Application Integrations
      Back to home
      1. Help Center
      2. Application Integrations

      Darktrace Integration

      AgileBlue's Cerulean AI SecOps platform can monitor alert logs generated by Darktrace, a network monitoring solution, with a couple of integration methods avialable.

      Supported Data Streams

      By leveraging Darktrace's REST API or collecting the same data via Syslog, AgileBlue is able to ingest alert logs from the following data streams:

      • AI Analyst Alert
      • Model Breach Alert
      • System Status Alert (Syslog only)

      Supported Versions

      The integration is tested against the following Darktrace versions:

      • Darktrace Threat Visualizer v5.2

      Setup Steps (API - Recommended)

      1. Access your Darktrace Threat Visualizer console and collect the Hostname URL
      2. Access the following link in order to leverage Darktrace to generate a Public and Private API Token:
        1. https://customerportal.darktrace.com/product-guides/main/api-tokens
      3. Securely send the collected values to AgileBlue Support (support@agileblue.com)
        1. Darktrace Console URL
        2. Public API Token
        3. Private API Token

      Setup Steps (Syslog - Optional)

      1. Follow this guide to install the Cerulean Agent in syslog mode on a device in your environment
        1. NOTE: If you have previously configured syslog collection on the Cerulean platform, you can skip step No. 1
      2. Contact AgileBlue Support to confirm the target device is enrolled in your Syslog policy; support will respond with dedicated UDP port numbers for each of the following data streams:
        1. AI Analyst Alert Logs
        2. Model Breach Alert Logs
        3. System Status Alert Logs
      3. Access your Darktrace Threat Visualizer Dashboard then select Main Menu > Admin in order to access your System Config page
      4. Click Modules
      5. Select Workflow Integrations > Syslog
      6. Choose Syslog JSON then click New
      7. Under IP Address, enter the IP of the device running the Cerulean Agent in syslog mode, which was configured in step one
      8. Enter the specific port numbers provided by AgileBlue support for each of the corresponding data streams

      Need Help?

      AgileBlue is always here to support you and ensure you are 100% successful. If there are any issues with the installation or if you have any questions, please reach out to AgileBlue Support.

      Email: support@agileblue.com 
      Phone: (216) 606-9400      🚨