Initialize the Darktrace Beat

Prerequisites

• Open Collector is installed. If you have not already installed it, follow the instructions in the Open Collector Installation and User Guide, and then return to this topic.

• A public key and private key have been generated in the Darktrace portal, as described in Darktrace Portal Configuration.

• The following port is open:

  Direction	Port	Protocol	Source
  Outbound	443	HTTPS	darktracebeat

Initialize the Beat via the Web Console (Recommended)

1. Ensure that the Open Collector Connection to the SIEM (WebUI) setup has been completed.

2. Ensure that the System Monitor Agent to which you intend to send these logs has been Configured for JSON Parsing.

3. Follow the steps outlined in Add a Beat in the Web Console to create the Beat via the Web UI.

Initialize the Beat via Command Line (Legacy)

1. Confirm Open Collector is running:

   ./lrctl status

   You should see the open_collector and metrics versions.

   If Open Collector is not running correctly, see Troubleshoot the Open Collector in the Open Collector Installation and User Guide.

2. In the Open Collector, run the following command to start the beat:

   ./lrctl darktracebeat start

3. Using the arrow keys, select New darktracebeat instance from the list, and then press Enter.                       

4.  Enter a unique identifier for this Darktrace beat instance, and then press Enter.  

5.  Enter the Darktrace beat domain name, and then press Enter.

6. Enter the previously configured Public key for authentication, and then press Enter. 

7. Enter the previously configured Private key for authentication, and then press Enter.
   The Darktracebeat service started message appears.   

8. (Optional.) To check the status of the service, run the following command:

   ./lrctl darktracebeat status

Default Config Values for the Darktrace Beat