Skip to main content
Skip table of contents

Darktrace Portal Configuration

The Darktrace API provides a method of accessing additional information about a particular alert or device in the Darktrace system. The API uses HTTP GET requests to return formatted JSON data containing the requested information and HTTP POST or DELETE requests to configure the system.

The Darktrace beat has support for modelbreaches API only.


Acquire an API Token Pair

Before any data can be queried, an API token pair is needed for each Master appliance. Creating the API token requires access to the Darktrace Threat Visualizer interface and a user account with appropriate permissions to access and modify the System Config page.

  1. Login to the Darktrace Portal at
  2. Open the Threat Visualizer of the appliance from which you wish to request data.
  3. Navigate to the System Config page.
  4. Select Settings from the left-hand menu.
  5. In the API Token subsection, click New.
    The Public and Private tokens are displayed.
  6. Copy the Public and Private tokens to a secure location.

    The Private token cannot be obtained again once this window is closed. Be sure to record it in a secure location before navigating away.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.