Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Using the Countermeasures API

api guides


Before proceeding, complete the API Authentication steps in order to obtain a working client_id and client_secret.


The URL to access Taegis™ XDR APIs may differ according to the region your environment is deployed in:

  • US1— https://api.ctpx.secureworks.com
  • US2— https://api.delta.taegis.secureworks.com
  • US3— https://api.foxtrot.taegis.secureworks.com
  • EU— https://api.echo.taegis.secureworks.com

The examples in this Taegis™ XDR API documentation use https://api.ctpx.secureworks.com throughout. If you are in a different region substitute appropriately.

The countermeasure API allows you to automatically download the CTU Countermeasures as documented in CTU™ Network Countermeasures.


The following endpoints can be accessed using the Taegis™ XDR Countermeasures API to retrieve CTU information:

By default, the results from these endpoints are not url escaped. If you need to display these results in a web page, please use the query parameter ?html=true.

Threat Indication List endpoints by default return filtered lists (MSS). If you need all the lists or only raw lists, please use the filter query parameter.*

*omit the query param or ?filter=mss for mss lists.


On this page: