Populates Darktrace Model Breaches and AI Analyst Events in Cortex XSOAR, allowing for cross-platform automated investigation and response.
As organizations continue to mature their security stack and adopt defence-in-depth practices, it is increasingly important for security operation teams to have their data available in one place, rather than spread across multiple tools.
This integration pack enriches your Cortex XSOAR playbooks with information from Darktraceās self-learning AI in our DETECT product family. This ensures your endpoint data is accompanied by tailored Darktrace alerts on anomalous activities within your network, SaaS, cloud and industrial environments.
Together with XSOAR, this pack can speed up your triage workflow, boost SOC efficiency and ensure all your security coverage can be found in one place.
What does this pack do?
This pack provides three optional sub-integrations by pulling a variety of Darktrace metrics:
- Model Breaches and all model breach related actions (such as commenting, acknowledging and model logic info).
- AI Analyst investigations indicative of critical incidents along with accompanying summaries and timelines. AI actions can also be applied.
- Device administration data including device statuses and tags. Your understanding of potential threats can also be levelled-up with Advanced Search logs from DPI.
Customers can decide which of these alerts are integrated, ensuring visibility is bespoke to your individual SOCās needs. Alerts from the connector will populate in the XSOAR āIncidentsā tab.
As organizations continue to mature their security stack and adopt defence-in-depth practices, it is increasingly important for security operation teams to have their data available in one place, rather than spread across multiple tools.
This integration pack enriches your Cortex XSIAM playbooks with information from Darktraceās self-learning AI in our DETECT product family. This ensures your endpoint data is accompanied by tailored Darktrace alerts on anomalous activities within your network, SaaS, cloud and industrial environments.
Together with XSOAR, this pack can speed up your triage workflow, boost SOC efficiency and ensure all your security coverage can be found in one place.
What does this pack do?
This pack provides three optional sub-integrations by pulling a variety of Darktrace metrics:
- Model Breaches and all model breach related actions (such as commenting, acknowledging and model logic info).
- AI Analyst investigations indicative of critical incidents along with accompanying summaries and timelines. AI actions can also be applied.
- Device administration data including device statuses and tags. Your understanding of potential threats can also be levelled-up with Advanced Search logs from DPI.
Customers can decide which of these alerts are integrated, ensuring visibility is bespoke to your individual SOCās needs. Alerts from the connector will populate in the XSOAR āIncidentsā tab.
