Forum Discussion

Brass Contributor

Nov 06, 2021

No Analytics Rule for Dark Trace??

Hello, We have a client having Dark Trace installed within their environment and we have Data Connector enabled. however I dont see any Analytics rule associated with Dark Trace. Is it to any wo...

GaryBushey

Bronze Contributor

Nov 07, 2021

FahadAhmed You will see that a lot of the data connectors, especially those written by third parties, do not have any associate analytic rules. It is up to the 3rd party as to what to provide with their data connector. Hopefully, with the advent of the Content Hub, this will happen less and less as the analytic rules can be combined with the data connectors.

Based on the description of the Darktrace workbook, I would say the malicious activities shown are indeed items that need to be investigated. I would also suggest looking at the KQL in the workbook and seeing if you can use that to make your Analytics rules to create the alerts.

ClaudiaBothe
Copper Contributor
Nov 14, 2022
Double that! I'd also start by investigating the queries in the workbook and create own analytics rules first. Also would hope for more rules with the deployment via content hub, but it seems there are some now.
Clive_Watson
Bronze Contributor
Nov 08, 2021
....and if you do create some Rules (or anything really) if you are happy sharing with the community, please see https://github.com/Azure/Azure-Sentinel#contributing
- Magnus Tengmo
  Copper Contributor
  Nov 08, 2022
  Clive_Watson
  
  Have someone been able to create some analytics rules for Darktrace?
  - Clive_Watson
    Bronze Contributor
    Nov 08, 2022
    Magnus Tengmo There are three out of the box now
    
    or go to the Github: Azure-Sentinel/Solutions/Darktrace/Analytic Rules at f99d6c8fd39bb3751f41ed8dfe059f2b2c9d1130 · Azure/Azure-Sentinel (github.com)