Dynatrace SaaS MCP Server

167 tools. 71 can modify or destroy data without limits.

22 destructive tools with no built-in limits. Policy required.

Last updated:

71 can modify or destroy data
96 read-only
167 tools total

Community server · catalogue entry verified 02/07/2026

How to control Dynatrace SaaS MCP Server ↓

What Dynatrace SaaS MCP Server exposes to your agents

Read (96) Write / Execute (49) Destructive / Financial (22)
Critical Risk

The most dangerous Dynatrace SaaS MCP Server tools

71 of Dynatrace SaaS MCP Server's 167 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Dynatrace SaaS MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Dynatrace SaaS MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "cancel_record_deletion": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "add_iam_user": {
    "limits": [
      {
        "counter": "add_iam_user_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "check_api_spec_drift": {
    "limits": [
      {
        "counter": "check_api_spec_drift_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Dynatrace SaaS MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON DYNATRACE SAAS →

Instant setup, no code required.

All 167 Dynatrace SaaS MCP Server tools

DESTRUCTIVE 22 tools
Destructive cancel_record_deletion Cancel a Grail record deletion process that is in progress or queued. Destructive delete_dashboard Delete (trash) a dashboard by id (WRITE). Destructive delete_event_notification Delete an event-notification by ID (WRITE, destructive, platform notification v2). Destructive delete_extension_monitoring_config Delete a specified monitoring configuration for an Extension 2.0 (WRITE, destructive). Destructive delete_feature Delete a feature by key within a project (WRITE, destructive). Destructive delete_feature_flag Delete a feature flag by key (WRITE, destructive). Destructive delete_feature_project Delete a Feature Management project by key (WRITE, destructive). Destructive delete_fieldset Delete a Grail fieldset by UID (WRITE, Storage Fieldsets v1). Destructive delete_filter_segment Delete a filter segment by UID (WRITE, destructive, platform storage filter-segments v1). Destructive delete_grail_bucket Delete a Grail retention bucket by name (WRITE, destructive, Dynatrace Storage Management v1). Destructive delete_monitor Delete a synthetic monitor definition by entity ID (WRITE, destructive). Destructive delete_notebook Delete (trash) a notebook by id (WRITE). Destructive delete_request_attribute Delete a request attribute by ID (WRITE, destructive, classic Config API v1). Destructive delete_request_naming Delete a request naming rule by ID (WRITE, destructive, classic Config API v1). Destructive delete_resource_file Delete a file from the Grail Resource Store by path (WRITE, destructive, Resource Store v1). Destructive delete_self_notification Delete a self-notification by ID (WRITE, destructive, platform notification v1). Destructive delete_settings_object Delete a Settings 2.0 object by objectId (WRITE, destructive). Destructive delete_slo Delete an SLO by id (WRITE, destructive). Destructive delete_trust_policy Delete a WIF trust policy by UUID (IAM v1, WRITE, destructive). Destructive delete_trust_policy_mapping Delete a WIF service user mapping by UUID (IAM v1, WRITE, destructive). Destructive delete_workflow Delete a Dynatrace Automation workflow by ID (WRITE, destructive, platform Automation v1). Destructive execute_record_deletion DESTRUCTIVE — permanently deletes Grail records matching the given DQL query and optional timeframe.
WRITE 45 tools
Write add_iam_user Add a user to an organisational level (IAM v1, WRITE). Write create_dashboard Create a new dashboard (WRITE). Write create_event_notification Create an event-notification (WRITE, platform notification v2). Write create_extension_monitoring_config Create a new monitoring configuration for an Extension 2.0 (WRITE). Write create_feature Create a feature in a project (WRITE). Write create_feature_flag Create a flag in a feature (WRITE). Write create_feature_project Create a Feature Management project (WRITE). Write create_fieldset Create a new Grail fieldset (WRITE, Storage Fieldsets v1). Write create_filter_segment Create a new filter segment (WRITE, platform storage filter-segments v1). Write create_grail_bucket Create a new custom Grail retention bucket (WRITE, Dynatrace Storage Management v1). Write create_iam_group Create a group at an organisational level (IAM v1, WRITE). Write create_monitor Create a new synthetic monitor definition (WRITE). Write create_notebook Create a new notebook (WRITE). Write