A modern, Pythonic SDK for the Darktrace Threat Visualizer API.
acknowledge, unacknowledge, and get_comments now support lists of IDs and return aggregated results.get_tag, get_type, get_label, get_vendor, get_hostname, get_ip, and get_mac for easier device filtering.get method now accepts direct parameters like tag, type, hostname, etc., and auto-builds the query if no explicit query is given.query and filter parameters are set. A Sphinx warning is included in the docstring for better IDE/documentation feedback.pip install darktrace-sdk
After installation, you'll import it in Python as darktrace:
from darktrace import DarktraceClient
Or clone this repository:
git clone https://github.com/yourusername/darktrace.git
cd darktrace
pip install .
from darktrace import DarktraceClient
# Initialize the client
client = DarktraceClient(
host="https://your-darktrace-instance",
public_token="YOUR_PUBLIC_TOKEN",
private_token="YOUR_PRIVATE_TOKEN"
)
# Access endpoint groups
devices = client.devices
all_devices = devices.get()
antigena = client.antigena
actions = antigena.get_actions()
# Use Advanced Search with POST requests (Darktrace 6.1+)
advanced_search = client.advanced_search
query = {
"search": "@type:\"ssl\" AND @fields.dest_port:\"443\"",
"fields": [],
"offset": 0,
"timeframe": "3600" # 1 hour
}
results = advanced_search.search(query=query, post_request=True)
print(all_devices)
print(actions)
print(results)
Comprehensive documentation is available in the docs directory:
And many more modules covering every aspect of the Darktrace API.
See the EXAMPLES.md file for additional usage examples.
This SDK aims to cover all endpoints in the Darktrace API Guide, including:
/advancedsearch (search, analyze, graph)/aianalyst (incidentevents, groups, acknowledge, pin, comments, stats, investigations, incidents)/antigena (actions, manual, summary)/components, /cves, /details, /deviceinfo, /devices, /devicesearch, /devicesummary/endpointdetails, /enums, /filtertypes, /intelfeed, /mbcomments, /metricdata, /metrics, /models, /modelbreaches, /network, /pcaps, /similardevices, /status, /subnets, /summarystatistics, /tags, and all /agemail endpointsIf you find a missing endpoint, open an issue or PR and it will be added!
The /devicesummary endpoint may return a 500 Internal Server Error when accessed with API tokens, even though it works in the browser or with session/cookie authentication. This is a known limitation of the Darktrace API backend and not a bug in the SDK or your code.
Workaround: There is currently no programmatic workaround. If you require this endpoint, please contact Darktrace support or use browser-based access where possible.
Status: Tracked as issue #37. If you encounter this, please reference the issue for updates.
Contributions are welcome! Please:
This project is licensed under the MIT License. See LICENSE for details.
Made with ❤️ for the Darktrace community.
FAQs
A modern, modular, and complete Python SDK for the Darktrace API
We found that darktrace-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
TC39 advances 11 JavaScript proposals, with two moving to Stage 4, bringing better math, binary APIs, and more features one step closer to the ECMAScript spec.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.