# Darktrace Email In this guide, you will create an API token in Darktrace and instantiate a Radiant Security email connector to pull suspicious emails for triaging. At the end of this configuration, you will provide Radiant Security with these values: * **Your Darktrace URL** {% hint style="warning" %} **Important note**: The domain should be in the following form `https://xxxxxx.cloud.darktrace.com`. {% endhint %} * **Public Token** * **Private Token** * **Anomaly Score Threshold** ### Prerequisites * [ ] Admin access to the DarkTrace Threat Visualizer ### Create a local user Darktrace API tokens are user-specific and available only for local users created directly within the Darktrace Threat Visualizer. This means API tokens are not supported for users authenticated via LDAP or SAML SSO. \ \ The following steps guide you through creating a local user and generating API tokens for integration with Radiant Security. If you already have a local Admin user, use that account to complete the steps. Otherwise, use your regular Admin-level account. 1. On the Threat Visualizer of the instance from which you wish to request data, click **Menu** and then click **Admin > Permissions Admin**.

2. Click the **Created Accounts** tab.

3. On the left side, click **Create new user**.

4. Give the user a recognizable **Username** (e.g. `radiant_connector` ) and a **Password**. 5. Click **User Templates.**

6. For **Select a user template**, select **Administrator**. 7. Click **Threat Tray Behavior Categories** to go to the next step.

8. Keep all default settings for **Threat Tray Behavior Categories** unchanged and then click **Flags.**

9. Toggle the **API Access** selector to **Yes**.

{% hint style="warning" %} **Note**: If this selector cannot be changed, keep proceeding with the user creation. The next section, [**Troubleshoot users with no API Access**](#troubleshoot-users-with-no-api-access), will guide you on troubleshooting this. {% endhint %} 10. Add this user to the **Darktrace Admins Group**. 11. Click **Add Threat Visualizer permissions**.

12. Leave the next setup steps unchanged by clicking the proceeding buttons. 13. In the **Summary** page, click **Update user** to save changes. ### Troubleshoot users with no API access If you weren’t able to toggle the API access in step 9, then you must contact DarkTrace support. In most cases, this happens because the API was never used before and it can be quickly resolved. After contacting support, all icons in the **Flags** column should be green for the newly created user.

### Generate the API token 1. Log in to Threat Visualizer with the user created previously. 2. Click **Account Settings** from the main menu.

3. Click the **API Access** button.

4. In the pop-up, click **New**. A **Public** and **Private** **Token** will appear.

{% hint style="warning" %} **Important note**: Ensure you copy the token values as you won’t be able to retrieve the **Private** **Token** again. You will need to provide these values to Radiant Security at the end of the configuration. {% endhint %} ### Add the credentials in Radiant Security 1. Log in to [Radiant Security](https://app.radiantsecurity.ai/). 2. From the navigation menu, select **Settings** > **Credentials** and click **+ Add Credential**. 3. Search for and select the **Darktrace API** option from the list and then click **Configure Credential.** 4. Give the credential an identifiable name (e.g. `Darktrace API Tokens`) and add the required fields: * **Tenant URL**: Your Darktrace Console URL, it will look like `https://name.cloud.darktrace.com` * **Public Token**: 40 digit Public Token copied in the previous step. * **Private Token**: 40 digit Private Token copied in the previous step. * **Anomaly Score Threshold:** This value ranges from 0 to 100 and represents the Antigena Email Score assigned by Darktrace to each analyzed email. * A threshold of 0 means every email will be triaged by Radiant. * A threshold of 100 means only emails that Darktrace deems highly likely to be malicious will be triaged. A good starting value is 80 because it avoids triaging all emails while ensuring those with lower confidence scores by Darktrace still undergo further analysis. ### Add the data connector in Radiant Security 1. From the navigation menu, select **Settings** > **Data Connectors** and click **+ Add Connector**. 2. Search for and select the **Darktrace API** option and then click **Data Feeds**. 3. Select **Darktrace Email** **Alerts** and click **Credentials.** 4. Select the credentials created previously and click **Add Connector**.
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/darktrace-email.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.