From 3b1aa61e5570904d83a45334c447c93a585991b9 Mon Sep 17 00:00:00 2001 From: Dylan O'Sullivan Date: Thu, 13 Nov 2025 16:02:11 +0000 Subject: [PATCH 01/13] changed connector id --- Solutions/Darktrace/Analytic Rules/DarktraceIncidentEvent.yaml | 2 +- Solutions/Darktrace/Analytic Rules/DarktraceModelAlert.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Solutions/Darktrace/Analytic Rules/DarktraceIncidentEvent.yaml b/Solutions/Darktrace/Analytic Rules/DarktraceIncidentEvent.yaml index 64f2fd92bba..7172d57f4fa 100644 --- a/Solutions/Darktrace/Analytic Rules/DarktraceIncidentEvent.yaml +++ b/Solutions/Darktrace/Analytic Rules/DarktraceIncidentEvent.yaml @@ -4,7 +4,7 @@ kind: NRT description: Creates a Sentinel Incident from a Darktrace Incident Event. severity: High requiredDataConnectors: - - connectorId: DarktraceLogIngestionAPIConnector + - connectorId: DarktraceActiveAISecurityPlatform dataTypes: - DarktraceIncidents_CL tactics: [] diff --git a/Solutions/Darktrace/Analytic Rules/DarktraceModelAlert.yaml b/Solutions/Darktrace/Analytic Rules/DarktraceModelAlert.yaml index 95178fab0b9..296f2eada06 100644 --- a/Solutions/Darktrace/Analytic Rules/DarktraceModelAlert.yaml +++ b/Solutions/Darktrace/Analytic Rules/DarktraceModelAlert.yaml @@ -6,7 +6,7 @@ description: | this Analytic Rule if you would like it to create Sentinel Incidents. severity: High requiredDataConnectors: - - connectorId: DarktraceLogIngestionAPIConnector + - connectorId: DarktraceActiveAISecurityPlatform dataTypes: - DarktraceModelAlerts_CL tactics: [] From 6658236a85c71f79ca1d7e5c983220f328ac1191 Mon Sep 17 00:00:00 2001 From: Dylan O'Sullivan Date: Thu, 13 Nov 2025 16:04:57 +0000 Subject: [PATCH 02/13] sanitize email --- Sample Data/DarktraceEMAIL_CL.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Sample Data/DarktraceEMAIL_CL.json b/Sample Data/DarktraceEMAIL_CL.json index 79c41af76ba..aa071583f6e 100644 --- a/Sample Data/DarktraceEMAIL_CL.json +++ b/Sample Data/DarktraceEMAIL_CL.json @@ -23,10 +23,10 @@ ], "messageId": "5877f022-108f-4cf7-8ced-dcdf8d25770", "recipientActions": [ - "test@example.com: notify" + "sanitized@sanitized.com: notify" ], "recipients": [ - "test@example.com" + "sanitized@sanitized.com" ], "subject": "Test Darktrace / EMAIL Alert", "tags": [ From 662596f96fa1197689758d2d65653d04478cbf65 Mon Sep 17 00:00:00 2001 From: Dylan O'Sullivan Date: Mon, 12 Jan 2026 15:31:19 +0000 Subject: [PATCH 03/13] refer to new api --- Solutions/Darktrace/Package/createUiDefinition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/Darktrace/Package/createUiDefinition.json b/Solutions/Darktrace/Package/createUiDefinition.json index a72e331d8e3..a79a8826609 100644 --- a/Solutions/Darktrace/Package/createUiDefinition.json +++ b/Solutions/Darktrace/Package/createUiDefinition.json @@ -6,7 +6,7 @@ "config": { "isWizard": false, "basics": { - "description": "\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Darktrace](https://darktrace.com/) Sentinel Solution lets users connect Darktrace AI-based alerting in real-time with Microsoft Sentinel, allowing creation of custom Dashboards, Workbooks, Notebooks and Custom Alerts to improve investigation. Microsoft Sentinel's enhanced visibility into Darktrace logs enables monitoring and mitigation of security threats. \n\n**Underlying Microsoft Technologies used:**\n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \n\na. [Microsoft Sentinel Data Collector API](https://docs.microsoft.com/azure/sentinel/connect-rest-api-template)\n\n For more details about this solution refer to https://www.darktrace.com/microsoft/sentinel/\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "description": "\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Darktrace](https://darktrace.com/) Sentinel