Overview

...

We are providing you with the steps to integrate your Darktrace with Seceon SIEM so One can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ). In this document, we are guiding you through the steps for Log forwarding.

Steps Of Configuration

...

1. Log in to Darktrace interface;

2. Expand top left menu and select Admin, a second menu appears;

3. Select System Config page

...

Ref link: https://docs.rapid7.com/insightidr/darktrace/

...

Verification Of Configuration

Verification can be done either from CCE Server or from UI.

...

Verification On the Seceon UI

STEP Step 1: Log in to UI >> SYSTEM

...

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS.

...

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.

...

with Administrative Rights & Navigate to System>> Log/Flow Collection Status Option.

...

Steps 2: Inside Source Device IP, the IP Address of the Device will reflect including the no. of logs sent to the Seceon Servers.

...

Using CCE Server

“sudo tcpdump -i any host 514 and host <IP address> -AAA” command should be running on the CCE server to check whether or not we are getting logs.