Any use cases for darktrace

pradeep577 · ‎02-19-2020

Hi,

Can anybody helpme to get some use cases for darktrace. Right now I am looking only for score value.

alonsocaio · ‎02-22-2020

Hey,

I am also using Splunk ES and Darktrace. We created a correlation search to create notables when Darktrace alerts logged into Splunk.

It helped us on correlating the darktrace alerts with our assets and identities lists from ES, increasing risk score of users and systems based on Darktrace alerts score.

Also, you should take a look at Darktrace Connector for Splunk: (https://splunkbase.splunk.com/app/3539/)

cyber_geek · ‎10-30-2024

Hi,

I'm struggling to get our security tools alerts (eg., Darktrace, Palo alto) to ES in notable events wherein our security analysts can go in look for all alerts and have a view of single pan of glass.

Could you please assist me how you configured a correlation search to create notables when Darktrace alerts logged into Splunk?

Many thanks in advance!

pradeep577 · ‎02-22-2020

Thank you for your response.
So you are saying you are looking at the assets list on ES and mapping it to DT alerts.

alonsocaio · ‎02-26-2020

Yes, kind of it. We increase the risk score of an asset based on the severity of Darktrace alerts. As example, If host A has an alert that is HIGH or CRITICAL in darktrace, we would also increase risk score for host A on ES.

Any use cases for darktrace

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Are you a member of the Splunk Community?

Any use cases for darktrace

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025