Solution lets users connect Darktrace AI-based alerting in real-time with Microsoft Sentinel, allowing creation of custom Dashboards, Workbooks, Notebooks and Custom Alerts to improve investigation. Microsoft Sentinel's enhanced visibility into Darktrace logs enables monitoring and mitigation of security threats. \n\n**Underlying Microsoft Technologies used:**\n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \n\na. [Microsoft Sentinel Log Ingestion API](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/logs-ingestion-api-overview)\n\n For more details about this solution refer to https://www.darktrace.com/microsoft/sentinel/\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", "subscription": { "resourceProviders": [ "Microsoft.OperationsManagement/solutions", From af7d11bb0e6582496541fc54391418fc2fcdf9ea Mon Sep 17 00:00:00 2001 From: Dylan O'Sullivan Date: Tue, 13 Jan 2026 16:04:26 +0000 Subject: [PATCH 04/13] added outputs [NEED TO SET VARIABLES] --- Solutions/Darktrace/Package/mainTemplate.json | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/Solutions/Darktrace/Package/mainTemplate.json b/Solutions/Darktrace/Package/mainTemplate.json index 6dd9aea205c..4afaa04e214 100644 --- a/Solutions/Darktrace/Package/mainTemplate.json +++ b/Solutions/Darktrace/Package/mainTemplate.json @@ -1074,5 +1074,22 @@ "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]" } ], - "outputs": {} + "outputs": { + "dceUrl": { + "type": "string", + "value": "[reference('darktrace-dce').properties.logsIngestion.endpoint]" + }, + "dcrId": { + "type": "string", + "value": "[resourceId('Microsoft.Insights/dataCollectionRules', 'darktrace-dcr')]" + }, + "clientId": { + "type": "string", + "value": "[reference('darktrace-app').clientId]" + }, + "clientSecret": { + "type": "string", + "value": "Generated via Key Vault or manual step" + } + } } From 21d21cce77b06ac6f0b942d8acae67a5579477a6 Mon Sep 17 00:00:00 2001 From: Dylan O'Sullivan Date: Tue, 13 Jan 2026 16:07:23 +0000 Subject: [PATCH 05/13] added resources --- Solutions/Darktrace/Package/mainTemplate.json | 41 ++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/Solutions/Darktrace/Package/mainTemplate.json b/Solutions/Darktrace/Package/mainTemplate.json index 4afaa04e214..f0bfcdc75c3 100644 --- a/Solutions/Darktrace/Package/mainTemplate.json +++ b/Solutions/Darktrace/Package/mainTemplate.json @@ -1072,9 +1072,48 @@ } }, "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]" + }, + { + "type": "Microsoft.Insights/dataCollectionEndpoints", + "apiVersion": "2021-09-01-preview", + "name": "darktrace-dce", + "location": "[parameters('location')]", + "properties": { + "networkAccess": { + "publicNetworkAccess": "Enabled" + } + } + }, + { + "type": "Microsoft.Insights/dataCollectionRules", + "apiVersion": "2021-09-01-preview", + "name": "darktrace-dcr", + "location": "[parameters('location')]", + "properties": { + "dataFlows": [ + { + "streams": [ "Custom-Darktrace" ], + "destinations": [ "la-destination" ] + } + ], + "destinations": { + "logAnalytics": [ + { + "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceName'))]", + "name": "la-destination" + } + ] + } + } + }, + { + "type": "Microsoft.ManagedIdentity/userAssignedIdentities", + "apiVersion": "2018-11-30", + "name": "darktrace-app", // Need to think of better name or label + "location": "[parameters('location')]" } ], - "outputs": { + "outputs": { // used for setting up in alert translator "dceUrl": { "type": "string", "value": "[reference('darktrace-dce').properties.logsIngestion.endpoint]" From b9c7e25de48ab71511ba1c6197fe52095d0cff44 Mon Sep 17 00:00:00 2001 From: Dylan O'Sullivan Date: Tue, 13 Jan 2026 16:17:43 +0000 Subject: [PATCH 06/13] changed naming --- Solutions/Darktrace/Package/mainTemplate.