Skip to main content

Darktrace

Download With Dependencies

Populates Darktrace Model Breaches and AI Analyst Events in Cortex XSOAR, allowing for cross-platform automated investigation and response.

As organizations continue to mature their security stack and adopt defence-in-depth practices, it is increasingly important for security operation teams to have their data available in one place, rather than spread across multiple tools.

This integration pack enriches your Cortex XSOAR playbooks with information from Darktrace’s self-learning AI in our DETECT product family. This ensures your endpoint data is accompanied by tailored Darktrace alerts on anomalous activities within your network, SaaS, cloud and industrial environments.

Together with XSOAR, this pack can speed up your triage workflow, boost SOC efficiency and ensure all your security coverage can be found in one place.

What does this pack do?

This pack provides three optional sub-integrations by pulling a variety of Darktrace metrics:

  • Model Breaches and all model breach related actions (such as commenting, acknowledging and model logic info).
  • AI Analyst investigations indicative of critical incidents along with accompanying summaries and timelines. AI actions can also be applied.
  • Device administration data including device statuses and tags. Your understanding of potential threats can also be levelled-up with Advanced Search logs from DPI.

Customers can decide which of these alerts are integrated, ensuring visibility is bespoke to your individual SOC’s needs. Alerts from the connector will populate in the XSOAR ‘Incidents’ tab.

As organizations continue to mature their security stack and adopt defence-in-depth practices, it is increasingly important for security operation teams to have their data available in one place, rather than spread across multiple tools.

This integration pack enriches your Cortex XSIAM playbooks with information from Darktrace’s self-learning AI in our DETECT product family. This ensures your endpoint data is accompanied by tailored Darktrace alerts on anomalous activities within your network, SaaS, cloud and industrial environments.

Together with XSOAR, this pack can speed up your triage workflow, boost SOC efficiency and ensure all your security coverage can be found in one place.

What does this pack do?

This pack provides three optional sub-integrations by pulling a variety of Darktrace metrics:

  • Model Breaches and all model breach related actions (such as commenting, acknowledging and model logic info).
  • AI Analyst investigations indicative of critical incidents along with accompanying summaries and timelines. AI actions can also be applied.
  • Device administration data including device statuses and tags. Your understanding of potential threats can also be levelled-up with Advanced Search logs from DPI.

Customers can decide which of these alerts are integrated, ensuring visibility is bespoke to your individual SOC’s needs. Alerts from the connector will populate in the XSOAR ‘Incidents’ tab.

PUBLISHER

Darktrace

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByPartner
CreatedDecember 20, 2020
Last ReleaseFebruary 21, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.