Dynatrace Threat Observability is a cloud application detection and response platform that combines observability data with security analytics to detect, investigate, and respond to threats. The platform uses Davis AI to prioritize threat hunts for zero-day vulnerabilities and provides runtime context for affected entities. The solution ingests and analyzes cloud security events from multiple sources including CNAPP, CSPM, XDR, and CDR systems. It reduces event volumes by applying observability context such as public internet exposure to identify critical alerts requiring action. The platform includes automated attack path analysis to accelerate incident investigation. Built on the Grail data lakehouse, the system retains logs and security events with full observability context for extended periods. It enables queries across metrics, events, logs, and traces to identify indicators of compromise. The platform uses observability data like traces to capture reconnaissance activity and fill log data gaps during forensic investigations. Security automation capabilities include notebooks for building reusable playbooks to identify IoCs and reconstruct events. Automated workflows can monitor and respond to exploit attempts. The Dynatrace Pattern Language extracts typed fields from logs regardless of format changes. For Kubernetes environments, the platform provides runtime security analytics, real-time attack detection and blocking, log audit capabilities, and compliance monitoring. The Dynatrace Hub offers extensions and apps for additional security functionality.