Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage
  1. Microsoft Sentinel Analytics Rules
  2. /
  3. Analytic Rules
  4. /
  5. Dynatrace - Problem detection

Dynatrace - Problem detection

Back
Id415978ff-074e-4203-824a-b06153d77bf7
RulenameDynatrace - Problem detection
DescriptionDetect application & infrastructure problems in your environment
SeverityInformational
TacticsDefenseEvasion
Execution
Impact
InitialAccess
LateralMovement
Persistence
PrivilegeEscalation
Required data connectorsDynatraceProblems
KindScheduled
Query frequency1d
Query period1d
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/Analytic Rules/Dynatrace_ProblemDetection.yaml
Version1.0.2
Arm template415978ff-074e-4203-824a-b06153d77bf7.json
Deploy To Azure
DynatraceProblems
| summarize  arg_max(StartTime, *) by ProblemId

requiredTechniques:
- T1140
- T1059
- T1565
- T1659
- T1210
- T1554
- T1548
severity: Informational
queryFrequency: 1d
triggerThreshold: 0
description: |
    'Detect application & infrastructure problems in your environment'
incidentConfiguration:
  groupingConfiguration:
    reopenClosedIncident: false
    matchingMethod: AllEntities
    enabled: false
    lookbackDuration: PT5H
  createIncident: false
kind: Scheduled
query: |
  DynatraceProblems
  | summarize  arg_max(StartTime, *) by ProblemId  
version: 1.0.2
name: Dynatrace - Problem detection
id: 415978ff-074e-4203-824a-b06153d77bf7
triggerOperator: gt
requiredDataConnectors:
- connectorId: DynatraceProblems
  dataTypes:
  - DynatraceProblems
status: Available
tactics:
- DefenseEvasion
- Execution
- Impact
- InitialAccess
- LateralMovement
- Persistence
- PrivilegeEscalation
eventGroupingSettings:
  aggregationKind: AlertPerResult
alertDetailsOverride:
  alertDisplayNameFormat: 'Dynatrace problem detected - {{DisplayId}} : {{Title}}'
  alertSeverityColumnName: Severity
  alertDescriptionFormat: |
        A application and/or infrastructure problem has been detected in your environment
queryPeriod: 1d
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/Analytic Rules/Dynatrace_ProblemDetection.yaml
customDetails:
  ImpactLevel: ImpactLevel
  DisplayIdentifier: DisplayId
  SeverityLevel: SeverityLevel
  ProblemIdentifier: ProblemId