create_request_attribute Create a new request attribute (WRITE, classic Config API v1). Write create_request_naming Create a new request naming rule (WRITE, classic Config API v1). Write create_self_notification Create a self-notification (WRITE, platform notification v1). Write create_settings_object Create a Settings 2.0 object (WRITE). Validates against the live schema first (validateOnly); returns constrai Write create_slo Create an SLO (WRITE). Body fields per the SLO v1 spec (name, criteria, target, etc.). Write create_trust_policy Create a WIF trust policy for an account (IAM v1, WRITE). Write create_trust_policy_mapping Create a WIF service user mapping for a trust policy (IAM v1, WRITE). Write create_workflow Create a Dynatrace Automation workflow (WRITE, platform Automation v1). Write ingest_bizevents Ingest a business event (CloudEvent) into Dynatrace via POST /api/v2/bizevents/ingest (WRITE). Write ingest_events Ingest a custom event into Dynatrace via POST /api/v2/events/ingest (WRITE). Write ingest_logs Ingest one or more log records into Dynatrace via POST /api/v2/logs/ingest (WRITE). Write send_email Send an email via the Dynatrace Email API (platform email v1). Write update_dashboard Update an existing dashboard (WRITE). Write update_event_notification Update an event-notification by ID (WRITE, platform notification v2). Write update_extension_monitoring_config Update a specified monitoring configuration for an Extension 2.0 (WRITE). Write update_feature Update a feature by key within a project (WRITE). Write update_feature_flag Update a feature flag by key (WRITE). Write update_feature_project Update a Feature Management project by key (WRITE). Write update_fieldset Update a Grail fieldset by UID (WRITE, Storage Fieldsets v1). Full overwrite (PUT) with optimistic Write update_filter_segment Update (replace) a filter segment by UID (WRITE, platform storage filter-segments v1). Write update_grail_bucket Update a Grail retention bucket by name (WRITE, Dynatrace Storage Management v1). Write update_monitor Update (replace) a synthetic monitor definition by entity ID (WRITE). Write update_notebook Update an existing notebook (WRITE). Write update_openpipeline_configuration Replace the full OpenPipeline configuration for a specific data type (WRITE, requires DT_ENABLE_WRITES=true). Write update_request_attribute Update an existing request attribute by ID (WRITE, classic Config API v1). Write update_request_naming Update an existing request naming rule by ID (WRITE, classic Config API v1). Write update_self_notification Update a self-notification by ID (WRITE, platform notification v1). Write update_settings_object Update an existing Settings 2.0 object by objectId (WRITE). Validates against the live schema first (validateO Write update_slo Update an SLO by id (WRITE). Write update_trust_policy Update a WIF trust policy by UUID (IAM v1, WRITE). Write update_workflow Update (replace) a Dynatrace Automation workflow by ID (WRITE, platform Automation v1). Write upload_lookup_data Upload tabular lookup data into the Grail Resource Store (WRITE, Resource Store v1) for use with the
READ 96 tools
Read check_api_spec_drift Compare committed OpenAPI specs against the live tenant Read check_settings_schema_drift Compare committed settings-schema versions against the live tenant. Read convert_lql_to_dql Convert a legacy LQL (Log Query Language) matcher expression to a DQL (Dynatrace Query Language) Read dashboard_reference Return embedded Dynatrace dashboard/notebook authoring knowledge (tile types, visualizations + required field Read describe_log_fields Discover the JSON field names emitted in structured logs: samples logs (optionally filtered), parses the JSON Read dql_reference Return embedded Dynatrace DQL (Grail) authoring knowledge so you can WRITE DQL yourself Read evaluate_slo Evaluate an SLO by ID and return its compliance result (platform SLO v1). Read find_entities Queries Smartscape entities via Grail DQL (Gen3-native). Read get_audit_log Get a single audit log entry by its log ID (classic Audit Logs API, requires auditLogs.read scope). Read get_bizevent_capture_rules Summarize the bizevent HTTP capture rules (builtin:bizevents.http.incoming/outgoing): which request paths/meth Read get_custom_service Get a single custom service definition by technology and ID (classic Config API v1, read-only). Read get_dashboard Get a dashboard by id — returns combined metadata and content. Read get_entity Queries a single Smartscape entity by id via Grail DQL (Gen3-native). Read get_event_notification Get a single event-notification by ID (platform notification v2). Read