In the context of threat-hunting activities using Dynatrace, this blog post details how to automate the detection of suspicious DNS queries, such as those using DNS tunneling, by creating a custom Dynatrace security event. By leveraging Dynatrace's DQL expressions and JSON matchers, users can extract specific fields from DNS query logs and automate these detections through Dynatrace AutomationEngine, using workflows that run at regular intervals. The post further explains how to set up a custom pipeline for ingesting security events using Dynatrace OpenPipeline, which includes creating custom endpoints and adding fields for data analysis. It also covers creating secure tokens for event ingestion, integrating with other systems like Slack or Jira for notifications, and utilizing the semantic dictionary to streamline data analysis. The ultimate goal is to operationalize threat detection and improve security event management within Dynatrace's ecosystem.