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Solutions/Darktrace/Package/mainTemplate.json b/Solutions/Darktrace/Package/mainTemplate.json index f0bfcdc75c3..5657c6e75b7 100644 --- a/Solutions/Darktrace/Package/mainTemplate.json +++ b/Solutions/Darktrace/Package/mainTemplate.json @@ -1076,7 +1076,7 @@ { "type": "Microsoft.Insights/dataCollectionEndpoints", "apiVersion": "2021-09-01-preview", - "name": "darktrace-dce", + "name": "darktrace-log-ingestion-dce", "location": "[parameters('location')]", "properties": { "networkAccess": { @@ -1087,7 +1087,7 @@ { "type": "Microsoft.Insights/dataCollectionRules", "apiVersion": "2021-09-01-preview", - "name": "darktrace-dcr", + "name": "darktrace-log-ingestion-dcr", "location": "[parameters('location')]", "properties": { "dataFlows": [ @@ -1109,22 +1109,22 @@ { "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "apiVersion": "2018-11-30", - "name": "darktrace-app", // Need to think of better name or label + "name": "darktrace-log-ingestion-app", "location": "[parameters('location')]" } ], - "outputs": { // used for setting up in alert translator + "outputs": { "dceUrl": { "type": "string", - "value": "[reference('darktrace-dce').properties.logsIngestion.endpoint]" + "value": "[reference('darktrace-log-ingestion-dce').properties.logsIngestion.endpoint]" }, "dcrId": { "type": "string", - "value": "[resourceId('Microsoft.Insights/dataCollectionRules', 'darktrace-dcr')]" + "value": "[resourceId('Microsoft.Insights/dataCollectionRules', 'darktrace-log-ingestion-dcr')]" }, "clientId": { "type": "string", - "value": "[reference('darktrace-app').clientId]" + "value": "[reference('darktrace-log-ingestion-app').clientId]" }, "clientSecret": { "type": "string", From 4f3cd36055087c96fb0f4abd7aa97231c0909744 Mon Sep 17 00:00:00 2001 From: Dylan O'Sullivan Date: Tue, 13 Jan 2026 16:20:40 +0000 Subject: [PATCH 07/13] update step --- Solutions/Darktrace/Package/createUiDefinition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/Darktrace/Package/createUiDefinition.json b/Solutions/Darktrace/Package/createUiDefinition.json index a79a8826609..6aea82b9811 100644 --- a/Solutions/Darktrace/Package/createUiDefinition.json +++ b/Solutions/Darktrace/Package/createUiDefinition.json @@ -60,7 +60,7 @@ "name": "dataconnectors1-text", "type": "Microsoft.Common.TextBlock", "options": { - "text": "The Darktrace REST API connector pushes real-time events from Darktrace's Product Suite to Microsoft Sentinel and is designed to be used with the Darktrace Solution for Sentinel. The connector writes logs to a custom log table titled \"darktrace_model_alerts_CL\"; Model Breaches, AI Analyst Incidents, System Alerts and Antigena Email alerts can be ingested - additional filters can be set up on Darktrace system configuration page. Data is pushed to Sentinel from Darktrace appliances." + "text": "The Darktrace Log Ingestion API connector pushes real-time events from Darktrace's Product Suite to Microsoft Sentinel and is designed to be used with the Darktrace Solution for Sentinel. The connector writes logs to a custom log tables named accordingly; Model Breaches, AI Analyst Incidents, System Alerts, Response Actions, Attack Surface Management alerts and Email alerts can be ingested - additional filters can be set up on Darktrace system configuration page. Data is pushed to Sentinel from Darktrace appliances." } }, { From 7040597520d34ec4e7fd569c24a6106d9e398f28 Mon Sep 17 00:00:00 2001 From: Dylan O'Sullivan Date: Tue, 13 Jan 2026 16:21:53 +0000 Subject: [PATCH 08/13] more steps --- Solutions/Darktrace/Package/createUiDefinition.