Darktrace
  • 01 May 2022
  • 3 Minutes to read
  • Dark
    Light
  • PDF

Darktrace

  • Dark
    Light
  • PDF

Darktrace Immune System protects workforce and data from sophisticated attackers, by detecting, investigating and responding to cyber-threats.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices

Parameters

  1. Host Name or IP Address (required) - The hostname or IP address of the Darktrace server.

  2. Public API Key (required) - A public API Key associated with a user account that has permissions to fetch assets.

  3. Private API Key (required) - A private API Key associated with a user account that has permissions to fetch assets.

  4. Signature Offset in hours (optional) - Increase or decrease the number of hours to offset the timestamp of the Axonius client.

    • If the client timestamp is less than the server timestamp, increase the number of hours to synchronize the values. For example, if the server timestamp is 16:00 and the client timestamp is 14:00, enter '2' to synchronize the timestamp values.
    • If the client timestamp is more than the server timestamp, decrease the number of hours to synchronize the values. For example, if the server timestamp is 14:00 and the client timestamp is 16:00, enter '-2' to synchronize the timestamp values.
  5. Verify SSL (required, default: false) - Select to verify the SSL certificate offered by the value supplied in Host Name or IP Address. For more details, see SSL Trust & CA Settings.

  6. HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in Host Name or IP Address.

    • When supplied, Axonius uses the proxy when connecting to the value supplied in Host Name or IP Address.
    • When not supplied, Axonius connects directly to the value supplied in Host Name or IP Address.
  7. HTTPS Proxy User Name (optional, default: empty) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

    • When supplied, Axonius authenticates with this value when connecting to the value supplied in HTTPS Proxy.
    • When not supplied, Axonius does not perform authentication when connecting to the value supplied in HTTPS Proxy.
  8. HTTPS Proxy Password (optional, default: empty) - The password to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

    • When supplied, Axonius authenticates with this value when connecting to the value supplied in HTTPS Proxy.
    • When not supplied, Axonius does not perform authentication when connecting to the value supplied in HTTPS Proxy.
  9. To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Darktrace_31-3-22


Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters

  1. Fetch model breaches for devices (required, default: false) - Select whether to fetch an additional layer of data, the list of model breaches that run on each device.
    • When enabled, all connections for this adapter also fetch model breaches for each device.
    • When disabled, all connections for this adapter do not fetch model breaches for each device.
  2. Don't fetch devices without hostname (required, default: false) - Select to exclude fetching devices without a hostname. If cleared, all connections for this adapter will fetch devices even if they don't have a hostname.


Note:

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.


APIs

Axonius uses the Darktrace API.

Required Permissions

The value supplied in Public API Key must be associated with credentials that have permissions to fetch assets.

Acquiring the API Token Pair

Before any data can be queried, an API token pair is needed for each Master appliance. Creating the API token requires access to the Darktrace Threat Visualizer interface and a user account with appropriate permissions to access and modify the System Config page.

  1. Navigate to the System Config page on the Threat Visualizer of the appliance you want to request data from.
  2. Select Settings from the left-hand menu.
  3. From the API Token sub-section, click New. The Public and Private token values are displayed.
    Both tokens are required to generate the DT-API Signature value, which must be passed with every API request made to the appliance, so make sure you record them securely.




What's Next
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.