2_ds_darktrace_darktrace.md

April 15, 2026 · View on GitHub

Use-Case	Activity Types/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	app-activity ↳darktrace-darktrace-json-app-activity-appactivity app-login ↳darktrace-darktrace-json-app-login-success-successfullogin failed-app-login ↳darktrace-darktrace-json-app-login-fail-failedlogin security-alert ↳darktrace-darktrace-json-alert-trigger-success-comparatortype ↳darktrace-darktrace-json-alert-trigger-success-alertname ↳darktrace-darktrace-cef-alert-trigger-success-darktrace ↳darktrace-darktrace-json-alert-trigger-success-suspiciousproperties ↳darktrace-darktrace-json-alert-trigger-success-comparatortype ↳darktrace-darktrace-json-alert-trigger-success-alertname ↳darktrace-darktrace-cef-alert-trigger-success-darktrace ↳darktrace-darktrace-json-alert-trigger-success-suspiciousproperties ↳darktrace-darktrace-kv-alert-trigger-success-dropintraffic ↳darktrace-darktrace-kv-alert-trigger-success-dropinprobeevent	T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application	66 Rules 33 Models
Lateral Movement	app-login ↳darktrace-darktrace-json-app-login-success-successfullogin failed-app-login ↳darktrace-darktrace-json-app-login-fail-failedlogin security-alert ↳darktrace-darktrace-json-alert-trigger-success-comparatortype ↳darktrace-darktrace-json-alert-trigger-success-alertname ↳darktrace-darktrace-cef-alert-trigger-success-darktrace ↳darktrace-darktrace-json-alert-trigger-success-suspiciousproperties ↳darktrace-darktrace-json-alert-trigger-success-comparatortype ↳darktrace-darktrace-json-alert-trigger-success-alertname ↳darktrace-darktrace-cef-alert-trigger-success-darktrace ↳darktrace-darktrace-json-alert-trigger-success-suspiciousproperties ↳darktrace-darktrace-kv-alert-trigger-success-dropintraffic ↳darktrace-darktrace-kv-alert-trigger-success-dropinprobeevent	T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy	4 Rules
Malware	app-login ↳darktrace-darktrace-json-app-login-success-successfullogin dlp-email-alert-in ↳darktrace-darktrace-mix-email-send-receive-direction dlp-email-alert-out ↳darktrace-darktrace-mix-email-send-receive-direction security-alert ↳darktrace-darktrace-json-alert-trigger-success-comparatortype ↳darktrace-darktrace-json-alert-trigger-success-alertname ↳darktrace-darktrace-cef-alert-trigger-success-darktrace ↳darktrace-darktrace-json-alert-trigger-success-suspiciousproperties ↳darktrace-darktrace-json-alert-trigger-success-comparatortype ↳darktrace-darktrace-json-alert-trigger-success-alertname ↳darktrace-darktrace-cef-alert-trigger-success-darktrace ↳darktrace-darktrace-json-alert-trigger-success-suspiciousproperties ↳darktrace-darktrace-kv-alert-trigger-success-dropintraffic ↳darktrace-darktrace-kv-alert-trigger-success-dropinprobeevent	T1078 - Valid Accounts T1190 - Exploit Public Fasing Application TA0002 - TA0002	6 Rules 2 Models
Privilege Abuse	app-activity ↳darktrace-darktrace-json-app-activity-appactivity app-login ↳darktrace-darktrace-json-app-login-success-successfullogin dlp-email-alert-in ↳darktrace-darktrace-mix-email-send-receive-direction dlp-email-alert-out ↳darktrace-darktrace-mix-email-send-receive-direction failed-app-login ↳darktrace-darktrace-json-app-login-fail-failedlogin	T1078 - Valid Accounts T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	6 Rules 2 Models
Privileged Activity	app-activity ↳darktrace-darktrace-json-app-activity-appactivity app-login ↳darktrace-darktrace-json-app-login-success-successfullogin dlp-email-alert-in ↳darktrace-darktrace-mix-email-send-receive-direction dlp-email-alert-out ↳darktrace-darktrace-mix-email-send-receive-direction failed-app-login ↳darktrace-darktrace-json-app-login-fail-failedlogin security-alert ↳darktrace-darktrace-json-alert-trigger-success-comparatortype ↳darktrace-darktrace-json-alert-trigger-success-alertname ↳darktrace-darktrace-cef-alert-trigger-success-darktrace ↳darktrace-darktrace-json-alert-trigger-success-suspiciousproperties ↳darktrace-darktrace-json-alert-trigger-success-comparatortype ↳darktrace-darktrace-json-alert-trigger-success-alertname ↳darktrace-darktrace-cef-alert-trigger-success-darktrace ↳darktrace-darktrace-json-alert-trigger-success-suspiciousproperties ↳darktrace-darktrace-kv-alert-trigger-success-dropintraffic ↳darktrace-darktrace-kv-alert-trigger-success-dropinprobeevent	T1068 - Exploitation for Privilege Escalation T1078 - Valid Accounts	3 Rules 1 Models