In the dynamic world of security investigations, efficient collaboration can make all the difference. Today, we're thrilled to announce that Dynatrace has enabled case sharing in the Security Investigator app, which will transform how professionals conduct collaborative investigations.
When kicking off a threat hunting activity, you can immediately share your investigation with your teammates, to keep them up-to-date and allow them to collaborate with the ongoing investigation.
Sharing a case
There are several ways to share a case:
- Personal or group sharing – Select colleagues by name or a group to share the case.
- Link sharing – Generate and distribute a shared link in Slack or include it in your report.
Both share modes support either read-only or edit privileges. Read-only mode allows you to browse the case. Edit mode allows you to execute queries and modify the case and its contents.
You can also combine the modes: You can create a read-only link to distribute the case in the organization for everyone to view and give edit privileges to your teammates for collaborative investigations at the same time!
You can identify shared cases by a small Shared icon on the main page of Security Investigator. Cases you have shared are marked with a blue icon; cases shared with you include a white icon. Hover over the Shared icon for more details about who shared the case with you. If the case is shared with you in read-only mode, you’ll see the respective label next to the icon.
Empower your investigations with joint editing
When you grant your teammates edit access, they can perform any investigative action, from executing queries and creating new branches to modifying the query tree or removing evidence from the case.
To avoid integrity issues, only one editor is allowed at a time. When an investigator opens a case for editing, it’s read-only for all other investigators, even if they have edit privileges or are the case owners; other investigators see a notification stating that the case has been locked and who is currently dealing with it.
Control access permissions
When you grant your teammates edit access, they can perform investigative actions within the case, but the ownership remains the same. Only the owner can grant and revoke sharing permissions or delete the case.
If the shared link has been distributed too widely or leaked, or the owner wants to revoke link access to the case, you can always remove or recreate it. The old link will no longer provide access to the case.
What’s next
- Read more about the amazing features of Security Investigator in Dynatrace Documentation.
- Check out threat-hunting use cases with Dynatrace Security Investigator.
For more details, check out Security Investigator in Dynatrace Hub.