Is there anyone who has integrated Darktrace with ArcSight?
Oh, sorry, I spoke too soon - seems that they have added CEF support! Its only a press release, but you might want to look at DarkTrace directly and check their documentation (I cant get to it) and see…
When is DarkTrace going to supported by ArcSight? I'm going to integrate it alerting and develop some use cases based on events. By the way, I guess it may need flex for parse the logs. Am I right…
No worries. I started the flex development. I will publish once I completed flex file.
I know of one customer who has DarkTrace and ArcSight but hasn't integrated them - and has no plan to integrate either. Mainly due to the nature of the teams that use both sets of solutions.
What is it that you are looking to do and what are the things you are trying to solve?
Oh, sorry, I spoke too soon - seems that they have added CEF support! Its only a press release, but you might want to look at DarkTrace directly and check their documentation (I cant get to it) and see how to do this:
Yes, a Flex will be required.
As for when? Thats a good question. What we see is a very small section of customers have DarkTrace and as a result, demand is low. If you want to increase the priority, the best thing to do is raise a support ticket - I know it sounds like an odd thing, but its actually quite a good process. Raise a ticket asking for support for DarkTrace. Support then raise an enhancement request (using Jira) and then the R&D team then collates all of this into priorities.
If there is demand, they will get it done. But do also put some pressure on DarkTrace too. They are a small and nimble organization who can react pretty quickly, so I wouldnt be surprised if they already have something too.