Skip to technology filters Skip to main content
Dynatrace Hub

Extend the platform,
empower your team.

Popular searches:
Home hero bg
Security EnrichmentSecurity Enrichment
Security Enrichment

Security Enrichment

Connect any HTTP-based threat intelligence source to enrich observables.

App
Free trialDocumentation
Flow diagram.Security Enrichment Overview
  • Product information
  • Release notes

Overview

Dynatrace Security Enrichment enables you to integrate threat intelligence services — commercial, open-source, or proprietary — to enrich security observables such as IP addresses with reputation, geolocation, and contextual data.

Security Enrichment provides a unified management interface to define HTTP-based enrichment connections, configure vendor-specific options, map responses to a normalized schema, and share connections across your team.

Key capabilities
  • Custom connections: Define HTTP request templates (method, URL, headers, query parameters, body) to call any REST-based threat intelligence API. Use placeholder variables such as {{observable.value}} and {{authentication.secret}} for dynamic request composition.
  • Vendor blueprints: Get started faster with pre-configured templates for popular providers such as AbuseIPDB and VirusTotal. Blueprints prefill the connection wizard with recommended defaults — just add your API key.
  • Response mapping: Transform raw vendor JSON responses into Dynatrace's normalized enrichment report schema (mappedResponse) using DQL-based mapping. This ensures consistency of enrichment results across vendors and prepares the data for downstream use.
  • Caching: Reduce latency and external API quota consumption through caching of enrichment results.
  • Workflow action: Use the included workflow action in Workflows to enrich observables in automated triage, response and remediation playbooks.
  • Custom options: Configure vendor-specific parameters (for example, maxAgeInDays or verbose for AbuseIPDB). These are validated and applied at execution time.

Use cases

Security Enrichment–powered contextualization of observables enables:

  • Threat-informed security investigations: Enrich IP addresses with reputation data, geolocation, abuse reports, and additional context to detect anomalous and malicious activity in Investigations.
  • Automated threat-alert triaging: Classify and prioritize security alerts using enriched threat intelligence in Workflows. Build automated SOAR playbooks that branch on reputation scores, escalate malicious findings, and suppress known-benign noise.
  • Enhanced threat detection findings: Add external enrichment data to IP addresses in Threats & Exploits for faster, more accurate decision-making.
  • Bring your own enrichment: Connect proprietary intelligence feeds, such as MISP or internal services, that are not natively supported to operationalize your existing threat intelligence feeds and internal data sources inside Dynatrace.

Are you looking for additional use cases and functionality? Let us know in the Dynatrace Community Forum!

Get started

For setup and configuration instructions, see Security Enrichments.

Details

Vendor blueprints

Blueprints are Dynatrace-governed, read-only templates shipped with the app. They prefill the connection wizard with tested configurations for specific vendors. Blueprint updates are delivered through new app versions and apply only to newly created connections — existing connections are not modified.

Currently available blueprints:

  • AbuseIPDB — IP reputation checks using the AbuseIPDB Check endpoint.
  • VirusTotal — IP address reports from the VirusTotal API.
Migration

Users of the standalone AbuseIPDB or VirusTotal apps can migrate to the built-in blueprint connection. See migration guide

Outbound connectivity

Custom enrichment connections call external endpoints from the Dynatrace platform. Depending on your network setup, you may need to allowlist the outbound domains used by your enrichment connections.

Dynatrace
DocumentationMore Information
By Dynatrace
Dynatrace support center
Subscribe to new releases
Copy to clipboard

Full version history

ReleaseDate

Full version history

1.1.0

  • Initial release
Dynatrace Hub
Get data into DynatraceBuild your own app
Dynatrace Intelligence - Agentic Operations SystemThe Dynatrace Agentic AI ecosystem
All (892)Log Management and AnalyticsKubernetesAI and LLM ObservabilityInfrastructure ObservabilitySoftware DeliveryApplication ObservabilityApplication SecurityBusiness ObservabilityDigital Experience
Filter
Type
Built and maintained by
Deployment model
SaaS
  • SaaS
  • Managed
Partner FinderBecome a partnerDynatrace Developer

Discover recent additions to Dynatrace

Dynatrace Assist logo

Dynatrace Assist

Dynatrace Assist: Ask, analyze, and act with Dynatrace Intelligence.