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Solutions/Darktrace/Package/createUiDefinition.json b/Solutions/Darktrace/Package/createUiDefinition.json index 6aea82b9811..5364ced8af4 100644 --- a/Solutions/Darktrace/Package/createUiDefinition.json +++ b/Solutions/Darktrace/Package/createUiDefinition.json @@ -88,7 +88,7 @@ "name": "workbooks-text", "type": "Microsoft.Common.TextBlock", "options": { - "text": "This solution installs workbook to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view." + "text": "This solution installs the workbook to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view." } }, { @@ -110,7 +110,7 @@ "name": "workbook1-text", "type": "Microsoft.Common.TextBlock", "options": { - "text": "The Darktrace Workbook visualises Model Breach and AI Analyst data received by the Darktrace Data Connector and visualises events across the network, SaaS, IaaS and Email." + "text": "The Darktrace Workbook visualises alert data received by the Darktrace Log Ingestion API and visualises events across the network, SaaS, IaaS and Email." } } ] From 77bd4b53cf3536e740de72f3193caad0649c371f Mon Sep 17 00:00:00 2001 From: Dylan O'Sullivan Date: Tue, 13 Jan 2026 16:29:06 +0000 Subject: [PATCH 09/13] removed stapi as no rule yet --- .../Darktrace/Package/createUiDefinition.json | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/Solutions/Darktrace/Package/createUiDefinition.json b/Solutions/Darktrace/Package/createUiDefinition.json index 5364ced8af4..06524ffa580 100644 --- a/Solutions/Darktrace/Package/createUiDefinition.json +++ b/Solutions/Darktrace/Package/createUiDefinition.json @@ -146,13 +146,13 @@ { "name": "analytic1", "type": "Microsoft.Common.Section", - "label": "Darktrace Model Breach", + "label": "Darktrace Model Alert", "elements": [ { "name": "analytic1-text", "type": "Microsoft.Common.TextBlock", "options": { - "text": "This rule creates Microsoft Sentinel Alerts based on Darktrace Model Breaches, fetched every 5 minutes." + "text": "This rule creates Microsoft Sentinel Alerts based on Darktrace Model Alerts, fetched every 5 minutes." } } ] @@ -170,20 +170,6 @@ } } ] - }, - { - "name": "analytic3", - "type": "Microsoft.Common.Section", - "label": "Darktrace System Status", - "elements": [ - { - "name": "analytic3-text", - "type": "Microsoft.Common.TextBlock", - "options": { - "text": "This rule creates Microsoft Sentinel Alerts based on Darktrace system status alerts for health monitoring, fetched every 5 minutes." - } - } - ] } ] } From 2305f4b218577932c862b23225b1ae733c0eecfd Mon Sep 17 00:00:00 2001 From: Dylan O'Sullivan Date: Thu, 15 Jan 2026 15:28:53 +0000 Subject: [PATCH 10/13] incident events --- Solutions/Darktrace/Package/createUiDefinition.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Solutions/Darktrace/Package/createUiDefinition.json b/Solutions/Darktrace/Package/createUiDefinition.json index 06524ffa580..d4a3cfb03fe 100644 --- a/Solutions/Darktrace/Package/createUiDefinition.json +++ b/Solutions/Darktrace/Package/createUiDefinition.json @@ -160,13 +160,13 @@ { "name": "analytic2", "type": "Microsoft.Common.Section", - "label": "Darktrace AI Analyst", + "label": "Darktrace AI Analyst Incident Events", "elements": [ { "name": "analytic2-text", "type": "Microsoft.Common.TextBlock", "options": { - "text": "This rule creates Microsoft Sentinel Incidents based on Darktrace AI Analyst Incidents, fetched every 5 minutes." + "text": "This rule creates Microsoft Sentinel Incidents based on Darktrace AI Analyst Incident Events, fetched every 5 minutes." } } ] From 