Splunk Enterprise Security

Any use cases for darktrace

pradeep577
Path Finder

Hi,

Can anybody helpme to get some use cases for darktrace. Right now I am looking only for score value.

0 Karma

alonsocaio
Contributor

Hey,

I am also using Splunk ES and Darktrace. We created a correlation search to create notables when Darktrace alerts logged into Splunk.

It helped us on correlating the darktrace alerts with our assets and identities lists from ES, increasing risk score of users and systems based on Darktrace alerts score.

Also, you should take a look at Darktrace Connector for Splunk: (https://splunkbase.splunk.com/app/3539/)

0 Karma

cyber_geek
Loves-to-Learn

Hi,

I'm struggling to get our security tools alerts (eg., Darktrace, Palo alto) to ES in notable events wherein our security analysts can go in look for all alerts and have a view of single pan of glass.

Could you please assist me how you configured a correlation search to create notables when Darktrace alerts logged into Splunk?

Many thanks in advance!

0 Karma

pradeep577
Path Finder

Thank you for your response.
So you are saying you are looking at the assets list on ES and mapping it to DT alerts.

0 Karma

alonsocaio
Contributor

Yes, kind of it. We increase the risk score of an asset based on the severity of Darktrace alerts. As example, If host A has an alert that is HIGH or CRITICAL in darktrace, we would also increase risk score for host A on ES.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...