get_extension List all versions of a specific Extension 2.0 by name. Read get_extension_environment_config Get the environment-level configuration for an Extension 2.0. Read get_extension_monitoring_config Get details of a specific monitoring configuration for an Extension 2.0. Read get_feature Get a feature by key within a project (Dynatrace Feature Management API). Read get_feature_flag Get a feature flag by key (Dynatrace Feature Management API). Read get_feature_project Get a Feature Management project by key (Dynatrace Feature Management API). Read get_fieldset Get a single Grail fieldset by UID (Storage Fieldsets v1). Read get_filter_segment Get a filter segment by UID (platform storage filter-segments v1). Read get_grail_bucket Get a single Grail retention bucket definition by name (Dynatrace Storage Management v1). Read get_iam_user Get a single active user by UUID at an organisational level (IAM v1). Read get_metric_metadata Get the descriptor/metadata for a single metric by key (classic Metrics v2). On Gen3/Grail tenants this endpoi Read get_monitor Get the full definition of a single synthetic monitor by its entity ID. Read get_notebook Get a notebook by id — returns combined metadata and content. Read get_openpipeline_configuration Get the full OpenPipeline configuration for a specific data type (id). Read get_openpipeline_technology_processors Get the processors available for a specific OpenPipeline technology. Read get_problem Get full details of one problem, including root cause and affected entities. Read get_record_deletion_status Get the status of a previously submitted Grail record deletion process. Read get_request_attribute Get a single request attribute definition by ID (classic Config API v1). Read get_request_naming Get a single request naming rule by ID (classic Config API v1). Read get_self_notification Get a single self-notification by ID (platform notification v1). Read get_server_info Report this MCP server Read get_settings_object Get one Settings 2.0 object by objectId. Read get_settings_schema Get the full JSON schema for a Settings 2.0 schemaId. Use this to construct a valid Read get_slo Get one SLO by id (platform SLO v1). Read get_trace Fetch all spans for a single trace id (ordered by start time) for latency/root-cause analysis. Read get_trust_policy Get a WIF trust policy by UUID, including its service user mappings (IAM v1). Read get_vulnerability Get full details of a single vulnerability by its ID (Dynatrace Platform Vulnerabilities v1). Read get_workflow Get a single Dynatrace Automation workflow by ID (platform Automation v1). Read get_workflow_execution Get a single Dynatrace Automation workflow execution by ID (platform Automation v1). Read list_audit_logs List audit log entries (classic Audit Logs API, requires auditLogs.read token scope). Read list_custom_services List all custom service definitions for a given technology (classic Config API v1, read-only). Read list_dashboard_topics List the dashboard/notebook knowledge topics fetchable via dashboard_reference (with one-line descriptions). Read list_dashboards List Dynatrace dashboards accessible to you (Document Service). Read list_dql_official_references List the reference docs inside the vendored official Dynatrace dt-dql-essentials skill Read list_dql_topics List the DQL knowledge topics fetchable via dql_reference (and one-line descriptions). Read list_entity_types Queries Smartscape entity types via Grail DQL (Gen3-native). Read list_event_notifications List event-notifications (platform notification v2). Returns paginated results array. Read list_extension_monitoring_configs List all monitoring configurations for an Extension 2.0. Read list_extensions List all Extensions 2.0 available in the environment. Read list_feature_flags List all flags in a feature (Dynatrace Feature Management API). Read list_feature_projects List all Feature Management projects (Dynatrace Feature Management API). Read list_features List all features in a Feature Management project. Read list_fieldsets List all Grail fieldsets (Storage Fieldsets v1). A fieldset is a curated, named list of field names Read list_filter_segments List all Grail filter segments (platform storage filter-segments v1). Read list_grail_buckets List all Grail retention bucket definitions (Dynatrace Storage Management v1). Read list_hosts Queries Smartscape host entities via Grail DQL (Gen3-native). Read list_iam_groups List visible groups at an organisational level (IAM v1). Read list_iam_service_users List active service users usable by the calling user at an organisational level (IAM v1). Read list_iam_users