Darktrace provides a fundamentally unique approach to cyber defense. With a detailed understanding of what is normal within the business, Darktrace's Self Learning AI can identify and contain emerging threats that have bypassed traditional defenses and are active within the network. For security teams who wish to leverage this learning to enhance the value of their existing security stack, the Threat Visualizer offers multiple ways to integrate.
The Darktrace Splunk app brings the power of Darktrace self learning to Splunk - insights from Darktrace's AI can be correlated against alerts from internal threat intelligence tools and other elements of your organization's security stack. The custom Workflow Integration data format allows model breach alerts, system status and AI Analyst incidents to be populated within the connected Splunk instance. Alert data is Splunk CIM compatible for enhanced integration across logs.
The Darktrace Splunk app enhances the Splunk user interface by populating it with real-time threat alerts and events from your Darktrace environment. The app provides multiple dashboards for quick review of high priority model breaches, AI Analyst insights and system status alerts.
The Latest Activity dashboard highlights model breach alerts in the last 7 days which can be easily filtered by timeframe, score, and model. Likewise, the Trending page highlights the performance of models for the last 2 weeks, displaying high-risk devices and high-frequency risky behaviors seen.
The Darktrace Cyber AI Analyst investigates, analyzes and reports upon threats seen within your Darktrace environment; the AI Analyst dashboard allows these AI powered insights to be leveraged and investigated within the Splunk interface. System status information is also available on a dedicated page so that operators stay informed of system health, changes in monitored traffic, and any errors experienced by Darktrace/Apps, Darktrace/Cloud, and Darktrace/Zero Trust modules, or virtual sensors.
Interacting with any of the panels will filter the detailed table below by the panel query - for example, selecting a "Top Device" on the AI Analyst dashboard will return only incident events relevant to that device. Each alert links to detailed reports in the Darktrace Threat Visualizer, allowing for deep analysis of emerging vulnerabilities and early-stage threats.
Please note, this update requires alerts to be sent from a Darktrace instance running Threat Visualizer v5.2.0+. Previous Threat Visualizer software versions are not compatible.
Update dashboards for compatibility with Darktrace "Reduced Message Size" syslog JSON output.
Submit and re-validate app to for Splunk Cloud compatibility.
Initial Release.
App ingests JSON Syslog from Darktrace, displays varying levels of security breaches, and links them to more detailed reports on the Darktrace Threat Visualizer.
Name changed.
Initial Release.
App ingests JSON Syslog from Darktrace, displays varying levels of security breaches, and links them to more detailed reports on the Darktrace Threat Visualizer.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.