Darktrace 提供网络安全 AI 服务,以提供对安全态势的抢先可见性、实时检测以及对已知和未知威胁的自主响应。 可以将 Darktrace 插件与 Microsoft Security Copilot 配合使用,以主动检测、调查和响应数字生态系统中的威胁。
- 使用自然语言查询 Darktrace 的丰富和高保真安全数据,从而简化调查过程并加快威胁响应速度。
- 利用 Copilot 的生成 AI 功能与 Darktrace 的安全警报、设备信息和电子邮件安全见解进行交互,从而增强对安全环境的总体了解。
- 全面了解组织的安全状况,包括设备连接、外部终结点、AI 分析师事件和电子邮件相关威胁。
通过将 Darktrace 无与伦比的 AI 驱动威胁检测和缓解与Microsoft Security Copilot集成,此插件全面改进了安全团队的功能。 通过易于使用的自然语言界面获取对可能的安全事件、特权帐户和异常用户活动的实时见解。
本文包含有关第三方插件的信息。 这是为了帮助完成集成方案而提供的。 但是,Microsoft不提供对第三方插件的故障排除支持。 请联系第三方供应商获取支持。
与 Security Copilot 集成需要客户端凭据应用程序 (CCA) 。 在使用插件之前,需要执行以下步骤。
登录到 Darktrace 客户门户,并创建 CCA。 将以下信息保存到安全位置:
- Your Darktrace API URL
- 客户端 ID
- 客户端密码
- 范围
- 令牌终结点
在 “Darktrace”旁边,选择切换以启用它。
在插件的设置窗格中,提供在步骤 1 中保存的信息。
配置 Darktrace 插件后,可以通过在Security Copilot提示栏中键入Darktrace
操作来使用它。 下表列出了尝试的示例提示。
功能 | 示例提示 |
获取模型违规 | What were the top 5 high-scoring Darktrace alerts in the last week? Show me all the model breaches involving device ID 500 in the past month from Darktrace. Retrieve the model breach information for pbid 1234 and explain what occurred. Display Darktrace model breaches for subnet ID 250 with a minimum score of 0.7 in the last 72 hours. |
获取模型违规注释 | What are the latest comments on the Darktrace model breach with pbid 4567? Has anyone added any valuable information to the model breach with pbid 1234 in Darktrace? |
获取 AI 分析师事件组 | Show me the Darktrace AI Analyst incidents with a score higher than 90 from the past week. List all critical incidents involving device ID 1500 in the last month from Darktrace. Retrieve incidents associated with subnet ID 300 in the past 7 days from Darktrace and display them in the German language. Are there any Darktrace AI Analyst incidents with the unique identifier "abcd-1234-efgh-5678" in the system? |
获取 AI 分析师事件 | Give me a detailed breakdown of the Darktrace incident with groupid "g04a3f36e-4u8w-v9dh-x6lb-894778cf9633". Show me more information about this Darktrace incident in Spanish. What are the Darktrace AI Analyst events for device ID 1000 that are part of critical incidents? |
获取 AI 分析师事件注释 | What are the recent comments on the Darktrace AI Analyst event with incident_id "04a3f36e-4u8w-v9dh-x6lb-894778cf9633"? Has anyone from the security team added any context to this Darktrace incident? |
获取设备信息 | Can you provide detailed information about device ID 1234 from Darktrace, including any tags associated with it? What is the current IP address of device ID 9 in the Darktrace system? Retrieve the device information for the entity with MAC address "AA:BB:CC:DD:EE:FF" from Darktrace. |
搜索设备 | Find all devices in subnet with a "Respond" tag and sort them by last seen using Darktrace. Has Darktrace seen a laptop with the IP address Show me a list of devices that could be owned by "sarah" in Darktrace, sorted by last seen activity. |
将模型违规格式设置为表 | Get me high scoring model alerts from Darktrace in the past week, format the results as a table, and give me definitions of any complex terminology. Display all Darktrace model breaches involving device ID 250 in the past month in a table format, and include a column with descriptions of the breach categories. Present Darktrace model breaches for subnet ID 100 with a minimum score of 0.8 in the last 72 hours as a table, and include a column with the involved devices' hostnames. |
分析 AI 分析师事件趋势 | What are the common themes among the Darktrace AI Analyst incidents with a score higher than 90 from the past month? Analyze the Darktrace AI Analyst incidents involving device ID 1500 in the last month and identify any patterns or trends in the security events. Are there any recurring issues or attack vectors in the Darktrace AI Analyst incidents associated with subnet ID 200 in the past 7 days? |
调查 AI 分析师事件 | Can you provide a detailed analysis of the Darktrace AI Analyst event with incident_id "04a3f36e-4u8w-v9dh-x6lb-894778cf9633" and suggest possible mitigations? Investigate the Darktrace AI Analyst event with incident_id "04a3f36e-4u8w-v9dh-x6lb-894778cf9633" in depth and provide a report on its potential impact on our network. |
设备所有者标识 | Can you identify the owner of the device with IP address in Darktrace based on its activity patterns and associated user accounts? Determine the likely owner of the device with MAC address "AA:BB:CC:DD:EE:FF" in Darktrace by analyzing its usage patterns and associated services. |
对 Darktrace 插件进行故障排除
若要将数据筛选到特定时间范围,此插件可能需要 Epoch/UNIX 格式的时间戳。 若要以正确的格式检索相关时间范围,请使用 或 https://unixtime.org等https://epochconverter.com服务。
若要提供反馈,请联系 Darktrace。