Darktrace is an Intrusion Detection Device (IDS) that leverages machine learning to detect emerging threats, including insider threats, low-and-slow attacks, and automated viruses.
Step 1: Enable console access
Expel requires a Darktrace user account to review Alerts and Models within the console.
Note
Expel secures all login information our SOC analysts need about your devices in a MFA password product. Access to this login information is protected using our internal MFA processes. To learn more about the IP addresses all Expel traffic comes from, go here.
-
From the menu located at the top left, select Add New User.
-
Username: Expel.
-
Password: set a temporary password — this is changed on initial login.
-
Account Permissions: select all available permissions, except User Admin or Group Admin. These can be left cleared.
Step 2: Generate API credentials
Note
Expel secures all login information our SOC analysts need about your devices in a MFA password product. Access to this login information is protected using our internal MFA processes. To learn more about the IP addresses all Expel traffic comes from, go here.
-
Log into the Darktrace console.
-
Navigate to Admin > System Config.
-
Near the bottom of the page, under API Token, click New.
-
The Darktrace system generates a Token and a Private Token. The Private Token can only be seen 1 time after the token pair is initially generated. Make note of the tokens for onboarding in Workbench. The system can only have 1 token pair, so if one already exists and you don't have a record of this, you must generate another token pair.
Caution
If a replacement Token pair is generated, other clients using the API must be reconfigured with the new credentials.
Step 3: Configure the technology in Workbench
-
In a new browser tab, login to https://workbench.expel.io.
-
On the console page, click Settings and click Security Devices.
-
At the top of the page, click Add Security Device.
-
Search for and select your technology.
-
Select an Assembler from the list. Select the assembler you set up in Getting connected to Expel Workbench.
-
Type Name and Location.
-
For Server address, type the server address of the vendor’s server, which must include the port. For example: https://127.0.0.1:443 or myvendordevice.acme.com:443.
-
For Public key, type the API token used to authenticate to the device from Step 2.
-
For Private key, type the private token used to authenticate to the device from Step 2.
-
-
You can provide console access now or set it up later. Use the instructions below to set it up later.
Comments
0 comments
Please sign in to leave a comment.