Darktrace NDR
Configure the DarkTrace NDR data connector.
In this guide, you will set up the Darktrace NDR syslog data connector to forward Darktrace NDR lots to Radiant with the use of an intermediary syslog relay server for additional security.
Add the data connector in Radiant Security
First, you’ll add the Darktrace NDR data connector in Radiant Security.
Log in to Radiant Security.
From the navigation menu, click Settings > Data Connectors and click + Add Connector.
Search for and select the Darktrace NDR (syslog) option and then click Data Feeds.
Select the Darktrace NDR data feed and then click Credentials.
Under Credential Name, give the credential an identifiable name (e.g.
Darktace NDR Credentials). If you already have a credential in place, select it from the drop-down menu. Click Credentials.In the Connector tag field, enter a random value. This value will act as the salt to randomize the unique Token you’ll download in the next step.
Click Add Connector.
Configure a Radiant Agent for Log Collection
Refer to the Install the Radiant Security Agent guide to set up a local agent to collect the logs.
Configure syslog forwarding
Log into the Darktrace Console.
Navigate to the Admin panel.
Under System Configuration, navigate to Modules > Darktrace/Cloud.
Under Workflow Integrations, click Syslog.
Click on the Syslog JSON tab.
Enter the following values:
Send Alerts: Enabled
Server:
{syslog_server_ip}Server Port:
{syslog_server_port}Use Application Name: Enabled
Application Name: darktrace
Send AI Analyst Alerts: Enabled
AI Analyst Behavior Filter: Compliance, Critical, Suspicious
Send Model Breach Alerts: Enabled
Model Breach Behavior Filter: Compliance, Critical, Suspicious
Send System Status Alerts: Enabled
Send Resolved System Status Alerts: Enabled
Minimum System Status Priority: High
Master: All
At the top of the Syslog Workflow Integration window, toggle on the Enabled button.
Click Save.
Last updated