Skip to main content

Handle Darktrace Model Breach

This Playbook is part of the Darktrace Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Handles each fetched Darktrace model breach by gathering additional detail about the activity and device, providing enrichment data from Darktrace and XSOAR, linking similar incidents, and giving the ability to acknowledge the model breach and close the incident.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Entity Enrichment - Generic v3

Integrations#

  • Darktrace

Scripts#

  • Print
  • FindSimilarIncidents
  • IsIntegrationAvailable

Commands#

  • darktrace-get-breach
  • linkIncidents
  • darktrace-acknowledge
  • closeInvestigation
  • darktrace-list-similar-devices
  • darktrace-get-device-identity-info

Playbook Inputs#


There are no inputs for this playbook.

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


Handle Darktrace Model Breach