DarktraceAIA

Rapid detection of malicious behaviour can make all the difference in the response to a security event. This pack includes configurations to combine the world-class threat detection of Darktrace with the synchrony and automation abilities of XSOAR, allowing security teams to investigate critical incidents along with accompanying summaries and timelines. AI actions can also be applied.

Network Security · Darktrace

Configuration parameters

  • url — Server URL (e.g. https://example.net) (required)
  • isFetch — Fetch incidents
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • incidentType — Incident type
  • publicApiKey — Public API Token (required)
  • privateApiKey — Private API Token (required)
  • min_score — Minimum Score (required)
  • max_fetch — Maximum Model Breaches per Fetch
  • first_fetch — First fetch time

Commands (6)

  • darktrace-acknowledge-ai-analyst-incident-event

    Acknowledge an AI Analyst Incident Event.

  • darktrace-get-ai-analyst-incident-event

    Fetch the details of an AI Analyst event.

  • darktrace-get-ai-analyst-incident-group-from-eventId

    Pulls all linked events for a given event. Over time, events can become merged with one another. This happens when two sets of disparate activity are suddenly linked by shared factors.

  • darktrace-get-comments-for-ai-analyst-incident-event

    Fetch all comments from an AI Analyst incident Event.

  • darktrace-post-comment-to-ai-analyst-incident-event

    Post a comment to an AI Analyst incident Event.

  • darktrace-unacknowledge-ai-analyst-incident-event

    Unacknowledge an AI Analyst Incident Event.