This article walks you through the steps to configure Darktrace Enterprise Immune System as an alert source for threat Investigation.
In Red Canary, threat investigation integration with Darktrace Enterprise Immune System is possible only via email as the ingest method.
- Click Integrations, and then click Alert Sources.
- Find and click Darktrace Enterprise Immune System. Your screen will look like this:
- For Ingest Format/Method, ensure that Dark Trace Enterprise Immune System via Email is selected.
- Click Require alerts to be delivered for ingest over TLS?
- Click Save Configuration to save all changes.
- Activate the source to start processing alerts.
You are responsible for adding the newly created email address into Darktrace Enterprise Immune System so as to forward alerts to Red Canary. After the changes are completed, Red Canary should start ingesting new alerts in about 15 to 30 minutes, depending on how long it takes the collector to finish initial set up.