Skip to main content

Handle Darktrace Model Breach

This Playbook is part of the Darktrace Pack.#


Use Darktrace Basic Model Breach Handler and Darktrace Basic AI Analyst Event Handler instead.

Handles each fetched Darktrace model breach by gathering additional detail about the activity and device, providing enrichment data from Darktrace and XSOAR, linking similar incidents, and giving the ability to acknowledge the model breach and close the incident.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Entity Enrichment - Generic v3


  • Darktrace


  • Print
  • FindSimilarIncidents
  • IsIntegrationAvailable


  • darktrace-get-breach
  • linkIncidents
  • darktrace-acknowledge
  • closeInvestigation
  • darktrace-list-similar-devices
  • darktrace-get-device-identity-info

Playbook Inputs#

There are no inputs for this playbook.

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Handle Darktrace Model Breach