Mastering sign-in log monitoring: How to secure user identity with Dynatrace

Safeguarding user identity has become a top priority for cybersecurity specialists. Dynatrace enhances sign-in log monitoring to help organizations secure user identities and resources across cloud environments. Centralized identity provider sign-in logs are now mapped to the Dynatrace Semantic Dictionary, allowing security teams to monitor access to business-critical organization resources and applications and to spot anomalies quickly and mitigate potential threats.

User identity: The new frontier for cyberthreats

As the digital landscape evolves, attackers are shifting their focus from exploiting systems and networks to targeting individual user identities. This change marks a significant turning point in cybersecurity, with personal credentials and digital profiles becoming valuable assets for cybercriminals. Protecting user identities is now at the forefront of modern security challenges and one of the top priorities for security specialists.

Security teams must tackle this challenge with a proactive and defense-in-depth approach. Beyond implementing traditional safeguards, it’s now critical to continuously monitor and analyze sign-in activities and behaviors, as they play a key role in spotting anomalies, preventing unauthorized access to both cloud resources and applications, and identifying compromised accounts.

Mastering user sign-in monitoring with Dynatrace

Dynatrace delivers a unified, AI-powered observability platform designed to streamline the ingestion and monitoring of sign-in activities while providing real-time insights into users’ behavior. Combined with OpenPipeline® powered by Dynatrace, the semantic conventions and standardized data mapping to the defined audit log model definition make it possible to ingest logs across a wide range of identity providers and IAM systems, such as Microsoft Entra ID.

The Dynatrace platform provides a single, comprehensive solution to monitor and oversee user activities throughout the entire organization, uncovering hidden patterns and anomalies that might otherwise go unnoticed.
On top of that, with its advanced Davis® AI capabilities, Dynatrace minimizes the time and effort required to identify potential security issues or breaches.

Scenario: Monitor Microsoft Entra ID sign-in logs

Note: The solution described is universally applicable to any identity provider or IAM system integrated with Dynatrace.

Let’s take a closer look at Microsoft Entra ID, one of the leading cloud-based identity provider systems, to see how teams can monitor sign-in logs with Dynatrace.

The Dynatrace platform offers a suite of advanced features designed to enhance visibility, streamline investigations, and strengthen Entra ID environment security. Explore the Microsoft Entra ID integration documentation for comprehensive details.

How Dynatrace helps secure user identity

These features include the following:

• Effortless log ingestion setup. The Dynatrace platform simplifies the process of integrating sign-in logs through its seamless setup. Whether using the native integration or the log forwarder, configuring log ingestion is designed to be straightforward and user-friendly.
• A unified dashboard. The dashboard offers a clear, intuitive visualization of sign-in trends, including top user activities, IP addresses, devices, and geographic patterns. This consolidated view simplifies monitoring and ensures critical insights are readily accessible.

  

• Granular filtering. Powerful drill-down capabilities allow for detailed monitoring of specific users, devices, IP addresses, or targeted applications and resources. This flexibility helps teams quickly isolate and analyze potential security concerns with precision.

  

• In-depth investigations. Dynatrace Security Investigator allows teams to conduct thorough security investigations whenever needed. Key insights from the dashboard—such as user activities, IP addresses, and device details—can be seamlessly integrated, enabling deeper analysis and more precise threat detection.
• AI-powered Davis Analyzers. Using Davis AI, Dynatrace continuously monitors user sign-in patterns to detect and alert on anomalies. Davis for Notebooks analyzers proactively identify potential risks, such as unusual sign-in attempts, possible brute-force attacks, or activity from suspicious IP addresses, enabling rapid response to emerging threats.

  

The next step is extending Microsoft Entra ID use cases with additional log types and monitoring capabilities. Future updates will include tighter integration with leading identity provider solutions, enhancing data mapping capabilities for other cloud providers, such as Amazon Web Services and Google Cloud Platform.

Take your monitoring capabilities to the next level

The Dynatrace platform offers a seamless solution for integrating and ingesting identity provider sign-in logs. It provides enhanced control and advanced analysis capabilities, thereby strengthening the security of an organization’s identity ecosystem.

By providing real-time monitoring and streamlined analytics, companies can reduce security incidents, optimize compliance efforts, and strengthen user confidence.