The Darktrace Immune System is an AI-native platform that delivers self-learning cyber defense and AI investigations, and seamlessly integrates with other tools via an open and extensible architecture.
Unifying enterprise defenses in the face of evolving threats and exploding complexity has never been more critical — nor more difficult to achieve. Today’s digital business is characterized by distributed users, diverse applications, and disjointed point solutions that are nearly impossible to harmonize. Yet with Cyber AI, security teams can protect their dynamic workforce across multiple siloes, while enhancing the value of existing investments through shared intelligence and active integrations.
The Darktrace Immune System harnesses an open architecture to seamlessly plug into a diverse ecosystem as it evolves. With one-click integrations and custom templates, the platform can ingest new forms of telemetry, share bespoke AI insights across established workflows, and interoperate with a wide range of technologies to deliver Autonomous Response across email systems, inline defenses, and collaboration platforms.
Key Benefits of Darktrace’s Open Architecture
- Enable one-click integrations for seamless extension
- Share bespoke AI insights with SIEM, SOAR, and downstream ticketing systems
- Extend visibility via native integrations with cloud and zero-trust technologies
- Activate Autonomous Response via active integrations with firewalls and preventative controls
- Extensive API support for data ingestion and asset and alert output across your security ecosystem
SIEM & SOAR
Share AI Insights
Native integrations via API and syslog allow Darktrace to feed AI detections and Cyber AI Analyst Incidents to SIEMs for analysis and correlation, as well as SOAR solutions to trigger response playbooks.
Darktrace can poll SIEM and SOAR solutions to ingest enrichment data, and SOAR playbooks can be configured to trigger custom models and Cyber AI Analyst investigations in Darktrace.
Ticketing System & Case Management
Forward Cyber AI Output
Darktrace’s detections and Cyber AI Analyst Incidents can be fed to downstream ticketing systems in various formats (e.g. CEF, LEEF, and JSON), in alignment with custom thresholds defined by the user.
Interact with Cyber AI Output
Users can acknowledge or comment on Darktrace detections or Cyber AI Analyst Incidents from within the UI of the ticketing or case management system.
Firewalls, NACLs & Preventative Controls
Darktrace Antigena can trigger Autonomous Response actions via integrations with firewalls and preventative controls for attacks that have gotten through.
Darktrace can also ingest logs from firewalls and network devices to extend visibility as needed.
VPN & Zero-Trust Technologies
Extend Workforce Coverage
By integrating with VPN and zero-trust services, Darktrace can extend its visibility across an increasingly distributed workforce. Native integrations and custom templates are available for any service in this area.
By deploying Client Sensors, Darktrace can extend its visibility of network connections to devices in branch offices or off the VPN.
Integrate with EDRs
Darktrace can also ingest EDR alerts as a weak indicator that informs our AI analysis across the business. EDR alerts can also trigger Cyber AI Analyst investigations, without the need for an underlying Darktrace detection.
Asset & Inventory Management
Darktrace can export asset CSV lists and auto-detected device types into asset management systems. It also displays a 2D network topology to provide granular visibility in this area.
Improve Asset Tracking
Darktrace can also interoperate with asset management systems to import VIP devices, tag devices, label subnets, and improve device tracking more generally.