Can anybody helpme to get some use cases for darktrace. Right now I am looking only for score value.
I am also using Splunk ES and Darktrace. We created a correlation search to create notables when Darktrace alerts logged into Splunk.
It helped us on correlating the darktrace alerts with our assets and identities lists from ES, increasing risk score of users and systems based on Darktrace alerts score.
Also, you should take a look at Darktrace Connector for Splunk: (https://splunkbase.splunk.com/app/3539/)
Thank you for your response.
So you are saying you are looking at the assets list on ES and mapping it to DT alerts.
Yes, kind of it. We increase the risk score of an asset based on the severity of Darktrace alerts. As example, If host A has an alert that is HIGH or CRITICAL in darktrace, we would also increase risk score for host A on ES.