![]() We will explain how we leverage high-value integrations from our technology partners to bring further context to Darktrace, but also how we apply our Self-Learning AI to third-party data. ![]() Usually, we want to get as close to the raw data as possible to get the maximum context for our machine learning. The data can be anywhere – in email environments, cloud, SaaS, OT, endpoints, or the network, for example. MDE is used as an example above, but Darktrace’s EDR integration capabilities extend beyond MDE to other EDRs as well, for example to Sentinel One and CrowdStrike EDR.ĭarktrace brings its Self-Learning AI to your data, no matter where it resides. Please take a deep look at that device at the time of the Defender alert, conduct an investigation on Darktrace data and share your conclusions about whether there is more to it or not’ Let me pivot back into the Defender UI’Ģ) Cross-data detection engineering – ‘Darktrace, create an alert or trigger a response if you see a specific MDE alert and a native Darktrace detection on the same entity over a period of time’ģ) Applying unsupervised machine learning to third-party EDR alerts – ‘Darktrace, create an alert or trigger a response if there is a specific MDE alert that is unusual for the entity, given the context’Ĥ) Use third-party EDR alerts to trigger AI Analyst – ‘AI Analyst, this low-fidelity MDE alert flagged something on the endpoint. ‘There was a Microsoft Defender for Endpoint (MDE) alert 5 minutes after Darktrace saw the device beacon to an unusual destination on the internet. We’ll look at four key features, which are summarized with an example below:ġ) Contextualizing existing Darktrace information – E.g. ![]() This blog demonstrates how we use EDR integration in Darktrace for detection & investigation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |