Collaborate with peers in hunting security threats

3 months ago 24
News Banner

Looking for an Interim or Fractional CTO to support your business?

Read more

In the dynamic world of security investigations, efficient collaboration can make all the difference. Today, we're thrilled to announce that Dynatrace has enabled case sharing in the Security Investigator app, which will transform how professionals conduct collaborative investigations.

When kicking off a threat hunting activity, you can immediately share your investigation with your teammates, to keep them up-to-date and allow them to collaborate with the ongoing investigation.

Sharing a case

There are several ways to share a case:

  • Personal or group sharing – Select colleagues by name or a group to share the case.
  • Link sharing – Generate and distribute a shared link in Slack or include it in your report.

Both share modes support either read-only or edit privileges. Read-only mode allows you to browse the case. Edit mode allows you to execute queries and modify the case and its contents.

You can also combine the modes: You can create a read-only link to distribute the case in the organization for everyone to view and give edit privileges to your teammates for collaborative investigations at the same time!

You can identify shared cases by a small Shared icon on the main page of Security Investigator. Cases you have shared are marked with a blue icon; cases shared with you include a white icon. Hover over the Shared icon for more details about who shared the case with you. If the case is shared with you in read-only mode, you’ll see the respective label next to the icon.

Empower your investigations with joint editing

When you grant your teammates edit access, they can perform any investigative action, from executing queries and creating new branches to modifying the query tree or removing evidence from the case.

To avoid integrity issues, only one editor is allowed at a time. When an investigator opens a case for editing, it’s read-only for all other investigators, even if they have edit privileges or are the case owners; other investigators see a notification stating that the case has been locked and who is currently dealing with it.

Control access permissions

When you grant your teammates edit access, they can perform investigative actions within the case, but the ownership remains the same. Only the owner can grant and revoke sharing permissions or delete the case.

If the shared link has been distributed too widely or leaked, or the owner wants to revoke link access to the case, you can always remove or recreate it. The old link will no longer provide access to the case.

What’s next

For more details, check out Security Investigator in Dynatrace Hub.

Read Entire Article