# Darktrace NDR

In this guide, you will set up the Darktrace NDR syslog data connector to forward Darktrace NDR lots to Radiant with the use of an intermediary syslog relay server for additional security.

### Add the data connector in Radiant Security

First, you’ll add the Darktrace NDR data connector in Radiant Security.

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data Connectors** and click **+ Add Connector**.
3. Search for and select the **Radiant Agent** option and then click **Data Feeds.**
4. Select the **Darktrace NDR** data feed and then click **Credentials**.
5. Under **Credential Name**, give the Radiant Agent integration an identifiable name (e.g. `Radiant Agent Integration`). If you will reuse a Radiant Agent, select it from the drop-down menu.
6. Click **Add Connector**.

### Configure a Radiant Agent for Log Collection

Refer to the [Install the Radiant Security Agent](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/install-the-radiant-security-agent) guide to set up a local agent to collect the logs.

## Configure syslog forwarding

1. Log into the Darktrace Console.
2. Navigate to the **Admin** panel.\
   &#x20;

   <figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2FW6UIzz1JNe6mCXTABf0G%2FDarktrace%20NDR_01.png?alt=media&#x26;token=919fc6db-659e-443d-b923-d48e05f21c99" alt=""><figcaption></figcaption></figure>
3. Under **System Configuration**, navigate to **Modules > Darktrace/Cloud**.
4. Under **Workflow Integrations**, click **Syslog**.
5. Click on the **Syslog JSON** ta&#x62;**.**
6. Enter the following values:
   * **Send Alerts**: Enabled
   * **Server**: `{radiant_agent_ip}`
   * **Server Port**: `{port_configured_to_receive_darktrace_ndr}`
   * **Use Application Name**: Enabled
   * **Application Name**: darktrace
   * **Send AI Analyst Alerts**: Enabled
     * **AI Analyst Behavior Filter**: Compliance, Critical, Suspicious
   * **Send Model Breach Alerts**: Enabled
     * **Model Breach Behavior Filter**: Compliance, Critical, Suspicious
   * **Send System Status Alerts**: Enabled
   * **Send Resolved System Status Alerts**: Enabled
   * **Minimum System Status Priority**: High
   * **Master**: All
7. At the top of the **Syslog Workflow Integration** window, toggle on the **Enabled** **button**.
8. Click **Save**.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/darktrace-ndr.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.