# Darktrace NDR

In this guide, you will set up the Darktrace NDR syslog data connector to forward Darktrace NDR lots to Radiant with the use of an intermediary syslog relay server for additional security.

### Add the data connector in Radiant Security

First, you’ll add the Darktrace NDR data connector in Radiant Security.

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data Connectors** and click **+ Add Connector**.
3. Search for and select the **Radiant Agent** option and then click **Data Feeds.**
4. Select the **Darktrace NDR** data feed and then click **Credentials**.
5. Under **Credential Name**, give the Radiant Agent integration an identifiable name (e.g. `Radiant Agent Integration`). If you will reuse a Radiant Agent, select it from the drop-down menu.
6. Click **Add Connector**.

### Configure a Radiant Agent for Log Collection

Refer to the [Install the Radiant Security Agent](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/install-the-radiant-security-agent) guide to set up a local agent to collect the logs.

## Configure syslog forwarding

1. Log into the Darktrace Console.
2. Navigate to the **Admin** panel.\
    

   <figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2FW6UIzz1JNe6mCXTABf0G%2FDarktrace%20NDR_01.png?alt=media&#x26;token=919fc6db-659e-443d-b923-d48e05f21c99" alt=""><figcaption></figcaption></figure>
3. Under **System Configuration**, navigate to **Modules > Darktrace/Cloud**.
4. Under **Workflow Integrations**, click **Syslog**.
5. Click on the **Syslog JSON** ta&#x62;**.**
6. Enter the following values:
   * **Send Alerts**: Enabled
   * **Server**: `{radiant_agent_ip}`
   * **Server Port**: `{port_configured_to_receive_darktrace_ndr}`
   * **Use Application Name**: Enabled
   * **Application Name**: darktrace
   * **Send AI Analyst Alerts**: Enabled
     * **AI Analyst Behavior Filter**: Compliance, Critical, Suspicious
   * **Send Model Breach Alerts**: Enabled
     * **Model Breach Behavior Filter**: Compliance, Critical, Suspicious
   * **Send System Status Alerts**: Enabled
   * **Send Resolved System Status Alerts**: Enabled
   * **Minimum System Status Priority**: High
   * **Master**: All
7. At the top of the **Syslog Workflow Integration** window, toggle on the **Enabled** **button**.
8. Click **Save**.