Splunk Enterprise Security

Any use cases for darktrace

pradeep577
Path Finder

Hi,

Can anybody helpme to get some use cases for darktrace. Right now I am looking only for score value.

0 Karma

alonsocaio
Contributor

Hey,

I am also using Splunk ES and Darktrace. We created a correlation search to create notables when Darktrace alerts logged into Splunk.

It helped us on correlating the darktrace alerts with our assets and identities lists from ES, increasing risk score of users and systems based on Darktrace alerts score.

Also, you should take a look at Darktrace Connector for Splunk: (https://splunkbase.splunk.com/app/3539/)

0 Karma

pradeep577
Path Finder

Thank you for your response.
So you are saying you are looking at the assets list on ES and mapping it to DT alerts.

0 Karma

alonsocaio
Contributor

Yes, kind of it. We increase the risk score of an asset based on the severity of Darktrace alerts. As example, If host A has an alert that is HIGH or CRITICAL in darktrace, we would also increase risk score for host A on ES.

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.