darktrace · seanmacdonald8 · Nov 7, 2025 · Oct 23, 2025 · Oct 23, 2025 · Oct 23, 2025
diff --git a/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json b/.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json
@@ -76,6 +76,7 @@
   "DNS",
   "Darktrace",
   "DarktraceRESTConnector",
+  "DarktraceActiveAISecurityPlatform",
   "DataminrPulseAlerts",
   "Dataverse",
   "DigitalGuardianDLP",

diff --git a/Logos/Darktrace.svg b/Logos/Darktrace.svg
diff --git a/Solutions/Darktrace/Analytic Rules/CreateAlertFromModelBreach.yaml b/Solutions/Darktrace/Analytic Rules/CreateAlertFromModelBreach.yaml
diff --git a/Solutions/Darktrace/Analytic Rules/CreateAlertFromSystemStatus.yaml b/Solutions/Darktrace/Analytic Rules/CreateAlertFromSystemStatus.yaml
diff --git a/Solutions/Darktrace/Analytic Rules/CreateIncidentFromAIAnalystIncident.yaml b/Solutions/Darktrace/Analytic Rules/CreateIncidentFromAIAnalystIncident.yaml
diff --git a/Solutions/Darktrace/Data Connectors/DarktraceActiveAISecurityPlatform_Template.json b/Solutions/Darktrace/Data Connectors/DarktraceActiveAISecurityPlatform_Template.json
@@ -12,7 +12,7 @@
     ],
     "sampleQueries": [
         {
-            "description" : "One-line title for your sample query 1",
+            "description" : "Last 10 Model Alerts",
             "query": "DarktraceModelAlerts_CL\n | take 10"
         }
     ],

diff --git a/Solutions/Darktrace/Data/Solution_DarktraceEnterpriseImmuneSystem.json b/Solutions/Darktrace/Data/Solution_DarktraceEnterpriseImmuneSystem.json
@@ -4,18 +4,18 @@
     "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Darktrace.svg\" width=\"75px\" height=\"75px\">",
     "Description": "The [Darktrace](https://darktrace.com/) Sentinel Solution lets users connect Darktrace AI-based alerting in real-time with Microsoft Sentinel, allowing creation of custom Dashboards, Workbooks, Notebooks and Custom Alerts to improve investigation. Microsoft Sentinel's enhanced visibility into Darktrace logs enables monitoring and mitigation of security threats. \n\n**Underlying Microsoft Technologies used:**\n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \n\na. [Microsoft Sentinel Data Collector API](https://docs.microsoft.com/azure/sentinel/connect-rest-api-template)\n\n For more details about this solution refer to https://www.darktrace.com/microsoft/sentinel/",
     "Workbooks": [
-        "Workbooks/DarktraceWorkbook.json"
+        "Workbooks/DarktraceActiveAISecurityPlatform.json"
     ],
     "Analytic Rules": [
-        "Analytic Rules/CreateAlertFromModelBreach.yaml",
-        "Analytic Rules/CreateIncidentFromAIAnalystIncident.yaml",
-        "Analytic Rules/CreateAlertFromSystemStatus.yaml"
+        "Analytic Rules/DarktraceIncidentEvent.yaml",
+        "Analytic Rules/DarktraceModelAlert.yaml"
     ],
     "Data Connectors": [
-        "Data Connectors/DarktraceConnectorRESTAPI.json"
+        "Data Connectors/DarktraceConnectorRESTAPI.json",
+        "Data Connectors/DarktraceActiveAISecurityPlatform_Template.json"
     ],
     "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Darktrace",
-    "Version": "2.0.1",
+    "Version": "3.0.0",
     "Metadata": "SolutionMetadata.json",
     "TemplateSpec": true,
     "Is1PConnector": false