We’re proud to announce that Dynatrace has introduced a new capability to speed up your security incident response and root cause analysis use cases with case templates in Security Investigator. Case templates allow you to start your investigations faster using prepared queries and evidence as a boilerplate.
Repetitive tasks in security incident responses waste time
When investigating incidents in production, engineers typically start each investigation with similar queries to understand what happened and where to look next, though the specifics can vary. Familiarity with the production environment’s artifacts (for example, environment names and deployment labels) is crucial, but gathering this information can be time-consuming, creating overhead before the actual investigation begins. The accumulated time spent on such activities before starting incident resolution can be a lot of overhead for engineers and the company.
Case templates assist in kicking off investigations
Dynatrace introduces case templates in Security Investigator to speed up new investigations and save engineers from manual, repetitive work.
Case templates provide engineers with a boilerplate for their investigation. They offer ready-to-be-executed DQL queries and the required artifacts about your environment as evidence lists, saving time on manual query creation or copying the queries from incident response playbooks.
Craft templates in Security Investigator
Case templates can be created from existing investigations or downloaded from other sources, like Dynatrace blog posts or documented use cases. You can select any current case and create a template from it.
Once a template is created, you can adjust it via the Template Editor to better suit your needs.
Case templates can be downloaded from your environments for safekeeping and uploaded for use in different environments. They can be shared directly with other Dynatrace users or made available to everyone on the same tenant. You can download and upload templates from your tenant to facilitate wider adoption of templates in multi-tenant environments or share templates with others in the community.
You can learn more about case templates in Dynatrace documentation.
Looking for answers?
Start a new discussion or ask for help in our Q&A forum.
Go to forum