From f82b26d5e9da501ba44ba3ab4a3ce96bd2842f92 Mon Sep 17 00:00:00 2001 From: Dylan O'Sullivan Date: Fri, 7 Nov 2025 16:10:41 +0000 Subject: [PATCH 1/4] added sanitized sample data --- Sample Data/DarktraceASM_CL.json | 23 ++++++++ Sample Data/DarktraceEMAIL_CL.json | 37 +++++++++++++ Sample Data/DarktraceIncidents_CL.json | 43 +++++++++++++++ Sample Data/DarktraceModelAlerts_CL.json | 58 ++++++++++++++++++++ Sample Data/DarktraceResponseActions_CL.json | 27 +++++++++ Sample Data/DarktraceSystemStatusAlerts.json | 17 ++++++ 6 files changed, 205 insertions(+) create mode 100644 Sample Data/DarktraceASM_CL.json create mode 100644 Sample Data/DarktraceEMAIL_CL.json create mode 100644 Sample Data/DarktraceIncidents_CL.json create mode 100644 Sample Data/DarktraceModelAlerts_CL.json create mode 100644 Sample Data/DarktraceResponseActions_CL.json create mode 100644 Sample Data/DarktraceSystemStatusAlerts.json diff --git a/Sample Data/DarktraceASM_CL.json b/Sample Data/DarktraceASM_CL.json new file mode 100644 index 00000000000..38049bf8ab6 --- /dev/null +++ b/Sample Data/DarktraceASM_CL.json @@ -0,0 +1,23 @@ +{ + "action": "Update the software listed in this risk, by contacting your provider or hosting party. Also, take note that this information should not be publicly accessible, as this might help the hacker in their attack preparation.", + "alertTime": "2024-08-20 15:52:02", + "alertTimestamp": 1733410492, + "alertTitle": "Risk rating increased", + "alertType": "vulnerable-software", + "assetId": 177054, + "assetName": "SMTP Server london", + "assetUri": "https://instance.example.com/app/#/detail/overview/177054", + "customLabel": "Sample Label", + "darktraceProduct": "Darktrace / Attack Surface Management", + "description": "The rating for vulnerable software Prototype/1.7.3 has increased from a rating B to a rating E", + "endTime": "", + "endTimestamp": 1733310492, + "previousRating": "B", + "rating": "E", + "riskId": 134244, + "riskUri": "https://instance.example.darktrace.com/app/#/detail/direct-risks/177054?risk_id=134244", + "startTime": "1970-01-21 01:28:30", + "startTimestamp": 1733310492, + "state": "Increased Risk Rating", + "workbenchUri": "https://instance.example.darktrace.com/app/#/workbench?id=100&name=allowed&query=id+in+(134244,+256638,+256043)" + } \ No newline at end of file diff --git a/Sample Data/DarktraceEMAIL_CL.json b/Sample Data/DarktraceEMAIL_CL.json new file mode 100644 index 00000000000..2477cf89a78 --- /dev/null +++ b/Sample Data/DarktraceEMAIL_CL.json @@ -0,0 +1,37 @@ +{ + "actions": [ + "notify" + ], + "alertTime": "2024-08-20 15:52:02", + "anomalyScore": 0, + "attachmentNames": [ + "image-1.jpg" + ], + "attachmentSha1s": [ + "f0c31baa0193dde73dd3f96147ae99c7af84a025" + ], + "attachmentSha256s": [ + "33b5bb0fb2234c39c8dc210d9bf27d6a32cb7c19d2c49cf91af8229f2a53c2ec" + ], + "customLabel": "Sample Label", + "darktraceProduct": "Darktrace / EMAIL", + "direction": "inbound", + "from": "test@darktrace.com", + "linkHosts": [ + "darktrace.com" + ], + "messageId": "5877f022-108f-4cf7-8ced-dcdf8d25770", + "recipientActions": [ + "test@example.com: notify" + ], + "recipients": [ + "test@example.com" + ], + "subject": "Test Darktrace / EMAIL Alert", + "tags": [ + "Test Email" + ], + "timestamp": "2020-12-15T04:47:29.936", + "url": "https://sample-darktrace.com/emailuuid", + "uuid": "79D0DD80-5A5E-44E9-A917-7F8567C21877.1" + } \ No newline at end of file diff --git a/Sample Data/DarktraceIncidents_CL.json b/Sample Data/DarktraceIncidents_CL.json new file mode 100644 index 00000000000..dc95f7a5750 --- /dev/null +++ b/Sample Data/DarktraceIncidents_CL.json @@ -0,0 +1,43 @@ +{ + "activityId": "00000000", + "aiaScore": 