Skip to technology filters Skip to main content
Dynatrace Hub

Extend the platform,
empower your team.

Popular searches:
Home hero bg
Security InvestigatorSecurity Investigator
Security Investigator

Security Investigator

Fast and precise forensics for security and logs on Grail data with DQL queries.

App
Free trialDocumentation
You can see your whole investigation flow as you go along with the ability to always jump back to the previous step of the investigation.Detailed view of the record will show all all record fields at once with the possibility to drill down to the details of the field or move between records without closing the detailsYou can use the data in results with the character precision. Creating new evidence of DQL filters can be done by simply selecting the interesting portion of the fieldEvidence and filter manipulations can also be done with multiple values at once: just select the range of IP-s and create a DQL filter based on the values!Security Investigators enables you to view your data in both wrapped and multi-line modes. Viewing stack traces in their original form has never been easier. With the Inspector view you can see the non-printable characters visualized in their original position.
  • Product information
  • Release notes

Overview

Dynatrace Security Investigator is one of the built-in apps shipped with Dynatrace. It's designed for evidence-driven security use cases based on the logs, metrics, and traces ingested into Grail.

Security Investigator enables you to

  • Keep your whole investigation flow in context
  • Perform complex security investigations on the data stored in Grail
  • Build DQL queries based on your findings in a fast and usable way 
  • Save and use found evidence to build your DQL queries and find answers to your questions
  • Navigate with ease to any point in your investigation history and review queries and results
  • Fetch detailed results in the original format to quickly understand the information

Use cases

  • Threat hunting and hunting for the unknown
  • Forensic analysis, where keeping track of the investigation is a must
  • Incident root cause analysis, where evidence-driven queries bring clarity to the incidents

Learn how to perform threat hunting and forensics

Are you looking for additional use cases and functionality? Let us know in the Dynatrace Community Forum!

Get started

Security Investigator comes preinstalled on Dynatrace SaaS environments. Launch the app and Create your first investigation scenario.

Dynatrace
Documentation
By Dynatrace
Dynatrace support center
Subscribe to new releases
Copy to clipboard

Related to Security Investigator

Grail logo

Grail

Dynatrace's data lakehouse providing unified storage for any type of data.

Full version history

ReleaseDate

Full version history

1.313.1

With this release you can now

  • Share cases with all environment users in read-only mode at once
  • Upload cases as templates and vice versa
  • Select all values in a column at once from the column header menu
  • Search results table by a keyword and jump to the next occurrence of your search keywords
  • See the in-place filters count above the results table
  • Define query editor settings - toggle between condensed and normal code view and enable/disable line wrap

Full version history

1.312.0

With this version you can now:

  • use chart visualization automatically when fetching timeseries data
  • use reference time as additional context when conducting investigations.
  • enable the line wrap option from settings for DQL query window

Full version history

1.310

With this release you can now

  • Save multi-line evidence to evidence list
  • Use automated charts for data visualization
  • Access security events in Grail

Full version history

1.308.0

With improved case management features, you can now

  • duplicate existing cases to create snapshots or continue cases that are shared with you
  • download and upload the cases to move them between environments
  • create use case templates as boilerplates for your investigations

To streamline investigations, you can work with your findings more efficiently by clicking on evidence to copy it directly from your Evidence list. You can use the copied evidence in DQL queries, or case reports directly and fast.

To speed up investigations and grasp results faster, you can now visualise your results as charts

Minor changes:

You can now

  • access query tree color labels and their titles from the query tree legend
  • view complex data elements (like arrays and records) in a multiline mode in the response table
  • share your cases from the main page without opening the case
  • share templates with everyone on your environment with one click
  • filter your cases and templates on the main page by their type: either view All the cases accessible by you, see only My cases or only cases that have been Shared with you.

Full version history

1.305.0

With this version of Security Investigator it is now possible to:

  • Create custom timeframe by clicking on analysis timeframe in result statistics.
  • Add time range filters for timestamp data type.

Full version history

1.304.3

With this version of Security Investigator it is now possible to:

  • Download selected nodes as a Notebooks document
  • Upload evidence to an evidence list from text file

Full version history

1.302.1

Patch Changes

  • Minor bug fixes.

Full version history

1.302

With this version of Security Investigator it is now possible to:

  • execute a query without creating a new node
  • add IP addresses from a string-type fields to IP evidence lists
  • create new cases from every page of the Security Investigator
  • access Distributed Traces when analyzing your logs by right-clicking on the record in the results table
  • see Duration datatype in the results table in a human-readable format

Full version history

1.298.8

Patch Changes

  • Fixed bugs related to sharing in safari.

Major Changes

  • Introducing Case Sharing: It is now possible to share your investigations with peers and stakeholders!
    • You can share your cases with either a link or share cases to a person or a group.
    • Cases can be shared in either a read-only mode or with edit privileges.
    • Read more at https://www.dynatrace.com/news/blog/collaborate-with-peers-in-hunting-security-threats/ .

Full version history

1.295

  • A search field has been added to highlight keywords in the result table.
  • User can set record limits for DQL queries in the App settings
  • Added color legend with customizable color labels in query tree.

Full version history

1.291

You can now:

  • View the query tree legend to see the explanations of different query node statuses.
  • Rename your cases on the main page in the Cards' menu.
  • Open the Security Investigator from other Dynatrace applications.

