DarktraceAIA
Rapid detection of malicious behaviour can make all the difference in the response to a security event. This pack includes configurations to combine the world-class threat detection of Darktrace with the synchrony and automation abilities of XSOAR, allowing security teams to investigate critical incidents along with accompanying summaries and timelines. AI actions can also be applied.
Network Security · Darktrace
Configuration parameters
url— Server URL (e.g. https://example.net) (required)isFetch— Fetch incidentsinsecure— Trust any certificate (not secure)proxy— Use system proxy settingsincidentType— Incident typepublicApiKey— Public API Token (required)privateApiKey— Private API Token (required)min_score— Minimum Score (required)max_fetch— Maximum Model Breaches per Fetchfirst_fetch— First fetch time
Commands (6)
-
darktrace-acknowledge-ai-analyst-incident-eventAcknowledge an AI Analyst Incident Event.
-
darktrace-get-ai-analyst-incident-eventFetch the details of an AI Analyst event.
-
darktrace-get-ai-analyst-incident-group-from-eventIdPulls all linked events for a given event. Over time, events can become merged with one another. This happens when two sets of disparate activity are suddenly linked by shared factors.
-
darktrace-get-comments-for-ai-analyst-incident-eventFetch all comments from an AI Analyst incident Event.
-
darktrace-post-comment-to-ai-analyst-incident-eventPost a comment to an AI Analyst incident Event.
-
darktrace-unacknowledge-ai-analyst-incident-eventUnacknowledge an AI Analyst Incident Event.