime, *) by ProblemId

requiredTechniques:
- T1140
- T1059
- T1565
- T1659
- T1210
- T1554
- T1548
query: |
  DynatraceProblems
  | summarize  arg_max(StartTime, *) by ProblemId  
name: Dynatrace - Problem detection
eventGroupingSettings:
  aggregationKind: AlertPerResult
queryFrequency: 1d
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/Analytic Rules/Dynatrace_ProblemDetection.yaml
alertDetailsOverride:
  alertDisplayNameFormat: 'Dynatrace problem detected - {{DisplayId}} : {{Title}}'
  alertDescriptionFormat: |
        A application and/or infrastructure problem has been detected in your environment
  alertSeverityColumnName: Severity
description: |
    'Detect application & infrastructure problems in your environment'
kind: Scheduled
incidentConfiguration:
  groupingConfiguration:
    lookbackDuration: PT5H
    reopenClosedIncident: false
    matchingMethod: AllEntities
    enabled: false
  createIncident: false
version: 1.0.2
status: Available
severity: Informational
requiredDataConnectors:
- connectorId: DynatraceProblems
  dataTypes:
  - DynatraceProblems
triggerOperator: gt
triggerThreshold: 0
customDetails:
  ProblemIdentifier: ProblemId
  DisplayIdentifier: DisplayId
  ImpactLevel: ImpactLevel
  SeverityLevel: SeverityLevel
tactics:
- DefenseEvasion
- Execution
- Impact
- InitialAccess
- LateralMovement
- Persistence
- PrivilegeEscalation
id: 415978ff-074e-4203-824a-b06153d77bf7
queryPeriod: 1d