Handle Darktrace Model Breach

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Handles each fetched Darktrace model breach by gathering additional detail about the activity and device, providing enrichment data from Darktrace and XSOAR, linking similar incidents, and giving the ability to acknowledge the model breach and close the incident.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

Entity Enrichment - Generic v3

Integrations

Darktrace

Scripts

Print
FindSimilarIncidents
IsIntegrationAvailable

Commands

darktrace-get-breach
linkIncidents
darktrace-acknowledge
closeInvestigation
darktrace-list-similar-devices
darktrace-get-device-identity-info

Playbook Inputs

There are no inputs for this playbook.

Playbook Outputs

There are no outputs for this playbook.

Playbook Image

Handle Darktrace Model Breach

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

Handle Darktrace Model Breach

Supported versions

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

Supported versions

Dependencies#

Sub-playbooks#

Integrations#

Scripts#

Commands#

Playbook Inputs#

Playbook Outputs#

Playbook Image#

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image