Darktrace CyberIntelligence Platform
What is Discovered and Monitored
Protocol | Information Discovered | Metrics/LOGs collected | Used for |
Syslog (CEF formatted) | Over 40 security logs | Security and Compliance monitoring |
Event Types
Go to ADMIN > Device Support > Event Types and search for "Darktrace-DCIP" to see the event types associated with this device.
Rules
None
Reports
None
Configuration
Configure Darktrace to send CEF formatted logs to FortiSIEM. FortiSIEM will automatically parse the logs. No configuration is required in FortiSIEM.
Sample Events
CEF:0|Darktrace|DCIP|3.0.8|537|Antigena/Network/Compliance/Antigena RDP Block|Low| eventId=2 externalId=1462565 art=1536856095244 deviceSeverity=1 rt=1536856054000 shost=personalpcd698.abccompany.local src=10.10.1.85 sourceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 10.0.0.0-10.255.255.255 smac=1:1:1:1:1:1 dst=1.1.1.1 destinationZoneURI=/All Zones/ArcSight System/Public Address Space Zones/APNIC/1.0.0.0-1.1.1.255 (APNIC) dpt=9999 ahost=personalpc123.abccompany.local agt=10.10.28.38 agentZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 10.0.0.0-10.255.255.255 av=2.2.2.2.0 atz=CountryA aid=3mAvC02UBABCAa72iNm4jZA\=\= at=syslog dvc=10.10.10.10 deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 10.0.0.0-10.255.255.255 dtz=CountryA _cefVer=0.1 ad.darktraceUrl=https://10.10.10.10/#modelbreach/1462565