Highlighted
Acclaimed Contributor.
Acclaimed Contributor.
2212 views

Darktrace integration with ArcSight

Hi All,

Is there anyone who has integrated Darktrace with ArcSight?

Cheers

Gayan

Mr
Labels (3)
0 Likes
11 Replies
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Darktrace integration with ArcSight

I know of one customer who has DarkTrace and ArcSight but hasn't integrated them - and has no plan to integrate either. Mainly due to the nature of the teams that use both sets of solutions.

What is it that you are looking to do and what are the things you are trying to solve?

0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Darktrace integration with ArcSight

Oh, sorry, I spoke too soon - seems that they have added CEF support! Its only a press release, but you might want to look at DarkTrace directly and check their documentation (I cant get to it) and see how to do this:

Darktrace | Innovative New Features Strengthen Immune System

0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Darktrace integration with ArcSight

Hi Paul,

When is DarkTrace going to supported by ArcSight? I'm going to integrate it alerting and develop some use cases based on events. By the way, I guess it may need flex for parse the logs. Am I right ?

Cheers

Gayan

Mr
0 Likes
Trusted Contributor.
Trusted Contributor.

Re: Darktrace integration with ArcSight

I was wondering the same thing.

0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Darktrace integration with ArcSight

Yes, a Flex will be required.

As for when? Thats a good question. What we see is a very small section of customers have DarkTrace and as a result, demand is low. If you want to increase the priority, the best thing to do is raise a support ticket - I know it sounds like an odd thing, but its actually quite a good process. Raise a ticket asking for support for DarkTrace. Support then raise an enhancement request (using Jira) and then the R&D team then collates all of this into priorities.

If there is demand, they will get it done. But do also put some pressure on DarkTrace too. They are a small and nimble organization who can react pretty quickly, so I wouldnt be surprised if they already have something too.

0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Darktrace integration with ArcSight

No worries. I started the flex development. I will publish once I completed flex file.

Cheers

Gayan

Mr
Highlighted
Frequent Contributor.
Frequent Contributor.

Re: Darktrace integration with ArcSight

Gayan, 

 

Did you ever get this flex connector up? I don't see it in the Marketplace. 

 

-Jordan

0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Darktrace integration with ArcSight

Hi Jordan,

I have submitted my parser file to hp for validation and Hp updated the syslog daemon with it. So simply you can use Darktrace Syslog now. 😄

Cheers

Gayan 

Mr
0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: Darktrace integration with ArcSight

Hey Gayan can you please share the flex connector and possible use case for darktrace. Thanks
NSN
Highlighted
Honored Contributor.
Honored Contributor.

Re: Darktrace integration with ArcSight

Hi, are there any news about darktrace integration (smart or flex connector, source configuration?) with arcsight?

Thanks

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Darktrace integration with ArcSight

Darktrace already support output in CEF, so you can just use that format to send as syslog to a connector, and it should work out of the box 🙂

This is also mentioned by Darktrace on their website as well, that it already is compatible with all the major SIEMS (including ArcSight)

-----------------------------------------------------------------------------------------
All topics and replies made is based on my personal opinion, viewpoint and experience, it does not represent the viewpoints of MicroFocus.
All replies is based on best effort, and can not be taken as official support replies.
//Marius
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.