9a0a6b5d8789762b1547c7f90b17cf32d51d8b74 Mon Sep 17 00:00:00 2001 From: Dylan O'Sullivan Date: Thu, 15 Jan 2026 15:37:40 +0000 Subject: [PATCH 11/13] grammar --- Solutions/Darktrace/Package/createUiDefinition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/Darktrace/Package/createUiDefinition.json b/Solutions/Darktrace/Package/createUiDefinition.json index d4a3cfb03fe..11db50123a1 100644 --- a/Solutions/Darktrace/Package/createUiDefinition.json +++ b/Solutions/Darktrace/Package/createUiDefinition.json @@ -60,7 +60,7 @@ "name": "dataconnectors1-text", "type": "Microsoft.Common.TextBlock", "options": { - "text": "The Darktrace Log Ingestion API connector pushes real-time events from Darktrace's Product Suite to Microsoft Sentinel and is designed to be used with the Darktrace Solution for Sentinel. The connector writes logs to a custom log tables named accordingly; Model Breaches, AI Analyst Incidents, System Alerts, Response Actions, Attack Surface Management alerts and Email alerts can be ingested - additional filters can be set up on Darktrace system configuration page. Data is pushed to Sentinel from Darktrace appliances." + "text": "The Darktrace Log Ingestion API connector pushes real-time events from Darktrace's Product Suite to Microsoft Sentinel and is designed to be used with the Darktrace Solution for Sentinel. The connector writes logs to custom log tables named accordingly; Model Breaches, AI Analyst Incidents, System Alerts, Response Actions, Attack Surface Management alerts and Email alerts can be ingested - additional filters can be set up on Darktrace system configuration page. Data is pushed to Sentinel from Darktrace appliances." } }, { From 0efd522f6171be34de5b715cf6cdb35feab3a62c Mon Sep 17 00:00:00 2001 From: Dylan O'Sullivan Date: Thu, 15 Jan 2026 15:47:10 +0000 Subject: [PATCH 12/13] sanitize email --- Sample Data/DarktraceEMAIL_CL.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sample Data/DarktraceEMAIL_CL.json b/Sample Data/DarktraceEMAIL_CL.json index aa071583f6e..cf61ba9b2bc 100644 --- a/Sample Data/DarktraceEMAIL_CL.json +++ b/Sample Data/DarktraceEMAIL_CL.json @@ -17,7 +17,7 @@ "customLabel": "Sample Label", "darktraceProduct": "Darktrace / EMAIL", "direction": "inbound", - "from": "test@darktrace.com", + "from": "sanitized@sanitized.com", "linkHosts": [ "darktrace.com" ], From 854252642383a7f73750a4894df385f72e54fda8 Mon Sep 17 00:00:00 2001 From: Dylan O'Sullivan Date: Thu, 15 Jan 2026 15:52:19 +0000 Subject: [PATCH 13/13] solution validations --- Solutions/Darktrace/Package/createUiDefinition.json | 4 ++-- Solutions/Darktrace/Package/mainTemplate.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Solutions/Darktrace/Package/createUiDefinition.json b/Solutions/Darktrace/Package/createUiDefinition.json index 11db50123a1..4f823840a75 100644 --- a/Solutions/Darktrace/Package/createUiDefinition.json +++ b/Solutions/Darktrace/Package/createUiDefinition.json @@ -6,7 +6,7 @@ "config": { "isWizard": false, "basics": { - "description": "\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Darktrace](https://darktrace.com/) Sentinel Solution lets users connect Darktrace AI-based alerting in real-time with Microsoft Sentinel, allowing creation of custom Dashboards, Workbooks, Notebooks and Custom Alerts to improve investigation. Microsoft Sentinel's enhanced visibility into Darktrace logs enables monitoring and mitigation of security threats. \n\n**Underlying Microsoft Technologies used:**\n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \n\na. [Microsoft Sentinel Log Ingestion API](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/logs-ingestion-api-overview)\n\n For more details