Darktrace integration with ArcSight
I know of one customer who has DarkTrace and ArcSight but hasn't integrated them - and has no plan to integrate either. Mainly due to the nature of the teams that use both sets of solutions.
What is it that you are looking to do and what are the things you are trying to solve?
Oh, sorry, I spoke too soon - seems that they have added CEF support! Its only a press release, but you might want to look at DarkTrace directly and check their documentation (I cant get to it) and see how to do this:
When is DarkTrace going to supported by ArcSight? I'm going to integrate it alerting and develop some use cases based on events. By the way, I guess it may need flex for parse the logs. Am I right ?
Yes, a Flex will be required.
As for when? Thats a good question. What we see is a very small section of customers have DarkTrace and as a result, demand is low. If you want to increase the priority, the best thing to do is raise a support ticket - I know it sounds like an odd thing, but its actually quite a good process. Raise a ticket asking for support for DarkTrace. Support then raise an enhancement request (using Jira) and then the R&D team then collates all of this into priorities.
If there is demand, they will get it done. But do also put some pressure on DarkTrace too. They are a small and nimble organization who can react pretty quickly, so I wouldnt be surprised if they already have something too.
I have submitted my parser file to hp for validation and Hp updated the syslog daemon with it. So simply you can use Darktrace Syslog now. 😄
Darktrace already support output in CEF, so you can just use that format to send as syslog to a connector, and it should work out of the box 🙂
This is also mentioned by Darktrace on their website as well, that it already is compatible with all the major SIEMS (including ArcSight)
All topics and replies made is based on my personal opinion, viewpoint and experience, it does not represent the viewpoints of MicroFocus.
All replies is based on best effort, and can not be taken as official support replies.