The Darktrace Action takes a Threat Library collection and exports the collection’s FQDN and IP Address indicators to Darktrace.

The integration performs the following action:

• Darktrace Export - exports FQDN and IP Address IOCs to Darktrace and sets the expiration of the IOC based on user field input.

The action is compatible with the following indicator types:

• FQDN
• IP Address

The action does not enrich any system objects.

Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.