Integrations by Darktrace


The Darktrace Immune System is a cloud-native platform that delivers self-learning protection, AI Investigations, and seamless integrations via an open and extensible architecture.

Unifying enterprise defenses in the face of evolving threats and exploding complexity has never been more critical nor difficult to achieve. Today’s digital business is characterized by distributed users, diverse applications, and disjointed point solutions that are nearly impossible to harmonize. Yet with Cyber AI, security teams can protect their dynamic workforce across multiple siloes, while enhancing the value of existing investments through shared intelligence and active integrations.

The Darktrace Immune System harnesses an open architecture to seamlessly plug into a diverse ecosystem as it evolves. With one-click integrations and custom templates, the platform can ingest new forms of telemetry, share bespoke AI insights across established workflows, and interoperate with a wide range of technologies to deliver Autonomous Response across email systems, inline defenses, and collaboration platforms.

Key Benefits of Darktrace’s Open Architecture

  • Enable one-click integrations for seamless extension
  • Share bespoke AI insights with SIEM, SOAR, and downstream ticketing systems
  • Extend visibility via native integrations with cloud and zero-trust technologies
  • Activate Autonomous Response via active integrations with firewalls and preventative controls
  • Extensive API support for data ingestion and asset and alert output across your security ecosystem


Share AI Insights

Native integrations via API and syslog allow Darktrace to feed AI detections and Cyber AI Analyst Incidents to SIEMs for analysis and correlation, as well as SOAR solutions to trigger response playbooks.

Telemetry Ingestion

Darktrace can poll SIEM and SOAR solutions to ingest enrichment data, and SOAR playbooks can be configured to trigger custom models and Cyber AI Analyst investigations in Darktrace.

Ticketing System & Case Management

Forward Cyber AI Output

Darktrace’s detections and Cyber AI Analyst Incidents can be fed to downstream ticketing systems in various formats (e.g. CEF, LEEF, and JSON), in alignment with custom thresholds defined by the user.

Interact with Cyber AI Output

Users can acknowledge or comment on Darktrace detections or Cyber AI Analyst Incidents from within the UI of the ticketing or case management system.

Firewalls, NACLs & Preventative Controls

Autonomous Response

Darktrace Antigena can trigger Autonomous Response actions via integrations with firewalls and preventative controls for attacks that have gotten through.

Log Ingestion

Darktrace can also ingest logs from firewalls and network devices to extend visibility as needed.

VPN & Zero-Trust Technologies

Extend Workforce Coverage

By integrating with VPN and zero-trust services, Darktrace can extend its visibility across an increasingly distributed workforce. Native integrations and custom templates are available for any service in this area.


Client Sensors

By deploying Client Sensors, Darktrace can extend its visibility of network connections to devices in branch offices or off the VPN.

Integrate with EDRs

Darktrace can also ingest EDR alerts as a weak indicator that informs our AI analysis across the business. EDR alerts can also trigger Cyber AI Analyst investigations, without the need for an underlying Darktrace detection.

Asset & Inventory Management

Real-Time Visibility

Darktrace can export asset CSV lists and auto-detected device types into asset management systems. It also displays a 2D network topology to provide granular visibility in this area.

Improve Asset Tracking

Darktrace can also interoperate with asset management systems to import VIP devices, tag devices, label subnets, and improve device tracking more generally.


For inquiries, email us at