This article walks you through the steps to configure Darktrace Enterprise Immune System as an alert source for Threat Hunting
In Red Canary, MDR integration with Darktrace Enterprise Immune System is possible only via email as the ingest method.
- From your Red Canary homepage, click Integrations.
- From the Integrations section, locate and then click the security product you want to integrate with Red Canary.
Note: If you do not see your security product listed, click See all integrations. - In the search bar, type and then select your third-party security source.
- Continue onto the next step by configuring your third-party security source in Red Canary.
Note: Your third-party security source may require that you contact Red Canary to configure. - For Ingest Format/Method, ensure that Dark Trace Enterprise Immune System via Email is selected.
- Click Require alerts to be delivered for ingest over TLS?
- Click Save Configuration to save all changes.
- Activate the source to start processing alerts.
You are responsible for adding the newly created email address into Darktrace Enterprise Immune System so as to forward alerts to Red Canary. After the changes are completed, Red Canary should start ingesting new alerts in about 15 to 30 minutes, depending on how long it takes the collector to finish initial set up.