The Darktrace API provides a method of accessing additional information about a particular alert or device in the Darktrace system. The API uses HTTP GET requests to return formatted JSON data containing the requested information and HTTP POST or DELETE requests to configure the system.
The Darktrace beat has support for modelbreaches API only.
Darktrace Portal credentials
- Ability to access and modify the System Config page in the Darktrace portal
Acquire an API Token Pair
Before any data can be queried, an API token pair is needed for each Master appliance. Creating the API token requires access to the Darktrace Threat Visualizer interface and a user account with appropriate permissions to access and modify the System Config page.
- Login to the Darktrace Portal at https://customerportal.darktrace.com/login.
- Open the Threat Visualizer of the appliance from which you wish to request data.
- Navigate to the System Config page.
- Select Settings from the left-hand menu.
- In the API Token subsection, click New.
The Public and Private tokens are displayed.
Copy the Public and Private tokens to a secure location.
The Private token cannot be obtained again once this window is closed. Be sure to record it in a secure location before navigating away.