Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage
  1. Microsoft Sentinel Analytics Rules
  2. /
  3. Analytic Rules
  4. /
  5. Dynatrace - Problem detection

Dynatrace - Problem detection

Back
Id415978ff-074e-4203-824a-b06153d77bf7
RulenameDynatrace - Problem detection
DescriptionDetect application & infrastructure problems in your environment
SeverityInformational
TacticsDefenseEvasion
Execution
Impact
InitialAccess
LateralMovement
Persistence
PrivilegeEscalation
TechniquesT1140
T1059
T1565
T1659
T1210
T1554
T1548
Required data connectorsDynatraceProblems
KindScheduled
Query frequency1d
Query period1d
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/Analytic Rules/Dynatrace_ProblemDetection.yaml
Version1.0.3
Arm template415978ff-074e-4203-824a-b06153d77bf7.json
Deploy To Azure
DynatraceProblems
| summarize  arg_max(StartTime, *) by ProblemId

status: Available
relevantTechniques:
- T1140
- T1059
- T1565
- T1659
- T1210
- T1554
- T1548
triggerThreshold: 0
severity: Informational
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dynatrace/Analytic Rules/Dynatrace_ProblemDetection.yaml
queryPeriod: 1d
query: |
  DynatraceProblems
  | summarize  arg_max(StartTime, *) by ProblemId  
id: 415978ff-074e-4203-824a-b06153d77bf7
version: 1.0.3
customDetails:
  ImpactLevel: ImpactLevel
  SeverityLevel: SeverityLevel
  DisplayIdentifier: DisplayId
  ProblemIdentifier: ProblemId
name: Dynatrace - Problem detection
kind: Scheduled
description: |
    'Detect application & infrastructure problems in your environment'
tactics:
- DefenseEvasion
- Execution
- Impact
- InitialAccess
- LateralMovement
- Persistence
- PrivilegeEscalation
alertDetailsOverride:
  alertSeverityColumnName: Severity
  alertDisplayNameFormat: 'Dynatrace problem detected - {{DisplayId}} : {{Title}}'
  alertDescriptionFormat: |
        A application and/or infrastructure problem has been detected in your environment
eventGroupingSettings:
  aggregationKind: AlertPerResult
incidentConfiguration:
  groupingConfiguration:
    lookbackDuration: PT5H
    enabled: false
    matchingMethod: AllEntities
    reopenClosedIncident: false
  createIncident: false
triggerOperator: gt
queryFrequency: 1d
requiredDataConnectors:
- connectorId: DynatraceProblems
  dataTypes:
  - DynatraceProblems