Initialize the Darktrace Beat
Prerequisites
- Open Collector is installed. If you have not already installed it, follow the instructions in the Open Collector Installation and User Guide, and then return to this topic.
A public key and private key have been generated in the Darktrace portal, as described in Darktrace Portal Configuration.
The following port is open:
Direction
Port
Protocol
Source
Outbound 443 HTTPS darktracebeat
Initialize the Beat
Confirm Open Collector is running:
./lrctl statusYou should see the open_collector and metrics versions:
If Open Collector is not running correctly, see Troubleshoot the Open Collector in the Open Collector Installation and User Guide.
In the Open Collector, run the following command to start the beat:
./lrctl darktracebeat start- Using the arrow keys, select New darktracebeat instance from the list, and then press Enter.
- Enter a unique identifier for this Darktrace beat instance, and then press Enter.
- Enter the Darktrace beat domain name, and then press Enter.
- Enter the previously configured Public key for authentication, and then press Enter.
- Enter the previously configured Private key for authentication, and then press Enter.
The Darktracebeat service started message appears.
(Optional.) To check the status of the service, run the following command:
./lrctl darktracebeat status
Default Config Values for the Darktrace Beat
S.No | Field Name | Default Values |
|---|---|---|
| 1 | heartbeatinterval | 60s |
| 2 | heartbeatdisabled | false |
| 3 | period | 2s |
| 4 | throttlingIntervalSecs | 60 This field value should always be greater than 0. |
| 5 | numbackhoursData | 7 The Darktrace Beat supports up to 180 hours of backlog data. The range for this value is 1-180 hours. |
| 6 | limit | 1000 The supported limit range is 1-1000. |