Integrate Darktrace Enterprise Immune System with Red Canary

Integrating Darktrace Enterprise Immune System with Red Canary creates a powerful defense-in-depth strategy by combining self-learning AI with expert threat hunting. In Red Canary, MDR integration with Darktrace Enterprise Immune System is possible only via email as the ingest method. To configure Darktrace Enterprise Immune System as an alert source for Threat Hunting, follow the procedure below from beginning to end.

1. From your Red Canary homepage, click Integrations, and select See all integrations.

   

2. Type and select Darktrace Enterprise Immune System.

   

3. Click Configure.

4. For Ingest Format/Method, ensure that Dark Trace Enterprise Immune System via Email or Dark Trace Enterprise Immune System via HTTP is selected.

   

5. Click Require alerts to be delivered for ingest over TLS? if applicable.

6. Click Save Configuration to save all changes.

7. Activate the source to start processing alerts.

   

   You are responsible for adding the newly created email address into Darktrace Enterprise Immune System so as to forward alerts to Red Canary. After the changes are completed, Red Canary should start ingesting new alerts in about 15 to 30 minutes, depending on how long it takes the collector to finish initial set up.