Full version history

1.290.0

Minor Changes

  • Updated result statistics and notifications.
  • Added a new result status indicator to the query tree.
  • Added a context menu to the field details window.

Full version history

1.289.0

Minor Changes

  • 138f865: Added filtering to the context menu in the record details window.
  • 29ce2db: Added an 'Add field' command for nested objects in the record details window.

Patch Changes

  • 5f84f0a: Added the selected record number to the record details window.
  • 9fa665a: Updated the result table context menu.
  • f05b039: Added a 'Copy field' option to the context menu in the results table.

Full version history

1.288.0

Patch Changes

  • 4574b72: Close inspect and complex view if DPL Architect is opened. Remove back button if inspect view is opened directly from result table.
  • f2c946e: Added possibility to cancel queries in multiple nodes that are running at the same time
  • 50573cb: Close DPL Architect if case is switched. Close toasts after 5 seconds.
  • 662d89d: Modify query tree deletion portion. Strip trailing newlines and scroll editor to bottom when DQL is added to query.
  • 542c37e: Cosmetic improvements
  • cda16d3: Update adding new evidence collections
  • 834049a: Add help menu
  • eb8a6cd: Add view-query intent

Full version history

1.0.0

Patch Changes

  • c6d0b00: Update record count on poll response
  • 51b21a8: Remove milliseconds in timeframe selector
  • 241ef0e: Add multiline and line wrap support
  • c92a971: Different nodes can be polled separately and result is updated only for selected node
  • b6d7178: Add case heading menu
  • a971214: Add filter out option
  • 62b4e45: Update result statistics timeframes
  • ce7d7fa: UI improvements
  • 8305454: Update complex view and timeframes
  • 787ada3: Fix submit forms with enter
  • f7c31f4: Add header filter and timeframe rename
  • 3cd4e5e: Multiple samples now can be passed to DPL Architect when clicking "Extract fields"
  • a35f624: Add metrics, bizevents and spans scopes
  • 11d1490: Add filter and delete for selection in collection details
  • 59e45c0: Analytics walk-through e2e tests
  • c1a9045: Ask the user if he wants to cancel polling queries
  • 58e79cd: Fix filterOut statements
  • 7f3d38b: Add new collection creation in context menu
  • 1fb2569: Update zooming in query tree
  • f3249db: Rework details panel
  • 6923e54: Add JSON formatting into detailed content viewer
  • 59b0f6b: Add evidences from collections list menu
Dynatrace Hub
Get data into DynatraceBuild your own app
All (768)Log Management and AnalyticsKubernetesAI and LLM ObservabilityInfrastructure ObservabilitySoftware DeliveryApplication ObservabilityApplication SecurityDigital ExperienceBusiness Analytics
Filter
Type
Built and maintained by
Deployment model
SaaS
  • SaaS
  • Managed
Partner FinderBecome a partnerDynatrace Developer

Discover recent additions to Dynatrace

Problems logo

Problems

Analyze abnormal system behavior and performance problems detected by Davis AI.

Logs logo

Logs

Explore all your logs without writing a single query.

Security Investigator logo

Security Investigator

Fast and precise forensics for security and logs on Grail data with DQL queries.

Business Flow logo

Business Flow

Track, analyze, and optimize your critical business processes.

Cost & Carbon Optimization logo

Cost & Carbon Optimization

Track, analyze, and optimize your IT carbon footprint and public cloud costs.

Davis Anomaly Detection logo

Davis Anomaly Detection

Detect anomalies in timeseries using the Davis AI

Analyze your data

Understand your data better with deep insights and clear visualizations.

Notebooks logo

Notebooks

Create powerful, data-driven documents for custom analytics and collaboration.

Dashboards logo

Dashboards

Transform complex data into clear visualizations with custom dashboards.

Automate your processes

Turn data and answers into actions, securely, and at scale.

Workflows logo

Workflows

Automate tasks in your IT landscape, remediate problems, and visualize processes

Jira logo

Jira

Create, query, comment, transition, and resolve Jira tickets within workflows.

Slack logo

Slack

Automate Slack messaging for security incidents, attacks, remediation, and more.

Secure your cloud application

See vulnerabilities and attacks in your environment.

Security Overview logo

Security Overview

Get a comprehensive overview of the security of your applications.

Code-Level Vulnerabilities logo

Code-Level Vulnerabilities

Detect vulnerabilities in your code in real time.

Threats & Exploits logo

Threats & Exploits

Understand, triage, and investigate application security findings and alerts.

Are you looking for something different?

We have hundreds of apps, extensions, and other technologies to customize your environment

Leverage our newest innovations of Dynatrace Saas

Kick-start your app creation

Kick-start your app creation

Whether you’re a beginner or a pro, Dynatrace Developer has the tools and support you need to create incredible apps with minimal effort.
Go to Dynatrace Developer
Upgrading from Dynatrace Managed to SaaS

Upgrading from Dynatrace Managed to SaaS

Drive innovation, speed, and agility in your organization by seamlessly and securely upgrading.
Learn More
Log Management and Analytics

Log Management and Analytics

Innovate faster and more efficiently with unified log management and log analytics for actionable insights and automation.
Learn more