100, + "bestAssetName": "Test Device", + "currentGroup": "00000000-0000-0000-0000-000000000004", + "customLabel": "", + "darktraceProduct": "Darktrace Incidents", + "deviceHostname": "test-device.example.com", + "deviceIp": "0.1.2.3", + "deviceIdentifier": "Test Device", + "deviceMac": "00:11:22:33:44:55", + "deviceSubnet": "example", + "devices": [ + { + "deviceDid": 5649, + "deviceHostname": "ip-0-0-0-0.eu-west-1.compute.internal", + "deviceIp": "0.0.0.0", + "deviceIdentifier": "ip-0-0-0-0.eu-west-1.compute.internal", + "deviceMac": "00:00:00:00:00:00", + "deviceSid": 111, + "deviceSubnet": "example" + } + ], + "endTime": "Jan 1st 2000 00:00:00 UTC", + "externalId": "00000000-0000-0000-0000-000000000006", + "groupByActivity": false, + "groupCategory": "compliance", + "groupPreviousGroups": [ + "00000000-0000-0000-0000-000000000005" + ], + "groupScore": 100, + "groupingId": "00000000", + "incidentEventTime": "2024-08-20 15:52:02", + "incidentEventTitle": "Test AIA Alert", + "latitude": 4.598, + "longitude": -74.343, + "newEvent": false, + "severity": 10, + "startTime": "Jan 1st 2000 00:00:00 UTC", + "summary": "Test AIA alert used for testing alerting configuration.", + "summaryFirstSentence": "Test AIA alert used for testing alerting configuration.", + "url": "" + } \ No newline at end of file diff --git a/Sample Data/DarktraceModelAlerts_CL.json b/Sample Data/DarktraceModelAlerts_CL.json new file mode 100644 index 00000000000..ca8f7af6c57 --- /dev/null +++ b/Sample Data/DarktraceModelAlerts_CL.json @@ -0,0 +1,58 @@ +{ + "alertTime": "2024-08-20 15:52:02", + "alertUrl": "https://example.com/#modelbreach/18754", + "antigena": false, + "category": "Critical", + "cSensor": true, + "cSensorId": "5f016ddb-53c2-28d3-19b1-f434713e6a08", + "compliance": false, + "customLabel": "Sample Label", + "darktraceProduct": "Darktrace Model Alerts", + "description": "No description is available for this model breach", + "destHost": "download.windowsupdate.com", + "destIp": "8.7.7.5", + "destMac": "00-B0-D0-63-C2-26", + "destPort": "443", + "details": "https://example.com/#modelbreach/18754", + "deviceCredentials": [ + { + "cred": "example_cred", + "seen": "2024-08-20 15:52:02" + } + ], + "deviceHostname": "sample_host", + "deviceId": 3423, + "deviceLabel": "test-device.example.com", + "deviceSubnet": "Sample Subnet", + "deviceType": "Laptop", + "latitude": 4.598, + "longitude": -74.076, + "message": "FileTransfer::Exe file found with filetype. This is an example.", + "mitreTechniques": [ + { + "tactics": [ + "defense-evasion", + "lateral-movement" + ], + "technique": "Use Alternate Authentication Material", + "techniqueId": "T1550" + } + ], + "modelName": "Test Folder/Test Model", + "modelTags": [ + "AP: C2 Comms", + "AP: Egress", + "OT Engineer" + ], + "pid": 665, + "score": 16, + "sid": -9, + "sourceHost": "my_host", + "sourceIp": "190.137.183.213", + "sourceMac": "00-B0-D0-63-C2-25", + "sourcePort": "18000", + "threatId": 18754, + "triggeredComponents": "SaaS Resource Viewed\nRare domain: 0\nRare hostname: 0\nBeaconing score: 0", + "typeLabel": "sample_label", + "uuid": "539464e9-df49-45e9-a8da-3beece6394e8" +} \ No newline at end of file diff --git a/Sample Data/DarktraceResponseActions_CL.json b/Sample Data/DarktraceResponseActions_CL.json new file mode 100644 index 00000000000..df45ca9effd --- /dev/null +++ b/Sample Data/DarktraceResponseActions_CL.json @@ -0,0 +1,27 @@ +{ + "action": "CREATE", + "alertTime": "2024-08-20 15:52:02", + "changedBy": "darktrace", + "codeId": 9896, + "customLabel": "Sample Label", + "darktraceProduct": "Darktrace Autonomous Response", + "deviceFirstSeen": "Jan 1st 2000 00:00:00 