Is there anyone who has integrated Darktrace with ArcSight?
Oh, sorry, I spoke too soon - seems that they have added CEF support! Its only a press release, but you might want to look at DarkTrace directly and check their documentation (I cant get to it) and see…
When is DarkTrace going to supported by ArcSight? I'm going to integrate it alerting and develop some use cases based on events. By the way, I guess it may need flex for parse the logs. Am I right…
No worries. I started the flex development. I will publish once I completed flex file.
Darktrace already support output in CEF, so you can just use that format to send as syslog to a connector, and it should work out of the box :)
This is also mentioned by Darktrace on their website as well, that it already is compatible with all the major SIEMS (including ArcSight)