Actually the endpoints for outbound communication are specified in the server configuration file. If you use a classic MITM proxy, it will probably not work because of certificate validation. You would have to add a custom certificate to truststore for Dynatrace server and maybe other components as well.

If Dynatrace server allows changing those endpoint urls (billing, opc, ...) to non https, it would be quite simple to write a "proxy" to dump communication and forward it to mission control. However not sure about the websocket communication from Dynatrace into customer environment.

Probably both methods can be used, but I'm asking for official supported solution.

@Radoslaw S. could you ping me so we can discuss the possibilities of intercepting the mission control traffic? patrick.hofmann@amasol.de

I'm aware what is mission control used for.
However this answer won't be acceptable by security personnel in environments with high security requirements (agents on servers processing sensitive data, such as banking).

Not being able to audit communication will likely prohibit Dynatrace for being deployed (=purchased) in such environments.

Do we have any update on this? Would like to get more details how the data can be audited and what type of flexibility is available in what information can be sent from the managed server.

There is flexibility, observe the preferences available to a cluster admin in the CMC. There is also complete audits available to cluster admins in the CMC (observe audit log in the sidebar in pic below).

As above mentioned by Radoslaw, check the Mission Control Security section.

Dynatrace have provided further insight in the Trust Center, if you are interested in this subject.

Nothing has changed, but you can still do MITM communication auditing. It requires some work with adding a certificate to the trust store so Dynatrace Cluster can trust the MITM proxy.

Anyway, any changes from Dynatrace are being audited in the Audit log available in the CMC.