Use Darktrace with n8n

10 Jan 2021 - 2 minute read

Darktrace node

n8n is a powerfull workflow automation tool which allows us to create our own nodes for specific tools that we can use everyday.

Thank to the n8n-node-dev I worked on a custom node for Darktrace to avoid the utilization of multiple nodes like Function item + HTTP request, to have an all-in-one node.

Features

Darktrace have an API with more than 20 endpoints to get and send information.

To not have a big node with a lot of fields when you want to use it, I decided to let the user write his own request with the variable selector. The user have to check what he wants to do with the help of the darktrace API documentation (/apihelp on DT web interface). For example :

  • Get last model breachs
  • Get status, time, tags
  • Get subnet, metrics
  • Modify intelligence feed
  • Get models information, pcap, specific information on endpoint (based on filter)

Implementation

I assume that the node is installed on the n8n instance :

  1. On Darktrace web interface, create/get your API credentials (public token & private token)
  2. On n8n, create a new credential and search “Darktrace API”
  3. Fill all inputs with your information (do not add a “/” at the end of the URL according to the Darktrace documentation)

Create credentials

  1. In your n8n workflow, click on “Add node” button and add “Darktrace” (in regular node)
  2. Select your credential created at the step 3.
  3. Add the date of the request to Darktrace API (according to the documentation, the date must be within 30 minutes of the Darktrace system time)
  4. Choose your method type
  5. Write your request, for example : /modelbreaches?from=2021-01-01T00:00:00.00

The response will be added in a variable called “dt_request” which contains JSON return, for example I got 6 alerts here by the /modelbreaches:

Responsenode

Once you have all information in n8n, you can send them to other nodes like TheHive to open a new alert/case.

Categories:

Automation   n8n

You May Also Enjoy

• Docker and n8n custom nodes
• How to install n8n?