List active users at an organisational level (IAM v1). Read list_metrics List/search metric descriptors (classic Metrics v2). Use a metricSelector like Read list_monitors List all synthetic monitors (browser and network availability). Read list_notebooks List Dynatrace notebooks accessible to you (Document Service). Read list_objective_templates List SLO objective templates (platform SLO v1). Read list_openpipeline_configurations List all OpenPipeline configurations (one per data type: logs, events, bizevents, Read list_openpipeline_processor_types List, per data type, the processor types allowed in each pipeline stage Read list_openpipeline_technologies List all available OpenPipeline technology parsers (grouped by technology category). Read list_problems List problems (classic Problems v2). Filter by status/severity via problemSelector and a timeframe. Returns on Read list_release_stages List all release stages in a Feature Management project. Read list_request_attributes List all request attribute definitions (classic Config API v1). Read list_request_namings List all request naming rules (classic Config API v1). Read list_self_notifications List self-notifications (platform notification v1). Returns paginated results array. Read list_settings_objects List Settings 2.0 objects, filtered by schema and/or scope. Returns one page; pass nextPageKey to page through Read list_settings_schemas List Settings 2.0 schema ids (classic). These identify configurable settings types. Returns one page; pass nex Read list_slos List Service-Level Objectives (platform SLO v1). Read list_synthetic_locations List all synthetic locations (both public and private) available for the environment. Read list_synthetic_nodes List all synthetic nodes (ActiveGates capable of running synthetic monitors). Read list_trust_policies List WIF (Workload Identity Federation) trust policies for an account (IAM v1). Read list_trust_policy_mappings List WIF service user mappings for a trust policy (IAM v1). Read list_vulnerabilities List security vulnerabilities (Dynatrace Platform Vulnerabilities v1). Read list_workflow_executions List Dynatrace Automation workflow executions (platform Automation v1). Read list_workflows List Dynatrace Automation (Workflows) workflows via the platform Automation v1 API. Read openpipeline_dql_autocomplete Get DQL autocomplete suggestions for a DQL processor script (safe, read-only). Read openpipeline_matcher_autocomplete Get autocomplete suggestions for a matcher (routing condition) expression (safe, read-only). Read preview_openpipeline_processor Preview the effect of a pipeline processor on sample data without mutating any configuration Read query_metric Query metric data points via Grail DQL Read search_logs Search logs in Grail via DQL. Builds a Read search_spans Search distributed-tracing spans in Grail via DQL ( Read test_lookup_pattern Test parsing tabular lookup data (Grail Resource Store v1) WITHOUT storing anything. Read validate_against_live_schema Validate a settings value against the live schema (read-only, validateOnly). Read validate_settings_object Validate a Settings 2.0 object payload WITHOUT persisting it (validateOnly=true). Returns constraint violation Read verify_openpipeline_dql_processor Validate a DQL processor script without mutating any configuration (safe, read-only). Read verify_openpipeline_matcher Validate a matcher (routing condition) expression without mutating any configuration (safe, read-only).

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Dynatrace SaaS MCP Server

Can an AI agent delete data through the Dynatrace SaaS MCP Server MCP server? +

Yes. The Dynatrace SaaS MCP Server server exposes 22 destructive tools including cancel_record_deletion, delete_dashboard, delete_event_notification. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Dynatrace SaaS MCP Server? +

The Dynatrace SaaS MCP Server server has 45 write tools including add_iam_user, create_dashboard, create_event_notification. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Dynatrace SaaS MCP Server.

How many tools does the Dynatrace SaaS MCP Server MCP server expose? +

167 tools across 4 categories: Destructive, Execute, Read, Write. 96 are read-only. 71 can modify, create, or delete data.

How do I enforce a policy on Dynatrace SaaS MCP Server? +

Register the Dynatrace SaaS MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Dynatrace SaaS MCP Server tool call.

Deterministic rules across all 167 Dynatrace SaaS MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

167 Dynatrace SaaS MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.