Smartscape logo

Smartscape

Interactively explore and analyze topology and relationships in digital systems.

Compliance Assistant logo

Compliance Assistant

Track, manage, and automate compliance across your IT and business landscape.

Experience Vitals logo

Experience Vitals

Optimize UX with core vitals, frontend error tracking, and end-to-end visibility

Error Inspector logo

Error Inspector

Discover, triage, and manage errors across all your frontends.

Users & Sessions logo

Users & Sessions

Discover how users and cohorts with common characteristics experience your app.

Analyze your data

Understand your data better with deep insights and clear visualizations.

Notebooks logo

Notebooks

Create powerful, data-driven documents for custom analytics and collaboration.

Dashboards logo

Dashboards

Transform complex data into clear visualizations with custom dashboards.

Investigations logo

Investigations

Fast and precise incident response on Grail data with DQL queries.

Smartscape logo

Smartscape

Interactively explore and analyze topology and relationships in digital systems.

Logs logo

Logs

Explore all your logs without writing a single query.

Problems logo

Problems

Detect, explain and triage problems automatically using Dynatrace Intelligence.

Automate your processes

Turn data and answers into actions, securely, and at scale.

Workflows logo

Workflows

Automate tasks in your IT landscape and move towards autonomous operations.

Jira logo

Jira

Create, query, comment, transition, and resolve Jira tickets within workflows.

Slack logo

Slack

Automate Slack messaging for security incidents, attacks, remediation, and more.

Secure your cloud application

See vulnerabilities and attacks in your environment.

Security Posture Management logo

Security Posture Management

Detect, prioritize, and remediate security and compliance findings with SPM.

Threats & Exploits logo

Threats & Exploits

Understand, triage, and investigate detection findings and alerts.

More resources

Observability for Developers on Cursor logo

Observability for Developers on Cursor

Get Real time Code-Level data directly to your Cursor IDE

Documents logo

Documents

Manage Dashboards, Notebooks and other documents in your Dynatrace environment

GitHub Copilot Coding Agent logo

GitHub Copilot Coding Agent

Automate vulnerability remediation and boost developer productivity

GitHub Copilot Custom Agent logo

GitHub Copilot Custom Agent

Automate your development workflows with specialized agent definitions

Observability for Developer on JetBrains logo

Observability for Developer on JetBrains

Get real-time code-level data directly to your Jetbrains IDE

Metrics logo

Metrics

Browse, search, and manage all your metrics in one central catalog.

Pagerduty for Dynatrace Workflows logo

Pagerduty for Dynatrace Workflows

Streamline incident management with automated Pageruty workflows

Cursor IDE logo

Cursor IDE

Boost developer productivity and get real-time, code-level insights into Cursor

Observability for Developers on Windsurf logo

Observability for Developers on Windsurf

Get real-time code-level data directly to your Windsurf IDE

Are you looking for something different?

We have hundreds of apps, extensions, and other technologies to customize your environment

Leverage our newest innovations of Dynatrace Saas

Kick-start your app creation

Kick-start your app creation

Whether you’re a beginner or a pro, Dynatrace Developer has the tools and support you need to create incredible apps with minimal effort.
Go to Dynatrace Developer
Upgrading from Dynatrace Managed to SaaS

Upgrading from Dynatrace Managed to SaaS

Drive innovation, speed, and agility in your organization by seamlessly and securely upgrading.
Learn More
Log Management and Analytics

Log Management and Analytics

Innovate faster and more efficiently with unified log management and log analytics for actionable insights and automation.
Learn more