Darktrace 提供資安 AI 服務,提供預先掌握安全態勢、即時偵測及對已知與未知威脅的自主回應。 你可以使用 Darktrace 外掛搭配 Microsoft Security Copilot,主動偵測並調查整個數位生態系統中的威脅。
- 利用自然語言查詢 Darktrace 豐富且高保真度的安全資料,簡化調查流程並加速威脅回應。
- 利用 Copilot 的生成式 AI 功能,與 Darktrace 的安全警示、裝置資訊及電子郵件安全洞察互動,提升對安全環境的整體理解。
- 全面掌握貴組織的安全狀況,包括裝置連線、外部端點、網路人工智慧分析師事件及電子郵件相關威脅。
透過整合 Darktrace 無與倫比的 AI 驅動威脅偵測與緩解功能,與 Microsoft Security Copilot 整合,此外掛提升了各安全團隊的能力。 透過易於使用的自然語言介面,即時洞察可能的安全事件、特權帳號及異常使用者行為。
注意事項
本文包含有關第三方外掛的資訊。 此功能旨在協助完成整合情境。 然而,Microsoft 並未提供第三方外掛的故障排除支援。 請聯絡第三方供應商尋求支援。
開始之前的須知事項
Darktrace 與 Security Copilot 的整合使用 OAuth 用戶端憑證流程進行認證,並需在 Darktrace Active AI 安全入口網站中設定用戶端應用程式。 請注意,Security Copilot 整合目前僅對 ActiveAI 安全入口網站的早期使用者開放。 如果您想試用 Security Copilot,請聯絡您的 Darktrace 帳戶團隊。 在使用外掛前,你需要先完成以下步驟。
登入你的 Darktrace ActiveAI 安全入口網站,前往客戶應用程式頁面,建立你的 CCA。
- 你的 Darktrace API URL
- 用戶端識別碼
- 用戶端密碼
- 你的瞄準鏡
- 代幣端點
透過從提示欄選擇「來源」按鈕來存取管理插件。
在 Darktrace 旁邊,選擇開啟它的切換開關。
在插件的設定面板裡,提供你從步驟 1 儲存的資訊。 將 AuthorizationContentType 欄位保留為預設,並在 TokenEndpoint 欄位輸入
https://auth.login.darktrace.com/oauth/token。儲存變更。
Darktrace 範例提示
設定好 Darktrace 外掛後,你可以在 Security Copilot 提示中加入Darktrace並執行動作。 下表列出可嘗試的範例提示。
| 功能 | 範例提示 |
|---|---|
| 取得模型漏洞 | What were the top 5 high-scoring Darktrace alerts in the last week? Show me all the model breaches involving device ID 500 in the past month from Darktrace. Retrieve the model breach information for pbid 1234 and explain what occurred. Display Darktrace model breaches for subnet ID 250 with a minimum score of 0.7 in the last 72 hours. |
| 獲取模型違規評論 | What are the latest comments on the Darktrace model breach with pbid 4567? Has anyone added any valuable information to the model breach with pbid 1234 in Darktrace? |
| 取得 AI 分析師事件群組 | Show me the Darktrace AI Analyst incidents with a score higher than 90 from the past week. List all critical incidents involving device ID 1500 in the last month from Darktrace. Retrieve incidents associated with subnet ID 300 in the past 7 days from Darktrace and display them in the German language. Are there any Darktrace AI Analyst incidents with the unique identifier "abcd-1234-efgh-5678" in the system? |
| 獲取 AI 分析師事件事件 | Give me a detailed breakdown of the Darktrace incident with groupid "g04a3f36e-4u8w-v9dh-x6lb-894778cf9633". Show me more information about this Darktrace incident in Spanish. What are the Darktrace AI Analyst events for device ID 1000 that are part of critical incidents? |
| 獲取 AI 分析師事件評論 | What are the recent comments on the Darktrace AI Analyst event with incident_id "04a3f36e-4u8w-v9dh-x6lb-894778cf9633"? Has anyone from the security team added any context to this Darktrace incident? |
| 取得裝置資訊 | Can you provide detailed information about device ID 1234 from Darktrace, including any tags associated with it? What is the current IP address of device ID 9 in the Darktrace system? Retrieve the device information for the entity with MAC address "AA:BB:CC:DD:EE:FF" from Darktrace. |
| 搜尋裝置 | Find all devices in subnet 10.0.1.0/24 with a "Respond" tag and sort them by last seen using Darktrace. Has Darktrace seen a laptop with the IP address 8.8.8.8? Show me a list of devices that could be owned by "sarah" in Darktrace, sorted by last seen activity. |
| 將違規模型格式化為表格 | Get me high scoring model alerts from Darktrace in the past week, format the results as a table, and give me definitions of any complex terminology. Display all Darktrace model breaches involving device ID 250 in the past month in a table format, and include a column with descriptions of the breach categories. Present Darktrace model breaches for subnet ID 100 with a minimum score of 0.8 in the last 72 hours as a table, and include a column with the involved devices' hostnames. |
| 分析 AI 分析師事件趨勢 | What are the common themes among the Darktrace AI Analyst incidents with a score higher than 90 from the past month? Analyze the Darktrace AI Analyst incidents involving device ID 1500 in the last month and identify any patterns or trends in the security events. Are there any recurring issues or attack vectors in the Darktrace AI Analyst incidents associated with subnet ID 200 in the past 7 days? |
| 調查 AI 分析師事件事件 | Can you provide a detailed analysis of the Darktrace AI Analyst event with incident_id "04a3f36e-4u8w-v9dh-x6lb-894778cf9633" and suggest possible mitigations? Investigate the Darktrace AI Analyst event with incident_id "04a3f36e-4u8w-v9dh-x6lb-894778cf9633" in depth and provide a report on its potential impact on our network. |
| 裝置擁有者識別 | Can you identify the owner of the device with IP address 8.8.8.8 in Darktrace based on its activity patterns and associated user accounts? Determine the likely owner of the device with MAC address "AA:BB:CC:DD:EE:FF" in Darktrace by analyzing its usage patterns and associated services. |
Darktrace 外掛故障排除
時間戳記支援
為了將資料過濾到特定時間範圍,此外掛可能需要以 Epoch/UNIX 格式的時間戳記。 若要以正確格式取得相關時間範圍,請使用如 https://epochconverter.com 或 https://unixtime.org的服務。
提供意見反應
如需回饋,請聯絡 Darktrace。