This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
New SecOps Webinar May 14th! Learn about Gemini's generative AI within Google SecOps
Log in to ask a question

Darktrace Connector not ingesting cases

Posted on 07-11-2024 08:23 AM
Antonino_La2
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi everyone, 

we configured the Darktrace model breach connector on our SOAR instance. Performing tests all works fine but we got zero cases created.

Enabling logging we can't see any log coming from the connector... This is such weird behavior since I can't see any error. Has anyone here had the same problem? 

Thanks

A

0 1 146
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
SoarAndy
Staff
Reply posted on --/--/---- --:-- AM
  • If the 'test' works, but no cases are ingested, I would look at the config:
    are you looking back long enough ()
  • are you ingesting low enough severity ()
  • can you check the API key you created has access/rbac/etc to the alerts

Going to the "Logs" page and enabling this whilst you run some 'Testing' connections might help

Top Solution Authors
View all