Document toolboxDocument toolbox

edr.darktrace

Introduction

The tags beginning with edr.darktrace identify events generated by Darktrace.

Valid tags and data tables 

The full tag must have 4 levels. The first two are fixed as edr.darktrace. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Darktrace Response

edr.darktrace.respond.antigena

edr.darktrace.respond.antigena

edr.darktrace.respond.incident_event

edr.darktrace.respond.incident_event

edr.darktrace.respond.model_breach

edr.darktrace.respond.model_breach

edr.darktrace.respond.status

edr.darktrace.respond.status

edr.darktrace.respond.summary

edr.darktrace.respond.summary

For more information, read more About Devo tags.

Table structure

These are the fields displayed in these tables: