Darktrace 提供網路安全性 AI 服務,可讓您預先掌握安全性狀態、即時偵測,以及對已知和未知威脅的自發回應。 您可以使用 Darktrace 外掛程式搭配 Microsoft Security Copilot,主動偵測、調查及響應整個數位生態系統的威脅。
藉由整合 Darktrace 的無可比對 AI 驅動威脅偵測和風險降低與 Microsoft Security Copilot,此外掛程式可全面改善安全性小組的功能。 透過易於使用的自然語言介面,取得可能安全性事件、特殊許可權帳戶和異常用戶活動的即時深入解析。
備註
本文包含第三方外掛程式的相關信息。 這是為了協助完成整合案例而提供。 不過,Microsoft不提供第三方外掛程式的疑難解答支援。 請連絡第三方廠商以取得支援。
與 Security Copilot 整合需要客戶端認證應用程式 (CCA) 。 使用外掛程式之前,您必須先採取下列步驟。
登入您的 Darktrace 客戶入口網站,並建立您的 CCA。 將下列資訊儲存至安全的位置:
從提示列選取 外掛程式 按鈕,存取 管理外掛程式。
在 [Darktrace] 旁,選取要啟用的切換開關。
在外掛程式的 [設定] 窗格中,提供您從步驟 1 儲存的資訊。
儲存變更。
設定 Darktrace 外掛程式之後,您可以在 Security Copilot 提示字元行中輸入 Darktrace ,然後輸入動作來使用它。 下表列出嘗試的範例提示。
| 功能 | 範例提示 |
|---|---|
| 取得模型缺口 | What were the top 5 high-scoring Darktrace alerts in the last week? Show me all the model breaches involving device ID 500 in the past month from Darktrace. Retrieve the model breach information for pbid 1234 and explain what occurred. Display Darktrace model breaches for subnet ID 250 with a minimum score of 0.7 in the last 72 hours. |
| 取得模型缺口批注 | What are the latest comments on the Darktrace model breach with pbid 4567? Has anyone added any valuable information to the model breach with pbid 1234 in Darktrace? |
| 取得 AI 分析師事件 群組 | Show me the Darktrace AI Analyst incidents with a score higher than 90 from the past week. List all critical incidents involving device ID 1500 in the last month from Darktrace. Retrieve incidents associated with subnet ID 300 in the past 7 days from Darktrace and display them in the German language. Are there any Darktrace AI Analyst incidents with the unique identifier "abcd-1234-efgh-5678" in the system? |
| 取得 AI 分析師事件事件 | Give me a detailed breakdown of the Darktrace incident with groupid "g04a3f36e-4u8w-v9dh-x6lb-894778cf9633". Show me more information about this Darktrace incident in Spanish. What are the Darktrace AI Analyst events for device ID 1000 that are part of critical incidents? |
| 取得 AI 分析師事件批注 | What are the recent comments on the Darktrace AI Analyst event with incident_id "04a3f36e-4u8w-v9dh-x6lb-894778cf9633"? Has anyone from the security team added any context to this Darktrace incident? |
| 取得裝置資訊 | Can you provide detailed information about device ID 1234 from Darktrace, including any tags associated with it? What is the current IP address of device ID 9 in the Darktrace system? Retrieve the device information for the entity with MAC address "AA:BB:CC:DD:EE:FF" from Darktrace. |
| 搜尋裝置 | Find all devices in subnet 10.0.1.0/24 with a "Respond" tag and sort them by last seen using Darktrace. Has Darktrace seen a laptop with the IP address 8.8.8.8? Show me a list of devices that could be owned by "sarah" in Darktrace, sorted by last seen activity. |
| 將模型缺口格式化為數據表 | Get me high scoring model alerts from Darktrace in the past week, format the results as a table, and give me definitions of any complex terminology. Display all Darktrace model breaches involving device ID 250 in the past month in a table format, and include a column with descriptions of the breach categories. Present Darktrace model breaches for subnet ID 100 with a minimum score of 0.8 in the last 72 hours as a table, and include a column with the involved devices' hostnames. |
| 分析 AI 分析師事件趨勢 | What are the common themes among the Darktrace AI Analyst incidents with a score higher than 90 from the past month? Analyze the Darktrace AI Analyst incidents involving device ID 1500 in the last month and identify any patterns or trends in the security events. Are there any recurring issues or attack vectors in the Darktrace AI Analyst incidents associated with subnet ID 200 in the past 7 days? |
| 調查 AI 分析師事件 | Can you provide a detailed analysis of the Darktrace AI Analyst event with incident_id "04a3f36e-4u8w-v9dh-x6lb-894778cf9633" and suggest possible mitigations? Investigate the Darktrace AI Analyst event with incident_id "04a3f36e-4u8w-v9dh-x6lb-894778cf9633" in depth and provide a report on its potential impact on our network. |
| 裝置擁有者識別 | Can you identify the owner of the device with IP address 8.8.8.8 in Darktrace based on its activity patterns and associated user accounts? Determine the likely owner of the device with MAC address "AA:BB:CC:DD:EE:FF" in Darktrace by analyzing its usage patterns and associated services. |
若要篩選數據至特定時間範圍,此外掛程式可能需要 Epoch/UNIX 格式的時間戳。 若要以正確的格式擷取相關的時間範圍,請使用服務,例如 https://epochconverter.com 或 https://unixtime.org。
若要提供意見反應,請連 絡 Darktrace。
訓練
學習路徑
使用 Microsoft Security Copilot 加強安全性作業 (SC-5006) - Training
使用 Microsoft Security Copilot 加強安全性作業 (SC-5006)。
認證
Microsoft Certified: Security Operations Analyst Associate - Certifications
使用 Microsoft Sentinel、適用於雲端的 Microsoft Defender 和 Microsoft 365 Defender 調查、搜尋及降低威脅。