Actions for Darktrace #
- Send Data to Darktrace. Sends a custom set of Lucidum data to Darktrace.
Use Cases #
Below are the possible use cases for these actions:
-
-
If you want to run Lucidum “headless”, you can send relevant data to Darktrace on a regular schedule.
- You can send normalized, enriched Lucidum data to Darktrace to be indexed, searched, and analyzed.
-
Prerequisites #
To execute Darktrace actions, you must
Configure a Darktrace API connection beforehand. The required parameters are described in the instructions for creating a Darktrace connector in Lucidum https://lucidum.io/docs/darktrace-prevent/.
NOTE. The specified account should have read and write permissions.
Workflows #
- Creating a new Configuration and a new Action
- Cloning an Existing Action
- Creating a new Action from the Location Results page
- Editing a Configuration
- Editing an Action
- Viewing Information about an Action
Darktrace Configuration #
To create a configuration for Darktrace actions:
-
Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.
- Host. The IP address or host name of the Darktrace API server.
-
Port. The port for the Darktrace API server.
-
Public API Key. A public API Key for a Darktrace account with read and write access to the Darktrace API.
-
Private API Key. A private API Key for a Darktrace account with read and write access to the Darktrace API.
NOTE: To generate the Darktrace API Keys, log into the Darktrace Threat Visualizer with an account that has “API Access” permission. Navigate to Admin > System Config, and under API Token, click “New” to generate a Public and Private Token pair. Save the Private Token to a safe location.
-
Max # of Records per Payload. The maximum number of records to send to Darktrace in each action. The default value is “50”.
Create a New Action #
To create an action for Darktrace, contact Lucidum customer care.
