Extend the platform,
empower your team.
Oversee security and monitor audit logs of SaaS applications with Dynatrace
TechnologyAWS AppFabric, is an AWS service that quickly connects SaaS applications across an organization for enhanced security and employee productivity. The AWS AppFabric for security feature fully manages the integrations with over 25 applications so customers can get started in just a few clicks – no coding required. Once connected, AppFabric automatically normalizes SaaS audit logs into the Open Cybersecurity Schema Framework (OCSF), which allows customers to use common queries for audit logs and track user activity across all their SaaS applications.
Get control and oversee the security of your Enterprise SaaS security landscape with Dynatrace and AWS AppFabric. Ingest and monitor audit logs of popular SaaS applications including Atlassian Jira, Microsoft 365, GitHub, Zendesk and many more.
Use Cases for AppFabric:
To connect your SaaS applications to AppFabric, follow the getting started documentation. When setting up the audit log ingestions, select Amazon S3 as the destination and OCSF-JSON on the Schema & Format configuration for the Dynatrace AWS S3 Log Forwarder to automatically recognize and enrich logs.
Follow the instructions to deploy the Dynatrace AWS S3 Log Forwarder on your AWS Account. Note that AWS AppFabric is available in the US East (N. Virginia), Europe (Ireland), and Asia Pacific (Tokyo) regions, so the Amazon S3 buckets where the logs are delivered need to be created in the same region where AWS AppFabric is configured. If you normally use a different AWS region and want to deploy the Dynatrace AWS S3 Log Forwarder on it, instead of the region where you configure AppFabric, follow the instructions to configure cross-region log forwarding.
When AWS AppFabric logs are ingested into Dynatrace AWS S3 Log Forwarder, log entries are enriched with a set of attributes that enable security analysts to easily query them for anomalous behavior. All AWS AppFabric SaaS audit log entries are automatically detected and enriched with the following attributes:
Dynatrace offers Notebooks, enabling organizations to create powerful, data-driven documents for custom analytics of logs, events, and metrics. Notebooks helps users understand and perform an in-depth analysis of AppFabric logs using Dynatrace’s query language called DQL.
After connecting your SaaS applications to AppFabric and choosing Dynatrace as your destination, you can analyze logs by adding a log explorer to Dynatrace’s Notebook. From the Dynatrace Notebook application, click on the + button and then select Explore logs. Then, customize the filters key to aws.service and the value to appfabric showing in figure 1.
With AppFabric now surfacing normalized logs in a Dynatrace Notebook, apply quantitative analysis to better understand the log data and events. Dynatrace Notebooks enable users to format the output in tables and graphs to visualize data at a glance. Configure the filters to:
fetch logs
| filter aws.service == "appfabric"
| summarize count(), by: {log.source}
In figure 2, a pie chart shows log events per SaaS application.
AppFabric customers often ask for alerts if suspicious activity occurs across their SaaS applications. With AppFabric integration with Dynatrace Log Management analytics, customers can set up alerts based on the occurrence of specific log events.
In figure 3, example shows Dynatrace problem raised based on audit logs