DarktraceMBs

Rapid detection of malicious behaviour can make all the difference in the response to a security event. This pack includes configurations to combine the world-class threat detection of Darktrace with the synchrony and automation abilities of XSOAR, allowing security teams to investigate model breaches and all model breach related actions (such as commenting, acknowledging and model logic info).

Network Security · Darktrace

Configuration parameters

  • url — Server URL (e.g. https://example.net) (required)
  • isFetch — Fetch incidents
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • incidentType — Incident type
  • publicApiKey — Public API Token (required)
  • privateApiKey — Private API Token (required)
  • min_score — Minimum Score (required)
  • max_fetch — Maximum Model Breaches per Fetch
  • first_fetch — First fetch time

Commands (8)

  • darktrace-acknowledge-model-breach

    Acknowledge a model breach as specified by Model Breach ID.

  • darktrace-get-model

    Fetch the configuration details behind a specified model.

  • darktrace-get-model-breach

    Fetch details about a specific Model Breach.

  • darktrace-get-model-breach-comments

    Fetch all comments for a given model brach.

  • darktrace-get-model-breach-connections

    Retrieve connections relevant to a specified model breach.

  • darktrace-get-model-component

    Get details of a component.

  • darktrace-post-comment-to-model-breach

    Post a comment to a model breach.

  • darktrace-unacknowledge-model-breach

    Unacknowledge a given model breach.