icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Darktrace App for Splunk
SHA256 checksum (darktrace-app-for-splunk_210.tgz) 86e9b5de114ef8ce844a362cb1b3ad202d860e4c220dec0672638c5db0fefd8a SHA256 checksum (darktrace-app-for-splunk_201.tgz) b6b6a05571eeb2972e81f1d5bcfa8da3969bf1bbb07ddd8789085bbe76a9a574 SHA256 checksum (darktrace-app-for-splunk_200.tgz) 57bf1b79a1614c6b6094476195a9273eb7f448029d8c13a71babafaff5f768bf SHA256 checksum (darktrace-app-for-splunk_111.tgz) 869b956964f1a2937a8bef23ad6a47a53a106471b22f374f17725bd1b8918330 SHA256 checksum (darktrace-app-for-splunk_110.tgz) 4b1169cbab725e996e39e4e8a99b30c471e30d19a9b775c1b571cd4fc69e72d7 SHA256 checksum (darktrace-app-for-splunk_108.tgz) af2e182c7e734d789c45b1564444c36517dff695c02291ada26fb598b500cc01 SHA256 checksum (darktrace-app-for-splunk_107.tgz) ab2eb67adb04c87b95e30804e3dda8b790b18aaf829b285dde78fd9486734c4a SHA256 checksum (darktrace-app-for-splunk_105.tgz) 06600f7227e391e30502c649c60f287341af268b1c51ef9ac35684389926311b SHA256 checksum (darktrace-app-for-splunk_104.tgz) da00a0f58b7b037565d58fd1d2308b743ddad73e65a08d0142a502fd328b271f SHA256 checksum (darktrace-app-for-splunk_103.tgz) eb84b22d40e6e3c8515a7e6de7a422fb92f885ca06805bfe2fb6d378cee21e88
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

Darktrace App for Splunk

Splunk Cloud
Overview
Details
Darktrace is a global leader in cyber security artificial intelligence, delivers complete AI-powered solutions in its mission to free the world of cyber disruption. Its technology continuously learns and updates its knowledge of 'you' for an organization and applies that understanding to achieve an optimal state of cyber security. Breakthrough innovations from its R&D Centers have resulted in over 145 patent applications filed. Darktrace employs over 2,200 people around the world and protects c.8,800 organizations globally from advanced cyber-threats.

The Darktrace Splunk app brings the power of Darktrace self learning to Splunk - insights from Darktrace's AI can be correlated against alerts from internal threat intelligence tools and other elements of your organization's security stack. The custom Workflow Integration data format allows model breach alerts, system status and AI Analyst incidents to be populated within the connected Splunk instance. Alert data is Splunk CIM compatible for enhanced integration across logs.

Darktrace provides a fundamentally unique approach to cyber defense. With a detailed understanding of what is normal within the business, Darktrace's Self Learning AI can identify and contain emerging threats that have bypassed traditional defenses and are active within the network. For security teams who wish to leverage this learning to enhance the value of their existing security stack, the Threat Visualizer offers multiple ways to integrate.

The Darktrace Splunk app brings the power of Darktrace self learning to Splunk - insights from Darktrace's AI can be correlated against alerts from internal threat intelligence tools and other elements of your organization's security stack. The custom Workflow Integration data format allows model breach alerts, system status and AI Analyst incidents to be populated within the connected Splunk instance. Alert data is Splunk CIM compatible for enhanced integration across logs.

Visualization

The Darktrace Splunk app enhances the Splunk user interface by populating it with real-time threat alerts and events from your Darktrace environment. The app provides multiple dashboards for quick review of high priority model breaches, AI Analyst insights and system status alerts.

The Latest Activity dashboard highlights model breach alerts in the last 7 days which can be easily filtered by timeframe, score, and model. Likewise, the Trending page highlights the performance of models for the last 2 weeks, displaying high-risk devices and high-frequency risky behaviors seen.

The Darktrace Cyber AI Analyst investigates, analyzes and reports upon threats seen within your Darktrace environment; the AI Analyst dashboard allows these AI powered insights to be leveraged and investigated within the Splunk interface. System status information is also available on a dedicated page so that operators stay informed of system health, changes in monitored traffic, and any errors experienced by Darktrace/Apps, Darktrace/Cloud, and Darktrace/Zero Trust modules, or virtual sensors.

Interacting with any of the panels will filter the detailed table below by the panel query - for example, selecting a "Top Device" on the AI Analyst dashboard will return only incident events relevant to that device. Each alert links to detailed reports in the Darktrace Threat Visualizer, allowing for deep analysis of emerging vulnerabilities and early-stage threats.

Release Notes

Version 2.1.0
Oct. 4, 2024
  • New dashboard displaying Darktrace Autonomous Response Alerts
  • Update terminology to reflect updated product names
Version 2.0.1
July 24, 2024
  • Increase default character limit for Darktrace alerts.
Version 2.0.0
July 12, 2022
  • Dashboard now utilizes Darktrace v5.2 behavior categories for alerts to display a better representation of alert severity than score alone.
  • MITRE ATT&CK techniques for Darktrace Model Breach alerts are displayed in a graph showing the most common techniques.
  • Darktrace AI Analyst alerts now grouped into incidents.
  • Introduced more CIM categories for Darktrace AI Analyst alerts.

Operational Notes

Please note, this update requires alerts to be sent from a Darktrace instance running Threat Visualizer v5.2.0+. Previous Threat Visualizer software versions are not compatible.

Version 1.1.1
Oct. 6, 2021
  • Additional mapping of Darktrace AI Analyst alerts to CIM data models
  • Fix for compatibility with Splunk 8.2
Version 1.1.0
Sept. 1, 2021
  • Add dashboard for Darktrace AI Analyst alerts.
  • Add dashboard for Darktrace System Status alerts.
  • Add tags and field transformations for Darktrace data for CIM compatibility.
Version 1.0.8
June 15, 2021

Update dashboards for compatibility with Darktrace "Reduced Message Size" syslog JSON output.

Version 1.0.7
Jan. 22, 2021

Submit and re-validate app to for Splunk Cloud compatibility.

Version 1.0.5
April 11, 2017

Initial Release.

App ingests JSON Syslog from Darktrace, displays varying levels of security breaches, and links them to more detailed reports on the Darktrace Threat Visualizer.

Name changed.

Version 1.0.4
April 7, 2017

Initial Release.

App ingests JSON Syslog from Darktrace, displays varying levels of security breaches, and links them to more detailed reports on the Darktrace Threat Visualizer.

Version 1.0.3
April 6, 2017

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk LLC in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.