Darktrace AI Analyst
Darktrace Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.6.0 and later.
Darktrace is a Cyber AI platform for threat detection and response across cloud, email, industrial, and the network. This integration was integrated and tested with version 6.0.0 of Darktrace
#
Configure Darktrace in CortexParameter | Description | Required |
---|---|---|
url | Server URL (e.g. https://example.net\) | True |
isFetch | Fetch incidents | False |
insecure | Trust any certificate (not secure) | False |
proxy | Use system proxy settings | False |
public_api_token | Public API Token | True |
private_api_token | Private API Token | True |
min_score | Minimum Score | True |
max_alerts | Maximum Model Breaches per Fetch | False |
first_fetch | First fetch time | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
darktrace-get-ai-analyst-incident-eventReturns all AI Analyst incident events
#
Base Commanddarktrace-get-ai-analyst-incident-event
#
InputArgument Name | Description | Required |
---|---|---|
eventId | Unique identified of an AI Analyst incident event | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Darktrace.AIAnalyst.eventId | Unknown | AIAnalyst unique identifier |
Darktrace.AIAnalyst.title | String | AIAnalyst event title |
Darktrace.AIAnalyst.mitreTactics | Unknown | AIAnalyst mitre tactics seen on event |
Darktrace.AIAnalyst.score | Unknown | group score for ai analyst incident |
Darktrace.AIAnalyst.category | String | group category for ai analyst incident |
Darktrace.AIAnalyst.summary | String | AIAnalyst event summary |
Darktrace.AIAnalyst.groupId | Unknown | unique identifier for event Id |
Darktrace.AIAnalyst.devices | Unknown | Associated devices with incident event |
Darktrace.AIAnalyst.modelBreaches | Unknown | Associated model breaches with event Id |
#
darktrace-get-comments-for-ai-analyst-incident-eventReturns all Darktrace Comments for a given Incident Event
#
Base Commanddarktrace-get-comments-for-ai-analyst-incident-event
#
InputArgument Name | Description | Required |
---|---|---|
eventId | Unique identified of an AI Analyst incident event | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Darktrace.AIAnalyst.incidet_id | Number | Incident event unique identifier |
Darktrace.AIAnalyst.message | String | Posted message |
Darktrace.AIAnalyst.eventId | String | Unique event identifier |
Darktrace.AIAnalyst.time | String | Message post timestamp |
Darktrace.AIAnalyst.username | String | Darktrace username of posting user |
#
darktrace-post-comment-to-ai-analyst-incident-eventPost comment to an AI Analyst Incident Event.
#
Base Commanddarktrace-post-comment-to-ai-analyst-incident-event
#
InputArgument Name | Description | Required |
---|---|---|
eventId | Unique identified of an AI Analyst incident event | Required |
comment | Enter a message to comment | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Darktrace.AIAnalyst.commented | String | Whether the incident is commented in Darktrace |
Darktrace.AIAnalyst.response | String | Post command response |
Darktrace.AIAnalyst.eventId | String | Unique event identifier |
Darktrace.AIAnalyst.message | String | Message to be commented |
#
darktrace-acknowledge-ai-analyst-incident-eventAcknowledges an AI Analyst Incident Event
#
Base Commanddarktrace-acknowledge-ai-analyst-incident-event
#
InputArgument Name | Description | Required |
---|---|---|
eventId | Unique identified of an AI Analyst incident event | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Darktrace.AIAnalyst.acknowledged | String | Whether the incident is acknowledge in Darktrace |
Darktrace.AIAnalyst.response | String | Post response comment |
Darktrace.AIAnalyst.eventId | String | incident event unique identifier |
#
darktrace-unacknowledge-ai-analyst-incident-eventUnacknowledges an AI Analyst Incident Event
#
Base Commanddarktrace-unacknowledge-ai-analyst-incident-event
#
InputArgument Name | Description | Required |
---|---|---|
eventId | Unique identified of an AI Analyst incident event | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Darktrace.AIAnalyst.unacknowledged | String | Whether the incident is acknowledge in Darktrace |
Darktrace.AIAnalyst.response | String | Post response comment |
Darktrace.AIAnalyst.eventId | String | incident event unique identifier |
#
darktrace-get-ai-analyst-incident-group-from-eventIdPulls all linked events for a given event. Over time, events can become merged with one another. This happens when two sets of disparate activity are suddenly linked by shared factors.
#
Base Commanddarktrace-get-ai-analyst-incident-group-from-eventId
#
InputArgument Name | Description | Required |
---|---|---|
eventId | Unique identified of an AI Analyst incident event | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Darktrace.AIAnalyst.groupId | String | Investigation Group Unique Identifier |
Darktrace.AIAnalyst.incidentEvents | Unknown | Associated events |
Darktrace.AIAnalyst.mitreTactics | Unknown | Associated Mitre Tactics seen on incident |
Darktrace.AIAnalyst.groupScore | Number | Group score |
Darktrace.AIAnalyst.groupCategory | String | Group category |