UTC", + "deviceHostname": "test-device.example.com", + "deviceIp": "0.1.2.3", + "deviceLabel": "testlabel", + "deviceLastSeen": "Jan 1st 2000 00:00:00 UTC", + "deviceMac": "00:11:22:33:44:55", + "deviceName": "testlabel", + "deviceType": "Desktop", + "endTime": "Jan 1st 2000 00:00:00 UTC", + "inhibitor": "Alert for for testing alerting configuration.", + "model": "Test Model", + "reason": "This is a test alert for testing alerting configuration.", + "score": 0, + "startTime": "Jan 1st 2000 00:00:00 UTC", + "state": "Created", + "subnetId": 0, + "subnetLabel": "testsubnetlabel", + "subnetNetwork": "testnetwork", + "url": "https://darktrace.com" + } \ No newline at end of file diff --git a/Sample Data/DarktraceSystemStatusAlerts.json b/Sample Data/DarktraceSystemStatusAlerts.json new file mode 100644 index 00000000000..71bac99d8d2 --- /dev/null +++ b/Sample Data/DarktraceSystemStatusAlerts.json @@ -0,0 +1,17 @@ +{ + "alertTime": "2024-08-20 15:52:02", + "customLabel": "Sample Label", + "darktraceHostname": "darktrace.example.com", + "darktraceProduct": "Darktrace System Status Alerts", + "deviceIp": "0.1.2.3", + "friendlyModelName": "Test System Status Alert", + "message": "Test System Status alert used for testing alerting configuration.", + "modelName": "test-system-status-alert", + "priority": "high", + "priorityCode": 100, + "status": "Resolved", + "severity": 10, + "statusName": "Resolved: Test System Status Alert", + "url": "https://darktrace.com", + "uuid": "00000000-0000-0000-0000-000000000008" + } \ No newline at end of file From 24be68b6ecbbea5606aa067f848a100434a1ab51 Mon Sep 17 00:00:00 2001 From: Dylan O'Sullivan Date: Mon, 10 Nov 2025 08:21:44 +0000 Subject: [PATCH 2/4] added custom tables --- .../CustomTables/DarktraceASM_CL.json | 89 ++++++++++ .../CustomTables/DarktraceEMAIL_CL.json | 81 +++++++++ .../CustomTables/DarktraceIncidents_CL.json | 121 ++++++++++++++ .../CustomTables/DarktraceModelAlerts_CL.json | 158 ++++++++++++++++++ .../DarktraceResponseActions_CL.json | 106 ++++++++++++ .../DarktraceSystemStatusAlerts_CL.json | 65 +++++++ 6 files changed, 620 insertions(+) create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/DarktraceASM_CL.json create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/DarktraceEMAIL_CL.json create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/DarktraceIncidents_CL.json create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/DarktraceModelAlerts_CL.json create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/DarktraceResponseActions_CL.json create mode 100644 .script/tests/KqlvalidationsTests/CustomTables/DarktraceSystemStatusAlerts_CL.json diff --git a/.script/tests/KqlvalidationsTests/CustomTables/DarktraceASM_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/DarktraceASM_CL.json new file mode 100644 index 00000000000..9af7333f9eb --- /dev/null +++ b/.script/tests/KqlvalidationsTests/CustomTables/DarktraceASM_CL.json @@ -0,0 +1,89 @@ +{ + "Name": "DarktraceASM_CL", + "Properties": [ + { + "name": "action", + "type": "string" + }, + { + "name": "alertTime", + "type": "datetime" + }, + { + "name": "alertTimestamp", + "type": "int" + }, + { + "name": "alertTitle", + "type": "string" + }, + { + "name": "alertType", + "type": "string" + }, + { + "name": "assetId", + "type": "int" + }, + { + "name": "assetName", + "type": "string" + }, + { + "name": "assetUri", + "type": "string" + }, + { + "name": "customLabel", + "type": "string" + }, + { + "name": "darktraceProduct", + "type": "string" + }, + { + "name": "description", + "type": "string" + }, + { + "name": "endTime", + "type": "string" + }, + { + "name": "endTimestamp", + "type": "int" + }, + { + "name": "previousRating", + "type": "string" + }, + { + "name": "rating", + "type": "string" + }, + { + "name": "riskId", + "type": "int" + }, + { + "name": "riskUri", + "type": "string" + }, + { + "name": "startTime", + "type": "datetime" + }, + { + "name": "startTimestamp", + "type": "int" + }, + { + "name": "state", + "type": "string" + }, + { + "name": "workbenchUri", + "type": "string" + } + ] +} \ No newline at end of file diff --git a/.script/tests/KqlvalidationsTests/CustomTables/DarktraceEMAIL_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/DarktraceEMAIL_CL.json new file mode 100644 index 00000000000..3a2d8f1a926 --- /dev/null +++ b/.script/tests/KqlvalidationsTests/CustomTables/DarktraceEMAIL_CL.json @@ -0,0 +1,81 @@ +{ + "Name": "DarktraceEMAIL_CL", + "Properties": [ + { + "name": "actions", + "type": "dynamic" + }, + { + "name": "alertTime", + "type": "datetime" + }, + { + "name": "anomalyScore", + "type": "int" + }, + { + "name": "attachmentNames", + "type": "dynamic" + }, + { + "name": "attachmentSha1s", + "type": "dynamic" + }, + { + "name": "attachmentSha256s", + "type": "dynamic" + }, + { + "name": "customLabel", + "type": "string" + }, + { + "name": "darktraceProduct", + "type": "string" + }, + { + "name": "direction", + "type": "string" + }, + { + "name": "from", + "type": "string" + }, + { + "name": "linkHosts", + "type": "dynamic" + }, + { + "name": "messageId", + "type": "string" + }, + { + "name": "recipientActions", + "type": "dynamic" + }, + { + "name": "recipients", + "type": "dynamic" + }, + { + "name": "subject", + "type": "string" + }, + { + "name": "tags", + "type": "dynamic" + }, + { + "name": "timestamp", + "type": "datetime" + }, + { + "name": "url", + "type": "string" + }, + { + "name": "uuid", + "type": "string" + } + ] +} \ No newline at end of file diff --git a/.script/tests/KqlvalidationsTests/CustomTables/DarktraceIncidents_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/DarktraceIncidents_CL.json new file mode 100644 index 00000000000..4ad6ec4dd39 --- /dev/null +++ b/.script/tests/KqlvalidationsTests/CustomTables/DarktraceIncidents_CL.json @@ -0,0 +1,121 @@ +{ + "Name": "DarktraceIncidents_CL", + "Properties": [ + { + "name": "activityId", + "type": "string" + }, + { + "name": "aiaScore", + "type": "int" + }, + { + "name": "bestAssetName", + "type": "string" + }, + { + "name": "currentGroup", + "type": "string" + }, + { + "name": "customLabel", + "type": "string" + }, + { + "name": "darktraceProduct", + "type": "string" + }, + { + "name": "deviceHostname", + "type": "string" + }, + { + "name": "deviceIp", + "type": "string" + }, + { + "name": "deviceIdentifier", + "type": "string" + }, + { + "name": "deviceMac", + "type": "string" + }, + { + "name": "deviceSubnet", + "type": "string" + }, + { + "name": "devices", + "type": "dynamic" + }, + { + "name": "endTime", + "type": "string" + }, + { + "name": "externalId", + "type": "string" + }, + { + "name": "groupByActivity", + "type": "boolean" + }, + { + "name": "groupCategory", + "type": "string" + }, + { + "name": "groupPreviousGroups", + "type": "dynamic" + }, + { + "name": "groupScore", + "type": "int" + }, + { + "name": "groupingId", + "type": "string" + }, + { + "name": "incidentEventTime", + "type": "datetime" + }, + { + "name": "incidentEventTitle", + "type": "string" + }, + { + "name": "latitude", + "type": "real" + }, + { + "name": "longitude", + "type": "real" + }, + { + "name": "newEvent", + "type": "boolean" + }, + { + "name": "severity", + "type": "int" + }, + { + "name": "startTime", + "type": "string" + }, + { + "name": "summary", + "type": "string" + }, + { + "name": "summaryFirstSentence", + "type": "string" + }, + { + "name": "url", + "type": "string" + } + ] +} \ No newline at end of file diff --git a/.script/tests/KqlvalidationsTests/CustomTables/DarktraceModelAlerts_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/DarktraceModelAlerts_CL.json new file mode 100644 index 00000000000..05f2c759dc6 --- /dev/null +++ b/.script/tests/KqlvalidationsTests/CustomTables/DarktraceModelAlerts_CL.json @@ -0,0 +1,158 @@ +{ + "Name": "DarktraceModelAlerts_CL", + "Properties": [ + { + "name": "alertTime", + "type": "datetime" + }, + { + "name": "alertUrl", + "type": "string" + }, + { + "name": "antigena", + "type": "boolean" + }, + { + "name": "category", + "type": "string" + }, + { + "name": "cSensor", + "type": "boolean" + }, + { + "name": "cSensorId", + "type": "string" + }, + { + "name": "compliance", + "type": "boolean" + }, + { + "name": "customLabel", + "type": "string" + }, + { + "name": "darktraceProduct", + "type": "string" + }, + { + "name": "description", + "type": "string" + }, + { + "name": "destHost", + "type": "string" + }, + { + "name": "destIp", + "type": "string" + }, + { + "name": "destMac", + "type": "string" + }, + { + "name": "destPort", + "type": "string" + }, + { + "name": "details", + "type": "string" + }, + { + "name": "deviceCredentials", + "type": "dynamic" + }, + { + "name": "deviceHostname", + "type": "string" + }, + { + "name": "deviceId", + "type": "int" + }, + { + "name": "deviceLabel", + "type": "string" + }, + { + "name": "deviceSubnet", + "type": "string" + }, + { + "name": "deviceType", + "type": "string" + }, + { + "name": "latitude", + "type": "real" + }, + { + "name": "longitude", + "type": "real" + }, + { + "name": "message", + "type": "string" + }, + { + "name": "mitreTechniques", + "type": "dynamic" + }, + { + "name": "modelName", + "type": "string" + }, + { + "name": "modelTags", + "type": "dynamic" + }, + { + "name": "pid", + "type": "int" + }, + { + "name": "score", + "type": "int" + }, + { + "name": "sid", + "type": "int" + }, + { + "name": "sourceHost", + "type": "string" + }, + { + "name": "sourceIp", + "type": "string" + }, + { + "name": "sourceMac", + "type": "string" + }, + { + "name": "sourcePort", + "type": "string" + }, + { + "name": "threatId", + "type": "int" + }, + { + "name": "triggeredComponents", + "type": "string" + }, + { + "name": "typeLabel", + "type": "string" + }, + { + "name": "uuid", + "type": "string" + } + + ] +} \ No newline at end of file diff --git a/.script/tests/KqlvalidationsTests/CustomTables/DarktraceResponseActions_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/DarktraceResponseActions_CL.json new file mode 100644 index 00000000000..126b04bd7ec --- /dev/null +++ b/.script/tests/KqlvalidationsTests/CustomTables/DarktraceResponseActions_CL.json @@ -0,0 +1,106 @@ +{ + "Name": "DarktraceResponseActions_CL", + "Properties": [ + { + "name": "action", + "type": "string" + }, + { + "name": "alertTime", + "type": "datetime" + }, + { + "name": "changedBy", + "type": "string" + }, + { + "name": "codeId", + "type": "int" + }, + { + "name": "customLabel", + "type": "string" + }, + { + "name": "darktraceProduct", + "type": "string" + }, + { + "name": "deviceFirstSeen", + "type": "string" + }, + { + "name": "deviceHostname", + "type": "string" + }, + { + "name": "deviceIp", + "type": "string" + }, + { + "name": "deviceLabel", + "type": "string" + }, + { + "name": "deviceLastSeen", + "type": "string" + }, + { + "name": "deviceMac", + "type": "string" + }, + { + "name": "deviceName", + "type": "string" + }, + { + "name": "deviceType", + "type": "string" + }, + { + "name": "endTime", + "type": "string" + }, + { + "name": "inhibitor", + "type": "string" + }, + { + "name": "model", + "type": "string" + }, + { + "name": "reason", + "type": "string" + }, + { + "name": "score", + "type": "int" + }, + { + "name": "startTime", + "type": "string" + }, + { + "name": "state", + "type": "string" + }, + { + "name": "subnetId", + "type": "int" + }, + { + "name": "subnetLabel", + "type": "string" + }, + { + "name": "subnetNetwork", + "type": "string" + }, + { + "name": "url", + "type": "string" + } + + ] +} \ No newline at end of file diff --git a/.script/tests/KqlvalidationsTests/CustomTables/DarktraceSystemStatusAlerts_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/DarktraceSystemStatusAlerts_CL.json new file mode 100644 index 00000000000..28c8a2b5179 --- /dev/null +++ b/.script/tests/KqlvalidationsTests/CustomTables/DarktraceSystemStatusAlerts_CL.json @@ -0,0 +1,65 @@ +{ + "Name": "DarktraceSystemStatusAlerts_CL", + "Properties": [ + { + "name": "alertTime", + "type": "datetime" + }, + { + "name": "customLabel", + "type": "string" + }, + { + "name": "darktraceHostname", + "type": "string" + }, + { + "name": "darktraceProduct", + "type": "string" + }, + { + "name": "deviceIp", + "type": "string" + }, + { + "name": "friendlyModelName", + "type": "string" + }, + { + "name": "message", + "type": "string" + }, + { + "name": "modelName", + "type": "string" + }, + { + "name": "priority", + "type": "string" + }, + { + "name": "priorityCode", + "type": "int" + }, + { + "name": "status", + "type": "string" + }, + { + "name": "severity", + "type": "int" + }, + { + "name": "statusName", + "type": "string" + }, + { + "name": "url", + "type": "string" + }, + { + "name": "uuid", + "type": "string" + } + ] +} \ No newline at end of file From f5eff17af8d5b6a52e8258a663c9cbf5fe3b4196 Mon Sep 17 00:00:00 2001 From: Dylan O'Sullivan Date: Mon, 10 Nov 2025 08:28:09 +0000 Subject: [PATCH 3/4] updated metadata --- Workbooks/WorkbooksMetadata.json | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json index c0e3a874721..0daffd76140 100644 --- a/Workbooks/WorkbooksMetadata.json +++ b/Workbooks/WorkbooksMetadata.json @@ -5132,12 +5132,17 @@ { "workbookKey": "DarktraceWorkbook", "logoFileName": "Darktrace.svg", - "description": "The Darktrace Workbook visualises Model Breach and AI Analyst data received by the Darktrace Data Connector and visualises events across the network, SaaS, IaaS and Email.", + "description": "The Darktrace Workbook visualises Model Breaches, AI Analyst incidents, ASM alerts, EMAIL alerts, Response actions and system status alerts data received by the Darktrace Data Connector and visualises events across the network, SaaS, IaaS and Email.", "dataTypesDependencies": [ - "darktrace_model_alerts_CL" + "DarktraceASM_CL", + "DarktraceEMAIL_CL", + "DarktraceIncidents_CL", + "DarktraceModelAlerts_CL", + "DarktraceResponseActions_CL", + "DarktraceSystemStatusAlerts_CL" ], "dataConnectorsDependencies": [ - "DarktraceRESTConnector" + "DarktraceActiveAISecurityPlatform_Template" ], "previewImagesFileNames": [ "DarktraceWorkbookBlack01.png", @@ -5145,7 +5150,7 @@ "DarktraceWorkbookWhite01.png", "DarktraceWorkbookWhite02.png" ], - "version": "1.0.1", + "version": "2.0.0", "title": "Darktrace", "templateRelativePath": "DarktraceWorkbook.json", "subtitle": "", From 0ffe216648ef24d4a132671ff3126b6fb0f2722e Mon Sep 17 00:00:00 2001 From: Dylan O'Sullivan Date: Mon, 10 Nov 2025 09:57:40 +0000 Subject: [PATCH 4/4] wrap in array --- Sample Data/DarktraceASM_CL.json | 6 ++++-- Sample Data/DarktraceEMAIL_CL.json | 6 ++++-- Sample Data/DarktraceIncidents_CL.json | 6 ++++-- Sample Data/DarktraceModelAlerts_CL.json | 6 ++++-- Sample Data/DarktraceResponseActions_CL.json | 6 ++++-- Sample Data/DarktraceSystemStatusAlerts.json | 6 ++++-- 6 files changed, 24 insertions(+), 12 deletions(-) diff --git a/Sample Data/DarktraceASM_CL.json b/Sample Data/DarktraceASM_CL.json index 38049bf8ab6..0d67f427db3 100644 --- a/Sample Data/DarktraceASM_CL.json +++ b/Sample Data/DarktraceASM_CL.json @@ -1,4 +1,5 @@ -{ +[ + { "action": "Update the software listed in this risk, by contacting your provider or hosting party. Also, take note that this information should not be publicly accessible, as this might help the hacker in their attack preparation.", "alertTime": "2024-08-20 15:52:02", "alertTimestamp": 1733410492, @@ -20,4 +21,5 @@ "startTimestamp": 1733310492, "state": "Increased Risk Rating", "workbenchUri": "https://instance.example.darktrace.com/app/#/workbench?id=100&name=allowed&query=id+in+(134244,+256638,+256043)" - } \ No newline at end of file + } +] \ No newline at end of file diff --git a/Sample Data/DarktraceEMAIL_CL.json b/Sample Data/DarktraceEMAIL_CL.json index 2477cf89a78..79c41af76ba 100644 --- a/Sample Data/DarktraceEMAIL_CL.json +++ b/Sample Data/DarktraceEMAIL_CL.json @@ -1,4 +1,5 @@ -{ +[ + { "actions": [ "notify" ], @@ -34,4 +35,5 @@ "timestamp": "2020-12-15T04:47:29.936", "url": "https://sample-darktrace.com/emailuuid", "uuid": "79D0DD80-5A5E-44E9-A917-7F8567C21877.1" - } \ No newline at end of file + } +] \ No newline at end of file diff --git a/Sample Data/DarktraceIncidents_CL.json b/Sample Data/DarktraceIncidents_CL.json index dc95f7a5750..95482689b14 100644 --- a/Sample Data/DarktraceIncidents_CL.json +++ b/Sample Data/DarktraceIncidents_CL.json @@ -1,4 +1,5 @@ -{ +[ + { "activityId": "00000000", "aiaScore": 100, "bestAssetName": "Test Device", @@ -40,4 +41,5 @@ "summary": "Test AIA alert used for testing alerting configuration.", "summaryFirstSentence": "Test AIA alert used for testing alerting configuration.", "url": "" - } \ No newline at end of file + } +] \ No newline at end of file diff --git a/Sample Data/DarktraceModelAlerts_CL.json b/Sample Data/DarktraceModelAlerts_CL.json index ca8f7af6c57..604a75ee111 100644 --- a/Sample Data/DarktraceModelAlerts_CL.json +++ b/Sample Data/DarktraceModelAlerts_CL.json @@ -1,4 +1,5 @@ -{ +[ + { "alertTime": "2024-08-20 15:52:02", "alertUrl": "https://example.com/#modelbreach/18754", "antigena": false, @@ -55,4 +56,5 @@ "triggeredComponents": "SaaS Resource Viewed\nRare domain: 0\nRare hostname: 0\nBeaconing score: 0", "typeLabel": "sample_label", "uuid": "539464e9-df49-45e9-a8da-3beece6394e8" -} \ No newline at end of file + } +] \ No newline at end of file diff --git a/Sample Data/DarktraceResponseActions_CL.json b/Sample Data/DarktraceResponseActions_CL.json index df45ca9effd..65a5ec700bf 100644 --- a/Sample Data/DarktraceResponseActions_CL.json +++ b/Sample Data/DarktraceResponseActions_CL.json @@ -1,4 +1,5 @@ -{ +[ + { "action": "CREATE", "alertTime": "2024-08-20 15:52:02", "changedBy": "darktrace", @@ -24,4 +25,5 @@ "subnetLabel": "testsubnetlabel", "subnetNetwork": "testnetwork", "url": "https://darktrace.com" - } \ No newline at end of file + } +] \ No newline at end of file diff --git a/Sample Data/DarktraceSystemStatusAlerts.json b/Sample Data/DarktraceSystemStatusAlerts.json index 71bac99d8d2..bb7ef6306dd 100644 --- a/Sample Data/DarktraceSystemStatusAlerts.json +++ b/Sample Data/DarktraceSystemStatusAlerts.json @@ -1,4 +1,5 @@ -{ +[ + { "alertTime": "2024-08-20 15:52:02", "customLabel": "Sample Label", "darktraceHostname": "darktrace.example.com", @@ -14,4 +15,5 @@ "statusName": "Resolved: Test System Status Alert", "url": "https://darktrace.com", "uuid": "00000000-0000-0000-0000-000000000008" - } \ No newline at end of file + } +] \ No newline at end of file