What Changed
Fixed critical timestamp type conversion in four Dynatrace parsers (DynatraceAttacks, DynatraceAuditLogs, DynatraceProblems, DynatraceSecurityProblems) by converting V1 Unix epoch millisecond fields to proper datetime format using unixtime_milliseconds_todatetime(). All parsers updated from version 2.0.0 to 2.0.1.
Parser Impact
The timestamp fields in affected parsers were previously returned as numeric values (timestamp_d, endTime_d, startTime_d, etc.), causing duplicate typed columns in query results when mixed with other datetime fields. This data type mismatch created query failures and inconsistent results when SOCs attempted to correlate events or build time-based analytics.
Fields normalized:
- DynatraceAttacks: TimeStamp field now properly converts from timestamp_d
- DynatraceAuditLogs: TimeStamp field corrected
- DynatraceProblems: StartTime and EndTime fields fixed
- DynatraceSecurityProblems: FirstSeenTimeStamp, LastUpdatedTimeStamp, LastOpenedTimeStamp corrected
Queries referencing these timestamp fields against the parsers previously returned inconsistent data types — this is a data fidelity fix that ensures proper temporal correlation for security investigations.
Security Impact
Deployments using these parsers had compromised ability to perform time-based security analysis due to the type mismatch. This fix restores reliable temporal correlation for attack detection, audit trail analysis, and problem tracking within the Dynatrace security ecosystem.
Affected Files
Solutions/Dynatrace/Parsers/DynatraceAttacks.yaml
Solutions/Dynatrace/Parsers/DynatraceAuditLogs.yaml
Solutions/Dynatrace/Parsers/DynatraceProblems.yaml
Solutions/Dynatrace/Parsers/DynatraceSecurityProblems.yaml
Solutions/Dynatrace/Playbooks/Add_DynatraceApplicationSecurityAttackSourceIpThreatIntelligence/azuredeploy.json
Solutions/Dynatrace/Playbooks/Add_DynatraceApplicationSecurityAttackSourceIpThreatIntelligence/readme.md
(packaging artefacts: 3.0.3.zip, ReleaseNotes.md, Solution_Dynatrace.json, mainTemplate.json)