Darktrace for Splunk SOAR

This app integrates with Darktrace to perform investigative and containment actions

Supported Actions

• test connectivity: Validate the asset configuration for connectivity using the supplied configuration
• get device tags: Receive all of the tags that are currently applied to a device
• get tagged devices: Receive all of the devices that currently have a given tag
• get breach comments: Receive all comments made on a model breach
• on poll: Ingests Darktrace model breaches and Cyber AI Analyst investigations
• get device description: Receive device description for the specified device
• get device modelbreaches: Receive recent model breaches for the specified device
• acknowledge breach: Acknowledge a model breach
• unacknowledge breach: Unacknowledge a model breach
• post comment: Post a comment to a model breach
• post tag: Post a tag to a device
• get breach connections: Receive connections involved in a model breach