Skip to main content


Download With Dependencies

Populates Darktrace Model Breaches in Cortex XSOAR, allowing for cross-platform automated investigation and response.

Rapid detection of malicious behavior can make all the difference in the response to a security event. This pack includes configurations to combine the world-class threat detection of Darktrace with the synchrony and automation abilities of XSOAR, allowing security teams to investigate and manage security events before they have time to escalate.

What does this pack do?

  • Gathers information about every anomaly detection (model breach) made by the Darktrace platform and populates it in XSOAR.
  • Allows users to acknowledge model breaches from XSOAR for an integrated workflow
  • Gets comments made by analysts within Darktrace
  • Populates information about devices similar to the ones involved in model breaches
  • Gathers identifying and connection information about internal devices
  • Returns information about external endpoints

Included with this pack is an out-of-the-box incident type, a classifier and mapper, a generic playbook, and a custom layout to easily view all Darktrace model breach information related to an incident. Each of these elements can also be easily customized to fit the needs of your organization.




Cortex XSOARCortex XSIAM


CertificationRead more
Supported ByPartner
CreatedDecember 20, 2020
Last ReleaseNovember 15, 2022

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.