cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Anyone using Common Event Format (CEF) with Dynatrace?

AntonioSousa
DynaMight Guru
DynaMight Guru

Common Event Format (CEF) is an open logging and auditing format, that is quite used in the SIEM market. Being able to send events&logs from the Dynatrace AppSec monitoring to SIEM platforms seems quite an important use-case to me. It isn't supported by Dynatrace, but before putting in a Product Idea, would like to know if eventually someone went the extensions route to be able to get these events to SIEM?

Antonio Sousa
7 REPLIES 7

ChadTurner
DynaMight Legend
DynaMight Legend

great question and great future RFE 🙂 

-Chad

jegron
DynaMight Champion
DynaMight Champion

I am using FluentD to ingest Syslog and output it in Dynatrace : https://www.dynatrace.com/support/help/observe-and-explore/logs/log-monitoring/acquire-log-data/send...

Maybe you can use CEF input plugin in the same way: https://github.com/lunardial/fluent-plugin-parser_cef

Observability Engineer at Phenisys - Dynatrace Professional

adam_gardner
Dynatrace Champion
Dynatrace Champion

I took a CEF example from this page then used logpusher to send it to Dynatrace via an OpenTelemetry collector. (see this video for how to use logpusher).

I then used DQL to filter my incoming log lines:

fetch logs, scanLimitGBytes: 1
| filter matchesPhrase(content, "act=blocked")
| sort timestamp desc

@adam_gardner,

It's the other way around: I want to get the Dynatrace AppSec events to a SIEM platform.

Antonio Sousa

Ahh OK. I misread the initial post. In which case, this seems like a very sensible think to build as an app / workflow.

Yes, this is a good direction for the development of AppSec in DT. I have a similar case at my client and it would be nice to send this information to another tool.

Have a nice day!

Yes, @adam_gardner gave a good solution for SaaS environments. In this case, it's a Managed environment though...

Antonio Sousa

Featured Posts