1. KNOWLEDGE BASE
  2. DEVICE INTEGRATION

Darktrace

This article describes the steps to configure syslog forwarding for Darktrace.

Prerequisites

  • Configure Darktrace to send logs.
  • Ensure you are a Darktrace Administrator with access to the User Interface.

To configure syslog forwarding for Darktrace:

  1. Log in to the Darktrace interface.
  2. Expand the top left menu and select Admin. A second menu appears.
  3. Select the System Config page.

  4. In the Alerting section, click Verify Alert Settings.
  5. Set the following parameters:
    1. CEF Syslog Alerts as True.
    2. The syslog server to the IP address of the DNIF Adapter.
    3. Set a unique port.
    4. CEF Syslog TCP Alerts as True.

      image 1-Dec-04-2023-09-11-58-6567-AM
  6. Darktrace will automatically save your changes.
  7. In the Alerting section, click Verify Alert Settings.

    image 2-Dec-04-2023-09-12-19-7747-AM
  8. You will view 1 Alert Sent. IMAP settings are valid message, on validating.