Darktrace CyberIntelligence Platform
What is Discovered and Monitored
| Protocol | Information Discovered | Metrics/LOGs collected | Used for |
| Syslog (CEF formatted) | Over 40 security logs | Security and Compliance monitoring |
Event Types
Go to Admin > Device Type > Event Types and search for “Darktrace-DCIP”.
Rules
None
Reports
None
Configuration
Configure Darktrace to send CEF formatted logs to FortiSIEM. FortiSIEM will automatically parse the logs. No configuration is required in FortiSIEM.
Sample Events
CEF:0|Darktrace|DCIP|3.0.8|537|Antigena/Network/Compliance/Antigena RDP Block|Low| eventId=2 externalId=1462565 art=1536856095244 deviceSeverity=1 rt=1536856054000 shost=personalpcd698.abccompany.local src=10.10.1.85 sourceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 10.0.0.0-10.255.255.255 smac=1:1:1:1:1:1 dst=1.1.1.1 destinationZoneURI=/All Zones/ArcSight System/Public Address Space Zones/APNIC/1.0.0.0-1.1.1.255 (APNIC) dpt=9999 ahost=personalpc123.abccompany.local agt=10.10.28.38 agentZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 10.0.0.0-10.255.255.255 av=2.2.2.2.0 atz=CountryA aid=3mAvC02UBABCAa72iNm4jZA\=\= at=syslog dvc=10.10.10.10 deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 10.0.0.0-10.255.255.255 dtz=CountryA _cefVer=0.1 ad.darktraceUrl=https://10.10.10.10/#modelbreach/1462565