AWS Partner Network (APN) Blog

Ingest and Enrich Security Findings Delivered by Amazon EventBridge with Dynatrace

By Valeriy Leykin, Senior Product Manager – Dynatrace
By Erick Leon, Senior Manager Global Tech Alliances – Dynatrace
By Shashiraj Jeripotula, Principal Partner Solutions Architect – AWS

Dynatrace-AWS-Partners-2023
Dynatrace
Connect with Dynatrace-2

In complex cloud environments, security findings are often siloed across build-time and runtime tooling, and spread across various environments. Therefore, obtaining a holistic view of your security posture and risks is increasingly challenging. Nevertheless, according to Gartner research, less than 15% of large enterprise customers have implemented at least one security platform solution.

The consequences include the impact on the following:

  • Data access: Security teams and engineers need to access and navigate various products to collect relevant security data.
  • Prioritization: Development and operations teams end up with a different prioritization of security findings from disparate DevSecOps tools.
  • Security coverage: Security architects cannot clearly see the gaps in the tool coverage of their environment.
  • Manual effort: Notifying relevant stakeholders of critical security findings requires a lot of manual processing and orchestration.
  • Remediation: The owner teams take longer to address important security issues because of the alert fatigue, increasing the mean time to remediation.

Moreover, the amount of security findings can overwhelm DevSecOps teams, causing them to miss important issues that directly affect production services and applications. A good example is a critical severity vulnerability discovered in a build-time artifact, such as a container image that isn’t deployed and doesn’t affect runtime. These findings shouldn’t distract DevSecOps teams. Instead, they should focus on vulnerabilities in the production applications that are exposed to the internet and present a real risk.

How a unified observability and security platform can help

To solve this challenge, the Dynatrace unified observability and security platform integrates with Amazon EventBridge to break down the silos between DevSecOps teams, unifying security findings along the software development lifecycle (SDLC) and enriching them with runtime context. Powered by Dynatrace’s OpenPipeline technology, the Dynatrace platform allows teams to ingest, visualize, prioritize, and automate security findings, reducing alert noise and providing focused remediation to the issues that matter for critical production environments.

The Dynatrace platform combines broad and deep observability and continuous application security with the most advanced AIOps to provide answers and intelligent automation from data at an enterprise scale. This enables innovators to modernize and automate cloud operations, deliver software faster and more securely, and provide flawless digital experiences.

Ingesting AWS EventBridge into the Dynatrace Platform

Dynatrace partners with AWS and serves the Dynatrace platform as a destination for Amazon EventBridge rules. Depending on the use case, findings and logs can be forwarded to the dedicated OpenPipeline endpoints and ingested into Dynatrace Grail data lake.

Figure 1 – Data Ingestion from Amazon EventBridge

The Dynatrace platform supports security findings forwarded via Amazon EventBridge in the following scenarios:

As part of each individual integration setup, the Dynatrace platform provides CloudFormation templates and detailed instructions to guide users through the setup steps.

The Amazon EventBridge rule listens to the events and triggers the corresponding AWS Lambda function to pre-process and send them to the Dynatrace platform, through OpenPipline.

The Dynatrace platform maps the ingested events to Semantic Dictionary conventions for the supported products and data formats. You can consume the events uniformly for visualization and analysis in dashboards and notebooks and automation use cases in workflows.

During event consumption, users can enrich them with runtime context provided by the Dynatrace platform to help users understand how those events affect their monitored runtime environment and help drive intelligent prioritization.

Figure 2: Dynatrace Runtime Contextualization dashboard

Summary

By integrating Amazon EventBridge with the Dynatrace platform, DevSecOps teams can now access the security findings and runtime context on a single platform, allowing for more efficient prioritization of various detections across environments and products.

The additional native Dynatrace platform capabilities, such as Workflows, Dashboards, and Security Investigator, support users in visualizing, analyzing, and automating security findings. This brings users closer to operationalizing those findings and reducing alert fatigue.

To learn more about the individual AWS integrations and the corresponding use cases in Dynatrace platform, read Dynatrace documentation:

To read and follow Dynatrace product updates and new capabilities, check out our blogs:

Dynatrace-APN-Blog-Connect-2023

.
.

Dynatrace – AWS Partner Spotlight

Dynatrace is an AWS Advanced Technology Partner and AWS Competency Partner that provides software intelligence to simplify cloud complexity and accelerate digital transformation. With advanced observability, AI, and complete automation, our all-in-one platform provides answers, not just data, about the performance of applications, the underlying infrastructure, and the experience of all users.
Contact Dynatrace|Partner Overview|AWS Marketplace