about this solution refer to https://www.darktrace.com/microsoft/sentinel/\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "description": "\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Darktrace](https://darktrace.com/) Microsoft Sentinel Solution lets users connect Darktrace AI-based alerting in real-time with Microsoft Sentinel, allowing creation of custom Dashboards, Workbooks, Notebooks and Custom Alerts to improve investigation. Microsoft Sentinel's enhanced visibility into Darktrace logs enables monitoring and mitigation of security threats. \n\n**Underlying Microsoft Technologies used:**\n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \n\na. [Microsoft Sentinel Log Ingestion API](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/logs-ingestion-api-overview)\n\n For more details about this solution refer to https://www.darktrace.com/microsoft/sentinel/\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", "subscription": { "resourceProviders": [ "Microsoft.OperationsManagement/solutions", @@ -60,7 +60,7 @@ "name": "dataconnectors1-text", "type": "Microsoft.Common.TextBlock", "options": { - "text": "The Darktrace Log Ingestion API connector pushes real-time events from Darktrace's Product Suite to Microsoft Sentinel and is designed to be used with the Darktrace Solution for Sentinel. The connector writes logs to custom log tables named accordingly; Model Breaches, AI Analyst Incidents, System Alerts, Response Actions, Attack Surface Management alerts and Email alerts can be ingested - additional filters can be set up on Darktrace system configuration page. Data is pushed to Sentinel from Darktrace appliances." + "text": "The Darktrace Log Ingestion API connector pushes real-time events from Darktrace's Product Suite to Microsoft Sentinel and is designed to be used with the Darktrace Solution for Microsoft Sentinel. The connector writes logs to custom log tables named accordingly; Model Breaches, AI Analyst Incidents, System Alerts, Response Actions, Attack Surface Management alerts and Email alerts can be ingested - additional filters can be set up on Darktrace system configuration page. Data is pushed to Microsoft Sentinel from Darktrace appliances." } }, { diff --git a/Solutions/Darktrace/Package/mainTemplate.json b/Solutions/Darktrace/Package/mainTemplate.json index 5657c6e75b7..1ff3415f8ac 100644 --- a/Solutions/Darktrace/Package/mainTemplate.json +++ b/Solutions/Darktrace/Package/mainTemplate.json @@ -688,7 +688,7 @@ "id": "[variables('_uiConfigId1')]", "title": "Darktrace Connector for Microsoft Sentinel REST API", "publisher": "Darktrace", - "descriptionMarkdown": "The Darktrace REST API connector pushes real-time events from Darktrace to Microsoft Sentinel and is designed to be used with the Darktrace Solution for Sentinel. The connector writes logs to a custom log table titled \"darktrace_model_alerts_CL\"; Model Breaches, AI Analyst Incidents, System Alerts and Email Alerts can be ingested - additional filters can be set up on the Darktrace System Configuration page. Data is pushed to Sentinel from Darktrace masters.", + "descriptionMarkdown": "The Darktrace REST API connector pushes real-time events from Darktrace to Microsoft Sentinel and is designed to be used with the Darktrace Solution for Microsoft Sentinel. The connector writes logs to a custom log table titled \"darktrace_model_alerts_CL\"; Model Breaches, AI Analyst Incidents, System Alerts and Email Alerts can be ingested - additional filters can be set up on the Darktrace System Configuration page. Data is pushed to Microsoft Sentinel from Darktrace masters.", "graphQueries": [ { "metricName": "Total data received",