Darktrace

Version: 1.6
Updated: Mar 4, 2024

Perform threat intelligence evidence gathering with Darktrace.

Actions

• Add To Watch List (Containment) - Adds external domains, hostnames, or IP addresses to Darktrace's internal watch list.
• Darktrace Breach Daemon (Daemon) - Automatically gather Breaches from Darktrace.
• Darktrace Incident Events Daemon (Daemon) - Automatically gather Incident Events from Darktrace (provides access to AI Analyst events - a group of anomalies or network activity investigated by Cyber AI Analysts).
• Get IOC (Enrichment) - Get IOC details by value.
• Get Model (Enrichment) - Returns a specific model that currently exist on the Threat Visualizer.
• Get Watch List (Enrichment) - Retrieves a list of indicators from a watch list.
• List Models (Enrichment) - Returns a list of all models that currently exist on the Threat Visualizer.
• List Tags (Enrichment) - List all available tags.
• Remove From Watch List (Containment) - Removes an external domain, hostname, or IP address from Darktrace's internal watch list.
• Search Breach (Enrichment) - Query breaches from Darktrace.
• Search Devices (Enrichment) - Search capacity to interrogate the list of devices has seen on the network.

Change Log

• January 15, 2021 - First upload
• February 11, 2021 - Updated Actions:
  • Get IOC
  • List Models
  • Get Models
  • Search Device
  • List Tags
• June 07, 2022 - New Actions:
  • Search Breach
  • Darktrace Breach Daemon
• February 17, 2023 (v1.2)
  • New Daemon: Darktrace Incident Events Daemon
• July 12, 2023 (v1.3) - Updated the integration with Environmental Variables
• January 29, 2024 (v1.4)
  • Updated resource: Resolved bug related to integration resource
• February 28, 2024 (v1.5) - Updated code for compatibility with Python 3.12
• March 4, 2024 (v1.5) - Updated code for compatibility with Python 3.12