Configuring Darktrace to communicate with the QRadar platform

To send alerts from Darktrace, you need an API access token.

Before you begin

Your Darktrace account must contain permission for you to create an API token.

Procedure

  1. Log in to your Darktrace Visualizer instance.
  2. On the navigation menu (Navigation menu icon), select Account Settings.
  3. Click API Access > New Token.
  4. Copy the Token and Private Token. You need these values when you add an alert data source that uses the Universal Cloud REST API connector in the QRadar® platform.
    Tip:
    • When you configure the Universal Cloud REST API connector workflow parameter values for Darktrace, use the Token value for the publicToken parameter value. Use the Private Token value for the privateToken parameter value.
    • After the API token is generated, the secret key no longer displays. The secret key must be copied to a safe location when it is generated. Only the public Token value is displayed after the API key is generated.

What to do next

Add a Darktace data source.

For more information about adding a data source, see Adding an ingestion data source.