The Darktrace CDF ingests alerts from Darktrace as AI Analyst and Model Breach Events with devices as related indicators and assets.

The integration provides the following feeds:

• Darktrace AIAnalyst Incident Events - ingests Darktrace alerts related to a group of anomalies or network activity investigated by Cyber AI Analyst.
• Darktrace Model Breaches - ingests Darktrace alerts related to model breaches.

The integration ingests the following object types:

• Assets
• Events
• Indicators