Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Any use cases for darktrace

pradeep577
Path Finder
‎02-19-2020 07:26 AM

Hi,

Can anybody helpme to get some use cases for darktrace. Right now I am looking only for score value.

0 Karma
Reply

alonsocaio
Contributor
‎02-22-2020 05:03 AM

Hey,

I am also using Splunk ES and Darktrace. We created a correlation search to create notables when Darktrace alerts logged into Splunk.

It helped us on correlating the darktrace alerts with our assets and identities lists from ES, increasing risk score of users and systems based on Darktrace alerts score.

Also, you should take a look at Darktrace Connector for Splunk: (https://splunkbase.splunk.com/app/3539/)

0 Karma
Reply

cyber_geek
Loves-to-Learn
‎10-30-2024 11:43 AM

Hi,

I'm struggling to get our security tools alerts (eg., Darktrace, Palo alto) to ES in notable events wherein our security analysts can go in look for all alerts and have a view of single pan of glass.

Could you please assist me how you configured a correlation search to create notables when Darktrace alerts logged into Splunk?

Many thanks in advance!

0 Karma
Reply

pradeep577
Path Finder
‎02-22-2020 12:22 PM

Thank you for your response.
So you are saying you are looking at the assets list on ES and mapping it to DT alerts.

0 Karma
Reply

alonsocaio
Contributor
‎02-26-2020 06:10 AM

Yes, kind of it. We increase the risk score of an asset based on the severity of Darktrace alerts. As example, If host A has an alert that is HIGH or CRITICAL in darktrace, we would also increase risk score for host A on ES.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...