The data source type for Darktrace collects alerts that are forwarded from Darktrace.
- Configure your Darktrace platform to send alerts to the QRadar platform. For more information, see Configuring Darktrace to communicate with the QRadar platform.
- Add a Darktrace data source.
When you configure the data source, use the Universal REST API connector type to pull alerts from Darktrace.
For more information about adding a data source, see Adding an ingestion data source.
- Optional: If you want to enable federated search for your Darktrace system, configure a connection to the data source. For more information, see Connecting data sources for federated search and querying.
If you are an IBM® QRadar user, see Terminology changes for QRadar customers.