DarkTrace IDS

Applies to: DarkTrace IDS V3.0.10 and above Version

Overview

DarkTrace Intrusion Detection System (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any malicious activity or violation is typically reported to an administrator.

DarkTrace IDS can be integrated with EventTracker using Syslog. With the help of DarkTrace IDS KP items, we can monitor the intrusion happening inside the network and also trigger the alert whenever any high server intrusion is detected. EventTracker dashboard will help you to visualize the intrusion happening inside the network by it’s source IP address as well as based on categories. It can even create the report which helps to collect intrusion happening on the network on time bases, which helps you to review the intrusion. EventTracker CIM will help you to correlate the intrusion with other log sources like firewall, OS events, etc.

EventTracker knowledge pack for DarkTrace IDS allows you to monitor the following components:

• Security – Intrusion detection

Once DarkTrace IDS is configured to deliver events to EventTracker manager; knowledge objects and reports can be configured into EventTracker.

Some of the knowledge packs available in EventTracker are listed below. For more information, refer to the Integration Guide.

Scope

The configuration details in this guide are consistent with EventTracker Enterprise version 9.x and later, and DarkTrace IDS v3.0.10 and above version.

Documentation

For more information, refer to the DarkTrace IDS Integration guide.