Skip to main content
Darktrace uses webhooks to forward Cyber AI Analyst and model breach alerts to Wirespeed in real-time.

Prerequisites

  • A Darktrace appliance with access to the Threat Visualizer
  • Network connectivity from Darktrace to https://api.wirespeed.co

Setup in Wirespeed

  1. Login to Wirespeed
  2. Navigate to Integrations > Add Integration > Darktrace
  3. Select Webhook Details
  4. Copy the Webhook URL and Webhook Secret — you’ll need these for the Darktrace configuration

Setup in Darktrace

  1. Login to Darktrace Threat Visualizer
  2. Navigate to Modules
  3. Select HTTPS
  4. Click Workflow Integrations
  5. Enable the integration and select the devices or subnets you want to monitor

Configure HTTP/HTTPS Alerts

  1. In the Configuration for HTTP/HTTPS Alerts section, click New to create a new alert configuration
  2. Toggle Send Alerts to enabled
  3. In the URL field, paste the Webhook URL from Wirespeed
  4. Toggle Show Advanced Options to expand authentication settings
  5. Set Authentication to Basic
  6. Enter wirespeed as the Username
  7. Enter the Webhook Secret from Wirespeed as the Password
  8. Click Verify alert settings to test the connection
  9. Save your configuration

What Gets Ingested

Wirespeed receives and processes the following from Darktrace:
  • Cyber AI Analyst Incidents — AI-generated investigation summaries
  • Model Breaches — Behavioral detections from Darktrace’s unsupervised ML models
Each detection is automatically enriched with device context and triaged using Wirespeed’s verdict system.

Troubleshooting

Ensure your Darktrace appliance can reach https://api.wirespeed.co on port 443. Check firewall rules and proxy settings.
Verify that Send Alerts is enabled and that the devices you want to monitor are selected in the Workflow Integrations panel.
Double-check that Basic authentication is selected, the username is exactly wirespeed, and the password matches your Webhook Secret from Wirespeed.